* Posts by ShelLuser

2402 posts • joined 19 Dec 2010

Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested

ShelLuser
Silver badge

@ac

"you can notify a company of a breach WITHOUT using the weakness."

You honestly think they'll believe such stories and would bother to look into them? I don't.

To me this is no different than playing on a Minecraft server and finding a bug. First you try it again to ensure that it was really a bug or a glitch and not an oversight on your end. Once you got that out of the way you get all you need to report it.

The #1 rule of bug discovery is the reproduction of the glitch. If you can't reproduce a bug then you also can't be 100% sure it actually was a bug.

35
0

Firefox doesn't need to be No 1 – and that's OK, 'cos it's falling off a cliff

ShelLuser
Silver badge

Don't always blame others...

"Gal believes a big part of the problem is Google's monopoly on search and its aggressive marketing of Chrome."

Just like so many others I also used Firefox many years back and it wasn't Chrome but Firefox itself which made me bail out. I liked Firefox, a lot, together with Thunderbird it was my de-facto solution to turn to web and e-mail. The main problem: update, after update after update. And some updates were plain out intrusive, sometimes you had to re-learn how your browser worked! No problem if you got time for that, but as a geek who likes to know how his stuff works while also getting tired of spending time on something as trivial as a browser...

I discovered SeaMonkey and started testing that which was also around the time when Firefox actually changed their appearance to a Chrome look-alike. Gone were the easy toolbars, the buttons, the menus. Only 1 tab and that's it. That's when I figured: "If I wanted to use Chrome I'd use Chrome, this is bullshit" and deinstalled everything. If I recall correctly it was around the time Thunderbird introduced tabs for e-mails, a feature I seriously despised, also because I couldn't turn it off. Firefox/Thunderbird had "change because of change" written all over it, and I didn't want that anymore. I grew tired of it.

Been using Seamonkey for a long time (for both web & e-mail) and the best part: it still looks the same now as when I picked it up 5 or so years ago. In the mean time I also discovered Opera (the one build on Chromium) and its easy to see why Chrome has such a high market share. It's much more than merely aggressive advertising.

But other than Opera I never looked back at Firefox. I also don't miss it and I've always been hesitant to try it out again, mostly because of all the bullshit updates they pushed forward.

15
0

Judge uses 1st Amendment on Pokemon Go park ban. It's super effective!

ShelLuser
Silver badge

@Teiwaz

"I've not heard anything much about it since last summer - I'm surprised it's still a big enough thing to worry about large crowds."

Not too surprising I think; don't forget that bureaucratic environments such as this aren't exactly speedy with making decisions and setting plans in motion. I wouldn't be surprised at all if they came up with whole thing when it still mattered and due to time and delays it only got sorted out now.

0
0

Volterman 'super wallet': The worst crowdsource video pitch of all time?

ShelLuser
Silver badge

Makes you wonder..

What kind of people would actually buy into this? That's the part I don't get, try to think this through for a moment and you'll soon see all the nonsense which is being shared here.

So the moment you open this contraption to find the rightful owner it'll take pictures of you? Good to know, thanks for the warning upfront. I'll remember this when taking a nice walk through the forest with my girlfriend:

"No honey! Just leave that thing lying there in the middle of no where, the owner can track it down with the internal GPS"

"But what if its batteries are dead?"

"Yeah, not our problem. Or do you want to risk being photographed and possibly treated online as some kind of criminal? Good luck explaining the mindless "social" media masses that you were trying to find a home address".

"Oh wow, you're fully right. Thanks for saving me, superman!"

"I'm not a superman, I just know these scammerman wallets. You know what? Littering is against the law, lets just throw it into the garbage can over there where it belongs. There, all safe and clean!".

12
0

This is why old Windows Phones won't run PC apps

ShelLuser
Silver badge

Uhm...

I used to run Norton Commander on my Psion 5mx. And that hardware is much older than your average older ("lastgen"?) Windows Phone.

2
0

'Millions of IoT gizmos' wide open to hijackers after devs drop gSOAP

ShelLuser
Silver badge
Windows

Maybe I'm growing into a grumpy cynic but...

Wouldn't it be news if there was an IoT type device out there which didn't have any 'sploits?

10
0

Vendors rush to call everything AI even if it isn't, or doesn't help

ShelLuser
Silver badge
Joke

@Mihto

"When I can ask a device to complete a task it wasn't specifically programmed to do then I'll believe AI exists."

The Tesla (and Google, but I like Tesla better as target) were never programmed to crash into other cars yet it still happened. Oh dear: AI confirmed, Musk was right: they're out to kill us! ;)

4
0

One-quarter of UK.gov IT projects at high risk of failure

ShelLuser
Silver badge

2 things...

I think it's higher. And I also think this is the same for most "modern" Western governments.

Nice to see our tax money being "well" spent.

2
0

AI bots will kill us all! Or at least may seriously inconvenience humans

ShelLuser
Silver badge
Joke

Hmmm....

