* Posts by bombastic bob

5563 posts • joined 1 May 2015

GOPwned: Republicans fall victim to email hack

bombastic bob Silver badge
Thumb Down

"I suppose that chimes with him appointing people who know fuck-all about science to science positions."

I was laughing until I hit that part. you just HAD to go there...

(I'm going to resist the troll-bait and NOT bite on it)

bombastic bob Silver badge

Re: The Russians are Coming!!!

"You make a good point in a poor way. I'm assuming that's the reason for so many down votes."

Naw, it's just the usual howler monkeys downvoting for the usual reasons (some might be members of my 'fan club' heh so I expect the same here). I gave him an upvote [because I 'got' the humor, for one]

bombastic bob Silver badge

Re: All we can do is wait

well, there could EASILY be a "there there" with the RNC. It's just possible that none of it would be a surprise, and so it would have little (if any) impact.

We ARE talking about POLITICIANS, people who collect money from special interests in order to get re-elected over and over and over and over...

There have been well-respected Republicans (as well as Demo[n,c][R,r]ats) who've been elected and respected, and later been indicted and convicted for campaign fund fraud (or other corruption), "Pay to Play" being one of the worst. Randy Cunningham, a Korean war veteran, was one such congress-dude from my area. Duncan Hunger Jr. (also from my area) is currently under investigation for 'irregularities' (i.e. using campaign funds for personal expenses) and may likely be convicted for it.

Washington D.C. can ruin the morals of even the MOST morally straight people, with all of the money and corruption and opportunities these people are exposed to. "The Swamp" is no exaggeration.

The only more CORRUPT town is Sacramento.

In any case I'd like to know what OS and e-mail system that the RNC was using. If it had been ME setting it up, a traditional setup using Linux or FreeBSD and reasonably secure SMTP+IMAP would've been in use (sorta like how I got my home setup working, even with just the built-in/default sendmail (or Exim) and Cyrus port, using default settings and SOME level of security on the LAN, would probably do the job).

and if it's an open source OS with open source e-mail/IMAP servers, maybe the NSA can get involved and produce special 'hardened' ones for government use?

Windows 10 or Cisco Advanced Malware Protection: Pick one

bombastic bob Silver badge

practice 'safe surfing' - seems to be compatible with everything

well, MY version of 'safe surfing' avoids using Edge, HTML mail, and Windows (in general) for web surfing, so maybe it's not so 'compatible' after all... (since 'avoid using windows' is a big part of it)

but at least do THESE things if you must use Windows:

a) don't view HTML mail as HTML [and no inline attachment previews, either]

b) don't preview e-mail nor web browse with an account that has 'admin' privs

c) don't use a Microsoft web browser

d) disable javascript as much as possible

e) don't download/install the application/plugin 'to view the content'

f) don't use any Adobe viewers (PDF and flash especially)

'c' and 'd' are probably the biggest vectors for malware, followed by 'e' and 'f', and then 'a' and 'b'. It's not perfect, but it'll work for most of what's out there, especially 0-days.

in any case, no need for anti-virus/anti-malware if you execute some self-discipline and do those things I just mentioned. THAT, and don't surf the web nor read e-mail logged in with 'admin' privs.

(or you can ignore what I said, at your own peril)

bombastic bob Silver badge

Re: Why?

"Windows 10 already comes with decent malware detection already."

see icon

Sing it loud and sing it proud: It's all about the cloud for Microsoft

bombastic bob Silver badge

I hear market speak

I'm not against what MS is doing with Azure [maybe they should stick with that] but yeah, the analytics side of things DOES seem 'creepy' to me... particularly with the slurping that we already know about.

That being said, IoT and cloudiness may have its use, but it seems more practical to keep IoT things on the private LAN and _not_ go into "the cloud". If your phone application needs to know what temperature your oven or refrigerator (or living room) is at, a 'peer to peer' method is PROBABLY a better solution. OK it would need a 'cloudy tracker' but NOT a 'cloudy service'.

Cloud IS overrated for MOST things that I've seen. It has its uses. It is NOT "the ultimate solution".

And, is all of their market hype part of a PLAN to monetize more of us 'end-users' ?

