* Posts by ShelLuser

2541 posts • joined 19 Dec 2010

As you stare at the dead British Airways website, remember the hundreds of tech staff it laid off

ShelLuser
Silver badge

And it's back up it seems.

Just tried ba.com and wham.

2
0

Solaris admins! Look out – working remote root exploit leaked in Shadow Brokers dump

ShelLuser
Silver badge

I wonder...

If the Oracle team is going to provide any solutions they're developing for free or if they'll be charging a lot of money for it. Because that's the kind of thing I'd expect Oracle to do in all honesty.

Oh well...

root@macron:/etc/defaults# rpcinfo

rpcinfo: can't contact rpcbind: RPC: Port mapper failure - RPC: Success

... at least my FreeBSD box is safe because it's not using anything RPC related.

1
0

Finally a reason not to bother with IPv6: Uh, security concerns...?

ShelLuser
Silver badge

I think bollocks...

""Tunnel-based IPv6 transition mechanisms could allow the setup of egress communication channels over an IPv4-only or dual-stack network while evading detection by a network intrusion detection system,""

So what exactly is stopping this detection system from unpacking the traffic and checking the real contents, also considering the fact that we're talking plain tunneling / encapsulating here and not so much encryption?

Back in the days we used to tunnel our IPSec data across GRE, but check the contents and you could see exactly what was underneath: encrypted data.

In this scenario you can rule out the encryption so... what gives?

6
4

Payday lender Wonga admits to data breach

ShelLuser
Silver badge
Thumb Up

Good for them to come clean!

Yeah, it's oh so easy to mock and make fun of someone but I think it's good for them to come clean about the whole incident. For the record: I didn't know about Wong or what they do but from visiting the website I got the overall impression.

But let's not assume too much. Where there's money there are people trying to obtain that money for themselves, so obviously there are forces at work here. I wouldn't be too hasty to blame the whole thing on cheap labor. Thing is: banks I don't trust too much because they more or less get their money handed to them yet still ask for more.

But companies like these are a bit different. They also take risks (to some extend).

One thing though:

"The FAQ offers contradictory advice on the incident, offering assurances that “We believe that your account is secure and you do not need to take any action" but also says “if you are concerned you should change your account password."

No it doesn't. The first is not an advice but an opinion: they believe that... Yet if you do feel concerned then you should change your password, which is always a good thing to do every once in a while.

0
0

Ex-IBMer sues Google for $10bn – after his web ad for 'divine honey cancer cure' was pulled

ShelLuser
Silver badge
Pint

People like that...

Are in my opinion a danger to our rights for free speech.

Sure, we have a right to free speech. But that doesn't automatically imply that you can blabber your mouth just anywhere you like.

0
0

Reversible head transplants coming back to Windows Server 2016

ShelLuser
Silver badge

Let me fix that for you...

"the reason for the feature's removal was “one of those challenging functional trade-offs that sometimes need to be made during product development.”".

Actually I think you meant to say: "The reason for the removal was because we think change sells, and if the change is disliked enough we can even sell the solution again with the next release, both options somewhat guarantee next release sales".

And this is why I only rely on open Unix-like environments for my servers.

1
0

Boeing-backed US upstart reckons it'll be building electric airliners

ShelLuser
Silver badge
Facepalm

Reality check time?

I sometimes wonder if schools actually still teach physics these days or if that's all turned into "let's learn how to turn on the computer and ask our questions on Google", haven't these guys ever used their brains? Or studied on what they're trying to do?

Almost every year there's a World Solar challenge held in Australia and the idea is to build a solar powered car which will take the contestants around the continent. Here are some of the highlights of 2015, notice anything peculiar?

If you look closely you'll notice that most cars are literally packed with solar panels and batteries, often hardly providing any room for the driver. We're talking Australia where the sun is almost literally burning, it's hot there. Yet even here do you come across cars which despite all the batteries, despite the massive solar panels (which are state of the art, when a country participates you can bet that they got some solid government backup) and despite the seering sun cars still manage to fail due to lack of power.

And these are merely cars which are very aerodynamic (as you can see), and build solely for the race itself. Their only obstacle is (air) friction, and their challenge is power consumption.

Think about what would happen if they had to bring passengers along....

Think about what would happen if these had to become trucks to actually transport goods around the continent.

And then think about the challenge of defying gravity.

So yeah, time for a reality check I think...

15
4

Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC

ShelLuser
Silver badge

Re: Solution

Get a juicy enough machine, install Linux, install VirtualBox and then run Windows inside it.

4
0
ShelLuser
Silver badge
Windows

@cb7

"But we seem to bash MS more for this slurping than the others. I wonder why?

Well, I wouldn't be surprised if one part of that would be the fact that this slurping was pushed down people's throat. We all know about big brother Google but you can protect yourself and not use their services, you can block google-analytics.com in your browser, you can block pretty much everything else from Google in your browser. All it takes is a little googling (bad pun, I know ;)).

Speaking of which: you might also want to use a search engine like Duck Duck Go.

