* Posts by G2

308 publicly visible posts • joined 21 Jun 2007

Page:

Microsoft embraces its inner penguin as sudo sneaks into Windows 11

G2

Sysinternals PsExec ?

Windows has had a 'sudo' command for years now, it's part of the Sysinternals Suite and is called psexec (or psexec64 - for x64 systems).

This new sudo probably means Microsoft is starting now to integrate (or...*cough* embrace, extend, extinguish?) the Sysinternals functions / tools into the baseline windows installation?

i've been using psexec quite nicely to run cmd.exe as SYSTEM account for years: "psexec64 -sdi cmd.exe" and up pops a terminal window that can run anything with superuser rights (SYSTEM).

It can also run things as other user accounts when appropriate parameters are provided.

Scripted shortcut caused double-click disaster of sysadmin's own making

G2
Facepalm

re: cd /tmp & rm -rf *

that double & is going to bite you and some day you will make a typo... happened to me a couple of times but fortunately i was not doing rm -rf but 'yum clean all & yum upgrade'

... and had a few moments of confusion wondering why was yum seemingly waiting on... itself until i realized i had typed a single & instead of &&

Core blimey, Intel's answer to AMD and Ampere's cloudy chips has 288 of them

G2
Linux

Re: Yes, improved threading is needed...

Microsoft and Oracle are probably already rubbing their hands with glee at the news of the cow patty's core count since their softwares are licensed by the core...

if one would try to run MS Windows on it, a single 288-core CPU will need a whopping total of 18 full 16-core licenses for Windows Server.

18 Windows licenses for a single CPU. ?!!!! That will be a pretty hefty cash cow.

UK government to set deadline for removal of Chinese surveillance cams

G2
Facepalm

the actual quote from that proposed amendment does not quite say that:

quote:

(9) Subject to subsection (10), not later than 30 days after the date of handover of each subcontracted works at least 50% of the withheld retention monies must be released, and not later than the date which is 12 months from the date of handover of each subcontracted works the balance of the retention monies must be released.

/quote

this just shifts the delay point in the event chain - thus, if they delay signing the paperwork for the "handover" then they can delay payments.

That old box of tech junk you should probably throw out saves a warehouse

G2

Re: Hmmm

+1

my Mio MiVue J85 car dashboard camera is the same when it comes to the 5V power from the in-car lighter socket adapter.

If the voltage drops below ~4.8 volts the camera will either turn off suddenly or behave as if it crashes and reboots in an infinite loop - and it will do this even if it actually has an integrated lithium-ion battery, that one is so tiny that it does not really work when the voltage dips for more than a 1-2 seconds.

Such voltage dips are normal when the engine starts and many in-car power adapters are not designed for it (including the one shipped by default by Mio !!), and modern start&stop systems for cars mean the engine starts and stops every time a traffic light lasts more than a few seconds ...

...thus with a bad adapter (and the default included one too) the camera crashed and reboots every time the traffic light turns green (and engine starts).

(i fixed this by getting a different adapter that can also do USB-C power delivery at 3Amp 5/ 12 / 24volts - 24v is used on many trucks)

SpaceX's second attempt at orbital Starship launch ends in fireball

G2

Re: Why did it take three loops to find the launch abort button?

if you watch the fuel gauges on the telemetrey band at the bottom of the SpaceX video you'll see that they waited with the button until at least one of the fuel tanks was empty... in this case the LOX tank was pretty much empty when they pressed the button.

(look at 48m 50s on the SpaceX stream, and watch the bottom left of the screen where they show fuel levels for the booster)

Slacker vendors' one-fix-a-year effort leaves 88% of Androids vulnerable

G2

Re: Motorola

8-years later update: Moto / Lenovo is still doing the same things: bait-and-switch promises of updates and then dumping users and devices under the proverbial bus.

https://www.youtube.com/watch?v=bbFJytgC5e8

Lenovo lied to users of Motorola One about getting Android 12 for a year

(courtesy of Louis Rossmann)

John Deere signs right to repair agreement with US ag lobbyists

G2
Trollface

New York-style repair?

i think they will probably do the whole New York-style right-to-repair all over again... as in they will only provide assemblies of parts and not component-level parts for repair.

cue John Deere repair dealer technician, in a booming voice:

your tractor is broken?

you sir are lucky, we can sell you one off-the-shelf assembly of parts especially for that tractor.

yes, you heard that right, one assembly - it just needs the wheels - you just repair the old tractor by transferring the wheels from the old one to the new assembly.

