* Posts by G2

220 posts • joined 21 Jun 2007

Page:

Fun fact: US Customs slaps eyeglass taxes on optical networking gear

G2

Re: Tax on Glasses?

newsflash: DKNY is a Luxottica brand/product and their revenue ends up reported on Luxottica's balance sheet at the end of the fiscal year - so, yes it matters to shareholders and tax authorities.

http://www.luxottica.com/en/eyewear-brands/dkny

6
2
G2

expensive internet service

that's an additional explanation why US internet providers are crap at deploying fiber internet access - the import fees for optical fiber equipment and access routers for millions of customers must be horrendous.

In addition, each separate SFP module will have a separate fee applied since it's technically a distinct device, usually shipped and purchased in separate packages too.

yes for each SFP module.

https://en.wikipedia.org/wiki/Small_form-factor_pluggable_transceiver

This can lead to having to pay multiple times the same fee for a single equipment that has multiple optical interfaces, one fee for each optical interface. That's crazy.

2
0

The strange case of the data breach that stayed online for a month

G2
Facepalm

ElReg cache flush

"We therefore asked Google if it offers service levels for requests to flush its cache. The company told us it wouldn't comment on an individual case [...] Neither really explains how it would respond to a request to remove data from its cache."

well, D'OH... you basically asked if water is wet.

https://www.google.com/webmasters/tools/

go to the link where they told you to go, you have to verify ownership of the site and then you can dig in settings to flush cache and pretty much nuke everything related to that site's presence on Google.

Bing and the other major search engines have similar options, so it's a bit of a whack-a-mole to do that with various search engine caches.

The site owner can also add a robots.txt to the website with:

User-agent: *

Disallow: /

2
0

US Pentagon scrambles after Strava base leaks. Here's a summary of the new rules: 'Secure that s***, Hudson!'

G2
Pint

Re: never let it be said

it's anonymized and don't worry - it's just metadata.

quoted from various 3-letter-agencies.

https://www.theguardian.com/technology/2013/jun/21/nsa-surveillance-metadata-content-obama

5
0

PACK YOUR BAGS! Two Trappist-1 planets have watery oceans, most likely to be inhabitable

G2
Facepalm

error: spellcheck not available

"Celcius", really?

https://web.archive.org/web/20180124103250/https://www.theregister.co.uk/2018/01/24/trappist1_planets_water_life/

0
0

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

G2

Re: Google security...is a joke

P.S.: or report it here:

https://www.google.com/appserve/security-bugs/new

0
0
G2

Re: Google security...is a joke

you can do this: enable advanced protection with U2F keys.

one of the steps when enabling advanced protection is to WIPE ALL application-specific passwords and prevent the use of such application passwords.

Change your main account password after that.

https://landing.google.com/advancedprotection/

if that application still works after those steps, send a message to security[_AT_]google.com

0
0
G2
Facepalm

Re: Google or Hackers?

that "just Gmail" account is not just for email.. if your phone is connected to the account (and it needs to be, if you want email) then the account can be used to enable remote GPS tracking, make the phone ring for 5 minutes in case you misplaced it, or even send a remote WIPE command to the phone, just by logging in to the account on any computer. Email is just a tiny fraction of the functions it has.

https://www.google.com/android/find

0
0
G2

Re: SMS 2FA shouldn't even count as "security"

Google supports FIDO U2F hardware tokens/keys = no more SMSs needed, and if you enable the Advanced Protection Program setting for your Google Account then U2F keys are mandatory for login.

(you will need minimum 2 keys, just in case one of them malfunctions)

https://landing.google.com/advancedprotection/

https://support.google.com/accounts/answer/6103523

when you enable the advanced protection mode Google will even prevent the use of SMS for authentication or account recovery because U2F is then mandatory for all account operations.

