* Posts by bombastic bob

5178 posts • joined 1 May 2015

The fork? Node.js: Code showdown re-opens Open Source wounds

bombastic bob Silver badge

Re: Without open source there would be no leftpad

"...and then what would we do?"

learn how to code without some 3rd party library?

Seriously, maybe it should wake people up to the *evils* of things *like* 300kb java libraries. Do we REALLY need THIS on EVERY web site? It's worse than an irritation. It's a PLAGUE, or a CANCER. 'Teh Intarwebs' needs an enema.

/me points out (again) I hand-code my html and use '<table>' to format it really nice. Why can't others do this? 1/10 the size, or even smaller, faster loads, faster renders, yotta yotta...

(fortunately, MOST open source is far less trivial, and far more useful, than 'leftpad')

Americans cutting back on online activity over security and privacy fears

bombastic bob Silver badge

credit vs debit card

Related to this is how the American banking laws protect credit cards BETTER than debit cards.

As it turns out, if you use a CREDIT card to pay for something online (from an American bank), you can reverse that charge pretty much 'for no reason' within ~30 days of getting your statement, and the money won't go to the vendor [or scammer]. As I understand it, the USA is the only country that does this. And, for this reason, I do *NOT* use debit cards for online purchases. That way if I'm ripped off I can reverse the charge. Also card holders are only responsible for $50 on scams.

but it's a LOT harder to get your money back for debit cards, or from a fraudulent e-check, or any kind of direct access to your bank account. not sure what happens in those cases.

I got new debit cards right away after both the Target and Home Depot breaches. The bank gladly handed them out when I went there in person to get them re-issued, barely any waiting, like they were waiting for me.

Kill Flash now? Chrome may be about to do just that

bombastic bob Silver badge

Re: Off-topic (almost)

"If you have to unblock Javascript just to view the page content, then they're doing it wrong."

WELL SAID!

A couple of years ago, things worked fine if you used noscript and 'gnash' (it's a POSIX thing) rather than Adobe's plugin. Gnash being open source was LESS likely to do evil things, and it had the extra interesting capability of doing automatic stream captures to a directory of your choice. Unfortunately gnash is behind the latest moving target on FLASH specs, and didn't work last time I tried it.

So now I happily disable all flash plugins, on everything, period (even gnash). And I use 'noscript'. It's like "safe surfing". It's amazing how many viruses and hijacks will NOT happen if you block javascript and flash. [and I have others do the same, and it works, even on a Vista system]

And blocking HTML5 content by default, particularly ads - that is *EXACTLY* what *I* want to do! More people should do the same. If *EVERYBODY* does this, then it would force ad servers to use static content again. And, NO SCRIPTING.

/me pointing out that you can make a nice, readable web page by using '<table>' to size columns. I like making the content 85% of the screen width so it's easier on the eyes. no need for script. drop-down menus are overrated.

Criminals exploit zero day Flash vulnerability

bombastic bob Silver badge

Re: Sure it can

there _WAS_ gnash, that used to "sort of" work, but doesn't seem to be keeping up with the moving target aka "standards". So after disabling flash entirely, I don't miss it at all.

Google asks Unicode to look over 13 new emoji showing professional women

bombastic bob Silver badge

Unicode has gone far too beyond what was necessary.

"Unicode has gone far too beyond what was necessary."

I suppose we could just include UNICODE alphabets for all of the Tolkein languages, and Star Trek languages (Klingon, Romulan, Vulcan), and any OTHER sci-fi fictional language for that matter.

No, wait...

http://www.klingonwiki.net/En/Unicode

(an attempt WAS made...)

bombastic bob Silver badge

Re: Why "Music = rock" only?

"Agreed. Let's have emoji for musicians playing musical saw, theremin, glass harmonica and spoons."

don't forget washboard. we can use 'Bender' the robot in that one.

bombastic bob Silver badge

Re: Prejudice

"Your post shows shameful lack of appreciation for the strands of diversity in the community we represent."

hook, line, *AND* sinker!

You did not get the humor nor satire, did you?