/sarcasm

Patch Tuesday update is causing some Windows 10 systems to blue screen

G2

Re: It's nearly 2023 and still ...

you cannot test ALL 3rd party softtware and drivers ever made.

none of my windows systems have a "hidparse.sys" file directly under System32, they are under 'System32\drivers\'

If some systems have it there it probably was placed there by a third party software... (or that O.S. is so old that is missing a ton of updates?)

G2
Black Helicopters

but how do they even have a hidparse.sys file directly under System32?

i checked a few computers around me...

... ZERO of them have a file located at C:\Windows\System32\hidparse.sys

and all of them have the normal C:\Windows\System32\drivers\hidparse.sys

from what i can tell if you have a hidparse.sys directly under System32 that means it's an older version, likely planted there on purpose by a piece of malware so that they can exploit vulnerabilities present in those versions of the file / operating systems.

The steps indicated by Microsoft to xcopy the newest version from the drivers folder back to overwrite the old one in System32 mean the system remains functional but the attack/HID problem is most likely prevented from then on. (If you just delete the old one you risk getting blue screens)

This story about hidparse.sys starts to smell like NSA's EternalBlue + DoublePulsar all over again, especially since it involves HID parsing.

Maybe they were trying to hide USB keyboard/mouse/etc. interceptors/injectors disguised as extension cables or hubs?

/(black helicopter icon, because NSA, of course)

Uber fined $14m for lying to get customers to ditch cabs

G2
Happy

Re: I really dislike UberEats

(previous poster here)... and i have to say that fortunately for me i'm not working in the delivery or transport business.

However, what i said above about the tickets is (unfortunately) true for many delivery services in Eastern Europe... they rely on the fact that we do not have (yet) fixed-location speeding cameras and what little traffic police presence there is, is relatively predictable and (usually) announced on Waze.

The Govt. already announced for next year the initial installation of some permanently fixed traffic cameras - but i do not expect it to make much of a difference at start.

G2
Boffin

Re: I really dislike UberEats

most of the current price increases are not (only) UberEats' fault but more because of the pandemic ... people started to order in much more while at the same time not visiting food places in-person.

Even if the pandemic restrictions have mostly relaxed now, many people have adapted to just ordering in instead of visiting in-person.

While before it was possible to (somewhat) subsidise a part of the costs of delivery from the proffits of the in-person side of business, once that side shrivelled up the companies started to realise the true cost of delivery: time spent, wages, fuel, vehicle costs and spare parts/maintenance.

Also, some will also cover speeding tickets just to meet that 30 (or 60) minutes pizza delivery time that many customers expect... those tickets will also increase the overall delivery costs.

A lot more deliveries to make compared to in-person food serving = a major increase in operational costs that has to be financed from somewhere.

Delivery costs to the end user are that "somewhere".

Crowds not allowed to leave Shanghai Disneyland without a negative COVID test

G2

if they did that they would not have their money from the admission fees and neither from whatever purchases those trapped inside have to make just to keep living. Have you seen their price for a bottle of water?

Modified version of Tor Browser spies on Chinese users

G2
Facepalm

Digital signature?

the original Tor browser has no digital signatures in the file properties either (when it is installed) and its files even have a fake timestamp of 01-01-2000.

Since they have practically "trained" their users not to bother with checking file properties for a signature on the main browser executable, it is no wonder they do as they were told and will not even bother checking installers either.

Letter to FCC: Why are US carriers locking handsets to networks?

G2

Re: Got screwed by Xfinity Mobile

quote: we were trying to put in another carrier's sim w/o changing the phone number.

/quote

oh.. you were trying to port an US number... to another country. Another continent even. (Europe)

is porting a number to an overseas network, in another country (thus different telecoms regulation authority) even possible?

edit: call forwarding is one thing... but it appears you tried to port the number instead of forwarding it.

FYI: BMW puts heated seats, other features behind paywall

G2

Re: making notes

of course... but this is basically the same support model that Samsung / Huawei / HTC / Sony / Lenovo / ASUS / etc... pretty much all connected electronics vendors are using, so it's nothing new.

