* Posts by DCLXV

60 posts • joined 21 Feb 2015

Page:

systemd-free Devuan Linux hits version 1.0.0

DCLXV

I don't understand the hype

Last I checked, Devuan repos were missing a number of packages Debian repos weren't and it's still unclear what exactly, if anything, Devuan offers that Debian with systemd removed wouldn't do.

Unless someone can explain what specifically the advantage is, seems like Debian with SysV and OpenRC is still preferable to dabbling in Devuan.

Windows 10 Creators Update general rollout begins with a privacy dialogue

DCLXV

Where Is My Mind?

Choose an OS. Choose your games. Choose Word and matching malware. Choose a three piece dialogue of privacy options on hire in a range of fucking dark patterns. Choose clipart and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch waiting on mind-numbing spirit-crushing software updates, stuffing fucking junk food into your mouth...

Dieselgate: VW pleads guilty, will cough up $4.3bn, throws 6 staff under its cheatware bus

DCLXV

Eh?

The crime here wasn't that they cheated on emissions standards, the crime here was that they *knowingly* did so at *such a scale* that was easy to quantify the negative impact to the health and well-being of the American public. This may come as a surprise but airborne pollutants are very capable of reducing your quality of life if not outright contributing directly to your passing. What are the odds that a *German* manager with *emissions* right in his job title is unaware of that?

Meet Hyper.is – the terminal written in HTML, JS and CSS

DCLXV

Re: Anyterm

Clicking the live demo link gives me a 503 error.

> For those of you asking "why", the main answer is so that people who find themselves behind an http-only firewall can still do command-line stuff on external machines.

I think this could be practical if I needed to log in from a public computer but then how is key-based auth going to work? What if the network uses SSL Inspection to subvert your HTTPS? I would not want to do any server administration from public computers, but on my own devices it seems simpler to use standard SSH encapsulated in HTTP by way of corkscrew and the terminal environment of my choice.

I *would* consider using Anyterm if it were pitched as more of a web-based Mosh substitute, i.e. the web app maintains the connection to SSHd and secures it with cookie-based authentication so if the user is mobile and dealing with frequent disconnections it won't interrupt the SSH session. Just a thought, interesting project nonetheless.

NSA, GCHQ and even Donald Trump are all after your data

DCLXV

Aye, my mater's maiden name is /dev/urandom

Google GPS grab felt like a feature, was actually a bug

DCLXV

Nothing new here.

Google Services were always too chatty for comfort even prior to this bug, it has become rather rapist-like in behaviour, pretending to give the user an out but then perverting the definition of the word "no" to disregard user intent anyway.

Great British Block-Off: GCHQ floats plan to share its DNS filters

DCLXV

I look forward

to seeing what sort of decentralized replacements the inventive Britons will come up with to fill the coming void. I always enjoyed reading about the glory days of pirate radio in the UK, it will be interesting to see the methods by which those who wish to communicate freely will challenge the dominance of the corporatised web.

The calm before the storm: AMD's Zen bears down on Intel CPUs

DCLXV

Expectations

Anecdotally, I bought a Phenom II hexacore just as they were going out of production and paired it with a more recent AM3+ board for SATA III and USB3. Although it required some overclocking, the system managed to reach parity with a bog-standard i7 920 (first gen) running SuperPi.

Switching over to multi-threaded tasks (video encoding) the Phenom II, which cost me $120 (tax included, there was a sale) retail at time of purchase, was comparable in performance to Intel CPUs in the $300+ range. At the same price point, the best I would have gotten from Intel would have been some pitiful Celeron or i3 system.

So yes, it requires a lot of power (150W) and overclocking is more or less mandatory to make up for some of the deficit in memory bandwidth versus a Core system, but it doesn't fall short as a workhorse for anything from gaming to heavy VM usage and video encoding, not bad overall for a 6-year-old $120 CPU (which, IIRC, retailed at ~$150 from the start).

Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell

DCLXV

It's like a highway collision

I don't want to see the blood and guts but I'm too curious to look away

Kaminsky: The internet is germ-ridden and it's time to sterilize it

DCLXV

Long story short

Or at least as I read it: reinventing QubesOS and mixing Markov chains with MetaSploit

$67M in bitcoin stolen as hacking typhoon lashes Hong Kong's Bitfinex

DCLXV

Misconceptions...

