* Posts by ShelLuser

2315 posts • joined 19 Dec 2010

Google bellows bug news after Microsoft sails past fix deadline

ShelLuser
Silver badge

@Diogenes

"Depending where in the codebase it is means that sometimes it takes more time than 90 days to find, test and fix an issue - do you want a rushed/broken fix in 90 days or a proper fix in 100 ?

But surely Microsoft could then tell Google as much? From what I read Microsoft didn't respond at all, not even with a thank you. That sheds some different light onto this.

I can't be sure, but I sincerely doubt that Google wouldn't be open to requests if Microsoft would have responded with a statement that they needed a little more time to fix this (and not one near/on the deadline). Surely even Microsoft should realize that if you don't give any reaction at all it's not unreasonable for the others to assume that you're ignoring them. I mean, they have done so in the past (remember the story about the 4 year old bug a few years back?).

1
0

Oh happy day! Linus Torvalds has given the world Linux 4.10

ShelLuser
Silver badge

I still like Linux, but...

When looking at Linus outbursts, when looking at how hard is has become to get involved and when looking at (sometimes) the sheer display of arrogance (especially when the original poster turned out to be 100% right afterwards (sorry for being a bit vague, I don't want to risk firing up heated (offtopic) debates here)) and of course when also looking at the massive monetary interests which plenty of bigger companies have in Linux (try getting your driver accepted in the kernel as a start up company?)...

When I add of all that up I can't help wonder, with all due respect, if Linux hasn't grown into the very thing it once tried to fight.

10
55

In colossal shock, Uber alleged to be wretched hive of sexism, craven managerial ass-covering

ShelLuser
Silver badge
Black Helicopters

Careful there...

Uber is cutting into the market share of some very big companies. Not only that, they're doing it on an international scale. Meaning: that will create bad blood and despite what you may think some "well established & fair" companies do know how to hit below the belt.

Now.. sure, there might be truth to this. But seriously... After seeing an almost continuing story on how bad Uber is, how much the governmentS (S <- important detail) hate them (even the Dutch government) and most of all how the "establishment" (taxi companies) only focus on "uber = bad. Must. Destroy. Uber." while totally ignoring the very reason why Uber became so popular I can only conclude that Uber is irritating them so it must go.

The sooner the better, then they can go back to charging us E 20,- for driving into a few streets (5 min) while Uber would have charged you E 5,-. Not to mention refusing to take you as customer because the trip is too short (this honestly happens in Holland) while Uber... you get the idea.

No, it's too much work to raise the quality of service. It's so much easier to try and destroy the competition.

6
41

Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed

ShelLuser
Silver badge
FAIL

Call me old fashioned if you will but...

I take pride in my work. Of course it helps that I'm a geek, but I enjoy working within IT, tinkering with stuff, network administration, sorting stuff out, keeping servers running, etc, etc. Sure, losing your job isn't fun nor easy, I speak from personal experience as well. Happened quite a few years ago, but I still remember.

But seriously... No matter how mad I might have become I'd never stoop so low as to violate the trust people placed in you like that. And it's also something I don't get to be honest. If you're a real sysadmin (at least in the way I vision it of course) you'd think twice before taking such a destructive route. I mean, seriously, trying to destroy the very thing you worked so hard to build? That part makes no sense to me, none what so ever.

Not to mention that there are much better ways to fight such a thing. Legal ways that is. Unless of course you're under a contract which expired and wasn't renewed. But especially then it also was something you could have seen coming, or at least kept in mind as a possibility.

But... "let's put the blame on everyone else except yourself". Seems to be a very modern thing these days and to be honest it often appalls me.

35
0

Installing disks is basically LEGO, right? This admin failed LEGO

ShelLuser
Silver badge

So basically...

He inserted the disks, connected the server and turned it on without even bothering to check that it was actually running? That's the part I don't quite understand to be honest.

But not to worry: I'm sure this guy can always apply for a job with Gitlab as backup controller. I think he fully meets all the requirements.

7
0

'I'm innocent!' says IT contractor on trial after Office 365 bill row spiraled out of control

ShelLuser
Silver badge

Based on assumptions...

I'm tempted to side with Kubicek. Now, I have never dealt with the US government business wise but I have a few experiences with working for the Dutch government while representing a (small) private IT company.

Lets just say that I'm not too surprised to read about experiences where the government doesn't hold up their end of an agreement. I've somewhat experienced the same (where you literally had to wait for months before you finally got payment, an investment which is extremely hard on small private firms) and that made me decide 'never again'.

In case you don't understand: you make costs in order to help out certain customers, investments if you will. But you also expect to get paid, also to cover said expenses. So by letting bills go (way) overdue you could argue that the client (the government here) is now forcing you to lend them money. And that can be a very rough situation for a private company. Not to mention unfair: if you loan money with a bank you get to pay a lot of interest after all.

The thing is: I read much more stories describing such experiences with regards to doing work for the government. Granted: Dutch government in my case. But if there's one thing I learned thanks to the Internet it's that some governments aren't all that different in the way they act and behave towards citizens.

