* Posts by DropBear

4733 publicly visible posts • joined 4 Mar 2013

Security guard cost bank millions by hitting emergency Off button

DropBear
Boffin

Re: Exit the Cleaner

I seem to remember that a motorcycle was the actual "demo page" of a certain brand of plotters. Don't ask me which brand, but I believe I still have that page somewhere. And those are definitely biker goggles -->

DropBear
WTF?

Re: Kim or Ken?

Actually... no. While what they were doing was not particularly advisable, it is established fact that the inherent and extremely dangerous instability of reactors of that design at very low power levels was not known at the time, and certainly wasn't known to anyone working at the plant. You might want to do some more reading...

DropBear

Re: IBM Customer Engineer

There are a number of jobs where impulse control is (or should be) a requirement. I seem to remember having read somewhere that astronauts were actually explicitly tested for it...

Gentoo GitHub repo hack made possible by these 3 rookie mistakes

DropBear

And there goes any remaining credibility of those savvy commentards who insist that site-specific variation schemes are the best thing since sliced bread and the answer to everything, each time the futility of modern password management is being discussed. I'm sure someone arguing that it can all be fixed with an even more convoluted site-obfuscation algorithm that nobody could possibly ever guess will come along shortly...

US Declaration of Independence labeled hate speech by Facebook bots

DropBear
WTF?

Surely the colonists were no angels (yes they did indeed do all that) - but if you suggest prior to them those Noble Natives were conducting all their conflict resolution by anything remotely resembling the Geneva Convention then I'm going to need the entire rest of the day off to laugh it off properly. Pot, kettle, they needed no "teaching" - and I'd wager most folks on the "less savage" side, as bad as they were, tended to stop short of doing certain things including but not limited to collecting skin off the heads of their vanquished foes.

DropBear
Big Brother

Re: What this shows ...

Yes and no. While it may be all but impossible to grab a handful of sand in such a way that none of it escapes past your fingers, it's perfectly possible to get most of a handful of sand from point A to point B. When you're in the business of crowd control, that's quite sufficient - there is a plethora of tools to deal with whatever "escapes".

DropBear

Re: Book burning Nazis

"check if a post is from a historical document"

That would be actually even worse, leading to the situation where mindlessly parroting sacrosanct quotes being protected but discussing them and the general ideas involved in your own words would be verboten. Don't worry though, we're getting there. Maybe with web 3.0 or 4.0...

Xiaomi's Wang: We're coming to the USA

DropBear

Re: hmmm... sure....

"I've not met anyone who puts the presence (or not) of a notch as a dealbreaker when it comes to phone choice"

Now you have. Nice to meet you too. Also, the point of an IR blaster is not to pretend it's an IrDA communications port, but to give you the ability to use your phone as an IR remote which I would very much like to have indeed except my phone is way too old to have one of those and I'm not going to upgrade just for that alone. Oh, and for the record - according to some twenty thousand peeps, only about a quarter of them find any kind of notch acceptable.

ZX Spectrum reboot firm boss delays director vote date again

DropBear

Re: Indiegogo are proving themselves as much a joke as RCL

I fully expect IGG to rely on the vast majority of its backers never having heard about the whole Vega thing - and be right. It seems that generally speaking it doesn't matter how badly a ship is taking on water, as long as large enough bits of it are still above the water the band can continue to play as if nothing was amiss...

'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

DropBear

Re: Richard Feynman

It's a mindset. If people cracking such safes would routinely come and go all around the place, the safe being unsafe would be self-evident and well understood. Seeing as how that's not the case, the safe used to be "fine" (sufficient against all actual threats, by virtue of there being hardly any) all the way until he showed up and proved it not so. The kind of people who think that reasoning like "it would still be fine if you hadn't messed with it" makes perfect sense tend to love to shoot the messenger, just so they can go back to "nobody capable to mount a credible threat left standing (that we can see), so we're perfectly safe again".

That said, nobody ever will shake your hand and thank you for embarrassing them - and the unusually enlightened exceptions who do are incredibly few and far between; so if you plan on doing that sort of thing to someone, you better be damn sure that either they are definitely in that minority or that you're bulletproof, before you hand them a loaded gun and announce you pwned them...

