Posts by Michael Wojcik

Re: Norton

What about Norton Antivirus is worth even £20 / year?

Yes, there are no privacy implications whatsoever from our infallible police forces, ever-fair guardians of justice, combing through photographs to extract palm- and fingerprints. I have the utmost confidence they will use this technique only to find those they know are Bad People, or are pretty sure about, or figure might be more or less Bad People, or would maybe do some Bad Stuff at some point in the future, or might annoy them at some time, or might annoy someone in a position of influence, or ...

But, I mean, an alleged drug dealer was caught,¹ so that excuses anything. Mustn't have drugs. Except alcohol, obviously. What good are my civil rights if someone else somewhere is getting high?

¹We're told he confessed, and that's indisputable proof, right?

Re: Have they fixed the bug where it rings but there's no notification to answer incoming calls?

Or sorting the Teams list alphabetically. Currently you have to sort teams manually by dragging and dropping, which is onerous if you're on more than a handful of teams (I'm on 38 at the moment) and works poorly (as drag-and-drop often does, particularly in crap Electron apps). And if you don't sort them, finding the team you want is an enormous pain in the ass.

This would be trivial to implement. It's something an intern could do.

But yes, Microsoft, continue to give us eye candy no one asked for.

Teams is awful. The underlying technology is awful (SharePoint – the worst way to make data available since clay tablets were invented), the UI is awful, performance is miserable.We used to use RocketChat for the chat / message-board functions; it was far from perfect, but it was much better.

I'll admit that for internal videoconferencing Teams is actually no worse than the many other products we've used (PVX, Bridgit, Skype, Lync/SfB, etc), and better than some (such as Go To Meeting or WebEx), in my experience. But its other functions are pretty much rubbish.

Re: "Legacy of single user on a disconnected PC"

It's not compatibility with the Win 3.x line which harms the security architecture of the NT line; it's user habits. That's why Vista introduced the split token and UAC – because Microsoft had given up on trying to wean people off doing everything with administrative access, and figured they'd just try throwing a half-height security barrier in the way.

Users, even technical ones, are notoriously resistant to security measures that affect their workflows.

That said, there are some problems with NT's security architecture, like the excess authority required to monitor processes (owned by other tokens) for termination. And the biggest issue with Windows security remains its enormous and crufty attack surface. Even without excess permissions, if you can drop a keylogger through an RCE you can eventually capture the current user's credentials, and pivoting and escalation will almost certainly be possible.

Re: When does the final crash test dummy go up on a test flight?

To be fair, I didn't know that was his plan either. But then I also don't particularly care whether he goes or not.

It's nice that we have multiple private firms innovating in this area, and I think it's fine that Branson is trying to use tourism to subsidize and advertise a bit. Not a personal priority for me – research is better done by machines, the long-term survival of H. sapiens is not something I'm invested in, and space travel will never be practical for all but the tiniest fraction of the population – but improving the technology is good.

Re: Carbon neutral

EVs are the future, even if they come with a fuel cell, or a thorium reactor, on board

Or one of those fancy internal-combustion engines I keep hearing about.

Diesel-electric works for locomotives. Why aren't the EV fans pushing for a hybrid pure-electric powertrain with ICE onboard generation? (Hybrid drivetrains are idiotic.) Solves the range and refueling problems, and if you want to charge it from the grid when it's parked for long periods, you're free to do so.

The only passenger cars of this sort that I've seen are exotics. It would make more sense than an electric-battery design for a pickup, or for anyone who needs to drive long distances.

Indeed. Police departments in the US have already demonstrated that they're more than happy to evade warrant requirements and other regulations by purchasing data from aggregators and resellers. This is a token PR move by Amazon; they and the police know it's essentially meaningless.

Re: "Phoenix is not on any prohibited party list and is not a sanctioned entity."

Indeed. It's very difficult for a ransomware crew to change its name and ... oh, wait.

Re: RFC is "rough draft"?

I-Ds (Internet Drafts) are drafts of some sort, rough or otherwise, and that's what we have in this case.

Frankly, while Kumari's draft might be amusing (I haven't read it, and the excerpts quoted in the article didn't inspire me to do so), I don't have much sympathy for his complaint. Some people will cite I-Ds as authoritive. So what; people will cite all sorts of things. Those who understand the IETF know that I-Ds are not normative and neither are many RFCs, only some of which are even on the Standards Track.

The archive that the IETF maintains of I-Ds is nonetheless useful, because some I-Ds never make it further but nonetheless become de facto standards, or at least a guideline for implementation, where no other standard exists. draft-ietf-tn3270e-extensions-04.txt (which I don't think made it to an RFC) is one example.

There are others of historical or theoretical interest, such as draft-ietf-usefor-useage-00.txt.

Re: Peer review

The suggested venues might get some attention from hobbyists, but real cryptographers and cryptanalysts typically have more important things to do with their time. Poking holes in ciphers with no compelling advantages from unknown authors gets tiresome quickly.

Re: Holy shit

In many parts of the US, $11K / month pre-tax is not a lot of money to live on. Even in the cheaper areas, if you're supporting a family, paying off college debt, etc, it's comfortable at best.

Re: a “very small” number

Known to have been compromised. And I would call that a "very small" consolation.

Considering that in the same sentence he managed to jam in the patent untruths that the attack was "unique" and "very novel", I think it's safe to dismiss the entire speech as utter bombast and bullshit.

Making excuses to avoid making amends.

Re: "The US DoD has opened up all of its publicly facing systems and apps to investigation"

They don't need to.

These systems are publicly-facing, so they're already "open" to state-sponsored actors and other professionals. "Opening" these systems in a case like this just means "we won't hassle you if you look for vulnerabilities".

Since publicly-facing systems are already under attack (all of them, constantly), there's nothing new here as far as the professionals are concerned. And, of course, by logging attacks and feeding those logs into SIEM / UEBA systems, you learn some information about your attackers.

I'd enjoy having a Sun-3 for the same reason. I think that was my first UNIX workstation. Used it at university for C, LISP, and Scheme coursework.

Or an IBM RT PC, which was the first workstation I used at work, and consequently wrote considerable non-trivial software for. Mine ran AOS (IBM's BSD port), not AIX. Unlike the SGI machines there was nothing sexy about the RT PC, but I have a perverse fondness for the ol' boat anchor.

Re: Confirm email address?

I think you mistake the point of the exercise.

Pai already knew what he was going to do – he had his instructions from his bosses at Verizon. The whole public-comment process was just a show to make it appear some sort of deliberation had taken place. As such, it was useful to have a large volume of comments, but not at all important that they be genuine.

It's possible to put windows side-by-side, so you can change the focus by moving your mouse. Or to run msbuild from within vim.

But, yeah, there's really no good debugger for .NET / CLR programs on Windows. WinDbg with SOS (or whatever they're calling the managed-code debugging extensions these days) really isn't viable; I use WinDbg for native-code debugging on Windows but it's largely useless for managed code. I don't think mdb is even supported anymore and it was always only marginally usable at best.

When I have to debug, I use Venomous Studio, much as I loathe it. It's uniformly terrible, but it's the only thing I've found that works, at least for the sorts of things I have to debug.

Of course, a lot of the managed code I'm debugging is written in managed modern-syntax OO COBOL, which source-language-sensitive debuggers will have trouble figuring out. (Visual Studio can because of our extensions, obviously.)

Re: Give us a clue

There are a lot of people in China, and it's wildly improbable that none of them have access to a botnet. This attack could have originated in China without having been requested or sanctioned by the Chinese government.

It's foolish to simply declare "it was China" with no evidence, because as you say there's little incentive for this sort of thing as a matter of foreign policy. It's equally foolish to eliminate all of China – government and private citizens – from consideration.

The position the Reg took in the article is the sensible one. We don't know. And, really, it doesn't much matter.

Re: Really ?

You'd have to be brainless not to figure that a healthy, literate (and armed) population will not tolerate much abuse.

Or have a competent understanding of psychology or history.

Healthy, literate people not only tolerate abuse, they actively participate in it. Being healthy and literate is better than the alternative, but it is by no means a magical prescription for freedom – and the capability (which is dubious however many personal weapons might be spread among the populace) to subvert the government's monopoly on violence doesn't change that, because the participation in abuse is almost entirely an effect of ideology, not repression.

I have to admit it sounds interesting to me, in much the same way that SaGa Frontier's "Free Scenario System" was. (SaGa Frontier is actually in the same family as the Final Fantasy games – the "SaGa" brand was used for the latter in Japan.)

In SaGa Frontier, you have your choice of seven protagonists, and with each one you can eventually assemble a party containing the other six. Then when you finish a protagonist's story, you go back and pick another one. So the entire game consists of taking the same seven characters through seven interrelated stories in the same setting, from seven points of view.

Based on the article I understand Octopath's approach is different, but I still like the idea of assembling a narrative from pieces rather than having it just supplied by the game, as with most of the Final Fantasy titles. Not that I haven't enjoyed several of the latter. (I haven't played them all because I'm a very late adopter and I generally only play video games while running on my treadmill, so it takes me years to get through a typical RPG.)

Re: Identured Servitude Agreement

I can't wait to see what Slavery will be modernized euphemistically into by these clowns.

"Rehabilitation." Already done.

Re: Insert meme here

In order to get power over Bitcoin you need a huge amount of computing power.

Wrong. Network-partitioning attacks against Bitcoin are not only possible, they're quite common. There are multiple papers on the subject.

I think you're giving him too much credit, and he just thought he was being clever. Criminals often overestimate their own skills.

Re: Those CDs were not SPAM

I knew people who hung them in windows to warn birds away. (There was a popular notion this would discourage birds from flying into the glass; I have no idea if this has been tested in any methodologically-sound fashion.)

For a while it was popular in some circles¹ to hang one from the rear-view mirror of one's car, which would occasionally reflect the sun right into the driver's eyes.

And, of course, they were commonly used as coasters.

¹Heh.

Re: So it's not a dry heat then?

Apparently many people find the word "moist" cacophonous or have unpleasant associations for it. It shows up regularly in lists of most-disliked words. ("Panties" is another frequent flyer.) It doesn't bother me, personally, and alternatives like "slightly damp" are usually awkward.

Re: Obviously more guns needed

Ah, some fine kookery from one of our resident kooks to liven up Monday.

"As soon as I find a HOLLOWED-OUT VOLCANO for lease in BRITISH COLUMBIA you will all be forced to RECOGNIZE MY GENIUS."

On the other hand, it's hard to pick between SSg7's 20 bazilliawatt laser and the coming flood of 3D-printed assault rifles being mass-manufactured by terr'ists and gangbangers for Fake Threat to Ignore o' the Day.

I'm not a fan of guns, any more than I'm a fan of chainsaws; they're both tools, and dangerous ones,¹ and it would be good to keep them away from idiots and assholes but that's largely infeasible. But 3D printing does not seem likely to greatly aggravate the gun problem in the US, and forbidding it will almost certainly not help anything in any significant way. Regulations controlling the sale of such guns might help somewhat, at least in making them even less economically attractive than they already are.

¹JFTR, at this time I own one chainsaw and zero guns. That could change; there are critters about the Mountain Fastness, including some rabies and plague vectors, among other possible reasons for wanting a firearm.