But Windows 10 got forced on people, and there are plenty who would rather use Windows 7 but don't know how or simply can't (think about a machine with a pre-installed OS which didn't include installation media and the owner also never made any copies).

So then comes Microsoft along, dumps Windows 10 on that "because" and then tells the owner: "Oh right, we'll be keeping an eye on you from now on".

Obviously people will get more upset about that.

8
0
ShelLuser
Silver badge

@AC

"I just wish I could completely turn off Google Analytics and avoid being treated like Alphabet's guinea pig."

You can. Step one is not to use Chrome or something build on Chromium. Step 2 is to add the google-analytics.com domain to a Javascript blacklist (most browsers have that). While you're at it you might want to add googleadservices.com as well.

That completely stops your browser from running any kind of Google Analytics mess.

7
1

Ubuntu UNITY is GNOME-MORE: 'One Linux' dream of phone, slab, desktop UI axed

ShelLuser
Silver badge

An open source projects needs to be good, not sell good....

I believe that one of the main problems of todays market are the open source projects which have a company behind them. The problem should be obvious: a company, per definition, has a completely different agenda than those involved with an average open source project.

A company needs to generate revenue and in order to do that they need to sell something.

But an open source project is usually driven by passion; people who believe in the project and who want to make the best out of it. This often works as expected, but as soon as something clashes with the main goal, the revenue, then you'll soon learn where the true priorities lie. I think a good example is Drupal which removed a well respected developer from their project for reasons which have never been fully explained, but the general believe is that it was because of his private life and how people in general might feel about that. In other words: people could become upset about what this developer does in his free time, and that could affect revenue. As such he had to go.

This situation is different, yet comparable. "One GUI to rule them all" is a good marketing phrase: it sells, and if it sells it might generate revenue and thus is then bound to become a key target. So you'd run into 'talking reason' vs. 'talking revenue'. Guess which wins? So now it has been deemed unprofitable, so obviously it had to go. Bye Unity, you're fired. That's pure company talk for you.

When there's a company involved with an open source project then there's always a double agenda. And in my opinion that generates a very toxic and unhealthy environment where open source ethics are concerned. Because open source is not about revenue perse. And it's that key aspect which made it such a strong force to be reckoned with.

1
1

Goodbye, cruel world! NASA's Cassini preps for kamikaze Saturn dive

ShelLuser
Silver badge
Pint

Don't mind me, just fantasizing...

I know it's impossible and won't happen, but... Can you imagine what could happen if Cassini would break through the atmosphere, only to suddenly spot images of what appears to be a whole city down there, populated by who knows what? Closely followed of course by a visit from the galactic federation to Earth so that they can complaint about us littering their science station outpost :)

Oh well... a man can dream, right?

3
0

WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto

ShelLuser
Silver badge
Black Helicopters

Populist government comments...

It's plain out a fantasy that using weakened encryption... You know what? Lets just to the chase: that giving the government full access to our day to day Internet presence will change much or even helps to stop terrorism.

Because: who's going to monitor all that data? And even if you do manage to monitor all the available data, and perhaps also automatically look for keywords do you really think that those will be used when people know they're being monitored? Do these guys have any idea how easy it is to simply substitute words and phrases so that you're uttering totally harmless things yet with a whole different underlying meaning?

It used to be the number one hobby for some of my friends and me in the 80's (we were 14 - 18) back when we were very busy swapping Commodore 64 games around. Because you also often read stories about copy parties which got raided by the police and all. Of course not realizing that those were parties where people sold cracked software for hard cash whereas we simply copied and swapped whatever we could find.

Even so... We could talk for quite a while on the phone about homework, while in fact we were talking about removing a nasty copyright protection :)

Quite frankly I think Ghost in the Shell - Stand Alone Complex, first season totally nailed this problem of data amounts. At one time they were hot on the trail of the Laughing Man and at even played "Big Brother": relaying and analyzing all the data accessible to them from the Net in order to try and find a trace. As a result several AI's crashed at the result of the sheer amount of data they had to process and it became immediately clear that they could only keep it up for so long....

Even though that was total fantasy of course I still think it does a good job on showing the actual problem with all this.

1
0

It's 30 years ago: IBM's final battle with reality

ShelLuser
Silver badge
Mushroom

IBM was its own worst enemy

It's been a while but back in the days I was a serious OS/2 advocate. Look, if you even get other people to end up trying out OS/2 because they became sick and tired of Windows 3.11 often bodging up and not being able to network properly then yeah...

But IBM more than often didn't even seem to care all that much. Looking back I think it was a bit the same as the stories we get to hear about Microsoft now: how divisions in the company do different things, don't always work together and in some rare cases even compete. Even at the expense of customers if they have to!

But IBM... I enrolled in the OS/2 support program (I seriously don't remember how I pulled this off anymore, I think I asked (and got) permission from my work to look into all this and also use their name) which ended up with IBM sending me several beta versions of OS/2 products. Including several OS/2 server environments. It was awesome. OS/2 server (a green covered double CD, that much I remember) was basically OS/2 with additional user management and network configuration settings.