Personally, I am *SO* *SICK* *AND* *TIRED* of all of the political-correctness "diversity" nonsense. Why can't we just recognize people as 'human' and NOT make race/sex/appearance/behavior/whatever a criteria for ANYTHING? Are all too many of us as immature as a 4 year old, needing a doll that "looks like me" or something? Or in this case, an emoji. Cue 'rainbow brigade' emoji list ad infinitum. I wonder what the 'gay' one will look like...

But the final conclusion of the original poster was the correct one: let's just abandon the use of emojis, period.

"Your last point completely disregards the feelings of those people"

Not surprising. 'Feel', the new 'F' word as far as I'm concerned. Everybody has them, they're a poor basis for decision making, too many people *feel* instead of *think*, and maybe that's how we got here...

thanks for playing, though.

(or was the smiley at the end an indication of satire?)

Windows 10 build 14342: No more friendly Wi-Fi sharing

bombastic bob Silver badge

Re: symlink support for Linux subsystem

"Also, annoyingly, the arguments to MKLINK are swapped relative to 'ln -s'. Never miss up a chance to be incompatible with other systems, I guess."

There's the RIGHT way, the WRONG way, the MILITARY way, and the MICROSOFT way.

[guess which way THEY chose?]

what I would like to see is a hard-link to a file that does what you see in POSIX systems; that is, it increases the reference count on the physical storage for the file, allowing you to refer to it from anyplace on that volume, and it appears as if it IS "the file" from any of them, but deleting any of those references doesn't delete the actual file until the actual file has no more references.

So Microsoft's 'junctions' really are like symbolic links, and NOT like hard links at all. When you do a 'dir' listing they show up as 'junction', etc. etc. (though I don't recall if a file alias shows up differently or not). And don't even get me started on attributes like 'hidden' and the security things associated with them... *shudder*.

bombastic bob Silver badge

have they fixed the 2D FLUGLY? probably not...

So, have they fixed the 2D FLUGLY (flat/ugly)? probably not...

and I doubt they fixed the adware/spyware or the preponderance of "the Store". Or that 'start thing' (ok I can run classic shell, so it's on ME for that one).

Until Micro-shaft can address THESE! MAJOR! PROBLEMS! I'm not touching Win-10-nic for anything OTHER than verifying that the appLICATIONS that I write are COMPATIBLE with it.

they need a serious CLUE-By-FOUR applied to something...

GitHub pricing change

bombastic bob Silver badge

it's still pretty cheap

So, it's still a pretty cheap cloud-based solution for private projects where multiple developers [particularly remote developers] can collaborate. I've been doing a lot of contract work where the repositories are on (private) github repositories, and I've created a few public ones for my own stuff. It's not perfect, has it's flaws and irritations, but works well enough.

What I didn't see in the article is whether or not these prices are higher or lower than before. Or is that "forthcoming" ?

Blocking ads? Smaller digital publishers are smacked the hardest

bombastic bob Silver badge

Re: Their loss someone else's gain

"Advertising is such an all round shitty thing I am surprised it isn't more regulated for the good of everyone."

I disagree. advertising is GOOD for many reasons. It's just that we should be able to choose whether or not to view it. And, like FAX spamming, and TEXT spamming (and to some extent, e-mail spamming if you consider paid bandwidth), when it costs the RECIPIENT to view advertising, various gummint agencies should either regulate it heavily, or make bandwidth-heavy methods illegal 'for the good of everyone'.

That being said, advertising can be GOOD. You can advertise your skills to get hired, or hiring managers can advertise an available job, and maybe a simple sign on a store is a form of 'advertising' too (I'm looking for a place to buy drain cleaner - hey, there's a hardware store!). It's been around since capitalism came into existence. And I don't want to replace capitalism, because the "something else" would be a WHOLE! LOT! WORSE!!!

bombastic bob Silver badge

Re: "Incentivized" - yech!

"What pushed me to ad blocking was the fact that I can get the computational clap from reputable sites"

that sort of thing has made a few headlines recently (on 'The Register' specifically).

this is why AD BLOCKING (and script blocking, and flash blocking) is part of what I like to call "safe surfing". Think of the ad/script/flash blocker as a CONDOM on your web browser. They shouldn't blame us for using the "net condom" because the alternative is NO web surfing, or risk getting the 'computational clap' as you so eloquently put it.

bombastic bob Silver badge

"I still think network level ad blocking is a terrible idea though, and I'm still kind of expecting some legal or regulatory move to put the kibosh on the whole idea."