So with that in mind I think this is a classic display of power abuse on the end of the US government.

Something easily proven too: all Kubicek has to do is show the contracts. Assuming that those are all in order (I assume as much, otherwise I doubt he'd hire a lawyer) I think he should have a solid case. And I also hope he'll sue them for slander and power abuse as well!

50
1

US visitors must hand over Twitter, Facebook handles by law – newbie Rep starts ball rolling

ShelLuser
Silver badge

This is what you get...

... When people not hindered by any factual knowledge get to propose new laws. Many man hours (and therefor money!) is spend over something which will only affect the illiterate and won't reveal those who who have a little more brain capacity than a peanut. Which I think this guy has.

15
0

Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

ShelLuser
Silver badge

@AC

"So why push me to two-factor authentication ?"

Well, one thing though: you don't always need to provide extra info for that. There are also systems which can show a specific image which you can then scan with your phone (or snap a pic and use a program) which will extract the code which you need to provide.

Other than that you're absolutely right of course!

0
0

GitLab invokes the startup defence to explain data loss woes

ShelLuser
Silver badge

@AC

Have you ever read the banner of this website? I think you may have missed one small part of it: "Biting the hand that feeds IT". It's why I actually read El Reg to be honest: they (usually) don't take the easy route, they don't go "awww, anyone can make a mistake so it's all ok" but request answers.

And most of all: when you make them a promise then they'll most likely hold you to it and will also be very open about the whole proceedings.

Let's be honest: only after El Reg made a bit of noise did Gitlab suddenly wake up again. Did you ignore that part which said "stopped answering e-mails"? Does that really show you an open and transparent company which is ready to back up their words, or does it show you a company which only does what it did because they had to?

Forgetting backups, forgetting made promises, ignoring e-mails (like they ignored their backups I might add)... What's next?

Just for the record: I could have understood if they simply answered El Reg then ignored them. But promising an interview and then trying to stall things... that's simply showing too many parallels.

8
0
ShelLuser
Silver badge

Uhm, right..

"They could have done the typical start up bullshit of pumping out a load of buzzwords as to why the service was down. No, they said "yeah our admin deleted something"

No, they couldn't. That's the thing most people totally ignore: they could not go that route because they weren't big enough. If they had gone that route and things would have leaked then the backlash would have been devastating. They had no other choice but being transparent.

"As with life when the shit hits the fan it's only then changes are made. In business, you don't make a change to fix something that could happen."

That's nonsense in my opinion. An outage can happen, but you don't change a backup strategy when you realize that it no longer works? You seem to forget where the money is coming from: it's from customers who rely on a company to handle those things for them which they don't (or can't!) think off.

And it's not as if others haven't gone here before. As a startup company there's plenty of material out there which can educate you in the "do's" and "donts" of business and IT in general.

And let's be honest here: not even bothering to actually look at a backup to see if it has done anything at all? Seriously? That is, in my opinion of course, way beyond a simple mistake which anyone would make. Sure, an amateur or newbie could do that. But not a company which gets paid by their customers to look out for them.

"But, while all this is going on, if you put your code on here to be kept safe then what does that say about you?"

Reverse logic much? Well, for starters: it shows that you have faith in a starting up company to at least respect their customers and ensure that they get what they pay you for. Following your logic I guess that's asking a bit too much?

"You can't put all your eggs in the someone elses basket then start crying when they drop it."

You can when you paid them a lot of money to do that for you and they ensured you time and time again that they would not drop it. Here's a real important question: did customers get some kind of a refund for this horrible messup? I don't think so...

Say, just curious: you wouldn't be happen to work for them? ;)

4
0
ShelLuser
Silver badge
FAIL

Of course they were open about it...

They had to. If they tried to cover this up and it would eventually be revealed they could have kissed their reputation (and most likely the entire company) goodbye. Simple as that. They didn't do this because they're such a great company, they did this because of damage control.

If they were as great as they claim then they'd have gotten a techie to join the interview. In my opinion at least.

One way or the other, I think the whole incident shows us that you should never rely on a company to "keep your things safe" because there are no guarantees. But it also shows us that you're most likely much better off using Github than Gitlab.

I mean, seriously, what the heck? They performed backups to Amazon's S3 buckets and as it turned out that bucket was empty. You make a backup, and you don't even bother to check if anything actually happened? Anything at all?

If you make such mistakes as a start-up company then I can only shudder at the negligence which is bound to manifest itself when the company grows. I see all the required potential for even bigger and worse scenario's, making Sony and their plain text password storage drama a mere nuisance. That is of course assuming anyone is still willing to use their services, and quite frankly I sure don't. Pay a company for their services while knowing up front that they already screwed plenty of customers over with their excellent "backup strategy" vs. Github: not a company, all best efforts and such, but at least you'll know that the guys behind that will give it their best to ensure that things keep working.

And with "their best" I'm also referring to actually taking the effort to look into the state of your backups.

5
1

Two words, Mozilla: SPEED! NOW! Quit fiddling and get serious

ShelLuser
Silver badge

Jumping to conclusions?

