* Posts by g00se

212 posts • joined 26 Oct 2009

Page:

Softbank's 'Pepper' robot is a security joke

g00se
Linux

.fail

the application performs no control over the file extension. As a matter of fact, we were able to upload images, text files which extensions have been modified to images, and even plain text files without performing extension editing

Actually Unixes don't use the lame and naive system of determining a file's type by looking at its extension. They use magic numbers - a binary analysis of the file. And that's what should be employed in input sanitization if indeed that's required in what i'm surmising is an image viewer. e.g. if you pass a non-image file to feh, it will tell you there's no "loader for that file format"

HTC U12+: Like a Pixel without the pratfalls, or eye-watering price tag

g00se
Headmaster

Invocation

... but in Google's phone it merely evokes the sinister data-slurping Clippy-style assistant.

The word you want is invokes

Bowel down: Laxative brownies brought to colleague's leaving bash

g00se

Saline police chief Jerrod Hart said the tampering of food ...

A seasoned officer, was he?

Systemd-free Devuan Linux looses version 2.0 release candidate

g00se

Re: I don't understand...

>>Oh and I recently dumped Gparted - guess what, it now requires SystemD<<

I don't get it:

goose@t410:/tmp$ apt-cache depends gparted

gparted

Depends: libatkmm-1.6-1v5

Depends: libc6

Depends: libgcc1

Depends: libglib2.0-0

Depends: libglibmm-2.4-1v5

Depends: libgtk2.0-0

Depends: libgtkmm-2.4-1v5

Depends: libpangomm-1.4-1v5

Depends: libparted-fs-resize0

Depends: libparted2

Depends: libsigc++-2.0-0v5

Depends: libstdc++6

Depends: libuuid1

Breaks: udisks2

Suggests: xfsprogs

Suggests: reiserfsprogs

Suggests: reiser4progs

Suggests: jfsutils

Suggests: ntfs-3g

Suggests: dosfstools

Suggests: mtools

Suggests: yelp

Suggests: kpartx

Suggests: dmraid

Suggests: dmsetup

dmsetup:i386

Suggests: gpart

Penguins in a sandbox: Google nudges Linux apps toward Chrome OS

g00se
WTF?

Why?

Not sure why that would be any good. You can already use Crouton if you want to run Linux in 'user space'. What would be of interest is running Linux on the metal. Natch they won't allow their lockdowns to do that

Modern life is rubbish – so why not take a trip down memory lane with Windows File Manager?

g00se
FAIL

life extension - file extension

File extensions visible in that screenshot. I'm wondering if they used to hide them by default in those days ...

Desktop PC shipments dip below 100m/year

g00se

Re: Market Saturation?

I no longer carry a laptop to meetings. Instead I have a tablet. Same thing, different form factor.

Nope - they're different things. One is a device that's capable of high productivity, the other is largely a device for consumption. Before you say you input stuff like a fiend at meetings, consider the general point. Tablets are good at one thing though: getting users to accept a high cost/computing power ratio. Landfill

Private browsing isn't: Boffins say smut-mode can't hide your tracks

g00se

I was going to write a article on my blog about what is left behind after you close a private browsing mode session.

Maybe post a link to it when it's done?

...to see what files can be recovered from the hard drive after the browser session is closed

Presumably a lot of files. How would you know which to look for? Isn't what 'sensitive' data can be recovered the important factor?

Unlucky Linux boxes trampled by NPM code update, patch zapped

g00se
WTF?

Tiala pegged the problem to running the sudo command as a non-root user.

What other kind of user would need sudo?

"Tiala pegged the problem to running the sudo command as a non-root user." would FTFY

Bloke sues Microsoft: Give me $600m – or my copy of Windows 7 back

g00se

Re: 'OEM keys work just fine'

Clonezilla

Until last week, you could pwn KDE Linux desktop with a USB stick

g00se

Re: And which bunch ...

Thats like blaming MS for KDE deciding to hide file extensions.

Pleeeeeeeease tell me that KDE (which i've never used, since it's too Windowsy and bloated) doesn't do that too!?

g00se

Right, but i still don't get it. WTF would be notifier be interpreting a string aimed at (mainly, presumably) mount as a command?

g00se
FAIL

It's bad enough auto-mounting by default, but running scripts/executables automatically too!? (if i've got what's actually happening right ...)

