* Posts by Wzrd1

2260 publicly visible posts • joined 7 Dec 2012

Amazon confirms it locked Microsoft engineer out of his Echo gear over false claim

Wzrd1 Silver badge

Re: Guilty until proven otherwise

There are precisely three chances that I'd ever own or possess such a device, regardless of which Wizard of Oz controls it.

Slim, fat and none.

My video surveillance, my device and server. Period, end of story. Same with my door locks. The day I have to surrender control to my door lock is the day I mine my damned door and I am very well experienced in counterterrorism and explosive demolitions.

Yes, I used to terrorize actual terrorists for a living. I've also done redundant systems, with full fault tolerance and both fail safe and fail unsafe systems, doing a lot of defense work.

As for shit lists, got my own and am on quite a few. Oddly, I've managed to avoid getting on any FVEY shit lists thus far. But, I suspect that's a mutual thing ever since they tagged me REF.

Retired, Extremely Flatulent.

Wzrd1 Silver badge

Re: Hypocritical

Odd, I've barely noticed any of that.

Oh, that's because I run Linux and *BSD, with one Windows machine under duress for interacting with medical equipment and the most repaired system that I own, despite it being the newest.

Software security patches and "improvements" necessitating ever so many repairs before the damned thing will properly function again.

I call it job security training.

Wzrd1 Silver badge

Re: no backup strategy, SMH stupidity

Hopefully, given his UPS capability, he'll consider a moderate generator with automagic transfer switch. They're only around $7k USD here. Around the size of an average central air conditioning compressor in size and can run on either stored fuel or natural gas.

If one has gone to the level of expense he already has, in for the penny, in for the pound.

But, for authentication services, I still prefer everything in house. And to be honest, I still get greeting cards from my utility company.

Wzrd1 Silver badge

Re: What, no backup strategy?

For me, all critical systems are to be in house controlled, either manually or via automation here.

After all, internet outages are a thing. Power outages easily handled via UPS and a generator with an automatic transfer switch.

That said, my home entertainment system is fully automated, with servers in house. Lights, I get off my fat arse and operate them, just as I have to do to go to the toilet or prepare and eat my food.

Getting food, that's either a 3.5 mile round trip walk to one supermarket or a smaller market at 5 miles round trip with items the first market doesn't carry. Additional exercise item, the sidewalks are slightly below the quality of a well used tank trail.

Upside is, for the cost of a cheap pair of shoes, ethanol is available near the supermarket at 3.5 miles, so I can simply take my shoes off and float home.

Reliability, not magic when every subsystem works and havoc when one component, such as one authorization service gets capriciously disconnected.

Wzrd1 Silver badge

Indeed. If I wasted money on smart home products and that happened, I'd box up the lot of Amazon interacting products and the video and drop the lot off at my attorney's office and contact the federal attorney for felony denial of service charges to be investigated.

Then, replace the crap with things that I control, not some megacorporation.

Might as well leverage some of my excess computing power I already have anyway, as I have more computing power than the Starship Enterprise. So much so, I was astonished when they shuttered Three Mile Island, given its proximity and output capability, now they're on natural gas fueled energy.

I'm considering getting some sterling engines, to recoup some of the heat losses...

After scaring the world, China shows off 'chute that can aim Long March rockets' descents

Wzrd1 Silver badge

It'd work great for a repeat of

Intelsat 708.

It'd complete the job on the incinerated village.

Gen Z and Millennials don't know what their colleagues are talking about half the time

Wzrd1 Silver badge

Re: .. One lump, or two ..

It was always obvious that a ginger snap could take an edge, but how that was done with a bourbon and a pink wafer we may never find out. We really, really hope we never find out.

Oh, that's standard training that's conducted by the BOTF to all new trainees.

Wzrd1 Silver badge

Re: .. One lump, or two ..

Which is why that fine silver hammer is part of the standard kit on any corporate tea trolley.

Wzrd1 Silver badge

Re: Weird Al «Mission Statement»

As I was transliterating that into English, I was also considering (yeah, multitasking) how filtering that a half dozen times through ChatGPT and sending it back to confirm the intention of the originator would be.