DropBear

Re: Insurance Black Boxes

The ECU probably doesn't go bananas at the very first bad reading from the MAF; by the time it decided "yep, it's definitely gone, time to log a fault" likely some time passed, hence the speed change...

What a flap: SIM swiped from slain stork's GPS tracker used to rack up $2,700 phone bill

DropBear
FAIL

They deserve every single cent on that bill for the utter lack of any sort of diligence on the matter. If you think you're entitled to a carefree stroll through a construction site, no need for a hard hat, just because you're "just a little old lady" and can't be bothered to care, you absolutely deserve to get your head taken off.

Bankrupt Aussie Hells Angel scoops £750k lottery jackpot

DropBear

Re: "Buying" a ticket is a classic money laundry method.

You have an honest winning ticket for $1000, con man offer to give you $4000 for it. You get more $$$$, he gets to keep $1000 of clean money and regards the rest of $3000 he paid you as the cost of laundering an illicitly gained $4000 into a clean $1000.

When Google's robots give your business the death sentence – who you gonna call?

DropBear

Re: If its mission critical

"Yet it is possible for ten people to run a reliable global service if they use the cloud."

Actually, my experience - such as it is - with satellite phone providers so far is frightfully reminiscent of the Google "experience" described in the article.

DropBear

"The other is that under certain circumstances Google support lacks human judgement"

There is no such thing as Google "support". Google is the cloud, and it offers exactly as much "support" as one. Your jetpack is out of fuel? Awww, tough luck: down you go and I hope you like craters. The Wall in the North from GoT is dwarfed by the edifice Google puts between its employees and its "customers".

Dear Samsung mobe owners: It may leak your private pics to randoms

DropBear
Trollface

Re: 'The seemingly misbehaving app is the default messaging tool on Samsung's Android devices'

"But at least they can't send back via the aerial"

Wait a few decades until everything runs on dynamically reconfigurable universal silicon (as a more general version of current FPGAs) and your hacked TV will spontaneously grow a transmitter if hacked...

The Notch contagion is spreading slower than phone experts thought

DropBear

Well guess what I want a reasonable bezel too. Aesthetics aside (which are murder on my OCD requiring neat, straight and symmetrical things) it's annoying enough never quite knowing whether just grabbing or holding my (currently quite traditionally bezel-ful) phone on its sides will result in activating something accidentally - or quite the opposite, blocking an intentional slide because the phone senses my hand near the edge and it thinks I'm "holding" the slide...

Rowhammer returns, Spectre fix unfixed, Wireguard makes a new friend, and much more

DropBear
Facepalm

Re: Meltdown and Spectre!

That guy sounds kinda full of it. There's a specific reason GPUs are structured the way they are, and yes any other CPU-based algorithm operating on large sets of non-interrelated data could benefit from more massively parallel data processing, but that's an awfully specific condition. Just because every computer operates on data it by no means follows that those operations can always - or even most of the time - be performed simultaneously, and speculative execution is the only thing that can help you there, kinda by definition. We can decide to give it up if we're okay with the performance hit it would cause, but we should stop pretending it's just a matter of "doing it differently" and we can have all that performance right back...

Potato, potato. Toma6to, I'm going to kill you... How a typo can turn an AI translator against us

DropBear
Trollface

Re: Machine translation

"Thanks for all the fiche, as the field circus peeps used to say."

You can have it, everything is on microfiche these days anyway...

The butterfly defect: MacBook keys wrecked by single grain of sand

DropBear
Trollface

Re: The elegant and slimmer fix

But where do you display the ads?

It's reading them out loud to you via the built-in ultra-flat piezo speaker, in a calm, soothing voice...

DropBear
Trollface

Re: Apple are shit nowadays

"People *always* want it to work and to be reliable."

I'd contend that might depend on which end of the gun the bloke you're asking happens to be looking at...

DropBear
Trollface

"Das Reg as usual because I feel like it"

I'm sorry but that is not a valid German word. Minimum plausible candidates start at no less than "Das ITfütterungshandbeißer"

Is it a bird? Is it a plane? Is it a giant alien space cigar? Whatever it is, boffins are baffled

DropBear
Trollface

Re: It's obvious

Well, duh - if you want that kind of message sent, it's well known there is a BDSM-styled version of the ducky, that's the one you send...