Phones, laptops, motherboards, smart TVs, connected vehicles .... you name it, once their initial warranties are expired they become obsolete as far as the manufacturer is concerned and it's no longer their problem.

Once warranties end for a model / year... they no longer publish any updates at all and after another year or two, when you unbox a "new, old stock" phone (or other smart connected device), you can't even get to install the updates they have already published in the past - this is because they have now nuked the server instance that was tasked with serving updates for that year of launched models.

In 2015, my less-than-7-months old Moto phone was declared by them to be "no longer supported" despite the fact it was launched in the same year at the Mobile World Congress in Barcelona (early march 2015).

Planned obsolescence at its finest.

I had to root it and managed to install LineageOS on it... it still runs today but is stuck with LineageOS 17.1 (Android 10) latest version is from february 2022, quite a good stretch, for a device launched in 2015 and abandined by its manufacturer during the same year.

G2

Re: Dave at the garage can sort you out

the police won't have to plug anything... it's all done remotely via radio.

These days they can already check tachograph systems remotely, including driver cards and work schedules... but the communications protocol is actually designed for all vehicles (V2X) not just tachograph devices.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0799

G2
Trollface

Re: Support nightmare?

nope..support is really easy: each year model probably gets a year-specific server / virtual machine instance to keep connected services management at a predictible, uniform stable version and that also allows for easy termination of services when all that year's model vehicles are definitely out of warranty: just shut down the virtual machine.

They will likely only support it for the warranty period and will shut down the server instance that supports that year's model after all the vehicles of that year are out of warranty (3 or 5 years usually).

If they really have (literal) hot-seat subscribers for that year's model they will probably keep the virtual machines for that series running a bit longer, to milk the subscription fees, but as soon as the subscriber count drops below a "profitable" number they will announce it's no longer economically viable to provide those services and will terminate all remaining subscribers for that year / version.

San Francisco cops want real-time access to private security cameras for surveillance

G2

what exactly is the definition of "Historical video footage"?

they make a mess of purposes and apply different criteria to "live" vs "historical" video footage, without defining these terms.

what exactly is considered "historical video footage" under the new law?

are video images from one millisecond ago considered "historical" since they are already from the past?

How about from 1 second ago? 5 seconds ago? 1 minute ago? 5 minutes ago?

where is the cut-off mark? since they decided to apply different purposes/justifications for different categories of footage they should also define this threshold point.

Isaac Asimov published in 1956 a short story called "The Dead Past" about chronoscopy and it applies quite well to the live vs historical video footage issue.

https://en.wikipedia.org/wiki/The_Dead_Past

"Happy goldfish bowl to you, to me, to everyone [...]"

Soviet-era tech could change the geothermal industry

G2
Mushroom

what if ...

wait wait... so there's a beam that can drill 20 km down into the earth's crust+mantle?

how fast can it drill? what if instead of drilling into 20 km of the earth's crust+mantle we use it to drill into something much more thin...

... let's say 30 centimeters of steel.

how fast can it drill through 30cm of steel? and how small can the device get? how far from the object being drilled into can the beam emitter stay? can it be used from.. let's say, 100 meters away?

if it's reasonably small and can be mounted on a drilling rig for 20 km then i imagine it can probably be made a bit smaller when it's needed to operate on a material thickness much smaller than 20 km and from just 100 meters of distance...

.

.

if it's fast on 30 cm and reasonably portable then i can see an immediate, more practical use: steel plate drilling... specifically, tank armour drilling...

this could become the ultimate anti-tank weapon... especially if it ends up deployed against soviet-type tanks.. imagine the irony.

..

.

edit: oh.. or the opposite of shrinking the device: increase its mass and operating range and mount it on a satellite. It can become the ultimate space-based weapon - a tank-melting beam dropped down from space.

Indian government issues confidential infosec guidance to staff – who leak it

G2

Re: bans the use of 3rd party ntp servers

not to mention DNS servers... not even root-servers.org /.net are allowed to be used as the root servers are considered a "3-rd party"... and also that national DNS server is mandatory because it allows easier man-in-the-middle redirection and/or interception.