Of course, I'm over 60, so am fresh out of craps to give.

Wzrd1 Silver badge

Re: Thanks El Reg...

I've, alas, received more than my share of memos that are fairly close to that.

As I parse through and transliterate it into proper English, I have to run it through a special mental filter, as well as buzzword context transliteration.

The filter is simple enough: I realize that 99.99% of the time, the one issuing said buzzword dense screeds have absolutely no damned idea in the world what they're blathering about.

I have been known to retaliate, using plain English, to repeat back the transliterated version, being as dense as humanly imaginable, to request clarification on key points. Heaven save the poor SOB that used circular thinking or really doesn't know what they were saying, as I infamously do not suffer fools well, regardless of which section of which floor they currently briefly occupy.

Difficult originators or repeat offenders have been known to suffer a serious industrial accident involving the new electric urinal, which mysteriously is connected to a proximity card reader that's keyed to their newly issued card.

Which reminds me, I really need to check on my bid for that auction for a wood chipper...

Will Flatpak and Snap replace desktop Linux native apps?

Wzrd1 Silver badge

Re: Using Snap comes at a cost

I've already had to uninstall containerized packages, as there were critical vulnerabilities, there was a delay for unknown reasons in an update for the containerized package and a patch was available for the offending software that was so thoughtfully containerized and hence, refractory to patching without expending more man hours than just compiling from source and installing it the old fashioned way.

Add in, now I have to run a package manager on my test systems for updates, then snap, then whatever other joy of a containerized package system that the distro may thoughtfully include. Package managers were created to resolve dependency issues, which containerized package managers now are to resolve and I'm sure we'll add another 16 layers of work for system administrators to slave over.

Because tossing out the baby with the soiled diaper is an option or something, call it optimization. I'll call it eventual extinction.

Scientists claim >99 percent identification rate of ChatGPT content

Wzrd1 Silver badge

So, they've gotten to a 92% alleged accuracy rate in detecting

a Chinese room problem.

That literally is the problem with the bot output. It doesn't understand language at all, only sets of approximate rules and searches based upon that rather nebulous incomprehension.

It was accurately, if fancifully outlined in Watts novel Blindsight.

Cunningly camouflaged cable routed around WAN-sized hole in project budget

Wzrd1 Silver badge

Well, I've saw uglier

Some years back, I was the information security officer for a forward deployed military installation. The installation originally being a pre-positioned stock storage facility, which was ginned into depot service for a certain pair of wars.

While there, our enterprising folks with the Patriot missile battery decided to connect their missile battery command post to the installation network. Not a whisper of a by your leave, just jackass in and hope for the best.

So, I'm walking from the chapel parking lot, where I stowed my vehicle upon arrival to work and came upon a cat 5 network cable ever so carefully stretched along the ground, with concertina wire protecting it. Yeah, razor wire security and worse, when I followed said offending, unauthorized cable, it was plugged into our classified network.

I disconnected the cable, changed the combination on the door lock and cut several 1 meter segments from the cable, then kicked the rest of the cable into the wire, then filed a thoroughly irate report as to the major security breach. Their harebrained attempt ended immediately.

Around two weeks later, they dutifully launched one of their Patriot missiles in the general direction of the airport, thankfully, not locked onto any target. The missile, lacking a target, promptly committed suicide and crashed into the ground - literally in the Minister of Defense's actual back yard.

Said unit then became the patriotless missile battery for the duration of their stay in country.

Alas, both stories are entirely true and involved one singular unit.

The FBI as advanced persistent threat – and what to do about it

Wzrd1 Silver badge

Re: Baseband processor

Nope.

Unless and until you buy your own cell phone towers and switches, they still own the network if they want to and can install anything that they want to via network mandated updates.

Phones aren't your PC, where you can pick and choose what updated software is allowed to get installed. Cell phones will update silently if the carrier network tells the device to do so, with no alert, no notification and no interaction from the end user. They can turn on and off your microphone, camera and disable the pretty little LED telling you that they're active.

