* Posts by DropBear

4483 posts • joined 4 Mar 2013

No yoke: 'Bored' Aussie test pilot passes time in the cockpit by drawing massive knobs in the air

DropBear Silver badge

Re: There's a bunch of these on FlightAware...

My first reaction was "the real reason this exists is because there's a commonly used aviation tool somewhere that facilitates creation of waypoints in a drawing-like fashion - people are simply using it because it's there!". If this is a common thing, I'm even more convinced that I'm not wrong...

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative

DropBear Silver badge

Re: Could do better but not much better

Must have been a different summary table than the one I've seen.

DropBear Silver badge

Re: Keystroke logger

What the hell are you talking about? Any TOTP code is by definition valid in unchanged form for 30 seconds (or other suitably chosen but nonetheless practicality-limited interval). It's up to the far side how it handles two distinct login attempts from different IPs in quick succession, but there is no "challenge" element involved in a TOTP code.

DropBear Silver badge

Re: This is why you need a dedicated hardware-token for things like this.

Trying to redouble efforts to armour plate a carrier pigeon between your password manager and browser are flat out pointless. The solution is not trying to keep a fixed string secret, but to use end-to-end crypto between a separate, physically secure piece of hardware (token) on your side and the web server on the far side; which is exactly what U2F (and partially our much downvoted OP) is trying to promote. Yes, it's not by any means universally used at this point; we can only hope it (or something like it) does become so as soon as possible.

Until then, pending cooperation from the far side, we could still have right now stand-alone hardware password vaults that type the required pass straight into a login field. Yes, they would still have remaining issues such as lack of integration for auto credential selection / inability to work with "on-screen keyboards" with variable layout / passwords lingering in the browser memory, but at least they do assure the criteria pursued by this study: that unused credentials do not get exposed, and that used ones do not linger in the _manager's_ memory once it is re-locked (or ever, considering separate hardware).

All in all, password vaults are awesome against indirect threat (where you and your hardware are not involved in an attempt to compromise an account of yours on a third-party server) but are catastrophically poor against direct threat, where your machine is compromised first either by a remote or a local attacker directly seeking to obtain credentials to exploit - so it's a compromise depending on your threat model. If, like me, your threat model includes the rest of the world... you're unavoidably fucked. Nothing can protect you comprehensively.

U wot, m8? OMG SMS is back from dead

DropBear Silver badge

Except of course read receipt sending would be one of the first things I'd turn off - and if they won't let me, then the whole RCS process (unrootable phones aren't even considered for purchase). Whether or not I've actually seen something you sent me is none of your concern. If you absolutely must know, you can try to call me - and most likely have me not pick up for that exact reason. Funnily enough, those who aren't trying to spy on me seem to have no problem whatsoever reaching me.

Turn on, tune in, drop out: Apple's whizz-bang T2 security chips hit a bum note for Mac audio

DropBear Silver badge

Re: Astounding, indeed

Unfortunately "only" having to properly implement anything is exactly one bridge too far in 99.99999999% of cases. USB2 bandwidth may be more than adequate in theory, but it doesn't matter that I get 30FPS on average in a game when I get all of them in one half of a second - and precisely nothing in the other (or, you know, for the next five seconds - hello there SC...). I remember quite vividly having any audio that was playing glitch on my desktop every time any network traffic occurred whatsoever - and that was hardware bolted onto the motherboard southbridge not even attached via USB, and it was not a single-version bug but the state of affairs with the official mobo drivers from a reasonably reputable supplier! I can't even remember exactly what workaround or update solved it, but to this day my drivers are frozen to the version that finally worked reasonably, any further updates be damned*.

Properly prioritised and enforced resource access is simply NOT something anyone pays any attention to in the twenty-first century - everyone just assumes they are either alone on their bus, or the bus is "fast enough anyway" to let them get away with bloody murder. Except it never actually is, and sometimes to the point where you end up like this - getting to hear it quite clearly.