3
2

Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter

G2
Pint

factcheck: fail result

https://regmedia.co.uk/2018/01/17/space_bounty_hunter.jpg

that's Boba Fett from Star Wars:The New Republic Anthology not from Firefly

https://www.youtube.com/watch?v=dzP9gY1GZVw

There are some rumours that a Star Wars film centred on Boba Fett will come out around 2020-ish.

@ElReg: your image was an obvious troll for Star Wars fans... let's call it an article bug :)

3
5

Industrial systems scrambling to catch up with Meltdown, Spectre

G2
Coat

re: points for giving the advisory a 2017 timestamp

http://www.productsecurity.jnj.com/advisories.html

Johnson & Johnson: "January 12, 2017 - Product Security Notification for Meltdown and Spectre"

and in the page footer note:

" All contents © Johnson & Johnson Services, Inc. 2016. All Rights Reserved.

Last Updated: 05/04/2016 "

J&J's web developers/redactors are either asleep when coding or amazing time travellers... did anyone check for a Tardis nearby?

2
0

Your connection is not Brexit... we mean private: UK Tory party lets security cert expire

G2

Re: Another autoplay video!

and they designed it to start at MAXIMUM volume... OUCH, my ears!

2
0

It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

G2

Re: Redmond office hours only

some home PCs are probably selected by MS for selective deployment testing.

Check the Feedback & Diagnostic settings on those home PCs that receive early updates. My guess is that you'll find them set at either Enhanced or Full feedback.

17
0

If Australian animals don't poison you or eat you, they'll BURN DOWN YOUR HOUSE

G2

ok.. so birds finally invented fire.

wake me up when they invent space travel, in a few [million] years.

or a black monolith with the dimensions 1 : 4 : 9

(1 : 4 : 9 : 16 : 25 : 36 ....)

8
1

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

G2

P.S.: in the above post by CPUs i mean manufacturers that offer x86/x64 compatible CPUs not special industrial / RISC CPUs... those are another kettle of fish.

4
1
G2

re: lightspeed lawyers

those are not lawyers, those are ambulance chasers.

a real lawyer with IT knowledge would have known that there is practically NO SUCH thing as a CPU on the market these days that is not affected by Meltdown and/or Spectre, they all are, even ARM or Qualcomm. It's an industry-wide bug.

Such a CPU has not been seen since speculative execution acceleration was introduced about ~20 years ago. If they want a CPU without speculative/pipeline execution they should go back to 80286, or better yet 8086 processors to be "safe".

Either that or they should wait for the industry to design and release new silicon that's safe, and since silicon development, testing and release cycles take about 2 years, we should have the new CPUs by 2020 or 2019 if we're lucky.

5
19

Windows Update borks elderly printers in typical Patch Tuesday style

G2

dot matrix

in some places these printers are preferred because of their ability to print on practically endless kilometers-long continuous-style paper.

https://en.wikipedia.org/wiki/Continuous_stationery

such use cases are: transaction / financial logs, emergency services call detail records, EV/DV certificate issuance by a certification authority or any other case where you need to have some sort of minimal auditable paper trail in case that the electronics go tits up.

Continuous paper is the VERY literal definition of the term "paper trail".

94
0

Mozilla devs discuss ditching Dutch CA, because cryptowars

G2

Re: Isn't it about time...

and they probably will do for *.google.nl, *.blogspot.nl, *.yahoo.nl.

in fact, they will probably just skip to forcing PKIOverheid to issue them *.nl certificate(s) for MITM.

3
0

What just trousered a $4.5bn profit, has glum desktop chip sales, and rhymes with go to hell?

G2

What news site just entered the "fake news" section?

@TheRegister

WTH is with all these "What just..." stories today? The article titles start to look like copy-paste clickbait.

I can see no less than 4 (FOUR) articles with similar titles, and they are even displayed together in a funny L-shaped group, 3 horizontal and one above.