Yet the funniest thing: IBM couldn't care less about your test results. At one time I got an invitation to go to IBM in the Netherlands for an OS/2 server demonstration which would also showcase some of their latest product (I recall being showed a very lightweight laptop). At arrival you had to search for the entrance and where it all was, because any announcements or directions were no where to be found on site.

I bought OS/2 3.0 Warp and the 4.0 Merlin and it always worked like a charm. I seriously liked OS/2 much better than anything else. So when I had the opportunity to buy a PC through my work it was obvious what I would need to get, right? An IBM Aptiva. That would be an ultimate, the thing to get for OS/2. Because obviously an IBM OS will definitely run on IBM hardware, right?

Context: this was at the prime of my OS/2 endeavors. I could optimize and write a config.sys file from mind if I had to, I knew what drivers to use, which to skip, what each command did. Memory optimization? Easy. Bootstrapping a *single* floppy disk to get an OS/2 commandline? Hard, yet not impossible (try it, you'd normally get multiple disks to boot with).

It took me one whole weekend, dozens of phonecalls to the IBM support line, and the conclusion was simple: IBM did not care about OS/2 for their own hardware. And with that I mean not at all. It did not work, no matter what I tried. Even they told me that this wasn't going to work. Compaq out of all brands did care. Compaq, the brand which tried extremely hard to appeal to the general customer by making their hardware "easy" to use and also "easy" to customize (comparable to Dell a bit) didn't only target Microsoft and Windows. Noooo.... When I eventually ditched my IBM I got myself a Compaq and I also purchased an extra set of drivers and installation media (3 boxes of 3.5 floppy disks, approx. 37 in total) and guess what? Next to a full Windows 3.11 installation plus a different program manager and dozens of drivers it also included several disks with OS/2 drivers. I removed Windows and installed OS/2 that very same evening.

Compaq... which often advertised that they made Windows easier. And also delivered OS/2 drivers for their harware...

IBM, which made OS/2 also made hardware, never even bothered to provide OS/2 drivers for their own PC's. Not even if you asked them.

Does that look like a company which cared?

IBM was its own enemy sometimes.

18
0

Yee-hacked! Fired Texan sysadmin goes rogue, trashes boot business

ShelLuser
Silver badge

@Will

Muppet is too friendly.

Morons like that also ruin it for the serious IT staffers, because there will be employers who may start worrying about all this. The classic "can you really trust the IT department?" and that could have its affect an plenty of others.

9
0

Microsoft taking CodePlex behind the shed and shooting it by Christmas

ShelLuser
Silver badge
FAIL

@Mage

"Win10 isn't popular in terms of "liked", but unlike codeplex it's unavoidable."

I'm still running Windows 7, so how did that happen?

And when support for Windows 7 eventually drops I can move to Linux, BSD, or even get myself an Apple. So, uhm, unavoidable how?

3
5

Reg now behind invisible HTML5 Bitcoin paywall

ShelLuser
Silver badge

Brilliant

This was a good one and I fully support the idea!

Please blurr out more stories about stuff I don't like reading about anyway, it makes the world a better place :)

1
0

BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky

ShelLuser
Silver badge
Mushroom

El Reg is awesome!

I want to thank the Register team for bringing this to the attention of the people outside of the Drupal communities. Because it seems to me that this outside media attention is definitely starting quite an uproar and in my opinion rightfully so.

Personally I am somewhat surprised in how a so called "free" and "open" community as Drupal claims to be is now desperately trying their best at damage control. Yet not the kind one would expect from an open source project, no, the kind you'd expect from a big IT company which only sees a danger to their revenue and couldn't care less about the rest.

Maybe I'm ranting, I can't rule that out, but how else do you explain official comments which basically don't go much deeper then Stay for community. I quote (I kid you not!): "This seems like the perfect time for a singing, dancing, spandexed pageant about the Drupal community.".

And the worst part: "Do you think Larry was punished for thoughtcrime? Pitch in and help build a system where the next Larry can’t be treated that way. Do you think Dries and the DA deserve our trust in their decision? Join up and help make sure the next iteration preserves the strength of independent leadership.".

So basically, how I perceive this, is them saying "whatever you might think be sure to stay and/or join the community". Let's stop caring about Larry and instead put your effort into trying to prevent this from happening to the next Larry! And if you try hard enough then who knows: maybe you can be in the spotlight to play the role as the next Larry.

I think people seem to forget there's a whole company behind Drupal. And companies don't care about communities, companies care about revenue. And let's be honest: this backlash can have its affect on that, and that will scare them to no end.

Moments like these I am a very proud Register reader. Biting the hand that feeds IT.

Once again: thanks Reg for posting and informing us about this while also making sure we go to see both sides of this story so that we could make up our own mind.

7
0
ShelLuser
Silver badge
Pint

@Paul

Very well said, and don't forget feminists. I don't want to stir up a fire here but the extremists within those areas also have a tendency of proclaiming their believes as "right" and everyone who disagrees with them and speaks up is per definition guilty of harassment (at least that's the impression I constantly get).

Still... Salem... Not so much, I think this is more about a growing display of intolerance for other people's believes which we're seeing, and it's something which somewhat worries me from time to time.