Microsoft's .NET Core 3 is almost here, which means time to move on from .NET Framework

bombastic bob Silver badge

"it is .NET Core 3.0 which will get devs excited." really?

you sure about that?

I strongly suspect it is all more lipstick on the boar, and on the non-oinky end. again. wheeeeee.

when ".Net" was first conceived, back in the early noughties, it was for an IIS web back end. Its overall design looks more like what "they" (the object-oriented evangelists) want EVERYTHING to look like. At least, that's my perception of it.

Then MS tried to shove this down the throat of EVERY developer, in EVERY version of DevStudio, by requiring you to JUMP THROUGH HOOPS to EXCLUDE it from your C/C++ build. I mean, WHO wants that monolithic do-nothing "you must have the latest" '.Net runtime' thing installed along with your application?

Granted, the DevStudio hoops aren't THAT difficult, but it requires some specific targeted "un-tick the box" settings changes in the project, and a careful test at the end to see if it's STILL hauling in ".Not" as a dependency. It's the fact that you HAVE to do them in the FIRST place that bugs me.

To think that non-windows developers might actually USE this is laughable. Ok maybe one or two. But still...

Remember how much *hate* there was when Gnome added 'tomboy' as a dependency, which THEN caused all of the mono stuff to install along with Gnome? I do. In particular, one of the Debian packages did this. I'm not 100% sure it was all gnome desktops, in case it wasn't. But that was enough for me. I went out of my way to make sure tomboy and all of that ".Not"/mono garbage was OFF of the system!

Well maybe devs WILL get 'excited'. But perhaps that word does not mean what you THINK it means...

icon because 'facepalm'

The news I'd lke to see: a C language toolkit that wraps Win32 API calls and runs on X11-based systems with unmodified Win32 API code. You know, like 'Wine' except sanctioned by MS.

Microsoft gets open-sourcey with Windows Forms and Windows Presentation Foundation

bombastic bob Silver badge

trying to resuscitate the thing

I see this as Microsoft trying to resuscitate their *FAILED* "new, shiny" UI model, aka that XAML-based abomination that ultimately helped make WinRT the failure we all know (and hate) today.

Just like it has been with ".Not Core" and other major components, trying to get the open source community to make use of this on non-Windows platforms has been _interesting_ in a lot of ways. The biggest 'interesting' is just how far they can take/use it for 'Embrace Extend Extinguish'... by way of open source!

Regardless of how else you see this, they're taking a failed idea and giving it away, more or less.

XAML, in theory, might make UI design easier. But when I looked closely at it [with respect to windows 8] I was horrified at what I saw. Reaching for the pink liquid, I decided that it would be a COMPLETE waste of time to take development in "that" direction. It seems, due to its lack of following, that other developers more or less agreed with me on that. (and yeah, UWP is NO better)

There are SO many cross-platform development tools, of which GTK and wxWidgets and Qt are probably the best option (or just use Java), that we do NOT need Micro-shaft cramming "their bloatware method" down anyone's throats.

On the other hand, the open-source-ness is STILL a good thing. It can provide some nice sample code on how to implement specific features that you might want to implement in your OWN open source library.

/me points out that if it weren't for ".Not", XAML, UWP, WinRT, and "The Metro", we'd have a really really good version of Windows without the controversy. That, and the 2D FLATTY. And the slurp. And the ads. And so on.

Naked women cleaning biz smashes patriarchy by introducing naked bloke gardening service

bombastic bob Silver badge

Re: Why is it sexist

it's only sexist because a member of the political correctness police SAYS so.

YouTube fight gets dirty: Kids urged to pester parents over Article 13

bombastic bob Silver badge

actually driving a teenager to threaten suicide?

well, that little emotional outburst must've been a cry for attention.

but yeah when you aim doom/gloom at children, you can expect that kind of thing. now if we could just hammer this point home for what THE 'EDUCATION' SYSTEM has been doing for DECADES, making every kid "feel" like the world is gonna end tomorrow from "made made whatever" and it's UP TO THEM to _CHANGE_ everything [by pressuring parents into voting for people who want to take freedom away, and doing the same thing when they're old enough to vote], like good little sponges of whatever social[ist] agenda the "teachers" are trying to cram into their soft, malleable minds, when you REGULARLY accept this kind of mass manipulation as if it's "normal"... you can EXPECT emotional extreme outburst responses like that one kid's "cry for help" suicide threat for LOSING YOUTUBE [oh my freaking dieties, the entire world is going to collapse into a quantum singularity, OMG,OMG,OMG,OMG,OMG!).

