nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by RAMChYLD

554 posts • joined 12 Nov 2010

Page:

When something's weird in your ImageMagick upload, who ya gonna call? Ghostbusters!

RAMChYLD

This cannot be good

One of the web enterprise apps I developed uses Ghostscript.NET to convert PDF files (alongside Bitmap, GIF and PNG files) to JPEG for storage in SQL Server, and do the reverse when the user requests a "photo album" of their JPEG images, which the app will grab the relevant JPEG images (in this case, digital copies of issued certificates for the customer), compile them into a PDF, and let the customer download it. Removing ghostscript would completely break this which is one of the main functionality of the program.

Although, as it stands only authorized employees are allowed to perform any image uploads at all. But I shudder to think what will happen if someone manages to steal the credentials of one of the employees.

Why is Ghostscript is allowed to be so daft tho? They've been alive for over 30 years, and have plenty of time to implement input sanitization.

1
0

Ass-troplastic! Printing parts from p.. er... human waste

RAMChYLD

Why am I not surprised

> polyhydroxybutyrate (PHB)

Can't stop giggling.

2
0

Super Cali goes ballistic, Starbucks is on notice: Expensive milky coffee is something quite cancerous

RAMChYLD

Make up your freaking mind, scientists!

First you say coffee prevents cancer. So I started consuming more of it because stomach cancer runs in my family.

Now you say coffee causes cancer.

Make up your freaking mind!

0
0

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

RAMChYLD

Re: It rather involved being on the other side of this airtight hatchway

"reflashing firmware should wipe the keys."

Wouldn't doing that render, at very least, lost of access to DRMed files (assuming the BSAss, MPAssA and RIAssA mandates that the OS stores decryption keys for the DRMed media you bought off Google Play/iTunes/Windows Store on the TPM if one is available) and at worst, lost of the content of the entire hard drive (assuming the user encrypted the entire drive and the key is stored on the TPM)?

I think leaving the TPM untouched is more for the convenience of the user. Who has the time to go through reformatting an entire PC and deal with data loss just because the firmware was updated?

Although, imo, the world would be a better place without TPM. The only thing TPM does is it gives big corporations even more control over your own PC and what you have installed.

5
0

Are you taking the peacock? United Airlines deny flight to 'emotional support' bird

RAMChYLD

Re: Marketing opportunity?

Couldn't you just get one of those from Build A Bear Workshop or something? I'm pretty sure you can choose what sound you want to put into one while buying a bear from there.

0
0

YouTube turns off cash tap for automatic video nasties

RAMChYLD
Mushroom

Re: *checks YouTube channel stats*

> Number of subscribers: 972.

> Awww.

You think that's bad? Try a channel with only 44 subscribers and less than 300 views a month. Up until this point I have nothing interesting to offer tho.

I decided that my new year resolution for 2018 was to finally get serious with my Youtube channel because the shitty Malaysian economy overall had left me almost a pauper (price of goods going up, but my pay had not changed over the last three years- company's official stand was "business was bad"), but just as I start to put some elbow grease and started producing videos, Youtube waltzes up and move the goalpost farther away. All so those successful channels like Markiplier and Linus Tech Tips can continue raking more money at the expense of making it harder for newbies like me to break into the market...

10
0

Apple macOS so secure some apps can't be easily deleted

RAMChYLD
FAIL

Re: Move along, nothing to see here.

> I, and Apple, and others, firmly believe the average user does

> not need to install KEXTs, ever.

Then, add frigging touchscreen support to Mac OS Already. Or at least allow one to be recognized and operated as a generic mouse.

I have a Dell ST2220T display hooked up to my Mac Mini. Can't even operate the touchscreen without installing an expensive KEXT from Touch Base. Linux can use the touch portion of the screen upfront without any need to install anything.

And to top it off, Apple wants to merge iOS and Mac OS apps. That's a bad enough idea as is, but explain to me how I'm going to use iOS apps without pinch-to-zoom gestures?

1
2

BlackBerry won't kill BB10 until 2020, pulls regular Priv updates

RAMChYLD

Re: Refusing to update their own software on their own hardware...