DropBear

Why was I not notified that Oglaf is on YouTube?!? Outrageous!!!

DropBear
Trollface

Re: Ahem....

That Dyson sphere wall suddenly sounds a lot better innit...

Facebook, Google, Microsoft scolded for tricking people into spilling their private info

DropBear
Facepalm

Re: BlackBerry [...] don't seem to want to sell my data either.

Unfortunately most sites really do work like "you may or may not want to fiddle with some settings, but ultimately everything we decide to call 'necessary' will be forced on you and all you can do is click 'I agree' or go away".

Google is currently harassing me with a "click ok to acknowledge we will continue to do whatever we want to do to you - just to be clear, it's an acknowledgement of taking notice, we are not asking you for permission to do it" note-wall "obstacle" (which I continue to DOM-delete each time) on multiple of its own services while Search / Mail / YouTube sees me as logged in and leaves me alone - go figure...

Disqus is currently insisting it has the God-given right to record my IP and hell knows what else as "necessary" and I must consent or else fuck off. Seeing as how the half of the internet that isn't using Facebook for comments is using Disqus, that used to be a bit of an issue until I got fed up and taught my blocker to bypass it.

Frankly, I'd really like to see most of these mammoths hit with max penalty several times and taken down several dozen notches in attitude - the smaller sites actually tend to turn out to be the more civilized ones in my experience. Ultimately though, if you're not a fan of cookies in general and wipe pretty much all of them each session you end up clicking through a forest each time you go to any website, again and again...

Not OK Google: Massive outage turns smart home kit utterly dumb

DropBear

All YouTube comments also went down two days or so ago, for a while. No idea if it's related, there are threads marking the exact moment on the YouTube Reddit if anyone wants to try correlating...

Relive your misspent, 8-bit youth on the BBC's reopened Micro archive

DropBear

Re: Ah...

Believe it or not my Speccy clone actually came with the full circuit diagram in its manual - and it wasn't a "5 ICs" diagram either, as our eastern clone implemented the obviously unobtainable ULA with 50 or so discrete 7400 series chips...

Firefox hooks up with HaveIBeenPwned for account pwnage probe

DropBear
Facepalm

Re: handy..

Because it's not worth the effort for all of the five files in existence that the VirusTotal collective of scanners unanimously finds clean. Everything else gets flagged by at least three of them, and that occasionally gives pause even to the more seasoned players never mind how confused Joe Bloggs would become...

DropBear

Re: "WebExtensions can now hide tabs"

"happy technically capable to have 10s or 100s of tabs open" sounds more like it; I have FF set to "don't load inactive tabs" and it still looks like it's downloading the Internet for a while each time it starts up, visibly going through immense effort constructing the tabs that aren't supposed to be anything other than a literal set of tabs on top of a single window. And that's a quad core on an SSD (which FF is killing at a brisk pace btw. by virtue of infinity NAND writes each day)...

Creep travels half the world to harass online teen gamer… and gets shot by her mom – cops

DropBear
Trollface

Re: Isn't he supposed to be ...

"I'm sure when it gets a bit down the line he will have extra charges added to his sheet."

Ehhh, don't even bother with those, just add "wire fraud" at the end - that seems to be the one that truly gets everyone these days, and he _was_ using the internet after all...

German researchers defeat printers' doc-tracking dots

DropBear

I have to assume the "additional" dots come manually added to the user data to be printed whereas the "encoded" dots are applied by the printer firmware, which raises a huge question mark about whether "your" dots end up indistinguishable in every way from "theirs". If there's the utterly slightest misalignment in the obfuscating dot pattern compared to the built-in one you're busted; if the yellow is not the exact same shade, you're busted. If the dithered sub-structure of a dot (if any) is in any way different, you're busted. And that's assuming you identified with 100% confidence which template you should use on the printer you're printing on (especially if it isn't even your own). Taking a poor-ish resolution photo of those papers instead of printing them starts to sound better and better (at least as far as anti-dot measures are concerned).