Seriously, please stop with the déjà vu titles. The articles are tagged as written by different authors but i really doubt those people names are really the authors since the four different articles have such titles:

What employs half a million people, just did $44bn in sales, and rhymes with Azerbaijan?

What just trousered a $4.5bn profit, has glum desktop chip sales, and rhymes with go to hell?

What just banked $7bn in pay dirt, is stroking its big growth, and rhymes with cold sweat?

What just counted $24bn in receipts, and rhymes with psycho loft?

21
0

Sick burn, yo: Google's latest Pixel 2 XL suffers old-skool screen singe

G2

i have AdBlock and NoScript too.. the problem is that that host (50_28_ etc) is blacklisted via SafeBrowsing for malware and phishing.

https://transparencyreport.google.com/safe-browsing/search

enter just the host address there and check.

2
1
G2

beware that my antivirus started screaming and lighting up like a Christmas tree when i tried to visit that nibroadcast URL. it's infected.

url path of the infection contains host 50_28_72_138 (dots removed)

4
1

Apple Cook roasted for Chinese app takeaway

G2
Facepalm

double standards.. they've heard of it.

Pot calling kettle black, meh.

s/China/USA/g

s/Chinese/American/g

s/Middle Kingdom/Uncle Sam/g

s/Cyberspace Administration/Homeland Security/g

and the article text remains equally valid. Here's the text after those changes:

(<sarcasm> starts)

Apple Cook roasted for American app takeaway

Cruz missile targets iPhone head honcho for pulling software from shelves at Uncle Sam's behest

A pair of senior US Senators are calling out Apple CEO Tim Cook for what they call "enabling the American government's censorship and surveillance of the internet."

Senators Patrick Leahy (D-VT) and Ted Cruz (R-Zodiac) said this week they are concerned with how quickly Apple caved to demands from the American government to remove VPN apps from its USA App Store.

"As you know, USA has an abysmal human rights record, including with respect to the rights to free expression and free access to information, both online and offline," the open letter [PDF] to Cook read.

The pair of legislators went on rattle off a few of the more damaging accusations against USA – specifically, its crappy record on human rights – before noting that Cook himself was recently lauded for his support of free speech as the CEO of Apple.

Then, they proceed to bring up the incident earlier this summer, when Cook admitted that obeying to censorship demands and pulling VPN apps was just the cost of doing business.

"While Apple's many contributions to the global exchange of information are admirable, removing VPN apps that allow individuals in USA to evade the Great Firewall and access the internet privately does not enable people in USA to 'speak up'," the letter reads.

"To the contrary, if Apple complies with such demands from the American government it inhibits free expression for users across USA, particularly in light of the Homeland Security of USA's new regulations targeting online anonymity."

Now, the bipartisan duo want Cook to explain himself and issue a response to 10 of their questions, including whether Apple was personally asked to pull the VPN apps by American officials, what the biz did to oppose the demands, and how the iPhone maker expressed its concerns, if any, to the American government before its latest anti-internet-freedom laws were enacted.

Additionally, they want to know what, if anything, Apple has done to promote free speech in USA and what it has done to push for human rights and better treatment of oppressed groups on the mainland.

So far, Apple is maintaining radio silence on the letter.

/s

7
0

Western Dig's MAMR is so phat, it'll store 100TB on a hard drive by 2032

G2

P.S.

and

9,728,214

August 8, 2017

Disk drive and position correction method

Inventors Masakazu Abe

Original Assignee Kabushiki Kaisha Toshiba

Toshiba?!

0
0
G2

"WDC has moved the final joint closer to the read/write head and called it a multi-stage micro actuator with finer track positioning capability."

quick search of Google.com/patents shows:

Multi-stage actuator with writer position determination capability

US 9019650

April 28, 2015

Inventors Ximin Shan, Jye Kai Chang, Sandeep Sequeira

Original Assignee Seagate Technology Llc

Filed: April 30, 2014

Seagate? hmmm, i thought we were talking about WDC here.

