* Posts by hayzoos

115 posts • joined 2 Jul 2014


cmd.exe is dead, long live PowerShell: Microsoft leads aged command-line interpreter out into 'maintenance mode'


Properly, *.bat is command.com, *.cmd is cmd.exe.

Any *.bat or *.cmd I wrote over about 5 lines included copious comment lines for the unfortunate souls tasked with maintaining them. Even my obligatory "hllowrld.bat" had comment lines.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal


"...a big green button..."

I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?

Internet root keymasters must think they're cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony


Sounds very secure except

Over YouTube?!?! That's all I have to say about that.

On the 20 hour safe cracking: They need a better locksmith. I have experience with these type of safes. I have seen them cracked in less than an hour due to a forgotten combo.

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Black Helicopters

Re: Why do people read something which was never stated.

You are correct in pointing out the article made no mention of classified material.

Having previously worked for a defense contractor, I can say it was a definite possibility.

I had said when ransomware first emerged, that it should be considered a data breach. If an outsider had enough control of your systems to encrypt some or all of your data, then you lost control of said data. They could do anything with the data not just encrypt it. They just found another way to monetize their break-in.

As was alluded to in other comments, trying to secure a system built for frequent business transactions against malicious transactions requires monitoring for and knowing the difference between legitimate and not. You also must be able to block the illegitimate before significant damage can be done. Sometimes this calls for blocking some legitimate. Too much blocking causes pushback and an ordered lowering of security.

Grsecurity maker finally coughs up $300k to foot open-source pioneer Bruce Perens' legal bill in row over GPL


Travesty of Justice

"Perens gets nothing personally for his trouble, but his legal team will be paid."

Lawyers would have been paid anyway. The aggrieved still has second thoughts about speaking out.

Drones, apps and packed lunches: The latest on big tech's COVID-19 response


Re: Thank DEITIES!

Where's the fun (profit) in that? Many of those sources of pandemic information do not enhance the visitor experience with kind relevant words from their sponsors (targeted ads).

Corporate VPN huffing and puffing while everyone works from home over COVID-19? You're not alone, admins


Re: Hopefully the end of corporate VPNs

You would have the same issue from the browser on a machine on the network, that is not a VPN issue.


Re: Hopefully the end of corporate VPNs

I don't see what a browser has to do with it.

I still have to guess at exactly what you are describing, but it sounds to me like more of a VPN client misconfiguration. It also may be referring to using an unmanaged machine as a VPN client. In both instances, the point of the corporate VPN IS negated.

A proper corporate VPN will only allow connections from corporate managed VPN clients. Those clients will have the same or likely better hardening as the internal corporate network clients. They will require additional protections on the initial Internet connection during VPN tunnel establishment. No traffic outside the VPN is permitted, save authenticaton/consent to the AP/gateway. This traffic denial is bi-directional. A corporate VPN implementation has to include the very same level of perimeter protection on the VPN clients as the corporate network gateway. Anything less will not do.


Re: Hopefully the end of corporate VPNs

VPNs, pointless, please explain.

Not exactly the kind of housekeeping you want when it means the hotel's server uptime is scrubbed clean


unreliable power

My first experience with unreliable power was at a small office move where they added a few outlets to accommodate the Novell server, phone system, and AT&T Unix voicemail server and associated network equipment. I was trying to keep related equipment on related circuits so a circuit outage would only affect one service instead of everything. It was not quite possible to do it that cleanly, the network switch had to be on the telecom circuit. I was seeing connectivity issues all over. Troubleshooting was a bear. I also had new Cat3 drops to suspect. I for some reason checked the grounds between the circuits for potential. The multimeter showed about 50VAC between the telecom circuit and the computer network circuit. The electrician confirmed and corrected the grounding issue, apparently there were multiple grounds for the building but they were not bonded. Connection issues disappeared.

At the same place one of the user's monitors (CRT) had an annoying "waviness" which was also suspected of causing headaches. When I saw the "waviness", I could see the possibility of headaches. I found the building's electrical feed was directly opposite the wall of the problem monitor. I first suggested rearranging the office to move the monitor, which was declined. I then attempted to shield with a large steel panel both in grounded and ungrounded states. The grounded steel panel diminished the waviness greatly but not completely. They decided to rearrange.

