* Posts by h4rm0ny

4617 posts • joined 26 Jul 2008

Kali Linux 2.0 to launch at DEFCON 23

Thumb Up


Will be very keen to see what they have for us.

Call that a mugshot? Aussie model/fugitive asks rozzers for more flattering pic


Re: I am more concerned...

They can end up being used in the national press when you are investigated / wanted for a crime.

ONE MILLION new lines of code hit Linux Kernel


Re: One million new lines...

>>"It seems that at least four of you don't know sarcasm when it hits you in the face"

Actually, I just figured you were trolling.


Re: One MEEELION lines…

No. A major version increase would be based on new functionality / interface changes. Simple improvements to the codebase (or complex ones!) don't merit that.

150,000 angry Redditors demand Chairman Pao's head on a spike


And the Internet Hate Machine rolls on.

Once some people get their Righteous Cause on, nothing but absolute submission will appease. And often not even then. A great many people get their superiority from being able to point out the faults of others.

Wikipedia jumps aboard the bogus 'freedom of panorama' bandwagon


Re: Brilliant Campaign Strategy

Or who remember your last post on this. ;)


2 minutes 21, there is false information. Jimmy Wales states that people aren't worried about strangers looking them up and finding old and regrettable things about them, they're worried about friends and family finding it out, and that these people will already know it.

Both parts of this are incorrect. As a person, what would concern me IS that something I did over a decade ago is going to come up every time I meet a stranger, whether that is a job interview, a new acquaintance, a date, whatever. Secondly, we make new friends all the time (at least most of us do) so again, they may not know what we were arrested for twelve years ago or whatever.

The issue, in a nutshell, is that up until now, the damage to how people see you of something diminished over time. It was possible to move on, rebuild your life or get past that.

With the popular indexing of search engines, that changes. You go for a job interview, start dating someone, try to make a friend and suddenly, just through typing in your name, they know that you were raped six years ago, or were arrested for assault, or that your partner died in an accident, or you programmed in Visual Basic or anything. And these things never go away - no matter how long ago, they are the first thing anyone knows about you defining the impression before you even arrive for your interview or whatever.

Regardless of one's position on this, what Jimmy Wales claimed in that interview is untrue. People ARE concerned about strangers knowing all these details about them and it is NOT the case that everyone in your social circle will already know something.

And anyone claiming that knowledge of this kind doesn't impact your life through how people treat you, plainly is familiar with a different type of human being than the species I live amongst.

NHS IT failures mount as GP data system declared unfit for purpose


Re: Employ their own consultants

>>"Perhaps it's time that the NHS and the civil service in general employed their own IT consultants direct."

In my experience with this area, in-house actual work is the last thing that they will do. There will be plenty of in-house people producing paperwork and looking busy, but it will all be just liaising with the third party company(ies) and waffle.

There are two reason they wont touch actual work in-house. The first is that there is a fair bit of corruption at the upper levels and the aim of a lot of this is to funnel money to outside parties. Oh they will tell people, even themselves, that they're actually spending it for good, but they will still ultimately be funnelling money to their friends. A lot of the SPINE and Connecting for Health was done under Health Secretary Patricia Hewitt, formerly board member of Accenture. Who got tonnes of money for these contracts? Accenture.

There are a lot of rules and regulations about spending in government. But once you get it out into the third party, accountability goes down the drain, it's essentially a firewall against investigation.

Which leads to the second big reason which is one of accountability. No-one in upper reaches of the NHS or Department of Health ever risks having the blame for something land on their desk. They ALL have bits of paper that show it's actually not their fault. Doing work in-house, runs directly counter to that. And yes, that even includes specification which you thought was harmless but no - if there's a clear specification done in-house and it turns out to have been flawed and can be blamed for the ensuing disaster by the outside company, then whoever was head of the department or team writing that specification is going to be hung out to dry by the government as an easy scapegoat. So even writing the specification is outsourced where possible. They'll hire an expert consulting company to help draft and develop the specs.

The one thing you have to understand, if you really want to know why things like this happen, is that the ONE overriding concern of everyone involved on the government side of this, is THEY MUST NOT BE ABLE TO HOLD ME RESPONSIBLE.