> We shall see how long they support my mothers DTEK60 (gorgeous phone). Then I shall

> wipe it and put LineageOS on it...

If you successfully do that, let us know. Allegedly the bootloader's locked, and BB won't unlock it.

1
0
RAMChYLD

Same here. Really saddened to hear this, I've been using a Priv for a little over a year. Good phone, you don't find phones with a world 4G radio and a built-in hardware keyboard on the same package really often.

Hopefully Blackberry would start offering a way to unlock the phone? Better to drop LegacyOS onto it or try to slip Oreo Go Edition onto it than destine it for the landfill given how much I paid for it.

0
0

Microsoft hits new low: Threatens to axe classic Paint from Windows 10

RAMChYLD
FAIL

Naff and underpowered?

It takes 10 seconds to fire up paint, paste the screenshot into it, crop it, and then save the shot as a JPG to use in technical documentations. People might not miss it, but I will. The Gimp is great, but that's for serious art sessions, not quick screenshot work.

12
1

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents

RAMChYLD

Re: 'They could just remove the batteries.'

If you want to go the extra mile, you can take her apart and rip the microphone, camera and circuit board out, then put her back together.

If this thing is anything like those Smart Toys Mattel put out tho, the battery is non-removable. You may need screwdrivers with a proprietary head as well as a pair of wire cutters to gut the thing.

0
1
RAMChYLD

Re: @ Dwarf

since when is a laptop not a "innocuous household object"?

0
0

IT guy checks to see if PC is virus-free, with virus-ridden USB stick

RAMChYLD
WTF?

> Paranoia? You bet!

More than that, it sounds shady.

You sure said director isn't embezzling money or selling company secrets? Personal equipment like that shouldn't be allowed on company network.

0
0

China announces it wants more immigrants, better diplomats and science-led industry

RAMChYLD

Re: okay, but...

Let's not forget their ridiculous Internet censorship and surveillance. Get rid of that and maybe we can talk turkey, China.

10
2

Hacker: I made 160,000 printers spew out ASCII art around the world

RAMChYLD

Re: Holy crap!

My big beef with these printers is that they don't come with programming manuals anymore. I remember when I got my first printer, an Epson LQ-100, and it came with a nice, thick book explaining all the escape sequences one can send from BASIC. Spend enough time on it and you could practically draw really nice graphics.

Those were the days.

Also, back in those days you could practically get ISO/A2 printers off the shelf - I have a NEC P6300 with the color kit installed. It could do ISO/A2 color prints. Can't do that without spending big bucks on a large format printer nowadays.

9
0

Microsoft's DRM can expose Windows-on-Tor users' IP address

RAMChYLD

Re: Is it just me

Well, there are still several drawbacks on Linux:

Firstly, the fact that there are not many game companies supporting it. Steam is nice, but even then half of the games on Steam aren't available on SteamOS/Linux. And that's well, Valve is pretty much the best company when it comes to Linux gaming. EA and Activision-Blizzard don't give a hoot, and the latter even actively ban users caught using WINE to run their games. EA is slightly better in that they don't care if you use WINE, but a lot of their games are hard to get working in WINE anyway. Also, sadly, there has been no port of EA games to Linux ever since Loki Software folded.

Secondly, hardware support. Linux devs need to listen to their users more. Last I tried only Ubuntu supports hardware RAID. The excuse that motherboard RAID isn't beneficial is not valid. A lot of modern motherboards also enable caching when RAID is enabled. Also, I've said this many times before, but the anecdote that the CPU is handling the scheduling just isn't true on certain chipsets- for example, the NVidia NForce chipsets has an ASIC to handle the RAID arrays and offload the task from the CPU. The distro developers shouldn't be all smug and tell users to just stick to AHCI - there are valid reasons to support motherboard RAID.

Additionally, Radeon support on Linux still lacks CrossFireX/Dual Graphics support and even basic functionality like stippled and smooth primitives on certain cards. Ever since FGLRX support was dropped, many rigs went from competent to unusable. I was forced to convert one of my rigs that ran Ubuntu back to Windows because it FGLRX no longer supported it, and said rig happened to use a APU+GPU dual graphics configuration (1).