At another job there was a "computer lab" setup in a former cubicle farm space. Fifty or so stations were setup in a very long and narrow space with a server located halfway. This location had better than average policies which included periodically testing the building UPS systems. On the first test after full build out of the lab, half the lab went down, including the server. I had to inform project managers, facilities dept. and others that half the lab was not on the building UPS. The facilities dept. had to admit they knew that but the cost to add was prohibitive. The consensus decision driven from higher up was not to fix the issue. I moved the server to the half that was on the UPS.

At that location I was once volunteered as the escort for the UPS tech for a repair of one of the units. I asked what he was fixing. He replied, replacing the positive battery buss. I walked back across the room to the doorway. I said I wanted to be able to summon help in case of a short circuit. The battery cabinet footprint was about 3ft by 15ft, probably enough energy to blow me through the doorway and he would have been beyond help.

Morrisons puts non-essential tech changes on ice as panic-stricken shoppers strip stores


Re: "throughput of goods is in excess of the usual Christmas peak"

"sudden onset explosive shits"

That sounds like a good name for a rock band.

Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court


We have observed the horse has bolted, oops, our bad.

"Through routine and proactive web scanning, we recently discovered information related to your jcrew.com account," customers are being told.

So, they do not routinely and proactively review their own network security. But, all is good they can detect a data breach by way of the intertubes. I wonder, do they use the security tech of a google or bing search?

Windows 10 Insiders: Begone, foul Store version of Notepad!


Haven't found a good replacement

I haven't found a good replacement for my preferred text editor on the PC . . . Wordstar.

I just use whatever is available now.

Even Ubuntu offering suggested packages is too much, brought to you by systemd Iguess. Linux is beginning to feel like the parts of Windows I was trying to get away from.

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks


Have an upvote

Most discussion of VPN currently identifies hiding your IP. I agree a proxy is what is needed for that. For some odd reason people think of VPN as secure encrypted proxy whether they know it or not. VPN's capability of blocking tracking is minimal at best.

But a VPN traditionally provided the service of a leased line over the much cheaper public net. It mattered not if both ends were controlled by the same entity. Another traditional term used for VPN was an encrypted tunnel. Use cases of VPN were never limited to just a secure interconnection. The focus on proxying using a VPN is relatively new though,

I use a VPN to obscure my data from my ISP when home, and when travelling from public WiFi operators and users.

I do not expect any tracking protection except from my ISP. I am more concerned about traffic blocking. Ironically, some servers I am trying to reach block access from VPN for security reasons.

I am looking into establishing my own VPN server with a hosting service strictly for my own use.

Internet Society says opportunity to sell .org to private equity biz for $1.14bn came out of the blue. Wow, really?


ISOC -- non-profit?

There must be some really creative accounting to paint $1+ billion as not profit.

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing


Re: AT&T did the same....

Not at all surprised with AT&T. I think they have at least four separate databases containing an email field. They are not all updated upon changing your e-mail, via one of the many ways to change your e-mail. One of them does not work with plus addressing aliases from gmail. I think it is the paperless billing, but part of it does. I could register and verify and receive email from the paperless billing except for the last step where I would receive paperless bills, but I would get other notifications pertaining to paperless bills at the plus address. I eventually created an att alias email on my domain.

On a related note with AT&T, They plastered another layer of security over their insecure ad-hoc system. They implemented 2FA via SMS, but only to AT&T numbers, and only to an AT&T number on the account. High fives and adjourn for beer after that meeting, eh. So, when I find myself working out of town where there is no cell coverage but I can get wifi, I cannot login to my account. Of all the 2FA options available SMS is the most vulnerable to interception. The backend TOTP generation is the same as used with tokens without the swiss chees SMS. They refuse to acknowledge that the 2FA they implemented keeps me out, but not a determined hacker.

I'm not Boeing anywhere near that: Coder whizz heads off jumbo-sized maintenance snafu


Re: I have flown on aircraft running my software (ish)

I think the Win9x functional memory limit was lower. I bought a PIII 64MB system with Win98SE which came with a free upgrade to WinMe. I also bought two 128MB memory sticks to max out it's memory capacity at 256MB. WinME was crashing due to a memory leak, downgraded back to 98SE and it was too. I know they ran at 128MB without the memory leak, I don't know about 64+128. I installed Win2k on it and used it that way for 10yrs.