This just adds to my general unease (i could just be being a paranoid old fart perhaps) that the standard of software engineering in the Linux world is slowly dropping

UK web grocer Ocado takes £500k hit after robo-warehouse tech splurge

g00se
Facepalm

I bought

10,000 Ocado shares but found they'd given me 10,000 avocados as a substitution

GCHQ unit claims it has 'objectively' made the UK a less desirable target to cybercrims

g00se
Joke

Oh yeah?

What did they do - make using Windows illegal?

Can't login to Skype? You're not alone. Chat app's been a bit crap for five days now

g00se
Headmaster

Log in

"Login" is not a verb!

Perv raided college girls' online accounts for nude snaps – by cracking their security questions

g00se
Facepalm

Yur pr0nz are belong to us

Powell's interest in all this was obtaining private sexually explicit photos, which people apparently store in their email accounts without much thought about security. It's not immediately clear why the large number of such images on the internet did not suffice.

Wouldn't an obvious possible reason be yet-to-emerge coercion/blackmail?

Skype, Slack, other apps inherit Electron vuln

g00se
FAIL

Re: Microsoft eager to let this be known

It's appalling the new version and voice practically doesn't work on linux.

I can confirm that. My client's migration to Debian has been completely derailed by his dependence on Skype

I've also heard that the Mac version is inferior too. Is that the case?

NHS deploys Microsoft threat detection service on just 30,000 devices

g00se
FAIL

Truisms

NHS Digital has yet to explain why it has taken months to roll out Microsoft's Enterprise Threat Detection Service (ETDS) to only about two per cent of the UK health service's targeted installed base.

They don't need to explain. It's well known that Windows boxes are everywhere in the NHS. Their enterprise is therefore under threat by definition. Adding more MS crap is really going to improve the situation?

Death notice: Moore’s Law. 19 April 1965 – 2 January 2018

g00se
WTF?

Java is dead. Long live Java!

I hate to break it to the buriers of Java, but not only is it not dead but it (or a proprietary version of it) is either running or runnable *inside* your Intel processor and/or its associated chips. See https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub (slide 33 onwards)

PowerShell comes to MacOS and Linux. Oh and Windows too

g00se

Re: binary pipelines

find ./ -exec ls -l {} \; | awk '{print $3}' | grep . | sort | uniq

find -exec stat -c "%U" '{}' \; | sort -u

You're welcome ;)

g00se
Linux

Shell without Power

The big plus with Powershell, as has been mentioned above, is that it allows object-oriented access to system objects. That's not relevant with Unix-like OSs. Strip it of that superset of functionality and you might as well use the shells already available for those.

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

g00se

Re: "Windows as a service"

No - because they at least have the decency NOT to do it in the aaS

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

g00se
WTF?

Checking

Genuine question: who is responsible for checking that WP plugins contain no malware?

Merry Xmas, fellow code nerds: Avast open-sources decompiler

g00se
Thumb Up

Re: Intel ME

Hopefully soon. And some EFI implementations too. There can't be that many at large i wouldn't have thought

Russian hacker clan exposed: They're called MoneyTaker, and they're gonna take your money

g00se

That's true but you might be surprised how UPNP is enabled by default often.

g00se
Black Helicopters

Maybe they're using Intel ME - the backdoor that is likely to already be present in his home machine?

Linux laptop-flinger says bye-bye to buggy Intel Management Engine

g00se

Re: Cool marketing idea

One should note that the laptops currently on offer by refurbishers typically seem to be to old for ME... so it's not a pressing need yet.

Yes. You need a pre-2015 processor to escape it

You mean Google updated its smartwatch OS and nobody noticed?

g00se
Black Helicopters

Shuffle

I take it that, given Google's attitude to personal privacy, they'll quickly be able to identify with their inbuilt sensors who the world's w***kers are? I'd hazard a guess there's quite a strong correlation between that population and the one that would buy such a device in the first place ...

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

g00se
Facepalm

Re: Can't you zap the offending management with a cattleprod?

I suspect you meant Cayman Islands, a Caimen is an alligatorid crocodilian

So, why not take your best guess, therefore, at how the Cayman Islands (formerly called 'Caimanas' and before that 'Lagartos' [lizards] ) got their name?

g00se
WTF?

IME

The flaws struck multiple flaws in Intel's Management Engine ... make it possible to run code that operating systems – and therefore sysadmins and users – just can't see.

Sorry to have to break it to you, but that's the whole point of Intel ME anyway. I shan't query the very odd first five words of the quoted sentence yet ...

Kotlin's killin' Java among Android devs

g00se
WTF?

