* Posts by TheVogon

3511 publicly visible posts • joined 17 Jan 2013

Revealed: The naughty tricks used by web ads to bypass blockers

TheVogon

Re: TheVogon

"If you follow the link in the story"

Thanks for taking the time to reply.

An educated guess tells me that likely it detects libpcap rather than wifeshark itself...

TheVogon

Re: Hey Instart

""Instart's code also detects network analysis tools Wireshark and Charles Proxy.""

And the fact that it can presumably is an "information leak" security vulnerability. What browsers is this applicable to? It doesn't seem to make that clear in the article other than implying Chrome is effected.

Don't buy Microsoft Surface gear: 25% will break after 2 years, says Consumer Reports

TheVogon

Re: I could go postal!

"You have 6 years from purchase for an INHERENT fault."

I would say anything that failed before two years (unless damahed) was an inherent fault. When you pay £1000+ for a laptop you would expect a lifetime of at least 5 years imo.

TheVogon

Re: I could go postal!

"So your paying £179 for something that is covered under UK law and home insurance?"

After 6 months it's up to you to prove the device was not merchantable quality when sold though. It's a lot easier with a warranty unless you like wasting your time on engineers reports and the small claims court.

And no - most home insurance doesn't cover accidental damage - and even if it does you are usually not covered outside the home, and then even if you are covered a £100 excess would be typical. And higher premiums next year once you claim...

TheVogon

Re: I could go postal!

Well you do have a 2 year legal period for redress if it goes wrong in most of the EU or up to 6 years in the UK regardless of the "warranty"

However with such a device I would say it would be nuts not to get the "Surface Complete" extended warranty for £179 that gives you a no quibble 2 year warranty and accidental damage cover. Mostly because it's so easy to bust the screen...

Sun of a b... Rising solar temp wrecks chances of finding ET in our system

TheVogon

Re: Well, the sun is only going to be in red giant phase for 500M years or so

"Admittedly there was also 7 days manufacturing"

The bible doesn't say how long it took to create the heavens and the Earth itself!

And it took 6 days for the details afterwards - god rested on the 7th! Allegedly.

London 'not-spots' look out! Mayor wants team to tackle crap signal

TheVogon

Re: Ask Google?

"They could start by asking Google"

Surely the first people to ask are the mobile operators!

Windows Subsystem for Linux is coming to Windows Server

TheVogon

Re: Oh joy, more embracing...

"Maybe the Linux runtime will include stuff that requires systemd. Systemd included in Windows? "

Unlikely because the emulation is usermode only. All the drivers / system boot belong to Windows.

TheVogon

Re: Really...it's early and I've not had my coffee yet.

"What could possibly go wrong?"

I would be interest to know how it impacts performance? How can I benchmark an Ubuntu user mode environment?

TheVogon

Re: Enable-WindowsOptionalFeature /?

"You need to do "help Enable-WindowsOptionalFeature" (or get-help). That's how it works in powershell. You're welcome..."

Not to mention "update-help"

TheVogon

"This line describes everything wrong with Powershell."

It has numerous advantage over Bash and pretty much no disadvantages. Not to mention being way way easier to understand and use? For instance:

DIR -Recurse | Get-Acl | Select-Object Owner | Select -Unique (Powershell)

vs

find . -printf "%u\n" | awk '!match(str," "$1){str=str" "$1;print $1 }' (Bash)

And here are a few of the other advantages:

1) Object oriented pipes so that I don't have to format and reparse and be concerned about language settings.

2) Command metadata. PowerShell commands, functions and even *script files* expose metadata about the names, positions, types and validation rules for parameters, allowing the *shell* to perform type coercion, allowing the *shell* to explain the parameters/syntax, allowing the *shell* to support both tab completion and auto-suggestions with no need for external and cumbersome completion definitions.

3) Robust risk management. Look up common parameters -WhatIf, -Confirm, -Force and consider how they are supported by ambient values in scripts you author yourself.

4) Multiple location types and -providers. Even a SQL Server appears as a navigable file system. Want to work with a certain database? Just switch to the sqlserver: drive and navigate to the server/database and start selecting, creating tables etc.

5) Fan-out remoting. Execute the same script transparently and *robustly* on multiple servers and consolidate the results back on the controlling console. Try icm host1,host2,host3 {ps} and watch how you get consolidated, object-oriented process descriptions from multiple servers.

6) Workflow scripting. PowerShell scripts can (since v3) be defined as workflows which are suspendable, resumable and which can pick up and continue even across system restarts.

7) Parallel scripting. No, not just starting multiple processes, but having the actual *script* branch out and run massively parallel.

8) True remote sessions where you don't step into and out of remote sessions but actually controls any number of remote sessions from the outside.