Many people will agree that the dictators of the past (the likes of Stalin, Hitler, Hoessein) are bad news, yet many will easily stoop to their habits for themselves. I'm not talking genocide and all that monstrosity of course, but about spreading a sheer display of intolerance for any other opinion but your own.

Makes you wonder what's next. Hmm, people who play Minecraft should obviously be considered as very childish for playing such a weird retro-like game. Obviously you can't have those around within "serious" software projects which "matter".

How about El Reg readers? "Biting the hand that feeds IT"? Those sound very intolerant, maybe we should ban those from any "serious" projects as well.

I'm not using Drupal myself, but if I was then this display of intolerance would definitely be reason enough for me to dump it for something else.

42
6

Time to make up: Realtime collaboration comes to Excel

ShelLuser
Silver badge
Windows

Hardly new...

This was already possible with Office 2010 right after Microsoft launched SkyDrive (now OneDrive).

And I'm not just saying mind you, check this MSDN article from 2013. This involves Team Foundation, but even so that was still a way to perform team edits on Office documents.

Or what about this Office support article on co-authoring?

I quote: "When you're using Office and your document is on SharePoint or OneDrive, when everyone is done, you have a finished document, there's no need to copy and reformat.". As said: I've been using this with Office 2010 for years now.

1
0

Creators Update gives Windows 10 a bit of an Edge, but some old annoyances remain

ShelLuser
Silver badge
Windows

@ABC ;-)

"Hang on! Ads in Explorer?"

I was wondering about that myself as well. And it seems Microsoft even tries to add insult to injury because how do you combine that with this one: "Privacy and Windows 10 is a hot topic."?

Doesn't one, by definition, rule out the other here?

Anyway, thanks El Reg for a really nice insight article. I still don't like the very flat and dull looking interface, especially not when compared to my trusty rich looking Windows 7. I still don't understand why people would go along with that.

I mean... We've had years worth of development with graphic cards (GPU) and accelerators and all that. And what do you get with Windows 10? A flat, dull, colorless interface which sometimes makes me think back about Windows 2.0.

Even Windows 3.1 / 3.11 was better looking (in comparison), they really worked hard on some of the icons and some were honestly small pieces of art. This became especially true when the real fans started to release icon libraries of their own.

But now? I still have zero motivation to upgrade, and it's not because I'm unwilling to try something new but because the whole thing looks so horribly unappealing to me.

39
2

Microsoft wants screaming Windows fans, not just users

ShelLuser
Silver badge
Windows

Uhm, right.... suuure.

"Mehdi says the Windows Insider program now has over ten million participants."

Quantity doesn't make quality. I mean, there are also thousands (most likely more!) of Windows 10 users out there who would rather get Windows 7 back yet don't know how to do that (sometimes that would be impossible for them, think about laptops with a pre-installed Windows without physical installation media).

And are you sure that all the users who got forcefully upgraded to Windows 10 didn't automatically become a member of this insider program as well? Because I remember reading those stories about that automatically installed Windows 10 user hub software which could be used to provide 'much required feedback'.

Most importantly the Insider program, with very low application requirements, is also a sure way to get your hands on previews, aka free software. People looking for freebies don't necessarily meet the criteria for being a fan.

The fact that Microsoft seems to believe this is only a sign for me that they've become delusional.

18
3

iPhone-havers think they're safe. But they're not

ShelLuser
Silver badge

@Sooty

Although you're making an excellent point one should also not overlook the obvious: it doesn't always require a hacked phone in order to get some malware installed on it. There are way too many ignorant users out there who will easily install a good looking "free(ish)" game and simply click through the all the warnings that this game wants to access a whole lot of peripherals, which would raise quite a few alarm bells with people who actually think about what they're doing.

0
0

Miss Misery on hacking Mr Robot and the Missing Sense of Fun

ShelLuser
Silver badge
Pint

Never heard of it, but...

It maybe a bit grinchy for some people at some point but then you also have to remember that you're most likely someone with a background or deeper interest in IT which means that you'll approach some of the plot holes differently.

Even so... It's not something I'd go out to watch, have to agree that Hill Street Blues looks much better in comparison, and even that had a really high dose of "soap" for me, especially near the seasons where Furillo & Davenport started to become a very strange couple.

Still... I can't help get the impression that this series could very well be a much better message towards the general audience that "please use a password which isn't too easily guessable" than any written study can do. At least I hope so.

4
0

'Windows 10 destroyed our data!' Microsoft hauled into US court

ShelLuser
Silver badge

@AC

How does that apply when you were using Windows 7?

5
0
ShelLuser
Silver badge
Windows

@Will

For more than one reason too. Seriously: Microsoft has made the Internet a more dangerous place to be on, and caused a lot of collateral damage with this enforced update stunt. At least that's my opinion and impression (based on what I saw around me).

Thing is: many people have been thrown offguard and are now very suspicious of the whole upgrade procedure and tons of people I know off have forcefully turned off updates in order to prevent an unwanted update to Windows 10. Thing is: it's a whole lot easier to simply turn off the update process entirely than it is to track down (and block) the updates responsible for the Windows 10 update. I know there are 3rd party tools for that, not my point.

