* Posts by wub

34 posts • joined 12 Jun 2009

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

wub

Re: Sounds like 143 million POTENTIALLY affected

" ...they'd no longer have any way of validating if you were who you say you were without you presenting yourself in person with government issued ID at somewhere mutually agreed upon..."

Huh, Exactly what I had to do recently, to prove to the IRS that I was who my tax return said I was BEFORE they would even process the form. Seems that there has already been a rash of false filings from my area lately. Has nothing to do with the flaw in the IRS website that allowed anyone to download complete copies of prior tax filings.

Why did nobody use that security hole to grab Donald Trump's returns?

Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev

wub

Blaming the messenger?

"Cybercrime remains a top priority for the FBI," said special agent in charge Justin Tolomeo. "Cybercriminals cost our economy billions in losses each year. The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice."

Don't over think what happened to Marcus. Sounds like someone offered his name, he's gotten famous enough to be easily tracked and "captured", and as a malware researcher he's always involved with dangerous code. The Feds need a pelt to nail to the side of the barn.

Cops are lazy - I remember what happened to the rent-a-guard who found a bomb during the 1996 Summer Olympics in Atlanta (https://en.wikipedia.org/wiki/Centennial_Olympic_Park_bombing). Basically, when he reported finding a bomb, he got investigated for knowing the bomb was there. Simply doing the job he was hired to do made him a "person of interest", got his house turned over and nearly got him arrested. He certainly got pilloried in the press. At least he got his name cleared when the real bomber was eventually caught.

Sounds like what has happened before is destined to happen again. Admittedly, I have almost no information on which to reach my conclusion, but I do know human nature. This is all way too pat, getting famous made him a target, and got him arrested. He'll be extremely lucky to avoid doing serious time on this one. The best thing the security community can do for Marcus is to figure out who made Kronos. Just be careful while on the case!

Mi casa es su casa: Ubuntu bug makes 'guests' anything but

wub

Re: "We can only imagine the pointing and laughing"

"Yep, Mint. I don't know if it's affected by this though."

For once, I think this is a security problem that does not include Mint. At any rate the instance of Mint on this laptop does not have a guest account, and I'm pretty sure that is stock, not my handiwork. Could be wrong, and I'm sure someone will be happy to point out if I am.

European Court of Justice lays down the law on Kodipocalypse

wub

Re: Tl;dr

Wow. It's a wonder you get anything done...

Try under the main title, where it says, "In short, stop flogging players with pirate add-ons".

At the risk of causing your eyes to cross again, I'd have to say that I don't have a problem with this decision. I'm pretty sure there are a lot of products that would sell a lot better if they included stuff for free that usually costs extra. Maybe my next Toyota could come with some goodies in the glove box, like a nice Rolex watch for me, and Tiffany earrings for the misses? Real ones, mind. None of those knock-offs.

I really like Kodi. I can get along without the pirated content. I just hope the guys selling these boxes don't end up killing off the project all together.

Will US border officials demand social network handles from visitors?

wub
Alert

I think I may be emigrating, soon.

Several folks have mused about what the fine citizens of American think about this, generally with the comment that since it doesn't apply to them, they won't care. If anyone else has addressed this, I missed it. Well I do care and I wish I didn't believe it. It reminds me of the requirement for all foreigners to provide fingerprints and be photographed on entry. And the question on the form about whether you intend to violently overthrow the system (or whatever wording they used...). There is no practical justification for all this - there is zero chance it will forward any of their stated or unstated goals. They'll just be deluged with a mass of data that they can't possibly process into information in any meaningful way. The "Bad Guys" they are trying to identify will have no problem circumventing this, and regular people will encounter all sorts of problems and very likely decide to stay away in droves.

