* Posts by ShelLuser

2541 posts • joined 19 Dec 2010

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

ShelLuser
Silver badge
FAIL

Way to damage your own credibility

So much for GRSecurity's credibility, in my opinion this moves them right down into the regions of the patent trolls and other nasties which can't win a disagreement using arguments and therefor need to stoop as low as lawsuits. The lawsuit alone makes me side with Mr. Perens on this one by the way.

For the simple reason that this is how his blog posts opens (I quote and emphasized an important detail): "It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.".

SO basically these (in my opinion): scammers are trying to prevent someone from sharing his opinion. That's the bottom line here. Whatever happened to freedom of speech?

But worse yet: if a security firm tries to prevent someone from sharing their opinion then what else are they trying to cover up? That would be my immediate follow up question. You see, within the field of security (and security breaches) it's a very common (but not very ethical) practice not to disclose any security issues and to try and hush them up. All in the name of "best interests" of course, even though sharing the whole thing is usually 1) more honest towards customers or other directly involved parties and 2) might even help others to protect themselves more efficiently.

As such my conspiracy theory: what else have those grsecurity dudes tried to cover up like this?

What guarantee do I have that they haven't tried to force someone to take down a post which tried to warn people about major backdoors being present in GRSecurity?

Hear me out: If this is how they treat someone who makes it very clear that he's only sharing an opinion, then seriously: how would they respond to someone who claims to be sharing facts, the kind which could seriously damage their reputation?

I honestly wouldn't touch GRSecurity with a ten foot pole anymore, let alone put any trust in it to keep my stuff safe. Not after reading about this ordeal (and confirming it for myself).

32
0

Home Office admits it sent asylum seeker’s personal info to the state he was fleeing

ShelLuser
Silver badge
Joke

@kain

"only $15k ??"

<cynical mode>

Yeah, you see the problem is that the government really wanted to give more to compensate damages but in order to do that they would have to first determine the social worker who made the mistake and the one who was responsible for making this mistake. You know: to validate the claim. In order to do that every involved step would have to be re-taken to fully trace this back to the source.

Which could create the side effect that the documents could be sent off again, after all: procedures need to be carefully followed in these kinds of situations.

So in order to prevent any of that from happening the choice was made to limit this to 15k only. And as you can see its in everyones best interest to do so!

</cynical mode>

Yeah, obviously I'm joking here but the sad part is that it honestly wouldn't surprise me if this is somewhat the line of thinking which is involved here. Your tax dollars hard at work! The only question: with what?

5
1

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

ShelLuser
Silver badge

Of course they don't use it

"Please, if you haven't already done so, just enable two-step authentication. This means when you or someone else tries to log into your account, they need not only your password but authorization from another device, such as your phone."

Sharing my phone number with Google? You serious? Absolutely not, because I simply do not trust them not to abuse my number for "other activities" such as sending me "very important" updates about their commercial partners, in other words: plain out spamming me.

See, and this is also where 2FA becomes somewhat pointless. Because what if you can't use an external device (such as your phone)? Simple: then they'll send you the extra step using other methods. For example a webpage so that you can authenticate yourself twice from the same machine (your computer). So if your computer gets taken over you're still screwed.

Which is another point for concern: session cookies. Generally speaking everyone clicks "remember me" thus allowing themselves to automatically log back in once they revisit the website. Steal all those cookies and...

2FA is nice, but it doesn't solve the main problem.

44
15

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

ShelLuser
Silver badge

Too much trust being put into certificates?

Why can't we treat HTTPS for what it is: an encrypted connection between the browser and the website, and nothing more. The audience is constantly meant to believe that HTTPS = more secure and although there is some truth in that I also think it becomes overrated when certificates are being used as some form of proof of identity.

GPG works because it gives us users the freedom to determine our own web of trust. If I have your key it's up to me to decide if I trust you enough to validate other people's keys. Effectively resulting in your signature giving only as much value as I put trust in it.

But X509 certs? Not so much. Basically we have to trust a bunch of CA's "because" (usually because they paid for the privilege) and that trust is more or less absolute. While we do have control over who we trust (though I doubt many people would rummuge around their cert storage) it's either "yes" or "no", there are no partials and you also can't demand that a key is signed by multiple CA's.

I think it's strange (but also not that strange) that this has never been changed, maybe even trying to apply GPG's web of trust design into the X509 hierarchy. Of course it's not that strange because many bigger companies earn quite a bit of money with selling certificates so obviously they want to protect their revenue. There's a higher preference for adding even more "authentication" stuff based on closed standards within the x509 hierarchy than making things more accessible.

