* Posts by GnuTzu

274 posts • joined 1 Feb 2015

Page:

Love Microsoft Teams? Love Linux? Then you won't love this

GnuTzu
Bronze badge

Re: "Vanishingly Small"

"fortunately I work for a Linux company..."

My eyes are so green they are bleeding Vulcan blood.

0
0
GnuTzu
Bronze badge

Re: @GnuTzu - "Vanishingly Small"

"Sorry, mate, but if you'll ever see Android on the desktop it will be as locked up as Windows..."

Yeah, you know why asked. It was almost a rhetorical question.

0
0
GnuTzu
Bronze badge
Linux

"Vanishingly Small"

"Linux has a vanishingly small share of the desktop market."

Makes me feel like an old fogey Linux user (Mint exclusively now). I've been so pleased with how good the Linux desktop has gotten that I can't ever imagine going back to a proprietary desktop. Yes, I've had a Mac and, like so many, I have no choice about what I use at work. And yes, Windows 10 is sheer torture for a power user and command-line warrior (Cygwin being my salvation). I guess there's no attraction to a phone/tablet, Facebook, consumer-sheeple generation to think about their freedom. Would this change if Android could become a more viable desktop, and would that be a happy thing?

28
5

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

GnuTzu
Bronze badge
Unhappy

Betrayal

The irony of a security protocol being used for tracking just feels like betrayal. But then, so much of the Internet feels just that way. I guess I shouldn't have been surprised.

10
0

Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light

GnuTzu
Bronze badge
Megaphone

Re: “accidentally left open” is incorrect...

O.K., then why is stupid so popular? Or, is this something that when they need to make it available to a partner it's easy to screw up?

0
0

LuminosityLink spyware mastermind gets 30 months in the clink, forfeits $725k in Bitcoin

GnuTzu
Bronze badge
Facepalm

"not the shooter"

Especially in the vague field of remote access. I guess authors need to get purchasers to sign license agreements that say the software will only be used on a white-hat basis, though I have no illusions about how many of those will be signed with fake identities.

6
0

Party like it's 1989... SVGA code bug haunts VMware's house, lets guests flee to host OS

GnuTzu
Bronze badge

Re: A standard dating back to 1987? -- Backward

Ah, thank you for the clarification. My sympathy on the challenge. Crappy console fonts and not being forced to install X11 are more than valid justifications. Voted up.

4
1
GnuTzu
Bronze badge

Re: A standard dating back to 1987? -- Backward

Anyone feel like this much backward compatibility is just backward? Well, at least it shouldn't be baked in so that you can no load it unless you need it, and rip it out if you never want to see it again.

0
5

Web browsers sharpen knives for TLS 1.0, 1.1, tell protocols to dig their own graves for 2019

GnuTzu
Bronze badge

"Management: 'do we have enough money in our budget for this?'"

Security Assessor: "do you have enough liability insurance? Do the risk/cost trade-off analysis, dammit."

4
0

Azure goes quiet, Huawei Canada ban urged, US Senators are after Google, and more

GnuTzu
Bronze badge
Joke

DigitalOcean cloud

An ocean in the cloud? Must be full of flying fish.

Couldn't help it, but I did set the "joke alert" icon.

0
0

The march of Amazon Business has resellers quaking in their booties

GnuTzu
Bronze badge
Big Brother

Re: Amazon is like a very big supermarket -- Sears

Also in the news today: Sears filed for bankruptcy. Sears made it's mark with its mail-order catalogs, which covered a very wide range of products. But, Amazon has had a wider array of products than Sears for years now. Yes, when I heard the news about Sears, this was my first thought.

I also notice that most businesses feel obligated to have a Facebook page because the marketing potential is too great to ignore. Similar to that are brands that have their own web site but also sell through Amazon. I notice one commenter states that the imbalance will never go to the extreme, but I think it's quite clear that current market pressures and the lack of limits make it so that Amazon and Facebook have investor pressures that force them to seek the extreme imbalance--even though it will never be 100%. But, I think the imbalance will grow until most of the independents left will be those political idealists who refuse to cave to monopolization.

3
0

Facebook mass hack last month was so totally overblown – only 30 million people affected

GnuTzu
Bronze badge
Big Brother

Re: The only solution -- Withdrawal Symptoms

I wonder how many Facebook users would go through serious withdrawal symptoms if Facebook closed. It makes one think about the level of conditioning that Internet addicts are subjected to by all these Facebook privacy incidents and security breaches.

0
0

Microsoft has signed up to the Open Invention Network. We repeat. Microsoft has signed up to the OIN

GnuTzu
Bronze badge
Linux

Re: Does that mean? -- Microsoft Fearing Litigation?