And we will all be poorer for it. I feel the root cause stems from the whole "foreign == strange == frightening" equation that has served evolutionarily to protect prey from predators and other threats. This kind of response is latent in all of us. You can't turn it off, you have to face it down like any other fear. What we really need is MORE contact between people, cultures, races not less. If we just get a chance to know each other better perhaps we can behave in a more reasonable manner. We don't all have to love each other, but we could be civil if we gave it a shot.

But just as Brexit seemed to catch everybody by surprise, even those who voted for it, I'm seriously concerned that Don is going to find himself in the Oval Office thinking, "Oh f***, what did I get myself into" after a few days, just a Colin Powell seems to have predicted. So we'll probably look back on this and laugh about it in a few years, given what other new fun regulations are headed our way.

Privacy advocates rail against US Homeland Security's Twitter, Facebook snooping

wub
FAIL

A Modest Request

As a US citizen residing in the US, I try to keep current on news and events in the US by reading sites like this one, and watching the BBC World News. Our news outlets spend an inordinate amount of time discussing weather and the two-year election cycle, and somehow neglect to cover actual news items all too often.

If you're planning a report on government silliness involving a comment period, could you help us out by posting it BEFORE the comment period ends? I followed the link hoping to express my opinion and was foiled by being "a day late and a dollar short". Oh well. Why would anyone take me seriously anyway? Besides, I wouldn't have any trouble filling in such a form, since I don't have any social media accounts. I'm sure they wouldn't have a problem with that, right?

Millions menaced as ransomware-smuggling ads pollute top websites

wub

Just update Flash...

Love to, but running Linux here, so no more updates, ever.

Dell offers sweet, sweet, free honeypot tool to trap hungry hackers

wub

Re: If this works as advertised, it will be incredibly useful.

Embrace, extend, extinguish?

THE TRUTH: IRS 'cyber-hack' exposes 100,000 people whose identities were already stolen

wub

Thanks

Seriously, thanks once again for reporting responsibly and with enough detail to give readers a chance to reach our own conclusions.

I'm a Yank, and I could be in the affected group. On a side note, your report is the first I've seen (so far) and you've given me the opportunity to be in a position help those near me to avoid the panic the fear mongers are so likely to stir up.

Californians get first chance to be run over by a Google robot

wub

Other Options Are Available

A couple of weeks ago, I was driving east toward Palm Springs, Ca. While I was making a transition from one freeway to another, I noticed something odd about the car just in front of me. After it finished merging, it moved smoothly 3 lanes over, and entered the carpool lane, moving right at the speed limit. I sped up a bit and got a nice look at the Delphi self-driving vehicle sign on the door, and the two guys inside. The fellow in the driver's seat was watching the road ahead, but his hands were not on the wheel, and the other passenger was a bit hunched over, fondling his phone.

This vehicle was definitely driving itself and going about 60 MPH during all this. And yes, on a very public highway. I would classify the traffic as moderately heavy - moving at or above the speed limit with several car-lengths between vehicles. The transition merge section was also on a curved section of the freeway.

I just wish I had had a passenger, or perhaps a Zaphod modification, so that I could have taken some pictures without jeopardizing anyone's safety...

NORK internet outage was payback for Sony hack – US politician

wub
Happy

Sorry, donuts just won't cut it.

"The FBI was firm on this attribution despite donuts from the security community..."

And I thought that it was actually true that law enforcement could always be persuaded with donuts. Well, I guess I'll have to try something stronger next time.

Is it humanly possible to watch Gigli and Battlefield Earth back-to-back?

wub

No one saw Zardoz?

I realize it has been a few decades, and I don't hold it against Sean Connery, who has been in many very entertaining films, but Zardoz has to be mentioned in a list of least watchable films. I gave one last try a couple of years ago, on the theory that perhaps I was too young and callow to appreciate it at the time. No. The flying heads alone... How could anyone have given the go-ahead for that project?

Net Neut: Verizon flips the bird to FCC on peering deal crackdown

wub

"...it costs the ISP a lot more to deliver those bits to their customers than it would cost L3 or Netflix to string a cable across a datacentre."