Tencent completes 50 million core migration of its own apps to its own clouds

G2
Facepalm

what could possibly go wrong?

I can't shake a feeling of déjà vu... all those eggs, in one giant basket.

That's one giant omelette just waiting to happen.

Next major update of Windows 11 prepares for launch

G2

Re: Win11 22H2 hardware requirements will be relaxed

update: Microsoft took back its toys...

https://www.theregister.com/2022/06/09/windows_11_requirements/

apparently Microsoft accidentally turned off hardware requirements for Windows 11... ROFL.

Windows Update now says again that my computer is not compatible with Win11.

G2

Re: Win11 22H2 hardware requirements will be relaxed

FYI from what i noticed over the years, intel uses the first digit of the series as a yearly counter and when they had 4 digits for model numbers it corresponds roughly to the year of the general commercial availability. (not actual launch)

Just add "2010" as a starting point to that number and you get a general manufacturing year.

i5-8250 ... the 8 + 2010 = 2018 (it actually launched in 2017, but sold a lot of units in 2018)

i5-3570 ... the 3 + 2010 = 2013 (launched by Intel in 2012... i bought it in 2013..)

the same general rule is still valid now when Intel uses 5 digits for CPU series/model numbers... but is slightly affected by the pandemic crazy sales / lack of stock.

i5-10600 ... the 10 +2010 = 2020 (launched 2020)

i5-12600 ... the 12 +2010 = 2022 (launched 2022... this year)

q.e.d.

G2
Boffin

Win11 22H2 hardware requirements will be relaxed

i think that those hardware requirements are relaxed by a lot for Win11 22H2...

why? my CPU here is an Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz with 16GB of RAM and Windows 10 x64 booting in legacy boot mode - my PC motherboard does not quite work right in UEFI Boot mode...

... and Windows Update has started this week to tell me that Microsoft has determined that my computer is compatible to migrate to Win11 22H2 ... WTF?

Last week it was still telling me that my computer is not compatible with Win11... and now it is?

note: i'm logged in with a Microsoft Account set for Windows insider - Release preview updates access.

New York to get first right-to-repair law for electronics

G2
Mushroom

Re: A start

it's simple: This is not a right-to-repair bill, it was hijacked to become a deny-any-repair bill.

Please read the actual version of the law that was passed (A7006B) and not the one linked by TheRegister ( S4104 )

...S4104 is the initially proposed version, before it was nuked by ammendment "B" - yes.. the "B" version is important here.

https://www.nysenate.gov/legislation/bills/2021/A7006/amendment/b

This new version "B" law is what was actually voted by the Assembly and it excludes practically all electronic devices - they use the language "INCLUDING, BUT NOT LIMITED TO" when listing appliances (copy pasted text there, my caps lock is not stuck)

And under federal US law an "appliance" can be practically ANY device used in a home.

Laptops? LED TVs? they can be perfectly described as "appliances" because they fit the federal definition of what an "appliance" is:

24 CFR § 3280.802 - Definitions

(i) Appliance means utilization equipment, generally other than industrial, normally built in standardized sizes or types, which is installed or connected as a unit to perform one or more functions [...]

Google keeps legacy G Suite alive and free for personal use

G2
Facepalm

Re: Not if you registered to upgrade...

i had also "upgraded" to Starter (in the early days of this month) and even foolishly decided to use the "pay early" option, to cover at least a year of service for my account, just to make sure that my domain keeps working

(all my home utility bills are tied to dedicated email addresses in this domain, they are collected via a catch-all mail routing rule in a single account mailbox)

i had to contact Google Support for going back to GSuite legacy and for getting a refund for that "pay early" rushed payment... but they didn't actually do anything yet for me :(

They just told me i was added to a queue for GSuite legacy rollback and that i had to wait for them to get back to me and with that refund.

I guess that means they are now flooded with requests for rollback from users... we'll have to wait and see...