ACK, since it 'breaks the internet' and violates any concept of 'net neutrality'.

a simple client-based program or web browser plugin is a better idea. phone providers could even pre-install them. MITM-based filtering works for corporate firewalls, but doing that for wide release again "breaks the internet". It's a pandora's box we don't need opened.

bombastic bob Silver badge

Re: Saving bandwidth

ACK on the 'saving bandwidth' part. If ad-makers would STOP IT with the scripting and the 'flashing' and soon to come, HTML5 video, I doubt people would block them [they'd simply ignore them like I have come to do by habit].

On a related note, the article states:

"The research reckoned that smaller publishers are most at risk from the rapid adoption of ad-blocking software as they often solely rely on revenues from advertising to continue operating."

This may be true, but I doubt anybody cares. I think "better advertising revenue model" is due. They need to find out what ads people will NOT block, and then do those. I can think of ways to put ads on the page that would NOT be blocked. It's called an 'ad banner'. No scripting, no CDNs, a simple graphic with a link. It works. It won't be blocked. It won't be noticed by "the bots" because it will appear to be CONTENT. you could even put a small ad banner in the middle of article text, and as long as there's no obvious scripting and iframes and all that, it will look JUST like content to the bots.

And I doubt anyone would complain, especially if the graphics' file sizes are small. It would be like an ad 'in the middle of' a newspaper article, right below the "continued on page A5" or whatever. People see that ad. It works. And content makers can take a lesson from the hundreds of years of newspaper publishing on THAT one.

Russia poised to unleash 'Son of Satan' ICBM

bombastic bob Silver badge

Re: So ...

I think you and I posted that at about the same time (which is why I missed it when I added my previous comment)

"great minds" and all that

bombastic bob Silver badge

Pootie misses the cold war

Looks like Pootie simply misses the cold war. He "felt" more powerful back then. This new missile is his 'compensation' for... well... heh heh heh.

Microsoft bods tell El Reg: We've re-pivoted open-source .NET Core

bombastic bob Silver badge

Lipstick on a boar

well, ".Not core" is lipstick on a boar as far as I'm concerned.

a photo of their project manager wearing a T shirt with a FLUGLY 2D 'modern' windows logo didn't help. ew.

If they wanted to put a 'face' on the open sourceness, they should've just hired the guy that invented the thing....no, wait...

".Not" is bass-ackwards, and pretends to be 'object oriented' at the expense of resources and performance. You do NOT need to get multi-verse, universe, galaxy, solar system, planet, continent, yotta yotta, atom... just to get 'atom'. It's REDONKULOUSNESS at its best, and no WONDER Windows performance took a dive beginning with Server 2003 [where the UI became VERY "dot Notty" compared to Server 2k and XP].

Windows developers are better coding for the Win32 API (on windows 7, where ~2/3 of windows computer users still are), at least until Microsoft actively tries to stop us.

Can ad biz’s LEAN avert ADPOCALYPSE?

bombastic bob Silver badge

Re: Dear Advertisers, the solution is simple.

even a simple static graphic would be ok with me, NOT in my face, NOT moving, NOT consuming excess bandwidth, NOT tracking my web browsing, and NOT scripted. 'Banners'. they're fine, too. like a newspaper, as you pointed out. They've been in the newspapers for hundreds of years, right? Only recently, when it's possible to have them grab your nose and TWEEK it a few times, did they become heinous.

and 'targeted' advertising, let's say on "El Reg", would consist of "what people who read The Register might be interested in buying". THAT kind of 'targeting' is OK with me. Like a newspaper or magazine.

Gobble away! Charter-Time Warner Cable merger OK'd by FCC

bombastic bob Silver badge

I have been putting off business cable with TWC because of this

I have been putting getting a 'business cable' connection with TWC because of this. Business expense of having a fixed IP DSL with lousy bandwidth is bad enough. monthly price more than doubles to get significantly better bandwidth with cable. I wouldn't doubt that business connections via the cable (which may be the only real option I have) are in ANY way covered by any FCC requirements prior to a merger. I can only imagine that the kinds of "boiler room support in India" I've gotten from the DSL company would be ANY BETTER after a TWC/Charter merger. And so I've tolerated the lousy DSL with a fixed IP address for way longer than I should have.

