* Posts by Pascal

271 posts • joined 25 Dec 2009


Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get?


Re: Who wasn't targeted

Using Yandex and not targeting russian companies would also be the simplest misdirect. or a misdirected misdirect. do they know that you know that they know that you know?

Yes, true, fusion reactors don't work quite yet, but, er, maybe AI can help us stop our experiments from imploding


What's the training dataset?

Do they plan to build a few million of those and let them blow up so the machine learning bits can do their thing?

Microsoft throws a bone to those unable to leave the past behind: .NET 5 support on the way for Visual Basic


x += x+X; being unreadable is on you, not not the people writing it ;)

Talk about making a rod for your own back: Pot dealer's seized €54m Bitcoins up in smoke after keys thrown out with fishing gear


Re: It doesn't work like that.

"Once the money counterfeiting printers are good enough to print fake money that is 100% undistinguishable from real money, we'll but one of those printers and print the 50 millions and launder it!"

No flaw in that logic right? :)

Auf wiedersehen, pet: UK Deutsche Bank contractors plan to leave rather than take 25% pay cut for IR35 – report


Re: The bank has paid $18.3bn in regulatory fines since 2008

One thing you can rely on bankers for is the ability to maximise profit.

If they paid 18b in fines over the year and still don't have proper governance, there is only one existing fact that can explain it: allowing money laundering and other financial crimes to continue is at least a good deal more profitable than the fines.

Call us immediately if your child uses Kali Linux, squawks West Mids Police


Re: Yikes

Yeah I think I'm f****d, being in the process of setting up 48 VMs :)

Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth


Re: PII leak

Without having checked, it is a safe bet that Google can afford to preemptively buy youtube.*

Things I learned from Y2K (pt 87): How to swap a mainframe for Microsoft Access


Exactly this!

I got my introduction to databases in Access 1.1. After moving on to bigger things, I still used Access to model databases for a while. It would link to SQL Server and export table definitions so easily, and may as well have been free in comparison with other data modelling software of those days.

Everything's coming up Kubernetes: Google Cloud adds support for Windows Server Containers


Re: Converging?

The trend towards hosted K8s like the big 3 do now certainly is a movein that direction. Sure, the fluff around it - management, provisioning and automation might be provider-flavored but if you run your own containers in K8s, that is really fairly portable.

That's a big step up from the microservices offering of a few years back with lambdas, azure functions, service fabrics and so on that certainly was fun to play with but very provider-centric.

Rockstar dev debate reopens: Hero programmers do exist, do all the work, do chat a lot – and do need love and attention from project leaders


Re: "..manage these people more efficiently by retaining them."

Kidding aside, at some point where you have a very large workforce your policies have to choice but to become mostly anonymous: what actions, incentives, bonuses etc. will keep turnover at the lowest. It makes sense, what I want to hear from HR is "employee turnover in the dev team was only 5% this year".

But we have a few heroes too, and we pay special attention to them - tailored policies to keep *them* happy because while i want to retain each and every dev, if I was forced to pick between losing 5 of those "heroes" or 20 others, I'd prefer retaining those 5.

This is what they were bringing attention to I believe: some devs are "more equal" than others ;)

Beer necessities: US chap registers bevvy as emotional support animal so he can booze on public transport


Re: You don't eat your support animal!

> You're not supposed to eat your support animal

A quick search offers no evidence to support that affirmation.

Although it could be because I used Bing.

So... Beer on!

Former Oracle product manager says he was forced out for refusing to deceive customers. Now he's suing the biz


Or more on topic: the Oracle way.

Christmas in tatters for Nottinghamshire tots after mayor tells them Santa's too busy


"Bare-faced lies are a critical component in the tool belt of parenthood."

And politicians obviously.

So even if he has no kids, he should have knocked that one out of the park!

Remember that competition for non-hoodie hacker pics? Here's their best entries


Re: Creating a politically correct stereotype proved daunting - too daunting, in fact.

Sure being respectful is easy, but political correctness has absolutely nothing to do with being respectful.


Re: Creating a politically correct stereotype proved daunting - too daunting, in fact.

Which begs the question: what is politically incorrect about hoodies and binary waterfalls? :)

Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages


Re: HTTP is going the way of incandescent light bulbs...?

It's true, flash bulbs are long gone.

Watch out! Andromeda, the giant spiral galaxy colliding with our own Milky Way, has devoured several galaxies before


Re: There's a simple fix

Seems like a sensible solution.

Oracle demands $12K from network biz that doesn't use its software


On the DB side, that would not even buy you enough licensing to run a single-core server.