"Brave will fizzle before the year's over – its value proposition is that it swaps out ads your favourite websites are earning good money with and replaces them with ads your favourite sites will earn little to no money from. Uh, OK? But it's telling that even Mozilla's founder has lost faith in the Firefox codebase."

Is it really? I know Firefox is an open source project and that everyone is pretty much free to use the sourcecode (somewhat, they do use a specific license ("MPL")) but as a former employee one can imagine that there might have been a few failsaves in his contract. It's not uncommon for a company to insert some restrictions in order to prevent any conflict of interest. So it's perfectly possible that it's not so much an issue of losing faith, but merely one of not being legally allowed to use products from the firm for personal usage and / or gain.

It's always a tricky business to leave a company (especially when being forced) and then still trying to use some of their stuff for yourself.

So I wouldn't be surprised at all if faith in the code didn't have anything to do with it.

1
0
ShelLuser
Silver badge

@Ryoku

"I would go so far as to say that the primary reason that Chrome is the #1 browser is that from when it launched we started seeing "Why not upgrade your browser?""

Well, there's more to it than that. Now, it has been a long time ago since I stopped using Firefox but one of the reasons (apart from the endless stream of updates and changes) was that it started to look an awful lot like Chrome to me. The 'full' look I was used to got swapped out and made me seriously wonder why I continued with Firefox which - in my opinion - had turned into a Chrome wannabe (solely based on its looks of course).

If even other browsers are starting to mimic Chrome how can it not become mighty popular?

17
0

University DDoS'd by its own seafood-curious malware-infected vending machines

ShelLuser
Silver badge

I can't help wonder...

If this is the same kind of university which would also easily hook up a students network with the internal administrative network and the teachers network, only to end up surprised that students managed to gain access to their study results and more...

8
0

IT bosses: Get budgets for better security by rating threats on a scale of zero to Yahoo!

ShelLuser
Silver badge

All talk and no play...

Leaves the network unprotected.

It never stops to amaze me how some people can talk for hours about how things should be done, yet fail to actually set something into motion themselves. I'm not saying he's wrong, I'm saying that he might be talking to the wrong audience.

0
0

Totally not-crazy billionaire Elon Musk: All of us – yes, even you – must become cyborgs

ShelLuser
Silver badge

Uhm, right...

I think someone has been watching too much Ghost in the Shell lately ;)

7
0

That guy using a Surface you keep seeing around town could be a spy

ShelLuser
Silver badge
Windows

Disturbing...

I mean: Windows 10 is mostly known for its continuous feature update model. How in the world can you label that 'secure' while you can't even be sure that some new update patches won't undo the current security model?

15
0

SQL Server on Linux? HELL YES! Linux on Windows 10? Meh

ShelLuser
Silver badge
Windows

Jumping to conclusions much?

"That quick pace says at least some aspects of the enterprise are itching to get their hands on SQL Server without giving up their Linux infrastructure."

Interesting theory, but I think this one is more likely: "It says that Microsoft is itching to sell their SQL server to customers who don't want to give up their Linux infrastructure".

Because since when does Microsoft actually listen to what their customers want? I think Windows 10 has clearly demonstrated just how much Microsoft cares. They do care, but not about their customers but their own revenue, and will go literally out of their ways to try and secure it.

That's all this is in my opinion: the search for more revenue.

2
4

Got an OpenBSD Web server? Better patch it

ShelLuser
Silver badge

Stuff happens...

Just because it's OpenBSD doesn't imply that they're totally safe from any exploitable bug at all, it's a given that someday it can happen.

Even so, it is one of the reasons why I usually prefer not to use new projects but stick with those which have been around for a longer time already. In the end there are no absolute guarantees but with new(er) projects, such as OpenBSD's httpd, it remains to be seen if all minor diseases have been found and patched already.

Although older projects (Apache's httpd and Nginx come to mind) might not be as perfect where security is concerned they do have a rich history where most common caveats have already been dealt with.

1
0

Parents have no idea when kidz txt m8s 'KMS' or '99'

ShelLuser
Silver badge
FAIL

@redpawn

"parents don't have a resource to look up the slang. Perhaps a system of tubes could be created."

What nonsense is that? Sorry, but I'm not sure if you're being sarcastic or serious, and I suspect the latter because the art of using search engines seems to be something dying out. Which I think is totally absurd.

So yeah: they do, it's called Google. The only thing, as with all things, is that you need to know how to use it. I find it a little awkward that you guys apparently couldn't find this, and I got it in 2 - 3 hits. I'm not even a parent! And for the record: even Bing helps out.

https://google.com/search?q=99+internet+slang.

Google gives you a huge box on top of all your searches explaining the obvious.

Bing doesn't provide this but it did get me to the www.smsslang.com website as a first hit which also explained the whole thing. Granted: not as conclusive (people had to vote on things) but it does give you one giant heck of a hint. Slangit.com was more conclusive.

5
26

Chrome 56 quietly added Bluetooth snitch API

ShelLuser
Silver badge
Black Helicopters

It gets worse every year it seems...

