* Posts by ammabamma

96 posts • joined 1 Mar 2013

Page:

Linux reaches the big five (point) oh

ammabamma
Windows

Re: Par for the course

> I want meaningful version numbers!

Certainly. Consider a version number of the form A.B.C.D

A: Increment this number when you release an update that intentionally breaks existing workflows.

B: Increment this number on a slow day.

C: Increment this number when you release an update that does not break any existing workflows.

D. Increment this number when you release a hotfix for an update that unintentionally breaks existing workflows. (Optional: add a "_rc2" suffix if you can't be arsed to test the hotfix before releasing)

Plants in SPAAAAAAACE are good for you

ammabamma
Happy

Plants 'n things

> Now, a paper published in the journal Open Agriculture shows that “people-plant interactions” are therapeutic.

The U.S. Amundsen-Scott South Pole Station has a "grow room" off the hydroponic garden for this purpose. Gives people the luxury of greenery and humid warmth to enjoy.

http://www.southpolestation.com/0405/05photos6.html

SpaceX releases Pythonesque video of rocket failures

ammabamma
Mushroom

Elon Musk's Flying Circususus

They're missing the bit at the end with the *PARP!* and the big foot coming down to stomp the rocket on Of Course I Still Love You...

Hackers can turn web-connected car washes into horrible death traps

ammabamma
Paris Hilton

What is this? I don't even...

Somebody mind telling me why an industrial control system needs a built-in FaceBook, Youtube, and LinkedIn app?

2017: The FBI alerts parents to dangers of Internet of Sh*t toys

ammabamma
Facepalm

An important thing to remember with Internet of Things:

The "S" in IoT stands for "Security".

I still haven't found what I'm malloc()ing for: U2 tops poll of music today's devs code to

ammabamma
Happy

Bunch of metalheads at Chez Ammabamma

My daughter and I both like to listen to metal-type music when we hack up some silly little Arduino/Raspberry Pi project together.

I've introduced her to the "classics": Iron Maiden, Judas Priest, Metallica, Motörhead, and U.D.O.. She's shown me Avatar, Battlebeast, Sabaton, and Volbeat. There's nary a Taylor Swift or Katie Perry n sight (or in hearing) here!

OLE-y hell. Bug in MSFT Word allows total PC p0wnage

ammabamma
Joke

Re: Security is Job One at Microsoft

> Security is Job One at Microsoft

Job #1? Does this mean they are taking the piss? They've certainly done a bang-up job depositing number twos all over my Win10 VM...

Reg now behind invisible HTML5 Bitcoin paywall

ammabamma
Alien

Oh oh.

Javascript you say?

I heard from a friend (of a friend...) that one of the Shadow Equation Broker Group's leaked attack tools was a dynamic reverse redirect rewrite router written entirely in Javascript and embedded in the new SHA-256 certificates. Supposedly it silently redirects your browser to a harmless looking "Rickroll" video prank page. The music video has a special carrier signal embedded in ultrasonic and infrasonic frequencies that hack any IoT devices within speaker range to mine (?i:bit|scrip|doge|\w+)coins to crowd fund the Patreon of the NWO's Lizard chemist research to develop a a fair-trade, carbon neutral chemtrail chemical

US military drone goes AWOL, ends up crashing into tree 623 miles away

ammabamma
Joke

El Reg commentard sees the problem, no need for a $$$BILLION review

> Instead, the $1.5m drone pulled a sharp right turn and headed off into New Mexico

> pulled a sharp right turn

> sharp right turn

> right turn

The drone should have taken a left turn at Albuquerque...

You're taking the p... Linux encryption app Cryptkeeper has universal password: 'p'

ammabamma
Go

Re: Assuming makes an ass out of you and some guy named 'Ming'

> aaaaand ship..

Somewhere in the version history I imagine something like

Commit a1aa5eac-7dbd-4ff2-888e-9b9c619589fb

Temporary workaround for faulty '-S' switch in encfs.

TODO: remove workaround once encfs is updated

And as we know, nothing is more permanent than a temporary fix.

ammabamma
Facepalm

Assuming makes an ass out of you and some guy named 'Ming'

> Previously, encfs was bugged and didn't quite do this. A bugfix corrected its operation to match its documentation – which made it incompatible with Cryptkeeper's assumptions.