I guess some more 'wait and see' is in order. A typical TWC biz cable connection would cost around $150/month for 3Mbit up/down and a fixed IP address (or about $110 for 1.5mbit up/down). I'm sure it can only get WORSE, not better, after the merger.

FCC urged to pause its fight against America's $20bn cable-box rip-off

bombastic bob Silver badge

Re: Good. Now we know their names.

"Let's brand "Corporate Shill" on their foreheads so they can't hide that fact"

how about a mandatory mailing of all of their major contributors? One page-full would do [all that stuff is public record]. alternatively, a web page.

tracking all of the non-profit [shell?] corporations (527, 501(c)(4,6)) that have surfaced because of 'campaign finance reform' (quoted cynically) might be a bit trickier... [how many lead to 'George Soros' for example, like 'MoveOn.org']

perhaps an alternative would be a mandatory RIBBON BAR worn on the chest, similar to ribbons and medals for military. Each one indicates a major contributor. then whenever a ConGrab-man stands up to speak, you'll see it all on whatever cable network is televising. Heh, yeah, cable network televising Con-Grab. back to THAT again.

bombastic bob Silver badge

Re: "60 congressmen, largely Republican..."

"Says it all really..."

not the 'republican' part, just the 'congressmen' part. cong-grab needs an enema. [not soap-boxing any more on this, as the rest would be obvious - yeah I'm a Trump supporter]

bombastic bob Silver badge

Re: Small pay-TV providers

keep in mind that a cable provider typically has a 'localized monopoly'. I can only get Time Warner, and with their new merger, I'm sure that customer service will suffer somehow. TWC has recently been bragging (in ads) about improved service, raised their rates a couple of times, and switched us all over to digital cable boxen. The 'rent' is free... for now. Will be $/month at some point (for the cheap, featureless box).

Since the switchover I've noticed malfunctioning channels on more than one occasion, had them try to bill me for a tech visit post-self-install [caused by their screwed up database] because the boiler plate said "let me send a tech over" [week later] tech arrives, "I know what's going on" makes a phone call, it's fixed. THAT kind of thing (then they try to BILL ME for THEIR f-up). And some of the channels had WRONG aspect ratios that couldn't be corrected. And I can't disable channels I never want to see, like MSNBC or a spanish-language channel or whatever (so channel surfing MUST scan THROUGH them). And re-scan doesn't stop 'the weather channel' from popping up an irritating 'malfunction' message.

And let's not forget the occasional stutters, pixelization, and black screens that seem to happen now that it's "all digital". Analog didn't really have THOSE problems...

Maybe it's time to force cable companies to allow others to use THEIR WIRES (at a reasonable fee, of course), similar to the way it happened with telcos. And now it's working with POWER COMPANIES (using the local utility's lines to deliver THEIR power THEY generate, usually solar).

But yeah, utilities are like that. They're "regulated" but not necessarily in OUR favor...

(and I've never seen a 'small pay-TV provider', not even once)

New Firefox versions will make you activate all new add-ons – except one hacker favourite

bombastic bob Silver badge

HTML5 in adverts? I blocked the FLASH ones easily enough!

To think that adverts switching to HTML5 would be a GOOD thing... it's *NOT*.

they're MUCH easier to BLOCK when they use FLASH! How? DISABLE THE FLASH PLUGIN!

(we should keep advertisements in the 'flash' ghetto, for our own good)

Also 'NoScript' helps eliminate flash content. It's amazing how much FASTER a web site that does NOT load embedded video content will display, compared to the alternative...

Official: Microsoft's 'Get Windows 10' nagware to vanish from PCs in July

bombastic bob Silver badge

Re: I'll believe it when I see it...

same here (I'll believe it when I see it). you would think that GWX would have that 'drop dead date' for the offer already built-in, or COULD have. A simple update to GWX that disables the popup windows would be sufficient. How hard could THAT be? or as someone else pointed out, just add line 25 "if past the date, STOP" to their stupid BASIC program that (as Calculon would point out) has an extra 'GOTO 10' line in it.

bombastic bob Silver badge

Re: Why July

"Start thinking for yourself and you might find Windows 10 OK."