Um, why would Netflix agree to ongoing, recurring payments for a peering agreement when they could have simply have incurred a one-time cost by adding some hardware on their side? I believe it is because the missing resources were not on Netflix's side of the connection.

"Much of the argument is about large content providers like Netflix passing their delivery costs onto the ISPs, who would then have no choice but to pass costs on to their subscribers."

And again, um, isn't that how the Internet works? Users pay for a connection, then go out to external sites and exchange packets. Yes, when the packets consist of a video stream from Netflix the arrangement is pretty one-sided, but then this is >>EXACTLY<< what ISP's expect. My connection is rated for 50 Mb downstream, but only 5Mb up...

Why does a packet from Netflix "cost more" to deliver to me than a packet due to downloading an ISO image from Debian?

Target, Home Depot and UPS attacks: Dude, you need to rethink point-of-sale security

wub

UPS got hacked, too?

I didn't hear about UPS, but a couple of days ago USPS revealed they lost private information of over 600,000 employees, and a few thousand customers as well.

TOR users become FBI's No.1 hacking target after legal power grab

wub
WTF?

Damaged without authorization...

Doesn't anybody else wonder why they added the '...without authorization...' phrase to the following:

"or (B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization..."

Evidently, there is no cause for enhanced interest if the damage occurred with authorization? What form do you have to file to get authorization to damage a system?

Apple Pay is a tidy payday for Apple with 0.15% cut, sources say

wub

Re: This is nothing unusual

""" Of course apple won't track the actual payment but it will track the activity either side to analyse shopping habits and that data is valuable, again they have been doing that for years as does everyone else.

That is in direct contradiction to what Apple stated at their keynote event:

We are not in the business of collecting your data. And so when you go to a physical location and use Apple Pay, Apple doesn't know what you bought, where you bought it, or how much you paid for it. The transaction is between you, the merchant and your bank.

"""

I do not see any contradiction of the first paragraph by the second. Apple's quote deals with a "you" as a specific individual. The quote from the Mr. Belt is talking about aggregated data. These two forms of data are different from each other, and Apple's statement is silent regarding whether they are dealing with aggregated data.

Apple is a publicly traded company. It has a >>fiduciary duty<< to its shareholders to maximize their return on investment. Companies that fail to obey this requirement find themselves facing shareholder lawsuits. No one can convince me that the aggregated data gathered from Apple consumers is without value. If Apple does not realize a return on that value, it risks losing a lawsuit over its fiduciary responsibility. As good capitalists, and responsible managers, they are monetizing this information somehow.

wub

Re: 15%!?!?!?!?! Are they out of their minds!!!

You folks keep repeating the phrase "... from the 2.5% the merchant already pays." I'm not entirely sure you know what that means.

The merchant pays the clearinghouse, sure. Apple's 0.15% will never affect us, the ultimate customers of the merchant, right? After all, the merchant already pays the supplier, the utility companies, the rent on their building space, taxes and all that sort of stuff out of the price we pay for the merchandise. None of these costs apply to the clearinghouse, since they don't have to pay rent, labor or any other costs, right? They are just middlemen who move something from point A to point B and keep a bit for themselves. So of course, they would never need to raise prices to cover increases in any of those costs. Since no one would ever raise the price to their customer, it will never matter what Apple takes out for themselves.

Or at least, that's what I keep hearing when y'all keep saying "... from the 2.5% the merchant already pays."

Apple inhales DRUGSTORE deals on iPhone payment system, says report

wub
Mushroom

No wonder Apple isn't rushing to update AppleTV...

What with all the personal monitoring devices showing up daily, it figures Apple would want to get into that market and take it over, as they did to the music industry with the iPod. They're doing pretty well with videos and book publishing, despite some actual competition there. And really, who wants to waste resourses grabbing for a bigger chunk of a sinking ship (cable TV)?