Seriously? The fact that there was a mismatch between the documentation and the behaviour of encfs didn't raise a flag to the Cryptkeeper dev(s)? Did they figure "this isn't a bug, its an undocumented feature"?

Crypto is hard...

Apple, Mozilla kill API to deplete W3C battery-snitching standard

ammabamma
Alert

Oi! Listen up web developers!

Better grab a seat; I'm about to suggest an idea so revolutionary that it will blow your minds:

Design your fscking websites decrufted and "low-power friendly" from the start

Novel, yes?

You know you have problems when a standards body is trying to work around problems caused by your bloat.

Shadow Broker hacking group auctions off claimed NSA online spy tools

ammabamma
Childcatcher

Genuine Equation Group boot sale! Totally honest, fell off the back of a USB stick and all...

> Looks like a random collection of files, grouped under names that were gathered from Snowden documents.

Hell, I give you all that and more for 1/1000 of the price! In fact, give me an additional 100 quid and I will even throw in a complete codebook that will allow you to decode AManFromMars' posts!

---

#!/bin/bash

while IFS='' read -r line || [[ -n "$line" ]]; do

size=$(( (RANDOM % 128) + 64 ))

dd bs=${size}M count=1 if=/dev/random | \

base64 -w 64 > ${line}.txt

done < Equation_Tool_List.txt

---

Decryption of the files is Left As Exercise For The Reader™

Windows 10 grabs 22 per cent desktop market share in a year

ammabamma
Mushroom

UNIX: 1,702

Is that you Daryl, checking the status of your case?

Icon, 'cause that is what's needed to kill SCO off once and for all. =>

...It's the only way to be sure

Free Windows 10 upgrade: Time is running out – should you do it?

ammabamma
Thumb Up

Re: Free Upgrade?

> [singing] He gives the kids free samples, because he knows full well, that today's young innocent faces, are tomorrow's clientèle [/singing]

Oh! Oh! Can I join in the sing-along? How about some Masochism Windows Update Tango?

[singing]Bash in my brain, and make me scream with pain

Then kick me once again

And say we'll never part

I know too well, I'm underneath your spell

So darling if you smell something burning it's my heart!

Take your cigarette from its holder

And burn your initials in my shoulder

Fracture my spine

And swear that you're mine

As we dance to the Masochism Windows Update Tango![/singing]

400 million Foxit users need to catch up with patched-up reader

ammabamma
Unhappy

Well shit...

The old February 2016 vintage is the last one that offered the nice "Classic Toolbar Mode" option instead of the hideous "Ribbon Mode".

I am not rabidly anti-ribbon—I have found a good ribbon can make tasks and actions more discoverable in certain situations—but Foxit's ribbon interface implementation is absolutely terrible; it takes 2x-3x the vertical screen real estate (took 2 screenshots and measured the heights in GIMP), and takes 2 extra clicks to get tasks done.

I feel now like "Buggered if I do upgrade" (loose valuable screen realestate and smooth work flow) and "Damned if I don't" (Old PDF reader is now vulnerable to all sorts of nasties).

Does any fellow commentard have and suggestions/recommendations for alternate PDF readers for Windows? Ideally something with "View PDF Page as Text" and measurement tools? (Two features I make extensive use of in Foxit)...

Russian government hackers spent a year in our servers, admits DNC

ammabamma
Facepalm

Careful what you wish, you may regret it! Careful waht you wish, you just might get it!

I don't think this was what the electorate had in mind when they said they wanted "more openness and transparency" from the government...

Lexus cars suffer Purple Screen of Death – code bug turns the air blue

ammabamma
Angel

Needs more colours

> Lexus cars suffer Purple Screen of Death – code bug turns the air blue.

Consumers see red after yellow company pushes green update to keep balances in the black. Golden opportunity for lawyers...

Swiss try to wind up Apple with $25k dumb-watch

ammabamma
Boffin

Peacock status bracelets for people of every stripe and inclination

Forget those dainty little things. How about something with an unmistakable weight and presence no one will be able to ignore?