There are so many misconceptions in the comments it's hard to know where to start. First off, Bitcoin's (proposed) ISO 4217 code is XBT, so henceforth will refer to it as such.

Secondly, saying the drug trade is the raison d'etre of XBT is like saying the same thing about fiat currency. XBT can also be used to pay for electronics (NewEgg and I believe MSFT even accepts it), as well as games (Steam), as well as for VPS services. It can even be used to purchase beer, should the merchant accept it. Surely these are all things that are at least tangentially related to the interests of anyone with a passion for IT.

Thirdly, XBT is simple to grasp but difficult to master. Even buying and selling has nuances, such as the mysterious miner fee. However, a wallet is little more than a public and private key combination with a certain value of XBT assigned. To spend some or all of the XBT therein, you need the private key. Does this remind you of anything?

Finally, referring to XBT as "newfangled fad-inducing social crap" is just revelling in ignorance. There is a burgeoning industry surrounding XBT and its uses, so it's not going to wink out overnight. Cryptocurrencies are a nascent technology in general, so it's only natural that regulation lags behind the banks. I'm sure anyone even remotely familiar with the history of the banking industry knows it wasn't all sunshine and roses in that industry either, and arguably is still very much a wild-west type of business despite heavy regulation.

Many have profited immensely off the rise of XBT and many take payments for their labours exclusively in XBT and manage to get by. Really, it's not that much different from being paid in USD or AUD while living in the UK. Either way that currency isn't going to convert itself. There are pitfalls, but there are benefits. Not everyone has a use case for it and that's fine, but to dismiss it out-of-hand without even understanding the fundamentals of how it works is just ridiculous.

The return of (drone) robot wars: Beware of low-flying freezers

DCLXV

More than a little

It's a vicious cycle. Customers are unwilling to pay too much for shipping knowing how unreliable all the logistics companies are in general, and the companies are unwilling to provide the promised service to the expected standard because we're all trying to be first in the race to the bottom anyway.

Smartphones aren't tiny PCs, but that's how we use them in the West

DCLXV

It's because of the apps

The blame lies with Apple and Google for not making QR reader apps standard utilities for their OS. If you want to read a QR code with a new phone, you can't. I don't see why this would have been too much to ask but apparently it was.

Oh, and no, we don't *exclusively* use smartphones as tiny PCs in the West. I'm pretty damn certain the Pokemon Go phenomenon has proven that exact point. Aren't these articles fact-checked at all before publication?

Government regulation will clip coders' wings, says Bruce Schneier

DCLXV

Hello Warld

Schneier loves beating on the IoT drum but I don't know if he has made it clear what the REAL problem is here. Insecurity has always existed, the fact is a lot of "real world" shite has been networked going back to the days of RS-232. So, networking a fridge or toaster hardly constitutes a paradigm shift.

The real problem that is emerging is that software is now far more dependent on byzantine algorithmic processing, with the expectation that more of this somehow leads to the emergence of more intelligent software. Which may be true, in the short term. Some of the most clever software I've seen is barely more than an amalgamation of awful hacks that just happen to work. Anything is possible.

The real problem that is bound to emerge from this is that when you have a house full of IoT hardware all with local intelligence, in addition to a centralized intelligence managing them, it's virtually impossible for anyone to really determine ahead of time what crazy tangents all this intelligent processing can fly off on when a link in the chain starts to parse dodgy input and include that into its decision-making.

Imagine the house as a machine and all the IoT knick-nacks as a cog. What if a cog has been feeding the machine a skewed variable for years? By the time the 'brain' component of these increasingly vast, distributed networks figures out that something is OFF in all this complexity, the situation "at the coalface" may have passed the point of discomfort for the victims of these cogs attempting to interact at various stages of obsolescense.

That is the real danger that lurks in IoT, and it may be unavoidable. My 2c, for your consideration.

Stop laughing: Azure can analyse your mood in a crowd

DCLXV

Now all we're missing is mood organs and soma

How innocent people 'of no security interest' are mere keystrokes away in UK's spy databases

DCLXV

"And, it appears, some Brit spies have no problem looking up their families, colleagues and even themselves."