0
0
G2
Joke

Re: Bah...

= wife-assisted magnetic recording?

2
0

It's Patch Blues-day: Bad October Windows updates trigger BSODs

G2

"clear the cache on WSUS servers" - WTF.. is he crazy? What has he smoked?

The WSUS caches on my servers are 200+ GIGABYTES on each server. One of them is configured to download express updates instead of normal... that one has a regular WSUS cache of about 900 gigabytes just by itself.

That cache flush would mean re-downloading terabytes of data just to fetch ~99% of the same data that the servers already have and it will take almost a week for the caches to recover.

31
0

Dot-Amazon spat latest: Brazil tells ICANN to go fsck itself, only 'govts control the internet'

G2

and before Brazil decided to squat on the [domain] name, the word "Amazon" had already been in use for literally THOUSANDS of years.

So.. following Brazil's line of reasoning, the .amazon TLD should be given to Greece.

https://en.wikipedia.org/wiki/Amazons

In Greek mythology, the Amazons (Greek: Ἀμαζόνες, Amazónes, singular Ἀμαζών, Amazōn) were a tribe of women warriors. Apollonius Rhodius, at Argonautica, mentions that Amazons were the daughters of Ares and Harmonia (a nymph of the Akmonian Wood). They were brutal and aggressive, and their main concern in life was war.

[...]

1
1

New Horizons probe awakens to receive software upgrade

G2

RFU

hopefully they learned from the printer/IoT industry not to perform remote firmware upgrades without a full reboot before attempting anything and then checking the signature of the received file.

replacing a bricked system board for this is not as easy as for a printer.

5
0

Missed patch caused Equifax data breach

G2
Pint

admin/admin

That's amazing! I've got the same combination on my luggage!

:p

12
0

Pack up, go home to your family: Google Drive is flipping out

G2

Re: Do your own - it's safer

@rmason

Synology? have you even READ their EULA? Their management software and firmware can come with "audit" spyware built-in and it's written right there in the EULA that you have to agree to when you first configure the NAS. Their software = agent authorized by Synology. The built-in remote kill switch is also covered by the EULA.

https://www.synology.com/en-global/company/legal/terms_EULA

Section 7. Audit. Synology will have the right to audit your compliance with the terms of this EULA. You agree to grant Synology a right to access to your facilities, equipment, books, records and documents and to otherwise reasonably cooperate with Synology in order to facilitate any such audit by Synology or its agent authorized by Synology.

Section 15. Termination. Without prejudice to any other rights, Synology may terminate this EULA if you do not abide by the terms and conditions contained herein. In such event, you must cease use of the Software and destroy all copies of the Software and all of its component parts.

"component parts" = your data. it's a component part of the NAS.

3
0
G2

video streaming coming to Google Drive for organizations

just saw one of the key features of the new tool

Stream files on demand

since Youtube was given a facelift recently, that video streaming feature in Drive will probably have a similar interface to the new Youtube.

https://support.google.com/a/answer/7491633

0
0
G2
Black Helicopters

Re: My FTP repo, OTOH,

even if the server(s) hosting the files is(are) in Russia or Switzerland, that's still under USA jurisdiction... well, at least according to them

e.g.

https://www.theregister.co.uk/2017/06/26/supremes_microsoft_warrant_case/

https://www.theregister.co.uk/2017/04/20/google_must_provide_overseas_gmail_data/

0
1

Oracle 'systematically denies' its sales reps their commissions, forces them to work to pay off 'debts', court told

G2
Coat

typo in title

"Wage rows in limbo as IT giant drags heels over arbitrartion"

s/arbitrartion/arbitration/g

1
0

Must go faster, must go faster! Oracle lobs Java EE into GitHub, vows rapid Java SE releases

G2

Java... who?

Oracle's Java is dead to many developers since Oracle's lawyers decreed that even the Java APIs are copyrighted and that made many open source developers avoid it like the plague.

