* Posts by Kiwi

1795 posts • joined 26 Sep 2011

You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early

Kiwi
Silver badge
Trollface

It all makes sense now!

Microsoft Offensive Security Research

Did anyone think to tell MS that if they shut that dept down, then their (lack of) security wouldn't be so offensive to the rest of us?

Thank you, thank you. I'm here all week, at least until they fire me.

0
0

Boss visited the night shift and found a car in the data centre

Kiwi
Silver badge
Trollface

Does a Windows admin count ?

Probably not. Wouldn't want them noticing how often the server crashes each day!

2
0

Malware hidden in vid app is so nasty, victims should wipe their Macs

Kiwi
Silver badge

Re: Perhaps developers should work offline

My code has never been exploited and has never needed any updates, this simply because it was bespoke i.e. different for each customer and all written with the old computing definition of security in mind.

So... No repeat business, code insignificant enough that errors in the compiler aren't triggered by it, insignificant enough that changes to the OS don't cause any issues with it. Oh, and insignificant enough that ONE person writes it.

I can understand a lot of the bugs with MS stuff - their code has to support quite literally MILLIONS of possible hardware configurations. On top of that, there are millions of software configurations as well. The interaction between different bits of hardware or software, especially on complex programs, and sometimes that can throw up some serious surprises.

Of course, if you really did write code like you want us to believe, you'd know that what you have in your test environment may not match what your customer has in their RealLife environment, and any changes to their RL environment could well result in changes to the function of your code. Also, no matter what coders think to test for, no matter what we think is a "so stupid it will never happen", RL invents users who, on the first time just looking at your software, manage to break it in ways you never dreamed possible.

And that's before the next lot of updates to the OS, or other running software (what about all those deprecated system calls, API's that no longer exist, DLL's that have changed name or location on disk etc etc etc etc etc etc etc etc etc etc etc?)

El Reg - an icon that represents a steaming pile of male bovine excrement would be much desired.

2
2
Kiwi
Silver badge
Black Helicopters

Re: Wow

If it houses one's own business, especially one "hackers" would be interested in, then it would be worth looking into taking the step to replace the harddrive

No really. From Kaspersky :

For starters, hard drive reprogramming is much more complex than writing, let’s say, Windows software. Each hard drive model is unique and it is very expensive and painstaking to develop an alternative firmware. A hacker must obtain the hard drive vendor’s internal documentation (which is nearly impossible), purchase some drives of the exact same model, develop and test required functionality, and squeeze malicious routines into existing firmware, all while keeping its original functions."

Despite what some people imagine, it really is quite difficult to maliciously alter firmware in a number of devices - the address space is small and if you want your alterations to go unnoticed, you have to keep the thing running as normal - no loss of functionality and no loss of speed. Having a HDD that noticeably slows down is going to be noticed, and an IT team will replace a slow HDD as it's showing signs of failure, even if quite new. Also, a machine generating a lot of network traffic (gigs of data being uploaded to the hackers) above what it should will be noticed and dealt with. And despite what some say about taking only small amounts at a time, if you want to be able to go through my files for anything interesting then you need all of my files, and if that's a terrabyte of data then downloading at 20kps will take you a very long time. It's been done, sure, and systems that send a lot of traffic are going to be harder to watch for excessive amounts of uploads.

If you don't believe me, Bing the term harddrive firmware infected.

There's your problem (though Google's results aren't exactly much better these days). Bing. From the company who thought the "Good Times" hoax was a good idea and made it possible to get infected just by clicking on the email...

5
1

Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama

Kiwi
Silver badge
Coat

You're in a hole Charles, for the love of god stop digging.

Maybe he's really religious, and wants to live on hole-y ground?

I know, I know, I'm going. No need for bullets...

0
0
Kiwi
Silver badge
Facepalm

Re: LEDE

But if they don't make money, they bleed out and disappear.

There's LOTS of small ("boutique") businesses like a lot of independant 2nd hand bookshops, antiques shops, many charity shops etc that have been running for years (sometimes decades), sometimes without enough income to pay the rent, yet they survive.

They survive because the owner is doing something s/he loves, and is not tied to the income from the shop.

Then look at the huge number of home-based businesses where the owner might sell one trinket a week, where they spend a few hours each week making said trinkets as a hobby and if they sell they sell if they don't sell so what.