I want one of these!

55mm x 20mm, 60gm hunk of anodized aircraft aluminium + nixie tubes

Happy 2016, and here's the year's first ransomware story

ammabamma
Terminator

Re: ALL YOUR PERSONAL FILES HAS BEEN ENCRYPTED.

> Sad, I used to be impressed by these losers' ability,

Well I'm impressed. I'm so impressed I wish to impress my impressions with my impressive masonry maul upon their unmentionables...

This is (one of the myriad of reasons) why we can't have nice things.

Forget anonymity, we can remember you wholesale with machine intel, hackers warned

ammabamma
Devil

Wrong lesson learned

So what Messr Aylin is saying is that when I write my nefarious program of dastardlyness, I should run it through a source filter first to emulate someone else's coding idiosyncrasies (like 1980s_coder's lack of indentation) or less maliciously, run it through a source minifier?

Hmmm...

GPS, you've gone too far this time

ammabamma
Boffin

It's official!

We now have definitive proof that Science has indeed gone too far!

Ruin your co-developers' life with Mimic, the Unicode substitution tool

ammabamma
Trollface

Abusing unicode text is fun!

˙"ʞɹoʍ ɹno pɐǝɹ oʇ buıןıǝɔ ǝɥʇ oʇ sɹıɐɥɔ ɹıǝɥʇ dɐɹʇs oʇ ǝʌɐɥ ɹǝbuoן ou ןןıʍ ʎɥɔɹɐuoɯ ǝɥʇ ɟo ʎuuɐɹʎʇ pǝʇsıɟ-uoɹı ǝɥʇ ɹǝpun ןןıʇs suısnoɔ uɐǝpodıʇuɐ ɹood ɹno" ʇɐɥʇ os suı-ʞɔǝɥɔ ʇsɹıɟ ןıɹdɐ ɹıǝɥʇ ɟo ǝuo uı sıɥʇ ǝʞıן buıɥʇǝɯos pıp ɐıןɐɹʇsnɐ uı ɯɐǝʇ ʇuǝɯdoןǝʌǝp ɹno 'ǝʇou snoıɔıןɐɯ ssǝן ʇɐɥʍǝɯos ɐ uo

Great mischief can also be had with embedding bi-directional text marks in "normal" text

Radio wave gun zaps drones out of the sky – and it's perfectly legal*

ammabamma
Facepalm

Re: Hmmm... I smell an Instructables...

> You can get a better one from TpLink in these days - one that fits neatly in the overall weapon.

That certainly looks like an interesting piece of kit to tinker with. I must check my current "shiny toys" budget.

Not too sure about the dress in the link though. If I got that, people'd run screaming for the eye-bleach...

ammabamma
Happy

Re: Hmmm... I smell an Instructables...

> the holographic picatinny rail sight isn't *actually* required.

Oh no doubt! Although no self respecting death-ray should be without some sort of sight though. "Rule of Cool" and all that...

ammabamma
Pint

Hmmm... I smell an Instructables...

Airsoft FN-SCAR metal frame - ~$200USD with Amazon Prime

2.4 GHz yagi antenna - ~$15USD with Amazon Prime

Holographic picatinny rail sight - ~$30USD with Amazon Prime

Assorted electronics - $???USD

Weekend of father/son kit-bashing and tinkering - Priceless

Icon, 'cause building a RotM drone death-ray is thirsty work --->

My parents don't know I'm in SEO. They think I play piano in a brothel

ammabamma

Re: 99% of SEO is snake oil.

The other problem with SEO is that the 99% give the other 1% a bad name.

ammabamma
Gimp

Useless, bottom feeding gits, the lot of 'em

> My parents don't know I'm in SEO. They think I play piano in a brothel

I hate to break it to you Mr. Sharron, but maybe they tell the neighbours and their friends that you work in a brothel because it is less shameful...

Microsoft and Google ink SECRET TREATY to end all their patent wars

ammabamma
Big Brother

Microsoft was at war with Google: Microsoft had always been at war with Google

Microsoft was at war with Apple: Microsoft had always been at war with Apple. Microsoft was not after all at war with Google. Microsoft was at war with Apple. Google was an ally.

