Posts by Pascal

Re: NEWS FLASH

It's funny how some people think China is that retrograde country filled with such incompetent populace that its economy would collapse and it would lose all skills needed to do anything relevant if a few expat workers were to leave.

Re: It might have as much to do with who was affected as with local culture.

Indeed. The prime minister was affected, so heads had to roll.

Re: xfer

I took an even worse habit of just hooking up the old drive to a new system. My current home desktop has its own fast ssd + big hdd pair, and then it also has the drives from the 2 previous generations hooked up "to be sorted later".

Yes there are backups of that mess.

But I don't see myself sorting it out any time soon.

Maybe next system.

Re: PSA

"Or is it all self-tuning and autonomous for all but the most esoteric setups?"

More or less.

You can get cheap all-flash storage arrays that can do 100,000 x more IOPS than you had access to during the classical period, and of course nobody runs databases against pentium 3s with only a few Mb of RAM...

So unless you have top tier requirements It's easy to just throw hardware at a problem to make poor design go away.

Re: country & western singers

The list is a good first draft, but you really should bump "influencers" up a bit. Probably above country singers even.

The way it works is that messages they send out have unsubscribe links.

Those links ask for confirmation - displaying the name/address about to unsubscribe, and from what list.

This isn't supposed to be crawlable as nothing refers to those URLs in the first place, and robots.txt files block those paths from indexing.

But then people receive messages and post the full message to various forums or other public sites- for whatever reason (sharing messages they got, etc.) and they don't remove those link.

The forums are indexed, and follow those links -- and Google explicitly ignores robot.txt for content linked from other sites, they only honor explicit headers in pages under that circumstance.

The leak really originates from specific users posting their messages online, added to Sendgrid not understanding how google indexing / robots.txt work.

This specific scenario has happened to most major online services like that - any service that has any sort of links that automate access to any types of profiles is susceptible to that kind of indexing when users don't understand where they're posting those links.

Re: GDPR compliance

Of course. GDPR has exceptions tailored exactly for that.

GDPR basically goes "You shall not retain data without user permission, except if you have any other legal reasons to do so".

Re: weight calculation

"You do these calculations before you load the cargo into the plane. Having the plane measure it and then say "oops, that's outside the safe limits, you need to unpack and rearrange" is sort of not helpful..."

Then hum... Why were the passengers sitting IN a plane for 3 hours? Surely they should have done the calculations before letting them board?

Technically, because if your app is free and ad-driven, they're not your customers, they're your product. Hasn't that been the generally accepted consensus for a while already?

Anyway I hate ads as much as the next guy and would rather pay for an app than have ads, I think it's the most annoying shit that can ever be put in a mobile app.

But it seems Google also fucked up in the sense that GDPR doesn't require consent to show ads, it would only requires consent to track users (so personalised ads)? Shouldn't their API be about consenting for personalized ads (with tracking) vs generic ads, without forcing the "no ads" option?

Re: And how...

> "It would also break the secondary market for debts as well, because if companies can't share that information, they can't sell your debts to anyone else"

Oh, the humanity! What would we ever do if that insane, mafia-like "secondary debt market" system disappear? We'd have to shutdown society or something.

Secondary debt racketeers are just about as useful to society as pedophiles and murderers, and should be treated the same.

Re: UK Law Must Introduce Guest Checkout

You don't even need guest checkout, just don't save credit card info after payment -- or at the very least, let the customer decide if you should "remember" that credit card.

Re: Shades of the Pentium floating point bug?

I am Pentium of Borg. Division is futile. You will be approximated.

Re: Nope, it doesn't work

Earlier (before the year-based versioning) it did in fact save "SOMME(...)" and wouldn't load in an english Excel.

single point of failure maybe,

But the alternative is requiring people to have 15 login/passwords to 15 systems.

This results in the same password being used everywhere, or passwords written down on post it notes, and so on.

And obviously, 15 actual point of failures within 15 different login processes.

In theory one secure and thoroughly vetted sign-in system should mean less risks.

Re: The WinTel Cartel...