Don't get me wrong, I still do have several Linux boxes dedicated to the cause. But losing FGLRX and being stuck with Ubuntu because it's the only Linux distro that supports motherboard RAID is pretty frustrating.

(*1) https://www.x.org/wiki/RadeonFeature/

7
8
RAMChYLD

Re: What? you mean

> 192.1.0.1 ?

> Isn't that what most home PCs use?

Nope, the valid class-C private address is 192.168.x.x, anything 192 but not 192.168 is still fair play iirc.

8
1

Trump's FBI boss, Attorney General picks reckon your encryption's getting backdoored

RAMChYLD

Re: {ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>

Looks more like a baud mismatch.

True story. I once tried sending serial data at 115,200kbps to a 9,600kbps thermal printer with handshake and parity off. The output was more or less something like this.

4
0

Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality

RAMChYLD

Re: Thanks for the reminder to Uninstall it.

If on Windows, check the appdata\roaming directory in your user folder. Not sure about Mac/Linux, I don't have Spotify on my Linux boxens and my I don't have access to my Mac at this time to check.

0
0

Google nukes ad-blocker AdNauseam, sweeps remains out of Chrome Web Store

RAMChYLD

Maybe they should've thought the whole video ad thing over

I don't mind text-only ads. However, when you start pushing obnoxious javascript, flash and video ads that play by default and I can't turn off, you've crossed the line. You're eating my quota by forcing stuff I don't want down my throat. And I'm pretty sure this is the sentiment felt by those who're on an Internet connection with an unreasonably low cap like I am. Also, javascript and flash ads are known to push malware (still having that problem on cracked.com on mobile).

Go back to text-only ads and I'll gladly stop using adblockers. Heck I'm pretty sure adblockers will fall out of use with text-only ads (plus, text-only ads won't be able to force malware onto a device because there's no javascript, it relies on the victim to be a schmuck to click on the link and get infected).

18
0

Sexbots could ‘over-exert’ their human lovers, academic warns

RAMChYLD

Just noticed that the researcher's name is Bendel. That's one letter away from Bender...

3
0

Persistent ad and dialler trojans found on 28 Android phones

RAMChYLD

Lenovo phones have WHAT?

Another black mark for Lenovo I guess. Between Superfish, locking people out of installing Linux on their laptop, and now this...

0
0

Has Canadian justice gone too far? Cops punish drunk drivers with NICKELBACK

RAMChYLD

I have to be a weirdo then

I actually enjoy me some Nickelback. Especially like putting on "If Everyone Cared" on repeat and cranking up the volume when I feel depressed.

12
0

AI can now tell if you're a criminal or not

RAMChYLD

Byzantine failure.

Machines do however break down, sometimes in byzantine ways that causes error in judgement.

A machine that may have been struck by lightning in the past may not fail immediately, but will become more and more error prone before failing.

So how can you trust the output of the machine if you can't tell if the machine is failing or not?

0
0

Sega MegaDrive/Genesis lives again, in Brazil!

RAMChYLD

Emulation inside

I've heard that the insides actually contain an ARM CPU emulating a MD/Genesis (not unlike what's inside Nintendo's offering), plus additional hardware to convert the mapping of physical cartridges to a filesystem compatible with the emulator. Not really that great given that this means that peripherals like the Sega/Mega CD and 32x won't work.

Honestly, I'd prefer pulling my old MD clone out of the closet and use that instead.

Interestingly, NXP still does make 68000 CPUs, as does Zilog with the z80. Wonder if the remaining PSG and YM OPN is still being produced, because apparently, the heart(s) of the Genesis is still readily available off the shelf.

0
0

Apple fans using Chrome on alert for Mac malware

RAMChYLD

Indeed. The good ol' days may not be as rosy as you remembered. Try dealing with the Scores virus, or SevenDust or Autostart 9805.

0
0

'Pork Explosion' flaw splatters Foxconn's Android phones

RAMChYLD
Thumb Up

Re: Physical Access

Indeed. It's a service to have that feature in there. A lot of people want to root their phone for various reasons (most common one I've heard is to get rid of all the shovelware in there). Granted, I've been lucky with Android devices so far in that none of them don't have the duff in there, but several people I know bought cheap Android phones (as well as not so cheap ones- I'm looking at you, Samsung and Lenovo!) that are chock full of those, and the only way to remove them is to root the device and then remove the junk APKs from the system image.