But making things more accessible - generally speaking - also tends to increase overall security. I believe the open PGP standard is a good example of that.

Why not simply use X509 for what it is: an encrypted connection which prevents 3rd party snooping as best as possible. But it doesn't mean squat about the legitimacy of liability of a website.

8
6

EU court to rule whether Facebook should seek and destroy hate speech

ShelLuser
Silver badge

Very selective actions...

Oh dear, hate speech. That's obviously an outrage so we're going to target the platform which posts them, while obviously ignoring the original source because... $effort, and who cares about those anyway? After all: Facebook is rich and you can probably squeeze 'm out a little, nice for your personal wallet. Those sources are obviously (warning: stereotyping!) unemployed and uneducated people so even if you do take the effort of finding them you won't be able to fine them.

Poor politicians, I can almost hear them thinking: "Who ever came up with that bizarre idea of free speech? It's so annoying!".

No: I do not condone hate speech and I fully agree that death wishes and all that garbage has no place on the Internet. But there's also something as: Don't shoot the messenger. This symptom fighting will only help the EU with handing out fines and generating some extra income (which is another issue of mine: what good does it do to hand out fines? who, other than the finee(?) benefits from that?).

If someone is misbehaving and breaking the law whilst doing so then hold them accountable. Yes, that won't be easy, but at least you'll actually change something (somewhat) when you do. This accounts for nothing, and only financially benefits the EU.

10
9

Q: How do you get YouTube to stop funneling ads to your vids? A: Make jokes next to a dead body

ShelLuser
Silver badge

Let's just hope that...

The real social justice, the kind I actually respect, will run its course here. As in: people massively unsubscribing which will hopefully move this channel into the obscure regions of the Youtube community. Will probably be hard if he had to get a real job again.

11
1

Worst-case Brexit could kill 92,000 science, tech jobs across UK – report

ShelLuser
Silver badge

Something doesn't add up for me...

"However, the report said that the main problem facing the science and technology sector is access to funds after Brexit. The UK is a major recipient of EU funding, either in grants for individual researchers or as part of larger, international groups."

But in other countries we're told that the UK leaving is bad news because the costs for those other countries will significantly rise because the UK no longer contributes to the EU anymore.

So what is it, you can't have it both ways.

6
0

WikiLeave? Assange tipped for Ecuadorian eviction

ShelLuser
Silver badge

@John

"is this guy Bin Laden's brother or WHAT?!!"

No, but it's the easiest money those police officers will ever make.

6
0
ShelLuser
Silver badge

@Phil

More interesting, and what I'm missing from the El Reg article, is why this issue is suddenly taking place and becoming a thing.

According to another news agency Assange has been engaged in a massive discussion / dispute on Twitter with the Ecudorian president out of all people over the issue in Spain with Catelonia. Apparently Assange is heavily in favor of them becoming independent and Ecuador is against the idea. Leading up to Assange calling out the Ecudorian president on Twitter over this.

Note: I can't verify this for myself because I don't have a Twitter account nor do I want one. But I do consider my source to be reliable (for whatever that's worth).

How stupid and/or arrogant do you have to be to pull that off? I mean... He has Ecuador to thank for his limited freedom. And then he goes on to verbally attack them? I seriously fail to understand that part.

I know that sometimes you uphold ideals and/or morales, and sometimes you stick behind them no matter what. But openly and verbally attacking the main person who is gracious (and gutsy!) enough to help you by granting you asylum and letting you stay on their ground even at the risk of a diplomatic hiatus? And that's how you thank them?

Sorry... I still think that Wikileaks is/was just the thing we need(ed) (everyone hear of "Don't shoot the messenger?") and it also upsets me that a lot of people are more angry at Assange for exposing all the mishaps instead of getting angry over the idiots who performed all those mishaps in the first place.

But having said that: I expected better than this.

16
0

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

ShelLuser
Silver badge

Innovation is what's needed...

"Old school model, pay $50 and that's it."

Which is also how it should be. I'm pretty much of an audio freak and have purchased several professional DAW's and same thing: you pay a lot of money (around E 700,- or such for Ableton Live Suite edition) but that's it. The version gets supported for many years until a new version comes out, then I can upgrade (but with a huge discount because I'm already a customer) or chose not to. When the version after that comes out: same deal. I can upgrade, with a discount.

The problem though is that software vendors should be more innovative. There comes a time when you don't have much extra to sell your audience, after which some customers can become stingy if you try to sell them stuff which - to them - isn't worth the upgrade costs.