Malfunctioning Russian supply podule EXPLODES above Pacific

ammabamma
Joke

No space elevator yet, but...

> We need a space elevator for constant raising of supplies to space.

Maybe in this interim time, the Yanks can loan the Russians NASA's trampoline to help get supplies into orbit?

Amazon cloud threatens to SMASH the fundamental laws of PHYSICS

ammabamma
Boffin

Re: split -b10M –additional-suffix=.jpg

Jpeg?

Why stop there?

Why not split your files up into 2GiB chunks, gzip, and encrypt them, and store the whole lot in a private, ancillary "fiLe" chunk in little PNG image?

Extra bonus spite points if you store your music and film collections in copies of the RIAA's and MPAA's logos...

Dear departed Internet Explorer, how I will miss you ... NOT

ammabamma
Joke

I am actually looking forward to this new browser.

I will now be able to download my Windows browser of choice in standards compliant manner!

ammabamma
Gimp

Re: Oh ... Oh ...

ActiveX...

Ugh!

More rear entries than an all-male stick mag.

ammabamma
Go

Fun with ActiveDesktop

My co-workers and I took that "take a screen shot of the desktop and hide the icons" prank to a new level with ActiveDesktop and a spot of Javascript and DHTML.

Just try clicking on your desktop "icons" when they flee from your mouse!

ammabamma
Happy

Performance art code

How about installing TCP/IP on an old Macintosh SE/30 with System 6?

http://www.applefool.com/se30/

Virtual reality WHIPLASH CHAIR in shutdown scare

ammabamma
Facepalm

Re: Konix Multisystem "Power Chair" anyone?

For some reason I misread that company's name as Kronix. I thought to myself what would happen if those companies merged together: Kronix Whiplash

Now there's a name that will attract punters! (Or possibly legions of injury lawyers/sue-vultures)

US taxmen won't say WHY they're probing Microsoft. So Redmond is suing the IRS

ammabamma
Devil

Re: Microsoft and the IRS

> Never did two organizations so royally deserve eachother.

I have this vision now of IRS and Microsoft locked in ice, tearing into each other's throats and skulls like the chappies frozen together in the icy depths of Cocytus in Dante's Inferno...

Icon?

How about some Malebranche for the both of them? =>

BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?

ammabamma
Thumb Up

Re: And this is why you go with the old...

> Agreed on the trusty old HP printers. Built like tanks, easily replaceable wear parts, run forever.

You'll get my HP LaserJet 4 when you pry it out of my cold, dead hands!

ammabamma
Devil

Re: Dopp - PCL version

> Why have we never heard of a denial of paper protocol? Endless form feeds interspersed with the occasional bum. Surely (don't call me surely) someone has some spare time on their hands.

If your printer supports PCL 3, 4, or 5 you can inject the following two byte command into the beginning of a print file (preferably a multi MiB series of images) to get your DoPP:

(Values are in hexadecimal)

0x1B 0x59

This puts the printer into "debug" mode and tells it to print the raw PCL commands it receives instead of interpreting them. Since PCL line wrapping is typically disabled by default, you'll end up with page after page of paper sullied by a single line of PCL code across the top edge.

ammabamma
Devil

Waaay too close to home.

Simon missed the grand-spawn of Codethulu epic wretchedness that are printer drivers. They are more picky and recalcitrant than a bad date and require an impossibly delicate balance of printer firmware revision (4.12.7.8.r1), server operating system (Win2k3 r2, 32bit, must be connected to a domain controller), and possibly celestial alignment ("The house of Mars is in the ascension, and the Jovian meridian lies within the 7th cusp. You may run the installer now.").

It's like the electronic equivalent of those seemingly impossible, gravity-defying acts that Shaolin monks perform. The drivers will suffer naught but the most wizened and skilled grey bearded guru to successfully change their configurations. Only they know the secret lore, and have the strength of mind and clarity of soul to bend the rebellious drivers to their will. Those of us who have yet to attain this near-mythical apotheosis must struggle through the trackless fens of labyrinthine download sites, hidden options, incompatible/conflicting options, broken UI, and abysmal UX like a modern day Sisyphius.