In this context they're passing along microcode updates produced and vetted by Intel, as part of a very urgent, very critical security update. You really want to lay that one at their feet instead of Intel's?

But he's a government official and he pinky swears it, surely that's proof enough?

> DMARC only reports if your policy is set to "none", it can quarantine and reject mails if you like. or am I missing your point?

DMARC lets you broadcast a policy, that tells the world what *should* be done about messages coming from your domain and that are not authenticated a certain way. DKIM is one of those authentication methods and it can actually protect the domain used "from:" (the one in the message, not the smtp envelope). There are a lot of problems still however:

- Adoption rate is very low at the sender level (only a tiny % of domains have proper spf, dkim and dmarc policies in place)

- Adoption rate is still so-so at the received level. It's a much higher %, but there are still stupid situations like Microsoft still not doing shit about DKIM, and *lots* of self-managed smtp servers don't handle these things properly

And of course none of those policies, and use of those policies in email filtering, will do anything about the fact that most email agents are complete garbage. Take Yahoo for instance, you can mangle the subject line so much that it can alter their webmail GUI, still to this day.

That, or your outlook.exe lacks the proper signature, and isn't the one on the whitelist. Scan for virii? :)

(My Outlook from Office 2013 had no problems writing to my document folders when saving an email attachment after enabling this).

"The article says Google now has a system where you have to reply to a text. The act of replying acts as the validation in the server - there is no code to input"

No SMS or reply.

Their new method sends a push notification to the app. The app then prompts the user somehow ("Looks like someone's trying to log into your account from *location*. Is that you?", with allow / block buttons). Upon pressing allow/block, the app calls a Google API to complete the process.

So yeah it's a 2-way street but it's data communications, not SMS, which is the hey as SMS has been proven to be vulnerable to SS7 and it was effectively exploited in the wild already.

End result is extra security because push notification subscription are "secure" (only the owner of the app can push to a specific phone/installation and no known hiijaking of that has happened yet) and the specific install on a phone is the only owner of the key necessary to sign the response message (the public part of which is sent to Google as part of the enrollment process).

In the end it's one more tool in the 2FA toolkit. Google aren't forcing this, they're offering it as a more secure version of SMS. You can still use authenticators that don't require sms or data connections.

Re: "opting for cheaper 3rd party labels"

I had a very nasty argument with one of those high end audiophile shops when digital stuff started showing up - he was trying really hard to prove to me that his ~$300 gold-plated, HDMI cable was so badass that colors would be brighter, blacks would be darker and general contrast/sharpness would be better.

Complete with 2 TV sets showing the same movies, with "exactly the same things except for good vs cheap hdmi cable", to prove how shitty it was to watch a movie with a cheap $50 HDMI cable vs his expensive one.

Re: Surface, the Apple iPad/MacBook wannabe

Another way to see it is that Surface's goal was to give the OEMs a solid kick in the behinds, and wake them up from all the terrible, terrible hardware they were making.

Just look at screen and storage.

As apple was coming out with retina displays and ssd storage in their laptops, it was still considered a premium, high-end, "costs 100s of dollars more" feature to get an 1920x1080 display from Dell, HP and the like: they were very comfortable still peddling those 1366x768 pieces of junk in overweight laptops with storage that felt slower than my old 20 Mb RLL drives from the 1980s.

The current surface line-up clearly has those heat / etc. issues but calling them iPad wannabees is ridiculous.

Re: Never understood why ..

Holy crap if SMS is "a technology that most people don't use these days" I must live in a weird place :)

But at any rate twitter limit was in no way technology-related, it was a design choice, they wanted to create an instant short-message feed. It's part of their branding, so to speak.

As another poster said, make it unlimited and they'd be just another Facebook knock off.

Re: Perjury

Is it?

I don't care about pewdiepie or that specific game / developer, but I'm genuinely asking from the legal standpoint.

I'm assuming game developers have some rights / control regarding this, and streamers would need their permission and/or could be asked for some licensing fees? After all, (some) streamers are making a living out of this, in somewhat (and I'm really stretching here probably) the way that cable companies make money off the TV channels they carry, but in exchange for license fees. Of course game developers certainly must be getting lots of sales out of the deal (endless hours of free advertising).