I use Opera which is build upon Chromium simply because I like some of the features but mistrust Google. So I'm hoping that Opera will keep out a lot of bullshit like this here. But even so, it never stopped to amaze me how intrusive the whole thing has become.

When I go to my Opera settings it even states that websites could ask for permission to access ny connected microphone, camera and MIDI devices. The recommended setting being "ask me", but I turned the whole thing off.

But seriously: a website asking me to access a microphone or camera? Not in a million years.

And now we're onto Bluetooth. Yaaay.

But it's the main thing which I think people should do more often: go carefully over the settings of your software (browser in this case) and (try to) figure out what each option does and if you really want to leave this turned on or off.

And thanks to Microsoft's new "hippie" upgrade model: also continue doing this from time to time. Because nowadays you can no longer be 100% sure that no silent updates haven't run which added, changed or removed certain features (especially when you're running Windows 10).

34
0

Thought your data was safe outside America after the Microsoft ruling? Think again

ShelLuser
Silver badge

@Oh Homer

"Once ordinary people in former allied nations understand that the US is essentially a hostile combatant, and they actually begin to feel the heat from that aggression, they will refuse to have any dealings with it."

So basically most people in Europe who kept up with the happenings in the Middle East. For example: right now everyone agrees that Islamic State (IS) is a big threat to security, also given their recent spree's of violence within capital cities.

However, what often bothers me is that no one seems willing to address the exact origins of IS. Because that was a direct cause of the power vacuum occurring due to the removal of Saddam Hussein. A person who, ironically enough, got into power through massive support from the US in the first place. Many experts, including those from the US, warned the Bush administration about this massive risk but no.... Hussein had to go, and all under a false flag operation too no less.

And as a result we now have IS to deal with. Not only a massive threat to the population (no one ever stops to think about them!) but also the surrounding countries as well as Europe as a whole.

So yeah, I'd like to think that Europe should realize this thing very well by now. And it also never stops to amaze me why Europa has never ever protested against the US meddling in their own backyard. Because it's easy: the whole Iraq / Iran thing happened far away from the US, so they had nothing to worry about. But all surrounding countries and Europe as a whole suffered from it.

As can be clearly seen by the terrorist attacks from IS. Which basically all started when the US had to invade Iraq despite nearly every expert around warning against it.

People now worry about what Trump might do to the country and all, but I can't help wonder if he really can do any worse than Bush has done.

8
0
ShelLuser
Silver badge

Re: The multiple faces of the USA

"I wonder how the US government would react if Amazon were to release all US data on court request to Canadian authorities seeing as Amazon has a data center in Canada and moves data from USA and Canada regularly."

Simple: then there'd be hell to pay. When EU citizens travel to the US then the US reserves the right to go over everything they have, they even demand access to financial records.

So at one time the EU considered doing the opposite as well. All for the sake of security and setting a standard. Yeah... and all of a sudden there was massive resistance because what the EU had in mind was a blatant and disrespectful intrusion of privacy.

For the very same thing.

And this is why I refuse to go to the US. Out of principle. And no: that has nothing to do with Trump (which is a popular thing to do) but the same applied to Obama, Clinton and Bush. All different presidents and they all couldn't care less about the privacy of others.

38
0
ShelLuser
Silver badge

Re: WOW

"Never thought I'd see the day where Microsoft fought for user privacy and Google just rolled over and took it."

Windows phone 7.5 (old model): Each and every aspect which could intrude on my privacy had to be turned on. The start of using the thing was all opt-in, dozens of questions: "May Microsoft use data from keyboard entry?", "May Microsoft use data from speech entry?", etc, etc. If I had ignored it then this would be turned off.

Android phone (from a friend): We compared and he did not get any questions at all. In fact: all he had was opt-out stuff. Everything was turned on and left for him to turn off.

So yeah, I'm not so surprised here.

12
2

Mozilla axes IoT project, cuts staff, backs off from commercial stuff

ShelLuser
Silver badge

Botnet association

In my opinion that's all the whole IoT is to companies. Most people refuse to see it or look the other way, but in the end it's a massive threat to the Internet because of all the caveats.

I can't help think that those companies who do align themselves with IoT are in for a big surprise once regular users start to realize just how much collateral damage is being done without any of the involved company "experts" to try and do a thing about it.

Sword of Damocles anyone?

2
0

'Webroot made my PCs s*** the bed' – AV update borks biz machines hard

ShelLuser
Silver badge

Doesn't anyone test?

I know that in many enterprise situations the whole IT department has been put into a degraded state. As in: you want a test park but the beancounters in control over the budget don't deem this necessary. However, I also don't think it's fully the beancounters fault either. How many IT'ers step up to them after an incident like this to tell them exactly how this could have been avoided? Pretty sure that the costs for a test environment outweigh the costs of total downtime.

Even so... Enterprise, in my book (but I'm probably old school), means not taking any unnecessary risks. So most definitely NOT performing blind updates like this. First onto a test environment, then a controlled roll out. So yeah, I am surprised to read how many this hiccup affected.