So AI is going to kill us. I wonder...Could he be concluding as much because of all the accidents happening during tests with Tesla's self driving cars? Because if that's the case then isn't it possible that it's not so much the AI trying to kill the humans, but that the programmers should have been doing a better job?

Of course, blaming it on the AI is much easier. "We're not refusing to build automated cars because it doesn't work, no, we're not building them because we know that AI is evil and will try to kill you all!".

3
0

Create a user called '0day', get bonus root privs – thanks, Systemd!

ShelLuser
Silver badge
Mushroom

We all complain but...

How many of you who currently run systemd will set it up so you can remove it from your systems again?

That is the only way to make a statement here in my opinion: by ditching this POS.

1
0
ShelLuser
Silver badge
Joke

@Swarthy

"So if Systemd* crashes, it writes to a binary log, which requires Systemd* to load up to read the logs - What could go wrong?"

Now, now... you just need to adapt to the new way of Linux'ing. No need to be critical ;)

It will only be a few months before the Samba stack gets imported into systemd and after that you can easily access those logs right after booting with your trusty Windows 10 environment.

3
0
ShelLuser
Silver badge
Black Helicopters

@cbars

Well, the company he works for is said to be a major vendor of commercial Linux support. You don't really expect him to remove a potential for revenue income, do you?

2
0

PC sales still slumping, but more slowly than feared

ShelLuser
Silver badge

How much influence did Microsoft have in this?

Sure, some people liked the Windows 8 and Windows 10 (each to their own is what I say) but trying to put bias aside I think it is fair to say that these two versions weren't exactly popular (Win8) or without controversy (Win10).

So I can't help wonder how much that helped to drive people away? I know plenty of people who got highly upset over the forced upgrade to Windows 10, some in my direct surroundings didn't even give it much of a (fair?) chance because they got freaked out and started mistrusting it. And there are a lot of people who don't necessarily use the PC for intensive things, mostly e-mail and Internet browsing. Well, that can also be easily done on a tablet and better yet: you don't have to worry about unwanted upgrades.

When I look at my direct surroundings and those who stopped using Windows then it has all been tablets or Mac. In some cases as a direct result of a (failed) upgrade to Windows 10.

As such my comment: I can't help think that Microsoft had a big influence in all this.

8
3

Bah Gawd! WWE left wrasslin' fans' privates on display online

ShelLuser
Silver badge
Coat

Maybe...

They could make a storyline out of this.. would be a whole lot more entertaining than some of the stuff they provide us with now.

When I saw a match I don't need to see a re-run the very next week. and I sure as heck don't need to see it gettin repeated (but in slightly different fashion) for the next 6 weeks in a row. Yet that's basically what you get with WWE these days.

Saw the main event in a PPV ("Pay Per View") match? Cool stuff. Chances are high you'll get to see the exact same match right in the next week on one of the free televised shows.

I'll just get my coat now...

3
0

FREE wildcard HTTPS certs from Let's Encrypt for every Reg reader*

ShelLuser
Silver badge
Boffin

An admirable effort.

One thing to note though: (computer) security is not a product you simply install after which you can consider yourself to be safe. Of course this is saying nothing negative about this effort,none at all: I applaud the initiative. Because it brings things back to basics: too many CA's are basically abusing their positions by overcharging their customers for something completely trivial.

But the reason I post this is because too many people seem to believe the doctrine that "HTTPS = safer than HTTP". Which is utter bullshit. It all depends on usage and context. Sure, when going to a website which asks you to log in then HTTPS is definitely preferred. But what about a website which allows you to fill out your (or 'a') name with a small comment (like a guestbook)? HTTPS wouldn't provide any significant increase of security there, yet such websites will be immediately dubbed "insecure" by plenty of browsers.

The same browsers which would dub a website such as "ihashax.u" (I made this up) perfectly safe as long as they use HTTPS while requesting: "pls request ur hax here! <entry form>" <small letters> "we h4x everything, including u, filling out this form means u constitutor to us h4xing u!" </small letters>

Whats my point? Security isn't a thing you can install or turn on or off. Yet all this HTTPS pushing does is that there will be plenty of people who'd consider any kind of website safe as long as it's using HTTPS. That's not how security works! "That exe file can't have been ransomware, I downloaed it from this secure website and even my browser said it was secure!".

Security starts by not blindly trusting on automated tools, and using that grey blub between your ears to think things through instead. Too much reliance on security tools such as HTTPS can create a massive risk in itself.

</rant>

27
17

Microsoft hits Alt-F4 on 3,000 global sales staff

ShelLuser
Silver badge
Windows

Dumbasses!

Yes, pardon the not-so-politically-correct topic. Bite me.