On Kaspersky’s 'transparency tour' the truth was clear as mud

DropBear

"But what it's hiding I have no idea."

...so, ummm, have you stopped beating your wife?

Ubuntu reports 67% of users opt in to on-by-default PC specs slurp

DropBear

Re: This dinosaur....

...for the record, some independent corroboration - I wasn't kidding even a little bit when I said that an "empty" page can comprehensively murderize your older PC. Yes, it's still there, yes, it still axes Firefox ESR. I may have botched the class name, it might just be random - my bad.

DropBear
Facepalm

Re: This dinosaur....

"how many users out there actually NEED eight cores"

Every single one of them if they don't fancy their Firefox eating 100% CPU as soon as you open the plain empty Google search page* which just happens to contain an invisible but constantly animating progress indicator that Firefox ESR is apparently dutifully keeps rendering even if invisibly so. Just search for the "g-loading-icon" of class "GuPFE"...

* countless other apparently innocuous pages have the same effect.

DropBear

Re: Encryption

While the added privacy is appealing, the looming threat of anything going wrong with the volume (not if, but definitely when) making it completely inaccessible is certainly off-putting for me. I have edited files in sectors that weren't even officially belonging to a partition at the time (thanks a lot MS fuckers for deleting it without a single word), but if the keys go missing I'm suddenly looking at just noise. That's not maintainable data storage in my world where based on experience things break even more inevitably than death and taxes.

HTC U12+: You said we should wait and review the retail product. Hate to break it to you, but...

DropBear

Re: 18x9 = 2x1?

...never mind that I have literally never, ever seen 4:3 described as "12:9"...

Software engineer fired, shut out of office for three weeks by machine

DropBear

Re: if the machine makes a mistake

No automation that has no appropriate manual overrides shall ever be called "perfect" in any context, full stop.

Why the 'feudal' tech monopolies run rings around competition watchdogs

DropBear
Facepalm

Re: Monopolies and Oligopolies

Every single so-called "democracy" around the world is actually an oligarchy. All assumptions concerning any degree of control people are supposed to nominally be able to exert break down when all actual power is concentrated in the hands of the wealthy AND (politically) powerful (which are in practice inextricably linked) who present a uniformly corrupt range of options to choose from universally based on lies that are immediately forgotten on election day so much so most people never believe any of it even to begin with.

And the "run yourself for office then and fix things" crowd is delusional to a disturbing degree if they truly believe people get to just decide to get into politics and do it - one does not simply walk into politics, that's not how the world works, mkay? The process is designed to make sure anyone who succeeds doing that is at least as big of a sociopath as those already there (and a personal pet of those already in power, because that's the only way you get pushed forward). As far as we can tell it's working flawlessly, and the only ones who would have the power to change it are the ones with every interest never to do so. We're fucked, full stop.

Cops: Autonomous Uber driver may have been streaming The Voice before death crash

DropBear

Re: Dick Heads

I have to assume you are aware of the reason the expression "back-seat driver" exists - and it would wreck this approach comprehensively. You will never, ever get two entities of any kind to drive a vehicle in any kind of vaguely similar style outside a strictly choreographed short run, regardless of how much you might try to "instruct" them to use a specific style. You need one of them to have absolute control authority and the other one to shut the hell up about how the first one is doing it all so horribly wrong.

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

DropBear
Devil

Which reminds me...

I'd love to read about the BOFH butting heads with rogue IoT he isn't the puppet-master of...

BOFH: Is everybody ready for the meeting? Grab a crayon – let's get technical

DropBear
Facepalm

...because PC attitude and the BOFH are inseparable, much like oil and water! And what is this anti-alcoholic nonsense? Who are you and what have you done with the real Simon?!?

Trainee techie ran away and hid after screwing up a job, literally

DropBear

The guy is definitely in distinguished company - except when you do it to a plane's windshield you end up with the pilot flapping in the wind on the outside...

DropBear
Trollface

Re: He started a new life

...maybe a laughing gas addiction and an unlimited supply...?

Don't panic, but your baby monitor can be hacked into a spycam

DropBear

No need. Just force the user to change/choose the password as the first thing you do before anything else the first time you try to access the thing.