And so, no-one is.



The people in charge of this debacle should be prosecuted under the law. I used to work in the NHS. I left because of the sheer degree of corruption at the top. The NHS is filled with people who pointed out flaws with this program and others right from the start and said exactly where it was going wrong. Unfortunately they are all at the middle to bottom of the power structure and never listened to.

I and my project team could deliver better versions of the software components of Careall this for a twelfth the cost. But what would be our chances of even getting to the tendering stage? I will tell you for a fact it is zero.

UK.gov spied on human rights warriors at Amnesty International


Re: Disgusting

This is sadly not new. Some years ago, they were shown to have infiltrated that bastion of terrorism, the Green Party. Now I think wind turbines are as stupid just like most other people who have heard of nuclear power, but spying on our political parties on behalf of the New Labour (this happened under Blair, iirc), is not democratic behaviour.

Microsoft in Blighty reveals its 78 THOUSAND POUND Surface 3 slabloid


They should have used AWS which as we all know has solved the problem of users typing in the wrong information



Microsoft have been trying to emulate Apple for a while now, seems they're just carrying on that tradition.

Microsoft: This Windows 10 build has 'NO significant known issues'


Can I turn Cortana off?

See subject.

Redmond Uber-alles: 100 Bing staffers driven to dial-a-car developer



Stay good, Microsoft!

Microsoft to release Visual Studio 2015 ahead of Windows 10


Re: ASP on Linux?

ASP.Net is Open Source and released under an Apache licence, just so you know.

Giant male member spontaneously ejaculates over Norway


Re: The great unwashed

>>Are they particulary "unwashed" in the nether regions, or are they just "overly friendly" with each other..

I don't know. Perhaps it's that like you seem to, they are under the bizarre belief that washing the genital area is an effected means of preventing chlamydia transmission.

Humongous headsets and virtual insanity


>>So with the AR version you could use scanned images of your favourite celeb, co-worker, etc. and then overlay onto your partner (who presumably is doing something similar) or "real feel doll".

Until you change position and the software isn't smart enough to realize this, and a male suddenly finds their partner doing some Exorcist style head rotation staring at them up at them whilst bent over.

I can't see that being freaky at all.


AR vs. VR

I think the use cases of Hololens vs. Occulus are almost inversions of each other. I think the Occulus is likely to be a success for gaming, but have few uses outside of it. Perhaps minor adoption for specialist training purposes. Whilst Hololens will be massively useful for all sorts of purposes outside of gaming, but only suitable for niche games such as those which involve interaction with the real world.

I would imagine Occulus is the death of Mouse and Keyboard gaming. If you can't see your hands, it's pretty much simple game controller only.


Re: Proprioception

>>"I'll spare you the details, but sometimes, one may be wanting to work with accessories. You could, I suppose, arrange them all neatly beside you on the bed before you get started, but even so..."

This is not my area of expertise so I should probably stick to programming articles, but presumably you could occasionally lift the VR set from your head for a few seconds if necessary.

I would think the greater concern for some would be whilst wearing the VR headset, you have no idea if someone else is standing there in the room watching you.

Britain beats back Argies over Falklands online land grab


Ah but the real Argentine argument is "a foreign company discovered oil reserves on the Eastern side of the islands and we want them."

It's just phrased differently.


Re: Argies are too late @Flocke Kroes

>>"It is politically impossible for any British government to give away that territory now that British blood has soaked its sands"

Why should it be given away, anyway? People live there, these people don't want to be part of Argentina, they want to be part of the UK (which they are). So what trumps their right to self-determination?

The two usual things that people use to try and trump the Falklander's right to self-determination are either claiming that the land is Argentina's by right of geographical proximity, or that it was taken from Argentina unfairly. Neither stands up.

To those who tout Argentinian ownership based on geographical proximity, I simply point out that the islands are about 300 miles away. You can't even see them from Argentina due to curvature of the Earth! If being in that range is sufficient to make some land yours, then I own France, Spain and Belgium. (Anyone want to buy 4,000,000 very rude waiters?).