As I saw someone else say in this forum, "Dear Mr. Pot, this is Kettle, please revise your statement regarding color". Or something like that.

And I won't find Windows 10 'OK'. I gave it a fair chance a year ago during the 'insider' program. It failed to meet expectations, by a wide margin.

But I DO agree, that they ARE listening [via spyware] as you pointed out.

The 'new' Microsoft? I still wouldn't touch them with a barge pole

bombastic bob Silver badge

WOW!

nice way of putting it all in that article.

I have often said SIMILAR THINGS (and on Microsoft's own discussion board over at answers.microsoft regarding Win-10-nic, even), and generally contrasted them to 'Business 101', aka "the customer is always right, and Burger King's "Have it YOUR way" policy.

What Microsoft is doing is TAKE it OUR way, or we SHOVE IT DOWN YOUR THROAT, so we can (later on) start charging you for it as a SUBSCRIPTION because we *CAN*.

Their giveaway program for Win-10-nic is like a drug dealer giving free samples so he can later scam people with confiscatory pricing, once his 'customers' are addicted to whatever substances he's selling.

This policy dates back to the early noughties during the whole ".Net" initiative. A bit of study would reveal that PASSPORT was their new tollbooth for the information superhighway. Nobody bought into it back then, and then "dot bomb" happened. But ~15 years later that undead horse is BACK again, as the "Microsoft Logon". Who knew?

So, again, WOW to what was said in that article. I'm *VERY* happy to see that at least SOMEONE ELSE besides me thinks that way. Many thanks, kudos, 'dittos', etc.

Have Microsoft-hosted email? Love using Live Mail 2012? Bad news

bombastic bob Silver badge

Re: Give us a breakdown, MS!

well, slightly OT (but it WAS in the article), net stats (like statcounter) seem to indicate that it might be relatively accurate at 300 million. What they're NOT saying is that it's about 1/3 of their customer base using either 8, 8.1, or 10. The rest of us are on 7, Vista, XP, or maybe something else. And that's just based on "who hits the internet" and with Micro-shaft spyware running, I have to wonder how much of that 'traffic' was generated by the spyware...

So if 2/3 of the customer base REFUSE to downupgrade to Win-10-nic, even when it's FREE, they should be paying a LOT of attention to that. But they're not.

bombastic bob Silver badge

Re: Modern synchronization technologies?

"However MS would be mad to drop POP3 and IMAP from Hotmail so other clients apart from Outlook-the-client would carry on working, except for WLM which sees a @hotmail.com or @outlook.com address and automatically configures itself for a nonexistent protocol. Perhaps there's some way to trick it into configuring manually for IMAP."

I certainly hope you're right about this, because if Thunderbird stops being able to read my MSN e-mail (which I've had since MSN was in beta, and I continue to pay $5/month for the e-mail along with 'just in case' dial-in access which I've used on occasion, most recently LAST YEAR), then I'm *DUMPING* my MSN account and e-mail address and anything ELSE that has to do with outlook, hotmail, msn mail, or anything SIMILAR.

I'm not going to use their Win-10-nic mail client. I tested that one a year ago during the insider program, and it tried to screw up my IMAP folders. Fortunately it did no real damage. It's also 2D FLUGLY. And it doesn't run in Linux.

'I thought my daughter clicked on ransomware – it was the damn Windows 10 installer'

bombastic bob Silver badge

Re: Slow checking for updates...

re: not believing the 300 million...

Another possibility is that, like the "Ape" (8.x) sales figures, about 1/3 of users actually *LIKE* the 2D FLUGLY and other "features" of Ape (and now Win-10-nic).

that leaves the OTHER 2/3 of us *SCREAMING* *BLOODY* *MURDER* and vowing to NEVER {down}UPGRADE to 10, *EVAR*.

strangely, Micro-shaft ignores the 2/3, believes the 1/3 to be "everyone", and *INSISTS* the rest of us MUST! HAVE! Win-10-nic!!!

bombastic bob Silver badge

Re: 300 million infections

"Did anyone watch an episode of Equinox (Channel 4) called "The King of Chaos" which aired around 2000?"

unfortunately, no. But I *did* see 'Kingsmen' and the big-bad offers free phone service with a 'special' feature... maybe that's what's behind Win-10-nic?