There are some software vendors who I really admire, and who I've stuck with over the years. Especially: Ableton, Propellerhead, Visual Paradigm, Daz Studio and Cycling '74 (now part of Ableton). Oh, and AOMEI tech: their partitioning software is brilliant in my opinion. Even the free version does good stuff, but it's well worth buying into as well.

So what would be the main thing which "ties" all these companies together? Their "old school" and honest sales model: you pay for an item, you download the item and it's yours to work with. No subscription nonsense, no "new version = new full payment" nonsense (they actually value their customers!) and most of all: I seriously enjoy working with the software.

Microsoft? I actually paid for Windows 7 (bought the Professional version) and what did I get? They tried to force me into Windows 10. Not even the pro version! So much for reliability. I'm staying on 7 for as long as it's supported and after that we'll see what's next. I wouldn't even be surprised if I'd move onto FreeBSD (with a Win7 VM for my regular work) or maybe even make a switch to Apple. I don't particularly like Apple (in some cases I think it's overpriced) but to my knowledge they don't try to force you into stuff you don't want. And all my professional software runs on both platforms, so....

10
0

WD My Cloud NAS devices have hard-wired backdoor

ShelLuser
Silver badge

Not surprised..

I had a My Book (500Gb) for quite a long time and later on bought myself a My WorldBook (1Tb). It was fun while it lasted: after a while the MyBook didn't work for some reason; even copying a 1Mb file would take minutes (just for context: my computer and the MyBook were hooked up onto the same switch, and other network related functions worked without any issues).

Eventually I opened it up, took out the HD, learned about the Linux OS and ext2 (or ext3, don't remember) filesystems and then copied all my data from it. Right now this same HD sits inside my FreeBSD server, now UFS formatted, and it works just fine. So much for reliability.

I still have the WorldBook but I don't dare to copy any data onto it because I fear for the worst. So it's read-only for now. I'll probably end up opening it up and taking out the HD as well, that will be the end of my My Book endeavors.

2
0

Important message for January Register Lecture attendees

ShelLuser
Silver badge
Joke

So a far more important issue...

What is the current snack policy? We bring our own beer or... ? ;)

1
0

Women reboot gender discrimination lawsuit against Google

ShelLuser
Silver badge

@Pence

Well said, but you forgot one (sort off, because mine is from the employee's pov):

"If you feel to get underpaid then don't agree with the job offering in the first place".

They make it sound as if salary differences are all based on gender, but in most companies a difference in salary even occurs amongst men as well as amongst women. That's the part which is carefully left out of the equation here.

5
0

UK drone collision study didn't show airliner window penetration

ShelLuser
Silver badge

But does it need to break to create a risk?

"the risk posed was far less alarming than both the union and the Department for Transport had claimed. Instead of penetrating cockpit windows, rigorous tests of drones launched against"

I'm not so sure I'd support that theory. Because even if the windows only get cracked instead of broken there's still plenty of damage being done. Not necessarily physical damage (as demonstrated in the study) but the pilot(s) are still at risk for getting exposed to some severe distraction.

Sure, that doesn't have to immediately result in a major crash, but it's still a risk factor which I think should not be taken too casually, as seems to be done here.

Of course I still think a general drone registration seems a bit off and only diverts the attention away from the real problem. I mean... Do you really think that a regular drone used somewhere in-land (say 100km away from the nearest airfield) could pose a risk for any airplanes? I somewhat doubt that.

Instead of requiring people to register, why don't they uphold better security measures around airfields and actually enforce those? So: if you spot someone operating a drone near an airfield then you fine him for endangering air safety. Surely it should be doable with todays technical standards to pick up any signals which are used to operate a drone and then take according action?

5
6

And we return to Munich's migration back to Windows - it's going to cost what now?! €100m!

ShelLuser
Silver badge
FAIL

@Vev

"You may think because it’s a free world, open source, and not Microsoft that LibreOffice is the perfect digital independence option, but it is just as constrained as every other offering."

Except of course that it's not.

First off LibreOffice fully supports the MS Office file format thanks to the power of open standards (see this link. So there's no limitation there, you could even use both products side by side if you wanted to.

Another issue is that you can continue to use a supported version of LibreOffice no matter what, no extra costs involved. With Microsoft this means that you'll have to pay a considerable amount of money on an annual basis. I say considerable because you're basically buying into the product over and over again where a lot of other software vendors opt into other methods... Either you buy the software and then get free updates until the next version, which you can buy at a discount. Or you buy the software and then are entitled to an x amount of support, and after that period you'll have to renew your support period. However, also at a fraction of the costs of the original product. It's Microsoft which wants to have it all.