As to "money being the lifeblood of any enterprise"; no, it's the workers (are you competing for silliest comment of the year?). Without the staff to run the business, even if there's a $billion in the bank, the business is dead the moment the last person decides they're not working there any more.

Get away from your "PROFESSIONAL gamers!!11!!1" for a while and get out into the real world, and get some life experience. This is stuff you learn in the first basic module of Real Life 101.

1
0
Kiwi
Silver badge

Re: LEDE

The first priority of any business is to make money. Otherwise, it has no real reason for existing.

I realise your experience of the world may be a bit lacking, as much as you think it isn't, but I can assure you that for a great many business owners their first priority is NOT to make money, but to work in a field they enjoy and to do the best they can.

You may find this odd, but a lot of people actually start businesses with spare resources because they don't like the perceived poor performance of others in the local market, or because it's something they can do and the local market isn't catered for.

5
3

Windows Fall Creators Update is here: What do you want first – bad news or good news?

Kiwi
Silver badge
Linux

Re: My word, there's some serious hating on MSFT today

Hrm.. Well, under Gates the OS was intended to be user-friendly, didn't steal user's data, didn't dump a crapload of ads at them, didn't fight them every step of the way...

You can't say that security has improved when opening a document is enough to get the machine infected.

Like many others, I have stopped at W7. I have had to remove it's ability to connect to the internet because it is not safe to trust MS updates, and therefore I cannot in good conscience allow W7 to update, therefore I cannot risk it being online. As more of what I do can be done on Linux/WINE (only a few games left on Windows now) there is less need for me to boot Windows. Most of my family and friends are now Linux only (but many of them are not PC gamers, or play simple card games of which there are far more, far better free ones in Linux).

There's nothing left for us here. Let's go.

2
0
Kiwi
Silver badge
Linux

Re: upgrade

I've been hearing that the new update is screwing up grub2 on some multiboot systems making it so you have to either reinstall Linux or fix grub before your able to boot back into Linux

That's been a common issue with Windows installs, not so much updates pre-10.

Boot Repair Disk is a small ISO you can download and install on USB or CD/DVD which does a pretty good job of repairing these things. I've had to use it from time to time to fix other systems. Quick, straightforward, and effective.

Tweetiepooh has a decent idea - putting Grub on another disk and setting the BIOS to boot from that normally. I have been known to go one further, disconnect the Linux disk completely so that no matter what Windows cannot touch it.

0
0
Kiwi
Silver badge
Linux

Re: Windows 7 ... missing features

You don't need to install Linux just to format or even re-partition a hard drive. The Windows installer can do both.

Not when it refuses to do so because "The drive where Windows is installed is locked"

(Ok, not sure if this is still an issue or not)

0
0
Kiwi
Silver badge
FAIL

Re: Inivitably!

Hah! and thumbs down obviously from anyone who doesn't know how to adjust settings to prevent reboots while working on the PC

"user doesn't know how to stop this" is the wrong concept. The real concept - question - is, "In what frame of mind does one have to be to think it reasonable to have to adjust settings to stop the bloody thing rebooting while you're using it?"

No other OS thinks it's reasonable to force reboots on the user unless they know they have to change some setting (easy to find or otherwise). A great many users (including JJ Carter's Nan) have no idea how to even start getting into the system settings, let alone finding "all settings" and then update. A number probably aren't even able to figure out the link - not everyone is as capable of using computers as the least of us here on El Reg.

And if you really think this is a "good thing", I suggest you look at Mr Carter's posting history - he ain't exactly "anti MS" y'know (even if he may dislike "SatNav")

2
0
Kiwi
Silver badge
FAIL

Re: Have they fixed the decades old bug in File Explorer ?

That's deliberate behaviour

No. It's a bug, always has been, always will be.

"For compatibility"? Bull. If it was "for compatibility" then "for compatibility" that limit would always have been set, not some progams creating >260char paths/names that File Explorer couldn't do anything with (the native Windows file manager should've been able to handle cases that were already made, but not let you go over that limit with new stuff if it was "for compatibility" rather than the usual "ms asshattery").

Usual MS bullshit though. Make a total fuckup of something that causes pain for the victims, then claim "Oh that's not a bug, it's a feature - this is a good thing" [image of "The Operative" in Serenity saying "This is a good death" to his murder victims]

0
0
Kiwi
Silver badge
Coat

Re: Start menu

white for a wedding and black for death.

So..Explain the groom's normal clothing colour then?

0
0
Kiwi
Silver badge
Linux

Re: Start menu

They are infinitely better off having the system managed by Microsoft.

A few posts below yours, AC explained why this is such a bad idea:

Update 2: The Sticky/Gitchy Start menu is back again in Windows 10 1709. It's a Nvidia Driver issue (a glitchy driver automatically re-installing itself possibily, forced via Windows Update, after a manual update).

We routinely hear of machines being knocked offline, becoming unbootable or various other significant MS failures with their updates. The whole update system has been badly messed up for a very long time (eg 7's 48hrs+ to check for updates unless you know what you're doing, the whole GWX thing, the current very minimal information on updates and it no longer being safe to update 7 automatically, sneaking slurp into 7 and 8x.......)

Perhaps another managing the system is fine. I know a few people who certainly think they know what they're doing when they don't, and it's scary to see the level of pissing around they do on their systems and how often it becomes so broken they have to rebuild from scratch - but giving them a normal user account on a Linux and periodontally running updates for them would solve those issues if they'd let you.

I have family and friends who had constant headaches, from normal email+facebook+some light office work to bring-your-own-disposable-mouse-coz-you-never-wanna-touch-his-or-yours-again hardcore porn users (thankfully only one of the latter!), who had regular problems. Switch them to Linux and they're away. One of these was on win-10-nic (stolen, thanks Bob for explaining :) ) and asked for a Linux trial on a spare laptop. Took him less than a week to say "I want Windows OFF my system" - that was after a 10 botched update broke his system (again), and as he lives a couple of hundred K from me it wasn't exactly easy to get together to fix.

Yes, I agree some people need less control over their systems to some extent - but most simply want the machine to work, to work securely, and to work reliably. 10 doesn't provide that, as the numerous articles about severe breakages show.

0
0

Man prosecuted for posting a picture of his hobby on Facebook

Kiwi
Silver badge

Re: TonyJ

Diodesign..surely it "was" a sensitive case? He was cleared.I could understand if it were an ongoing case.

Possibly something around the accused-now-cleared seeking compensation?

1
0
Kiwi
Silver badge
Thumb Up

Hmm..seems to have been some very heavy handed moderation going on here.

I've had the same as dio mentions in his(?) response from someone else at El Reg. While I'm a bit saddened that my best upvotes post has gone (though I still have the overall votes tally), I do understand and support the reasons I've been given. I've had at least a half a dozen of my own posts removed and a few never made it past moderation.

Given the current UK political climate, they probably do sometimes have to rein some of us in! :)

1
0
Kiwi
Silver badge
Paris Hilton

Re: Proper weapons

Concealed carry is pretty common in my town. But most people don't know how to spot it (there are at least two persons other then myself carrying in the coffee shop this morning).

Why?

I'm gay. I grew up in a small conservative NZ town. I was beaten (and sometimes worse) often at school, and received abuse from others at times of my life.

I live in one of the worst parts of Lower Hutt in New Zealand - while not NZ's worst neighbourhood it does have more than it's fair share of gangs and violence.

Speaking of gangs - my car is the wrong colour for some of them, and my usual clothing colours are wrong for another group of them.

The most I've come to doing anything defensive is following a mate into Tae Kwon Do when we were in our teens, then carrying it on for about 5 years. I haven't felt the need to practice for a good 20 years, though I have found myself taking on a fighting stance when threatened a while back (old habits and training...).

Oh, and I love to ride, and I often go for walks late at night, alone. I wouldn't even consider taking a walking stick with me.

I have to ask what is so fearful about your life that makes you think it is worth carrying a gun? Why not move to a safer location? I'm sure, despite the orange roughy, you have some places in the US that are still safe to live? If not, can you sell up and move elsewhere? I hear the citizens of Syria, as a general rule, don't feel a need to carry weapons on their person.

Just trying to come to grips on why people feel the need for these things.

Oh, and yes, I have fired guns and growing up in a small conservative town meant I was shooting before I started school. I can remember firing a .22 from a prone position because I was too small to hold the thing otherwise. Target was an ice-cream container tacked on a wooden backstop that was then sitting against a dirt bank. Last time I fired was on a hunting trip. Haven't yet fired a pistol; may do so on a range at some stage, but they're not so great for hunting with so have little attraction for me, same for large calibre weapons (that don't so much kill as make mince-meat (unusable unfortunately) out of the target).

Paris because she probably likes cute guys with big guns as well, and is probably as confused as I am!

2
0
Kiwi
Silver badge
Pint

Re: What else

This is true, my previous post was not an exhaustive description of the process. But getting a crime "no crimed" is hard. For the PC it involves getting their sergeant to sign off on it.

Thanks for the correction. I had been of the belief that things were a bit more straight-forward for officers over that side.

I don't fully agree with the rest of your post, but I already have some in the moderation queue and it's just past midnight for me here, so I shall head for the sack and leave things here. And again, my apols for nutting off at you earlier - unfortunately this topic is one that gets a little sore at times.

1
0
Kiwi
Silver badge
Pint

Re: Apology esp @ Monkeycee

Hey there,

My posts are "awaiting moderation" so I hope not to further tread on any toes :)

I know Oriental Parade fairly well, having both worked and lived in the area (sadly not in a building, I did a short "between houses" stint like many in this country have done recently :( )

I have met a mixed bag of officers in my time, some really decent people, some nasty, some nasty to idiot cops but nice to helpful members of the public, some older and some younger (mostly older ones for the nicer ones, ones who would've been prosecuting their wayward fellows I guess). Both the nicest and nastiest I've met have been female officers, but I haven't met a nasty female officer since I was in my teens (that may explain something ;) ).

The case you mention actually rings some vague bells, but I couldn't say for sure. Possibly a similar case. I have had an officer tell me to stop writing while he was talking during a traffic stop, and I told him I was taking notes in case it went to court, he changed tack PDQ. I too faced a number of traffic stops for a few weeks after that stop, interestingly enough.

I'd probably better hold my tongue around these parts for a while though, I have little nice to say about our fine lads and ladettes in blue, and I think I've ruffled a few feathers here :)

1
0
Kiwi
Silver badge

Apology esp @Adam 52

My family has experienced great pain at the hands of certain members of the police and their prosecution team. I am aware of several other cases in NZ.

This does not excuse my comments (which I'll allow to stand to show how much of an idiot I've been!).

To all readers of El Reg, especially Adam 52 who has taken some of that more directly, I apologise. I also apologise to any members of the police who are there for the right reasons and trying to do the right job in difficult circumstances.

3
0
Kiwi
Silver badge
Pint

Given the above, your post - and many of the posts here, are clearly wrong. But then your language suggests that you are not really open to being educated.

Quite clear on how these things work thanks mate. And know full well that the police will do their best to not disclose anything to the defence - they are after all part of the prosecution.

From your posts it is you who is clearly lacking in education, and not willing to listen to anything contrary to your views.

7
1

This post has been deleted by a moderator

Kiwi
Silver badge

Re: Legally Worthless?

The criminal "justice" system is neither just nor a system. On Both sides of the pond.

It is, however, criminal.

3
0

This post has been deleted by a moderator

This post has been deleted by a moderator

Kiwi
Silver badge
Flame

Re: Nazi

"Didn't someone nearly get done in Oxford a few years ago for insulting a Police horse? I can't seem to find a link though."

http://news.bbc.co.uk/1/hi/england/oxfordshire/4606022.stm

Bloody hell. Talk about a worthless pig taking a personal vendetta! Back then the term "gay" was often used by teens (and those not very far past their teens) to express a mild dislike/disappointment ("No internet till I've done my homework? Gay!"), at least around here. Only the super-sensitive or those who make Daily Mail readers look like laid-back types would get offended at someone using it.

The cop involved there clearly had an issue, and was clutching at the best straw he had to inflict some misery on a relatively innocent kid who upset the poor wee lassie.

No wonder those of us who've seen their true nature call them "pigs" - when we're being nice.

4
1
Kiwi
Silver badge
Trollface

Re: Nazi

Didn't someone nearly get done in Oxford a few years ago for insulting a Police horse?

I think it was a case of insulting a horse's arse, in saying the copper in question was acting like one.

ICBW.

2
0
Kiwi
Silver badge

Re: What else

Once a crime is reported Police have to resolve - by caution, restorative justice or referral to CPS. There is almost no option for the officer to go "don't be silly".

I suspect your statement is somewhat incorrect. The police are there to investigate reported crimes, and determine if there is any grounds for prosecution. They do have the ability to decide that no crime was committed (eg find someone breaking into a car, turns out to be the car's owner who'd locked keys inside). Even if the officers themselves cannot decide not to proceed, those above them have that discretion and if they're presented with enough evidence of innocence or a lack of evidence of guilt (such that a trial is very likely to be lost) they don't proceed with a prosecution. The only time a prosecution goes ahead is when there is a personal vendetta involved, or utter stupidity on the part of those who decide to prosecute (sometimes both).

Besides, the article reads like it was said copper who "discovered" the picture (strangely just one out of hundreds) and took it upon himself to prosecute further.

And as your so-called "Reg commentards" have pointed out, if the police really did have concerns that there was a threat or gun offence here, why did they not search the guys house? The answer is probably quite obvious - they didn't search because they already knew he was innocent.

8
0
Kiwi
Silver badge

I suspect there is more to this than we're being told, and I think we're being told the facts selectively in order to present one version.

Y'mean like pigs do during a trial?

Oh wait, sorry. No. They hate telling facts.

6
1
Kiwi
Silver badge
Pint

Re: Police Scotland = Morons with time on their hands

Strangely enough, after that episode we didn't actually get called to testify.

I'm aware of many things like that as well - witness testimony being changed, statements gathered by police presented as "x witnesses described the accused" when every witness described a white person and the accused is clearly Maori. I've known of cases where witnesses/plaintiffs retracted statements but that information has not been presented to the court (prosecution says "Mr Y does not wish to testify at this hearing" rather than "Mr Y has retracted his statement, now says he was drunk and upset at the accused and made it all up". They like to suppress evidence of innocence, and I suspect sometimes some of the arrests of people over some trumped up charges that are later dropped is so they're "out of circulation" while another case they could be a defence witness in proceeds.

Like in much of the world, our coppers are a filthy lot of lying criminals. The only reason we don't have more young fathers shot "accidentally" is that few of our police are armed, at present.

(BTW, I am of mixed European descent, in case anyone is wondering, quite white in appearance)

5
0
Kiwi
Silver badge
Pint

Re: Police Scotland = Morons with time on their hands

An utter, utter waste of tax payers' money, police admin time, court admin time, crown prosecution service time and all because the chief constable is incapable of weeding out the racists and petty sadists in his force.

Yup, we get that over here as well - although it's more a case of them wanting to weed out the non-racists and as for the "petty sadists" they're not interested in the "petty", they want full-blown sadists.

They love to find weaker targets and make their lives a misery. Imagine how much real crime they could've dealt with if they hadn't been trying to mess up the life of your relative?

4
0
Kiwi
Silver badge
Big Brother

Re: Police Scotland = Morons with time on their hands

BTW thanks for noting that crime is at an all time low in Scotland.

Actual crime, "reported crime", "estimates of unreported crime" (eg the old "90% of rape cases are unreported" that is said from time to time - if they're unreported where do they get the numbers from?) or what?

Under the wonderful national government, it has become a waste of time to report car thefts, burglaries, some assaults (if you're poor, "of colour" or "of ethnic descent" (or whatever terms they use today), suspected of not being entirely straight). I know a gay guy who was assaulted in his home, the police basically told him to get stuffed, refused to take his report as he "had it coming", though that was under a previous national government.

Anyway, point is as the crime rates rise and the coppers get less "dedicated, effective police" and more "worthless pigs" (especially as recruitment standards drop), the "lesser" crimes no longer get investigated. Especially if, as in NZ there's big bonuses for certain types of convictions and little or nothing for others, then the cops want their bonuses so drop the importance of other stuff. Or lose the paperwork so said crimes go in the "was never reported" bins.

4
1

This post has been deleted by a moderator

Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

Kiwi
Silver badge
Linux

Re: Why would Chrome have the privileges required?

But even when logged in as an admin you get asked to elevate privileges every time you want to add or remove software. It doesn't just allow anything to happen without a prompt. A bit like the prompt to allow SUDO on Linux.

Not quite.. At least when I last used Windows, the prompt would come up with a simple yes/no option. Vista was bad as it did it a lot. And users just clicked on "make the thing go away", most commonly "yes".

It's also possible to turn it off easily.

I've also seen "Doing this requires administrator privileges. Click here to get admin privileges" or something like that.

sudo, however, requires a password - at least for the first time in a given shell for a few minutes (maybe 5 minutes, not sure how long TBH). While there are ways to turn it off, I suspect very few people would.

HTH

1
0

Microsoft faces Dutch crunch over Windows 10 private data slurp

Kiwi
Silver badge

Re: Much a do

That depends on the conditions you agreed to at the time of collection, and changing those conditions without seeking your explicit permission again is illegal. That's why the whole data sharing thing with Google for health analysis was so questionable.

Given that I've never been at my Dr's office for a consult while they've been installing an OS.......

Nor have they ever spoken to me about what data the OS collects.

I strongly suspect they have no idea about that. They must get IT support from someone but it could be anyone. Should ask when I'm next there. Could pick me up a new contract..

0
0
Kiwi
Silver badge
WTF?

Re: How about treating them like everyone else?

"and all sorts of other personal records, including "typing history""

Lol, Windows 10 doesn't store or forward your actual typing. It collects statistics like word use frequency and similar in real time. If you let it.

So you mean mickey$loth was, yet again, lying when they listed "typing history" as part of the data they collect?

And what bloody use are stats like the frequency of words I use, especially without context (ie in order of use)? True real-time word use stats would show the order anyway, as it would show the count for "order" was updated momentarily before the count for "anyway". But what business is it of theirs what words I use and how often?

The data MS colllects, from MS's own site :

Web browsing and online searches

Places you go (physical location)

Data that helps us assist you, personally ("...needs to know what you’re interested in, what’s on your calendar, and who you might want to do things with.")

Fitness and health

Data that we use to show more interesting ads

Places you go

Data that helps us assist you, personally

Sign-in and payment data

Information from device sensors

(https://privacy.microsoft.com/en-ca/)

That lot alone is quite scary, and certainly a level of intrusion that is illegal in NZ and other jurisdictions, especially as it's on be default and doesn't give clear explanations during the installation

And then there's :(excuse formatting)

App usage Information about Windows and application usage such as:

  • OS component and app feature usage
  • User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites.
  • Time of and count of app/component launches, duration of use, session GUID, and process ID
  • App time in various states – running foreground or background, sleeping, or receiving active user interaction
  • User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
  • Cortana launch entry point/reason
  • Notification delivery requests and status
  • Apps used to edit images and videos
  • SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
  • Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
  • Emergency alerts are received or displayed statistics
  • Content searches within an app
  • Reading activity -- bookmarking used, print used, layout changed

And if that's not going to far, how about (some removed for brevity) :

App or product state Information about Windows and application state such as:

  • App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.
  • Personalization impressions delivered
  • Whether the user clicked or hovered on UI controls or hotspots
  • Caret location or position within documents and media files -- how much of a book has been read in a single session or how much of a song has been listened to.

What business is it of theirs how much of a bloody book I read in a single sitting?

More for the brave/sadistic at https://docs.microsoft.com/en-us/windows/configuration/windows-diagnostic-data.

Yes, while it does refer to docs being grabbed during a crash, there are several mechanisms where this would happen. Especially given the regularity with which windows/programs crash!

How the hell do you live with yourself defending this stuff? [sounds of tongue being gnawed at as I try to keep a hold on what I really want to say!]

0
0
Kiwi
Silver badge
Thumb Down

Re: Much a do

But if one has a super secret that needs to be held digitally, don't depend just your choice of operating system, you need to take extra precautions such as locked rooms, limiting web surfing or not surfing at all with that computer, firewalls both software and mechanical, circumspect behaviour etc. etc.

So.. Because my medical records must be available to others as part of some concerns, I have no right to expect those records will only be seen by those who have a reasonable need to see them? MS should just have them as a right since I'm not putting them into locked rooms etc?

Or the stuff that potentially led to the condition - something resulting from what someone else did - that material should be widely available to anyone who wants it because the Dr needs to share it with other agencies, and they've moved on from paper?

1
1
Kiwi
Silver badge
Thumb Up

Re: Blaming North Korea?

How is it you can sleep with yourself trying to defend this stuff?

Maybe the fact that he's only sleeping with himself is a hint?

I was going to comment along the lines of that but... :)

1
1
Kiwi
Silver badge
Big Brother

Re: Same old story

Make minor changes but state it can't be "undone" without destroying something everyone uses,

I'd suggest if they're getting fined say $50 per breach they'd quickly find a way to fix it (each breach being each type of data contained in each lot of stuff sent back (or would be collected to be sent back - attempting a crime is much the same as committing it y'know, especially if forces outside your control stop you).

So, machine details $50, "typing history" $50, software run $50, software changed (updates etc) $50, documents accessed $50, documents sent $50 - just for one session there's $300 in fines. I might run the machine for half an hour at breakfast, shut it down for a while, kids come home from school and look something up then shut it down, then I come home from work and turn it on - 3 sessions = $900, and the machine's only had 2hours use for the day)

Make them pay until it is fixed. Not some paltry fine that is less than the revenue they gain from breaking the law, but something that costs them. And if they delay, jail time - and let the yanks know if they don't extradite MS exces then the yanks will have a harder time convincing anyone else to extradite other criminals back to US.

MS do this knowing it is against the law. Make them pay till they're willing to comply. It's not like their lawyers would've misinformed them and they went into it innocently. They knew this is illegal in many countries, and they knowingly chose to break those laws.

5
0
Kiwi
Silver badge
Linux

Re: Data Proection - GDPR

Corporate versions don't send the same telemetry back to MS.

How many "seats" do you need to get those versions? Is my Dr's office going to have enough at ~10 staff? My mechanic at 3 staff? The place I get my hair cut at 5 staff (including the temps)? What about the big engineering firm around the corner - 100 staff BUT only a small few Windows computers for the office staff?

What about the charities that get some volume licensing, but often only have a few seats? I know a place that works with some people who've had some very nasty experiences in life, where the computers handle extremely sensitive material - do their dozen or so machines get any protection, or would they be sending stuff off to MS? (thankfully I won them over to the side of light, they run Linux with Libre Office, and only those machines that have to be online even have a network connection, no wireless to snoop on either, they're the sort of place you want to know the personal data is secure - last thing they want is MS's "typing history" slurping the name, address, and statement from one of their clients!).

2
1
Kiwi
Silver badge
WTF?

Re: Blaming North Korea?

Not when you look at the reality. In the vast majority of circumstances, Microsoft is a lower risk and has a lower TCO than the alternatives.

Right. So when I see my Dr next week, see he's using W8+, and take him to court under the NZ Privacy act (he's passing my medical notes to a 3rd party without having obtained my consent nor even notified me that he is doing it) how would that save him money?

When your machine is down because of the latest patch "whoops" from MS (remember everyone BELOW enterprise gets them forced, not much choice), and you can't do your work, how is that saving money?

When you have to have the latest 0day exploit cleaned, or someone sends you a word document with malware in it (which STILL is an issue in 2017!), losing not only the productivity but also the cost of getting the machine fixed, how is that saving you?

When you lose your machine to the latest ransomware, and in your in-experienced attempts to recover also lose your backups, where is the savings from MS in that?

Has been proven time and again, MS's TCO is far higher than anything else, both in costs of acquiring, costs in lost time, costs in lives lost early due to stress and so on (probably a fair few suicides where the latest MS screw up has been enough to tip someone over the edge, and I know there have been cases of people suffering heart attacks when they've been infected and lost their business data).

How is it you can sleep with yourself trying to defend this stuff?

6
1

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Kiwi
Silver badge
Linux

Re: Key phrases

:-( Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, (linux, android >=6 )...

Patch already out.

Well, for Linux anyway. Android, well... :(

0
0
Kiwi
Silver badge
Linux

Re: Uncorrectable Horse Staple Battery

To your own server within your network... I can't see much advantage here and there is the added complications and overheads of running the VPN services etc.

I have an Acer that lshw identifes as "Aspire M1200/3200/5200" running as a semi-media centre at a mate's place. He uses it to watch old movies on Youtube, and when I'm there we'll watch other media on it as well (including some high definition videos, and sometimes live stuff over Kodi). The current CPU is a "AMD Phenom(tm) 8450 Triple-Core Processor" which I installed this past weekend, previously it had the default CPU with the model (a 2core of about the same speed). Video is "RS780 [Radeon HD 3200]" and it has 8Gb of RAM in it.

This machine does it's work as his media machine, also currently acts to, well, it gathers media from certain sites and allows others with similar interests (eg in a certain bay) to get that content from us (to a certain ratio). It also has one of my Owncloud servers running which my mate and another mate use for backup purposes.

And on top of all that it runs an instance of OpenVPN that half a dozen devices access. Not for video streaming, he's only able to get ADSL where he is so his upload speeds are sucky, but the VPN provides no noticeable overhead on the network, even when all devices are connected.

(That said, the devices are generally on slower connections anyway, and doing fairly mundane stuff like this one on El Reg, my tablet on the odd page check (and maybe banking stuff if I'm away from home using someone else's wifi (VPN encrypted plus banking site's encryption should make things nice'n'safeenough - vpn is by cert not username/password), and other mundane stuff.

I use it when I visit him as well, and would use a vpn on my own wifi network esp now that this crack is known. I wouldn't bother maybe with wired, but very few tablets have that as an option (though mine has a full fat USB port so I could perhaps get a RJ45 dongle, if it can drive it)

TL:DR; The VPN overheads are actually quite tiny. I run OpenVPN myself and have no problems.

0
0

Sounds painful: Audio code bug lets users, apps get root on Linux

Kiwi
Silver badge
Linux

Re: Oh for FUDs sake

Check the post history, JJ has probably posted that exact comment more times than I have ever posted here.

Lets see.. Your posts : 57 (at time of my posting).

JJ's "many eyes" comments... : [oblig xkcd]

2
0

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Kiwi
Silver badge

Re: Why does anyone care about wifi security?

Those with the foil hats on, do you never use Starbuck's or any other public wifi?

Correct. I don't think I've ever even seen a SB except on TV. None around here that I'm aware of.

But for those very few times I might actually want to use someone else's wifi while I am out, there's OpenVPN.

2
0
Kiwi
Silver badge

Re: Mitigation

Assuming that updates are not going to fix this problem—which seems a fair assumption,

Updates already installed on this computer.

From my reading of the article (happy to be corrected), this attack lets you listen to traffic between one computer and the router (I've not read the other article yet), and doesn't necessarily actually get the wifi password (though if it's listening to traffic I guess that may be passed at some stage - but that may be before this attack is available, I have little knowledge of these matters :) ). The article talks of VPN use to mitigate it, so that would further indicate that it's traffic on that session only rather than the whole network being compromised (of course, if you do a non SSL etc login to any site, said login can be pilfered - thankfully El Reg got their site to HTTPS before this became public knowledge! The horror if someone gets my El Reg credentials! :) )

I'd love to say "you have little to worry about" but I know that with these things, while there may be plenty to mitigate against this attack, there's the possibility that someone will now find further flaws or further ways to exploit it.

But the fix is in. If you like penguins at least...

0
1
Kiwi
Silver badge

BT have decided to approach the problem in a very different way, by making WiFi so frickin' unreliable in their Home Hubs that the chance of a connection staying up long enough to hack is approximately zero.

Vodafone NZ are trying to beat them in those stakes. Keeping their crippleware routers from crashing just about takes a top ICU team - and then some.

1
0
Kiwi
Silver badge
Linux

As usual..

Quick check of the update manager while reading the article - oh, there's a fix already there for Linux Mint (and therefore Ubuntu and Debian).

Getting the routers fixed is another matter of course. And the older Android devices.

Still, at least I don't have to wait till a Tuesday that's what, 3 weeks away?

0
3

Android ransomware DoubleLocker encrypts data and changes PINs

Kiwi
Silver badge

Re: RE. Re. BD-R

At 50GB a disk price is still lower than tape and for most purposes (eg backing up data in a form you can get to easily) its fine. Disks will last at least 40+ years in storage.

We're talking home users here. The disks will survive at most 2 incidents of being slid across the carpet face-down (never had kids?), or one incident of cat+shiny. They'll not be put in hermetically sealed rooms with a dozen layers of security, they'll be left where whoknowswhat dust and other stuff can get to them, they'll be mishandled, fingerprinted, labels written with a ballpoint pen. 40 years? I'd be surprised if they last 40 minutes.

And then there's the getting the drive hooked up to the phone, getting backup software that works, backup software that will still work next month, getting the users to do the few seconds of pressing buttons before they go to sleep at night to let some sort of backup process run for a few minutes.

As to CD's, I still have a few older machines that may be in working order. Circa P1 or P2 machines I think. (If anyone's desperate enough to be interested in acquiring them, get in touch via El Reg)

0
0

Forums

Biting the hand that feeds IT © 1998–2017