OK not *that* but still...

Windows 10 free upgrade offer ends on July 29th

bombastic bob Silver badge

Re: No more nagware?

"Does that mean that after July 29 Windows 7/8 users will be left in peace?"

that seems to be the MAIN concern for a lot of us. I fear it is NOT the case.

bombastic bob Silver badge

Promise?

"Windows 10 free upgrade offer ends on July 29th"

PROMISE???

And what makes us think that GWX will *GO AWAY* simply because the 'free' downupgrade goes away?

Ex-HP boss Carly Fiorina sacked one week into new job

bombastic bob Silver badge

Re: Seriously America...

"are these candidates seriously the best you can come up with to run your country?"

sorry, I couldn't run this year.

(actually, at my last on-site job, my predecessor *DID* run for president, I kid you not! In 2008. Richard something. I forget. You can google it)

bombastic bob Silver badge

Re: Next stop for Fiorina

why not put Fiorina in charge of sacking half of the U.S. gummint... "downsizing" Trump style! With Fiorina as the axe-lady. (perfect!)

DATE: January, 2017

FROM: President Trump

TO: half of the government

SUBJECT: YOU ARE FIRED!

Carly gets to pick which half

bombastic bob Silver badge

Re: well, that the UK prez you folk chose ain't much good either!

"Another Churchill quote"

Churchill was BRILLIANT. I was irked when Obaka 'dissed' him by sending the bust back... (ok it was supposedly 'on loan' from Tony Blair but still... not a smart thing to do)

bombastic bob Silver badge

Re: Same old, same old

"They elected Ronald Reagan, they elected George Bush (Jr), they will elect Trump."

hopefully. It could've been worse: Carter, Mondull, AlGore, Kerry, ...

(better to pick the lesser of 2 evils - Cthulhu or Clinton - I pick Cthulhu)

bombastic bob Silver badge

Re: President... Trum...?

"We're all screwed. Doomed & screwed, screwed & doomed."

that's what I said in 2008 when Obaka was elected... and again in 2012

bombastic bob Silver badge

Re: On behalf of the human race

"TRUMP / PALIN 2016"

"Twice the crazy -- twice the fun!"

heh - good one

sit back and enjoy the revolution show

Microsoft sets Feb 2017 date to kill last SHA-1 zombies

bombastic bob Silver badge

"A standard HTTPS server certificate attests that the holder of a given private key is also the owner of a particular domain - nothing more. In particular it asserts nothing about the identity of the owner."

not quite accurate. the server certificate is supposed to match the IP address and/or domain of the server, and be signed by an authority [self-signing works if you allow it to when prompted by the browser] to authenticate the cert itself. As I recall, the CN needs to be the domain name for a server cert. There's a lot of discussion about this online, so it's easy to find. You can use openssl to be your own CA and issue your own server certs. Or you can use cacert.org. But their root cert isn't on Microsoft's OSs by default (or I haven't seen it, at least), so you'll have to load the root cert, and then all of their issued certs will be trusted. That's basically how it works.

so the cert doesn't determine the SSL encryption. It simply validates that the web site in question is who they say they are, and not some man in the middle trying to read your encrypted traffic.

bombastic bob Silver badge

Re: Certificates are the illusion of security

"Is there any evidence these have not had their public keys shared with the spooks. No need to break any SSL protocol or cypher if you have the key to decrypt it all."

um, I don't think you understand the following very well:

a) public/private key encryption

b) SSL protocol handshaking

c) certificate signing and how it authenticates a web site

the public keys in the certs have little to do with SSL protocol, but (as I understand) they're used for validating the signatures, sort of like the way a hashing algorithm can validate a logon and password without revealing the password.

So there's no decryption with a public key. only ENcryption. then you could match the encryption to a known result (I'm assuming) to validate it.