So many questions. One possibility--which boggles the mind--is that Microsoft might(?) have seen an advantage in gaining the OIN litigation protection for themselves. Wouldn't that be the strongest bottom-line justification? Is there a PR side to this? Do we have to be frenemies now?

1
0

WebSphere and loathing in New York: IBM yanks buggy application server security fix from admins

GnuTzu
Bronze badge

Re: Due to regression -- Non-API

As a development platform, what is the chance that web applications had been built to a bug, and IBM simply didn't have a regression test for that bug? Then again, I haven't WebSphere API documentation for over a decade, and I don't remember how good it is. The point being that when API documentation is weak, developers are forced to fidget to figure out how things work, and that's one of the reasons developers sometime code to a bug rather than the actual API.

5
0

In the two years since Dyn went dark, what have we learned? Not much, it appears

GnuTzu
Bronze badge

Re: Workstation, Server, and Router Options

"You probably want to look at dnsdist for DNS load balancing."

Thank you. I much appreciate it. Now I just need to figure out how to get it into a home router.

3
0
GnuTzu
Bronze badge

"You mean like /etc/nsswitch.conf?"

Great. Anyone know about Windows for this? Or rather, is it Microsoft we're waiting on or just the replacement protocol?

0
0
GnuTzu
Bronze badge

Re: Redesign -- Parallel Protocols

I think the first step is to redesign the resolvers at the O.S. level to allow for an additional method on top of the existing one's (DNS and the hosts file). That way, DNS could co-exist with the new protocol until everyone manages to get cut over.

0
3
GnuTzu
Bronze badge

Re: Workstation, Server, and Router Options

I went with Quad9 (9.9.9.9) in the first two slots and OpenDNS in the third. That way, I get more redundancy without giving OpenDNS the full picture.

Adding to my wish list, I would really love it if I could route DNS queries based upon the type of content being requested, but that would be really elaborate to configure, even with a good categorization service.

It might also be nice if there were browsers that would do their own DNS queries to different DNS services depending on whether in privacy mode or not--rather than only using the O.S. resolver. It would be nice if Firefox would make it easy for someone to write an add-in for this.

Supposedly, OpenDNS is slightly faster, but Quad9 is promises a higher level of privacy (with regard to your DNS queries. They both perform well though as they, like CDN's, are not actually geographically anchored.

2
0
GnuTzu
Bronze badge

Workstation, Server, and Router Options

I've started using alternative DNS services. I stopped using my ISP a decade ago, and I recently stopped using Google. And, I set these in my router so that all clients using DHCP will get to the right DNS servers.

But, I've always wanted to have options to round robin or other cycling among a larger number of DNS servers, not just three. And, I'd really like it if it could be made to compare responses from two or more different DNS services to get a majority rule, logging any suspicious results.

Anyone know of an opensource project where they are pursuing such things. I'd like to encourage my router/firewall manufacturer to incorporate such features.

5
0

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

GnuTzu
Bronze badge
Childcatcher

Eight-Year Olds

The pictures they put on these articles mess with my head. I just had a vision of eight-year-olds with bugs. Yet, when people start having robot children... I am so seriously going to be creeped out by all the excessively life-like humanoid robots. Yet, it's pretty clear that they'll be here. Not to mention... No; I'm not going to be the one to mention it.

0
0

PINs and needled: Experian site blabbed codes to unlock credit accounts for fraudsters

GnuTzu
Bronze badge

Re: Can someone tell me why?

"Sigh. You might think it's all "by design", rather than chance. Where's me tinfoil hat... :/"

Yet, now that it exists--why would they give it up?

It occurred to me (during just this morning's commute) that, while this situation may have been subject to a certain amount of intentional design, this situation has certainly undergone a fair amount of evolution. And, then it occurred to me that this observation could well fall under Daniel Dennet's concept of the "free floating rationale", which essentially claims (though much debated) that things can have purpose as if they were designed despite not actually being designed. And yes, I know this is a topic that is debated at high academic levels, but I'm more interested in the implications for those who let a precarious economic system be at risk because of poor security practices.

So, what is the moral imperative for those who profit from a flawed system that is a threat to the well being of the market, most people, the nation, and possibly humanity as a whole? If they knowingly continue to profit from it, knowing it works against survival, then does the claim that it's natural because it evolved this way really count as a reasonable moral choice? Remember, there are species that went extinct simply because they failed to adapt to a change in environment. Yet, we supposedly evolved big brains to overcome such possibilities. Apparently, our big "uh-brains" aren't yet big enough.

1
0

US may have by far the world's biggest military budget but it's not showing in security

GnuTzu
Bronze badge
Big Brother

Military Industrial Complex

"It's there to make the executives at the defence companies richer as well."