2
0

Netherlands reverts to hand-counted votes to quell security fears

ShelLuser
Silver badge
Pint

@imanidiot

"And makes me wonder why the student that found all these flaws 6 years ago didn't take his findings to the press when the electoral commity didn't respond to his findings."

Who says he didn't? Just because you have a story which can showcase a travesty doesn't automatically mean that the press are interested and will actually use it.

Why do you think online communication like social media and such became so popular for spreading news items?

2
0

Is it the beginning of the end for Visual Basic? Microsoft to focus on 'core scenarios'

ShelLuser
Silver badge
Windows

Why does there always have to be development?

For some reason many people consider a project which doesn't supply regular updates "dead". Even though said project is working like a charm and doing everything one could expect from it. Probably because some believe that it can always be done better, but as usual we're not going to bother trying to expand on things ourselves. Effort and all...

Quite frankly I can't help see a parallel here.

If MS didn't believe in VB anymore then I don't think they would have provided the runtime libraries in both Windows 8 as well as Windows 10. Just because they won't be developing the language as actively as they used to doesn't mean things will die off.

I mean, if you look back then the same thing was once said about VBA. Yet VBA can still provide an excellent way to automate Office and make it do all sorts of things. Who cares if new features will no longer find their way into it? It doesn't make the language obsolete, because the language can already do so much. Yet that's the part which most people forget or ignore: they don't look at what a product can do, they only keep staring at what they think it should be able to do.

Even up to a point where something already is possible but which people think should be done "better" or "easier".

Seeing is believing, but I don't think VB isn't going anywhere near /dev/null anytime soon.

7
1

Tokyo 2020 Olympic medals to be made from old electronics

ShelLuser
Silver badge

With or without RFID?

Maybe they can put a few RFID chips in there as well, so that the medals become traceable ;)

1
0

GitLab.com luckily found lost data on a staging server

ShelLuser
Silver badge

Ofcourse they went public...

Maybe I'm too cynical here, I cannot rule this out, but in my opinion Gitlab didn't have a choice but to go public. For the simple reason of damage control.

Think about it: what do you think would have happened if they covered things up only to see the details leaked at a later time? Then it would become double trouble; not only would the community start criticizing them about their plain out ridiculous backup "strategy" as well as them trying to cover it all up. If they had gone this route and the details did eventually emerge then they could have definitely kissed their companies reputation goodbye, maybe even the entire company.

So I don't see any goodwill here, only simple damage control. BUT.. I may be a little overcritical.

Even so... Overlooking the fact that 100+Gb worth of data gets "archived" in files of a few kilobytes large has nothing to do with making a simple mistake, that is a plain out display of stupidity at its finest.

8
2

GitLab.com melts down after wrong directory deleted, backups fail

ShelLuser
Silver badge
Facepalm

@brodrock

"No repository data was lost"

YET.

0
0
ShelLuser
Silver badge
Mushroom

And this is why...

I'm not that thrilled about anything cloud based and prefer to host my own repositories. And here's one of the many reasons why. For starters: I actually check my backups on a regular basis, even when I don't need them.

I'm not even going to bother commenting any further because this is simply too big a fail. Makes you wonder what kind of geniuses work there. And what they're doing all day.

3
0

Google's Chrome is about to get rather in-your-face about HTTPS

ShelLuser
Silver badge

@Adam1

"And your self signing signature idea doesn't have legs because I can create a self signed signature for website.org and then MitM you. A CA needs to validate you control the domain."

You mean like those rogue CA's which will easily give you a signed certificate for existing domains like google.com? It's not as if HTTPS fully rules out any risk of a man in the middle attack as you make it sound.

2
0
ShelLuser
Silver badge

Double agenda?

I think they're seriously overdoing it. So now a website which doesn't use HTTPS gets labeled insecure by default? Even if that website doesn't even ask it's users for any credentials or such? That's plain out stupid. As to the safety of HTTPS itself, anyone already forgotten about all those rogue CA's which started releasing valid certificates for all sorts of domains?

Speaking of which: why not push for the acceptance of self signed certificates? I mean, if I go to a website "website.org" which is using a certificate issued by 'website.org' then isn't it a tad obvious that we're dealing with the same party? I mean, it's only encryption which is the main issue here. And that can also be easily handled by self signed certificates.

It's only those certificate vendors who try to generate more revenue for themselves which started all that nonsense identity hype. I'm sure we can do without that easily.

25
3

God save the Queen... from Donald Trump. So say 1 million Britons

ShelLuser
Silver badge

@abc

(about online petitions)

"It's the equivalent of signing a massive physical petition, as was done before the internet.".

Not per definition, not even close even.

The problem lies in the details: how the petition is carried out. Not many people who open such petitions also have the technical know-how to prevent abuse. You know: signing the petition multiple times using all the e-mail aliases you have for example. And speaking of which: what about actually verifying the validity of an e-mail address?

I know: let's request people to register prior to signing. All it takes is one valid e-mail address. Here we go again.

Maybe one sign per IP address? But that would deprive your family from signing. Or worse: those who know how public VPN's work will once again have plenty of ways to sign multiple times.

Online petitions are by far the same as physical ones.