Personal monitors are a big deal these days, and it hasn't been mentioned much that all the data these things dribble out about you all day long is not protected by HIPA (sorry, Yank here, not sure what the comparable UK law might be, if any). Long story short: FitBit and all those guys can sell whatever they monitor from you to whomever they want. Yeah, they probably have "privacy policies", but so what? Either you agree, or you don't buy/use the device. I've heard the insurance companies are very interested in this stuff.

So now along comes Apple, and with its iWatch and its (up to 10?) monitors, collects continuous stats on your every move (or lack thereof), and streams it all back to Apple. They get to sell it wherever they want (especially if HealthKit forces the app makers to keep their hands off it). So now they can offer their customers data up for sale to the highest bidder. Once again, Genius!

And people will really voluntarily give up every heartbeat, blood oxygen level, blood pressure reading, skin temperature and God know what else carefully time-stamped and cross-matched with their geolocation and MEID so Apple can monetize that, too. What a bunch of sheep...

FTC seeks DEFCON help to finger illegal robocallers

wub

It's All About the Money

As a coupla folks already mentioned, the phone companies really want spammers to continue. Just like the mail service loves "bulk mail" The Phone Company loves spam callers.

I know this is true because I heard about the company also mentioned above, that has set up a successful business to combat spam calling. I attempted to sign up for their service, but there was a problem: the whole scheme revolves around a special feature I needed to add to my phone service. My landline phone provider does not and WILL NOT ever implement this feature. Even though they would be billing me for this feature every month. I do not recall their name for this feature, but this is what it does - you add a phone number that you want to ring every time your land line rings - this would allow you to forward all your landline calls to your cell phone, for example. In the case of the spam fighters, you add their number instead. Then, they receive the same Caller ID information as yoiu do. When your phone rings, they will intervene and answer all calls on their spam list, and politely decline on your behalf. One (ring) and done!

The real beauty of the system, though, is that subscribers become a sort of honey net. When spammers begin calling from a new number, the pattern of calling, as observed over the subscriber base, quickly reveals that that number is now a spam source, and it automatically gets added to the spam list. For the curious, the service also provides each subscriber with a white list, so that schools and other legitimate bulk callers can continue to reach you. I think it's brilliant.

But there is no way for me to subscribe, since land line service is one of many monopolies I have no choice but to deal with or go without. And, yes, I am very close to dropping my land line forever. And in fact, this is exactly where they want me to go, because land line service is both more expensive to provide, and less profitable than cell phone service. They really, really want to convert me to their cell service. Not that I don't already have a cell phone, so my actions are almost entirely contrary to my best financial interests. Take that, artificial intelligence!!

Canon offers a cloud just for still photos, not anything else. Weird

wub
FAIL

A Few Kinks?

I decided to take a peek at Irista. The home page scrolls through a few introductory screens using large, friendly white '<' and '>' arrows on either side of the page. Cute, but when I try using the '<' to return to the home page, I consistently hit a 404 when my browser indicates I should be at the "SimpleToUse" page. Maybe I'll wait a couple of weeks to sign up...

Mozilla agrees to add DRM support to Firefox – under protest

wub

Exactly right, Dan 55.

And even if Netflix someday works in Firefox, it will NEVER work in any browser running on Linux. I know for a fact that in Linux, audio streamed in a browser running from a website can easily be intercepted, allowing the user a choice about what to do with that audio stream next. You don't even need any special plugin. I'm reasonably sure this is also true for video content. And I'm sure the Netflix folks are well aware of that...

WTF is Net Neutrality, anyway? And how can we make everything better?

wub

What are my broadband choices, exactly?

While I've lived in the same town for >25 years now and have limited actual experience, I agree completely with you. I suspect my situation is very common.

Actually, in theory I >do< have a choice of broadband: Cox, which has a territorial cable monopoly granted by my town in exchange for the "overhead related to provisioning the city" for its cable operation, and AT&T which is my land-line phone provider.