* let me tell you about that one time when the mouse cursor kept randomly turning into corrupted garbage for an infinity number of further versions of the graphic driver for their then-flagship card long after AMD swore they fixed that - guess when I updated THAT driver the last time...

Unearthed emails could be smoking gun in epic GDPR battle: Google, adtech giants 'know they break Euro privacy law'

DropBear Silver badge
Devil

Re: Death to advertisers!

Wait. How do you know I was looking for a pitchfork...? What do you know about me and who did you learn it from!?!?"

LG folds at prospect of launching bendy phone while Samsung flaunts its upcoming kit on telly

DropBear Silver badge

Re: WTA*

"I don't even understand the need for a bendy phone."

It's not hard to understand though. 1) I'm not willing to carry a tablet-sized device, ie. one larger than a normal phone. 2) I absolutely need a screen larger than a normal phone has - I do all my book reading on my phone, and the current screen size absolutely makes it suck. Also, any browsing I do on it almost sucks worse than seeing my dentist, because I happen to not give a crap about vertically scrolling cards like Facebook timelines or Twitter tweets or Messenger messages, and anything else* is just miserable to read on a screen that size, both in portrait and landscape mode.

* I have yet to see a website with a "mobile" (or worse: "adaptive") version that isn't definitely worse than seeing my dentist...

DropBear Silver badge

Oh, no bendy phone? Not interested then. Not until someone (I care exactly *nought* who) comes up with a *cheap* foldable-screen phone (obviously it won't be the upcoming Galaxy)...

Accused hacker Lauri Love loses legal bid to reclaim seized IT gear

DropBear Silver badge

I do not appreciate the apparent tendency to judge a claim's merit strictly on its merit as it pertains to the case and question being judged alone, as opposed to "this is your fault and you're despicable so we don't really care whether those you accuse are in the wrong or not - you don't deserve to win either way". But that's just the impression I get after reading this - the claim may well be meritless on its own...

Twilight of the sundials: Archaic timepiece dying out and millennials are to blame, reckons boffin

DropBear Silver badge
Trollface

Getting millennials interested in sundials...? Easy! Just tell them each one comes with its own gnomon. And mumble something unintelligible when they get excited and ask if they come with goblins and trolls to...

DropBear Silver badge
Trollface

Re: Using a sundial at night

Why would you need a special app for that, silly? You just glance at the time on the smartphone then wave its torch about until it casts the shadow onto just the appropriate gradation...

Dratted hipster UX designers stole my corporate app

DropBear Silver badge

Re: Windows 8/10 Control panel

Dunno about that. I learned to swear worse than a sailor* when they started to arbitrarily group various bits of the control panel under text links (each of which I had to read and mentally process to navigate them) under equally arbitrary categories in windows 7, compared to the simple grid of named icons I could navigate at a glance** or even mostly just muscle memory** in Windows XP after a bare minimum of familiarity.

* I kid, I kid. That actually happens to all of us once we start driving...

** Which is what makes "recent" or "most used" collections of apps useless - because they're inherently dynamic, there is no muscle memory developing on where to reach stuff so you need to actively identify everything on them all the time, whereas I only needed visual clues on my old XP start menu to fine-correct my cursor movement; which region to reach for was pure memory.

Boss of venerable sect with millions of devoted followers meets boss of venerable sect with... yeah, you get the idea

DropBear Silver badge
Coffee/keyboard

See icon -->

Roses are red, this is sublime: We fed OpenAI's latest chat bot a classic Reg headline

DropBear Silver badge

I'm almost certain it just vaguely realised on some level that "what is" tends to be associated with looking for the "definition" of a thing, and "a dog" means the thing is "dog", so just yanked the closest thing it had to a Wikipedia article and quoted it nearly verbatim - mixing it up with some other words just enough to make sure we realize it has no idea what it is doing...

OK, Google? Probably not! EU settles on wording for copyright reform legislation

DropBear Silver badge
Pirate

Re: Not Copyright Reform.

