* Posts by ZenCoder

335 posts • joined 11 Jun 2009


US may have by far the world's biggest military budget but it's not showing in security


Choose the nuclear options and don't pay for defective goods.

Just make is to that it is impossible not to stay in business unless every programmer is trained in security and constantly has security in mind while working and the final product isn't a complete embarrassment after a Red Team gets a month or so to attack it.

As long as you can get paid once to half ass something, then paid to again and again to fix it over and over, and still remain in business this problem is not going away.

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help

Thumb Up

Good for him.

The man has taken a good hard look at the toxic way he sometimes communicates and plans on taking a break so that he can come back with a more positive and productive attitude.

I agree with him on his technical points but I'm sure over time he can learn to communicate those in a respectful and professional way.

Official: Google Chrome 69 kills off the World Wide Web (in URLs)


https://forums.theregister.co.uk vs https://www.theregister.co.uk

Title says it all but still I'll say more ...

Last time I functioned as server admin

/www. = live website

/dev. = clone of live website to test security updates before applying them to /www.

/test. = clone of live website to test new features

/m.= mobile friendly version of website.

/ftp. = file repository

/forums. = forums

OK there are other options other than using subdomains ... said options either require that I create either register domainnamedeve.com or domainname.com/dev Neither saves significant amounts of space.

If they wanted to simply hide www, but display any other subdomain ... that would be acceptable. Anything else and well ... I've heard nice things about Firefox lately.

HTTPS crypto-shame: TV Licensing website pulled offline


Re: redirecting HTTP to HTTPS

Well, from my observation many of the university types do certainly think that once they completed their degree, that the learning is done and finished, and they can then start looking down their noses at us other self-educated types

My Computer Science and Engineering Degree taught zero practical skills ... instead I learned the scientific and theoretical knowledge that would prepare me for a lifetime of self-learning.

Also here is at least one "University Type" that respects anyone who has the skills necessary for the job no matter how they acquired them.

Regrettably I also worked with far too few people with skills and no degree and far too many with degrees with no skills, not to mention the 3rd year transfer students with 3.5+ GPA who literally could not complete a single lab assignment without cheating.

So instead of a downvote ... you get a beer.

C'mon, if you say your device is 'unhackable', you're just asking for it: Bitfi retracts edgy claim


Original Bug Bounty Rules ... short version

"Then, when you have found the shrubbery, you must cut down the mightiest tree in the forest... with... a herring!"

ZX Spectrum Vega+ blows a FUSE: It runs open-source emulator


Re: The Gnome Underpants have arrived!

"To me it looks like a bunch of clueless amateur retro gaming enthusiasts secured capital without anything even remotely resembling any forward planning, then sat on it for ages whilst doing essentially nothing."

As a clueless amateur retro gaming enthusiast ... I find the comparison insulting.

To me this looks like what happens when you hand secured capital to someone lacking in character, emotional maturity, and or interpersonal skills ... an explosion of greed, ego's, blame, resignation, lies and lawsuits.

Seems like if they have been honest with themselves and everyone else, they had more than enough money to hire/outsource the necessary talent and skills.

Apple grounds AirPort once and for all. It has departed. Not gonna fly any more. The baggage is dropped off...


I miss the old Apple.

In 2009 I worked with 3 high end arm mounted screens, 2 from my self built Windows desktop, 1 holding an aluminum MacBook, with software allowing me to cut and paste and share a mouse and keyboard doing iOS and LAMP programming and light administration of a dedicated Linux server.

The MacBook make the easy things easy, and the windows desktop did the gaming and the heavy lifting.

When my Mac got slow I doubled the memory and put in an SSD with only a few screws, when the battery went I bought a 3rd party replacement ... no screws required. But one one of the best things was everything Time Machine Related. I've yet to find an equivalent set it and forget it ... free with the OS solution to both file level and partition level restores.

I'm still someone at heat a hardware tinkerer and you are now an seller of gear that is out of my price range for something essentially a disposable non upgrade-able, non disposable appliance ... we've grown apart.

Still you will be missed. Time Machine in related hardware most of all.

Patch Drupal now: Yet another critical website bug found – a sequel to 'Drupalgeddon2'


Why I stopped supporting Drupal.


I find their apparent obsession about each other's private sex lives inappropriately invasive, just plain creepy and weird.

US cops can't keep license plate data scans secret without reason


It should be illegal.