However, I am over 17000 feet (?meters?) from the Central Office, and my useful DSL speed is not fast enough to support even the lowest quality video stream. And it would cost about the same as I'm paying Cox for roughly 20 MB now ($65/month).

I could probably switch to a satellite ISP, but I understand that although streaming can be effective, latency becomes a serious problem for general browsing in this era of highly complex dynamic pages (after enabling JavaScript for forums.theregister.co.uk, NoScript informs me that there are scripts from four other sources waiting to be enabled, and I expect some of those to call from yet other sources - with a half a second roundtrip for each call, this page would take some serious time to completely load).

So I second the call for support for the claim that "89% of Americans have a choice" of broadband provider. Not when "choice" is defined as equivalent service!

Target ignored hacker alarms as crooks took 40m credit cards – claim

wub

Re: Perhaps this was a head in the sand moment

Agreed.

Try this at your next meeting:

"Please raise your hand if you have ever heard a car alarm. OK, now, keep your hand up if you have heard an alarm when a car was broken into or stolen, otherwise put them down."

They'll all have their hands down at this point.

SCRAP the TELLY TAX? Ancient BBC Time Lords mull Beeb's future

wub

Re: fund it from general taxation

Um, try looking at it from another angle: Let's say you are aware of some wonderful back-catalog BBC shows (yes, there's lots of crap on TV these days, but it isn't and wasn't all crap) but have the misfortune to live outside the UK? There is currently no legal way to access this content online (no, I am not going to pay 30 pounds (sorry, no "pound key" on this keyboard) an hour for DVD ownership of something I'd like to watch once).

So, what about subscriptions, and uh, forget the stupid geographical restrictions? I am NOT the only one who would sign up for that one. You could get us foreigners (we foreigners? wee foreigners?) to help shoulder the load, possibly still commercial-free. BTW: lots of commercials over here, even on the government-subsidized channel - that's what DVRs are for. Just record the stuff you would otherwise watch "live" and skip over the commercials...

Developers: Behold the bug NOBODY can fix

wub

Who's permission for photos?

Um, I think you have a minor error in the last paragraph, here:

"if we get some good 'uns – and the wearers agree to publication –".

Wasn't there recently a court decision that the creator of the ink, not the wearer, owns the "intellectual" property rights? Some actor cheese-ball with a pseudo-Maori tattoo on his face lost the case? Has to get the creator's permission for product tie-ins to the tattoo? Oh well, I don't think anyone responsible for a real howler would want to claim their rights, anyway...

Acer writes off MEELLIONS again, scraps raw materials

wub

Acer will be missed.

Sorry, I know this is going to sound like Astroturf (tm), but I happen to like Acer. I've had a 14 inch Timeline for about a year and a half (which I run Mint on), and I don't think I've ever been happier in the presence of something that does not have a pulse. I'm worried, because Acer seems doomed, and when the sad day comes for this laptop I don't know what I'll find that I will love as much.

Unfortunately, while I disagree with your statement, I have to say I have no idea what the original quote means either. Another bad sign for Acer.

Top tools for junior Linux admins

wub

Find and read the log files.

Many good ideas are already posted, but I didn't see logs. When a problem arises, it is probably logged somewhere. If you are still learning your way around, the log files will give you great ideas about what to study next. If you havn't got an issue at the moment, you may see something interesting to follow up on.

I just had a problem with a networked scientific instrument connected to a Windows machine (what can you do? the instrument makers write the software). The problem had to do with bootp, and the logging option was off. I turned logging on, restarted bootp, and got the clues I needed to fix the problem with a simple change to the hosts file. Without the log information, it probably would have been a while before I thought about checking that.

Windows 8 tablets unwrapped in Berlin: Dell goes keyless for ARM

wub
FAIL

Re: Do these tanks have the grunt to park on Apple's lawn?

NO! NO! NO! This is Windows 8 for ARM (or Windows RT). Don't forget about the conditions Microsoft placed on this OS for secure boot! You CANNOT INSTALL ANY OTHER OS ON ONE OF THESE!!! Period.