To those who tout Argentinian ownership based on precedent, I ask people when Argentinians ever settled there? I think there was briefly an Argentinian base there, which post-dates British settlement and that's about it. The people who settled the Falkland islands turned up on an empty, uninhabited island which Argentina had never occupied. There was a very ancient canoe found there by archaeologists, iirc. A canoe which predates the formation of Argentina and probably was some unfortunate souls who drifted out too far into the ocean and starved to death.

The ONLY legal basis for Argentina to own the Falkland islands is that King Philip of Spain once drew a line on a map and said they could have that area. A person whose opinion and legal weight has about as much worth as my own. Less, imho, given that I base my opinion on what the people who actually live there want.

Redmond: IE Win 8.1 defence destroying hack ain't worth patch, natch


Re: So that's alright then

>>"I do remember reading elsewhere that ASLR on 32 bit systems was a dubious concept to begin with, and that on 64 bit systems people were predicting that ways around it would be found sooner or later"

It's not my area but I understand that with the much smaller address space in 32-bit systems, ASLR's benefit is of much less value because the randomization is of necessity far smaller and therefore less of an obstacle. The thing about ASLR is that it is not a fix, it is a mitigation, that offers some value in conjunction with other techniques. For 32-bit systems MS are essentially saying that the value is not significant. HP are saying that it is.

I do not know enough about this area to say who is correct. I do think that HP are correct to disclose this now that MS have confirmed they wont fix it.

>>"What can be patched is the underlying security hole in Windows or IE (whatever it is, if it exists)"

There isn't a specific underlying security hole in this instance. HP have simply reported a flaw with the mitigation measure itself. MS haven't refused to fix any underlying flaw so far as I am aware.

Germany says no steamy ebooks until die Kinder have gone to bed


Re: So it's OK to invade Poland...

Whilst I feel for the Greek people, many of whom are suffering because of the recklessness of their neighbours and government, I find it hard to entirely place the blame on Germany and France for maliciously lending them money. Indeed, both Germany and France are at risk of major losses out of all this and can hardly be accused of some villainous masterplan about it.

In either case, it still doesn't make jokes about invading Poland any fresher. Please, get some new material for all our sakes.

(this message sent from a British person)

Gaming's favourite fly by night. Batman: Arkham Knight reviewed

Paris Hilton

Re: Sir

Sir Lucy?


Re: Reviews all appear to be on the PS4

>>"I've read quite a few reviews for this game and virtually all of them are on the PS4 version. I wonder what that's about."

Rocksteady refused to release PC codes prior to the launch so nobody was able to review a PC version. It is now available and complaints are starting to come in. For example. the PC version is capped at 30fps. (You can change it by editing config files, but it's illustrative of much if the developers are making this the default). Number of other complaints as well, so it's looking like the withholding of the PC version from reviewers may have been deliberate attempt to head off news of the problems.

Note, I haven't played it. Probably be next year before I actually find time to get it if I do, so just reporting what I have read. The game may well end up fine with a couple of patches. But hiding the game from reviewers and only letting people play PS4 versions is not a good thing, imo.

Webmail password reset scam lays groundwork for serious aggro


Re: Re:How stupid do you have to be?

>>"However, I do notice that you debated a point and THEN wanted to end the debate."

Touché. I had not even noticed I had done that - most unfair. Instead, I am content to end on your counterpoint and amusing note on national economies.

Beer on me! :)


Re: Re:How stupid do you have to be?

>>"A good counterpoint, but infinity has been invoked. Infinity can undermine an otherwise good calculation. The rate IS time bounded, and the time slice can be labeled as "on any given day". The approximate birth rate is known, the W.C. rate, while loose, is known, and simple arithmetic gives an approximate quantity. Granted, ambiguities exist (people can learn, and "you can fool some..."), but all reserve quantities are expressed in rounded numbers and are reserves none the less."

All this is mathematically true, but we're talking economic theory which doesn't require mathematical proof. Oops, that came out wrong. ;)

Anyway, in mineral terms I believe the difference between a resource and a reserve is the former might be extractable for use, and the latter is extractable for use. But we should drop this or we run the risk of Tim Worstall appearing like Bloody Mary. He has the remarkable property of making me feel anti-capitalist, which I dislike because I am one.