0
0

Ransomware avalanche at Alpine hotel puts room keycards on ice

ShelLuser
Silver badge

@2+2

"So that should be secure for about a week until the local crims re-learn the art of old-style lock picking."

Depends. The times where you could easily create a copy using some clay are long behind us. And then there's the time spend in front of a door to actually get the copy: I'm pretty sure the hotel got camera's and such.

Then there's another problem: every serious hotel will also provide safety boxes in a room, usually providing plenty of space to keep your valuables in. So even if they do breach a door then there's still no guarantee that they'll stumble across something useful.

3
0

Oracle effectively doubles licence fees to run its stuff in AWS

ShelLuser
Silver badge
Mushroom

Dangerous times...

Let's quote a famous princess: "The more you tighten your grip, the more star systems will slip through your fingers".

Yes, that's a movie quote, but it's oh so true. I get the impression that Oracle knows jack shit about basic economics. The reason I think this way is because they're also sure as heck clueless with regards to appealing to people (even their own employee's). How many geeks have ran out already?

Basic economics: selling a $500 product three times is fun ($1500). selling a $400 product 4 times is more fun ($1600). And why couldn't it happen? Less costs often means a higher appeal.

Oracle economics: selling a $500 product three times is fun ($1500). So lets raise the price to $1500, because 1500*3=4500!!1 My prediction: ending up with 1500*0=0. In Oracle economics this is a huge victory and a great achievement. The less customers you get the better. Why? Well, less customers means less administrative tasks, which means less costs so that's obviously good. They make "more" money and reduce costs at the same time.

Please keep it up Oracle! Maybe you should consider charging money for your downloads too. So: someone wants to download Java SE? Good! That'll cost you $50,-. You want to look at the MySQL documentation? $75,-. Start using NetBeans? $175,- please. Run MySQL open source version? Sure thing, please cough up $325,- licensing costs with a $25 download fee.

And here's the best idea ever: you click 'yes' on the Oracle site thinking it's about cookies? Congratulations, you just agreed to pay $199,- for the new Oracle website viewing fee! Websites costs money too you know!

Feel free to use these ideas Oracle, I won't even claim intellectual property or anything. I'll simply take pleasure in seeing you guys trainwreck yourself :)

14
1

Happy Friday: Busted Barracuda update borks corporate firewalls

ShelLuser
Silver badge

Why even use hardware firewalls in the first place?

It's something I never really understood. I can see ease of use and how you might be able to quickly (time = money afterall) set up one set of rules and propagate them. But you're still left with a box which you don't fully control. Call me paranoid, but I still recall those stories about the NSA gaining access to hardware routers because of known exploits and such.

And it's not as if a software firewall can't do the same thing. In fact, I'd even argue that it'll be a lot more flexible also allowing you much more customization.

Personally I'd take an OpenBSD run firewall over "hardware" any day of the week.

7
0

Doomsday Clock moves to 150 seconds before midnight. Thanks, Trump

ShelLuser
Silver badge

@JLV

Have to agree with you. Also because of a, in my opinion, contradiction in the whole story. First we get the story about the US weapons arsenal, followed by the Russian arsenal. Obviously hinting at yet another cold war. So far, understandable. To some degree.

Yet this is immediately followed by mention about China working on their nuclear arsenal, Pakistan (with the threat to Israel still in mind) and of course North Korea.

As much as I hate to say this but keeping your arsenal "on-par" with the rest is one of the things which kept us safe during the last cold war. Within that reasoning I'd personal feel less safe it the US wouldn't acknowledge the facts and maintain their arsenal like this. Quite frankly I think the same goes for Russia. Personally I'd honestly sooner expect the US and Russia cooperating against the current threats (IS comes to mind) than starting a new arms run between themselves again.

6
0

This goldfish and its steerable robot tank will destroy humanity

ShelLuser
Silver badge

Of course the fish is unusually active

Action = reaction.

The tank moves, the water reacts and the fish tries to counter it. Like fish need to when they have to deal with a stream or something. This is clearly shown in the beginning. And when it reaches the edge of the tank it simple decides to remain there to sit out the unusual (for the fish) water behavior.

It's a somewhat interesting development but not that impressive. I mean; you have a white surface, you stick a sensor above it and merely need to determine the location of the orange dot. By current technical standards that's not very difficult anymore.

1
0

Windows code-signing tweaks sure to irritate software developers

ShelLuser
Silver badge
Megaphone

Change in mindset is needed IMO

What is a certificate? In the end it's nothing more but a public key which got signed by a allegedly trusted party, the Certificate Authority. But what is stopping a software vendor from being his own CA? OpenSSL has been with us for a long time now and I can tell from personal experience that it's perfectly capable of setting up code signing.

This is a snippet from openssl.cnf which I use for that:

[ policy_CodeSigning ]

countryName = match

stateOrProvinceName = supplied

localityName = supplied

organizationName = supplied

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

I've been using my own CA for years now in both a hobby based environment but also a commercial one. Back in the days when this was still a thing we simply instructed our customers to install our CA certificate and then not to trust any of our code which wasn't signed by us.