9
0

What’s that Sooty? You want a girlfriend?

RAMChYLD
Facepalm

Indeed. I always thought Soo was Sooty's GF.

She isn't?

0
0

Lenovo denies claims it plotted with Microsoft to block Linux installs

RAMChYLD

Re: What a whiny bunch of spoilt hypocritical Linux users

> Launching ALSA to compete with the defacto OSS standard

The way I remember it, the developers behind OSS wanted to start charging for the drivers for "prosumer" and "professional" cards. If they hadn't gotten greedy, maybe the split wouldn't have happened. I was already using Linux at that time (though I was just a greenhorn, being just a wide-eyed freshman at college having been just introduced to Red Hat Linux 6.1 by favorite lecturer).

1
0
RAMChYLD

RAID Mode

Are they just blocking Linux from running by setting the disk controller mode to RAID and forcing EFI and forcing CSM to disabled or is there some Secure Boot evilness involved as well? Because if it's RAID+GPT (CSM disabled, cannot be enabled) then it's actually possible to work around using kpartx on Ubuntu at least- you need to modprobe all the required RAID modules at boot and then run kpartx to activate the partitions, then once installed chroot into the hard disk and make it so the RAID modules are manually loaded at boot and get kpartx installed before rebooting. The problem here is that a lot of distros call it "fakeraid" and not bothering with it because "it does not bring any significant performance improvement" and "taxes the CPU" (their words, not mine. I actually noted that some RAID controllers like NVidia's NForce board have an ASIC to offload work so that the CPU is unaffected, but apparently they all say I'm wrong). So far I have gotten Ubuntu working on such RAID machines albeit with some elbow grease. And it's the reason I'm stuck with Ubuntu on my Linux machines. I use these RAID config on them (RAID-0 on one machine where speed is important and I don't care about the content of the storage, and RAID-5 on my Media Center PC). All the distros I've used to date doesn't support the config, only Ubuntu.

If it's secure boot, yeah, this is why I oppose secure boot, and intel for creating it.

3
0

Forgive me, father, for I have used an ad-blocker on news websites...

RAMChYLD

Re: No guilt at all

For me it's not only about "malads". I'm on mobile broadband during working hours on weekdays. Those video ads mess with my quota by eating them up in record speed. Bad enough I have to deal with Windows 10 slurping up my quota because you can't flag a Mi-Fi mobile hotspot as a metered connection.

1
0

Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs

RAMChYLD
Pint

Re: Secret Rootkit! HADOUKEN!!!

Nope, but I suspect it may be a case of the Konami- ie CEO position usurped by corrupt corporate executive, who demands DRM because more money. You'd think something was up when someone as high ranking as Keiji Inafune packs up and leaves.

2
0

‘Penultimate’ BlackBerry seen on 'do not publish' page as fire sale begins

RAMChYLD
Boffin

Re: Wrong

> A qwerty phone? really? Who uses this stuff?

I do -.-

I don't trust screen keyboards. They're wonky, and at one point I've accidentally sent a weird gif that the keyboard for some reason saved in it's emoji list (I was using the SwiftKey keyboard) to a friend on Facebook Messenger because my finger slipped.

I have both a Blackberry Passport and a Blackberry Priv. Before this I had a Q5 which died an untimely death a few months ago when it accidentally slipped out of my pants and fell into a bucket of water in the office loo. Have been a Blackberry user since Microsoft bought up Nokia because there was no upgrade path for N97 and N900 users.

And the reason I chose the Priv? The qwerty keyboard, and the 28-band world-multi LTE radio. And that it runs android, meaning I have access to all the same apps I bought for my Sony Xperia tablet. The Passport was good, but ultimately the loss of Facebook features and BB10 native Whatsapp is a deal breaker. Sure, I've hacked the Google store back in there, but some apps just refuse to run on it for one reason or another.

1
0

Nork server blunder leaks Kim Jong Un's entire DNS – all, er, 28 .kp domains

RAMChYLD
Coat

Re: What We Want To Know Though...