Even with a court decision to contradict Oracle, with such a minefield of a company, why risk it? You'll only be able to get all the justice you can afford - and this is quite expensive and impossible if you're not Google.

https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google,_Inc.

6
2

Forget Iran and North Korea. Now there's another uranium source

G2
Mushroom

sooo...

tl;dr version: they are, quite literally, a cosmic fart from a black hole.

(chose an icon to match)

0
0

If you love your email standards, SMTP your feet: 35 years later

G2

Re: user-whitelisting

quote:You don't even need a domain, just use plus-form addressing. /quote

unfortunately the plus-alias method used by @gmail.com addresses is also known to spammers (d'oh!) and they routinely discard +anything from gmail email addresses that they harvest.

this is why a wildcard mailbox is much more useful, because you can make it look like a regular email address without the need of such plus-aliasing tricks.

3
0
G2

Re: Penny mail

the forged address problem is easily solved by a strict DMARC policy that enforces DKIM + SPF.

It's been years since Google / Yahoo / Microsoft implemented support for these but each domain owner is responsible for configuring the DMARC protection for their domain. The defaults are to not enforce anything.

1
3
G2

Re: user-whitelisting

Multi-quotes and replies below:

quote:

And then get hit by a dictionary spam attack and get a few thousand spam crap in your mailbox. /quote

Google is expert at catching such dictionary attack spams. They never hit my inbox. I might get a few of them in the spam folder but once Google's servers figure it, it never even makes there - it helps them to train their spam filters. In addition to that, i have 1 TB of space allocated to the wildcard mailbox there. that can waste a loooooot of spammer time ... :D

.

quote:

Some time later those credentials were used to log onto another forum and that email address used to send me spam. /quote

there's a simple solution for that too: configure DKIM signing of all mails, set up SPF + a strict 100% DMARC reject policy that enforces DKIM+SPF. (this DMARC + DKIM + SPF authentication can also be configured on Google's servers too). Someone sending mails with fake 'from' addresses should not be possible if the domain is configured like this, they will hit a brick wall.

Google's standard response for such messages looks like:

550-5.7.1 Unauthenticated email from xyz is not accepted due to

550-5.7.1 domain's DMARC policy. Please contact administrator of xyz

550-5.7.1 domain if this was a legitimate mail. Please visit

550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about DMARC

550 5.7.1 initiative. gsmtp

After you set up DMARC you can then use a site like https://dmarcian-eu.com/ to help you visualize email traffic statistics from the DMARC reports. You can even see how many fake emails pretending to originate from your domain were received by the DMARC-compatible servers worldwide - google, yahoo/verizon/ microsoft, etc.. all major email systems will start sending you statistical data about email that pretends to be from your domain, including the ip address of the spam source.

DMARCIAN is quite an interesting tool in analysing email spoofs reported via DMARC... in the last 30 days over 95% of the email spoofs that pretend to come from my domains (but are obviously not signed with DKIM and not a SPF match) are from India and Vietnam. Surprisingly, Iran is on 3rd place as a spoofing email spam source.

For ISPs, top spammers in my statistics are from *.airtelbroadband.in followed closely by *.vnpt.vn (India and Vietnam again - not a surprise there)

quote:The new system limits you to 100 email addresses - and a new one has to be pre-registered before you can send an email with it./quote

who says you have to SEND from ALL those email addresses? most of them are intended to be receive-only anyway.

3
0
G2

user-whitelisting

here's a simpler idea:

1) have an entire (sub)domain for yourself and set up a wildcard mailbox.

2) make up a dedicated email address for anything that asks for you to provide an email address. Design the address JUST for that service and do not reuse it. Even if it's a printed form to fill in on paper, you can create an one-time-use email address on the spot just with a pen and paper.