That's actually ancient news, it's why the Taliban destroyed cell towers after we refused their demand to turn the towers off at certain times each day. They knew we were listening and the easiest counter was to shut down towers, as nobody can trust end users to not bring their cell phones where they're not allowed to be.

Seriously, boss? You want that stupid password? OK, you get that stupid password

Wzrd1 Silver badge

Re: root password?

Root exists, but is denied interactive logon if a password is defined. So, one logs in as onself, is in sudoers and one does a sudo and one's own password to sudo the task of one's choice.

Europe’s biggest city council faces £100M bill in Oracle ERP project disaster

Wzrd1 Silver badge

I've briefly encountered similar issues in the past

Most of the overruns ceasing abruptly when I asked one simple question.

"Are you comfortable with the phrase fundamental breach of contract?"

Suddenly, the cost overruns ended, date slippage ceased and progress ensued, as under our laws, a fundamental breach of contract is not only fully recoverable, but damages can be awarded. The contracting company then has to figure out, free product and services *and* pay damages or absorb their illegally massive underbid, as such is simply fraud to acquire a contract. Plus, awarded damages, losses and oh yeah, getting blacklisted as a vendor in perpetuity.

EU's Cyber Resilience Act contains a poison pill for open source developers

Wzrd1 Silver badge

Re: So let the Open Source 'community' teach the European Community

Especially if a small outfit, such as the OpenSSL project were to craft such a license condition, then litigate once they're aware of that license being violated.

Effects: No openSSL, most e-commerce and TLS implementations cease immediately or litigation bankrupts the breeching party in the EU, complete with takedown orders for entire websites.

One needs only look for such, ahem, low impact projects to find a wrench the size of the EU to throw into their legal works. If the legislators then decide to double down and insist, introduce them to the fine folks outside who are wielding their pitchforks and torches.

Millions of mobile phones come pre-infected with malware, say researchers

Wzrd1 Silver badge

Re: Non-Google Android

Fair enough, but Huawei would only pass along that which the PRC government already got from their OPM hack.

Making me an entry for Guinness' world recordbook for the thickest boring file.

Wzrd1 Silver badge

What is the point in collecting IP from poverty-stricken users? Surely the posh class have more interesting data to hoover.

Lessee, more users and hence more data for sale and capitalism 101, "Never say no! I don't want more money!".

Hence, the saying, "Quantity has a quality all of its own".

Pixies keep switching off my morning alarm, says Google Pixel owner

Wzrd1 Silver badge

Re: Problem spotted, User Error

News for most civilians, not news for those who served in the military.

While vox on devices is novel, I've been treated to find my own morale call home transcribed automagically, within a specific database I actually did have to review.

Suffice it to say, sexual moaning isn't, ahem, well transcribed by the AI at all.

The word unintelligible comes to mind.

Still, your objection is valid and shared. I don't have a damned thing set for vox. I also spot check my traffic through my proxy server, just to be sure.

True no one, not even oneself is the first rule of security.

Besides, I dread what a machine would make of a command of "fuck me"...

Wzrd1 Silver badge

Re: Dear God

Music is in the ear of the beholder.

While, I was a musician for many years, military related hearing loss robbed me of such enjoyment. So, I do as I did when the phone wasn't always ringing, ignore that which I didn't like.

Which also means, my filters work while asleep and I'll ignore anything I've not keyed mentally to arouse me, music, ringtones, gunshots (OK, actual gunshots will awaken me quickly and mine will be out and aimed precisely before I'm fully awake - it's happened a few times, but target acquisition means knowing what one's target is before engaging, another military thing).

Music to my ears would be my wife bitching at me, she died a bit over a year ago.

Wzrd1 Silver badge

Lost my wife a bit over a year ago, so no snores to awaken me beyond my own, which are loud enough to actually occasionally awaken me - and the governor of the next three states over.

The bladder, yeah. That and ironwood that awakens me if I try to roll over.

Golf tees can be painful to roll over upon.

Wzrd1 Silver badge

Re: Alexa Wakeup

I use old phone ringer tone to wake up, as I'm nearing awaking anyway, getting enough rest and all.

I'm also known for sleeping only 4 hours, then awakening, crashing every couple of months for 16 hours or so.