The SSL protocol uses different methods, among them Diffie-Hellman. Time to google if you haven't heard of it.

Or I can simply point you to it: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

so even if you had a cert's private key, you wouldn't be able to use it to decrypt SSL traffic.

bombastic bob Silver badge

Re: Certificates are the illusion of security

"Therefore, although they COULD in theory sign a fake cert of their own and have it accepted by some browsers as being valid credentials for your site and then man-in-the-middle your server so that they accept connections with THEIR generated private key instead of yours, almost any modern browser will throw a fit when they try this."

etc,

very true. I've been deep into researching cert-land over the last ~2 weeks (and some prior). A summary of what I've found: you can be your own CA, but you have to load the root (and other) certs onto the target machines somehow (let's say an application installer program, like the one I recently open sourced). Like with a self-signed cert, however, you throw warnings in web browsers.

Internet Explorer uses Windows' system cert store, and you can have an application installer (let's say) install new root certs to prevent warnings. Incidentally, this can happen without your knowledge from any application running with 'Admin' privs, calling the right functions.

Firefox and other browsers often have their OWN cert stores separate from the OS, so you'll have to get past THEIR security and warnings to load new root certs.

Intarweb filtering appliances often use the 'MITM' technique as part of their operations (did you mention those? I might've missed it), so IT people must load the appliance's root certs on everyone's workstation by policy or manually [whichever].

As for code-signing, kernel drivers require a "microsoft signature" to load from bootup, but they can dynamically load after boot using regular signed certs (so load your root and signing certs and your drivers will work post-boot, but not during boot). Enabling 'self cert' lets you test things, but apparently shuts off DRM-related things. Not like I need them...

Microsot has also added an even BIGGER "tollbooth" with regards to signing requirements in windows 10, allegedly for quality assurance, but most likely to put even BIGGER roadblocks and tolls in place for independent devs and open sourcers, and maybe lock us into all using windows 10 and playing by THEIR rules forever. That's my opinion, ok.

As for web site certs, self-signs work, but throw a warning (typically) as you pointed out. If you accept the cert by ignoring the warning, https will work just fine like it was meant to be.

openssl can create certs easily, and there are several good online resources on how to do this (including my own web page on being your own cert authority). So yeah, the info is a search engine away. code-signing resources go through Microsoft's "circle jerk" documentation hell, so it's harder to find THAT information without time and frustration.

And related, MS's own examples for code signing self-certs actually create certs that use sha1. But sha256 works fine for code signing certs as far as I can tell (creating my own, of course). But I did see some odd behavior in the kernel debug output in Win 7 checked build when using sha256, some assert about the hash length being larger than some value...

hopefully not 'too long' forcing 'did not read'

Daft draft anti-car-hack law could put innocent drivers away for life

bombastic bob Silver badge

Re: Car lobby?

"Wondering how strong the car lobby is in that state?" etc,

yeah, maybe THIS is the new 'D.R.M.'.

And once again, laws like *THIS* don't stop crime, they just unnecessarily impede the otherwise-law-abiding.

Microsoft's Windows 10 nagware storms live TV weather forecast

bombastic bob Silver badge

Re: GWX Control Panel FTW

<quote>

I'm sure it's been mentioned, but I'm not prepared to read all 156 comments to check.

</quote>

I'm reading them, and have seen GWX and the Steve Gibson one mentioned at least 4 times (each), probably more for GWX control pane. it's starting to look like SPAMMING

bombastic bob Silver badge

Re: there's no bad advertising :(

<quote>

and yeah, soon you'll have a Steve Balmer replicant claiming, internally, that you know, it's a bit naff, but HEY, WE GOT FREE, NATIONAL COVERAGE!!!!!

</quote>

it's an easter egg in the GWX panel. Just shake your PC vigorously, next time it comes up. That activates the easter egg. (maybe some might activate if you put it in a microwave oven on high for 3 minutes, or use the CD/DVD tray for a coffee cup holder)

(ok I've been reading BOFH too much)

bombastic bob Silver badge

Re: Oh, yeah...

<quote>

"This. Its pretty obvious Microsoft don't see it that way, they see the your desktop as their advertising space and its steadily getting worse."