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back


I cancelled my paypal after they tried to pull a payment from my checking account when I provided a credit card for payment. I was subscribing to a service which used paypal for payment processing. It was $10 per year. I provided the credit card details for payment. I did not receive a notice from the credit card for the transaction, instead I received notice of overdraft from the bank where the checking account was held. I was maintaining it as a sweep account which is why $10 over drew the account. I immediately contacted the bank to dispute the transaction. They reversed the transaction and cancelled the overdraft fee. The very next day paypal tried it again. I contacted the bank again, they reversed and cancelled again. This time though I asked about putting a stop in place. They said there is a stop fee, I said fine, paypal will continue, and so will I. They put a special stop in place since paypal was changing the id of the transaction and no fee for me.

When I cancel or close an account online, I purge or change as much information as possible before closing or deleting.

Why are these emails coming from "noreply"? Why do we have to jump through hoops to contact these companies to answer an email from a "noreply" address? They should be outlawed.

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked


Current password guidance

There is so much wrong with all the "current" password guidance out there. First, the PHB types don't bother to check the timestamp presenting generation(s) old guidance as current. Then you have the lazy dev types only implementing the minimums but leaving out select special characters because their input checking is non-existent and have to avoid SQL injection, but technically current guidance. All the stupid rules only allowing this, disallowing that. So I type "WTF?RuStup1d!?" only to be presented with password too long, getting my answer. You gotta love those password strength gauges, a strong password in as little as six characters. There's too many chefs in the kitchen, the good password guidance soup is overloaded with ingredients; it is both watered down and over spiced at the same time with no real substance. But hey, it's an acquired taste.

When the satellite network has literally gone glacial, it's vital you snow your enemy


Close the barn door

On a visit to my dad's cousin's farm, I was asked to look at the issue with their modem. They would lose connection periodically. The phone company had already checked their lines. I was forewarned and came prepared with a spare modem and cables, including a 50 foot long RJ-11 POTS cable. When I started, it was not acting up. We chatted perused the net and such. My dad's cousin said he had to get some chores done out at the barn and went. We still saw no issues. We noticed the horses were out in the pasture and then the connection was getting flaky and dropped. I proceeded to troubleshoot, using my modem, my serial cable, using my 50 foot cable to connect directly to the outside phone box to eliminate the house wiring as the issue. No change, connections still failed. As I was disconnection the 50 foot cable from outside, I noticed their overhead POTS service line crossed the pasture diagonally on two poles. When I came inside I asked about the pasture fence, and when it was electrified. We shut off the fencer and modem connection was fine, problem found but not solved.

Dad's cousin was an electrician. Instead of re-routing the service line around the pasture, he added a ground line to the poles about a foot below the service line. It worked like a charm.

Careful now, UK court ruling says email signature blocks can sign binding contracts


I'm rich!

I must have billions in offers from Nigerian royalty, ex-pat British widows, Warren Buffet, the heads of TLAs, and others in "signed" emails. I have to accept these legal offers post haste.

Chef roasted for tech contract with family-separating US immigration, forks up attempt to quash protest


Re: Flaming idiot, social justice warrior and political hack

"If you put it out there as OPEN SOURCE, you're GIVING IT AWAY. when you GIVE something, and you try to CONTROL HOW IT IS USED, it's NOT A GIFT ANY MORE. You are CHARGING RENT."

I believe you are confusing Open Source with public domain. Public domain has no restrictions and can be used by anybody for any purpose in any way they wish. Open Source and the closely related Free Software put restrictions (non-monetary) on your use and distribution of the software. Using an OPEN Source license is not akin to giving it away, the restrictions must be followed according to copyright laws.

When using public domain, it is common courtesy to attribute the author, but not required. Not doing so is plagiarism, but is not illegal in regards to public domain. Some of the least restrictive Open Source requires attribution, not doing so is illegal under copyright laws.

Call-center scammer loses $9m appeal in stunning moment of poetic justice

IT Angle

restitution, but not whole

There is a point where restitution does not make the victim whole again. Somebody losing their life savings for years until the restitution is made has likely accumulated other financial damages due to the lack of said life savings. In some instances opportunity lost can never be regained or compensated. In this case determining this additional damage is a monumental task. Being fair and just is not easy.

I'm not defending this guy's actions, but how is it that full restitution is laid in his lap? I'm all for getting the victims their money back. I'm afraid that the system may look at the case as "this is all we can do, so that's what we get". Somebody does have to pay the bill for investigation and prosecution. Even with a conviction not all those costs are covered.