It's becoming increasingly obvious that (preferably anonymous) peer-to-peer sharing of absolutely everything is the only way forward worth bothering with. And we better start thinking about how we'll bypass their inevitable attempts to block it, when it gets big enough.

DropBear Silver badge
Facepalm

Re: "This tactic doesn't play well in the EU"

Well of course! Didn't it turn out that all the campaigning against the Pai's FCC was 100% just bots too...? /s

Why does that website take forever to load? Clues: Three syllables, starts with a J, rhymes with crock of sh...

DropBear Silver badge

Oh really...? So do tell me, does Google still load the invisible little animated thing in the centre of the page every single time - you know, the thing I blocked years ago because it produces a sustained, continuous 50% CPU load on an older machine like mine...? Because I'm basically certain they still do... and after something like that I just don't see them giving any fucks whatsoever to the whole problem.

US counterintelligence agent helped Iran lob cyber-bombs at America, say Uncle Sam's lawyers

DropBear Silver badge

Re: Yee Gods

Also, if your target accepts your friend request, one would assume that's because there is at least _some_ amount of real-world connection between him and whoever you're spoofing - but if that's so, how do you expect that real-world link to not uncover fairly quickly that your "spofee" never actually friended him...?

A once-in-a-lifetime Opportunity: NASA bids emotional farewell to its cocky, hardworking RC science car on Mars

DropBear Silver badge

Not like it didn't last long enough, but strictly speaking - seeing as how big of an issue sand can be, is there anything preventing solar rovers being constructed with panels that can be tilted beyond the angle of repose, so sand can't settle on them, then just returning them to optimum angle when the weather is nice...? It could even be constructed as a passive mechanism that pre-stores the energy needed to un-tilt the panels back to horizontal during the stowing phase, so it would only need the tiniest amount of energy to trigger and effect a wake-up...

One click and you're out: UK makes it an offence to view terrorist propaganda even once

DropBear Silver badge

Re: Hmmm

Don't be silly. How can learning what might put him in the slammer NOT be useful to a terrorist...?

If you want a vision of the future, imagine not a boot stamping on a face, but keystroke logging on govt contractors' PCs

DropBear Silver badge
Trollface

Re: a good incentive

A nice way to easily triple your productivity... First it blindly counts the bot-injected rubbish characters, then the also bot-injected exactly equal ^H^H^H^H ones, then finally the ones of you doing the actual work! Win-win!

DropBear Silver badge
Facepalm

Re: What muppet agrees to pay per hour?

I seem to recall Edison The Man Himself having a brush with workplace monitoring during his railway telegraphist days, in the form of having to send a letter each hour just to prove you're not asleep. Which of course he promptly spoofed with a mechanical autokey, nearly causing an rail accident by, ob(li)viously, failing to act on an advisory coming in while he, uh, slept. Moral of the story: don't. Just don't. It will inevitably be spoofed and it will not get you what you hoped to gain from it anyway. No force on Earth or outside it can make people into work-bots, and you don't want them that way anyway - the real world works only because it's lubricated by stuff folks are not supposed to be officially doing yet needs to be done somehow* anyway.

* let's not even get into how any sort of petty business involving another human being behind a counter or a desk can only be done during "business hours", the exact same "business hours" that are supposed to confine you, as employee, strictly behind your OWN desk. To this day it boggles my mind how this is supposed to work even in theory. And this is not stuff you do twice a year, so you could get a day off or something to take care of it - it's near-weekly minor bullshit that just needs taking care of all the bloody time. In the end, the work gets done by when it needs to get done, and that should be good enough for anyone.

US kids apparently talking like Peppa Pig... How about US lawmakers watching Doctor Who?

DropBear Silver badge

Naaah. My Spirit Animal is still Spanky Ham...

Object-recognition AI – the dumb program's idea of a smart program: How neural nets are really just looking at textures

DropBear Silver badge

Can we please...