Old army habits die really hard.

Wzrd1 Silver badge

Re: I don't use any voice commands...

Indeed, I dread thinking what my voice command of "shit!" would bring.

Fuck brings only nightmares...

Wzrd1 Silver badge

Jesus help us. Digital watermark for audio to be detected?

Rather than detecting what is playing on the bloody speakers and filtered back to be ignored?

You do realize that the world is analog, don't you? While I do think in rather binary terms, I also think in algorithmic terms for analog processing.

The latter, cheaper in CPU and pre-processing costs, not to mention free processing on the users processors.

Wzrd1 Silver badge

Re: .. Boots ..

And in other news, Its been reported that Fairies wear Boots.

Not news here, did 28 years in the army.

Oh! Was that my outside voice?

Wzrd1 Silver badge

There's a reason I don't allow voice commands be operational.

Well, two reasons. Hearing loss and my television volume, which can only result in havoc were such a thing active.

Monitoring every word that I say and every syllable farted, another minus.

OK, I far entire paragraphs, get over it.

Apple pushes first-ever 'rapid' patch – and rapidly screws up

Wzrd1 Silver badge

Reminds me of a Windows patch

It applied, blew the wireless NIC into noop zone.

Downloaded the drivers and sneakernetted the damned things over via USB drive, which I first had to build, as my last one had failed hard, got the NIC working. Annoyingly, the laptop didn't have a wired NIC, so everything was wireless.

For the next patch to do the same damned thing.

Got it fixed that time, well, until the next patch munges their own drivers again and the chipset manufacturer's drivers...

But now, I've working USB flash drives to spare again. And an extra fine fireaxe.

Wzrd1 Silver badge

Re: If at first you fail...

One can only fail if one tries and fails, not trying to do something is just continuing to never succeed.

I've succeeded more often than I failed, when I failed, I worked to succeed and learned from the failure.

Your security failure was so bad we have to close the company … NOT!

Wzrd1 Silver badge

>... don't just straight-up lie.

Yep, in my country, the police would apologize by fixing the door via thrown incendiary grenades through it.

Child-devouring pothole will never hurt a BMW driver again

Wzrd1 Silver badge

Re: Volvos are really dull

You confuse the technical capability of 0-60 in 4.6 seconds with the driver's capability, which is 0-60 in 6.4 minutes.

Wzrd1 Silver badge

Re: The problem with that ...

The problem turned out to be a defective work order.

Rather than filling in the hole, then surfacing it, the order read hole filling, so they dutifully filled the hole with holes and surfaced over the holes.

We used to see the same phenomena in Philadelphia until the defective entry menu item was replaced when the computer was upgraded with a fire axe.

Don't worry, folks, here comes Chuck Schumer with some ideas about regulating AI

Wzrd1 Silver badge

So, they'll issue guidance on AI

While possessing no intelligence of their own. For a crowd infamous for being challenged by a three finger salute, this should be entertaining, utterly useless and impossible to either enforce or implement.

Astronomers clock runaway black hole leaving trail of fresh stars

Wzrd1 Silver badge

Re: As with many "accidental" discoveries.

Yep and like many discoveries, it all started off with a "huh, that's odd, can't be right".

But, it also was predicted to occur, just wasn't observed in the universe until now. Supermassive black holes don't usually collide, they more frequently will eject an interloper from both colliding galaxies and one prediction was stellar creation in the ejected SMBH wake.

Microsoft tells admins to autoreview your Autopatch alerts or autolose the service

Wzrd1 Silver badge

Re: Automatic fail

I have to a bleeding edge test group. Interestingly, my boss insisted upon being part of that test group.

I put my own machine in the production test group, if the bleeding edge didn't exsanguinate, we'd then test in the broader production test group. We put those in place after a much too small test group had some ill behaved patches trigger reboots in the middle of the day - including the installation commander during a briefing to his general.

Which is precisely what generated the KT boundary in the first place.

Given that DISA tests updates before releasing them broadly, then organizations test them further in their production network test groups, this should prove an interesting subject of conversation between the US DoD and Microsoft at contract time.

Wzrd1 Silver badge

Re: AutoPatch: something like ...

Marketing? Nah, the executive suite. They love bleeding edge stuff!

Well, until they have to use it and get all bloody...

Parts of UK booted offline as Virgin Media suffers massive broadband outage

Wzrd1 Silver badge

I'm reminded of two events

One, where a certain Islamic Republic decided to hijack an AS, causing intertubes wide outage of, oh, Googleish.

The other, a fat finger outage, at an odd point, doing exactly the same thing.

I'll say, based upon a certain invading country's MO and sudden emphasis on targeted online efforts, one could wonder, but then, Hanlon pokes his head up.

Suspicious timing, a bit off target, to be generous, not a lot of specific targets on the domain, I'm thinking Hanlon, for a change.

In short, a finger in need of going on a diet. We've all had one of those.

Once, by order, designed by me, of a mandatory reboot of XP machines weekly and always before a new operation, rebooting my installation commander's computer - during his briefing of his General.

There was much mutual laughter over that one, hoist upon one's own petard humor and precisely zero "additional guidance", per both authorities.

Another, due to an ill behaved, passed an abbreviated test group patch from Adobe, forcing a reboot on patch. Adobe didn't like the hate mail from senior government officials.

I loathed the downtime.

Gone in 120 seconds: Tesla Model 3 child's play for hackers

Wzrd1 Silver badge

So, yay!

Last week's news delivered again today.

I wonder, is El Reg next gonna give me last week's weather?

Wzrd1 Silver badge

Re: Expect updates soon

Yep, sounds like it's another year where everbody sucks.

As usual.

Wzrd1 Silver badge

Re: Take your pick......

Nope. Lying about a mistake borne out of incompetence.

You know, business as usual.

Wzrd1 Silver badge

Re: @T. F. M. Reader - Expect updates soon

Money to be made?

Well, if one cannot be part of the solution, there's money to be made in prolonging the problem.

I'll just get my hat...

Wzrd1 Silver badge

Re: Expect updates soon

The original joke was from W.C. Fields, first prize was a week in Philadelphia, second prize was two weeks in Philadelphia.

NYPD blues: Cops ignored 93 percent of surveillance law rules

Wzrd1 Silver badge

Yellow journalism at its best

The law is being complied with and the organization has no legislative authority. Good suggestions, but cops resist suggested changes and only obey the law's requirements.

I expect better of The Register than a poison pen article!

Wzrd1 Silver badge

With no due respect, you've gone off half cooked and hence, gave a full Arsenal response.

In large part due to this poison pen, yellow journalism article.

The law was passed and followed. The OIG is not a legislature, nor executive brach of the government. Indeed, they're not a part of the government at all, so their recommendations are just as valid as mine and I'm not a resident of NYC.

I agree with most of their suggestions, but those have precisely zero color of law.

Until the legislature and executive brach of the city enact a law, nothing will get done. If they do and NYPD refuses to comply, firing will occur and imprisonment for contempt of court will occur.

We don't do god-kings, tyrant kings or corporate laws, we have charters fir cities and counties, Constitutions for state and federal governments.

Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'

Wzrd1 Silver badge

Ah, give it time to persist and eventually mostly forgotten

For with Microsoft, a bug with seniority is then a feature.

GitHub publishes RSA SSH host keys by mistake, issues update

Wzrd1 Silver badge

Re: Easy fix

Too much maintenance? Imagine the maintenance required once you're in traction... ;)

Wzrd1 Silver badge

Re: Blinked, nearly missed it

Micros~1 security, direct from 127.0.0.1.

Wzrd1 Silver badge

Nobody should be publishing keys alone. That is why reviews are supposed to be SOP, to prevent an acute burst of intracranial flatulence from becoming a security incident.

Security 101: trust no one, not even oneself.

Wzrd1 Silver badge

Re: "Glitch diverts net traffic through Chinese ISP"

The obvious need to give new SA's a good dose of laxatives.

The old SA's, a diet for their fingers, as we age, our fingers grow ever so fat...

Wzrd1 Silver badge

Re: Sufficiently advanced stupidity

I'll be stealing that remark.