This image-recognition roulette is all fun and games... until it labels you a rape suspect, divorcee, or a racial slur

Big Brother

Re: AI Absolutely Rocks - Proof

I thought submitting politicians' images would be an excellent use of this project.

Yahoo! customers! wake! up! to! borked! email! (Yes! people! still! actually! use! it!)


I read that and things became much more clear. Spokesbeings from another planet, we have been invaded and we have hardly noticed.

It's Friday lunchtime on International Beer Day. Bitter hop to it, boss'll be none the weiser


There are times you just don't do the math

Even using a conservative estimate of my daily average consumption is staggering compared to these records. I will not do that again (calculate my annual beer consumption). When tempted to do so, I vow to have a beer instead. If that doesn't work, I'll have another and repeat until I simply cannot do the math. Since I did it, I will have to do penance. Oh man, my personal beer inventory is low, off to the pub then.

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher


Re: Well... I was expecting something more

...and spoofed their address in reply to a few spammers' lists.

Jeff Bezos finally gets .Amazon after DNS overlord ICANN runs out of excuses to delay decision any further


Re: aws still blocked

Your blocking missed forums.theregister.co.uk.

Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco


Re: Welcome to ethical testing 101...

Is there any more risk in this structured test than the device being robocalled?

I would hope they did not send just any random message, but one they tested on the device they had.

Double-sided printing data ballsup leaves insurance giant Chubb with egg on its face


Re: Clear text

There are levels of security for items mailed. The lowest is a post card, then in a plain envelope, then in a security envelope, then add a security insert, double envelope with inner security sealed, the possibilities are endless before you even upgrade the trustworthyness of the carrier. Things were sent securely before they were digital.

This mail run should have used the security envelope. I say should because even things which were secured prior to PCs on every desk are now not and not just in the PCs.

I have received a piece of mail which should have been in a security envelope but wasn't... It was the information I needed to login to the secure patient portal being sent via a separate channel for security. It had the password and username and patient name and URL of the portal all in a plain windowed envelope. I complained to all the right places but to no avail. They are now seeing the advantages of going digital but still getting it wrong. By security policy, they now are rejecting access from VPN. So now I am forced to choose the digital equivalent of the plain windowed envelope or the actual plain windowed envelope.

We've read the Mueller report. Here's what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████


Very suspicious...

I searched on multiple search engines on multiple ███████ ████ terms... In every result there was a site ending in .ru. There's your evidence.

French internet cops issue terrorist takedown for… Grateful Dead recordings?


These people seriously need help!

There is an awful lot of suspicious material, how can they find it all? We must report it to them. I believe Disney has a site and movie dedicated to Alladin. Being middle eastern themed, it must be terrorist related. I know there is alot of youtube videos on making things go boom. There is a group out there calling themselves the mythbusters that has a bunch of them, they seem very experienced at it. Another larger amateur group calling themselves rednecks show how to do this in your own back yard. You don't have to look far to see evidence of terrorist preparations. As they say see something, say something.

Apple redesigns wireless AirPower charger to be world's smallest, thinnest, lightest, cheapest, invisible... OK, it doesn't exist anymore


Re: The 'AirPower' name always implied where they wanted to get

"Wireless charging for phones is still a solution in search of a problem as far as I'm concerned."

Problem: Having to replace the charging (and primary connection) port in the lifetime of one battery and twice in the useful life on the last phone.

Solution: Current phone wirelessly charges, charging port still going strong due to not being used as often. Charging cables are lasting longer as well.

Distant wireless charging is doable, but the power losses are great with current tech. We haven't progressed much beyond where Nikola Tesla left off. He was focused on wireless power transmission over a distance for use as you go, not so much for charging which requires more power.

Uncle Sam's disaster agency FEMA creates disaster of its own: 2.3 million survivors' personal records spilled


Contracted staff - additional privacy training

Data leaked to a contractor, contracted staff getting additional training, updated contracts; sounds like all actual FEMA employees do is manage contracts. Contractor systems are to meet federal privacy/security guidelines due to updated contracts, watching the horse gallop towards the sunset as you close the barn door. Are FEMA systems meeting these guidelines? We may never know if the situation is like that of the EPA where it's vulnerability assessment report has a gag order.

I am waiting for the underfunded IRS to reveal it has leaked all taxpayer info; tax IDs (aka SSNs), bank account info (for direct deposit of refunds), addresses, earnings, names of course, occupations, marital status, etc. Of course, certain records under audit scrutiny are better protected such as a certain NYC real estate mogul.

They might as well just say "oops, our bad" via twitter and go about doing whatever it was they were up to.

What do sexy selfies, search warrants, tax files have in common? They've all been found on resold USB sticks


Multiple pass overwrite is a waste

Best: Proper physical destruction, choose your favourite method, just be thorough.

next: Any secure erase function built-in, fastest possible overwrite, may overwrite bad "blocks", use hdparm to access it

next: single pass overwrite ones or zeroes or preferably random bits, use dd with random or zero, slower than built-in due to interface bottlenecks

next: overwrite software like dban, blancco, or whatever with one or more passes to meet regulatory requirements including certificate, slow as molasses at the north pole

Format was never meant to erase, only prep for use. The same goes for "Low-level" or "Full" or "Guaranteed complete thorough better than new" format which may or may not overwrite all accessible blocks, it usually is used when there is no existing format or changing to a different format.

Windows cipher command is a good try, but it fails on multiple levels.

Delete, trash, recycle, hide, forget, ignore, store in vegetable drawer, will also not properly dispose of sensitive digital bit patterns.

I like to disassemble and apply a propane or mapp gas torch to the bit holding parts. For the really sensitive stuff I would use a microscanning microplasma torch or microsharks with microlasers.

Telecoms kit supplier shut down for carrying on work of two firms that had been... shut down


Here's an idea

1) The Insolvency Service has the authority to act on a known banned Director, but must be informed.

2) And, the Companies House can only publish such information publicly even being specific as to request the Director to terminate, but not act.

3) Then should not somebody(ies) job(s) at the Insolvency Service be to review the public information published by the Companies House?

Sorry, makes too much sense; goes against business lobbyists desires; and a law or rule will then be passed concerning this very loophole.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Big Brother

Re: Not much protection

When I heard signed script, I thought they were talking about corporate CA certs. The certificate store has grown to be a mess though with CAs from world+dog pre-populated for your convenience. This is another area where hardening needs to targeted. You have to trust the CA which can produce a code signing certificate. Enough damage can be done even when the rouge CA only produces TLS certs and javascript execution is permitted on that basis.

I don't see why a corporate CA has to be limited to internal use either. Properly managed (I know fanatsy world) corporate CAs can be used to vet comms between partners, more trustworthy than common TLS or even some EV TLS certs issued by traditional third-party CAs.

Take a browse through the certificate store in a default Windows install. Allow your paranoia to interpret the names of some of them. Is there a five eyes CA in there? How about an FSB? Don't leave China out of consideration nor North Korea, Isreal, Iran; all of their spy groups have entertained the idea of gaining a foothold this way. If not, they do not deserve to have Intelligence in their names.

As netizens, devs scream bloody murder over Chrome ad-block block, Googlers insist: It's not set in stone (yet)


Re: There is always the old fashioned way

"Not much they can do about that one...."

They can implement their own DNS client in Chromium/Chrome instead of using the one from the OS. This can then ignore the "/etc/hosts (or whatever it is on your O/S)" and always resolve anything google.com. They can even decide to encrypt it so a network based filter cannot interfere with google.com hosts name resolution.

BTW it was mentioned earlier in the comments - DNS over HTTPS.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean


Am I biased?

"monthly Patch Tuesday excitement"

Did anybody else misread the above snippet as "monthly Patch Tuesday excrement"?

Still using Azure Scheduler? Schedule in 30 September 2019 'cos it's being euthanised


More replace simple with fancy, fancy, bells, and whistles

Not at all surprised. The scheduler must have been to simple and reliable and dull. These days everything must have every feature under the sun and then some.

The further expand on the cron analogy. It too may see a similar push to the wayside by the systemd crowd. This is not isolated to Azure or Microsoft.

Why can't we follow the "if it ain't broke, don't fix it" mantra? Sure it may have a few issues, but they have been worked around. A simple modular system tends to work much better than a single complex gargantuan system.

No, we need to reinvent the wheel, and axle, and bearing, and drive linkage, and differential, and braking, and engine, and steering, and lighting, and chassis, and cab, ad nauseum just because we want to create a new car radio, then do it all again to add mp3 playing into the new, new car radio.

Wanna save yourself against NotPetya? Try this one little Windows tweak


Re: One notable casualty of the full-strength malware was shipping line Maersk

I heard they went serverless.