...just puncture the current "AI" bubble already and call it a day...? Yes, it's 2019 and image recognition is a thing. Mostly. Sorta. If you squint at it just the right way, as this study demonstrates. None of it has absolutely anything to do with actual intelligence, as this study also demonstrates. So, world, just quit it already, my neck is on the brink of getting RSI from all the "nu-uh!" head-shaking I need to do every time I try reading all the effusive "AI" tech news these days.

I am just a mapper: Solar drones take to the skies above Blighty

DropBear Silver badge
Trollface

Re: Just because you're paranoid...

Just wait until they start parachuting in peacekeeping forces too - I reckon 25Kg is enough for a smallish, really young shark with a laser...

DropBear Silver badge

The 38m is the single number wot makes things make sense - no drone of any kind of more conventional dimensions has enough surface area to gather any meaningful amount of solar energy as far as powered flight is concerned; but yes, once your wingspan is measured in bus lengths, staying up there for quite a while definitely can be done and has been done. Although I'm not sure roads and rivers move around often enough to warrant 24/7 surveillance especially once you already mapped them; but as far as up-to-date "satellite imagery" is concerned, this would definitely help...

Intel SGX 'safe' room easily trashed by white-hat hacking marauders: Enclave malware demo'd

DropBear Silver badge
WTF?

Re: "performing anti-piracy decryption of protected Hollywood movies"

If all code running on the machine is trusted, a protected enclave is pointless. As soon as we assume there is something on that machine that something else need protection from, your whole premise of running only trusted code is falsified. Which is just as well, as in practice there is no such thing as 100% trustworthy code.

Leaky child-tracking smartwatch maker hits back at bad PR

DropBear Silver badge
Devil

Re: "regular" people wouldn't be able to do it, and if they did, it didn't really matter.

"Life is a risk ... get used to it."

"...but instead of teaching your kids some responsibility and showing some yourself, why not bravely surveil their ever step with a (ludicrously insecure) GPS watch instead...!" Oh, do go on. It's beer o'clock anyway, we could all use a good laugh...

OK, Google. Music in 2019 isn't what it was, but Play nice, will ya?

DropBear Silver badge
Unhappy

Re: Out of curiosity ...

Because there's no essential freedom that most people wouldn't gladly give up for a bit of convenience.

Brit Mars bot named while NASA 'nauts must wait a bit longer for a US rocket trip to the ISS

DropBear Silver badge

Le Sigh...

"NASA reckons that more testing, verification, reviewing and training is needed before any blue touchpaper can be lit."

Anyone still wondering how ideas like "move fast and break things" could have possibly ended up being touted as a Good Thing - now you know. Because of exactly this sort of bollocks.

Apple puts bullet through 'Do Not Track', FaceTime snooping bug and iOS vulnerabilities

DropBear Silver badge

You easily can. But you probably do need a rooted phone. AdAway works nicely for me.

Reliable system was so reliable, no one noticed its licence had expired... until it was too late

DropBear Silver badge

Re: I generate the licenses..

Well, that's why I refuse to (personally) use any software that comes with any kind of "fuel"* that needs to be "topped up" periodically even if it insists it's free and will always be available. It's just voluntarily putting on a collar with a leash somebody else is free to tug on** any time.

* actual real-world example.

** you better be a latex-clad dominatrix if you want to try that with me

From Firefox to fired cocks: Look who's out to save you being shafted by insecure Internet of Dingalings – it's Mozilla!

DropBear Silver badge
Gimp

Re: Surely the whole point of a Bluetooth Sex Toy

Compelling use case, granted. I still think it's kinda missing the matching T-shirt with a QR code on its front and back that would let anyone interested download the appropriate app. How else is anyone interested going to get clued in about when to try what...?