Re: solution is not to avoid registering mobile phone number with webmail providers

>>"So what alternative is there to out-of-band authentication if you can't trust your mobile as the second factor?"

Bruce Schneier?


Re: How stupid do you have to be?

"According to Mr. Tim, a resource is unquantified. You have quantified it ("every few minutes"), and therefore it is a reserve."

An acute observation that shows insight! However it remains a resource because whilst the rate may be quantified, it is not time bounded. Unless we have an end time specified for human reproduction, it is still unquantified number of suckers.

Microsoft to Linux users: Explain yourself


Re: Just use Linux and be done with it!

>>"Relying exclusively on one company's technology has always been fraught with danger."

Weren't you the poster further up the thread demanding reasons why people should learn this and arguing that they should just stick with Linux?

>>They've decided to once again, re-invent the wheel and try to build their own monitoring system [...] Better integration of something like Nagios or other existing monitoring systems in Windows and Azure would have achieved the same goals

Well relying on one company's technology has always been fraught with danger. Besides, they can do things their own way by starting from scratch which may well work better. And this article is about them asking for what people would like. However, it is gratifying to see that you actually read my reply and now know that Nagios can be used with Windows rather than thinking it's an exclusively GNU/Linux tool and holding it up as an example of things you could do on GNU/Linux which you didn't think Windows had an equivalent for. You seem to have taken this new knowledge purely as a venicle to say that MS should be building on this rather than writing a new tool. Given that I use nagios and you don't, what is it makes you so confident that no-one can do a better job or shouldn't try?

>>"Instead, they went their own way, and wonder why the masses don't come running after them"

I don't think they do wonder that actually, since the new Powershell integration only released last month and this is primarily a call for feedback on what people would like to see. Or did you not read the article? Clearly a project is a failure if it hasn't turned the existing market on its head during the feature specification phase.

And Azure is doing very well, btw, climbing rapidly against the incumbent behemoth AWS, so it's doubly odd that you should be damming it for not being popular as this is just one feature of Azure being added.

>>"This was my point earlier, if they had gotten in 10 years ago, things may have been different, but they didn't, they're only starting now, and now is too late."

There's no such thing as "too big to fail", look at IBM if you need an example.


Re: A bit late, Microsoft

>>"Yes, but there's a time and place for that. Production networks is not one of them."

You asked why someone should learn this, I gave you a reason. You replied with the above. Clearly you think the only way to learn something is to deploy it immediately into production. I'm happy to inform you that this is not so. Though as you have again not seemed to realize that this is built in as a feature in Azure, your comment is really nonsensical in this context. The only part that needs to be added to the VM is a small bridge to the Azure functionality outside, for which source is available. I've looked at it, it's trivial.

>>… and if we're not using Azure?

Then one would wonder why you're busy posting in a story about an Azure tool complaining about how it doesn't offer something to those who don't use Azure.

>>"Windows of course, they need to provide these tools as it's difficult to get stats out of a Windows box otherwise.

This is a monitoring tool for GNU/Linux systems. It's not a tool for getting Windows stats. As regards "difficult to get stats out of a Windows box", what on Earth are you talking about? Why is that difficult? Do you genuinely not know that there are plenty of tools to do this and that Windows has pretty extensive logging capabilities?

>>"(I'm not sure if there's the equivalent of /proc/loadavg or df, you probably have to write your own using calls to DLLs.)"

What is especially depressing is that you wrote a paragraph about how GNU/Linux has nagios and that you'd "have to sit down and learn it one day" when Nagios actually works with Windows as well as *NIX systems. You can get disk usage, CPU load et al. out of Windows with the very tool you were holding up as an example of Linux tools. Amongst plenty of other monitoring tools and services as well. If you genuinely think that one of the world's largest server OSs lacks the ability to report on disk usage without "having to write your own calls to DLLs" then you're not only completely ignorant on the subject, but you lack even the basic ability to deduce that what you say is highly unlikely to be true in the first place. I can assure you that yes, you can monitor disk usage on Windows boxes. And not only do you not know Windows, but if you're custom writing scripts to call df on GNU/Linux, then I'm sorry to say that you don't know the GNU/Linux ecosystem very well, either.