WannaCry is back! (Psych. It's just phisher folk doing what they do)

DropBear

Re: The text:

Soooo... let's assume I believe the letter. Seeing as how it's threatening to begin "encrypting" (what the fuck would it do that for if they promise data _won't_ be recoverable after it does that?) at some point in the future... what exactly is supposed to prevent me from copying all my data to safety before it does...? Data at rest in cold storage won't just self-destruct, even if it really is infected...

Atari accuses El Reg of professional trolling and making stuff up. Welp, here's the interview tape for you to decide...

DropBear
Joke

Re: Atari - what is that?

Wait, it isn't the name of that TV series with Judy the chimp...?!?

DropBear

There seem to be more caveats to this than trees in the forest, honestly. Yes, record keeping can be invaluable protection in certain situations, but... not if you ever wavered or caved to the pressure from above to do something you shouldn't have agreed to do. Not if you were ever in the situation of not being able to afford to test how far you can stretch your rope before it snaps. Not if you ever made a mistake in the "how to get other people do what I want" game which is definitely manglement's home turf, and very likely not yours. Not if "they" were savvy enough to invent a plausible excuse to keep communication out of the sphere that would allow you any meaningful record keeping beyond "I assert that this is what he told me but I have zero proof".

And while you're at it, you better have the unerring judgement of a God each and every single time even under the fuzzy conditions of real life, because if you vigorously object to something that turns out to not be a problem they'll burn you to ashes, and if you fail to object to something that does end up being a problem you'll burn again. Record keeping: good advice? Sure, but also incredibly overrated...

NASA eggheads draw up blueprints for spotting, surviving asteroid hits

DropBear

Re: Return of Star Wars

Not necessarily - I would expect the sort of range the latter is expected to exist at to be utterly "too late" for any kind of attempt to intercept the former (and vice versa - you'd expect a window of opportunity of more than a few minutes for an asteroid, less so for an ICBM). I would also expect a significant mismatch in mass and velocity of the incoming target, so I'm not sure how much of an overlap there actually is...

'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

DropBear

It's easy to pin this on the Big Bad Companies more than willing to take your money peddling sub-par unfinished wares left and right - and they totally do deserve everything they get blamed for and more; but the truth is* all their cost-cutting and greed contributes to the problem of insecure software only peripherally - it does not create it.

Simply put, I don't think there's any field of human endeavour where piled-up complexity is comparable even within orders of magnitude with what is happening inside computers today; and it has long ago reached and far exceeded the limit of what we - or the tools we were able to create - can cope with.

Once it was feasible to write a piece of code on a Spectrum that did all you wanted done and exactly that, without any bugs. It was incredibly hard, but it could be done. It still can be done with a microcontroller with a few kilobytes of RAM and ROM. But not with any OS-driven PC or smartphone, with its gigantic spider-web of layers upon layers of libraries and frameworks and services all full of unforeseen edge cases and imperfect joints.

And that's only the parts that - against all our efforts such as they are - end up too rickety to support their own weight; we have yet to account for the myriad of other places where the bracing is more or less reasonably sound, but not armour-plated: all the code that manages to not collapse on its own but remains vulnerable to deliberate malicious interference. How much time does it take to create the best, most solid code we can possibly create, such as that governing spaceships and aeroplanes and weapons...? Years and years - and even so that code doesn't typically need to withstand getting picked apart and abused by adversaries, since most of it remains inaccessible to tampering.

Bottom line, since this rant is getting to long anyway: we would need to stop releasing ANY new software for a whole decade. Everything frozen in time. NO new features whatsoever - none. The world's entire IT industry, only hunting and fixing bugs and vulnerabilities. And you know what? After ten years, having gotten rid of everything we could find, there would still be countless bugs and countless vulnerabilities still remaining in all that code, only now a number of "Y" instead of "X". Not "some". Not "few". Not even necessarily "fewer".

I don't know what the solution is - what I do know it's definitely not "focus harder", nor "patch harder". Neither of those will ever get us anywhere NEAR "no-bugs" or "no-vulns" nirvana. Not soon - EVER. We need something completely different if we are to ever get there, assuming it is even possible at all...

* Needless to say, all of the above is "IMHO".