- Want to use PostScript? Make sure you have firmware version 4.12.9.8 flashed on your controller and you use the 32 bit version of the driver. Otherwise you will not be able to call trays 1 and 3 and your media types will be limited to "vellum" and "waxed crepe paper".

- Want a newer driver that was written sometime this decade for an OS later than Windows 2K? Or even *gasp* a 64 bit version? Sorry! No can do! (Our last intern who wrote the drivers just graduated from community college.)

- Want to use PCL? Hope you have a Fiery controller with version 2.6.11.4-99h installed, otherwise the UEL will reset the printer to its default, factory state! Regardless of what you do, the driver will always rasterize every page and rip it as uncompressed bitmap scanlines or as a long sequence of HP-GL drawing commands, whichever results in the greatest file size.

- Linux? Sure we have a fully compatible, full featured driver for Linux. You'll have to compile it yourself using headers, libraries and compiler that we provide gratis. (By the way the code was written for System z9 and is in EBCDIC...)

I swear, given all the hassle and difficulties our company and our clients have faced with printers of all stripes, I could burn the regional distribution centre and head quarters of a certain printer manufacturer and not a jury in the world would convict me.

"Mister Ammabamma, the you stand accused of 37 counts of assault and battery with a printer fusing unit, 2 counts of grand theft auto, and 11 counts of arson. Do you have anything to say in your defence?"

"Yes your honour. Let it be known to the court that my accusers, Ute Osser, and Hugh Anchor, are service technicians for RICOH, the vehicles I stole and torched were their delivery vans, and the office park I set alight was RICOH's regional distribution centre and headquarters."

"Case dismissed!"

---

Ugh!

I'm going to go and relax with a nice pint or 7 of IPA before I give myself an aneurysm.

Fake antivirus scams: It's a $120m business – and alleged ringleaders have just been frozen

ammabamma
Facepalm

Re: Finally!

> Linux has no registry.

Never fear!

I am fairly certain "they" will be adding that feature to systemd shortly...

LARGE, ROUND and FEELS SO GOOD in your hand: Yes! It's a Nexus 6

ammabamma
Trollface

Re: Launched way too early

I hope the waterproofing is better than previous models.

5 minutes outside in a thunderstorm, and all your moments (and data) will be lost like tears in the rain...

Mobile carriers keep the promised land on an ever-receding horizon

ammabamma
Unhappy

This reminds me of something...

> I can still dimly sense the limitations that will reassert themselves when this boon expires. It's a taste of freedom, with no time to savour it.

Reminds me of a saying I heard somewhere (paraphrasing):

"The most intense torment can be had by giving someone a taste of joyous freedom before binding them in chains and casting them into utter darkness where their physical pain and suffering is further compounded by the agony of knowing what they almost had."

Facebook slurps 'paste sites' for stolen passwords, sprinkles on hash and salt

ammabamma
Meh

Re: Good idea, but how well does it hold up in practice?

> people who stole passwords for the lulz, dubious glory, or to give a certain company a black eye and wish to publicly display their trophy.

> More serious cybercriminals who steal a bunch of passwords and post a fraction to prove they've got the goods before trying to sell the rest.

Good point.

That was a bit of what I was driving towards: I just cannot see this as being more than token security theatre on Facebook's part to add a a shiny bullet point on their stockholder's reports.

1. The real, serious criminals won't put the information so publicly available.

2. The lulzy glory-seekers can easily obfuscate the data to avoid quick, automatic detection (and easily create gibibytes of "chaff" for Facebook to sort through for additional lulz).

3. Facebook will notify you that your credentials have been compromised, but as infosec-oakton mentioned below, you will not find out until after login, and after Facebook first identifies and verifies your credentials parsed from one of the many paste sites. Wouldn't using a well-designed, in-depth IDS system on the servers be better fit for purpose?

Maybe I am missing something?

ammabamma
Holmes

Good idea, but how well does it hold up in practice?

Warning! Speculative armchair analysis follows...