Climate change alarmism is a religious belief – it's official

Paris Hilton

Re: If we want less hot air in the world...

What does Tux have to do with banning religion, or are you saying Linux is your religion?


Re: In other words, "When to act"

>>"Since some form of worldwide climate change is now apparent, even to the denies"

Someone points out a strawman and rather than acknowledge it, you just up the ante with another one. Being a skeptic of AGW doesn't mean one thinks the climate never changes, it means one is not yet convinced that the primary factor is human-caused CO₂.

British banks consider emoji as password replacement


Re: Optional

>>Speaking of which... I'm by no means a security expert, but I know more than most people I know, but one thing which has been bugging me of late:

'Please enter the 3rd, 5th and 8th letters of your password [ _ ] [ _ ] [ _ ]'

I see this on some banking websites. Surely, if you can enter a selection of characters and have them validated against your password, that means the password can't be salted and hashed?

It implies symmetrical encryption. So the password in the database will be encrypted (I would hope!) but much like you keep a salt for your hashes, you keep a key for encryption/decryption. In either case, an attacker would need not only the records themselves but also the accompanying salt or key, respectively. However, this can happen and with a hash, they're essentially guessing at passwords and seeing if they match the hash, whereas with encryption they can actually reverse it, so yes - all else being equal the encryption method is less secure. (Caveat for completeness, using something like BCrypt takes longer than using say MD5 for hashes which slows down the speed at which one can match possible passwords against the hash / encrypted form).

Either that, or HSBC has decided to hash each letter of your password individually for extra security. ;) :D


Re: Optional

I know exactly which bank you're talking about. Would you mind if I named and shamed? They're moving away from MTA at a time when they absolutely shouldn't.

Actually, I respect not wanting to disclose personal banking information, but it's pretty vague and useless so I'm just going to go ahead and say that this is HSBC we're talking about. Their security has just taken a notable step backwards with this. Phone app and passeprd might be more convenient if you don't have the key fob on you, but it is NOT as secure.

Google on Google: The carefully collated anti-trust truth


>>"There is always an explaination of the dips... one is that the new entrant (Google) does a better job than the incumbents."

Possible, but one must show that the job they did was better because it was actually done better, not because it was riding on the back of their existing services. And when you have the West's most popular search engine and your results are appearing at the top of those search results, it is hard not to think this was not a very big factor.


Re: After a thorough, independent and hard-hitting investigation ...

Shades of The Hutton Report where it was neatly decided that whether or not the UK had a basis for going to war wasn't really relevant. Remember this tactic - if you can't avoid the answers to a question, change the question.

Chancellor Merkel 'was patient zero' in German govt network hack


Re: did not mention how Merkel herself may have been infected.

Yes, yes. She is German and therefore a Nazi. Hillarious. Hold on a moment, I think I have some Amritsar Massacre jokes about the British Empire around here. They're topical, too.

Linus Torvalds asks kernel devs to take a break so he can too


Also, Goddess knows what Poetterring might do whilst his back was turned!

"What happened to the kernel!?!???"

"It's part of systemd now."

It's 2015 and Microsoft has figured out anything can break Windows


>>"Linux is the most common operating system in the world - deal with it!"

You really are one of the worst types of zealot - little technical argument but constant, repeated assertions without support that something is better. If you really want to use the fallacy of appeal to popularity, then you'd also be arguing that Windows is a superior desktop OS because it's vastly more popular on the desktop than GNU/Linux. But in fact it has little actual bearing on whether or not this is true.

If you really want to make a case amongst technical people, then explain what technically makes GNU/Linux the better OS because spamming this and other stories (which you have been doing) with comments that Linux is more widely used and that people should "deal with it", just annoys people on the whole. The only remotely technical argument I recall you making is about Linux scaling to be used on super computers. That is true, but it doesn't mean it is better than Windows unless you're looking for an OS for your supercomputer - which 99.999% of the world are not. It's a great thing about GNU/Linux, but it's not a reason to spam comments in a story about malware on desktop and server machines.


>>"Good sys admins will provide insecure machines if the hardware and/or OS is insecure by design."