If it was Windows 8 for Intel (or whatever they call that version), THEN you can get around secure boot a couple of ways (ask Canonical or Fedora) or, supposedly, the end user can simply turn it off.

We have to spread the word! WindowsRT on an ARM device is a complete dead-end.

FCC (finally) cracks down on BLARING! TV! ADS!

wub

Don't forget the compression effect.

I have heard an explanation of why this won't work from someone more knowledgeable than I am, but which I can actually understand. The volume level of your TV is the volume you set. Think of this volume level as a speed limit, or as your bandwidth. Most of the program content does not use the full bandwidth. It is normal for the amount of 'bandwidth' used to vary with time. The explosions always sound louder than the dialog, for example. The loudest sounds in a typical program use much more 'bandwidth' than the quietest sounds.

What the commercial makers do is compress the sound information, so that the very quietest sound is only slightly quieter than the loudest sound, and they arrange for the loudest sound to use the whole 'bandwidth'. This forces all the audio to be as loud as the volume level you set.

It is unlikely that this new law will change my experience, here in California, at all. More's the pity.

Anonymous collective begins leaking Bank of America emails

wub
Go

Follow the Money!

I may be reading too much into this, but doesn't the article say that B of A hired HBGary to discredit WikiLeaks before their emails could be leaked? Why should the Bank pay good money to hobble the release of boring email? After all, they wrote said emails, and presumably know more than we do (at this point) about what they contain. It would be too bad if the original trove is missing the really juicy ones, but I think B of A already showed us there is something worth finding. I say, Keep Going!

Official: Booze prevents senile dementia

wub
Unhappy

Courtesy View of Full Article?

I guess the Oxford Press courtesy view of the full article only extends to UK visitors? Attempting to view the article from the former Colonies, I discovered that to view the article, I either had to be a subscriber or pay US$32 for 1 day access to the article. Too steep for me.

Techies floored by 'virus' after Playboy mansion party

wub
FAIL

Might want to avoid fog machines, too.

Sunday's LA TImes mentioned in their coverage of this incident, that attention was being focused on a fog machine used inside the mansion. That sounds like a spectacular place for legionnella-like bacteria - damp, warm and I'll bet those things aren't carefully dried prior to storage, except in very rare instances.

2009's Top Mid-Range Compact Cameras

wub
Thumb Up

Durability

I can't comment on Fuji or Canon offerings, but my Lumix ZS3 (North American TZ7) is incredibly solid.

On vacation, a kind gentleman offered to take a pic of self and spouse, so I handed him the camera. Important safety tip: force good Samaritans to use the strap. He took a decent photo, then dropped the camera approx 5 feet onto solid asphalt. The impact was mostly absorbed by the still-extended lens.

Initially, I was unable to get the lens to retract - the motor would grind, then an error code appeared on the screen. Being on vacation, I felt I had no option for proper repairs, so I applied gentle pressure to realign the lens until it would close. Two o-rings were partially extruded between lens sections, and I was afraid they would bind up in the mechanism, so I pulled them out. Surprisingly, the camera functions completely normally today. The LCD suffered no damage at all. Except for some minor warpage in the lens barrel and a small scuff mark on the top front of the body, there are no visible signs of the fall.

Amazing. I love this camera. One positive consequence is that I carry it with me essentially all the time now, so I rarely miss a photo opportunity.

Windows 7 to push up netbook prices

wub
Alert

Do Value-Added Support

Once the Linux-based netbooks began to be truly popular, the netbook makers ran screaming back to Windows, because too many purchasers couldn't make the transition to a new desktop, let alone a new OS, even Ubuntu. The support costs ultimately made their decision for them.

Here's a radical thought: do the Canonical/Red Hat/...and the list goes on... thing, and install the free OS/free software, then charge for support.

Biting the hand that feeds IT © 1998–2019