I like Windows. You heard that one right. I'm also a FreeBSD user who "grew up" with Linux while having had a huge taste of Sun Solaris at work (company funded educational process, but because you couldn't buy Solaris/x86 for reasonable prices back then I ended up using Linux as a substitute). In the end I seriously admire Unix and all it stands for and the legacy it provides, but I also still like Windows. For what it is, what it can do and what you can do with it.

It's not easy to try and cater to the mindless masses. We all know better, right? Exactly!.

But Microsoft has their heads so way stuck up in the dark places where no sun shines that they're totally oblivious to the obvious. And nothing we say or do will help them. And the only reason I'm writing all this is because I actually care. YES Microsoft is evil, you damn betcha. Just look at Netscape. But wake up call: all (/most?) companies are. In the end only 1 thing matters: revenue.

The one thing you can say about Microsoft is that they're not hiding their ideas under stools or tables. Of course that doesn't make things any better (damn you for your braindead Win10 tactics, I'm appalled that no one ever bothered to try and sue your asses off! (keyword: try)). Yes, I really like Windows, why you ask?

See.. my problem with this whole thing is that its obvious they're not even bothering to try and re-invent their ways. They had opportunities thrown into their lap and ignored them and stumbled over it.

There is a huge realization growing that Google isn't the greatest of ideas anymore. Too little too late perhaps, but even so. Microsoft never bothered to even try and monetize on that, instead they forcefed us Windows 10. Only Apple showed balls by denying the feds and boy did it do wonders for them (you DO still remember that we got the NSA (American Secret Service) to thank for the massive outbreak of ransomware, right?).

They have all this potential, yet they don't even try to use it. And when looking at the latest Skype they still haven't managed to get a frickin' clue that the times where they dominated the market are a thing off the past.

I think it's safe to say that the enforced Win10 upgraded scared more people away to tablets (and distrust Microsoft) than it did to help ensure the market position. Oh I know the statistics. But I also know how to read them beyond the marketing crap.

How does one count a computer converted to Win10 which the owner only uses to check e-mail and does everything else on their tablets? I call that a lost sale, because there is no way in heck that they'll ever going to buy into the Win10 marketplace. I also call it a liability because as soon as someone tells them: "Linux can do that too!" they're gone.

Microsoft calls this an active user. They converted, they're still using the machine, it's a potential target.

And of course Microsoft is sure to include them into their annual shares: "20% of our users are happily using Windows 10". Of course, in their definition: not complaining = happy. And "Not complaining because I don't know how and as soon as I find a way out I'll move all of my stuff from this computer onto another and then I don't want anyhting to do with Microsoft at all" doesn't fit the pre-determined stats.

No.. Let's forcefeed the users even MORE crap after they already complained about Win8, Visual Studio and Win10. Heeeeere's Johny.. Errr: the new Skype app.

In Holland we have a saying: "Een ezel in het algemeen stoot zichzelf geen driemaal aan dezelfde steen". I'm very fluent with English, I don't know all the sayings though. "A mule generally doesn't hurt itself three times on the same rock". Or: "you don't make the same mistake three times".

As shown above: Microsoft does. As such my title post: dumbasses.

You could be SO much more :(

36
0

Feelin' safe and snug on Linux while the Windows world burns? Stop that

ShelLuser
Silver badge
Devil

Systemd vulnerabilities?

I've been using FreeBSD for years already so... since the article talks about feeling safe & smug and all, I suppose that does somewhat apply to me. Of course, let's be realistic: no one is fully safe. Even with the ransomware issues: everyone seems to ignore the fact that the virusses didn't "just" take over whole networks, someone let them in.

But one thing I do worry about... Exploits which can spread usually focus themselves on one specific vulnerability and then exploit that 'en messe'. Windows is the easiest target because (generally speaking) the main structure of every Windows computer is more or less the same.

So here we are on Linux: where a majority of systems has adapted to systemd usage which more or less enforces the same kind of standards, and right during boot. And as we could read a few weeks back even systemd is not without flaws. Worst yet: because of its nature some of those flaws can even be exploited remotely.

With that in mind I can't help wonder how long it'll take for a worm to specifically attack systemd.

9
0

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

ShelLuser
Silver badge
Mushroom

@Chris

"Has MS heard of it?" (market research).

Uhm...

These are the same people who tried to give us Windows 8 (a touch based GUI on a mouse driven platform). And when that obviously failed they then tried a new tactic: simply forcing people to move onto Windows 10, if you liked it or not.

I still see that news broadcast (weather forecast) where all of a sudden the forced Windows 10 upgrade window popped up. Right in the middle of a live broadcast.

And let's briefly talk about business users... This is the same company which launched a new phone while never bothering to provide something as trivial as a todo list. And when they finally did in the first update this todo list couldn't be synced with Outlook (their flagship product when it comes to e-mail and (brief) project management).

Or about professional developers: that moment when Microsoft decided Visual Studio should follow the same Look & Feel as their consumer platform, and in the process they removed all color from the whole thing as well.