Open source

Kotlin, an open source language

What would a closed source language be? Just asking...

He's no good for you! Ofcom wants to give folk powers to dump subpar broadband contracts

g00se

Tor ticket

Seems to be some sort of deep packet inspection attempting to throttle torrents / Tor / streaming

Interesting. Other people's experiences?

It would be easy for an ISP to whitelist bandwidth measurement services and claim that everything is fine, whilst still providing a very poor service.

Let's make sure we tell them that such monitoring (by officials) will be done over Tor.

VW engineer sent to the clink for three years for emissions-busting code

g00se

Nice

Hope the board paid him at least five times that to take the rap.

Re-identifying folks from anonymised data will be a crime in the UK

g00se
WTF?

Anonymised?

Does that even make sense? If people CAN be identified from data, then it's not ... anonymised... is it?

Did eye just do that? Microsoft brings gaze tracking to Windows 10

g00se
WTF?

Got a date for thought-tracking yet?

The tech, called Eye Control, will help lesser-abled individuals – such as those affected by motor neuron diseases – use computers without a mouse and keyboard.

Yeah right. That's so totally their motivation, to help that massive number of people with that unfortunate condition isn't it? WTF are they going to be tracking next? Professor Hawking, please denounce this in no uncertain terms!

How can you kill that which will not die? Windows XP is back (sorta... OK, not really)

g00se
Thumb Up

SPs

I seem to have SP2 and 3 for XP. http://technojeeves.com

Trustworthy? If you know the checksums then trust isn't a biggie ;)

Microsoft Surface laptop: Is this your MacBook Air replacement?

g00se

Re: ... but will it

Err ... i wouldn't. But if one came into my possession, there's no version of Windows 10 in the world (so far) that i would be happy with. It'd be like receiving a Maserati that had been fitted with wooden (and evil) cartwheels

g00se
Linux

... but will it

run Linux? That's the only "jailbreak" i'd be remotely interested in.

Revised 'Broadband 2.0' report: 6.7m Brits suffer 'sub-10Mbps' speeds

g00se
Thumb Down

Leeching

One way of kicking people onto paying for higher speeds is to leech from people who are content to stick with entry level BB. That's what i suspect BT are doing with me. Fortunately not enough to be a big problem, but it's nonetheless annoying

UK uni warns students of phishers trying to nick their tuition fees

g00se
Headmaster

Re: Am I missing something?

or was he inferring that all pleasures in Newcastle are random?

I'm guessing you mean "implying"

g00se
Headmaster

Verbicide

I'm surprised that they haven't been shutdown yet.

You mean "shut down". You didn't login properly today did you?

Met Police laggards still have 18,000 Windows XP machines in use

g00se
WTF?

Re: Why?

Try finding a download link to Windows 8/10 drivers for a taser. for instance.

Wow! I had no idea you plugged tasers into computers to use them. That's shocking. Do they have a USB interface?

Looking for an Ubuntu Unity close cousin? Elementary, my dear...

g00se
Linux

Re: "An"? I had no idea!

Unless that was just Red Hat, which I'm now starting to doubt as to whether it was pronounced the way you would expect. "reed hut"? "rude hot"?

It's pronounced 'bread head'

Debian devs dedicate new version 9 to the late Ian Murdock

g00se
Linux

EFI

fyi Devuan supports EFI booting already in Jessie

Ransomware realities: In your normal life, strangers don't extort you. But here you are

g00se
Linux

Inevitable - erm no

Use Linux. The prospect of getting ransomware is probably close to zero

Init freedom declared as systemd-free Devuan hits stable 1.0.0 status

g00se
Linux

fyi

a. Devuan Jessie supports EFI booting (unlike Debian Jessie)

b. network-manager is replaced by wicd in Devuan

HP Inc wireless mouse can be spoofed

g00se

Re: Mad.

Wired trackball every time! Surface unimportant. Much faster. No batteries to fail

Microsoft touts next Windows 10 Creators Update: It's set for a Fall

g00se
Linux

Re: My Windows Wish-List...

macOS does it and I love it

... as do several Linux desktop environments

systemd-free Devuan Linux hits RC2

g00se

Kind of absurd rationalization given that Ubuntu is downstream of Debian, not upstream.

Err .. isn't the fact that it's downstream the point?

Just like Devuan in fact.

That's disingenuous. It's not 'downstream' in the normal sense - in essence it's a fork

Page:

Biting the hand that feeds IT © 1998–2019