My point is that there are now plenty of legit Windows environments out there which won't be updated any time soon because the owner is fearful of being forcefed with Windows 10. Yet that also creates a risk because they also won't be getting any more security updates either.

Considering the massive amount of stories about exploits and discovered flaws I hope that it won't be too hard to comprehend why this could become a major problem. Sure... Unless you're not on the receiving end of a DDoS attack you have nothing to complain about, right? Yah, but what if you are and you didn't use any intervention from, say, Cloudfare?

When are we going to stop fighting symptoms and instead try to tackle problems at the source, like this one?

For the record: I'm a Microsoft fan (sort off), I seriously enjoy and appreciate some of the products (like Office and Windows 7) but I'm very opposed to their <self-censored> idea of enforcing their Windows 10 crap upon us.

72
11

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

ShelLuser
Silver badge

I don't see the problem...

Open source or not: there are only a few people who actually own or run the project. So if they want to change their license then they should be allowed to do so. And well, to be honest I think you can't go very wrong with the Apache license.

"For years, OpenSSL went largely unappreciated, until the Heartbleed vulnerability surfaced in 2014 and shamed the large companies that depend on the software for online security to contribute funds and code."

"Shamed companies"? Interesting choice of words, but I don't think it holds very true. Another thing: it also wasn't the first time something like this happened. In 2008 we had another OpenSSL disaster, but this time fully triggered by the Debian package maintainer who altered the code and by doing so introduced a vulnerability.

1
0

Why do GUIs jump around like a demented terrier while starting up? Am I on my own?

ShelLuser
Silver badge

@Unicornpiss

Microsoft should not be taken too seriously. Back in the days it wasn't even uncommon for them to display warnings such as: "Unable to delete files: disk full" idiocy. If they can come up with something like that, then obviously a progress bar is waay too complex :)

20
0

It's happening! It's happening! W3C erects DRM as web standard

ShelLuser
Silver badge

It's one thing to define a standard...

...it's a whole different ballgame to get people to actually use it. I hope that this may give some people a better impression of the importance of open standards. And for the record:

"That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations"

I don't consider "pay to win" very much of a reliable standard to begin with. Sounds to me that the more money you contribute the more things you got to say. But how does that ensure quality standards to be uphold?

Yet here also lies a bit of a concern. Google is one of those members and they got big pockets. Next you'll also have the Chrome browser which pretty much dominates the market. So, uhm, yeah, it's fun and all that Chrome is an open source browser but it's most definitely not much of an open and free standard. I'm pretty sure that when this vote gets accepted, and why shouldn't it considering the massive monetary interests, then it'll be a matter of time before Chrome and therefor a huge area of the Net has been switched to this new standard.

Basically putting Google into the same position Microsoft once was when they dictated the market. Major difference being that this doesn't involve one proprietary product but a full blown allegedly shared environment.

4
1

What should password managers not do? Leak your passwords? What a great idea, LastPass

ShelLuser
Silver badge
Holmes

"Access control"

Apart from my previous (small) rants on security and lack of understanding / insight knowledge from the users another important aspect is control and access.

The more access you allow "security software" to get, the higher the risks you'll take. Sure, it's easy to have the whole thing automated within your browser, but it's also an extra hurdle which a potential attacker doesn't have to take.

Of course I'm highly old fashioned. My password manager consists of something I cooked up within VBA which utilizes some office components. No, not Office 365; the kind of Office which doesn't even fully realize the Internet actually exists. It doesn't even sync with my phone and other devices.

But I also don't have to. If I really, really, need a password I'll simply hook up to my VPN, connect to my PC and from there I can retrieve my stuff. Awkward? Maybe. But I'm also not the kind of person who needs to log on to his social media accounts or whatever other leisure stuff when I'm on the road either. That can wait until I'm back at home.

0
0

SVN commit this: Subversion to fix file renaming after 15 years

ShelLuser
Silver badge
Coffee/keyboard

Some comments are funny...

Just because you don't like a certain project doesn't mean that it has no value at all. And sure: there may be other environments which provide the same features (or maybe better, but "best" is nearly always in the eye of the beholder anyway), it doesn't mean that everyone who jumps ship will also gain all those advantages. For example: the very process of moving from one VCS to the other can be quite taxing in itself.

And if the overall advantages only end up to be cosmetic ("faster", "easier" (everything is easy once you know how), "smaller data storage" (with todays storage space how is that an issue?)) then it also remains to be seen how much real advantage you'll gain by switching. The classic "If it isn't broke, don't fix it" approach still works today.

I'm still using Subversion for my own projects as well as to keep up with FreeBSD's source and documentation trees and well, it simply works for me, therefor I see no reason to go through all the effort of learning something new when I'll only end up with marginal advantages (and a lot of extra effort).

I think its good to see that SVN is still being maintained and improved.

13
0

Are you undermining your web security by checking on it with the wrong tools?

ShelLuser
Silver badge
Pint

So, uhm...