Also don't buy into the doctrine too much. They make it sound as if it would be an immense amount of work to convert the used templates but somehow I seriously doubt that. Although it's true that Microsoft has a bit of an advantage with VBA (in my opinion anyway) it's really not that difficult to port stuff to LibreOffice which supports not one but several coding standards: LibreOffice basic (somewhat comparable to VBA), Java (through BeanShell, I'm a huge fan of this one!), JavaScript and Python.

It's not Libre but MS which is constraining here.

16
2
ShelLuser
Silver badge
Joke

@Ken

"I mean ... jeeez ... couldn't get *email* to work? On Linux? Did they even try?"

Rumor has it that if you don't appease the systemd gods then "bad things" will happen. Can't we just blame this whole thing on systemd and start a riot to get it removed?

12
6

UK security chief: How 'bout a tax for tech firms that are 'uncooperative' on terror content?

ShelLuser
Silver badge

@Flocke

"for the police to investigate when terrorists get dobbed in by the neighbours"

Bad idea. I mean: why are we paying taxes for? Isn't that exactly to get jobs like this done from the government in the first place?

Also... remember the last suicide bomber in London? No? Good, because that's the best way to punish them: forgetting about the people who did it and only remember the incident itself.

But anyway: several people from his surroundings, including people from the mosque he visited, had warned the authorities several times. And the police did little more than putting the person on a list.

If that's how our government responds to reported terrorist threats, then I think that money is the least of their issues.

18
0

Meet R2-DILDO: 'Star Wars' sex toys? This is where the fun begins

ShelLuser
Silver badge

@Rameses

Quotes from the movie?

I can think of one now when you're shopping with your kids (who want Star Wars toys): "Come on kids, those aren't the toys we're looking for!".

3
0

No hack needed: Anonymisation beaten with a dash of SQL

ShelLuser
Silver badge

It's one thing to make a law...

But enforcing it is a whole different ballgame.

For a moment I thought that it can't get any worse, are our politicians this stupid? Then today I learned that the modern generation of todays time, at least in Holland, can hardly write. And no: with writing I don't mean jamming on a keyboard, I mean with pen and paper: actually write. You know: the thing you can do even when the power runs out? Not being dependent on...

So then I read this article again and suddenly it made more sense: as time passes by people tend to get more stupid every cycle.

24
1

Ex-Microsoft intern claimed one of her fellow temps raped her. Her bosses hired him

ShelLuser
Silver badge

So what did the police say?

I see a lot of talk about what the woman thought and such, but I'm missing out on the results of her report to the police. Did the police do anything? Was a rapekit used? Did they find proof of sexual intercourse? If the police didn't do anything then I don't see what Microsoft could have done here. After all: in the end this all resulted in a "she said, he said" kind of scenario, and in our democracy you're innocent until proven guilty. Also noteworthy is that the whole thing didn't happened on the Microsoft workfloor but at her (shared) home.

Even the article says that she was asleep and "thinks to have remembered that she was being raped". Is that enough to ruin someones career? "I think he did it, but I'm not sure"? And once again: I'm seriously missing out on what the police investigation (if any) resulted in.

This isn't about a sexual assault on the workfloor, but instead about sexual related issues at home where both involved individuals also happened to be working for the same company. So unless the police actually got involved then I don't think there's much the company could do here.

69
9

So what happened with the patent judge and the Euro Patent Office?

ShelLuser
Silver badge
Pint

People need to go, yet the flawed system remains...

You see this happening so many times and the reason for it can easily be traced back to the hierarchy of power which many involved secretly lung for, even if they don't admit to that or appear to be really in for fair play and democratic behavior.

See: the problem I often have with stories such as these is that every single time when you read about someone abusing their power or their position within a hierarchy then this news is often leaked. 9 out of 10 times people surrounding the culprit leak information hoping that the press catches on and that the wheels of justice (?) start spinning.

When there's enough foul play going then people get relieved from their positions or also not uncommon: they get transferred to another position and/or job so that they can basically continue doing what they do best but at a position where this is less taxing. Everyone happy, all is well again right?

Well, no. Because has it never occurred to anyone that no one ever seems to bother about the system, the very hierarchy, which led to this abuse of power in the first place? Sometimes it's not just the people which need to go, but the very system itself which allowed for the power abuse to occur in the first place also needs to be addressed and improved. Yet that's something you hardly see happening.

Which makes it really hard for me to take any of this too seriously. For me it's all the same: a pissing contest, with the major difference that we all get to suffer from this because obviously all of this is paid for from the taxpayers money.