When you control a market, you get to justify a cycle of replacing weak products with larger quantities of weak products.

And, let's not forget what it has been called: "The Military Industrial Complex."

1
0

The Obama-era cyber détente with China was nice, wasn't it? Yeah well it's obviously over now

GnuTzu
Bronze badge
Headmaster

"a state that... has no recognisable morals at all"

Do nations really have morals? {Insert ugly political debate here.} I'm just too cynical to believe that any power structure would not strive to maintain power of some kind or another or gain more.

Yet, I did have to back up on that statement to make sure I understood who or what you were saying had "no morals at all."

5
0

If you haven't already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

GnuTzu
Bronze badge
Joke

Re: Would anyone...

Well, if I did, I imagine I might develop a tic.

0
0

The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees

GnuTzu
Bronze badge

Re: Correction here -- Who's Commenting?

@Archtech, Actually, it was meant to have an ironic flavor to it. Yet, the thing I find cynical is the ad hominem response for what was meant to have a dark whimsy about it. And, if you've never made a typo, homonym or not, then I'd think you'd be happy about being so perfect. (Geesh, "hominem" is a homonym, or at least a near homonym.) Ultimately, I'm really just curious if there are Russian trolls here. It would be interesting if El Reg would publish statistics on origin of IP addresses for those leaving comments on these topics.

0
0
GnuTzu
Bronze badge

Re: Correction here -- Who's Commenting?

It's really curious to see the back and forth in this conversation. I can't believe this topic is that controversial. I'm inclined to believe that some of this is not of western nations. Maybe El Reg should be checking IP addresses. Vote me down if your Russian.

0
2
GnuTzu
Bronze badge
Joke

Re: Correction here -- No U.S. Vacations

AFAIK, it simply translates to: "if you want a vacation in the U.S., we've got a special hotel for you."

2
0

Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying

GnuTzu
Bronze badge
WTF?

"Expelled" Not Held -- What?!?!?

How long were they held. And, now that they're expelled, the Russians are saying they've got it all wrong. They get caught red handed, interfering with a legal investigation, and they were just let go?!?!?

Well, maybe I've just become accustomed to hearing about terrorists being held for years in Guantanamo. Have I been infected with a distorted view of the World or is the World crazy? Maybe it's a little of one and a lot of the other.

0
1

The weekend starts here... right after you've installed these critical Cisco bug patches

GnuTzu
Bronze badge
Coat

How Many Times a Week?

I'm a little take aback. Haven't we been seeing Cisco patches a little too often? I have to say that for what is the dominant player in network infrastructure, this is more than a little discouraging.

1
0

Apple forgot to lock Intel Management Engine in laptops, so get patching

GnuTzu
Bronze badge
Mushroom

Re: the security of our products is a top priority for Intel -- "hardware 'off switch'"

Jumpers!!! Just a penny or two wholesale for the part, and they can't be altered by software. Why the f*******k does everything have to be f****king software f****king controlled?

17
0

Sendgrid blurts out OWN customers' email addresses with no help from hackers

GnuTzu
Bronze badge
Headmaster

"as nothing refers to those URLs"

@Pascal, Really??? Then how are they crawl-able? They'd have to be links in a page that can be found.

And, as others are pointing out, in their own way, a strong security control is not optional and robots.txt is optional, thus robots.txt is not a strong security control.

2
1

UK pins 'reckless campaign of cyber attacks' on Russian military intelligence

GnuTzu
Bronze badge
Stop

The Dance

Still waiting for it to get bad enough to result in physical war. Got Nukes?

Yet, there will clearly have to be sanctions first.

4
4

AI-powered IT security seems cool – until you clock miscreants wielding it too

GnuTzu
Bronze badge
Coat

Re: knowing when to stop -- Self Referential

When AI is tasked with detecting insider threats, it might well have to learn how not to detect itself as an insider threat before it can become one. Gives me the willies.

2
0

Facebook monetizes 2FA, Singapore monetizes hacker, and ransomware creeps monetize US Democrats

GnuTzu
Bronze badge
Mushroom

Re: 'The (other) Facebook privacy fsck up' -- Consumers...

This might be addressed superficially; but now that consumers are officially the property of the market, it will never really be fixed.

1
1

'This is insane!' FCC commissioner tears into colleagues over failure to stop robocalls

GnuTzu
Bronze badge

Re: Poor FCC Commisioner Rosenworcel. She will now be inundated ... Screening

"1-2 per day"

This is why I only answer the phone for those in my address book. Everyone else has to leave a message, and it's shocking how many don't.

0
0

Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)

GnuTzu
Bronze badge
Megaphone

Re: Hardware button? -- Market

@Dan 55, Yes! Seriously, I can't believe how complicated some things have been made just to save on buttons. Or, is that that they think buttons are scary and will frighten consumers if there are lots of them?

6
0

DEF CON hackers' dossier on US voting machine security is just as grim as feared

GnuTzu
Bronze badge
Coat

Re: Land of the free! -- Accountability

We're now so conditioned to accept both weak security and lack of true representation that it will take a major, apocalyptic, catastrophe for anything meaningful to be done about this. That is, the people who are responsible for this crap will not be sent to jail, will not be fined, and won't be fired. If anything, they'll create a commission to look into creating a standard that won't get implemented. We'll be lucky if we get a law requiring a paper trail. Sigh.

7
0

Oslo clever clogs craft code to scan di mavens and snare dodgy staff

GnuTzu
Bronze badge
Facepalm

Re: Big Brother will be watching you... Retail Too

There are cameras that count the number of patrons coming and going from retail establishments and food services. They've been around for quite awhile, but you have to imagine that they've been getting smarter. Yet, it just occurred to me that the level of smart for these cameras is on par with IoT, which means that not only will they be watching you, but so will the crims. Doh!

3
0

VirusTotal slips on biz suit, says Google's daddy will help the search for nasties

GnuTzu
Bronze badge
Childcatcher

Re: owned by google -- Public Collaboration

One thing I like about VirusTotal is that what it aggregates it publicly cites. What I fear is that these public citations will go away. There are others that do this, but not enough. I don't want the public collaboration to go away, turning all the security services into black boxes. That doesn't mean there should be no black boxes. I just think that public collaboration and education is too important to have InfoSec become only black boxes--driven by secretive minions keeping what is crucial knowledge from the public.

1
0

Your specialist subject? The bleedin' obvious... Feds warn of RDP woe

GnuTzu
Bronze badge
Childcatcher

Re: Useful advice that won't help -- Car Keys

There are places where it's a misdemeanor to leave your keys in the car. That way, felons won't say "oh look; free car." Are we going to end up with fines for those who make it too easy and too profitable for cyber crooks?

Of course, for IoT and phone apps, the fines have to be for the manufacturers, but we know that fines of those types will never be enough to compensate for the victims of cyber-voyeurs or worse.

1
0

Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious

GnuTzu
Bronze badge
Trollface

Oh Look

More in the culture of hacked ships (obligatory movie reference).

0
0

Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is 'insecure'

GnuTzu
Bronze badge
Joke

Re: Serial number story -- Make 'em Really Big

Yes Large, but monotonically increasing, so it will actually look like massive inventories are being built up.

Reminds me of a joke in which the Russian asked America to manufacture prophylactics for Russians, a foot long and three inches in diameter. When the American manufacturers balked, the American leaders said make them but print on them a label that reads "size: small".

4
0

Uber to dole out $148m settlement among US states over breach it paid $100k to bury

GnuTzu
Bronze badge
Megaphone

Re: No jail time for deliberate deception -- And You Know Why

As long as bigger corporations fear reasonable punishment and have influence over the lawmakers, we'll never see laws that do anything other than reward the crimes and negligence of CEO's.

0
0
GnuTzu
Bronze badge

Re: Submit to an External-Audit because that worked so well before - PCI DSS

Yeah, I've seen auditors browbeaten into submission. There's a fundamental conflict of interest in the PCI DSS standard simply because external auditors can be replaced if they get too finicky. But, what do you expect from a regulatory standard created by the banking industry.

3
0

Open-source software supply chain vulns have doubled in 12 months

GnuTzu
Bronze badge

Code Repositories -- Wild, Wild West

Just how different are code repositories from that of the primary O.S repositories of the major Linux distros. And, how much more probable is it that a zero day will show up in an alpha or beta repo than a that of a release version. I'm thinking these things need to get some moderation and other security controls.

1
0

Scottish brewery recovers from ransomware attack

GnuTzu
Bronze badge
Joke

Pay Us in Beer

Somebody had to say it.

9
0

Developer goes rogue, shoots four colleagues at ERP code maker

GnuTzu
Bronze badge

Re: A gun is involved in every single mass shooting.

A bomb is involved in every bombing.

A knife is involved in every knifing.

A vehicle is involved in every vehicular attack.

Don't stop at controlling the weapons; heal the mental injuries that create such intense violent anger--because such anger will find it's outlet regardless of the available weapons.

The system is rigged to divide us. Heal the rift to end the violence.

5
1

Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams

GnuTzu
Bronze badge
Trollface

3. Because criminals are criminals to avoid hard work--which means they're frickin lazy.

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018