"In other words, the user can only be sure that their connection to the interception product is legit, but has no idea whether the rest of the communication – to the web server, over the internet – is secure or has been compromised."

I think it boils down to a very basic issue once more: understand what the heck you're doing. Most modern operating systems (Windows Server, *BSD and even Linux) provide several tools which you can use to check connections and the state their in. Obviously it is sometimes preferable to do outside checks (like with port scans) but even that can be done by utilizing a second server (for example).

The main problem? Simple: you have to know what the heck you're doing. You need a basic underlying understanding of the encryption process, how to monitor network connections (I've come across too many people who had no clue how to use tcpdump or netcat for example) and interpret the results.

And that seems a bit too much for more "modern" companies, time is also money afterall, so they'd rather rely on out-of-the-box ready to use gizmo's like these. Without stopping to think about possible consequences.

Welcome to the modern world of ICT: where a lot of people stopped to think for themselves, don't bother to try and understand (learn) something new and where you totally rely on what others tell you without questioning nor challenging them.

PS: Doesn't this same risk apply when your HTTPS connection is using a reverse proxy (as suggested by an article some weeks ago)?

1
0

Newly cloud-tastic Oracle sees hardware sales droop

ShelLuser
Silver badge
Pint

I think it's much more simple...

"So what has depressed it?"

The article blames it on the market (and some of its other players) but I can't help think that Oracle played a huge role in this themselves as well. Just check some Oracle news stories over the past years and pay extra attention to the general tone of the user comments. More than often do you read stories about unhappy people. Some noticed how Oracle raised their subscription plans in triple (and many ran off), then we read stories about Oracle trying to push Java patents which shows even more comments about people getting turned off from Oracle, then a few months back yet another story about Oracle raising their prices tremendously....

Summing up: there are plenty of people around who have had negative experiences with Oracle in one way or the other which involved a huge increase in costs while hardly getting much back from it in return.

So here's a question for you: do you honestly think those people would seriously consider Oracle for hardware? Wouldn't you consider it possible that the moment they see other people using Oracle's services that chances become high that they might warn them about Oracle and their sometimes bizarre business model (and drastic price increases)? Basically and effectively scaring even more people away from them?

Never underestimate how quickly a bad experience with a company can travel and spread around.

2
0

Barrister fined after idiot husband slings unencrypted client data onto the internet

ShelLuser
Silver badge
FAIL

@ArrZarr

"The file could even have been password protected on the drive.

Now I hate to be the voice of reason when we could be laughing at lawyers but given that details in the story are scarce on how the information was stored, I think you may be going a bit far."

Which part of: "visible to an internet search engine and some of the documents could be easily accessed through a simple search" did you chose to ignore from the article?

10
1

Russian! spies! 'brains! behind!' Yahoo! mega-hack! – four! charged!

ShelLuser
Silver badge

@AC

I have to agree with you. Even the article does this: "Russians behind the hack", yet last time I checked charging or accusing someone of a felony doesn't automatically mean they also actually did it. You got to prove this too, in a court of law. Only after the judge has ruled can you conclude that someone was guilty or not.

1
0

Microsoft urges PhD-grade devs to play Minecraft for money

ShelLuser
Silver badge
Happy

Just a 'simple game, huh? ;)

I'm a decently vivid Minecraft player, been playing for three years now and I still haven't reached a point where I got bored with it. Of course it does help that I've never really had much problems with keeping myself occupied and entertained, but on the other hand I also think that Minecraft is a seriously underrated game.

Of course the reason why is obvious and fully understandable. Because let's be honest: at first glimpse things can look very simplistic and simple. Isn't this basically a virtual block collection to build with? Well, yes and no... Of course there is a building aspect in the game, and if you can set your prejudice aside for "pixelated environments" then you may come to appreciate a world which provides much more detail than you may give it credit for. Trees, flowers, rivers, cliffs, ravines, deserts, oceans, jungles... You can all find those within Minecraft.

But there's more. The Minecraft game mechanic itself is pretty special. Because it doesn't only allow you to play the game, it also provides all the tools you might need to create the game. Whatever game you might want but all within the Minecraft world of course. From more simple things such as four in a row, a maze, a dropper (jump down into a world and try to survive the fall) right to more complicated things like battleships (with 'real ships' which can be blown up and sunk) or puzzle / adventure maps where you need to perform specific actions in order to solve things.

There are players who have build whole computers within Minecraft, capable of performing basic mathematical operations. Creations which are at their core directly comparable to circuit board designs.

Within that context the vivid player in me wants to cry out to you guys and point his fingers to this while saying: "See? A bit more complex than you thought, huh?".

But even though I meant every word I said above we also need to be a little realistic. Because lets face it: the gaming environment eventually doesn't really matter. The real challenge will be the AI <-> player interaction, where the stage is simply set to Minecraft. An interesting stage, sure, but given the very nature of the game it also remains to be seen how much influence the environment is going to have.

In the end one could also approach this with the impression that Microsoft is now utilizing a rather famous name to draw more attention to their other projects.

Either way, I for one am not really looking forward to having to face even smarter creepers :P

3
0

Oxford Uni boffins say internet filters probably won't protect teens

ShelLuser
Silver badge
Holmes

Such awkward times...

When some people actually feel the need to study what society would generally consider to be plain out obvious. Worse yet: getting paid for it too.

What's next? Study which learns that forcefully forbidding your teenager kid to drink alcohol can very well drive them to do so behind your back. A lesson which the whole US has learned the hard way.

Who would have known all these things?

Reminds me of that "iBabe" scene in Movie 45. iBabe: an MP3 player which looks like a naked woman and to add insult to injury it has a high powered ventilator placed in a "certain private spot" resulting in obvious nasty issues. And the board of directors: "We could never have seen that coming, who would have known people would try to "mate" with an mp3 player?".

No shit sherlock :)

1
0

Dungeons & Dragons finally going digital

ShelLuser
Silver badge

@veti

"Why did nobody think of that before?"

They did, but then concluded that you can't make enough money out of that.

2
0

Germany to Facebook, Twitter: We are *this* close to fining you €50m unless you delete fake news within 24 hours

ShelLuser
Silver badge

@Danceman

"If this proposal about fake news were to be enacted, would Erdogan's German Facebook page consist of a lot of white space?"

Doubtful, but I do get the impression that the European leaders would be all too happy to keep sending fines his way. And after he paid the government then problem solved I guess.

0
0

Naming computers endangers privacy, say 'Net standards boffins

ShelLuser
Silver badge

A bit out of context perhaps?

"Think instead of a device that might interest a spook – “Donald's_Samsung_S3” or “Kellyanne's_Microwave_Oven”. If those names leak to the Internet, it makes surveillance significantly easier."

Uhm, any idea how many Kelly's and Donald's are connected to the Internet? If the name alone spreads then this will hardly have any impact. I mean, I don't automatically assume that the current president of the US appears to be using a Samsung phone.

I think it's not so much the name but the connectivity itself which creates a risk. You know, step into the train, turn on your PDA and let it search for points around you and you'll notice plenty of phones which you can try to connect to. That could be an obvious problem. But just because I now know a name doesn't imply that I can also pinpoint its location and such.

Then the article talks about analysing traffic. Seriously? If the situation is already dire enough that someone can eves drop on your data then I'm pretty convinced that the host name is the least of your worries.

And the reason why I wonder if they're not pulling this way out of context is because they also start talking about enterprise networks. It's also not uncommon for an enterprise network to provide deskless interaction. So basically you can log on anywhere you want and you'll then gain access to you data and desktop. Wouldn't that also lessen the importance of the hostname because there doesn't have to be a direct relationship between that and its user?

Speaking of hostnames in the enterprise... Most I've experienced were numbered clients. Just to keep administration easier: hr01, hr02, hr03. And sales01, sales02, sales03. So now that I leaked these hostnames onto the Internet you want me to believe that this network is in more danger than before?

Right....

3
6

Microsoft nicks one more Apple idea: An ad-supported OS

ShelLuser
Silver badge
Windows

Thanks Microsoft!

For making up my mind. Win10? No way, ever. You guys have fun now.

3
0

Sad fact of the day: Most people still don't know how to protect themselves online

ShelLuser
Silver badge
Mushroom

Not that surprising...

If the people who allegedly did want to look out for your welfare ended up to be more interested in your paychecks as well. I mean seriously: what do you expect?

But I agree, the market is in dire straits (awesome song though). And some of it started when 'some people' started to market Linux, OpenBSD, FreeBSD as the #1 solutions for security. Install that and you'll be safe for life. Yet as we all know: it doesn't work that way.

Look: keeping yourself safe also implies to get an understanding of what is going on. And hardly any Internet user will do that. Why should they? Their internet provider themselves advertised how easy everything was, right?

Yeah, you heard that right. Who's fault is this? Well => the big bad companies I say. "go online with a click of your mouse", but of course if you click on the wrong section.. all hell breaks loose, but everyone knew that, right? Bzzzzt.

Of course said companies made sure to safe guard themselves. Such a fun world we live in....

"I'm the only one who gets you on the internet and I demand that you agree to my terms. Which are: all I do is good, you do not hold me accountable. You click on everything you want!"

<user clicks on phishing mail and loses 40k>

So what other options were there?

2
5

Can you ethically suggest a woman pursue a career in tech?

ShelLuser
Silver badge

There's always 2 sides to every story

When it comes to getting insulted over something then there are 2 forces at work: intent and impression. Sometimes people can make a remark which may seem rude or insulting but most definitely isn't meant this way. At one time I was part of a tech support team and we had the silly habit of calling each other out whenever something bad had occurred. There was no meaning to it.... For example: You'd fix a problem with someone's PC, then they'd call again to complain about something else not working. That would sometimes result in internal teasing: "Some idiot forgot to close Mr. Doe's browser, but fortunately I'm here!". Harmless, and most often plain out fun.

So here's my problem: let's say a woman was added to the team. Would she pick up the "insults" just the way we did (obviously she would be treated just like one of the guys) or would this result in "They're calling me names because I'm a woman". That is sometimes the other side of the medal. There are also women around who expect to be treated differently within these areas only because they're a woman.

And sometimes things which are quite harmless can be picked up in the wrong way.

Of course I'm not saying that there's no truth to any of the abusive stories. I mean, just look at that article about the marine where people snap pictures of their female co-workers in secret and then spread those around without consent nor approval. That's just plain out disgusting and an obvious display of harassment.

33
5

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

ShelLuser
Silver badge
Pint

He has a point, but also contradicts himself

For starters: security doesn't begin with a long and secure password, the real security comes from a sane mindset. For example: how secure will your 10 character, alpha-numerical password become when the user applies this everywhere? And wake up call for Mr. Atwood: most users do not think beyond the annoyance of having to fill out a password. As such there's nothing bullshit about trying to steer them in the right direction.

Then there's a huge difference between passwords on a public network (such as the Internet) or those on a local LAN/WAN. Risk assessment at its finest: when the password becomes too difficult for an end user you can bet he'll write it down somewhere. Most probably on a sticky note attached to the monitor. At work you can't use the comforts of a password manager.

At least these "bullshit rules" still prevent John Doe from using "password01", "password02" and the infamous "password03" as his 10 length password.

His rant is based on interesting theories, but there's still a difference between those and the real world.

5
0

Favored Swift hits the charts: Now in top 10 programming languages

ShelLuser
Silver badge
Joke

Gives a whole new meaning to...

So Swift hits the charts, then I guess it's now officially a thing to get Swifty? So far I only know how to get swifty thanks to Rick and Morty, but something tells me that's not what they went for here ;)

1
0

WikiLeaks promises to supply CIA's hacking tool code to vendors

ShelLuser
Silver badge
Mushroom

I can't help wonder...

How all the people feel who criticized Apple when they denied adding a backdoor on the iPhone?

Back then the US government said they would never use it illegally, after which the news about government agencies hacking and compromising just about anything which suited their purpose almost kept going in an endless media stream. This being yet another example.

Seems Apple was quite on the mark back then, history sure proved them right.

5
2

Brit ISP TalkTalk blocks control tool TeamViewer

ShelLuser
Silver badge

@FlamingDeath

"There are only two real ISPs in this country, BT and Virgin."

Yet the only reason why their subscription prices are reasonable (assumption on my part) is because they got competition on the market. Competitors like TalkTalk I might add.

1
0
ShelLuser
Silver badge
WTF?

This is hilarious...

Not for those people who got affected by this mind you, but...

So I wondered what kind of ISP would do this and did some research. Here is the official thread on their forums. If you read closely you'll notice that they didn't even bother to inform their support staff either.

Several posters describe how they contacted support with their problem ("teamviewer doesn't work") and they were advised to reset their modems. One customer (into the 2nd page) even mentioned getting into "trouble" because he was using his own router instead of the provided one, so support put the blame on that.

W.T.F.?

8
0

'Nigerian princes' snatch billions from Western biz via fake email – Interpol

ShelLuser
Silver badge

Basta Neveneffecten

Belgian TV studio Woestijnvis once made a satirical program called "Basta" in which a couple of performers addressed issues in real life with the government (and other issues) and showed just how ridiculous some of them was.

In their finale they actually invited a scammer to come to Belgium so that a fictional company could invest several thousands of Euro's into this firm. Yes: they scammed the scammers. The meeting was set up (totally ridiculous things going on) and at the end the meeting got raided by the (fake) police. You should have seen the look on the guys face. Everyone got "arrested" and the police warned the scammer that he was about to get scammed, but they saved him. Hilarious.

I just found the video on Youtube. It's Dutch ("Vlamings") but maybe subtitles can help you. Around 6:00 the fun begins when the scammer is allegedly given E 3,000 in cash with another E 10,000 being promised. Around 12:20 the "Federal police" is crashing the party :P

5
1

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

ShelLuser
Silver badge
Pint

@ZSn

"I presume that if you turn the WiFi on your phone off none of this works and you are secure?"

Exactly.

This is also why I made sure to get Internet access through my broadband provider instead of having to rely on wifi. Wifi, per definition, is a power drain. I recently set up wifi on my FreeBSD powered laptop (it was a bit tricky) and read a lot about the whole thing.

Basically every broadcast you make will consume power. When looking for hotspots (so trying without being able to connect) will gobble up even more power. And then there are the hidden SSID's, which can be even worse.

And let's also not forget risk assessment. I once had a few customers who refused to use encryption on their tablets because it was so difficult. They went to Italy on vacation and guess what happened next? Yups: happily used open wifi spots and a few days later my servers spotted weird connections originating from Italy and trying to send out viagra advertisements through these accounts.

Open wifi is a major security risk. Yet it seems no one bothers to stop to think about that. Which makes sense of course: larger broadband providers make money out of it, so obviously we need to be told that "open wifi = good" and "paid open wifi = better".

I'm also leaving things turned off.

4
1

Forums

Biting the hand that feeds IT © 1998–2018