I mean, what's so weird about this mindset? They trust our code to be run on their machines in the first place, so why wouldn't they trust us to sign our own code as a sign of approval for what we gave out?

As an extra bonus: if we were to screw up then its obvious where the blame lies. We wrote it, we signed it so obviously we mucked up.

Why would you even bother paying up tons of cash for nothing else but a little convenience? The only advantage over using your own certificate is that your customers don't have to do anything in order for their system to accept your code. That is... If you're lucky and they kept their certificate store up to date.

People need a change in mindset in my opinion. Website "security" (read: encryption) has already been brought back to some sanity where there are plenty of free and cheap CA's which can provide you with a working certificate, now it's time for round two I think.

But seriously, some people need an attitude adjustment I think. Just because a "well known" party certifies a certificate (read: signs a public key) doesn't imply that it's also all perfectly safe.

0
1

Chinese bloke cycles 500km to get home... in the wrong direction

ShelLuser
Silver badge

@AC

Not a silly question at all. The issue at hand: Hanzi (not to be confused with kanji). Speaking of kanjii: same applies to Japan by the way, not everyone can read those. And it's not because they're stupid or anything, but because the language is massive.

We have our alphabet with 26 letters in them. Hanzi, the Chinese characters, amount up to around tens of thousands. Where sometimes a small detail like a strike can put a whole new meaning to a character.

And guess what? Those road signs will usually be using hanji. There are plenty of people who can't read those, don't believe for a second that this guy is an exception or stupid or something.

5
0

Kaspersky cybercrime investigator cuffed in Russian treason probe

ShelLuser
Silver badge

@AC

Just because El Reg tries to make that connection doesn't mean it's also actually there. Until they reveal what he has been charged with you simply can't draw conclusions like that.

Or to make this more obvious: as El Reg mentioned he worked in the cybercrime unit between 2000 and 2006. He joined Kaspersky in 2012. Leaving a 6 year long gap in between and many (bad) things can happen in 6 years time.

3
3

Penguins force-fed root: Cruel security flaw found in systemd v228

ShelLuser
Silver badge

@Gerhard

"Thanks to SystemD I finally have shared filesystem clusters booting correctly the first time without a ton of hackery. (dovecot depends OCFS2, OCFS2 depends on iSCSI, iSCSI depends on networking) "

You almost make it sound as if this wasn't possible without systemd. I guess it's a miracle then that the process of setting something like this up on FreeBSD has always been relatively easy. And FreeBSD knows nothing of systemd.

Instead of thanking systemd I can't help wonder if you shouldn't have been scorning some package maintainers for creating a dependency hell instead. Also: merely removing said dependency hell did not remove nor change the underlying mindset. Within that reasoning I think its safe to conclude that systemd didn't fix anything, it only postponed the inevitable.

29
2

DDoSing has evolved in the vacuum left by IoT's total absence of security

ShelLuser
Silver badge
Holmes

Welcome to monetary vs. ethics 2.0

Sure, the lack of security in those devices is indeed the culprit causing it all but in my opinion the actual underlying issue is money. Plain old cashing in, grabbing the cash without having to do too much in return.

Or to put this simple: companies don't care. At all. And to make this even worse our (European) governments are far too busy debating the risks of cookies and how that might track customers (which, in all honestly, does have a sense of truth in it of course!) but who will then also totally ignore any requirements of ensuring (or trying to ensure) Internet safety.

Now... Of course this is a very hot topic. I mean, I could easily argue that it might be a good idea to set up a European firewall which can be used to shield us from obvious hacked (Chinese & Russian) machines (the ones every sysadmin knows about when they go through their auth or mail logs), but we all know that's a very bad idea because it can (and will) eventually be used for other censoring purposes.

But why don't we have anything like this yet on a smaller scale? When I provide plenty of logs and evidence that a machine somewhere in Holland (where I happen to live) has been compromised and is actually causing problems on the Internet then it remains to be seen if the hosting company will actually take action. Some of those which value their reputation a bit will, but most who value their income more tend to ignore it.

And the worst part of this is that our political leaders have basically done nothing what so ever to try and put a stop to all that. If I take such a story to the police here then I'll have a very hard time explaining what exactly is going on and I'm 100% sure that the outcome will only consist of me losing a few hours of my time (assuming they'll actually listen to me for that long).

Yet on the other hand the government here is all too eager to utilize the Internet for their own gain. Government information? Websites. Tax applications? Digital. Heck, there has even been mentioning to try and remove snail-mail from our tax department entirely and move it all to the digital age. Although this may sound wonderful to some of us it also overlooks the main issue here: our government gladly accepts the benefits from the digital age (setting up information on a CMS is far more cheaper than having to print & post it to individuals) but cannot be bothered to take up their responsibility.

Oh, sorry mr./mrs. politician, my deepest apologies. Of course you did act on your responsibilities. If you hadn't then we didn't have to click yes on nearly every frickin' website around because of something as trivial as a cookie. Yet when it comes to ignoring signs of a compromised machine which could be used for god knows what then it's all different and no penalties or regulation exists. At all.