The system should immediately purge any and all license plates that are not part of a current investigation. Otherwise they are placing millions of people under illegal surveillance.

If they want to make it legal to spy on everyone all the time just in case it proves useful 5 years latter then they need to do so by passing legislation that clearly and explicitly authorizes them to do that.

If that fails on constitutional grounds push for a constitutional amendment.

Although good luck trying to do that without committing political suicide.

I'm surprised frankly I'm surprised that there isn't widespread use of State Ballot Measure as a backlash against this kind of thing.

Prejudiced humans = prejudiced algorithms, and it's not an easy fix


Re: Software is now giving sentence recommendations in the USA.

"Unless the people who approved it are dumber than dirt. which is possible..." not just possible but a proven fact in multiple states.

However other States are being sensible and disclosing to the public exactly how their risk assesment algorithms work.


Software is now giving sentence recommendations in the USA.

Research Compas from a company called Northpointe. Based undisclosed methods it spits out a pie chart that allegedly represents a convicted criminals likelihood of reoffending and is used to determine the severity of sentencing. The convict has no ability to examine or refuse any part of the system as it involves secret algorithms and proprietary data.

It is allegedly it tends to give too little weight to an individual's actual offenses and instead focuses heavily on the neighborhood they are from and their education. So you are literally being punished for the crimes of your neighbors or rewarded for growing up in an affluent area.

True or not there should be no place "for profit" agencies or activities or secret evidence and procedures in criminal justice.

CrashPlan crashes out of cloudy consumer backup caper


I'm only on their free plan.

My laptop syncs specific folders once a day to my desktop and vice versa. And that's in addition to important files being stored in dropbox, and photo's being synced automatically to google photo's and amazon photo's.

All of which is really just a fail safe in case fails before I connect and sync changes to an external hard drive.

Yeah I got hardware/software trust issues. I want at least 3 things to go very wrong before I lose anything I care about.

I guess I'll have to revisit software that will let me backup files between two computers for free. Any suggestions?

No, the cops can't get a search warrant to just seize all devices in sight – US appeals court


The blame lies with the judge who signed the warrant.

Surely it is the judge who signed the warrant who was responsible for assuring that it was proper? It's only the blame of the law enforcement officer when they lie about the facts to get a warrant.

Hackers could exploit solar power equipment flaws to cripple green grids, claims researcher


Nonexistent penalties for gross negligence.

Quick analogy ... imagine if all building codes, regulations and liability for bridges were abolished overnight.

The free market would eliminate all bridge builders that didn't immediately perform a race to the bottom in terms of quality.

That's basically how IT infrastructure works. Security is a business/regulatory problem not a technical one.

If everyone providing vital IT infrastructure were required to adhere to strict quality control and quality assurance (testing) guidelines, all products subjected to random code quality spot checks, and held financially liable both before and after product delivery for any failure to meet these standards .... then all software projects would cost a lot more and take a lot longer ... but there would be a lot more security and reliability.

Anyway given my analogy, if bridges were collapsing every day, would you blame the construction workers, the engineers, the businessmen, the shareholders or the government for not providing and properly enforcing the proper regulatory framework?

Google tracks what you spend offline to prove its online ads work. And privacy folks are furious


It's quite simple don't blame the player, vote to change the game.

Government regulation sets the rules and game theory does the rest.

If it's either unpopular but legal or the cost of breaking the law < the profit then a for profit company must do it to maximize shareholder value or they risk a minority shareholder lawsuit.

Any citizen complaining against Google is complaining to the wrong entity, if you want privacy to be a right you need to let your politicians know that not protecting your privacy via legislation and regulation will cost them your votes.

Any company complaining without avodovating real consumer protection should simply be ignored as they have zero desire to stop your privacy being violated, they just wish it was them that was doing it.

The Italian Jobs: Bloke thrown in the cooler for touting Apple knockoffs


Re: I hope...

"law abiding people aren't worried about the feds knowing, or even aware of the $10,000 line."

Law abiding businesses that handle cash have every reason to worry, because if the IRS decides your cash deposits look suspicious they can and will seize your assets without any warning or due process and they can and will maintain a death grip on those assets without filing legal charges.

Here is one of the more recent cases, but you could easily identify hundreds more.


Forgotten your Myspace password? Just a name, username, DoB will get you in – and into anyone else's, too


Schrödinger's Account ...