It's beginning to look a lot like October, everywhere you go. Take a look at the Windows 10, primed for release again


Think it's confusing now? Wait for 20H1...

The Semi-Annual Channel names Server builds using just year and month as a suffix.

"Windows Server 1903" this spring, "Windows Server 1909" coming up soon.

What's next? Oh yeah.

"Windows Server 2003" in about 6-7 months.

Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month


Re: Please explain?

The truth of the matter is that all they care about is bypassing firewalls.

Everybody that uses a browser tends to get universal tcp/443 access, and using a new port for dns over tls would require cooperation from IT admins to work on any corporate network and could easily be messed with by ISP and 'others'.

Here's a top tip: Don't trust the new person – block web domains less than a month old. They are bound to be dodgy


Re: How do you tell their age?


Going by that, why even have proxies, firewalls, malware scans? Let's just assume everybody is as smart and trustworthy as you and do away with all the babysitting, right?


Let's ignore for a second the fact that a large subset of "everyone" actually *is* IT-illiterate and not able to to properly answer that challenge, even the smartest, most security-conscious person has the occasional moment of inattention and presses the wrong button.

The most dangerous ones are those that think security policies should not apply to them because they *know better*.

Crunch time: It's all fun and video games until you're being pressured into working for free


Re: But how often?

"Crunch mode" for games tends to be anything from 6 to 12 weeks before release, since release dates are dictated by marketing / holidays and not actual progress.

In classic games of the past, crunch time ended there (note: often in a lay-off!).

But that's not the reality anymore for all the microtransaction-based games as there are now ongoing weekly or monthly deadlines to provide patches/updates/new loot, so on some cases crunch never really ends as long as the game remains profitable.

El Reg sits down to code with .NET for Linux and MySQL, hitting some bumps along the way


Re: MySQL?

I have no love for MySQL but to be fair, your database should not sit on a server configured for a shifting timezone. That's asking for trouble. Make your database servers UTC, let your application logic handle timezone!

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General


The right amount of stupid...

... to have some very, very basic understanding of science (you know... "he knows some of the words"), yet still think laws can change it.

wasn't there a politician pushing a bill to make pi = 3? :)

For pity's sake, groans Mimecast, teach your workforce not to open obviously dodgy emails


That's the stupid kind of 'sorted'...

... and nothing more than another box-ticking idea.

"My company is safe because people only get internet access and the ability to send out email when they make a business case for it".

*1 year later*

"My company got screwed because it turned out that 99% of employees made a strong business case for communicating with the outside world, so we're putting stricter rules in place and now only 10% of employees retained their access, the rest will have to make a STRONG business case for it following the new rules. NOW we're safe!"

*1 year later*

"Well it happened again ..."

Google's Go team decides not to give it a try


Re: On error GOTO

"On Error GoTo" is boring.

"On Error Resume Next" is where the real fun is.

No support for CloudEvents standard as AWS does its own thing with EventBridge


Obligatory xkcd


Let's check in with Samsung to see how it's riding out the memory glut. Operating profit down 56%. Oops.


Re: So, when profit falls, hire 15,000 people

"We're not making quite as much profit as we'd want in this very competitive sector, let's use some of that profit to diversify and grow in a different sector" sounds a lot better than "profits are down, let's fire 15,000 people so we get better dividends", no?

Eggheads have found a positive link between the number of racist tweets and the number of racist hate crimes in US cities


Re: Well, there's a surprise

Don't worry, the China pays the tarifs.

RIP Dyn Dynamic DNS :'( Oracle to end Dyn-asty by axing freshly gobbled services, shoving customers into its cloud


Re: Time to find another solution

We used to heavily rely on Dyn until they coerced us into a $1000-a-month DNS bill entreprise plan based on some 95th percentile QPS (queries per second) bullshit because our domains were generating more queries per month than a (really, really low) number they had hidden in the fine print of their purchase process.

We moved our domains in a hurry to google's cloud dns while we figured out what to do next but ended up just leaving them there - works well enough, and costs pennies (literally).

Remember that crypto-exchange boss who mysteriously died after his customers' coins disappeared? Of course he totally stole them


Re: "real cryptocurrency was transferred out."

*something something blockchain something*

A $4bn biz without a live product just broke the record for the amount paid for a domain name. WTF is going on?


I initially thought they wanted to take over the VOIP market.

Why are fervid Googlers making ad-blocker-breaking changes to Chrome? Because they created a monster – and are fighting to secure it


The issue with that approach is that eventually the "Do No Evil" add-on you trust could be automatically updated to a "Do Much Evil" version by various means: Hacking of the dev pipeline by an external actor or rogue developer, acquisition of the add-on owner by an entity you would not trust anymore, etc.

Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable


Re: Basic security

"PROTIP : The brilliant idea of changing the RDP port from default 3389 to something else DOES NOT HELP. A portscan will sniff it out and your ass will see a six-pack whoopass."

And yet, we get soooo many client demands for firewall rules to allow various protocols on different ports "because it's more secure" ... :(

Microsoft gently leads workhorse Windows Server 1903 for a pad around the paddock


Same here. We're migrating lots of our old monolithic services to containers and microservices. And he who says "Containers on Windows", also says "SAC".

Microsoft Windows 10 'Burger King' build 1903: Have it your way... and it may still leave a nasty taste in your mouth


Re: Tells us a lot....attitude



(comparative more uninstallable, superlative most uninstallable)

Capable of being uninstalled.


Re: Windows 1903 background horror

If "not liking the new default background color" is the worst thing that happens with this update, MS will be happy.

China trade tariffs? Fuhgeddaboudit, say Cisco execs. We, er, shifted some production


They probably didn't limit the 8% hike to only things produced in China, upping their profit margin by 8% for everything else?

Tangled in .NET: Will 5.0 really unify Microsoft's development stack?


The most divisive issue remains...

TAB vs Spaces!

It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw


Re: Thrangrycat?


I'll, er, get the tab? It's Internet Edgeplorer as browser pulls up chair to the Chromium table


Re: If it's going to use the same underpinnings as Chrome..

At the very least, because a new Windows computer needs something to download Chrome with.

Now, some may decide they don't need to since they'll already have the same engine and the choice to download Chrome will be about "who would you rather have spying on you?"

In the claws of a vulture: Nebra AnyBeam Laser Projector


Re: expensive when put up against traditional lamp-based devices.

> It makes you wonder why projector manufacturers aren't doing the same?

To quote yourself, "because the $290 lamp gets very dim after about 1.5 years".

To us it's common sense, to them it's "replacing a perfectly good source of steady income with an option that's both cheaper and long-lasting", a lose-lose.

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again


Re: Spooky

I don't know, I take the simpler approach and chalk it up to lobbying. A non-US company is taking away money from US companies. US companies buys politicians (let's call lobbying what it is). Politician make a fuss. This time they have the added bonus of being able to tie this to some security issue like they did with Kaspersky, but otherwise it's just standard "international commerce".

If you're using Oracle's WebLogic Server, check for security fixes: Bug exploited in the wild to install ransomware


WebLogic is the base web server software through which Oracle APEX apps are exposed, right?

That's a perfect recipe for a clusterf**k there - an unproved web server, used mostly to expose drag-and-drop apps created "Using only a web browser and limited programming experience" -- i.e. managed by people with no business building applications in the first place, so probably lacking any ability to secure the thing.

And of course, the icing on the cake:

- If you're not running the latest version, no patch for you (some of those will be years old versions)

- If you're not currently under a support contract, no patch for you (even MS has the common sense to still distribute security update to known pirated copies of Windows)

We might have the beginning of the next next Adobe-scale security mess right there.

Rising sea levels? How about the rising risk of someone using a nuke?


Re: How about both?: Rising sea levels and nuke use

> "Unfortunately the uneducated masses in the West are afraid of the word 'nuclear'"

I disagree. Maybe they're afraid of the word 'nucular', but most don't know 'nuclear'.

US: We'll pull security co-operation if you lot buy from Huawei


"US tech world has suffered from many years of cutting costs"

Indeed. The corporate-profits-above-all-else attitude on "our" only had one inevitable outcome and as emerging economies enter the tech sector with much larger workforces and without (yet) being plagued by the same issues, the 5G Huawei-vs-the-West debacle is likely to only be the first of a long list that might be remembered as a turning point.

US companies lobbying their way to a ban on grounds of "national security" certainly won't work long term or for all types of tech either.

Add to that the different attitudes towards education in the US vs those emerging economies and this is likely to be a long term affair.

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen


Re: Don't travel to the US.

Yes, because we all know the one thing that's the most likely to get you through such an inspection without any problems is being the smartass guy with "TSA iz Teh Sux" as a password.

Altered carbon: Boffins automate DNA storage with decent density – but lousy latency


"DNA can develop defects -- cancer and mutations are the subject of huge amounts of medical research. Might want to include ECC in your DNA storage technology."

I only very vaguely know what I'm talking about but DNA mutations only occurs on replication / during cell divisions or somesuch right, now "at rest" on its own? Or without I assume external influence like radiation etc. which this storage would be protected against?



Biting the hand that feeds IT © 1998–2020