Well, they have Manbang...

Alright, I'll grab my coat.

7
0

Want a Dell printer? Unlucky – they've just stopped selling them

RAMChYLD

Well...

For what it's worth, they're just rebranded low-end Lexmarks anyway. No one will miss 'em.

1
0

Great British Block-Off: GCHQ floats plan to share its DNS filters

RAMChYLD

Re: Who uses the ISP DSN anyway?

You can't switch DNS on a smartphone tho.

Sure, you can on a jailbroken or rooted cellphone, but when you can't root or jailbreak for warranty or technical reasons, it's SOL.

2
0

Delete Google Maps? Go ahead, says Google, we'll still track you

RAMChYLD

Re: eh?

Sadly, tho, even your GSM, UMTS or LTE cell connection can rat you out. GSM signals can relay a location message to your cellphone via Cell Broadcast. I've seen it happen on my older Nokia phone when I explicitly told it to show such messages as it receives them.

0
0

Latest Intel, AMD chips will only run Windows 10 ... and Linux, BSD, OS X

RAMChYLD
Coffee/keyboard

Re: Slow, carefully planned suicide?

> 1. Buy a set of keycaps for Japanese, and switch Windows language to

> Japanese (Windows 10 doesn't limit this to Ultimate editions).

> 2. Switch Windows to Japanese, but make your own keycaps. You'll need

> a printer, a sheet of printable stickers, scissors, invisible/magic/whatever

> tape (not ordinary scotch) and a free afternoon.

> 3. Switch Windows to Japanese and learn to touch type.

It doesn't work that way. You can use IME, but real Japanese Windows requires a Japanese keyboard. And Japanese keyboards are not like US/UK keyboards due to Japanese keyboards having three extra keys to toggle between kanji/hiragana/katakana glyphs and the western alphabet that are not found in US/UK keyboards (in fact, US keyboards cannot stand in for a UK keyboard, a UK keyboard has two backslash keys- one which switch into a set of symbols, which US ones lack).

3
0

YouTube breaks Sony Bravias

RAMChYLD
Linux

> I'm at a loss... who'd buy a TV to watch YouTube Videos?

Well, some of us want to watch our videos on a big screen but don't want a huge monitor.

That said, I never understood Smart TVs. Do we really need that when hooking up a RPi, Android box or even a old PC that has been repurposed with Linux and Kodi suffice?

3
0

Fork YOU! Sure, take the code. Then what?

RAMChYLD

Forking Debian...

> One does not simply walk into Debian and fork it.

But the last time that happened, we got Ubuntu!

1
5

Did mock cop bot trot on fraught tot? Maybe not

RAMChYLD
Terminator

Re: That bot looks suitably menacing

Don't know about you guys, but that robot looks like what Apple would churn out if they were tasked to design a Dalek...

4
0

Typo in case-sensitive variable name cooked Google's cloud

RAMChYLD

Re: @ ben edwards

Ah, so you're a Hungarian style programmer!

0
0

VTech's Android tablet for kids 'hopelessly insecure'

RAMChYLD

Re: Golly Gee Whiz - If they (the kids) have nothing to hide..

I like to think of it more as a service. VTech's own Android store is piss if you don't live in the US or UK, every frigging app except for VTech's own is blocked off (due to "licensing issues", or whatever the BPI/BFI/MPAA/RIAA wants us to believe- yeah, so just because we're not in the US or UK, we're not allowed to download that Doc McStuffins eBook, or apps featuring other famous cartoon characters in general, while the very same apps are otherwise available on Amazon or Google Play at where I am?). If I want to sideload Amazon's appstore, getjar or even Google Play itself and get my apps on there, I should have the rights to. Same applies to Leapfrog's competing Epic tab.

As for the MicroSD card, I'd prefer it. These things only have a sad 8GB of storage on it. Hardly enough for the MP3 stash.

0
1

Windows 10 pilot rollouts will surge in early 2016, says Gartner

RAMChYLD
FAIL

Nope

Microsoft recently backtracked and removed the November 2015 fresh install ISO from their website and rolled back the Media Creation Tool so that it will only create RTM July 2015 ISOs. Imo that is the most stupid move ever. Their explaination is that from now on these upgrades will only be deployed via Windows Update.