Only plebs use Office 2019 over Office 365, says Microsoft's weird new ad campaign

DropBear Silver badge
Trollface

Come on, you can't just leave us on a cliffhanger like that - which part of the family has work-related MS compatibility obligations that categorically preclude zero-cost options like LibreOffice - the wife or the kids? Or, wait... was it the butler wot dunnit...?!?

Sure, you can keep Grandpa Windows 7 snug in the old code home – for a price

DropBear Silver badge

Re: Happily

While I'm not the OP, I fully endorse the sentiment. Linux desktop is absolutely fine for a non-Linux person - assuming they never want to touch anything other than Firefox and LibreOffice and whatever the photo viewer is called these days; one needs zero learning curve for that. For absolutely anything else though, as a non-kernel-developer, you hit a brick wall. And I'm not talking about having to use the CLI, as bas as that already makes things - I could live with that. No. It's just a matter of time until you stumble into something that most definitely doesn't work as it should, it cannot be configured to make it work, and the bug report(s) concerning the problem sit either unanswered for half a decade or straight-up wontfixed. That's assuming there is anyone still in charge of that piece of software at all of course.

Yeah, Mate is nice - so how does one go about having a "systray" indicator of received mails that isn't either Thunderbird running all the time or a Gmail-only thing? Because "Mail Notification" is deader than dead, broken, and nothing else works. I never had that problem under Windows. Or - how does one enable direct feedback from mic in back to the headphones, a thing that used to be trivial in the Windows XP mixer, still fairly easily doable under Win7 if you know what checkbox to tick, and flat-out impossible under any GUI mixer in any version of Linux I've seen (and just barely doable in alsamixer text-mode, in a sort of semi-accidental glitchy way)...? The official stance seems to be "just listen to the sampled input played straight back into the output" conveniently glossing over the horrible line delay that doesn't exist with the hardware-based mixer loopback.

And there are hundreds of these paper cuts - I _am_ trying to use Linux and I'm fighting them far, far more than I am actually getting on with what I came to _do_. Invariably, it turns out that the only way to get them to work would be to learn the ins and outs of the software package in question (and all the frameworks it relies on) and code a fix yourself. If you can't do that for whatever reason from "C++ is incompatible with my brain" to "my entire lifespan wouldn't be enough to get all of this working", tough shit. It just won't work. And these are all problems I never had under Windows,,,

Chrome devs attempt to slip muzzle on resource-guzzling browser beast with 'Never-Slow Mode'

DropBear Silver badge

As theoretically long deprecated as synchronous http calls may be, to this day I immediately know when any server I touch anywhere slows down by... having the entire browser freeze up indefinitely, across all tabs. Lovely bit of coding, that.

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

DropBear Silver badge

Re: Oh well

Fine, make it 7 months then...

Accused hacker Lauri Love to sue National Crime Agency to retrieve confiscated computing kit

DropBear Silver badge

No idea what you're talking about. My desktop is a lot older than that, and was bought as a "best value for money, not the best there is" proposition at the time, yet to this day the only piece of software I have ever seen it drag its feet with was Star Citizen - and it even plays that one at a usable if not decent level. There was definitely CPU performance increase in the last ten years, but you seem to heavily overestimate how much, especially compared to typical software needs. See also PC OEMs incessant complaints about people showing no inclination to replace their existing PCs - there's a reason for that...

Google: All your leaked passwords are belong to us – here's a Chrome extension to find them

DropBear Silver badge

The number of forums that forced me to register for a single comment or to view an image every now and then and the number of small online shops I might buy something from once every three years or so are legion. Due to their number there's no way in hell I'll ever use distinct passwords for each, not even through some "schema". Also due to their number it's basically a given that at any particular moment in time whatever password I used with more or less all of them is already compromised. I would not be able to update them all before the new one would leak too from whichever of them is the weakest link - even if I would remember every single one of these places, which I don't come anywhere even close to.

It's a lost battle I'm not in the mood of fighting so no password managers for me - not that anyone would seem to bother posting in my name anywhere (or to they? Is this the real DropBear?!? Dun-dun-dun...) or buying me anything (card numbers are not involved - I only ever buy CoD at these shops, the whole point is that they are country-local). Yes, there are some higher value accounts, less than a dozen, that I do try looking after slightly better - but they are a drop in the ocean compared to the rest, and funnily enough their passwords tend to stay un-compromised. Regardless, most (that allow it) already also use 2FA anyway (TOTP if it's up to me; SMS if it's up to my bank - thanks a lot...)

All in all, a password manager - either online or offline - just sounds like such a catastrophic single point of failure (and such a juicy target to grab for anyone ever driving by - which is 100% a "when" not an "if") that I just can't stomach using one - at least this way my small collection of more precious passwords is only stored in my brain...

Crypto exchange in court: It owes $190m to netizens after founder 'dies without telling anyone vault passwords'

DropBear Silver badge

Re: Crypto-busting test case

If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a "problem with a solution", what is the point of encrypting any computer...?

DropBear Silver badge
Trollface

Re: Damn.

....this wouldn't have happened in January 2000 perchance...?

Amid polar vortex... Honeywell gets frosty reception after remote smart thermostat tech freezes up for a week

DropBear Silver badge

Re: IOT=Crap

The difference is that lots of us don't see any convenience* in rigging up our lightbulbs to the Internet, whether or not that makes them turn on or off in fancy ways - classic motion sensors or timers tend to do the job just fine if we truly feel our lives are pointless without lightbulbs with their own will. Nobody's preventing anyone here from going crazy with the stuff if they feel it really works for them, lots of us simply resent the ongoing implication that one needs to be crazy not to see all the marvellous advantages these modern net-connected wonders offer to allegedly absolutely everyone just as long as we're willing to repent our sins...

* Let me know when they make a lightbulb than can replace itself automatically when it burns out. I might just consider it actually convenient enough to buy a few...

DropBear Silver badge

Re: Holiday Homes

I can't help but note that the number of one-percenters owning separate "holiday homes" is astonishingly high here.

Fake fuse: Bloke admits selling counterfeit chips for use in B-1 bomber, other US military gear

DropBear Silver badge

Re: IC marking

Spotting counterfeits is one thing, but in this case these were supposed to be USED chips. Whether that means previously socketed or soldered, I cannot possibly imagine how one could fail spotting that, short of not looking too closely at the chips at all in the first place of course.

Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it

DropBear Silver badge

Re: You don't say

"The professor addresses handwaves your point in his original post". Fixed.

DropBear Silver badge

No. I'll just stick with "what an idiot!". Keeping vulnerabilities quiet is not a valid approach if your aim is to get them fixed. The one, single and only thing that causes that is announcing them publicly. Anyone arguing against it is an utter idiot at best and actively means you harm at worst.

Techies tinker with toilet-topper to turn it into ticker-tracker

DropBear Silver badge

Nope

Any piece of technology trying to monitor/read any aspect of my health will find it is much more difficult to perform its function with an axe embedded in it, in short order. Do not want. My health basically never existed as such, and I don't want any further complication detected and announced to me any sooner than absolutely unavoidable. Yes, it's a conscious choice trading whatever hypothetical extension could be obtainable for a significantly less miserable existence up to that point, both in a physical and psychological sense. YMMV, feel free to disagree all you want and live your life any way you see fit, but I'm not taking advice concerning mine. Particularly not from a toilet seat...

Bug-hunter faces jail for vulnerability reports, DuckDuckPwn (almost), family spied on via Nest gizmo, and more

DropBear Silver badge
Trollface

Re: Pretty soon, you won't be able to turn them off

How will you recognize their techs? By the cattle prod they'll carry, perchance...?

Ad-tech industry: GDPR complaint is like holding road builders to account for traffic violations

DropBear Silver badge
Trollface

Re: Collective Authority

Not even so much a defence but the "nu-uh!" phase that comes right before "Mooooom!"

Biting the hand that feeds IT © 1998–2019