So yeah Google going with the SAME flow as their politics, stirring up 'the children' through some kind of manipulative tactic, for the young are easily manipulated/motivated and used like minions, aren't they Mr. Alinsky?

Microsoft: New icons, new drivers, AI! Everything is awesome!

bombastic bob Silver badge


it's probably a way (in their minds) of driving you to the "New, Shiny" when your perfectly good (10 year old) machine running 7 does the job faster, better, etc.. Require these 'new drivers' for ALL of the newer video hardware, and then vendors stop supporting 7...

By them 'driving' [bad pun] the drivers to "their new model", you could ALSO be stuck with the VESA driver [if they even bother to support THAT any more]. I actually ran into that problem when I migrated an XP laptop to windows 7. I needed a winders laptop for various things, and had that old one laying about, and used it (I had previousl put FreeBSD on it, but put it back to XP after getting a better latop). Unfortunately the XP video driver WOULD! NOT! WORK! in windows 7, when 'needs' basically forced me to update it from XP to 7. The VESA driver DOES work, but without any acceleration, so no playing videos on it any more. That machine is still useful, but uses the VESA driver, and not the old OEM driver.

So in a way this is just a re-hash of OLD problems.

Meanwhile, Linux and FreeBSD continue to support old hardware pretty well.

Also worth pointing out: does 'safe mode' let you easily pick a VESA driver for your video, just so that you can get your hardware to work, for whenever 'Windows Update' pooch-screws your computer? It used to do that, sub in the VESA driver when in 'safe mode', but I haven't put Win-10-nic on any physical hardware [and don't plan on doing so, either].

The dingo... er, Google stole my patent! Biz boss tells how Choc Factory staff tried to rip off idea from interview

bombastic bob Silver badge

Re: Academia and free software programmers need protection from patent vultures

well, there COULD be those 'mutual NDA' signatures to prevent such abuses, if "the big company" will even go for it, AND if it doesn't contain an exploitable loophole, yotta yotta. Dealing with the devil, expect some hidden agendas, twists, and backstabbings. Just sayin'. Pfffftttthhhhh... (wait, why isn't this working?) (ok it's a somewhat lame reference to the original 'Bedazzled', the one with Dudly Moore)

That being said, l[aw]yers write those NDAs _AND_ go after the patents, helping "them" to rip off the little guy, etc. etc. and probably on the belief that unpaid "consulting" belongs to THEM, and hence they "have a right to it". Sick, sad world in that you have to have a bit of 'paranoia mode' running, ALL of the time.

bombastic bob Silver badge

Well there IS some common sense to this as well. You want to show what you've done in an interview in order to get a job, but you don't want to give away any details about it that could potentially be stolen.

That being said, Google shoudl've never (allegedly) stolen an idea presented in a job interview. That's just plain unethical.

bombastic bob Silver badge

Re: First to file is now the law

I believe that the existence (or absence) of 'prior art' actually IS the standard, because a patent application (as I understand it) requires that you research for such things AND include appropriate references in the patent application, for existing patents, prior art related to your patent, and things like that.

If the patent search was inadequate (prior art exists and they KNEW about it) then the patent SHOULD be denied (and apparently was, in this case, as mentioned in the article).

As for filing when prior art isn't "available", filing first SHOULD matter. 2 people can work on the same thing at the same time, never communicate, and never publish what they're up to, and the first one to file 'wins'. Perhaps THAT is what the lawyers were referring to?

In any case, patent law needs TRUE reform, but FUD isn't helping. And 'I Am Not A Lawyer' for what it's worth. And DEFENDING a patent is expensive, necessarily so, I'd say. Filing is relatively cheap by comparison.

STIBP, collaborate and listen: Linus floats Linux kernel that 'fixes' Intel CPUs' Spectre slowdown

bombastic bob Silver badge

Re: He missed much more

/me reads the fine print... "the same C word" - you mean 'Cat' right?

remembering the 'hand' rule for 'Motion, Field, Current' I learned in the military - "Mary's Fuzzy... Cat"

(and 'Cat' is on the middle finger, naturally)

bombastic bob Silver badge

Re: He should hug off and mind his own business

" All those of us who are sick of snowflakes needing a safe space from being micro-aggressed by sporadic use of bad language should adopt an otherwise good, acceptable word to colloquially mean the same thing, until it sticks"

I nominate the OTHER 'F' word: FEEL

(I have been regularly playing THAT one for laughs, for YEARS)

Surface Book 2 afflicted by mystery Blue Screen Of Death errors

bombastic bob Silver badge


I have to wonder how much of this is connected to build 1809 problems...

"Let's apply the same fixes we did in 1809"


Prez Trump to host chinwag with Google, Microsoft, Oracle and Qualcomm – report

bombastic bob Silver badge

that's kinda what the (alleged?) search engine 'result rigging' is all about, right?

Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins

bombastic bob Silver badge

Re: Been that way for years

on a train, the guy next to you might be doing an MITM attack by setting up a wifi gateway...

Years ago, as a joke, while riding on a train, I set up a wifi AP on my laptop, running FreeBSD, to see how many people's computers would attempt to connect. A few hits, but enough as proof of concept. no internet was accessible, though, just the AP running. didn't even do DHCP. wasn't trying to crack systems, just see what would happen. Now, if I were REALLY trying to crack things, I'd have some spoofed intarweb stuff on there, or maybe MITM gateway to the *real* intarwebs, and some ssh-sniffing stuff to go with it... because knowing it CAN be done proves why you should be concerned!

Also worthy pointing out is the number of "promiscuous" computers out there that latched onto any AP they could find... and cell phones capable of acting like intarweb gateways.

VPN looks pretty good at this point (as was proposed as a solution in the article) as long as you're careful about verifying any server-side keys/certs to make sure you're talking to the right one.

It's nearly 2019, and your network can get pwned through an oscilloscope

bombastic bob Silver badge

Re: stuxnet/duqu

Tektronix was using WINDOWS? ew... [got any BSOD screenshots?]

/me verifies that model number - an expensive spectrum analyzer, with windows XP OS? <facepalm>

I guess the coolaid tasted pretty good, back then...

bombastic bob Silver badge

Re: This is your oscilloscope...

Yeah Siglent o-scopes are pretty nice feature-wise, but they're kinda "low end" on pricing and some of the overall construction and physical appearance reflects that. You get what you pay for, sometimes.

In this case, it's probably an inexpensive [but highly functional] piece of test equipment with an 'IoT' feature that has the same *kinds* of security problems you find in IoT devices. I'd guess that's because the people who designed it aren't computer people, they're more like IoT people. And I guess computer people are expensive or something...

I've got an older Siglent o-scope without 'teh entarweb' features, does what I want etc.. I bought it based on price vs features. No complaints.

Considering IoT makers need o-scopes, having an IoT-like feature was probably good for marketing. Not so good in implementing.

It's 'nyet' again, yet again, for Kaspersky: Appeal against US govt ban snubbed by Washington DC court

bombastic bob Silver badge

Re: I wonder how much this is helping their sales...

Boil it down to this:

a) someone high up in an organization (in this case, the U.S. gummint) says "don't buy from this vendor any more"

b) vendor finds out about it, and SUES THEM over lost sales.

yeah really good relationship you have with your customers. NOT.

Giraffe hacks printers worldwide to promote God-awful YouTuber. Did we read that one right?

bombastic bob Silver badge

Re: Why open port 9100?

IPv6 might have it open... just sayin'

bombastic bob Silver badge

Re: Get me a babysitter

he got wealthy being a MORON on Youtube, huh?

Well, when THAT dies off, he'll probably be dirt poor 'cause he spent it on stupid things. That'll be cosmic justice, the rags to riches back to rags tale. People like that wouldn't assume "it's a fad" and would burn money at an alarming rate until it's all gone and they're in over their heads.

"Diversify? Investment portfolio? What's THAT?"

meanwhile, the kind of content that Diamond and Silk typically does gets "flagged" and "shadow banned"... go fig.

GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

bombastic bob Silver badge

Re: Trying reasonableness?

next, they'll demand that loyal cops must be 'quartered' in your home. because, if you're not hiding anything, that should be ok too, right?

wait... didn't something like that happen in the 1770's? Only it was soldiers. Yeah. There was an actual WAR fought over that, and other things.

bombastic bob Silver badge

Re: Unanswered questions..

"Wouldn't it be awful if the GCHQ part did coin mining at the same time"

Wouldn't be EVEN FUNNIER if the GCHQ part scanned their network for vulnerabilities, planted viruses, inserted various back doors, and uploaded suspicious content to WIKILEAKS?

just a thought...

bombastic bob Silver badge

how can they do this [and keep the bad guys from doing the same] ?

OK - demanding BOTH ends of encrypted conversation have a back door that's NOT a back door...

W.T.F. ? (see icon)

And how are you gonna stop THE BAD GUYS from taking advantage of it?

And how are you going to PREVENT the bad guys from giving you the VIRTUAL FINGER and just doing encryption THEIR way and NOT telling you about it [until you try to back door them and it don't work] ???

because bad guys don't care about obeying laws. Only honest people obey laws. Right?

Dog with 'psychotic tendencies' escapes home to poop on his neighbours' pillows

bombastic bob Silver badge

Re: Bah!

this dog may be a case for use of shock collars - go outside the boundary, *ZAP*

and don't let the puppy eyes fool ya - behind those eyes is a PSYCHOPATHIC POOPER!

It also has that irritating concept of "be nice to the bully and he will stop" ANTI-logic. And rewarding for bad behavior. And a host of OTHER complete misconceptions.

[The dog's experience in the neighbor yard should be as unpleasant as possible, if he's inclined to tear things up and/or crap on pillows to mark his new "territory". THEN he will STAY away']

I understand that being IGNORED is sometimes the worst punishment for a dog... even a NEGATIVE response is better [to them] than NO response. This sounds like a job for... a PORTABLE KENNEL!

Lenovo superdishes not-so-superdosh for Superfish superloss: $40 waiting for you if you bought adware laptop

bombastic bob Silver badge

"Did you get Win-10-nic with ADWARE on it?"

now waiting for THAT class action lawsuit...


Here are another 45,000 reasons to patch Windows systems against old NSA exploits

bombastic bob Silver badge

Re: how about

sometimes article details are easy to miss. benefit of doubt. Still good advice. Shut that BLANKING EXCRETION (aka UPnP) OFF!

(cannot say that enough times)

OneDrive is broken: Microsoft's cloudy storage drops from the sky for EU users

bombastic bob Silver badge

" the little picture of a paper aeroplane with a snubbed nose well and truly made up for my inability to get to all my fecking files."

Is there a collection of these someplace? It might be fun to "share" it in a snarky manner around 'teh intarwebs'.

So, at Micro-shaft, do they have *ENOUGH* *TIME* to draw these 'cutesy' "ooops ME BAD" types of "excuse" pics? But NOT! ENOUGH! TIME! TO! MAKE! THEIR! SERVICES! RELIABLE!!!

I'd say they need to "re-think their priorities".

Oh my chord! Sennheiser hits bum note with major HTTPS certificate cock-up

bombastic bob Silver badge

Just 'A minor' setback. It will 'B sharp' soon enough. Enough to 'C major' improvements.

Q: what has 17 flats?

A: An 18-wheeler with one good tire

coat, please

bombastic bob Silver badge

Re: Sennheiser does other stuff too

their headphones are really good. But yeah, good at headphones. not so much at network security.

Huawei MateBook Pro X: PC makers look out, the phone guys are here

bombastic bob Silver badge

that assumes the pixel ratio is 1:1 - so is it 4x3 dimensions, but 3:2 pixels?

bombastic bob Silver badge

if it ships with Win-10-nic pre-installed, I won't want it.

Does it come with Linux?

(I assume it's not an apple clone)

Question: How fast is the Windows 10 October 2018 Update rolling out? Answer: Not very

bombastic bob Silver badge


just sad.

The antisocial network: 'Facebook has a black people problem,' claims staffer in exit salvo

bombastic bob Silver badge

Re: The problem with Minority voices...

heh - shoutout for Diamond and Silk

I have to wonder whether these 2 ladies, and how they have been treated, were a significant part of the reason for the disgruntled employee's allegations...

thanks for bringing it up.

bombastic bob Silver badge
Thumb Down

Re: Global underepresented influencer strategic partner manager voice

OK - if you say 'no. just no' to letting EVERYONE say what they want, even if YOU do not like it, then who is to be the arbiter of what is 'hate speech' and what is NOT? And right now, that is Fa[e]cebook.

The only reasonable alternative is to stop being offended at everything, let people say what they want online, and STOP TRYING TO CONTROL EVERYONE.

'Hate speech' is what it is, and may or not actually BE "hate" depending on who the audience is. I think it's time for overly-sensitive people to just "let it go" and stop it with the SILENCING (read: being a CONTROL FREAK).

bombastic bob Silver badge

Re: Global underepresented influencer strategic partner manager voice

"I should have thought you'd be glad to know that victimisation wasn't reserved solely for your group."

well, I happen to want EVERYONE to have more freedom. and I don't do the identity politics thing. In fact I think _MOST_ people don't do the identity politics thing. But there's a loud majority who do, and they end up making headlines...

bombastic bob Silver badge

Re: "it’s pretty disappointing to see you share our private messages"

well, then, if you see it on 'teh intarwebs', assume it's in the clear. That goes double for FB and other 'social media' because "they" are watching EVERYTHING.

(oh but I missed the IRL face-face conversation being posted - well that tells ya something about FB execs doesn't it?)

That's probably the safe way to go. But you also have to be careful what you call 'hate speech'. For example, in Hawaii the industrial farms are called 'Plantations'. Using the word 'plantation' (particularly in THAT context) has NOTHING to do with slavery. So it's not hate speech to use the word 'plantation', unless someone cherry picks every word you use and decides it is, then reports you, because it makes that person feel better or something.

And THAT kind of nit-picky political correctness is PROBABLY at the root of the controversy. You betcha!

bombastic bob Silver badge

Re: Global underepresented influencer strategic partner manager voice

"where he focused on underrepresented voices."

I can imagine the likely political views of someone having THAT job description...

"black people have had trouble discussing issues among themselves, because other people are reporting these discussions as hate speech"

That sort of thing seems to happen to CONSERVATIVES a lot, too. Recently, an Iraq war vet had his Twitter account closed on him, with no clear reason as to why [they SAID 'term of use' violations, but I guess JUST BEING A CONSERVATIVE ONLINE is worthy of such treatment, to them]. After appearing on the Tucker Carlson show on Fox News, *AMAZINGLY* Twitter realized their mistake and RE-INSTATED the guy's account!!!

But I say - do NOT ban them. Let them say what they want. And that goes for everyone else, too. Even if it *IS* "hate speech".

/me observes it could ALSO be a form of passive-aggressive harassment, flagging what they say as 'hate speech' in order to SILENCE them.

Microsoft readies the swatter as more bugs wriggle out of the Windows 10 woodwork

bombastic bob Silver badge

Re: Right.

"Move fast and break things"

yes, about that... the 'file associations' problem. BROKEN for (certain? only?) Win32 applications. It's getting attention around 'teh intarweb'.

IMPLICATIONS: Micro-shaft is SLOWLY trying to ELIMINATE non-UWP applications!!!

You know they want it. You know that "legacy" Win32 support HAS to be IRRITATING them. They've already SLAMMED THE DOOR on EVERY OS they've made that doesn't have UWP (anything prior to Win-10-nic, even when customers WANT the older ones). They've CRAMMED as much as they can cram and put UWP CRapps in our faces as PANELS in the 'Start Thing'. What MORE can they DO to FORCE everyone to CHANGE to UWP? [other than make it worth our while]

Rumors have 'mongered' that it is Micro-shaft's long-term plan to KILL OFF WIN32. This would mean that ALL future applications are CRapps sold through "The Store", _AND_ it would KILL! OFF! WINE! and _ANY_ sense of compatibility for OLDER APPLICATIONS [that do not spy on you].

So, aside from a conspiracy, WHY would the latest (broken) build of Win-10-nic NOT allow Win32 applications to do FILE ASSOCIATIONS??? That is a basic feature of Windows that has been around since FOREVER...

Linux and FreeBSD (and maybe OS/X) may become the ONLY alternative for small-time application builders [and custom applications built within a corporation for its own use] to be able to install and run an application of your own design, and make it available for OTHERS to do the same [from a binary or source], _WITHOUT_ having to go through some "Store" or "code signing" nonsense to DO it!!!

(I used to like windows because you could do all of that, and wrote some windows applications for company-only use a few of times - but NOW, it's becoming obvious that Micro-shaft does NOT want us to have THAT kind of freedom, unless THEY are "in the loop" - and get their 'piece of the action')

bombastic bob Silver badge
Thumb Up

Re: Also breaks Windows iCloud client

a simple technique to stop the forced updates? I love it!

3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day

bombastic bob Silver badge

Re: And of course...

miscreants are miscreants. you find criminals EVERYWHERE

bombastic bob Silver badge

Re: "3ve" (pronounced "Eve".)"

l33t sp33k lost its "popularity" in the mid-2000's I think...

still useful for passwords, though

I google'd for 'leet speak generators" and got a bunch of hits. Seems a lot of people like to keep 'l33t sp33k' alive.

Oh, and good article. I think it's informative enough to generally know what to look out for with respect to computer security.

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

bombastic bob Silver badge

Re: Debian vetting & trust

"That didn't work for fucking systemd, which idiot let that shit in.."

Yeah, well, I use Devuan to avoid systemd, and it derives from Debian. This doesn't mean Debian's practice of "being stable" isn't a really good feature of their distro (or the ones derived from it, like Devuan). There's still a choice.

bombastic bob Silver badge
Thumb Up

Re: Debian vetting & trust

"You don't see very many stories about malicious Debian packages."


'The bleeding edge' is highly overrated. Production servers need stability, not 'bleeding edge'.

bombastic bob Silver badge

Re: No software can be trusted

"But we can't trust your code, and that's what they were getting at."

A reasonable compromise (what we've been doing all along except for Node.js):

a) open source

b) well-tested prior to release

c) well-defined source snapshot identifying the release version (or fork in the repo, depending)

d) lots and lots of peer review

e) wait until the dust settles before upgrading to 'latest version'

Seems to have worked for me outside of this insane method of 'dynamic continuous update to bleeding edge' method being used for Node.js .

Linus has managed this with Linux for a long time. Having such a project manager makes a BIG difference. Having an official test+release system (and actual QA) does, too.

bombastic bob Silver badge

Re: Javascript

"Why did we ever allow this cr@p on our webpages in the first place."

Or in the back-end of a server, for that matter (i.e. Node.js).

JQuery and Node.js - the MALIGNANT TUMORS of 'Teh Intarwebs'.

There are better ways of doing these things. And they don't come with the *KINDS* of problems we see with client-side scripting (viruses, tracking, side-channel attacks, bitcoin mining) and server-side scripting with Node.js (single dependency update creating fail or malware on MANY servers at once).

Time for some CHEMO-THERAPY I say. Kill the tumor BEFORE IT GETS BIGGER.

bombastic bob Silver badge

Re: Build time internet dependencies are garbage

"Others outside your repo should not be able to break your builds."


From the article: "This vandalism is a stark reminder of the dangers of relying on deep and complex webs of dependencies in software"

This is reason to STOP THIS PRACTICE FORTHWITH! (see icon)

'Teh Cloud' is WAY overrated here. More like "underestimated" [with respect to the damage it can do].

I know that _I_ do not want to be the mid-level software guy being phoned up at zero-dark-thirty because some _IDIOT_ 'chose poorly' and updated a Node.JS dependency. Blame goes on the one at the other end of the phone. "Not my fault" won't fly, either. B.S. rolls down hill, and now it's hit the fan!

[it's also why I won't use shared runtime libs with windows applications - static link or not at all!!!]

Biting the hand that feeds IT © 1998–2019