I'll even go one step further: at least the African dictators don't make a secret about it where their main priorities lie: themselves. In Europe dozens of people within the political hierarchy easily claim to serve the democratic process but reality shows something quite different. And there's nothing you or I can do because failsaves are something most politicians never heard off.

And even if they did it would be something which is usually undesirable. After all: some day it might be you who gets into that position of power, and you certainly don't want to take actions which could "negatively" affects that, do you?

Meh, time for the beer icon :P

4
2

So you're 'agile', huh? I do not think it means what you think it means

ShelLuser
Silver badge

The means have become the goal

I'm a pretty big advocate for modeling languages and certain software development / project management methodologies and/or frameworks. Agile can be a part of that, but the emphasis for me lies on UML / SysML and BPMN.

If there's one thing I've learned over the years its that the means to reach a certain goal have become the main goal in itself for some people and companies and that's also exactly where your problem lies I think: people who fail to grasp the basic concept of the whole methodology. Which is that the process (modeling, project management, etc.) should help you make things easier on you. As soon as it interferes with that then you're doing something horribly wrong.

And that interference can manifest itself in multiple ways. From smaller issues (like a data analyst being more worried about having applied the correct standards than the validity of his research material) to bigger issues (managing a team with Agile and ending up with most of your team members who would prefer to see the whole thing get canned so that they can get back to work).

Or to make this easier to understand: it shouldn't be about "doing something Agile", it should be about "doing something efficiently". If Agile can help with that, awesome! But that doesn't mean you'd have to follow the process to the letter to make that work.

5
2

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?

ShelLuser
Silver badge

I can understand people watching "lets plays"

To me someone watching a "lets play" video on Youtube (= someone playing a video game) isn't that much different from someone watching sports on TV.

Because in the end you're more or less watching the same thing: someone competing in order to try and gain a result. Either competing against others or competing against the system (the game). It's that competitive element which attracts and entertains certain people. Really nothing special there.

3
0
ShelLuser
Silver badge

@Haku

"A shame really, I'd have liked to have seen what happens when the viewcount goes over 2,147,483,647 views on a 32bit counting system."

Simple: when properly programmed: absolutely nothing. You can easily try this for yourself by firing up Excel 2010 (32bit), entering this number and then adding =A1+1 into B1, and the result shown will be 2147483648. On a 32bit environment, how amazing (not) :P

9
6

YouTuber cements head inside microwave oven

ShelLuser
Silver badge

Send them the bill

I think that's the best way to get the message across that stunts like these are not appreciated. Send them a bill to roughly cover for time and effort wasted over something they clearly brought upon themselves. Maybe that way they'll actually stop to think a moment before trying out the next "cool idea" which pops up.

45
2

Elon Musk finally admits Tesla is building its own custom AI chips

ShelLuser
Silver badge

@AC

"Say anything negative about Tesla (even with justification) on a related forum and watch the hate come out."

That I can definitely agree with. However, that's something you'll see happening everywhere. In a way you could even argue that on behalf of Tesla ;)

But I do agree on some points that there's a lot of hype surrounding some of the things with Musk does. Up to such height that no one bothers about details anymore, even if they are pretty important.

Take the Hyperloop. Has no one spotted the massive amounts of rust which you can see forming on the inside of the currently build test track? Every time a reporter films and gives you a shot of the inside then you can see it for yourself. That's not an example of good engineering and it can cause many problems in the future, but it seems no one cares. Each to their own but if you know what rust actually is, what it does and what effect it can have then yeah...

Things like that often surprise me.

But.. one way to find out.

7
1

'Drunk' developers delay software vendor's release

ShelLuser
Silver badge
Pint

Well, at least they're honest :)

.. about some things.

Cheers!

Wait... darn, I suppose beer doesn't cut it. Vodka is probably much more appropriate here. Could we get a vodka icon to please Mother Russia? :) Darn, now I need to use the joke icon too. Could we get the option to use 2 icons to please us drunk writers? :P

ok, I'll stop now ;)

7
0

The ultimate vendor lock-in: High school opens on Oracle campus

ShelLuser
Silver badge

Can't blame 'm for trying but...

I would seriously wonder about anyone who would let their kids go to school there willingly. Of course.. If you live in the area and this school is closest by and the most convenient then sure, I can understand why. But otherwise...

"Sorry Jimmy, but you got a D on your homework assignment. While using PostgreSQL as a backend database server isn't wrong, the correct answer to the question was MySQL".

"What question? all you told us was to make an interactive website using PHP...".

7
2

Quentin Tarantino in talks to make Star Trek movie

ShelLuser
Silver badge

@Jason

"For a Tarantino movie to work, it would have to have Jackson in it (and perhaps an infestation of some kind of poisonous space snake)."

Don't forget the non-linear timeframes. It needs to jump back and forth so many times that eventually you'll stop paying attention to the movie and more so to figuring out when the stuff you're watching happened.

I first saw this in Kill Bill and I thought it was different. Then I saw Sin City and well, it got boring ;)

14
3

Is Oomi the all-in-one smart home system we've been waiting for?

ShelLuser
Silver badge

One small concern

"No more scanning bar codes and typing in codes, or connecting your phone to its WiFi signal, typing in your WiFi password and then returning back to it via an app. Just wave the parts close together and you're done.

People will appreciate that until the moment the system gets compromised by 3rd parties. And considering the lack of required human interaction I can't help question the security aspects of this thing, especially considering all the comments in the article about "buggy software".

14
0

US credit repair biz damages own security: 111GB of personal info exposed in S3 blunder

ShelLuser
Silver badge
Trollface

I'll bet they had nothing to hide...

I'm starting to sound like a broken record because I've posted something like this quite a few times now but yah, they keep providing us with good examples.

See title: I'm pretty sure their customers had nothing to hide, but as always that's not the primary concern when it comes to privacy and such. The real concern is how the other party is going to (ab)use all the collected data.

And here we are, once again an excellent example. Let the identity theft games begin!

Ironic isn't it: if you want to store information related to credit cards you'll have to go through a ton of hoops (PCI compliancy for example) before they'll let you off the hook. And the credit card companies themselves? Well, they seem to have no problems with just dumping all their data onto a public storage facility.

If an individual does this there'd be massive fines to pay, but I'm sure that's all "different" for these guys.

16
0

Report: Women make up just 17% of IT workforce, paid 15% less than men

ShelLuser
Silver badge

My gf told me...

"Modern feminism is the root of all evil". And I believe her.

10
4

Germany says NEIN to purchase incentive for Tesla Model S

ShelLuser
Silver badge

Who would want a Tesla anyway?

There are some youtubers who are actually enjoying their Tesla's and sharing their experiences, but if you see what they have to endure then I sincerely wonder who in their right mind would buy this crap. Someone mentioned that his front window has been replaced 3 times because the window for some reason heavily changed the focus within random sections of the window. One moment you see it clear, the next moment you see things distorted. The heck?

Then he shows us the side. There's a plastic strip going from front to back, but as soon as you reach the backseat doors the strip suddenly shifts by a few centimeters.

You can easily find this on youtube yourself. The worst part: the guy actually likes the car and he's not even negative about Tesla (I would be!) but right now hopes that his problems will get fixed.

I've had a few cars myself, but I have never had my frontview window replaced 3 times in a row.

Do you really get what you pay for?

6
4

That 70s Show: Windows sprouts Sets and Timeline features

ShelLuser
Silver badge
Stop

Expanding single point of failure much?

Now, the idea by itself isn't too bad. Having several programs being able to interact with each other has existed for a long time already, tools like OLE (Object Linking & Embedding) for example. In Microsoft Office they even took this one step further by providing us with VBA (Visual Basic for Applications) which in its turn has access to an API which provides access to all Office components and a whole lot more.

I know not everyone enjoys VBA but I personally quite like it and believe it still has huge potential.

The problems though start when one program begins to negatively affect the other. If that happens then you don't want to be fully dependent on a shared link between those but you'll want to be able and work with them individually. This is also why Windows eventually adapted a model in which programs were treated more individually, because in the beginning one malfunctioning program could easily take down the whole system (mostly talking about Windows 3.11 / 95 here).

And that brings me to my concern: although the idea to have all your work grouped together in one 'Set' might sound like a good one, I can't help wonder what's going to happen if - for whatever reason - your Set suddenly crashes and stops working. And don't tell me that won't happen: every Windows user has experienced a crash and loss of work at some point in time.

If you have one program which crashes then the risk of data loss is somewhat reduced. But now if all the stuff you're working on crashes at the same time then I think you might be in for some pretty unpleasant moments.

Go Microsoft! :P

5
0

Google Chrome vows to carpet bomb meddling Windows antivirus tools

ShelLuser
Silver badge

And this is why I use Opera

Opera is a browser build upon the Chromium engine and has a lot of its own specific features and quirks. I tried it and immediately took a liking to it. You can clearly notice all the things it provides because of the Chromium engine but even though it may share some resemblances it's definitely not Chrome, and hat shows.

A lot of things are done in much different ways, and some features (like a build-in VPN) are simply Opera-only features.

I really don't see Opera disabling or disallowing plugins any time soon because that would surely kill their market. There's a whole extensions website and from what I can tell it's pretty popular.

So maybe now could be a good time to look around for "Chromium based browsers" as an alternative for Chrome itself.

8
1
ShelLuser
Silver badge

@bigtimehustler

Have to disagree with you on that one.

Although you're absolutely right that Chrome can easily take the blame for something it didn't initiate itself, it was still Chrome's API model which allowed for it to happen. Surely it should be doable to set up an API which can ensure that if a plugin goes bonkers then it won't take down the rest of the system with it?

I can't help wonder if this is simply caused by not adding a good API structure and now paying the price for it. And instead of fixing things they'd rather take the easy way out by removing the thing alltogether.

15
3

Night before Xmas and all through American Airlines, not a pilot was flying, thanks to this bug

ShelLuser
Silver badge

@sjsmoto

"I love how they make it seem like the company really really wants to pay them more, but golly gee, that darn contract is getting in the way."

You raise a valid concern but sometimes this can actually be true, depending on the kind of government and the rules they apply. For example: over here in Holland employers have to pay 50% worth of taxes if they want to give their staff a little bonus on the payroll. So say a company has 4 employees and wants to give them half their salary as a bonus then they'd actually be looking at an effective cost of twice the salary costs. Even though the employees only get to see half of it.

I'm not implying that this is also happening here, but it most certainly wouldn't surprise me if you had to put the blame on the government instead of the contract.

2
0

Accused hacker Lauri Love's extradition appeal begins

ShelLuser
Silver badge

Commit the crime, then do the time...

Sure, the guy now suddenly has all kinds of health issues and what else, but he should have thought about all that before commuting any actual felonies. Think before acting and all that.

However, I also oppose the whole deportation request and hope that he'll be tried in the UK. For the simple reason that I don't think the US is looking for justice here but merely trying to play out their own personal agenda.

Even so, the morale of this story is still the very simple aspect of not committing a crime if you're not ready to deal with the consequences.

13
17

No 'Pai-day' for India: nation to adopt strict network neutrality

ShelLuser
Silver badge

<gasp>

A government actually caring (or at least looking after) the interests of its citizens? Impressive.

13
1

Watch how Google's AI catches shoulder surfers spying on your phone

ShelLuser
Silver badge

But, uhm...

So it uses the camera to check in real time what's going on behind you. Dare I ask what else Google is planning to do with all the new data this will gain them?

Because although I agree that this might be useful for some people one also has to wonder at what prize Google will present this. Because if there's one thing we should know by now it's that nothing is free.

3
1

Firefox to warn users who visit p0wned sites

ShelLuser
Silver badge

Dumb idea

All this does is make it even more appealing for a company to keep quiet about any possible data breaches. And that's just the thing you don't want, because transparency can actually help others from protecting themselves.

Another problem I have with this is that Mozilla is basically placing the 'blame' on the website owner. But sometimes that simply isn't the case. Then what?

How does this work when an ISP had a databreach and you're visiting a website from a user of said ISP (so: they're also hosting the site with that ISP)?

3
0

Linus Torvalds on security: 'Do no harm, don't break users'

ShelLuser
Silver badge

Sometimes you can't have it both ways...

Although I see his point I also think that he may have set his expectations a little (too?) high. In an ideal world this may work, but sometimes it just doesn't work this way..

Sure, if there is an error then that needs to be fixed asap. No arguments there. But what about the time in which the bug got discovered and the moment of implementing the actual fix? That's the moment when a system will be vulnerable, and a security hardening might be capable of preventing further damage from taking place if an attack were to occur.

Of course this can break stuff. I think a good example would be the "kern.securelevel" setting on FreeBSD. This is a setting which has a default value of -1 and administrators can only increase the value, by doing so this will harden the system some more.

For example value 1: you can no longer turn off immutable flags on files, /dev/mem and /dev/kmem may not be directly opened for writing (read: you can no longer load or unload kernel modules) and /dev/io is fully inaccessible

Value 2: All of the above and disks can no longer be opened directly for writing (mount is excluded). So it protects the filesystem(s).

These setting will plain out break X. But it also hardens the system and can prevent plenty of possible nastiness from happening. So on a desktop this setting might not be very useful, but on a server all the more valuable (assuming it doesn't use X).

So I can't help wonder if this also doesn't apply here. In an ideal world you wouldn't need failsaves, but the world simply isn't ideal.

4
1

'Gimme Gimme Gimme' Easter egg in man breaks automated tests at 00:30

ShelLuser
Silver badge

Aww, Linux only...