BOFH: The Geek's Countergambit – outwitted at an electronics store

G2
Mushroom

sooo, is this story about Newegg's warranty service?

interesting... this almost looks like Newegg's scammy warranty service policy is now featured in a BOFH episode...

i'm impressed... Simon managed to have this story published at around the same time that Gamers Nexus posted their episode 2 video about Newegg's malicious RMA process and fraud - they intentionally sold a rejected RMA product as a functional product - even if it has a damn sticker on it from the manufacturer that says it has bent CPU pins...

https://www.youtube.com/watch?v=CL-eB_Bv5Ik

Canon: Chip supplies are so bad that our ink cartridges will look as though they're fakes

G2
Devil

Canon Europe official Europe-wide page to complement the German one.

fyi:

Canon has an official Englsh-language page to complement the German one... there's no need to mess with the German tentacle (unless you're into tentacle anime... in which case.... we need pics :p )

https://www.canon-europe.com/support/business-product-support/interim-toner/

Windows takes a breather in London's Spitalfields

G2

that command prompt is stuck in text selection mode.

that's a touch screen large display (see where it says "touch to explore"?) - looking at the photo it's obvious that somebody was using it when the CMD window popped up and the "click" action of the touch was intercepted by the command prompt.

... and since clicking in a cmd prompt usually PAUSES everything indefinitely because it switches to TEXT SELECT mode... thus it got stuck in text selection mode - notice the "Select" keyword in the title bar and the white rectangular selection cursor in the command prompt window - that's where the window intercepted the touch click action of the user.

(To get out of text selection mode you usually have to press either ESC or enter. Clicking on X in the corner to close the window and terminate the script would also work)

James Webb Telescope launch delayed again, this time by weather

G2
Mushroom

unusually bright star?

"appearance of an unusually bright star"... hmm, would that be the [second stage of the] rocket blowing up?

As famous expressions go, a rapid unscheduled disassembly tends to be unusually bright.

Intel audio drivers give Windows 11 the blues and Microsoft Installer borked following security update

G2
Facepalm

This article is a bit incomplete (and i could say somewhat misleading) because Intel is in the process of transitioning driver numbers from 4 digits to 7 digits...

Intel Graphics drivers versions (which also include intel audio for HDMI audio) have already rolled over to the new numbering scheme, and in their case the full last seven digits must be taken into account, not just the last 4 digits. (those are just the build number)

Last week i manually installed Graphics driver 30.0.101.1069 and Windows Update immediately "updated" it to 27.20.100.9664 happily ignoring that Intel's driver numbering scheme rolled over 9999 ... so i had to rollback from 9664 to 1069.

For reference here is Intel's official guide to driver version numbering, with a quote from Intel:

The driver version numbering has rolled over from 100.9999 to 101.1069. This requires the use of all 7-digits instead of 4-digits for identifying the driver build number.

https://www.intel.co.uk/content/www/uk/en/support/articles/000005654/graphics.html

Google Groups kills RSS support without notice

G2
Trollface

article quotes taxes = so long RSS ...

since Google killed earlier this year the possibility to embed a group in an IFRAME on other sites, for me RSS becoming unavailable is not a big surprise either.

https://support.google.com/a/answer/9687393#deprecated

Also, since some countries start to get crazy about applying taxes for every article quote or piece of news ... killing RSS feeds it's probably another logical measure taken to make publisher's lives more difficult?

Feeds from other sites into Google News / search snippets will most likely become the next victim scheduled to be eliminated.

let me rephrase that... it's probably another measure taken to satisfy beancounters. (yeah, definitely :p). Articles and/or content reuse can now be easier accounted manually, since it's no longer automated via RSS. :) (*grin*)

https://www.theregister.com/2021/07/14/google_fine_france/

GitHub's npm gave away a package name while it was in use, causing rethink

G2

Re: domain name system

yes, but even with hierarchies the basic original questions still remain: is the email point of contact for the hierarchy management still valid? When was the last validation done?

Thus the need for periodic email revalidations still remains, even if names are not deactivated/reused, it's useful to know that someone is actively managing things and that that hierarchy is not just running on inertia without any management.

G2

domain name system

if package namespace maintenance is such a clusterf**k then they should adopt maintenance methods somewhat similar to domain names because that's the very reason they were developed: we need yearly "renewals" - even if it's free they should make them validate each name via email validation links every year.

If one of the yearly validations is not completed even after an entire year passed then the name should become inactive and not usable by anyone, but not released - it should remain in quarantine for yet another year - only the original owner should be able to 'revive' it from quarantine during this time.

Only after these 2 years (1 waiting for re-validation and 1 quarantine) they should release the name for reuse.