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more


Re: What a load of bull

I don't know why everyone is being so harsh on @Pascal Monnet. He has a point, even comparing by numbers, the playing field of cybersecurity is vastly more complex than chess. The full set of chess is definable. We have chess programs, we have chess playing programs able to defeat top human players. If it was as easy as chess, then where are our programatic weapons to defeat even the average cybercriminal?

The real problem is, thinking it is possible. It is a similar problem as making something foolproof.


Re: SMS '2FA'

Outsourced Authentication, to save money, probably lowest bidder, What could go wrong?

Wait, don't answer that. It is called saving money at all cost.

I'm trying to be funny, it doesn't help the despair.

Big Cable tells US government: Now's not the time to talk about internet speeds – just give us the money


DSL is not an option for the rural coverage, only cable and fibre. Satellite already serves rural areas. The material used is not the major cost, the labor to run it is. The best value and bang for the buck is fibre. But it does cost more than copper. So the savings of sticking with the lower speed copper is turned into profits.

If the rural ares get higher speeds, then suburban and urban areas will demand increases. Can't have that, all that investment eats profits.

Space station springs a leak while astronauts are asleep (but don't panic)


What part of International Space Station do some of the commentards here not understand? Ingenuity knows no borders. It must be a prerequisite to becoming a spacefarer.

I saw mention of duct tape, zip ties, wd-40, let us not forget the tried and true mechanic's wire.

EU wants one phone plug to rule them all. But we've got a better idea.


Wire, plugs, current, safety

I'm a USian with better than average knowledge of the electrical systems here, enough to make me dangerous. My direct experience is with the radial circuits, primarily in the residential electrical. I have also worked with industrial 3-phase delta and wye tapped circuits over 480 volts.

I think a fuse integrated into the plug is proper engineering whenever the wire beyond the plug is rated for less current than the outlet and building circuit. I see the fused plugs here in holiday decorative lights and a few other applications. But, most of the daily use appliances have cords rated for 10 amps or less plugged into 15 amp outlets/circuits, most without a plug fuse. Many of those appliances have a fuse in their power supply, leaving the cord as a weak link.

Keep in mind when talking of fuses or circuit breakers, it is concerning overcurrent protection. There is also GFCI for ground fault protection when the current flowing through the hot is greater than that returning through the neutral and/or ground. The goal of GFCI is to cut the circuit when the current is finding another path besides the neutral or ground since that may be a human providing the circuit path lethally. Then you have the more recent arc-fault circuit protection. It's goal is to break the circuit when a prolonged arcing is occurring. Why? Prolonged arcing causes high temperatures suitable for igniting flammables or melting metals just like arc welding.

This has direct relevance to the "one plug to rule them all". Take USB for example, is has variations for differing power levels through different combinations of volts and amps in the range of 2 to 100 watts. Combine that with backward compatibility either directly or through adapters with older spec cables of lower current capability and no fusing of the wires at the plug and you can see temperatures reaching ignition levels. I know the specs usually cover handshaking to negotiate higher power levels, but various low cost cables and adapters seem to find workarounds to those nasty safety limits. 100 watts may not seem like a lot, but it is more than enough to cause ignition temperatures for a lot of common materials.

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages


one word


GitHub given Windows 9x's awesome and so very modern look


Re: Not authentic enough....

Maybe sooner if DST change is not too far off. Gaining or losing an hour has strange productivity effects.

Google Chrome update to label HTTP-only sites insecure within WEEKS


Shut up about the Chinese Cannon and the Verizon Supercookie

Those running the Chinese Cannon will have no trouble performing a MITM attack on a HTTPS session. If you don't believe that, then go crawl back under the rock. In fact, you don't have to be a "state level actor" (TM) to MITM a HTTPS session.

The Verizon Supercookie works at a lower layer in the network stack and HTTPS aint gonna help. Your ISP is by definition a MITM and can attack your session in a variety of ways. In the US the big ISPs are the only offering so you cannot find another. They also have a friend at their regulatory agency the FCC who will rule to their liking like killing net neutrality. So side gigs like supercookies, and ad injections are not frowned upon.

Boffins want to stop Network Time Protocol's time-travelling exploits


time doesn't exist, unless I believe it

Encrypting/decrypting a time query/answer will occur at a known interval, adjust accordingly.

Aren't you supposed to use a relatively local ntp server? for multiple reasons, think it through.

It's all relative, I like that one.

My system clock may be off, I think it's beer-thirty.



Biting the hand that feeds IT © 1998–2020