SO yeah... Microsoft and professional users? I don't think Microsoft even realizes anymore what a professional user actually is. Their teams have probably been playing a bit too much Minecraft as of late.

64
0

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

ShelLuser
Silver badge
Facepalm

Not to worry!

I'm sure they're going to solve this problem real soon by adding a firewall into systemd. That should raise security standards dramatically! ;)

8
0

Met Police laggards still have 18,000 Windows XP machines in use

ShelLuser
Silver badge
FAIL

Welcome to bureaucracy

The land where everyone feels mighty important and no one is responsible. Because if you follow the rules like a good drone you're the man or woman the system can depend on!

Yeah, only too bad that it often results in situations as described in this article.

5
0

AES-256 keys sniffed in seconds using €200 of kit a few inches away

ShelLuser
Silver badge
Pint

How well was the PC prepared?

Sure I'm skeptical. Thing is: I once build my PC myself and bought myself a solid tower housing. It's all solid metal, kept on using this for years. Faraday cage anyone?

A few months back I had to dispose of an old (non-working) 4U Dell PowerEdge. The metal casing alone weighed around 20kg. Again: Faraday cage anyone?

2
7

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns

ShelLuser
Silver badge

Details, details...

"To exploit this, an attacker authenticates and then sends crafted data to crash the server to get remote code execution access."

Does that authentication have to be successful or not? Because if it does then I think the risks of this exploit are somewhat limited.

2
0

Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it

ShelLuser
Silver badge

@Jonathan

So that's where all the free vodka I've been getting comes from, awesome! ;)

4
0

No, really. You can see through walls using drones and Wi-Fi

ShelLuser
Silver badge

@Sureo

No, now it's time to turn our hats into wallpaper! The secret which they were initially designed for :P

0
0

Tesco Online IT meltdown: Fails to deliver THOUSANDS of grocery orders

ShelLuser
Silver badge

So uhm...

"Home delivery isn't just about lazyness - if you're a lone parent in on your own with the kids in bed and are expecting food to arrive then you're stuffed, can't just leave them on their own to go shopping!"

You make a fair point, however it does make me wonder how the previous generation managed all this, in a time when deliveries were replaced by supermarkets. Sometimes all it takes is a bit of careful planning.

0
0

Stack Clash flaws blow local root holes in loads of top Linux programs

ShelLuser
Silver badge
Mushroom

Why am I not surprised to see sudo there?

Sudo, though available on FreeBSD, has been banned from my servers for a very long time already and quite frankly it doesn't surprise me at all to see it mentioned here. Ever since I learned that it can accept passwords through /dev/stdin and is also set suid root I dumped it (see it's manual page, you'll want the --stdin parameter). The reason why I think that's bad news should be obvious: a simple carefully placed shellscript called 'sudo' can be enough to capture someone's password (man in the middle attack so to speak).

Still, I can't help wonder how hard the BSD's have been tested or if assumptions have been made on that front. Although I definitely agree with the AC above me ("semi-local access is a potential risk per definition") I couldn't help notice the lack of BSD specific examples. The problem I have with that is because BSD has some failsaves in place. For example: security.bsd.stack_guard_page, security.bsd.unprivileged_proc_debug, security.bsd.unprivileged_mlock, security.bsd.map_at_zero. See the sysctl manualpage for more info on that. Note: not all of my examples are relevant to the problem at hand, but I'm trying to showcase that by default BSD already separates quite a bit when it comes to (unprivileged) memory access.

I also can't help wonder what options such as security.bsd.see_other_uids would do. This option effectively hides / blocks access to any process which is run / owned by any other UID than the current user. I know we're talking about direct memory access, but surely you'll need to know what processes to target in order to take 'm over, right?

7
15

You can't take the pervs off Facebook, says US Supreme Court

ShelLuser
Silver badge

Of course they want 'm banned...

It makes the lives of the enforcement a whole lot easier: now they wouldn't have to take the effort to actually look into what these people are doing, they can simply down the hammer whenever they spot signs of "social media".

Maybe I'm an old cynic but still... I have no love lost for people who abuse children. If it were up to me they'd spend half their lives in jail for that. But I also think that when they served their time you should also give them a fair chance to redeem themselves and sort it all out. And suggestions like these don't do that. As said: I think it only benefits law enforcement more than anyone else.

And the reason for my skepticism? Simple: this is what the government, in general, is very good at: trying to do less work for its citizens while still demanding the same amount of taxes for it. You see this happening in most countries throughout the Western world.

24
0

Yet more reform efforts at the Euro Patent Office, and you'll never guess what...

ShelLuser
Silver badge
Black Helicopters

Money and power...

Those do strange things with people. But one thing which bothers me though: where is the failsafe in all this? You know, the classic issue of who's monitoring the monitors.

More and more stories seem to surface these days about politicians and other people within a position of (certain) power who simply can't control themselves and usurp the whole thing. Yet it only surfaces when someone leaks, the system itself seems totally incapable of detecting and dealing with excessive situations like those.