9) PowerShell web access. You can now set up a IIS with PWA as a gateway. This gives you a firewall-friendly remote command line in any standards compliant browser.

10) Superior security features, e.g. script signing, memory encryption, proper multi-mode credentials allowing script to be agnostic about authentication schemes which may go way beyond stupid username+password and use smart cards, tokens, OTPs etc.

11) Transaction support right in the shell. Script actions can join any resource manager such as SQL server, registry, message queues in a single atomic transaction. Do that in bash?

12) Strongly typed stripting, extensive data types, e.g first class xml support and regex support right in the shell. Optional static/explicit typing. Real lambdas (script blocks) instead of stupidly relying on dangerous and error prone "eval" functions.

13) Real *structured* exception handling as an alternative to outdated traps (which PowerShell also has). try-catch-finally blocks.

14) Instrumentation, extensive tracing, transcript and *source level* debugging of scripts.

15) Consistent naming conventions covering verb-noun command names, common verbs, common parameter names.

It's August 2017 and your Android gear can be pwned by, oh look, just patch the things

TheVogon

Re: Hmm

"But how many are real world threats?"

All of them now that they are published....

Salesforce sacks two top security engineers for their DEF CON talk

TheVogon

Re: Hold on a second....

"So they tweeted and the pulled the tweet under pressure from management????"

T&C of the compromise agreement to get a pay off and shutup probably.

TheVogon

"Salesforce owned the code and therefore no employee is allowed disclose or distribute the company's property without permission"

Sure but I don't think *talking about* something your company has / does would normally a problem. Unless something has been specifically flagged as a trade secret I can't see how they are in the wrong.

70% of Windows 10 users are totally happy with our big telemetry slurp, beams Microsoft

TheVogon

Re: Wake Up Marisa Rogers

"and/or make the privacy settings during the initial setup of Windows 10 more VISIBLE to the general public"

They are pretty clearly displayed with an option to set them during the install process, and the impact of not setting them is also clearly displayed.

The vast majority of people simply don't care what data Microsoft (and anyone else!) collects within reason....

TheVogon

Re: Exactly what I was thinking. How many are Insiders?

"App suggestions, and tonnes of nags constantly."

I have used the Windows 10 insider build as my primary laptop OS for well over a year and I don't see any nags or app suggestions (except in the Windows Store - which you would expect). Sounds like you are not speaking from any actual experience.

As to full telemetry I really don't care if some random at Microsoft gets anonymised information about what I use it for. If you do care - just kill it with the app mentioned above.

TheVogon

Re: How-to

"Doesn't work - Windows Update automatically removes Classic Shell as "incompatible"."

Classic Shell has supported Windows 10 since August 2015.

TheVogon

Re: Windows privacy portal

"With Windows 10 your Microsoft account is your Windows login. So it's quite hard to dispose of it."

That's completely optional though. You can still choose to use local accounts. However anything from the Windows Store that requires a license won't work in that case...Just like on OS/X / Android, etc you need to be signed in for the App Store to work fully.

TheVogon

Re: It's easy .....

"I'm assuming you're never accessing any web sites as well then? Because that's where the real data gathering is."

uBlock Origin and other similar options are now available as Edge extensions in case you were not aware...

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"It's sad that most corporates pay for Windows included with their new PCs, then pay for it again under their enterprise license agreements."

No they don't. You get a specific discount to cover Pcs that come with an OEM license on your ELA.

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"they saw that the Linux-equipped model cost more, not less, than the standard Windows version."

A relative worked for Dell and he tells me there were three reasons for that with systems targetted at consumers - a) Linux got more support calls - that might not be what you would expect but apparently was the case, b) it costs X to build, manage, release drivers for and update an OS image and this cost was washed across a relatively low number of systems with Linux, and c) consumer Pcs with Windows on have crapware installed that subsidises the cost....

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"I got my copy free."

You got a free upgrade to an already licenced OS, so you paid originally. I would say anyone that hasn't upgraded probably qualifies as you must have been blind to miss all the pop ups they inflicted on you....

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"But for consumers it's not

Not as yet. Obviously my comment was referring to a future rental only model. Which as per my comment is probably a good thing for Linux fans as it would potentially remove any upfront OS costs from hardware, whilst still letting manufacturers ship an installed OS with crapware that subsidises the hardware costs...

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"I call it blackmail

That's not the model they use. If your windows is unlicensed it switches to annoy the hell out of you mode but you can still access your data. Ditto cloud storage switches to read only if you are over your limit....

TheVogon

"why, after over 2 years of massive data slurping by MS, is Windows 10 still no better than an early beta version"

Have you not installed the "creator" update? It's massively improved from the RTM version.