So yeah, picture me very surprised how this Internet of broken Things mess has come about. Because.. what negative effects will this have for the manufacturers anyway? None!

2
0

Solaris 11.next plan brings continuous delivery of OS upgrades

ShelLuser
Silver badge
WTF?

Enterprise != consumer market

"Continuous delivery is certainly what the cool kids are doing with software these days, so it's hard to fault Oracle on that front. And upgrades to major OS releases can be painful for ISVs and users alike. Removing the need to cope with big releases isn't terrible news."

You're right, it's not terrible news, it's horrendous. I'd like to know who those cool kids are, I assume Microsoft's Windows 10 is being addressed here?

The problem with this release model is that it makes things more dangerous and less controllable. It may work on a consumer level but most certainly not in the enterprise.

Example: FreeBSD's support cycle. As you can see there are 2 versions being maintained at the time of writing: 10.3 until April 30, 2018 and version 11 until 2021. Here's the thing: everyone knows where they stand here. When / if 10.4 comes out then you'll know that it won't contain major changes, new features to cope with, etc, etc. You'll know that it's still 10.x yet with several bug fixes. So upgrading is a relatively easily calculated risk.

This model also gives you plenty of time to prepare for an upgrade to 11, which will eventually be required. But as you can see here we have a whole year to plan for it. Actually a little more because 11 was released last year, and the end of support for 10.x has also been known for a while now.

But this new "hip(pie?) model" changes that. Now it can very well be possible that a minor release ships both a desperately required bugfix yet also comes with a totally undesired new or changed feature. That's simply not something which is always doable, depending on the environment of course.

What if the vendor decides to remove a specific functionality which is actually an extremely important detail within your environment? And don't say that it wouldn't happen, because those "cool kids" you spoke of have shown otherwise multiple times already.

For me this is far from providing better service to the customers, this is more or less shoving all required updates onto one huge pile and letting the customers sort out the mess. Less work, so lesser costs, for the provider and all the more burden for the customers / consumers.

9
0

We've found a ‘vaccine’ for fake news. Wait! No, we really are Cambridge researchers

ShelLuser
Silver badge
Black Helicopters

Is this about fake news, or hidden ways of censorship?

"The study, of more than 2,000 US residents, presented participants with two claims about global warming. Researchers found that when presented consecutively, the influence well-established facts had on people were cancelled out by bogus claims made by campaigners."

And what "facts" would that be, considering that global warming is one of the most hottest topics for debate around the world right now?

My problem with this study is that it fully avoids the main issue: not relying fully on a single source of information, but instead also being able to challenge and question it. Even if the news you hear is something you might like or can agree with. Always be a little skeptical about the things you see and hear around you.

But it seems that this study fully seems to focus on people who "need" to be able to follow (and trust) one single news source. Call me skeptical if you will, but all that will achieve is making it easier to apply censorship. If people stop being skeptical and blindly believe what they hear "because the news source is trustworthy" then it will only be a matter of time before someone feeds them with different news through that same "trusted" news source.

The kind of news which doesn't have to be totally untrue, but which might suit their purposes just a little bit better.

5
0

Resistence is futile: HPE must face Oracle over Solaris IP

ShelLuser
Silver badge

I don't understand HPE here...

Everyone who has been following the news around Solaris knows in what dire situation whOracle has maneuvered it. On a personal level I think it's an outrage to see how disrespectful Solaris is being managed here, a true Unix environment which has such a rich history behind it...

But enough semantics. I don't get it why HPE would even try to get into this hornets nest in the first place? I can understand that they smell revenue (support costs for Solaris became ridiculous after Sun was taken over) but surely there are much more profitable and reliable ways here?

For example by persuading companies to move away from Solaris. There are liable alternatives, even if you take ZFS and Zones and everything else into consideration. First I'm looking at a personal favorite of mine called FreeBSD, but the other BSD's should provide decent candidates as well. And what about HP's own Unix brand HP-UX?

But with the way Oracle has been manifesting itself as of late what else would you have expected to happen here?

2
1

Welcome to the Wipe House: President Trump shreds climate change, privacy, LGBT policies on WhiteHouse.gov

ShelLuser
Silver badge

@AC

"Real Americans are embarrassed this orange bag of trash made the cut for being a leader of anything other than a used car lot."

The funny thing though is that this same thing happened when Reagan had just been elected. People were certain that it would turn into a disaster because wasn't he merely an actor? That should get ugly really soon, because the guy had 0 political experiences.

And now most people around the world can agree that Reagan was one of the best presidents the US has had.

I'm not claiming that this is going to happen here as well, mind you. All I'm saying is that seeing is believing. The guy might just surprise you, if you give him a fair chance of course.

18
12

Opera scolds stale browsers with shocking Neon experiment

ShelLuser
Silver badge
Trollface

Win10!

I'm actually an Opera user and I really enjoy the browser as-is. I think you guys got it all wrong though, this is just their attempt to appeal to the Win10 users :D

1
1

Forums

Biting the hand that feeds IT © 1998–2017