Yet it's always the person who gets dealt with and replaced, no one seems to care about the system which basically made it possible in the first place.

15
0

You wait ages for a sun, then two come along at once: All stars have twins, say astroboffins

ShelLuser
Silver badge

@Pascal

"So, for our Sun to have a twin, it would have to be Bernard's star, but apart from the distance, one would also have to explain how it could be a twin of our Sun when it is over 2 billion years older."

Apart from what Christoph said there's another scenario which, so far, seems to be getting ignored: apparently we're all also assuming that this sun is still alive. Why?

For all we know it could have collapsed in the mean time and is now one of the many black holes out there. Which would make it harder to spot.

4
6

Now you can 'roam like at home' within the EU, but what's the catch?

ShelLuser
Silver badge
FAIL

Typical: the EU showing muscles, where you DON'T need them

""So the prices of other services could go up to offset the revenue loss. Previously when charges decreased each year, operators put the price of non-EU countries up.""

You can bet your horses that it will. And not just in non-EU countries either, the EU has generally speaking never really been much interested at all in the aftermath of whatever horrible idea they're launching.

This will effectively result in prizes going up so that every customer gets to pay in order to compensate for this. Just take a look at history to see proof of that. Because we've been here before. In 2013 the EU applied a cap on roaming charges and guess what happened next?

So now we get to a point where even if a customer is hardly (or not!) using his gear across the border they still get to help pay for the roaming costs.

How exactly can you call this fair?

But that's not what those narrow minded politicians will see, all they can look at are these "awesome" rules they're setting up which "protects the consumers" while in the end all it does is make us pay even more than we did before.

Thank you EU for making our lives more expensive than they already were, as you always seem to do.

In the mean time the question of when the EU citizens can enjoy 1 tax system or 1 unified prize for petrol or even the right to buy (good) products which are sold in 1 country but not in the other is something which has never been discussed so far. Way to go!

5
12

Firefox 54 delivers sandboxes Mozilla's wanted since 2009

ShelLuser
Silver badge
Pint

It's not uncommon for them to take their time...

Anyone heard of Bugzilla? It's a pretty cool bugtracker which was also build by the Mozilla foundation. Unfortunately they started this in an era where spam wasn't as common as it is now, and so it got decided that a username should consist of someones e-mail address. To add insult to injury these usernames were originally visible for everyone to see. Hopefully I don't have to tell you why this wasn't the best of ideas..

Unfortunately the Bugzilla programmers didn't agree with all the raised concerns about spam and e-mail abuse, but eventually somewhat gave in and made it so that usernames (e-mail addresses) weren't visible unless you logged on. They also started a process to move away from the use of e-mail addresses to use regular usernames instead.

That process took them 14 years (take special note of the people who initially started defending the whole thing by saying how spam wasn't going to be that much of a problem). Actually it took them even longer because they plan to release this change in the upcoming version 6.0 but right now they're still at version 5.1.

So yeah... A Mozilla project which takes their time for certain features? I'm not that surprised to be honest.

7
0

Discredit a journo? Easy, that'll be $55k. Fix an election? Oh, I can do that for just $400k

ShelLuser
Silver badge

If the media would do it's job....

The key thing for a journalist to do is to check their sources, verify that what you heard is true and actually possible. However, that part has been lacking in most mainstream media for years already and as a direct result you get scenarios like this.

Mainstream media cares more about being the first to bring a story (which hopefully will affect sales and/or advertisements) than being the one to bring reliable news. And as long as you don't break that cycle then we won't be seeing the end of this any time soon.

4
1

Specsavers embraces Azure and AWS, recoils at Oracle's 'wow' factor

ShelLuser
Silver badge

I can see clearly now...

The wow is gone. I can see no more obstacles in my way. It's gonna be a bright, bright, bright, bright sun shiny day :-)

I don't care too much about Amazon and Microsoft's online services, but I dislike Oracle even more. So yeah, I'm happy enough about that :)

1
0

Lockheed, USAF hold breath as F-35 pilots report hypoxia

ShelLuser
Silver badge
Trollface

Awesome...

I'm so happy that my government (Dutch) chose to go for the JSF F35 instead of showing some European cooperative mentality and deciding for the Eurofighter. Yeah, apparently people should only feel "European" (instead of Dutch) when it best serves the government.

Now we got a plane which we're not allowed to use on our own because the US basically decides everything (even where to send them for maintenance), the plane has a much shorter action radius and can carry less fuel than its Dutch predecessor the F16 Starfighter. So now it turns out that it will also suffocate the pilots, effectively doing the enemies job for them.

I wonder what will be next...

24
0

Hotel guest goes broke after booking software gremlin makes her pay for strangers' rooms

ShelLuser
Silver badge

I wonder...

If the credit card companies which put up dozens of rules what companies can and cannot do with credit card information are going to do about all this. Setting up rules is one thing, enforcing said rules is what really counts.