When I upgraded to the November 2015 update via Windows Update, it initially gave me issues to no end. Not only did it take all night to install, it left me with a unusable system, which BSODs anytime I tried to start a program, gave me a never-ending stream of "missing msvc100.dll" errors, and hosed AMD QuickStream as a whole (kept saying something about the license key being invalid, despite there being no license key to input at all). And oh, it got rid of my antimalware program, SpyBot-SD, for no reason. I fresh-installed via the ISO and the problems never surfaced, suggesting a major flaw with Windows 10's upgrade procedure.

I'd be readying the popcorn for the next upgrade which is said to be planned for next July. With all those BSODing and no way to do a fresh install, Microsoft will be setting themselves up for the biggest barbecue in history. Sadly, my laptop will again be among those affected, but I figured I can go to Linux when that happens.

3
0

Microsoft rolls out first 'major update' to Windows 10

RAMChYLD

Re: Windows 10 works just fine

I have a common machine, and Windows 10 cannot run on it. Phenom II rig with nForce980a motherboard with a pair of GTX650 Ti Boosts. The rub comes in that the onboard GeForce 8100 which I have been using for CUDA cannot work in tandem with the 650 Ti Boosts. Microsoft insists on installing two separate video driver packages, of which only one can be active at a given time. This means that if I choose to use the 650 Ti Boosts, I cannot use the 8100, and if I choose the 8100, well, broken system- the motherboard is an Asus M4N98TD-Evo- which left the 8100 active but not have any video headers whatsoever- Asus expects one to use the 8100 only for CUDA. The last working driver for the system is 341.44, the exclusive 341 drivers for Win10 strangely omits supporting anything newer than GeForce300 cards, while the newer 350 drivers offered for the 650 Ti Boosts omit support for the 8100. If I install 341.44 for Windows 8.1, it will only get undone as Microsoft will smugly "try to help" by upgrading my drivers automatically every now and then given that Win10 does not allow one to turn of automatic updates, even if it's drivers. It seems that my only resolve is to downgrade the 650Ti Boosts to the pair of 260 GTXes in the store room (and even that I don't know how well it would go, I think the 260 have overheated and burnt out given the frequency of BSODs and graphical glitches on them- why I threw them aside for 450s and then 650s).

And oh, regarding the SBZ comment above, it's more or less the same issue with the X-Fi Platinum. Except that even digital passthrough doesn't work.

4
1
RAMChYLD

Here you go: https://support.microsoft.com/en-us/kb/3080351

Google and 10 minutes. Not sure why this entry wasn't showing at the top of the page.

2
2
RAMChYLD

Re: W00t!

Except that they pulled the music and movie store from Malaysia shortly before and Cortana is still not available (but is available in India?!? WTH?).

Also, it rolled the graphics card drivers on my laptop back to pre-release July 15th, 2015 ones (that's my main beef with Windows 10. AMD released updated drivers on August 3rd and again on August 21st. Windows keeps pushing the July 15th drivers despite the drivers being already newer). Also, it did something to the drivers- AMD Quickstream keeps complaining that it couldn't find the license to operate the software.

6
2

Pause Patch Tuesday downloads, buggy code can kill Outlook

RAMChYLD
Coat

I won't be surprised...

If this is a thinly-veiled ploy tp force folks to upgrade to Office 2016.

The one with the CD-R containing Libreoffice in the pocket, thanks.

2
1

Is the world ready for a bare-metal OS/2 rebirth?

RAMChYLD

Re: Good times...

Dust off Odin and bring 64-bit support to it?

2
0

XcodeGhost attack tapped into dev distaste for Apple's Gatekeeper

RAMChYLD

Re: Let me see...

It's not only China, it's all of Asia.

I'm in Malaysia. I recently had to download a XCode update. It was 3.2GB, and it took several hours even over a 20mbps FTTH line. I've already did speed tests, etc. Connection to all countries except Singapore is fine. But connection to Singapore gets throttled to an abysmal 2Mbps, often less.

I also have a router that could show who's connecting where on the network. Guess where Apple is forcing the download to come from.

1
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing