* Posts by el_oscuro

173 posts • joined 14 May 2014


Japan's Hayabusa 2 probe has got the horn for space rock Ryugu – a sampling horn, that is


A 2 Kg "bullet", sent at at 2km/s?

That's more like an artillery shell. And 2km/s is about 5,000 mph, twice the velocity of an M-16 round. It also happens to be orbital velocity in Kerbal Space Program. And the results of that much mass impacting at 2km/s would be very Kerbal indeed.

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative


Re: Remembering loads of long passwords


Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs


Re: Up to a point

Get SQLi on some shitty website, dump the usernames and passwords, then follow this procedure:


It's the weekend. We're out of puns for now. Just have a gander at China's Moon lander and robo-sidekick snaps, videos


Landing on the Mun

Looks like Jedediah Kerman's view just before my first Mun landing. You have to burn retrograde (sideways) to lose all of your horizontal velocity, otherwise your lander will tip over and/or explode when you try to land. Once you have stopped, point your rockets to the ground to keep your descent under control. The LT-2 Landing Struts are rated at 12m/second but anything above 5 will probably be very explody.

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit


Re: I guess it's a good time

I tried that. Didn't work:

root@localhost:~# systemctl status irony_detection

● irony_detection.service

Loaded: not-found (Reason: No such file or directory)

Active: inactive (dead)



Re: Never trusted SystemD

Also, shitty error handling.

One of my boxes wouldn't start the desktop and the error message was:

systemd systemd-logind.service failed

along with a message saying to use "journalctl" for more info. When I ran that command, I got:

systemd systemd-logind.service failed

If I wanted error messages like that, I would run Windows.

In the end, I spent many hours Googling it and never got anywhere. In the end I went to http://without-systemd.org/wiki/index.php/Alternatives_to_systemd and blew systemd and the desktop away and installed SysV/xfce. At least I can use my box now.

Stormy times ahead for IBM-owned Weather Channel app: LA sues over location data slurp


Re: Yes

Not really. All of these companies just get their feeds from the NWS (weather.gov), which you can use directly itself. If you want it on your phone, it is https://mobile.weather.gov. No ads, spying, etc. You just give them your city and state or zip code, and you get the weather for the nearest station.

The nearest station to my zip code is at Lat: 38.72°N, Lon: 77.18°W, Elev: 69ft, about 5 miles away.

So any weather app asking for any location data that is more accurate than that is complete bullshit.

Mark Zuckerberg did everything in his power to avoid Facebook becoming the next MySpace – but forgot one crucial detail…


Re: "this ought to be labelled an editorial."

Comments/Opinion/Editorials, Op Eds, etc - I have seen all of these in Newspapers on this side of the pond.

And this is a well written one. I agree with the premise: That FB is different because they lie *All* the time about privacy.

Sudden Windows 10 licence downgrades to forced Xcode upgrades: The week at Microsoft


Re: Cool that Amazon and Microsoft support LGBT

Maybe train each to respond to the other, then insert ${NSFW} terms into the conversation, break out popcorn.

Techie was bigged up by boss… only to cause mass Microsoft Exchange outage


I used to have the siren ring tone on my iPhone set for the ops center at work. I would get paged so often at 3am from that office, that hearing that ring tone on someone else's phone still sets me off. And I haven't worked there in years.

Our brave El Reg vulture sat through four days of Oracle OpenWorld to write this cracking summary just for you


Re: O.r.a.c.l.e

We once had an Oracle sales droid trying to get us to buy some "security" product. Something like Oracle Identity Manager but 20 years ago. He was saying: "It is so easy to set up, you just put the CD in and click next a few times and you can literally have it set up in 5 minutes". So my project manager said: "Good. We have a server upstairs. Let's set it up now." I swear, the result was this:


And many years later, I had a golden opportunity to do the same thing with a sales droid for an Oracle Database Appliance and I completely blew it. Using a phone to capture the moment is too awkward. I need some sort of stealth camera.

Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web


Delete files?

I thought Microsoft already added that feature to Windows 10 with build 1809.

Mine is the one with the USB backup in the pocket.

Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare


Exception in thread "main" java.lang.NullPointerException

Happy 60th birthday, video games. Thank William Higinbotham for your misspent evenings


Re: would you like to play a game? How about global thermonuclear war?

You can try this:


Didn't even make it through the first level


I'll just leave this:


GitHub.com freezes up as techies race to fix dead data storage gear


Re: Oh go do one Saishav!

This man page?


Is this cuttlefish really all that cosmic? Ubuntu 18.10 arrives with extra spit, polish, 4.18 kernel


Re: Same old same old.

"We should be at the stage where all a user has to do is sit at a screen and say (or type) "I want to write a document" (or letter, email, flame, program, magazine review ... ) and everything just happens."

To do that, I click on Applications/Office/Writer. Been that way for at least 15 years. Not sure now it can be any easier.

"And the same applies to hardware - especially stuff you can plug in like USB."

Also 15 years ago: I bought my first digital camera, an el-cheapo Kodak. My kids were small and playing in in the leaves. I had a Windows computer and one running SUSE. After taking several pictures, I was out of space. So I plugged the USB into the Windows computer. Nothing at all. After about an hour of Googling and downloading 100mb of crapware from Kodak I was *finally* able to download the photos to the computer. It was getting dark so I wouldn't be able to get any more pictures. I had assumed that using the camera with Linux would be harder but I hadn't tried it. So I plugged the same camera into the SUSE computer. I immediately got a dialog: "A camera has been detected. Would you like to import your photos in to F-Spot?"

It was that day that Windows basically ended for me. Actually *doing* things was now easier on Linux.

Russia: The hole in the ISS Soyuz lifeboat – was it the crew wot dunnit?


Re: Interviewed on Russia Today...

That astronaut was actually trying to hot wire the ship so he could take it to Mars.

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS


I block all of that crap with pi-hole. This is literally the definition of XSS. I have paypal an amazon for making payments. If your site can't accept those, forget it. I'm sure I can find whatever I was looking for elsewhere.

A boss pinching pennies may have cost his firm many, many pounds


Re: RE: Control freak boss....

By a strange coincidence, "Larry" happens to be the only person to miss one of my paychecks. At least the HR drones got it fixed with 24 hours. I am not too tolerant of such things.

Mozilla changes Firefox policy from ‘do not track’ to ‘will not track’


Re: It's about time

So basically, 3 engines:

KDE KHTML/webkit: Chrome, Safari, Vivaldi, Opera, etc

Mozilla: Firefox, Pale Moon, Ice Weasel, etc

Trident: Edge and IE

Abracadabra! Tales of unexpected sysadmagic and dabbling in dark arts


Re: Case sensor

Actually, I always knew it as BFFI.

Cracking the passwords of some WPA2 Wi-Fi networks just got easier


Re: Nice Model M KB in piccie

Actually a really effective way to clean them is with denture cleaner. Leave your key caps in it overnight and 20 years of grime is just gone. Looks brand new.

'Unhackable' Bitfi crypto-currency wallet maker will be shocked to find fingernails exist



Prior to going to Belize for a vacation, we checked travel advisories from the State Department. For Belize, they had issued warnings for numerous McAfee sitings.

Tech team trapped in data centre as hypoxic gas flooded in. Again


Re: Hasn't halon been banned or something in the '90s?

I think I have seen the BOFH. Is this her?


Tired sysadmin plugged cable into wrong port, unleashed a 'virus'


Re: Network related

In boot camp in the Army on other side of the pond, the drill sergeants actually recommended us to start smoking if we didn't already for this very reason.

That same Army banned indoor smoking in all buildings Army-wide about 6 months later.

In defence of online ads: The 'net ain't free and you ain't paying


Re: If only I could pay

Back at the turn of the century, Google beat out Yahoo, AltaVista, and all of the search engines. Why? Because all of those search engines had shitty ad experiences just link now, while Google had "sponsored links" which were just text and clearly labeled.

Besides that there are 2 things about ads today that really get my goat:

1. Shitty sites like washingtonpost.com which have paywalls *and* shitty ads to their actual paying customers.

2. Security - The current ad model is literally *designed* in XSS, with a little RCE thrown in. All of those third party domains run whatever they want with no accountability whatsoever. An attacker injecting a BeEF hook into any one of those and do all sorts of nasty stuff to your computer

If websites want to show me adds, just have sponsored links and host them themselves. Oh, and don't make them shitty. Those "sponsored links" that Google has? Often, they are something I am interested in.

Is your smart device a bit thick? It's about to get a lot worse


Re: Better Option

That should be the *first* thing any dude learns, along with never making jokes about their weight.

My PC is on fire! Can you back it up really, really fast?


When I was about 12, a small fire started under our Christmas tree, which was real. Without thinking about it, I used a fire extinguisher to put it out quickly. Good thing we had that extinguisher as those Christmas trees light up like gasoline and would have burned our house down before the fire department could have even got there.

It's World (Terrible) Password (Advice) Day!


Re: Oh yeah!!!!

And of course they will make you change it every two weeks. So:




Works great!


Re: Sensible Rules

That's weird. Normally oracle allows upper case, numbers, _# and $. Anything else will break it. And if you have a ', it is SQLi

Imagine you're having a CT scan and malware alters the radiation levels – it's doable


Re: Genuine question

I get all of this. All of this shit has to be certified and work. Medical review boards are like aviation - and for the same reasons.

But here's the question: If someone buys an MRI scanner in 2003 with a commodity PC to control it, what happens when the hardware goes TITSUP? You are not replacing that fried motherboard that ran XP (or Linux 2.4). Never mind the shitty security of Windows. In aviation, they have custom interfaces for everything which can be serviced and replaced for the life cycle of the aeroplane, and all of this shit is certified. Why not for these medical devices?

As Zuck apologizes again... Facebook admits 'most' of its 2bn+ users may have had public profiles slurped by bots


This is actually actually very shocking. I wasn't surprised about them selling everything they knew about you to anyone, and I was pretty annoyed about being included in that data because someone who has FB probably has me in their contacts.

The truly shocking thing about this is facebook allowing bots to scrape the data. Blocking that is literally internet 101. Here is a link for Mark Zuckerberg if he needs to learn how to webserver:


Nest reveals the first truly connected home


Re: I've said it before and I'll say it again

Last week, the county trash pickup damaged our fence, and of course they said they didn't do it. Of course the fence was bent out in a way that only be done by some machinery like they use on the trash trucks. So we are going to get a CCTV system. No IOT shit. Just 2 cameras hooked up to a local DVR.

Auto manufacturers are asleep at the wheel when it comes to security


I was looking at getting a new car my 2008 pickup, but didn't want to deal with dealerships. And why do I need a new car anyway? I'm starting to need a little more maintenance, but that is nothing compared to a new car payment. And how is my old truck out of date? Really, just the stereo. I would like to have something that can bluetooth with my phone so I can get spotify, hear waze alerts, etc. So I got one of these:


It has exactly the same connection to your car as the ones we used to get in the 1980's at Radio Shack - power, antenna, and the speakers. Nothing else. I know this because I will be installing it myself.

My PC is broken, said user typing in white on a white background


Re: Pah!

With Windows, there is fun with Unicodes. Left-to-Right Override (U+202e) is your friend.


I did that once back in the WFW 3.1 days. Except before making the screenshot the background, I turned it upside down.

Later when I took the computer in for repair, the shop thought they had installed the video card backwards.

Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs


Re: User needs

My Dad is almost 80 and a great grandad. Besides Linux, he also has a Mac and Windows 7 (safely disconnected from the network of course). His old system76 was about to give up the ghost, so I ordered him a new bare bones and gave him a link to the Ubuntu ISO. Not wanting to fuss with BIOS settings and such, he went to Fry's to get a teenager to install it for him for $50. Afterwards, I had him install the full development toolkit:

sudo apt-get install build-essential dos2unix unix2dos

With that he is in full business

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned



Modern browsers all support content-security-policy, an HTML header which allows websites to white list JavaScript sources. But that would require them to *actually* know where their JavaScript comes from. That would totally break their shitty ad model.

Secret weekend office bonk came within inch of killing sysadmin


Re: Live Steam - *seriously* dangerous

I would agree. My dad used to work at a place that had steam pipes like that, and when inspecting them, they had a simple test.

They would walk along side the pipe with a broom stick. Leaks were identified when the broomstick was sawed in half.

A Hughes failure: Flat Earther rocketeer can't get it up yet again


Re: 1,800 feet

..Or he doesn't even have to leave San Bernardino county. Just drive about an hour west to the Rim of the World Highway. Some of those passes are above 8,000 feet.

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;


Re: Anyone seen a single line C program ?

I actually wrote a 1 line C program. And that code is still running in production.

I had a simple requirement: Run a shell script at a regular interval like every 15 minutes, and log the stdout/stderr to a log file. In Unix I would just put it in the crontab and be done with it. But I had Windows NT 4. The original AT scheduler was very limited but at least it worked. The installation of IE6 completely replaced it with a GUI which I could never get to work. And we couldn't use it as we didn't have RDP anyway.

So my program was basically:

int main(int argc,char *argv[])




Why would I need this? We couldn't use cygwin or something like that for cron scheduling but we did have the Windows NT resource kit which included the SRVANY utility. This utility allows a command to be run as a service. But that command has to be an EXE and not a .BAT file. I also tried CMD /C but that didn't work either.

The scripts themselves handled all of the scheduling and logging, similar to Unix cron scripts that configure the environment.

10 years ago, we were 100% Windows and these scripts ran *everywhere*. Now we have migrated much to Linux but there are still production applications that use this 1 line program.


Re: Tabs v spaces

Don't get me started excessive use of parentheses. Whoever came up with Oracle's tnsnames format should be shot.


Re: Alternatively...

You also forgot the trailing; --

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming


Re: It's an OS not an Ecosystem

I don't even have that. Dying Light, Kerbal Space Program, and FTL are my biggest time wasters, and they all run on Linux. And I have at least a dozen games I haven't even really started.

If Microsoft would sell me a legit VM image, I would probably buy it. Professionally it is useful to keep my Windows skills current. But other than that, Windows is completely over.


Re: "sending activity history to Microsoft's servers"

Dude, get an intercepting proxy like Burp Suite and set your browser to use it. While Burp Suite is primarily intended for pentesters, you can use it to see how much shit phones home.

The results will probably surprise you. If used it to disable shitty extensions, disable default home pages, etc. All browsers are guilty.

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign


Re: no news


So you're 'agile', huh? I do not think it means what you think it means


Re: Successful implementations?

**** Crickets ****

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters


You can also send your El Reg password too. It is totally safe. Mine is *********.

'Break up Google and Facebook if you ever want innovation again'


Re: They just store what you give them

Unless you have this in your /etc/hosts:

# Blocking facebook

# https://winbeginner.com/block-facebook-hosts-file-windows-pc/

# facebook.com

# www.facebook.com

# login.facebook.com

# www.login.facebook.com

# fbcdn.net

# www.fbcdn.net

# fbcdn.com

# www.fbcdn.com

# static.ak.fbcdn.net

# static.ak.connect.facebook.com

# connect.facebook.net

# www.connect.facebook.net

# apps.facebook.com searchincognito.com www.searchincognito.com

# Block Facebook IPv6

#fe80::1%lo0 localhost

#::1 facebook.com

#::1 www.facebook.com

#::1 login.facebook.com

#::1 www.login.facebook.com

#::1 fbcdn.net

#::1 www.fbcdn.net

#::1 fbcdn.com

#::1 www.fbcdn.com

#::1 static.ak.fbcdn.net

#::1 static.ak.connect.facebook.com

#::1 connect.facebook.net

#::1 www.connect.facebook.net

#::1 apps.facebook.com

#::1 edge-star6-shv-02-ams2.facebook.com

Pi-holing facebook.com would work too.


Biting the hand that feeds IT © 1998–2019