I never deleted mine, just logged in with decreasing frequency. Now after 7 years I guess my account is both alive and dead at the same time until I actually attempt to log in.

'Nobody's got to use the internet,' argues idiot congressman in row over ISP privacy rules

Big Brother

You can same the same thing about toilet paper.

You don't NEED internet privacy and you don't NEED toilet paper but when you are deprived of either eventually things tend to get real nasty real quick.

How many years has it been since a president used national security as an excuse to unjustly persecute detractors?

Your answer may vary based on confirmation bias and political leanings but can we at least agree that it's not been long enough?

One in five mobile phones shipped abroad are phoney – report


Try searching on youtube for fake phone reviews.

Some of the video's comparing real to fake phones are rather dull, but they do show that a level of sophistication that indicates that somewhere out there there is an actual market for these things. I also spotted an actual fake iPhone in the wild. At the time I found it to be surprising, but that was before I learned about the counterfeit egg industry.


Germany to Facebook, Twitter: We are *this* close to fining you €50m unless you delete fake news within 24 hours


Hasn't history taught us to think twice before appeases the Germans?


If Germany demands the right to censor the internet due to German law ... then there are 190+ countries ready to line up to follow suit. You know how many crazy censorship laws there are out there?

Second point, define obvious. I'd like to see someone try to give a simple but accurate definition of what does and does not constitute obvious "defamation, slander, public prosecution, crimes, and threats" under German law. Shouldn't take more than a few pages to define, nor more than a few seconds for a support center drone to determine.

So who is next? China, Turkey, Thailand?

Dell kills off standalone DSSD D5, scatters remains into other gear


Doublespeak and Euphemisms in Business English?

Is it me or does the phrase "Any DSSD people leaving EMC will be treated respectfully" need additional translation?

Is this communication of pending synergy-related headcount adjustment goal?

IBM UK: Oh, remote workers. We want to be colocated with you again


Stand up Design Thinking.

"A rabbi, a priest, and a Lutheran minister want to deliver services and products that empower better human outcomes and client success ... "

Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB


Easy Way to Have the Problem Addressed

Hack it to have the Teddy Bear repeat offensive statements about powerful but thin skinned US politicians and maybe also Erdoğan, Putin, Kim Jong-un, Abu Bakr al-Baghdadi, etc.

Then again maybe someone already has explaining the lack of response to such an easily fixed problem.

Mysterious Gmail account lockouts prompt hack fears


What's wrong with gmail and security?

I understand why many might have serious PRIVACY concerns about gmail, but what exactly are the security concerns?

Cloudbleed: Big web brands 'leaked crypto keys, personal secrets' thanks to Cloudflare bug


Conceptual Commentary.

<Insert standard rant in response to trigger phrase "machine-generated code">

<Give semi-concise real world personal example>

<Resist urge to correct factual errors made by previous posters>

<Choose not make expert statements because due to 50% coming from a textbook, 15% coming from limited real life experience and the rest from Wikipedia. >

<Add an Icon>

Google agrees to break pirates' domination over music searches


Apparences over Reality

This kind of BS is the end result of someone being paid to look busy and pretend to be doing something useful about a problem.

There will be no penalty for false positives so they will probably do something stupid like a broad keyword search for all sites having audio files for download without logging in.

However somewhere will be able BS at length when asked what they are doing about music piracy.

Microsoft foists fake file system for fat Git repos


Wow ... they must have a record of every change to every file that ever existed.

Maybe someday machines archaeologists can study how they achieved intelligence partly by adapting a misplaced, badly malformed, and dyspeptic Microsoft Bob into a brain.

Man jailed for 3 days after Texas cops confuse cat litter for meth


Combine this with the lack of access to a public defense.

Been using the same tests for decades, this happens to tens of thousands of Americans a year. Many lacking the funds for private representation have no choice but to plead guilty.

I'd post some links but I'm assuming everyone on this site knows how to use a search engine.

Is your Windows 10, 8 PC falling off the 'net? Microsoft doesn't care


See no evil, hear no evil.

Obviously Microsoft has checked its telemetry and found that there are zero Windows 10 devices currently reporting network problems.

Physicists confirm X(4140)


Clicked through the the main article read it TOP to BOTTOM.

175-year-old in storage deal


I found it newsworthy.