Yes, but are you arguing that Windows is insecure by design? Because otherwise the above is a hypothetical. The point I originally was making with this was that one cannot compare the whole of Windows security scene with the whole of the GNU/Linux security scene because whilst Windows has a user base that is made up of both IT experts and the tech-unaware, GNU/Linux overwhelmingly is used ONLY by the professionals and tech enthusiasts.


Re: So all it does...

>>"So what's to stop a malware from posing as an anti-malware, hooking into THE SAME APIs, and subverting them. "Who watches the watchers," IOW?"

This is the question you just asked and the answer is no different the second time: the same things that prevent it from pretending to be anti-malware software now.

"Hyper-V is a VM hypervisor. I'll grant you no one's been able to pull off a Red Pill to date, but since it's still software it can't be ruled out..."

This too is the same thing you said previously with an answer already given. But to be clear, the Device Guard feature is a separate, headerless instance of Windows running on the same machine and separate to the main instance. It checks the signatures of all packages on Windows and even if the main OS were compromised at a very low level, it would not be. That's an example of why I'm objecting to your repeated 'but it's software so it can be subverted'. It's one of those vague statements that is both too vague to be meaningful and seems to imply nothing is good enough for you, no matter how useful or clever, because one cannot guarantee 100% success forever into the future. It's a reasoning that suggests we should turn off all anti-malware because 'software can be subverted', just as your suggestion that someone could pretend to be an anti-malware package also suggests this. But plainly turning off our anti-malware software today is nonsense. You don't seem to recognize that the arguments you are making that something is not good enough / not worth doing are arguments that apply to all security software today, right now. And that if followed would lead to unprecedented levels of infection.


Re: Just Use Linux

>>"It should be. But then it does not explain this"

Does it need to? Of course some systems get compromised, whether that is GNU/Linux or Windows. What I wrote that it is much harder to do this than with a non-professional end user who doesn't keep things up to date and doesn't understand security. Meaning that you can't simply compare the amount of malware or rate of infections between two different OSs across different environments. You can only fairly compare them within the same environment. The odd high-profile hack doesn't change that.


Re: So all it does...

>>>>But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. "

>>Because it IS trivial

You seem to have skipped over the preceding paragraph which explained that this does more than that. You haven't understood the point. Poster sees something that does X,Y and Z. Responds that it is rubbish because Z "is easy". I point out that it saying Z is trivial doesn't mean the project is trivial or useless. You respond, missing the point completely, saying "but Z IS trivial".

At least read what I have written, not just select out some part in isolation.

>>What's to stop a malware from altering the list so that its blacklist includes useful programs? AVs produce false positives by accident all the time; what's to stop them being done intentionally? As for the scanning process itself, it's still software, and software can be subverted.

The same things that stop malware from subverting anti-malware software today. This is an API that vendors like Kapersky can plug into. It enhances the range of their capabilities if they choose to use it. You seem to be taking an argumentative tack that if you can make some vague generalization such as "software can be subverted", it is good to dismiss these new features. Whereas I take the tack that giving anti-malware vendors more capabilities such as in-memory scanning and source-reputation scoring is a good thing.

If you're upset that the anti-malware software or OS, is "software", then perhaps you would be interested in the tool MS announced a couple of months ago that runs security from a separate Hyper-V instance that exists in parallel running directly from the hardware. There is not only one security measure in place. This is one part of a security in depth approach.



I think Eadon's back.


Re: Just Use Linux

>>"I am saying that Microsoft should use Linux as the basis for Windows and if you really do not care what operating system you use then what is your problem?"

What are you suggesting, specifically. That Linux should form the kernel of Windows? That is a very big ask from an engineering point of view and I'm uncertain what the point would be.

What exactly do you think should be done and what do you imagine the benefit would be? Please give at least some detail in the answer because with something as massive a task as I think you may be suggesting, discussing it without specifics is meaningless.


Re: Just Use Linux

>>"Yes. And Valve steam, apt / yum, ninite etc demonstrate that the update process for applications and windows update itself could be far more friendly and less fault-prone if Microsoft put effort into it; instead we have every company with their own second-rate update service, changing your home page in the process; scheduled to fight with each other at boot time."

Then prepare to be happy. MS are producing a full package manager for Windows with an API.

Biting the hand that feeds IT © 1998–2019