I really don't know (or have any very clear opinion either way), but does anyone know the "legalities" of this?

Re: Getting bored now

It's fascinating how in such a short time they went from spectacular explosions to making those perfect landings feel like routine. Soon it'll barely be a footnote to the stories!

Seeing from the onboard camera, coming down from space at 3500+ km/h to land right in the middle of the logo is just amazing!

Re: How is this still a thing?

The point of this however is standardisation. They want to develop a standard that they'll impose on their vendors so that they don't end up with incompatible kits (so whatever form their charging stations take, they don't have to deploy 6 versions of them if they have 6 UUV vendors).

Still...

You let an underling decide on a technology / supplier / etc. on a multi-million deal because she's difficult to get along with?

Honestly her boss is as much to blame as she is... More, probably.

Re: Why Do People Expose Themselves With HTML E-Mail

That's only true for what is nowadays a very small, old-school slice of email users.

Everybody else at the very least can't understand why anyone would tell them they can't have bold, italics, etc. in text they write to someone.

And we're not even talking about the crazy idea that people who get their news, etc. via daily emails should get it in black-and-white text with no headlines / etc. whatsoever.

Email *was* a text medium. Decades ago.

Re: Tight squeeze

> Eh? They've still got a brake and accelerator

F1's really high tech now, they scream engine / braking onomatopoeia into their helmet microphone for that.

Vroooom, Vroooooooooom, Vrooooooooooooom, Vroooooooooooooooooooooom!

Screeeeech!

Vroooooooooom!

Re: IP-Land

That's more or less what your firewalls are for, it's just that most people still assume firewalls are only meant to protect from external threats.

So they still allow, for instance, all servers to connect to any IP in the world using the basic protocols (http/https for instance).

Seems that financial client of Kaspersky was actually doing thing rights, and actually investigated blocked outgoing traffic to the point of hiring Kaspersky to figure out what was causing it.

But in the end your idea is just another approach that would generally not be implemented for the same reasons -- so many people assume traffic originating from their own systems is legitimate by default.

Re: Did you ever hear of the Seattle seven?

The dude abides.

Re: Absolutely uncalled for...

"I dunno, Justin Trudeau seems to be doing pretty well on his own."

This is a gross oversimplification but...

Trump got elected because he ran a popularity contest out of his reality TV "star" status / outsider status.

Trudeau got elected because he's cool and popular on social media.

More than ever voters basically make decisions based on popularity contests, this does not bode well for the future of mankind :)

> It's the new agile, dev ops combination bringing energy and innovation to the customer.

energy? you must mean synergy!

Re: Linus needs to start looking for his replacement.

> "Linus needs to start looking for his replacement."

On a somewhat more serious note, this is something I've wondered about from time to time. I only follow Linux Kernel development from articles here so my view is obviously completely skewed, but these articles definitely make it sound like Linux is what it is almost entirely due to Linus Torvald's vigilance and strict refusal to let any shit slip by. In a sense, if feels a lot like a personality cult, him being the glue holding everything together.

What happens when he retires years from now, having properly handed off stewardship and all is one thing.

How would Linux look like 5 years from now however if he died in an accident tomorrow? Is there a clear path of succession, or would things just devolve into 10 forks from people with different ideas?

I'm not criticizing or anything here, mainly I'm curious to hear from people that know about it more than from El Reg's headlines :)

Re: So which antivirus is the best for Android

> "Go and get a not-so-cheap android phone."

And what is wrong exactly with a cheap phone?

God forbid some of us see phones as actual, you know, phones, not as a social status symbol to be derided if it's not worth more than a reasonable desktop computer.

Re: Whats up with those numbers?

Yeah I think there's a math glitch here?

The author is counting 500 cache misses instead of 50,000.

It should be:

((950,000 x 1) = 950,000) + ((50,000 x 5) = 250,000) = 1,200,000 time units

vs

((950,000 x 1) = 950,000) + ((50,000 x 50) = 2,500,000) = 3,450,000 time units