Oops, Hadoop scoop

Ironic: CCTV systems slide open a backdoor into your biz network

DCLXV

Watching you watching me

They could just get rid of the two-way and make the cameras tweet "your fort is under attack!" every time they spot something within in the hours when things ought not to be spotted.

Obama puts down his encrypted phone long enough to tell us: Knock it off with the encryption

DCLXV

Isn't it a bit rich to reference terrorists while attempting to frighten the public with hypotheticals?

Microsoft has crafted a switch OS on Debian Linux. Repeat, a switch OS on Debian Linux

DCLXV

Of course MS loves Linux, now that they've learned how to monetize it. All those Azure instances running Linux are money for MS. I was amongst those lured in by the 30-day trial, Azure cut a swath in the emergent cloud market by loss-leading and offering a high quality of service. Now the price has gone up but fundamentally the service is still solid so I guess they have figured out where to offer value.

Forget data thieves, data sabotage will be your next IT nightmare

DCLXV

And more recently...

Remember this incident?

http://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall

I'm stunned at how people still take as gospel the shite they read on the internet. There simply is no such thing as a reputable source. At the very least we should have already advanced to a stage where the common man expects not to trust any communique that doesn't come with some sort of verifiable digital signature, and at this rate if we ignore the need for such a solution then there's going to be hell to pay at some point in the near future.

Everything bad in the world can be traced to crap Wi-Fi

DCLXV

We, the lemming horde

The crux of the issue seems to be that tech companies have forgotten that the customer is in fact a stakeholder. They are too busy serving other masters (advertisers, media conglomerates) to care and clearly most of their customer base doesn't really care either, as long as they receive some hollow assurances of privacy and their appetite for mindless consumption better enabled.

Lately it feels like the consumer-end of the market has gotten downright hostile towards technically-minded users. Clearly the manufacturers don't like doing business with anyone who might peel back the glossy veneer to expose the cluster of shite lurking beneath.

That aside, WiFi is even poor of quality when it's working perfectly. 3x3 802.11ac has an advertised theoretical maximum of 1300 Mbps, which it never even gets close to. It doesn't seem right to bandy about impressive-seeming numbers knowing there is not a snowball's chance in hell of the actual maximum ever intersecting with the theoretical.

Facebook: A new command and control HQ for mobile malware

DCLXV

"There have been examples of "time bomb" apps that include unactivated malicious code hiding from scanning engines in kosher-looking software; this bad code will unpack and run once the app has been used for a set period of time. The Skycure team said that this could also be activated by a target's location, or if they'd reached a certain point in a game."

Sounds like something Sony could have cooked up...

How exactly do you rein in a wildly powerful AI before it enslaves us all?

DCLXV

Seems a bit like putting the cart ahead of the horse to be prophecizing doom by AI when it hasn't yet been established if humans even have the capacity to somehow develop an AI that is truly more intelligent than the best of us.

Pentagon to Dept of Defense: Give us $580bn for cyberwar and spacewar

DCLXV

Public Purse > /dev/null

This Android Trojan steals banking creds and wipes your phone

DCLXV

Re: Darwin is calling

"Well, in the lot, you will find heart surgeons, car mechanics, university professors, if the mms looks legit. Now, if you think they are stupid, how good are you at heart surgery or motor car mechanics ?"

Not stupid, just ignorant. There's no excuse for a certain level of ignorance about technology if you have a smartphone you carry around with you all the time, interact with daily, use to plan your social life and even your financial affairs on. You damn well better learn to treat such a device as intimately as you do your own home and not simply hope to excuse yourself if you leave all the doors unlocked because you never bothered to read the lock manual.

For what it's worth, I do know every intimate detail about my personal vehicle as I do use it and depend on it daily. I don't know how the esoteric control systems in a flash luxury car work, but as the very label implies it's not a necessity and so I don't feel any inclination to spend vast sums of money on such a vehicle. Smartphones are another such luxury. Nobody seemed to need a smartphone when they were called PDAs and marketed at businessmen. Are we responsible, self-aware individuals or are we just specialized consumers with an ever-narrowing scope of knowledge and wisdom?

Big, fat fail? Here's how to avoid that: Microservices and you

DCLXV

I enjoy distributed solutions, though my refusal to use software by Oracle has quite a lot to do with that.