The company is offering something that I found interesting to learn about. Considering how much in IT is "use at your own risk" it's refreshing to learn that they are "backed up by indemnity insurance". Meaning that data loss will be backed up with financial penalties.

Who's to blame for the NHS drug prices ripoff?


Elasticity of demand matters.

Drug A is a produced in large volume by multiple suppliers, treats a minor condition and have multiple alternatives that are "good enough" substitutes for most patients. Demand is highly elastic.

Drug B is produced in low volume by 1-3 suppliers, treats a life threatening conditions and there are no effective alternatives. Demand is high inelastic.

A company could easily buy every manufacturer of drug B then raise the price by 5000%. That price is paid or people suffer and die. It takes 48 months for a new manufacturer to get a generic to be approved. Human clinical trials are still required.

Its a generic, so the high prices do not reward, encourage or fund research and development.

Generic drugs like A don't really require any price regulation at all. Generic drugs that are more like B will cripple any nations health care system if left unregulated.

That's the point of government, to interfere in useful ways.

Coders crack Oculus DRM in 24 hours, open door to mass piracy


"Our goal is not to profit by locking people to only our hardware.”

“If customers buy a game from us, I don’t care if they mod it to run on whatever they want... Our goal is not to profit by locking people to only our hardware.” —Palmer Luckey, January 2016

This post has been deleted by a moderator

LinkedIn plays down '117 million users' breach data sale


Re: I always want salt on my hash

I agree ... they make it too hard to change your password ... easier just to Google it and find the page that way.

Also I should be informed of any data breach the first time I log in after one happens, with a link to change my password and another giving a open and honest account of what they know happened. That give me the impression that they treat their users with respect and take their security seriously.

When I find out 4 years latter by reading a news article ... that sends an entirely different message.

Hacker flogs '42.5m freshly stolen logins' for seventy-five cents


PR stunt

Sell your goods at $.75, get publicity, get your good verified as legitimate by security professionals ... I imagine if your a cyber criminal that's just good marketing.

Half of people plug in USB drives they find in the parking lot


Its never 100% safe ....


Show us the code! You should be able to peek inside the gadgets you buy – FTC commish


Shared VS Open Source

They can share the source code for public inspection without granting any other rights traditionally associated with open source projects. I've heard that called shared source by some.

LastPass in 2FA lock down after 'fessing up to phishing attack


Last pass didn't remove the export option.

I export weekly to .cvs, put that into an strongly encrypted archive then drop in into my dropbox and google drive accounts. I'd have noticed if they dropped the export option.

Forget anonymity, we can remember you wholesale with machine intel, hackers warned


These detection methods don't scale.

With statistical detection methods the number of false positives and false negatives increases geometrically with sample size.

Increase the sample size to 1000, then 10,000, and you will see its pointless except to conjure up some grant money.

Facebook 'Free Basics' service frozen in Egypt


No Ad's?

If you have a group on facebook, your content doesn't just pop up in people who like/belong to your groups timeline, you get to pay money "boost" the number of people who are exposed to your content.

The same with promotional product placement in movies and video games.

While you could very well argue these are not "ads", they are definitely advertising.

Chat messages in Skype for Windows are bang out of order – so here's how to 'fix' it for now


Alternatively you can also just not use skype.

There is this radical idea call "testing" ... I read about it in software engineering classes when I was getting my degrees. The deal is before you release your software you test it on various platforms and OS'es and what not and only when it works properly do you release it.

Because if the latest isn't your greatest it means that you really don't care about me as a customer. You are not even PRETENDING to care about me as a customer.

I'm not going to be your alpha tester or beta tester, I'll just conclude SKYPE equals crap and future releases will be crap and I should look elsewhere.

Google Images: EU Commish opens new front against Chocolate Factory



User-agent: Googlebot-Image

Disallow: /images/HR/*.png$

User-agent: Googlebot-Image

Disallow: /


Slippery, slimy find: LEGGY, WRIGGLY fossil shows SNAKES weren't legless. Or ARMLESS


Code Conjurer's ...

Code Conjurers

Text Tweakers

Bit Bunglers

SourceForge staggers to feet after lengthy STORAGE FAIL outage


I'm shocked.

Until recently I didn't realize how far Sourceforge had fallen since it was last sold.

Seems like they are as trustworthy as that guy who keeps emailing me from Nigeria.


Biting the hand that feeds IT © 1998–2019