I'm using FreeBSD and was hoping that this could have been triggered by a more commonly available joke. So I set out to investigate /usr/src/usr.bin/man, only to discover that /usr/bin/man on FreeBSD is only a shell script. Oh well, can't win 'm all ;)

I suppose I could always add this functionality myself if I really wanted to, but I think I'll pass.

6
0

Microsoft reprieves CodePlex users – you're doomed next week

ShelLuser
Silver badge

Shame to see them go...

I know that Github is the better choice and that the whole idea was somewhat futile because it's hard to visualize open source in combination with Microsoft and/or Microsoft environments. Even so... It does exist.

Alas, they didn't have much of an impact but I still think it's a shame to see 'm go. Because with these things more is always better. And a little competition usually brings out the best in the competitors.

4
0

Open-source defenders turn on each other in 'bizarre' trademark fight sparked by GPL fall out

ShelLuser
Silver badge

This isn't about FOSS at all

The main issue is that money does strange things to people, it always has.

1
0

Arm Inside: Is Apple ready for the next big switch?

ShelLuser
Silver badge
Windows

I hope...

That someday they'll release an OS X version for the full Intel platform. I know it's not likely to happen because every piece of Apple hardware is also registered with the "homeland" which allows you to gain access to your OS updates (and the OS itself if I heard right) which would be a little more difficult to accomplish on Intel. Heck, Microsoft tried (you know: change too much hardware in your PC and you'll end up with an unregistered version) but that got so much backlash...

So I don't think it'll happen all too soon but it would be very interesting to see what might happen. Back in the days OS/2 wasn't exactly cheap (also because of its very niche market share) but even so several people still bought into it because it was actually a very solid operating system (one which I truly miss from time to time).

I'm convinced that even more people would buy into OS X if Apple were to take this route and place their flagship directly in opposition to Windows. I probably would!

4
0

Some 'security people are f*cking morons' says Linus Torvalds

ShelLuser
Silver badge

@Jack

"Linux is correct, all security problems are the result of bugs."

The question though remains where the bug is located.

If I write a malicious kernel module to exploit the system the physical, real, bug is located in my kernel module. But if this manages to exploit code which under normal circumstances works flawlessly.... then is the bug really just in my module or are there more?

1
3

Massive US military social media spying archive left wide open in AWS S3 buckets

ShelLuser
Silver badge

@WashingtonWetneck

"And this is by firms that make computer security their business"

Has the possibility ever occurred to you that those businesses could also be doing a terrible job? And then obviously blame it on something else.

3
0
ShelLuser
Silver badge
WTF?

The hypocrisy is astonishing...

"which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism."

An "influencing campaign" huh? Didn't I hear major outcry's a few months ago that the Soviets might have influenced the presidential elections through some posts on social media? That was obviously not done because how dare they try to influence stuff by sharing "false" information.

And here we are, the US doing exactly the same thing. Oh, sure, this time it's different because you're trying to "help the children". Well, bollocks. Everyone will have their reasons, depending on your point of view, but that doesn't change the fact that the hypocrisy is shining. When someone else does something it's foul play and actions need to be taken, but if you yourself do the exact same thing it's suddenly "different"?

I don't think so.

4
0

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

ShelLuser
Silver badge
Pint

All of a sudden...

Remember GitLab? That "we want to be like GitHub but you'll have to pay us to keep your stuff safe"-company which utilized 6 ("six"!) different backup strategies to keep your data safe, but then never bothered to check on any of them so that in the end they ended up empty handed when they actually needed their precious backups?

I don't know about you, but all of a sudden they seem pretty harmless right now.

Because let's be honest: most of us have been there, the moment you notice that your backups are crap is when you actually need 'm.

But that really fails in comparison to what we're see happening with AWS (and now Github) as of late. Don't the "IT professionals" these days understand the difference between public and private repositories anymore? Are they really that stupid that they don't realize that private keys which are even referred to as that should be kept private?

From the 'req' OpenSSL manualpage:

-pubkey

outputs the public key.

-newkey arg

this option creates a new certificate request and a new private

key. The argument takes one of several forms. rsa:nbits, where

nbits is the number of bits, generates an RSA key nbits in size. If

nbits is omitted, i.e. -newkey rsa specified, the default key size,

specified in the configuration file is used.

How obvious do they have to relay any of this information?

Oh wait... do these guys actually read manualpages or have they become too "special" for that?

And on that subject: do you really have nothing to hide anymore? If "IT professionals" are this careless with their own data, then what do you think they'd do with data which doesn't really matter much to them. For example yours?

7
0

Forums

Biting the hand that feeds IT © 1998–2018