Time acquires Myspace, creates 2004's most fearsome media giant

DCLXV

Reading between the lines

"Marketers are selecting ad funnels that have either mind-numbing capabilities or reheated content; we will be able to deliver both in a single platform, and will stand apart from those that offer just one or the other," Time CEO Joe Ripp said of the deal.

"In other words, we will be able to deliver advertisers' messages directly into their victim's faces with a sort of push-stab motion that is sure to haunt them."

IoT lacking that je ne sais quoi? Try the IoTSP

DCLXV

At least when vanilla IoT upsets the user they can dash it against the wall without risking some sort of assault charge...

Who wants a quad-core 4.2GHz, 64GB, 5TB SSD RAID 10 … laptop?

DCLXV

I'm disappointed there's no optional kevlar and ceramic plating offered

Trend Micro AV gave any website command-line access to Windows PCs

DCLXV

Re: 'Security' software is a scam

"...so it is still just a simple click from a normal admin user to accept whatever the heck some piece of software is wanting to do. No password or anything, just click OK."

To be fair, there are valid reasons for this type of access, which I imagine is why it's also a configurable option on any Linux system with sudo.

As a routine user of both Win 7 and Linux, I actually find myself far more likely to accidentally sudo something I shouldn't have than to mindlessly click away the UAC box that pops up infrequently enough (even set to strict policy) that it really stands out when it does.

Freelancer.com fined for 'reckless indifference to privacy rights'

DCLXV

I also made the mistake of signing up to test the waters with one of these similar sites that got bought by [no doubt] some smarmy venture capitalist and then amalgamated into Upwork.com. I don't think Indians willing to work for less are as much a threat as the people who have done enough crummy Wordpress installs to have most of the process templated. If you can charge $20/hr. for a job that only requires ten minutes of actual effort then it's not so bad.

On the other hand, if you have experience with LAMP/LEMP installing Yet Another Awful Blog by Joe, why not just launch your own web service? Perhaps another Freelancer clone where the selling point is being able to work anonymously and get paid in Bitcoin...

If you use that idea, I had it first and am willing to discuss licensing terms over some lunch (your treat)

How to feed and raise a Wikipedia robo-editor

DCLXV

Excellent

Looks like I'll be opening my wallet for Wikipedia once again

Facebook one-ups Google with open hardware release

DCLXV

Please, Sur

I want some more

International Space Station braces for pre-Christmas rush

DCLXV

Their shipping costs must be insane!

US government pushing again on encryption bypass

DCLXV

Good grief

Since the FBI seems to be hard of hearing I propose the nerds give them what they really want: full root access to everything. Just um, gracefully avoid mentioning the chroot environment limiting the scope of their access.

Aircraft laser strikes hit new record with 20 incidents in one night

DCLXV

Middle class terrorism

The Edward Snowden guide to practical privacy

DCLXV
Megaphone

Snowden, The Anachronism

Why are we still listening to this guy? Political figures like Snowden and the EFF are out of their depth on all this stuff. Private citizens afflicted with garden-variety paranoia would be better served taking the NSA's advice on cybersec matters. Go ahead, disable every ciphersuite with known vulnerabilities in your browser and try connecting to some of the domains hosting so-called security software. If they can't keep up on their own site security, what are the chances they really know how to protect yours? A lot of this stuff is little more than security-theatre-du-jour, except now they're promising to protect you from the big bad TLAs instead of the blackhat malware coders the AV vendors of yesteryear were terrorizing us with.

Samsung S6 calls open to man-in-the-middle base station snooping

DCLXV

This doesn't seem coincidental

https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

Amazon vendors flog thousands of rooted, malware-laden tablets

DCLXV

Smoking out dodgy software is SOP with virtually all of these bargain Android devices from China. Not to be culturally insensitive but I can't help but feel that the vendors don't see a problem since they exist in a part of the world where the notion of privacy differs from the Western view.

I wouldn't feel too smug about owning a MediaTek device either, those are quite frequently backdoored as well.