Just because that's the way they see it doesn't make it excusable.

</quote>

yeah, I don't want my DESKTOP SCREEN looking like the TV from 'Idiocracy' with ads all around the outside, and about 1/3 of the screen devoted to actual content...

oh, wait, like a TYPICAL WEB SITE in the 21st century, except it's the "new desktop model"

/me self-slap for giving Micro-shaft yet ANOTHER way of SCREWING UP THE OS

bombastic bob Silver badge

Re: Microsoft showing off their coding skills...

<quote>

10 PRINT "Upgrade this PC to Windows 10"

20 PRINT "This PC is not compatible with Windows 10"

30 GOTO 10

</quote>

you need an extra "GOTO 10" line (yes that was a vague Futurama reference, like when Calculon asked Bender sarcastically if he had an extra "GOTO 10" line)

because, as we all know, it would be even STUPIDER if it DID have an extra 'GOTO 10' line.

US tech CEOs demand Congress programs US kids to be tech workers

bombastic bob Silver badge

Re: Given how people are taught...

well, the 'department of education' isn't helping much. Perhaps if schools taught "the 3 R's" as well as computers, and abandoned all of the revisionist history and "social indoctrination", as well as STOPPING IT with the Ritalin (which gets districts MORE MONEY as they dumb down the smart kids with drugs and force them into 'special education' instead of 'fast track'). Let's face it, too many agendas are victimizing the kids instead of educating them. And abolish the teacher's union while we're at it. Hire people who've been in the private sector instead of "professional educators". you know, having the people that understand what the REAL world actually NEEDS might dispense with the CRAP curricula.

Then kids will learn what they REALLY need.

I also wouldn't mind teaching actual ARITHMETIC without calculators for the 1st 4 years... it's how _I_ learned and I can do basic math in my head without requiring a computing device. no more blank looks when the teacher asks "what's 6 times 7". [why it's the answer to the ultimate question, that's what!]

Brainwave-controlled drone racing is here

bombastic bob Silver badge

I saw something like this back in the 90's at a CompUSA store

back in the 90's I saw something like this at a CompUSA store. You put your fingers into a couple of sensors (one for each hand), and "think left" to move left, "think right" to move right. It was actually kind of fun to play the demonstration 'downhill ski' game, until it got boring. I had no trouble at all controlling it back then, so maybe I should get one of those headsets and do some experimenting... ?

(I also didn't see a lot of people trying it - either boring or 'normals' can't make it work?)

Microsoft to hike certification exam prices

bombastic bob Silver badge

Re: And exactly what...

" I suspect it doesn't amount to much, other than a tick box in the HR department."

all it can be is "proof of potential", and I think most who know better look at these 'certifications' with the obligatory skepticism. The certifications are highly overrated, like the "Ron Bailey School of Broadcasting" doesn't make you an electrical engineer (but you CAN pass the FCC test!).

experience is proof of ability. certification and education are proof of POTENTIAL only. But like you pointed out, the HR 'screeners' will see the alphabet soup and that it matches their "list", and so robotically filter the resumes accordingly. THAT is its only possible value...

('what color is your parachute' would recommend bypassing HR anyway, so no need to follow the rules of mortals, if you can contact a hiring manager directly, because THEY are the ones who really recognize true skill and if you have it, they'll pick YOU over THEM)

Thunderbird is GO: Mozilla prepares to jettison mail client

bombastic bob Silver badge

I use thunderbird, and don't want to see it go

I use thunderbird, and don't want to see it go.

But I don't want it to turn into a "hamburger menu" version, either. If the wrong group maintains it, we could end up with another "the METRO" looking interface, like what seems to be happening to Firefox lately...

and don't call it "modern", that's actually a pejorative term, implying NOT wanting "that change" means you're a neanderthal or something... [like the way the "the METRO"-tards for windows "ape" and win-10-nic go off and do all the time]

maybe we could just host it on git. why does it need to "change" or "develop" anyway? works fine for me, and I'm using a 2 year old version even... (with gnome 2, on FreeBSD, and I'm happy with it). Just fix the bugs, and make it nice and solid.

Biting the hand that feeds IT © 1998–2019