Something tells me we'll never hear from this again though.

0
0

Hyperloop One teases idea of 50-minute London-Edinburgh ride

ShelLuser
Silver badge

@R3

I think that's the whole point. People in the US are growing weary of all this so it remains to be seen how much more funding they'll be able to get, so now it's time to try and exploit new markets.

They might be in for a small surprise though I think.

3
0

The internet may well be the root cause of today's problems… but not in the way you think

ShelLuser
Silver badge
Mushroom

When people band together governments start worrying

You do realize that at one time in history governments also tried to ban the formation of unions? Because those would be bad; shifting the balance of power where it should not belong, according to the powers that be of course.

This is not much different. They're not targeting the Internet, they're targeting us humans banding together. Because in a sense we could become a threat to their existence. Because when politicians tell lies, and people debunk those and place their findings on the Internet for all to see...Then only 1 single individual could start a (virtual) riot (with riot I'm not referring to violence, only verbal violence of some sort).

I would have been much more impressed if the British police had actually been monitoring the recent attackers, but the story is that they were not. Another thing which the government would rather keep quiet I think.

13
0

Who's going to dig you out of a security hole when the time comes?

ShelLuser
Silver badge
Pint

Welcome to overregulation

"Am I alone in thinking that these latter items are what we system and network administrators have been doing for years?"

No, but the main difference (the way I see it) is that you had a healthy dose of common sense. Which is something that seems to be rapidly declining these days. Back in the days you had people who knew what they were doing. New admins would get into a new environment, have the patience to learn how this environment worked and study the whole thing and then (and only then) would come up with ways in which they thought the whole thing could be improved. That's how you can grow and evolve.

These days the mindset is much more self-centered. You know best because you got a paper saying you studied. Therefor when you get into a new environment you know all there is to it and will tell everyone how bad the whole thing is because it didn't meet your expectations. Because obviously you know best.

Cool job winning that paper, but it hasn't taught you shit about how things work in the real world. You know: where people are trying to make money and keep things working in the most optimal way.

Yet I get the impression that it is because of nutjobs like that why people stick to dry regulation these days. At least that way you can somehow control the damage, hold people accountable for screw ups a whole lot easier ("you didn't follow procedure") and also help keep those nutjobs I talked about in line.

Of course you're also hindering that evolve part which I mentioned earlier, but many larger companies couldn't give less about that. Which, in my opinion, is their loss. Because over-regulation (as I tend to call it) can also seriously demotivate.

8
0

German court says 'Nein' on Facebook profile access request

ShelLuser
Silver badge
Stop

@AC

"Facebook needs to die a fiery death."

Although I'm no fan of Facebook myself there's hardly enough information in the article to put the blame fully on Facebook.

For example: was she living with her parents or had she left the house already? This could make for a huge difference in the whole situation. Second of all: if she did live with her parents and all then isn't it safe to assume that the parents also gained control over the girls tech? So how hard would it be to try and get a password reset and gain access that way (I'm sure they'd also had access to her e-mail and cellphones)?

The way I see it they started with contacting Facebook, so how exactly would Facebook determine everything was legit here? For all we know the girl could also have been trying to get away from her parents mind you. And giving them access like this could then open up Pandora's box to them.

I'm not saying that this is the case, but with these things you need to rule out every possible scenario, including the nasty ones.

Thing is: if something were to happen to me then I'm pretty sure my parents will know exactly where to look for my password collection. They wouldn't need to contact website owners, all they had to do is use my passwords.

Why didn't that happen here as well?

As such my comment: there's hardly enough information provided to automatically put the blame on Facebook.

0
2

Security company finds unsecured bucket of US military images on AWS

ShelLuser
Silver badge

@AC

"Amazon needs to simplify their platform a little I think."

Have to disagree there. If you're using a certain product which is also publically accessible then you need to ensure that you know what you're doing. I can understand that things can become confusing at some point, but it's not really an impossible task.

This is of course assuming that all of this actually happened.

19
1

Plastic surgery patients face extortion in wake of clinic data breach

ShelLuser
Silver badge
Trollface

I'm sure they had nothing to hide...

Yes, the title is a bit of a troll, but think about it. This is exactly the kind of example why "I got nothing to hide" is utter bollocks. It's not about whether you have or haven't got something to hide, the real issue is how the obtained information is going to be (mis)used.

Many people seem to somehow overlook that very important detail.

8
0

Does Microsoft have what it takes to topple Google Docs?

ShelLuser
Silver badge

Actually...

"If you were to start a business today, would you bother buying desktop software for productivity and collaboration? Probably not, you'd employ some software option delivered as a service.".

Actually it heavily depends, but SaaS isn't exactly the holy grail you know.

Lets get one thing out of the way: I'm biased in favor of Microsoft Office when it comes to the desktop applications. I think it's really hard to beat that functionality, especially if you familiarize yourself with the VBA backend, then the sky can really become the limit.

Looking at online services though shows a huge difference. Google has a major advantage there, the userfriendliness which Google's online services have to offer is pretty much unrivaled. Look... If you see Google docs appear in areas where you can be assured that not most people aren't very tech-savy then that should be a clear signal that Google is definitely doing "something" right.

But back to that top sentence I quoted: generally speaking it's much more appealing for a company to buy into desktop applications instead of SaaS. First the obvious: SaaS may appear to be cheaper, but in the longer run it's not. If I wanted to get a business subscription I'd have to pay roughly E 10,-/month. A business version would cost me around E 230,- / month.

The thing is: there's more at stake than just 2 years worth of use. By buying the software you're also adding to your companies value (assets) which can influence the taxes you have to pay (depending on your country). Another important detail is availability. Offline means that you'll be able to work wherever you want, online means that you'll be depending on an Internet connection. Although a basic connection could do, if you end up with multiple employee's working online then you may also run into bandwidth issues. As such more costs involved.

Next: insurance. When working online you also have to cope with your data being stored outside your reach and basically outside your control. Normally you'd have that roughly covered with the global insurance policies for your company, but since it's in the cloud there will be more at stake here. Also more risks. Sounds crazy? Well, if everything is stored in the cloud then you'd better make darn sure that sales (for example) can't access files from HR, and vice versa. Risk assessment. Do I hear more work, as such also more involved costs?

Do note that I'm not trying to claim that online = bad, it doesn't have to be. Heck: in the higher 365 tiers you're even provided with offline tools. But claiming that online is per definition more appealing than the "old and traditional" offline approach is simply being narrow minded. There's much more at stake than that.

3
1

Windows XP crashed too much to spread WannaCrypt

ShelLuser
Silver badge
Windows

@Danny

"Now I know that XP is well beyond it's end of life"

You'd be surprised, Microsoft still maintains it. Just not for John Doe anymore, but only for those who are willing to cough up a big paycheck for all the hard work. Why do you think they released that patch in the open? Trust me: they didn't build that out of good will and such.

There are still many legit XP environments out there. Even my government quickly ensured the continued use of XP when it became clear that Microsoft was really going to pull the plug. Makes you wonder how skilled the people within those organizations are. I mean: the rest of the world had seen it long coming, yet within our wonderful world of bureaucracy they needed a good dose of the taxpayers money so that they could maintain the status quo.

And that's just one, I know there are plenty of other European governments where XP is still a thing. And Microsoft is more than happy to oblige (for the right payment of course). Always fun to know that plenty of your tax dollars get "well spent", right?

6
1

Event horizons around black holes do exist, say astroboffins

ShelLuser
Silver badge
Stop

@Symon

"It's remarkable how Newton's laws of motion describe the world around us. The 17th century was truly the age of enlightenment."

Not so much about that 17th century, because it was much later when we finally had the courage (and drive) to stand up against the oppression by the church. When that ended it also truly started the rise of the whole mechanical revolution.

Many people fear the influence of Islam right now (in my opinion rightfully so), and many people also can't believe how that religion can so easily set out a death warrant (fatwa) solely because people expressed their opinion about something.

Well... It's easy to forget but our holy Christian church has done exactly the same. You say Newton, many people within the Christian faith said heretic, and it were only a select few who could stand up to that and still carry on their work (as good as possible of course).

Yet that oppression, that fanatic fear for science (or loss of power?) is what makes the 17th century hardly as great for science as these later times.

4
10

US laptops-on-planes ban may extend to flights from ALL nations

ShelLuser
Silver badge

@AC

"Seriously why even transit through the US, just go somewhere else...".

True, but for many people, including myself, that point has already been long reached. Nothing Trump did, the same applied during Obama, Clinton and Bush. I've refused a flight to the US a few times already for the simple reason that I will not allow myself to being treated as a potential criminal. The stuff they demand to know about you is mind blowing.

"I got something to hide?", you got that right.

33
0

British prime minister slams Facebook and pals for votes

ShelLuser
Silver badge
Mushroom

Dear prime minister...

While you take it out on Facebook and all then us citizens would be really delighted if the police would have taken the effort to look into possible terrorist threats when they get hold of information from several sources around the person (including from people in the Mosque he visits!) who tried to warn law enforcement that the person might seriously be up to no good. The person who has now followed up on his actions.

I think there can never be an excuse for the police not to follow up on leads if it turns out that those leads are indeed very serious (which you can pretty sure conclude when even the people running a Mosque start raising their concerns about someone radicalizing I think). Yet here we are. Although the bomber had been put on a list of suspected people we've now learned from (international) media that the police never followed up on more recent warnings and concerns about this person actually becoming a threat.

My parents always taught me that it's usually better to focus on the cause of a problem (and try to fix that) instead of focusing on the symptoms which this problem is causing and trying to remove those. Because although it may look as if you fixed things fact of the matter is still that the initial problem hasn't gone away and can only grow bigger.

But what do us people know, right? Its so much better (<cough>easier</cough>) to focus on Facebook and other social media for spreading nasty videos and helping radicals sort out their plans. Much better for the government to get full access into the backdoors of Facebook so that they can act when something risky takes place. If you guys got your way we'll soon really get a situation when if someone posts a tweet in the likes off: "Let's bomb the bass tonight!" he'll soon be tracked, located and picked up for possible threat speech. Better to be safe than sore, right? Who could have known the person was referring to some kind of lame dance track from the 90's. Collateral damage, safety first!

Yeah, safety first.... By NOT responding when several sources warn law enforcement that they're becoming really worried that a certain Muslim follower acts quite radical. They they even found out he had (indirect) ties into Al Quada and was frequently contacting sources in Syria about all sorts of things. When even his Mosque started to worry about the person (this one still baffled me, shouldn't all alarmbells go off when that happens and these people warn you?)....

And what did the British police do? They had the person placed on a list of people to watch out for. That'd show him! However now it turns out they never followed up in actually monitoring him.

But let's forget about this now, this is the kind of news you read on international media (my source being a Dutch newspaper who ran multiple stories) and which the British seem very protective off. They already scorned the US for allegedly leaking information about the whole thing to the press (I wonder why..). Seems to me the government doesn't want their citizens to know just how much they really did here. It's so much better to blame this on social media and encryption. Because those are evil things. Internet is to blame!

I call that damage control, and I think it's plain out disgusting.

(edit): I'm not claiming the police could have stopped the attack. But I do think it's plain out hypocritical to start a 'hate campaign' against social media when more could have been done. Social media is only the symptom of the real problem.

37
2

Init freedom declared as systemd-free Devuan hits stable 1.0.0 status

ShelLuser
Silver badge
Mushroom

Good show, down with systemd!

What many youngsters forget is that the Unix philosophy wasn't invented to make yourself look cool or to set you aside from other existing systems. The whole idea is to cope with the increasing rate in which (software) systems become more and more complex. Although several models exist to try and help you keep control and remain having a grip on the systems design despite its complexity (my personal favorites being UML and SysML) you can only go so far. Not to mention that in some cases those design models may require a whole study of their own.

So instead we have the Unix philosophy which can basically render UML/SysML completely useless (more or less anyway). Mind you: I say this as a pretty devoted fan of those modeling languages. For the simple reason that it's implementation is simple and to the point, prone to help people keep an overview of what it is they're doing: make something small, make it work well, make sure it can interoperate with other systems and make sure to maintain that. Sure, the downside can sometimes be a cascading effect: if something goes wrong with one small part (think of an exploit) then it might affect others which rely on that part as well. But because it is a relatively small part its fix shouldn't be too hard either.

But this monstrosity?

24
4
ShelLuser
Silver badge

@AC

They probably share the same narrow minded attitude of "I got nothing to hide" when the government demands even more intrusion on the private life of citizens (and usually for bollock reasons too).

14
4

IBM asks contractors to take a pay cut

ShelLuser
Silver badge

Ever heard of contract breach?

You can't have it both ways IBM... The whole reason companies rely on external contractors is "company security": when you don't need them then you can more or less dispose of them (depending on the contract) but there are certain areas where you cannot go.

A contract is basically a (legal) agreement in which both parties agreed that x amount of work would be performed for y amount of pay. You can't just change the deal and expect people to roll over. Because if this is how things worked then the contractors themselves would also be able to do the same thing: "Gee IBM, I think you're not paying me enough anymore and I now demand 10% salary increase. For the same pay of course, and the duration of the contract". Yet that's not the way it works because that's not what you agreed on.

Of course this is also assuming that there are no loopholes within those contracts.

Sure, it's a shame that things aren't going too well, but shouldn't you have thought about that beforehand? You can't have it both ways though: no employee obligations (contract can be terminated at any time) and still apply control over their payment? Sounds like foul trade to me.

Look... If a company gets into trouble and asks this from their employees then I think its definitely something to respect and consider. As an employee you also have a certain job security (at least in some countries). But as a contractor? No way! Business is business, and that's not what you agreed on.

I hope this backfires on them.

23
3

UK ministers to push anti-encryption laws after election

ShelLuser
Silver badge

As if the government had done so much...

The fact is that the people around the suicide bomber have warned the government multiple times that he was an extremist and could be doing something bad. Source is this Dutch newspaper (Telegraaf) here.

Translation of the headline: "Authorities have been warned 5 times about Abedi".

With significant details I might add. That he was an extremist, that he had ties into Al Quada, that he had become a severe radical. Despite all those warnings he had been put on a watch list but wasn't actively monitored.

So I ask you, is social media and encryption really to blame here? What good is giving the government more access if they already ignore the obvious, as has been shown here?

Hypocrites, that's all I can say.

48
0

Forums

Biting the hand that feeds IT © 1998–2017