This sounds like a good idea in theory (especially for a nice little blurb for marketing to put on all their glossy bumf), but how well does actually work "in the wild"? I am certainly no Donald Knuth, just a humble blue-collar programmer that works day-in and day-out with parsing gibibytes of client data in all sorts perverse, ad-hoc formats (Base64 encoded PCL in XML in a CSV field was one of my favourites), but I honestly cannot see this working on anything but the most hopelessly naive script-kiddies.

How does Facebook's programmer team expect to parse and extract user names/email addresses and passwords from the data? I can't imagine the data thieves storing their database dumps in well-formed XML with a schema to validate against. Do they (Facebook) naively expect the thieves to post the data in a consistent "<USERNAME>,<PASSWORD>" format?

Does Facebook actually go through and check every email address and password combo it finds? What is stopping someone from flooding the paste sites with bucketloads of random email and password combos to make Facebook's security spider grind to a massive slowdown? If Facebook somehow filters emails that are not part of its network, what would prevent someone from pasting millions of random passwords for each valid email that they have stolen?

What happens if the thieves gain a modicum of sense and decide to obfuscate the data? Post the emails and passwords as separate pastes for starters. What about other encodings? Rot13? Base64? Ascii85? UUEncode? EBCDIC? What about when the professionals take over, slap the script-kiddies upside the head for being a ninny and pasting plain text data, and start encrypting the goods with PGP/GPG and ASCII-Armour'ing it?

This, I'm pretty sure, is merely scratching the surface. Doubtless other clever commentards can think of more deviously creative ways to throw a spanner into the works. This whole plan may look good on paper, but I just can't see it being very effective beyond a token measure...

It's 2014 and you can still own a Windows box using a Word file or font

ammabamma
Joke

Re: Where's the daft name and funky logo?

> When my Linux boxen fall prey to a nasty they get trendy names and a logo (Heartbleed, Shellshock) with Windows you only get CVEs and a load of blather.

Remember when the National Hurricane Centre ran out of "trendy" hurricane names back in 2005 on account of there being so many storms? Yeah...

On a more serious note, I feel more and more that all OSes (both closed and open source) are pastures filled with steaming piles of cow poo. The only real differences between the two are where the piles of poo are located.

BOFH: The current value of our IT ASSets? Minus eleventy-seven...

ammabamma

Re: Sharon - FTFY

> I'm already practising the signature...

Surely that should read

I'm already practising the signature...

Sharon T Pokeworthy.

right?

Cryptolocker flogged on YouTube

ammabamma
Joke

Malware served through ads? Oh dear...

In order to save the internet tubes undue wear please use the following comment template.

I do not have to worry about toxic ads because I:

(Please tick the relevant options)

#1 ☐ I use Adblock

#2 ☐ I use NoScript

#4 ☐ I do not have Flash installed

#8 ☐ I do not have Java installed

#16 ☐ I don't use a toy OS

#32 ☐ I block all advertisers with the hosts file

#64 ☐ I block all advertisers with a firewall

#128 ☐ I use a real browser

(links, lynx, emacs "M-x webrowser-and-the-kitchen-sink", cURL + ed, ...)

On a more serious note, what happens when something like this hits "smart" TVs and other media devices with Youtube/internet access? I cannot imagine Phillips, Sony, Sanyo et al. will be issuing security updates and I imagine the underlying code is a bit of a pig's breakfast...

This'll end well: US govt says car-to-car jibber-jabber will SAVE lives

ammabamma
Holmes

Gaze into the crystal ball...

I will use my finely tuned psychic skills, honed through service on the level 2 helldesk, to predict the future (For the love of $DIETY somebody please prove me wrong...):

1. There will end up being no fewer than 3 incompatible standards for car to car comms. Microsoft, Google, and the EU will all try to add their own "must have" extensions to the specs.

2. The documentation will be safely ensconced behind a multi-hundred (thousand?) $$$ paywall.

3. There will be at least 2 buffer overflows discovered in the first 18 months after release.

4. FVEY will "request" an API hook to slurp all that telemetry goodness.

5. The actual protocol will look like the spawn of Codethulu:

- Binary with tightest possible bit-packing.

- Irregular field widths

- Discriminator bits that distinguish between two variants of a bit span—located after the span

- etc....

Page:

Biting the hand that feeds IT © 1998–2019