About the only thing I can still complain about is that we are still in transition between to old style control panel and the new touchy-feely interface for settings. However, the vast majority of required settings can now at least be reached via the new interface which certainly wasn't the case at RTM...

TheVogon

Re: No need to change the default settings! Erase all of WIN 10

"MS has made no secret that they want to move to the OS as a service"

There will likely always be a free or minimal cost version though where they make money from the Windows Store.

People seem to view "Windows as a service" as a bad thing, but imo It's actually a better model for consumers to pay via a rental model, rather than pay a lump of cash up front for each Windows version. Stop using Windows? Sell your PC? You stop paying Microsoft....your choice. So surely it's ideal for those that wish to use Linux instead?

Intel Pumageddon: Broadband chip bug haunts Chipzilla's past, present and future

TheVogon

Re: Virgin Media Tivo

"Oh, and it won't work correctly in modem mode (the connection would drop every fifteen minutes)"

That one was fixed in a firmware update a while back.

TheVogon

"That it also is present in Puma 7 means those who had wanted to escape the flaw by upgrading to a newer box will be stuck waiting for a firmware update from Intel either way to correct the issue"

Not if the newer box is say a Broadcom chipset...

Engineer gets 18 months in the clink for looting ex-bosses' FTP server

TheVogon

Re: Hacking?

"but its definitely theft!!"

Common misconception thanks to the copyright cartels, but it most definitely isn't. If not clear why, please see:

https://www.youtube.com/watch?v=IeTybKL1pM4

TheVogon

Re: Hacking?

"Not entirely convinced this was "hacking""

I'm pretty sure unauthorised access counts as hacking...or computer misuse at least.

Core-blimey! Intel's Core i9 18-core monster – the numbers

TheVogon

Re: Intel's Core i9 revealed to reach 36 cores. Not.

"Given that you can saturate this memory subsystem with just two cores, and will almost certainly saturate it with half a dozen, the benefits of having another twelve cores sitting around are questionable for any real-world usage"

That's what the large chunk of on CPU cache memory is for.

TheVogon

"Software video encoding typically produces superior quality for a set bitrate, whereas GPU video encoding is quick and dirty."

Uhm, no. Hardware encoding is usually better quality as it does the exact same thing but is much faster and therefore can use more iterations...

TheVogon

Re: Gamers?

"Is there even one game that benefits from having more than 4 cores?"

Anything running Direct-X 12 that is CPU bound for a start.

China can't find anyone smart enough to run its whizzbang $180m 1,640ft radio telescope

TheVogon

Re: I would do it...

I guess that's finally one thing that the Chinese can't just copy from another country's technology....

A sarcasm detector bot? That sounds absolutely brilliant. Definitely

TheVogon

Re: A massive market

"Nowadays we have a metric "fifth,""

So 750ml - or 3/4 Litre - just like most of the rest of the planet for wine / spirit in bottles. Wow @ the Americans using something that the rest of the world has actually taught in schools within the last 50 years even if you call it a "fifth"!

(Over the pond, spirits often come in a "pub" size 1 litre option too.)

TheVogon

Re: A massive market

"Have you seen the volumes of measurements they use for alcohol?"

Well they use pints for measurements of American beers afaik. For spirits there is no standard size for a single shot, except in Utah, where a shot is defined as 1.5 US fl oz.

TheVogon

Re: Handy . .

Presumably it's targeted at he American market. Along with Wit and Irony detector bots...

UK taxmen slammed for tech glitches rampant on child benefits website

TheVogon

Re: The problem isn't the kids

"For instance, my GF has to pay over £300 PER TERM for the school bus"

Maybe an older GF would solve that problem?

TheVogon

"who do everything they can to avoid tax and national insurance through IR35 and other scams"

The vast majority are genuine contractors who pay less tax because they carry far more risk. IR35 is a rule to stop that by the way, not a reduction method.

However yes, there are a few using it as a scam that really are disguised employees. For instance many highly paid BBC employees until recently....

TheVogon

Re: Predictable

"It's government. What do you expect?"

Quite - have you seen what they pay for IT roles? Circa half the going rate in London at least.

That probably also explains why they need so many contractors to cope with any type of change...

Google diversity memo: Web giant repudiates staffer's screed for 'incorrect assumptions about gender'

TheVogon

Re: Dare I say

"And how pray does one tell from a CV that it was sent by a "black woman"

Commonly by the name, or if not sure then by checking Facebook / Linked-in.

Linux kernel hardeners Grsecurity sue open source's Bruce Perens

TheVogon

"I don't know. Lots of people do business with Oracle."

And how many of those are prisoners to support of legacy systems?

TheVogon

"It's merely a statement along the lines that the distrbutee won't be receiving any future code if they upset GRSecurity."

Sure sounds like a term / condition to me...

CMD.EXE gets first makeover in 20 years in new Windows 10 build

TheVogon

Re: What's the point?

" Powershell is an abomination that combines all the worst bits of Windows and *nix command-lines into one crufty package-o'crap."

Ask yourself then why say VMWare changed from a Bash type command environment to Powershell commands for remote CLI administration of vSphere?

Clearly they found enough advantages to justify actively ditching their existing solution and *switch* to Powershell...

TheVogon

Re: What's the point?

"'m of the opinion that they should just go all-in on bash "

Why would they do that when they have Powershell? It has numerous advantage over Bash and pretty much no disadvantages.

Not to mention being way way easier to understand and use? For instance:

DIR -Recurse | Get-Acl | Select-Object Owner | Select -Unique (Powershell)

vs

find . -printf "%u\n" | awk '!match(str," "$1){str=str" "$1;print $1 }' (Bash)

And here are a few of the other advantages:

1) Object oriented pipes so that I don't have to format and reparse and be concerned about language settings.

2) Command metadata. PowerShell commands, functions and even *script files* expose metadata about the names, positions, types and validation rules for parameters, allowing the *shell* to perform type coercion, allowing the *shell* to explain the parameters/syntax, allowing the *shell* to support both tab completion and auto-suggestions with no need for external and cumbersome completion definitions.

3) Robust risk management. Look up common parameters -WhatIf, -Confirm, -Force and consider how they are supported by ambient values in scripts you author yourself.

4) Multiple location types and -providers. Even a SQL Server appears as a navigable file system. Want to work with a certain database? Just switch to the sqlserver: drive and navigate to the server/database and start selecting, creating tables etc.

5) Fan-out remoting. Execute the same script transparently and *robustly* on multiple servers and consolidate the results back on the controlling console. Try icm host1,host2,host3 {ps} and watch how you get consolidated, object-oriented process descriptions from multiple servers.

6) Workflow scripting. PowerShell scripts can (since v3) be defined as workflows which are suspendable, resumable and which can pick up and continue even across system restarts.

7) Parallel scripting. No, not just starting multiple processes, but having the actual *script* branch out and run massively parallel.

8) True remote sessions where you don't step into and out of remote sessions but actually controls any number of remote sessions from the outside.

9) PowerShell web access. You can now set up a IIS with PWA as a gateway. This gives you a firewall-friendly remote command line in any standards compliant browser.

10) Superior security features, e.g. script signing, memory encryption, proper multi-mode credentials allowing script to be agnostic about authentication schemes which may go way beyond stupid username+password and use smart cards, tokens, OTPs etc.

11) Transaction support right in the shell. Script actions can join any resource manager such as SQL server, registry, message queues in a single atomic transaction. Do that in bash?

12) Strongly typed stripting, extensive data types, e.g first class xml support and regex support right in the shell. Optional static/explicit typing. Real lambdas (script blocks) instead of stupidly relying on dangerous and error prone "eval" functions.

13) Real *structured* exception handling as an alternative to outdated traps (which PowerShell also has). try-catch-finally blocks.

14) Instrumentation, extensive tracing, transcript and *source level* debugging of scripts.

15) Consistent naming conventions covering verb-noun command names, common verbs, common parameter names.

Wait. What? The IBM cloud's APIs use insecure TLS1 crypto?

TheVogon

If you disable TLS 1.0 on the server side that will break some older clients - for instance Android 4.4 or earlier, IE 7 on Vista, IE8-10 on Win 7, IE10 on WinPhone 8, Java 6u45 and 7u25 or earlier, and Safari 5.1.9 and 6.0.4...

PayPal splashes cash on biz that persuades folks to splash cash online

TheVogon

"PayPal will certainly have a record of the IP addresses that you've used when authorising a PayPal payment so maybe they 'partner' with PayPal so they can use your PayPal sign-in address as the target email address."

Not sure what the IP address has to do with that. They can't SPAM your Paypal address without breaking data protection laws.

TheVogon

Re: I may be a lone voice, but...

"throwing targeted ads"

Good luck with me seeing any of those.

"and personalised emails"

And good luck with the bill for that under the GDPR...

Flash fryers have burger problems: You can't keep adding layers

TheVogon

Re: "plasma breams"

It's just scale up instead of scale out....

Microsoft: We beat Google, AWS to cloudy GPU VMs in Blighty

TheVogon

Re: Under-resourcing

"How does this play against MS's under-resourcing of their UK data centres?"

Apparently it had little to do with under-resourcing and more to do with massive growth outpacing their ability to wheel in new kit. Microsoft overtook AWS in cloud revenue run rate last quarter.