China sets goal of running single-stack IPv6 network by 2030, orders upgrade blitz

G2
Linux

re: address randomisation

@richardcox13

IPv6 address randomisation is actually a thing too, look up RFC 8981, 4941 and 3041. Randomised MACs have their purpose, randomised IPv6 addresses have a slightly different purpose.

https://datatracker.ietf.org/doc/html/rfc8981

such an address

- does not depend on the device using a randomised MAC address or not.

- has been supported by the Linux kernel for quite some time.

https://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch06s05.html

Russia's ISS Multipurpose Laboratory Module launches after years sitting on a shelf, immediately runs into issues

G2
Devil

"Nauka" = "neukъ" ?

in many eastern-european languages that have words with proto-slavic etymological roots in the term "neukъ" the adopted word usually has some meaning of "ignorant, uneducated, unschooled"

e.g.

in Bulgarian неук (neuk), Macedonian неук (neuk, “ignorant”), Serbo-Croatian neuk (“ignorant”), Serbo-Croatian nieuk (“dunce”).

or in Romanian: năuc (m or n) (feminine singular năucă, masculine plural năuci, feminine and neuter plural năuce) "disoriented", "confused", "bewildered"

So, i think we have the wrong translation for "Nauka" ... instead of "science" it should be "disoriented". It's a very accurate description in this case.

https://en.wiktionary.org/wiki/%D0%BD%D0%B5%D1%83%D0%BA

Windows 10 to hang on for five more years with 21H2 update

G2
WTF?

404 error - windows edition not found

that Windows 10 2019 lifecycle link ends up in a 404 error page

https://docs.microsoft.com/en-us/lifecycle/products/windows-10-2019-ltsc

.

at the moment, the link that's working for me appears to be:

https://docs.microsoft.com/en-us/lifecycle/products/windows-10-ltsc-2019

digging into the Wayback Machine shows that MS renamed the OS at the end of last week, from "Windows 10 2019 LTSC" to "Windows 10 LTSC 2019" - and thus we got the new webpage address.

Twitter U-turns after conferring society's highest honor – a blue check mark – on very obvious bot accounts

G2
Happy

Re: Re: World Bollard Association

you forgot the Dalek bollards and their extermination guns :)

Mark it in your diaries: 14 October 2025 is the end of Windows 10

G2
Mushroom

MS will probably nuke any x86 code too

given the history MS has with x86 builds of Win10 installation media, my guess of a major feature of the new OS that is coming is that it will be exclusive for 64-bit code and will drop all support for even running x86 binaries, not even x86 .Net Framework stuffs...

(but hopefully it will allow it in a Hyper-V virtual machine...)

BP Chargemaster's Pulse rebrand let crims send IcedID banking trojan from formerly legit mailboxes

G2
WTF?

where did they get list of targets from?

domain hijacking aside... the targets seem awfully precisely picked.

How did the crims get their mitts on the LIST OF TARGETS / customers to send their stuff to?

that's a sign that there's a biger data leak behind and that the entire company's customer database might have been compromised, with potential GDPR / DPA 2018 implications, complete with associated data protection fines from the Information Commissioner's Office

(That unattended mail server seems just a quickly make up reason to cover the database leak, no proper company would abandon its core IT assets like that.)

Microsoft promises end-to-end encrypted Teams calls for some, invites you to go passwordless with Azure AD

G2
Mushroom

not for on-premises-only Active Directory... BOOOOOOOO :(

booooo....GTFO, MS.

"generally available" does NOT mean it's also available for on-premises Windows Servers who just want to deploy FIDO2 hardware keys for authentication in regular Active Directory systems, to get rid of passwords too.

If it has to be Azure-enabled... that means additional $$$$$, because Azure authentication management for hybrid Azure AD is not included with an on-prem Windows Server Standard license.

Azure Active Directory is a different kettle of fish than regular Active Directory.

Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all users

G2

obvious words

"obvious words followed by 888"? Why hide the crap under such a mellow phrase?

"admin888" is the default admin password for a LOT of Chinese-made IPTV stuff, including Huawei / Hikvision / Dahua NVRs and cameras.

It's not something specific to the nursery cams, they just re-packaged the standard stuff that everyone ships from China.