Got to be better than human protection: New firm using machine learning anti-malware

DCLXV

heck, I don't even sell AV software and that bit about malware DNA triggered my BS-o-meter

Penny wise and pound foolish: Server hoarders are energy wasters

DCLXV
Devil

It's truly a pleasure to rent in a building where utilities are included in the flat cost of rent and the dumpster out back overfloweth with old powerhungry PCs begging to be reused. Let my armies be the landlord and property management company and the good neighbours who junk socket 478 rigs.

Now if you'll excuse me, I need to call the retentions department of my ISP and discuss how much I'm paying for this service...

Hackers upload bot code to Imgur in 8Chan attack

DCLXV

Re: "nixed the ability to serve JavaScript."

explanation here http://imgur.com/blog/2015/09/22/imgur-vulnerability-patched/

Tech, telcos, and digital crusties gang up against the EU's Digital Single Market

DCLXV

Forgive my ignorance but isn't the single-market concept beneficial to indie content creators looking to sell their stuff without needing to pay for lawyers to write a bunch of different licensing agreements?

FORKING BitcoinXT: Is it really a coup or just more crypto-FUD?

DCLXV

Biiiiig speculative play

Bitcoin is so far proving itself to be practical as a money transfer service (like MoneyGram or Western Union) but liquidity doesn't seem to be great. I wonder if the black market vendors accepting it by the boatload are actually cashing out through dark pools or what, either way it feels like there are going to be a lot of people left holding the bag if there's a sudden crash in value. If Bitcoin flatlines, why would anyone bother buying it when everyone can just jump ship to another cryptocurrency?

Bruce Schneier: 'We're in early years of a cyber arms race'

DCLXV

Time for the old truism

Knowledge is power. For years the powers have been plotting to turn the internet into a domain for war, they've just been lacking the talent. I suspect anyone who makes an effort of dumbing down penetration testing tools, slapping some idiotproof front-end on it and packaging it as an Android app could make a pretty penny marketing it to the sort of folks that push jarheads around a map.

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

DCLXV
Thumb Up

Finally

An end to scan-happy bots looking for easy pickings on port 22

Today's smart home devices are too dumb to succeed

DCLXV

IoT is like smartphones

Clever ideas thought up years ago by die-hard nerds (or hackers, as anyone who owns a soldering iron likes to be called these days) that languished because they weren't really applicable to the needs of the herd.

Then the ideas are brought into vogue by the first person who succeeds at making a reasonably-reliable facsimile of the original design, with shiny packaging and clever marketing to convince idiots that they really need this thing they never realized they needed.

Some call this lunacy capitalism.

New study into lack of women in Tech: It's not the men's fault

DCLXV

Of course, blame math

The real culprit is the garbage standards and byzantine [dis]organizational structure of educational institutions in the West. For one, math is not altogether that difficult to grasp. I would expect most people can hack it because it's just abstract thinking, something most are already accustomed to doing at some level. The problem there is the gobshites clogging up the teaching profession; people who really have no business teaching and cause people to be disinterested in mathematics because they themselves are uninteresting people who do not have the communication skills to properly explain mathematical concepts in a way that a layman can actually understand and learn from. Hence tutoring.

What compounds that issue is that the kids are hamstrung by post-secondary institutions that arbitrarily decides what they will permit you to get an education in depending on your high-school credits. That in turn creates an endless stream of business for the trade schools where people who have been pigeonholed into some worthless arts degree and subsequent dead-end career are able to get a second chance at doing STEM without being hobbled by their marks from high-school.

Hawking, Musk, Woz (and others): Robots will kill us all

DCLXV

Ugh

It seems unfeasible to expect that any sort of hypothetical moratorium on autonomous weaponry could be enforced.

Therefore, it follows that the best option would be shoring up defenses against such technology. Ah, but how can an organization/state that has banned research of such technology expect to know enough about the technology to develop defenses against it?

Perhaps the best way forward is the status quo, an eternal arms race. Seems more sensible than expecting human nature to radically change.

Pray for AMD

DCLXV

I don't care anymore

Two of my mates work for AMD at the old ATI HQ. Both are talented programmers with a passion who genuinely wanted to work for AMD and both are stuck testing GPUs never touching code and with no hint that there is a possibility for advancement. If this is how AMD manages its manpower then it is not at all surprising to me that the company's entire business philosophy is rotten.

Page:

Biting the hand that feeds IT © 1998–2019