3) if that particular email address starts to receive spam it means that whoever you assigned that address has leaked it.

since the (sub)domain is configured as a wildcard mailbox all emails arrive in a single central mailbox where a) it's first processed to clean obvious spam by the default server rules, and b) you can set up filters for each destination email "to:" address and apply labels or sort into folders for that topic (in your example, for mails from the bank)

and bonus: it's all already possible.

If you host that (sub)domain on Google's G Suite (formerly known as Google Apps) you can configure the Gmail service with a wildcard mailbox and do all of the above. It might work on other services too.

Edit: P.S. wildcard mailboxes are different that Google's standard plus-alias addresses. Those still have an account name tag. In this case, wildcard really means wildcard, *@hosted.sub.domain.com

8
0

How can you kill that which will not die? Windows XP is back (sorta... OK, not really)

G2

Re: april 2019 and the pink elephant in the room that nobody wants to talk about.

well, ok... a bluescreen might be too much, but a mandatory nag message at every logon that covers half the screen and you have to wait at least 30 seconds for it to disappear would still be useful to make the beancounters see the light and dump XP/Office 2003.

1
5
G2

Re: april 2019 and the pink elephant in the room that nobody wants to talk about.

you're thinking POS ATMs or such... i'm talking about regular XP desktop with POS patches - different sides of the same fish. They even have Office 2003 installed and some of them even have Firefox + LibreOffice and are used for internet access.

5
0
G2

Re: april 2019 and the pink elephant in the room that nobody wants to talk about.

in my case "management" = central government + prime minister above them. They don't move their political asses unless there's a proper fire under them.

edit: oh, and accounting practices say that we are forbidden to trash ANY licenses... but they don't think of licenses in terms of software, more like IP rights.

4
0
G2

https://www.catalog.update.microsoft.com/Search.aspx?q=xp%20service%20pack%202

9
0
G2
Mushroom

april 2019 and the pink elephant in the room that nobody wants to talk about.

XP won't die until april 2019 when POSREADY support ends.

at work we're still using XP on 80% of the systems because the beancounters see there is still a way to get updates for it, even without support, and won't accept to scrap it out of the asset inventory while it can still be updated.

Microsoft needs to put their boot down HARD on the OS detection and trash this frankenstein zombie OS, even if they have to sneak in every update a FORCED bluescreen when the POSREADY registry patch is detected on a regular XP OS. THAT will light the proper fire under the beancounters' asses.

(selected a fire icon to match)

3
31

Google goes home to Cali to overturn Canada's worldwide search result ban

G2
Terminator

Re: So much for the AI concept

P.S. and yes, that sounds much like the Borg Collective. Dumb drones coordinated by a central, distributed hive mind.

http://memory-alpha.wikia.com/wiki/Borg_Collective

(using Terminator icon because I couldn't find a Borg icon)

1
0
G2

Re: So much for the AI concept

well, tbh they are when considered individually as JUST machines.

Google runs as a distributed computing cloud, so if you run a program on their system, a particular program instance might start executing on servers in New York but it might get moved mid-execution and end up executing most of the time on servers in London or Frankfurt.

1
0

Fan of FBI cosplay? Enjoy freaking out your neighbors? Have we got the eBay auction for you

G2
Black Helicopters

oh

quote from the auction description "still has Surveillance tapes inside with notebooks"

oh oh... that sounds like it might be evidence (even if misplaced) and still FBI property. I don't think they would knowingly sell their tapes and notebooks, unless they are unused or not usable anymore.

1
2

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

G2
Coat

.

Pot, meet kettle.

23
1

Blue Cross? Blue crass: Health insurer thought it would be a great idea to mail plans on USB sticks

G2

Re: USB Killer?

TheRegister covered it too:

https://www.theregister.co.uk/2016/12/02/hackers_waste_xbox_one_ps4_macbook_pixel_with_usb_zapper/

6
0

'My dream job at Oracle left me homeless!' – A techie's relocation horror tale

G2
Joke

Re: Fairs Fair

soylent people?

2
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018