Some Chinese-made devices don't even allow you to change the admin password... the "change password" option is simply missing on those.

e.g. i saw this thing on some Mio MiVue WiFi dashcams... they don't allow changing the WiFi password for the dashcam ("12345678" - wifi is used for admin access to the camera)

Also, their app for windows PCs only runs with administrative rights. It also downloads and executes software from Mio's website without using https or even at least digitally signed executables.

It basically runs unsigned remote code directly, without any origin authentication for the executables.

All you have to do is spoof and change on-the-fly anything coming from http://download.mio.com/dvr/pctool/tw/version.ini

(yep, China doesn't do https - just in case they need to deliver remote execution state-controlled shitware)

... and if you feed it a high enough version number so that it trips the automatic update mechanism, their app will execute with administrative rights any executable that you feed it via that INI file, without even checking for a digital signature.

Samsung floats autonomous ships as ready to sail in 2022

G2

Re: How secure is GPS ?

Inertial navgation is not really usable for long distances when you're on a ship that's constantly rocked by waves, pushed around by winds or even dragged by sea currents.

It works better for submarines in immersion because they only have to deal with underwater currents, which are relatively constant.

What's left for a civilian ship is GPS or automated celestial navigation, both can be unreliable.

Linux maintainer says long-term support for 5.10 will stay at two years unless biz world steps up and actually uses it

G2
Linux

support life?

it's actually not just about kernel support life and more about support contracts for warranties and publishing updates for devices.

... or more exactly, about raking in fees for support and at the same time NOT bothering to publish updates for devices in warranty (or post warranty) while claiming that a device X is still running "current" firmware because... see.. it's still running an actively supported kernel. (*cough* f.u. TP Link *cough*)

This is why they like the long 6-year support cycles, they get to claim that their device X is "current" when running a particular kernel version from 3 years ago that's still "supported" and that's proof that they "care" about updates and support contracts. Managers signing on those contracts don't usually check the minor versions or patch numbers, they just check the version numbers that match their contracts.

The moment the kernel becomes obsolete, it will become much easier to reveal such scams in support contracts and the lack of support / firmware updates, by simply pointing at the kernel version.

If it were up to me i would even trim the LTS tails of all those 6-years versions down to 2-years.

You would expect a qualified electrician to wire a building to spec, right? Trust... but verify

G2

China's 220V vs Europe's 230V

China still uses 220V a.c. as the nominal mains voltage - this is why a lot of e-crap that's designed only for the Chinese internal market - thus only for the 220V standard, with very tight voltage variation tolerance, will end up in smoke quite faster than intended when used in an European power socket. (where 'very tight' means they build the devices for just +/- 5% voltage tolerance)

This is usually (ab)used by the tat bazaar online sellers to not honour the warranty since it was technically a fault created by the end user - using an appliance rated only for 220V on an electrical network with different nominal voltage levels can be grounds for immediate termination of warranties.

BOFH: Are you a druid? Legally, you have to tell me if you're a druid

G2
Alien

armed robots...

sooo... they pulled a Dalek from the basement cold storage, armed it with (almost) weapons-grade devices and chemicals and set it loose in the building..

i suppose it's "normal" that it started to do the traditional Dalek extermination thing?

Crooks social-engineer GoDaddy staff into handing over control of crypto-biz domain names

G2

these days you can even leave them out of the loop and register domains directly through Cloudflare.

https://www.cloudflare.com/en-gb/products/registrar/

Yorkshire authority seeks £3m 'modern, cloud-based, future-proof ERP solution' in as few products as possible

G2
Devil

future proof?

future proof... ERP? i suggest they try hieroglyphs instead on anything from the computer age.

we have accounting records that have lasted since the time of the pharaohs, in hieroglyph form, engraved on stones.

the same cannot be said about modern information storage methods... most computers today can't even read a 3,25 inch floppy disk - usually because it was accidentally erased when stored behind the loudspeakers in the archive room.

.uk registry operator Nominet responds to renewed criticism – by silencing its critics

G2
Trollface

"Robust conversations"?

quote: “Robust multi-stakeholder discussions and debates are a critical part of what we do and member voices are key.”

translation: https://www.youtube.com/watch?v=zyesJQ3lsto

translation presented by Louis Rossmann

Page: