246 posts • joined 24 Mar 2010
Rule 1 of spycraft
These are not accidents.
Re: Why the hell
Bugzilla was better.
Jira is a Golf Course Sale
Everyone who uses it hates it.
People who buy it, don't have to use it.
Nasty, poorly designed, poorly implemented, slow, memory hog.
Jira is bad software made badly by bad people who drink bad coffee, dress badly, and are bad at their jobs, and should feel bad.
And their dogs are bad dogs.
Seriously, no full text search over all fields? WTF? That was old tech in 1975.
Stop trying to design software. You are no good at it.
Re: Adobe Reader used to be quite good
No. No it didn't. It was always terrible. I was there, I remember.
Re: 85 new reasons to do it
Edge has a perfectly functional pdf reader built in.
Money is Goods
Theft Act 1968, 34(2)(b)
“goods”, except in so far as the context otherwise requires, includes money and every other description of property except land, and includes things severed from the land by stealing
Thoughts weigh millions of times more than protons.
The brain uses about 0.15 calories per minute. By relativistic mass-energy equivalence, the mass of 0.15 calories is 6.98e-15 grams. The mass of a proton is 1.67e-24 grams.
That means the brain uses approximately 4 billion protons worth of energy every minute. If a thinking brain uses 10% more energy, and you have ten thoughts per minute, a thought weighs in at 40 million protons.
So yes, protons are quite a bit lighter than thought, I would say.
Re: Forced to support forever
Big, bulky, or heavy on tech equipment has been used in the aftermath of Wannacry to excuse (some trusts of) the NHS. But is this really the software we're talking about? Isn't it just a lot of accountancy software, admin systems, data storage, and these kind of systems? Aren't in-your-face-everybody-can-relate-to-that examples (like MRIs, even here on elReg) used to cover for just secretary boxen?
Not quite: You cannot be compelled to testify *against yourself*.
If you are given immunity from prosecution you can be compelled to give any and all testimony and punished if you refuse.
Re: Citizens United
A "corporation" is the correct term. Corporate personality is what protects our right to form trades unions and charities, not just to form businesses.
It's a consequence of free association: Not only can I campaign in person and lobby the government in person, I can club together with like-minded people, and hire someone to do it for me. Not only can I say what I like (short of libel), I can club together with like minded people and make a film about it that says it better than I could.
The rule that allows people to club together to make a documentary critical of Hillary Clinton, is the same rule which allows Greenpeace to lobby the government, and the same rule which allows trades unions to donate to political campaigns, and the same rule that protects charities and businesses from having their property arbitrarily confiscated.
"Corporate personality encompasses the capacity of a corporation to have a name of its own, to sue and be sued, and to have the right to purchase, sell, lease, and mortgage its property in its own name. In addition, property cannot be taken away from a corporation without Due Process of Law."
Of course doctors did that even before the internet - they just called it a Medical Dictionary.
Outgassing or ablation of the materials, e.g. glue solvent evaporating, plasticisers in electrical conductors evaporating and so on.
Interaction between electrical currents and earth's magnetic field.
Microwaves or other EM radiation leaking out of the end. They have momentum, after all.
Re: "delivered selectively, out-of-order. and out-of-context..."
Correct. There is no such thing as unbiased. Media cannot report everything so must always choose what is important, which is a value judgement, which is to say irreducibly ideological.
Candidate A's lies are vital to report because Candidate A represents an existential threat to democracy, so every plausible story which undermines him is important. Candidate B's lies are just the usual peccadilloes of politicians no more worthy of reporting than Obama's breakfast choices.
To the extent there is any solution it is to read competing accounts, to see what other people pushing different angles believe are the important facts. This is the same reason trials have prosecution and defence. It's the same reason scientists try to tear each other's theories to shreds - though this usually takes at least a generation.
If you only hear one side you'll easily be convinced the other side cannot possibly have any merit. If you then conclude it's not worth hearing, there is no way back for you.
Re: How to handle leap seconds
Typical crystal oscillators are accurate to about 1-10 seconds in the day.
Most servers only update time via NTP a few times a day, and many only weekly or less or not at all.
The leap second is of the same order as the normal time skew which occurs on commodity hardware.
Nobody is suggesting you should allow the leap second to simply be added to the preceding second.
The proposition is that it is gradually adjusted over the subsequent hour or so, resulting in around 0.05% inaccuracy in duration during the period of adjustment, additional transactions, error comparing time elapsed to wall-clock time and so forth.
How to handle leap seconds
Windows does essentially the same thing: Ignores the leap second an treats the updated time after the event as clock skew, adjusting over an hour or so.
Your junior devs will never be good enough to handle leap seconds correctly.
Your server clock is not that accurate anyway.
It doesn't matter for most applications.
If you are not sure whether it matters for your application, it doesn't. If it did you would know because you would have an atomic time source in your lab.
So like WMIC then?
Ships with windows since 2002.
> wmic process where "Name='explorer.exe'" get Name,ProcessID,ParentPRocessID,ExecutablePath,CommandLine
> wmic process where "processID=9112" call terminate
> wmic process where "processID=9112" call AttachDebugger
Re: it only takes only four lines of code and a local config file
If they can run code as your login they can get your password in approximately a gazillion different easy ways.
Adding a more complicated and difficult method to the list does not make your position worse because your position is already "completely owned".
Re: it only takes only four lines of code and a local config file
Or just read your credentials from where Outlook stores them, or read them by logging keypresses or...
it only takes only four lines of code and a local config file
So it's not a vulnerability as it already requires you to have access in order to take advantage of it.
This is like saying "From the inside of the house I can open the window then go outside and climb in". Sure, but why bother if you are already in?
Requires local admin = not a vulnerability
If you have local admin you can install a keylogger into the regular mode, you don't need safe mode.
You can also read password hashes straight out of the registry. Because you own the SAM. This includes cached hashes[*[ from recent logins
Seriously who vets these stories?
[*] that's what enables you to log in using your domain credentials while not connected to the network
Don't be daft. They want you to use Tor.
Tor is a honeypot and always has been. The point is to provide a false sense of security while simultaneously identifying people with something to hide.
TBB bugs are for the FBI. The NSA can de-anonymise any Tor user just based on their overall view of global network traffic.
Why would you think a project planned, founded, and paid for by the US government - the Navy[*] specifically - would protect you from the US government? That's some seriously wishful thinking there.
The question of legitimacy is all about what they do with the information. As long as the culture within the organisation does not permit it to be used except for national security, the ordinary person is safe. That ship has sailed in the UK - this is used for Serious Crime, which includes child prostitution. And fraud. And pot dealing. And copyright violation. And tax evasion. Pretty much everything which isn't a driving offence actually.
[*] The head of the NSA is an admiral of the USN. Possibly coincidentally.
Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'
The way scientists do it is also adversarial.
Scientists are not disinterested, they have an enormous amount riding on their theories, far more than mere money. As such they can't be relied upon to find the holes in their own evidence.
That's why you need other scientists with competing theories to pick holes.
Darwinian processes are the only known processes to produce knowledge.
Wild guess: Unicode normalisation fail
Possibly doesn't normalise the password when changing it, meaning that it can't be entered subsequently. Or vice-versa. Since we are talking about IMAP it may just be that certain clients don't normalize passwords on entry.
They're not just sequences of bytes, you know.
Re: Modus Operandi
Not any more. The puritans will leave no loophole unplugged.
Good. Simple is best.
What should they use? USB flash drives? Why not floppies?
Re: This is actually largely irrelevant
Except.... that if you pay for large scale enterprise support it costs nigh on as much as an MSSQL licence for the same feature set. Just like if you pay for Red Hat Enterprise it costs about as much as Windows Server.
And if you don't buy support you need staff who can support it, which also costs money. If you operate at IBM/Google/Facebook scale it's a saving to support it yourself, but otherwise even for large blue-chips it doesn't make sense.
Products are priced the way they are because that's the most they can charge without making their customers switch. Ergo, at any price point, everything is usually approximately equal value for money..
Re: A bit off
Works for me on both Windows 7 and Window 10 calculator, both of which use an arbitrary precision arithmetic engine. I believe that's been the case since Vista.
What are you using? XP?
Re: It is our job to uphold the law
If I'm mugged at gunpoint, that's a crime in progress, but I'll be handing over my wallet all the same. If a child is kidnapped in practice you find that often people do what the criminals want first, then go to the police only afterwards.
Comparing on the one hand, paying an extortionist to retrieve irreplaceable property, and on the other, being too idle to shout "Oi!" at a casual thief, is just silly. They are different.
Re: It is our job to uphold the law
I've upvoted you for the sentiment, but you asked "how is this different"?
If I saw someone breaking into a car and stealing a hard-drive or a camera, I wouldn't ignore that, of course. As you say it is our duty to intervene.
But if someone stole a hard-drive containing my family photographs, or the only copy of (encrypted) customer data, or unencrypted sensitive information, or a camera whose card contains the only copy of someone's wedding photographs, I would pay the thief to get it back.
What's the difference? One is a crime in progress, the other is mitigating the damage from a crime which has already occurred. They are different.
Re: Price of an education...
Snapshots - a feature provided out of the box on Windows Vista and beyond - can be programmatically deleted, because the ability to delete data is a fundamental security requirement.
Law vs. real life
If you ask women out when you know they are not interested and find it annoying, that's harassment. Continuing to ask after the second clear "no" for example would generally count. Once, you are probably legally in the clear.
But in real life, you are expected to know whether a woman is interested before you ask her.
This is a social convention to prevent women having to bat away a hundred foolish questions every day. You should be able to pick this up from body language and facial expressions. However if you are poor at body language or you are still not sure, ask mutual friends their opinion before asking her.
If you get a lot of "no" answers, you should learn from that you are poor at interpreting facial expressions and body language, and stick to asking mutual friends first.
Re: UK libel law
No, the Mosley case was breach of confidence not libel.
We have to stop thinking these things are accidents
Really, why does anyone think this is not on purpose?
Re: The question remains ...
Serious, now. This!! FFS! THIS!!!!
"we'll harvest energy from people walking on floors!"
You know how walking on soft sand is harder work than walking on a hard pavement?
WHICH IS WHAT THAT WILL BE LIKE.
Re: runner up - prior art
Most modern smartphones have a planar surface as the front of the camera, so no adjustment for RI is necessary.
Re: Orwell said it (more or less) ...
What if women want to vote for a man? Will they be forced to vote for a woman?
Or will both men and women have both a male and female representative? What if they would rather have a transgender representative?
Why not just let them vote and let the chips fall as they may?
Re: It's like a fish taken out of the water...
DCOM not found in current versions of windows? What?
Re: What's all fuss is about ?
For the benefit of your friend, you do know that IE11 is installed as well? And still has compatibility mode?
Also sewage worker and bin person
Only discrimination can account for the dreadful underrepresentation of women in these vital industries!
Meanwhile 70% of PR are women, and that's fine.
Re: Let's impose a political litmus test before people can do their jobs...
If that's the kind of world you want to live in, the worst I wish you is that you should do so.
Let's impose a political litmus test before people can do their jobs...
See "opal gate" for how this works.
If you don't mouth the SJW Catechism to the satisfaction of the Political Officer then your options for professional development are to be severely constrained. It's unlawful for employers to do this in the EU.
But Open Source has become important, therefore Open Source becomes a power base, therefore Open Source will be colonised by party apparatchiks..
I want to vote down and up. ESR does gpsd and works on the time service, and repository conversion as well.
But well said on Linus.
Re: Seems sensible for anyone with a high profile.
"People will do this shit without any rational motivation beyond fame so give them a real reason and there are no limits."
This. Times 1000.
Re: Source code
No. Parties are governments. Persons of parties are individuals or companies. So this says:
No government shall require .. source code owned by an individual or government, as a condition of import, sale, use or distribution.
It just means they can't refuse to allow it to be sold, they can't refuse to allow it to be imported, distributed or used. It doesn't mean they can't make it a condition of buying it themselves. Nor does it mean that vendors can't make it a condition of selling it.
So governments can mandate open source for their own internal use. Companies and individuals can mandate open source for their own use, and enforce open source licences. But governments cannot mandate open source for companies or individuals in their country, except for critical infrastructure.
It doesn't ban open source. it prevents governments from banning non-open-source.
Arrows go in quivers, bows have extra strings
Also, this requires the attacker to be already running code at the user's current level of privilege - in which case they can install a key-logger and swipe the file.
Nothing to see here.
Re: "The only GOOD DRONE is a DEAD DRONE. Y'hear me, scumbags?!"
When every second counts, the police are only minutes away.
Or up to an hour, in rural areas. Or they may misclassify your call and not come at all.
Shotgun ownership is quite high in rural areas, and with good reason. A family man living in a rural area who owns a shotgun is probably just being a responsible parent protecting his children.
Contrary to what many believe, firearms are not banned in England. You don't need to give - or have - a reason of any kind to own a shotgun, you just need to be of good character.
Police rural response times: Norfolk: 20 minutes
Re: Wouldn't be worth it...
Most intestinal tract cancer is caused by HPV or H.Pylori, not bacon.
Re: Make up your minds boffins
It's the false certainty which is the problem.
"This is the best available scientific knowledge"... OK but that doesn't mean that it isn't still poor quality knowledge with weak evidence. Best does not mean good, it may just mean least bad.