* Posts by DropBear

4733 publicly visible posts • joined 4 Mar 2013

Vlad the blockader: Russia's anti-VPN law comes into effect

DropBear

They don't give a flying fuck about plugging every conceivable hole you know of that could potentially get around them. I'm sure they have their own means of dealing with any of their own domestic "smartguys" if they care to - they just want the most well-known and widely-used means of circumvention that even average people have heard about off their table.

Car insurers recoil in horror from paying auto autos' speeding fines

DropBear
Facepalm

Re: Or they could just make speed limits advisory...

That's exactly why the whole thing is almost funny - you get two entities, the council / police and the insurers, both accustomed to leech their pound of flesh that they feel entitled to off the general populace no matter what, being suddenly short-circuited against each other by the removal of their victims from the equation. Obviously both insisting they're not about to pick up the tab. I'm not worried though, I have great faith in their joined abilities finding some legitimate-sounding way to hang the whole issue right back on the backs of hoi polloi who had to carry it in the first place...

Fake tech support 'scam' husband and wife banned FOR LIFE from computer repair world

DropBear
Trollface

Re: "Trothsolutions"

Ooh, ooh, I know this one - drop a bridge on them! ...wait, is this a trick question?

Tor blimey, guv'nor: Firefox to try on privacy tool's Canvas gloves to leave fewer fingerprints

DropBear

Re: Real question here

"Why do we need browsers to reveal so much?"

We really don't - but it's the way it is probably due to browsers, much like the rest of the internet, having been initially conceived to work collaboratively in some naive threat-free utopia. Most internet protocols are far beyond that phase but browsers seem still stuck at the "half-hearted token gestures" level - better than nothing but utterly ineffective in the end. Unfortunately, as long as the mindset remains "invite the server to the table the user sits at" instead of "state your business through this here crenel and feel free to try peeking in as long as you enjoy staring straight into a one watt laser" this is not likely to change.

Say what? Another reCaptcha attack, now against audio challenges

DropBear
Devil

Re: Fuck CAPTCHA.

I fully endorse the sentiment. I have never so far seen an audio captcha I could pass - I have either no idea what is being said or have no time to type it or most likely both. I just about reached the same point with "classification" ones recently - although I can see those just fine, basically it takes a really large number of forevers to either finally let me in or flat out declare me a bot because why not.

I can tell you this - I'm a quite a calm, quiet type who abhors violence in any form, but if there is anything that will ever succeed turning me into a stark raving mad foaming-at-the-mouth genocidal maniac, it's going to be these captchas wot dunnit. Throwing the perpetrators of these abominations out the nearest airlock would be far too kind to them - maybe throwing them to the dickwolves would be an adequate fate...

IBM's Phase Change Memory computer can tell you if it's raining

DropBear

I don't think so, in anything like its current form - I see zero interconnectivity in this. Just a bunch of cells, each one reacting locally to some external stimulus in a horribly rudimentary way. Without all the interconnectedness (and much more importantly, the part that can _modify_ the connections in a meaningful way) this sounds nothing like neural networks...

Google lets Android devs see nanosecond-level GNSS data

DropBear

Re: And who of these transmitters gave their permission?

Out of curiosity, where exactly in the article did you see the word "transmitter"? Because I couldn't find it. Also, "DESKTOP tools" is a bit of a clue-in - this thing lets you play with the GPS receiver in your phone, not ship you wholesale to Google or the NSA. Some further clue bat right from the original article: "The test report is useful for device manufacturers, who can use it as they iterate through the design and implementation of new devices"...

Cryptocurrency-crafting creeps crept crafty code into Google App Store

DropBear

Can't speak of the current state of affairs, but what I do know is that even on the old 4.1 Jelly Bean it was possible to install XPrivacy on a rooted Android, which then proceeded to do pretty much what you ask: it allows runtime permission granting (you have to "accept" permissions normally when you install the app but you get asked by XPrivacy when the app attempts to actually use them) and if you choose deny, it eg. fakes an empty contact list for the app like nobody's business (for those apps that immediately try to identify and upload who do you know). No idea what the up-to-date equivalent is though...

Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

DropBear

My guess? Someone not expecting to encounter it will probably be significantly hampered but someone else targeting that site specifically who knows about and expects (or can recognize) the system will just use some form of alternate topology mapping technique, much like a special ops team is trained in the use of IR-goggles if they expect to operate in the dark.

Why are we disappointed with the best streaming media box on the market?

DropBear

Re: TLDR

@Geoffrey W NO. Warming up for twenty seconds is what vacuum tube TV sets did when the dinosaurs weren't born yet. My twenty-year old CRT set Just Turns On when I press the button. Fuck boot times sideways, I'm not going back to that shit. The MythTV box I use hasn't been off or sleeping for about a decade now excepting power cuts and incidentally plays whatever I want played - from local sources, without the headache of figuring out which shitty "sorry unavailable for you" service I never heard of has exclusive rights to whatever I happen to fancy watching - not that I do all that much of that anyway.

You're designing an internet fridge. Should you go for fat HTML or a Qt-pie for your UI?

DropBear
WTF?

"You can write web apps that are as responsive as native Qt, but you have to know what you're doing."

So your pitch is effectively that it's fine to have no idea what you're doing as long as you just use Qt. Got it.

Chinese whispers: China shows off magnetic propulsion engine for ultra-silent subs, ships

DropBear
Stop

Re: Yamato 1?

I don't think linking to a known hoax is all that appropriate, at the very least not without a joke alert. These days there will always be people willing to believe even the most glaringly retarded shit, so how about at least not aiming it at the fan...

AI bot rips off human eyes, easily cracks web CAPTCHA codes. Ouch

DropBear

Re: What about...

Yup, all we need is replace this stupid s##t with even stupider s##t like "30 cows in a field, 28 chickens how many didn't?" then wonder why the correct answer is "10"...

DropBear

Re: Tell the website authors

Awesome! Now please tell me why are the fucking catpchas still there AFTER I logged in successfully on the first try - and I still have to prove I'm human before I can proceed!

DropBear
Facepalm

Re: Success rate of 89.9%?

Wait, there will be an app?!? PLEASE, you can have all my money / first-born child / kingdom I don't even have, ANYTHING, just let me have it! These days most things pester me with multiple Captchas daily and I keep near-failing them all! The fairly recent ones (looking like torn scraps of a grainy photo of something that may or may not have been letters viewed in a mirror shattered into a thousand pieces on the bottom of a stormy lake - absolutely NOTHING like the examples accompanying this article) were only moderately maddening, but the current "tile" based ones that replaced them have well and truly pushed me off the deep end. I swear these bastards are allowed to keep throwing up new image after image after image after image after image after image and hold you hostage to indefinite lengths that Gitmo wardens can only dream of, without ever declaring you either human or machine (and in the end they declare you a bot anyway and from then on there's flat out nothing you can do to log in again in the foreseeable future - well, except clear all cookies and PPPoE redial to change your IP). Sensei, please, I'll do anything! ANYTHING...!

BOFH: Do I smell burning toes, I mean burning toast?

DropBear

Re: the basement deluge control…

"Why am I visualising massive water tanks filled with sharks?"

Because you're probably thinking of the Chernobyl bubbler pools. ...wait, did you mean "sharks with lasers"? Not radioactive ones? Oh, my bad...

Car trouble: Keyless and lockless is no match for brainless

DropBear

My twenty-odd years old VW also beeps if you leave the lights on - but only if the proper McGuffin is in its place in the right relay socket (it's a "relay buzzer" not an in-dashboard one). I suspect yours just got, uh, misplaced much as mine did (until I remembered it used to do that, bought the part and re-instated it)...

DropBear

I used to have a car alarm / door remote thingy that gave me some trouble so I just uninstalled it; then slammed the door shut and my friend central-locked with the mechanical key from the other side. But my door failed to fully latch, so I opened it back to shut it properly when the alarm went off due to the re-opened door on the locked car. So I stood there utterly discombobulated with the uninstalled alarm in my hand, the ghost of which was also honking like mad in the car... It turns out there was some sort of baseline alarm function built right into the car, by design, based on the door switches and the car horn, in addition to the third-party one I removed - not all that surprising in hindsight, but a thoroughly WTF moment at the time...

DJI Aeroscope won't stop drone-diddlers flying round airports

DropBear

Except people who would find that sort of thing advantageous don't swap out car registration plates mostly because they'd likely be IN the bloody car when their shenanigans transpire. Not so with a drone, where even IF (huge if) you succeed downing the offending drone all the pilot has to do is turn off his transmitter and leg it to stay unidentified - and before you mention it no, the transmitter doesn't _need_ to be readily identifiable as the one controlling that specific drone.

US voting server in election security probe is mysteriously wiped

DropBear

Re: Isn't it obvious?

I think you'll find that this "going to the root" applies to the http server's hosting "root" which only lets you access "all" the documents that were _meant_ to be network-exposed (to someone properly logged in as normally intended, not so much the case here). That does not include any of the rest of the filesystem / potential malware / access logs / etc.

DropBear
Facepalm

Re: You can get it back

"I'm not 100% on whether you can infer a poorly value from an SSD cell but there is the problem where overwriting doesn't because the wear leveling algorithm decides to redirect the write somewhere different can mean that the original data is still there if you know where to look."

That's why you don't "wipe files" on an SSD - rather you delete whatever you want then fill up the drive fully. You can't level anything anywhere* when there's simply no space left unused on the drive.

* Okay, that was the simplified version - there should be spare blocks to replace worn-out ones on any SSD, and you might just end up with some data being left in a block permanently swapped-out and replaced by one of these if you're unlucky enough. Unless of course you used some sort of manufacturer-provided wipe tool that promises to leave no block untouched or something. That said, you can avoid the whole headache by using encrypted storage in the first place where you can just wipe the keys - but if it's a software-only thing, that special block itself may have a copy left in a wear-levelled block somewhere (and if it's baked into the SSD you have to trust the firmware to actually erase those keys irrecoverably when it says it did) so we're kinda back to square one...

Interstellar space rock screams through Solar System

DropBear
Trollface

Re: Excession?

Okay, admit it - the "mew terraforming package" is just a pompous name for planting more catnip all over the place...

Li-ion batteries blow up because they breed nanowire crystals

DropBear

Please stop warping words...

DropBear
Trollface

Re: On the upside. A new way to make Lithium nano wire in various chemistries.

So, uh, a safe, reliable battery is merely ten-twenty years away...?

WhatsApp? You still don't get EU privacy laws, that's WhatsApp

DropBear

Re: Helpful tips to make the above concept better welcome.

@Triggerfish - you're absolutely right, but typically one can still see enough of most Facebook front pages to glance the phone number or address whenever I really must, and I don't give a damn about any of the rest of the "page". As for people, where they choose to conduct their own social life does not concern me - I have no qualms about "bothering" any of them with the occasional text or call if I feel like it, and anyone who cares enough to get ahold of me is damn well welcome to do it the same way. It sure beats whipping out my phone every three minutes to type another few words replying to some "stream of consciousness" idiot-with-a-chat-line on the other end, like some people I know do.

DropBear

"'Task Force' to me is an overused buzzword"

Making it a fireable offence to use it to designate any assembly of employees that isn't rappelling down from choppers through holes in the ceiling for all of their meetings is a-ok by me. Now, who's up for some crowdfunding to commission a few Arks helpfully labelled from "B" to "Z" from Elon (we can just restart from "BB", "BC" etc. if need be)...?

DropBear

Re: Helpful tips to make the above concept better welcome.

"Last night I needed to send a text message with a picture"

...seriously? They have WhatsApp but not a single fscking email address...?

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky

DropBear

Re: <facepalm>

Don't conflate the best or even the average of any organisation with its weakest. It's a classic mistake we humans love to do, slipping into the cosy complacency that considering those we don't like idiots all across the board affords. Not that it would matter much directly for most of us who will never face any TLA personally - but these reassuring assumptions slowly seep into the foundations and end up slipping into how we think of things and ultimately the decisions we make. Just don't. That said, this bloke was either clearly not part of the best and brightest or made a very, very costly poor judgement call...

DropBear

"It's malware."

No. It's a bunch of non-executable letters. Source code. I'd also like to know what business an antivirus may have with bits that it determines do not contain binary, runnable code.

Apple vs. Samsung to climb back into rounded rectangle of justice

DropBear
Trollface

I always thought they should have chamfered the corners instead of filleting them - let's just make sure nobody tells to... uh... whoever owns the Battlestar Galactica IP.

Knock, knock? Oh, no one there? No problem, Amazon will let itself in via your IoT smart lock

DropBear
Trollface

Re: If I'm not in you can f*ck off and

Believe it or not I actually do that sometimes when I'm desperate enough (it's exactly as you describe it) and I kid you not, every single time the staff is absolutely shocked that a living soul turned up on their (heavily obfuscated and probably patrolled by alligators) doorstep, unable to fathom what I might possibly want there. They're professionals of course so they do at least try to hide it, but it's SO obvious...

DropBear
Pirate

Re: NO, thank you

I swear I have that hymn book somewhere. Hmmm, lemme see... *shuffle shuffle* "Soli Deo Gloria", nope... *shuffle shuffle* "Misa Criolla", naaah... *shuffle shuffle* "What should we do with a drunken sailor" aye, that be the one...!

DropBear
Facepalm

Re: I must be in the "Beta" programme

To be fair, much of the blame rests squarely on the shoulders of delivery companies who squeeze the life out of their "agents" for One More Delivery per day while paying them almost nothing (well, at least that's how it works around here). Which does not excuse the many shitty things delivery-people do, but hopefully at least explains why improving any of it is flat out impossible while those conditions persist.

At any rate, the whole idea of "waiting" for any delivery is blatantly absurd* (you seriously want me to take the day off from my job each time?) - not to even mention complications when somebody IS at home but your package is of a private nature for whatever reason (mind, gutter, out of, please - it could simply be a surprise present. Of course that's not what it is! But it could be...).

There SHOULD be some better way to handle this! Not saying that Amazon's idea is it, though. But I can only cheer any attempt to improve the current disgraceful state of affairs, especially as it becomes more and more clear that traditional shopping is unambiguously dead, and we need some vaguely civilized way to receive deliveries.

* well of course I do order stuff to work instead! Which works mostly ok** with couriers, except the thing is the official postal service does not deliver at all and is only willing to hand over stuff against a matching home address on your state-issued ID. Now guess what happens when you try to buy something second-hand and the inbred hill-billy on the other end ignores your explicit, specially emphasized request to ship the stuff to your work address with one of the many courier firms, not the postal service, at my expense... Yes, hilarity ensues.

** that leaves the minor matter of being unable to receive any international on-line purchases, considering I can't order to work on those due to a) credit card companies often insisting on delivery to the billing address only and b) stuff sent via the same eg. "Deutsche Post" arriving randomly completely out of my control either by a courier firm or the postal service - one of them never finding me home, the other not bothering to actually deliver the actual notice when/_if_ the package does eventually arrive roughly fours-five weeks later from three countries away...

FYI: iOS apps can turn on your camera any time without warning

DropBear

Re: Just needs better AI

Hardware switches physically cutting power to the camera (/ mic preamp / whatever) would easily fix this, they should be widespread by now. If you're concerned with the "user experience", make them three-positioned: "off", "on" and "auto"...

So long – and thanks for all the phish

DropBear
WTF?

Re: Phishing Emails

Maybe I'm getting something wrong here, but considering that phishing emails coming "from" so-and-so are by definition SPOOFED, as in their alleged source has nothing whatsoever to do with them, what exactly would you expect such a company to do? Complain to the UN that they are being impersonated by Does and demand the carpet-bombing of Nigeria or what?

Holy DUHK! Boffins name bug that could crack crypto wide open

DropBear

Sorry, we're long past that point. Back when nothing much besides "attack at dawn" was using encryption, all you needed was that crypto holding until noon - but these days anything and everything uses encryption, including "long shelf life" things like documents, logs, and captured data streams that you don't want accessible anywhere within a lifetime. Using keys derived from a predictable engine that also produces publicly available nonces won't exactly do that kind of thing for you.

Your shoe, chewing gum, or ciggies are now your extra password

DropBear
Trollface

This is 2.0 with enhanced security - you need to enter your password in Morse code, erect is dash, flaccid is dot - now get to work!

DropBear
Trollface

Sure, but how do you change it once it's compromised because you keep leaving an image of it on literally everything you touch...?

DropBear

Re: I lost track somewhere

Dumbest idea in a long time. Is this a side-effect of doing too much "disrupting"? After the third time you log into whatever even the hotdog seller on the other end of the street is going to be keenly aware you're using your watch to authenticate (nothing else will really be guaranteed to be always at hand so that's what you're going to use). Especially after you took the third shot of it in a row because the software doesn't quite like the angle you held it at. Or the different shirt sleeve you're wearing right next to it today. I kinda prefer my "something you have" items to be universally unique anyway, literally, so no thanks.

Linux Foundation wants to do to data what it's done for software

DropBear

Re: Licence proliferation for data licences

Oh really? Such as what, other than the ODbL which last time I checked came around exactly because there were _no_ other appropriate "open" licenses around to do its job...? Please note that the traditional CC licences are _not_ for data but for creative works which at a first approximation have precisely nothing in common with the requirements licences for data have.

'Screaming' man fined $149 for singing 'Everybody Dance Now'

DropBear
Coat

Must... resist... eh, fail.

...so what is the punishment you get for singing in public called...? A "da capo al" fine... ok, ok, hang on to your rotten tomatoes and eggs, I'll go get my coat...

DropBear
Trollface

Re: Not only for fatalities

Hmmm, the only instance of "riding a bicycle in a manor" I can think of is this one (even if it's technically a tricycle), and you're right, it's pretty scary...

This is no yolk. Newegg scrambles against rotten shell company claims

DropBear

While slightly misleadingly labeled, if it was an HDMI stick with a built-in Android media player you pretty much can have it for $8 (or not much more really) in any first-hand-from-China outlet (Aliexpress et al.). At the very least, the en-gros price for retailers that the article is concerned with would be pretty much there...

DropBear
Trollface

Re: I've bought a lot from Newegg over the years

I'm pretty sure if you check you'll find there are no billions in your account, which is all the proof anyone should need that they obviously DID steal them from you. The bastards (yeah, they also killed Kenny)!

Arm isn't saying IoT firmware sucks but it's writing a free secure BIOS for device makers

DropBear

Sounds a bit like trying to secure a prison cell by bolting a high-security chrome-vanadium lock to the wooden prison bars. There seems to be miles of leeway to fuck it all up in the "main application" - even with best practices (yeah right), no device will ever get supported indefinitely (by which I mean past five minutes - hey, look! Squirrel!)...

Boffins trapped antiprotons for days, still can't say why they survived the Big Bang

DropBear
Joke

Re: Does it matter?

Maybe the Big Bang WAS most of the matter and antimatter annihilating - we're just the leftovers, proof that even cosmic-scale terrorists are crap at measuring precisely one mole of matter to each mole of anti-matter...

Google slides text message 2FA a little closer to the door

DropBear

Re: Slight problem?

Is there even any sort of 2FA where the question of "which two things do you need for access" can't be depressingly answered by "just the phone..." ? I mean, outside dedicated hardware tokens...?

Jeff Bezos fires off a blue dart, singes Elon Musk and SpaceX

DropBear
Joke

Re: Minuature Version

For any kind of economies of scale to work, you'd need some sort of multiple-payload rocket. It's a wonderful idea, I can't possibly see anybody objecting to MIRV missiles being constantly launched from China towards the entire rest of the world...

Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops

DropBear

Re: A recent delidding...

[Citation needed]. The ESP8266 and ESP32 are just about the tightest WiFi has ever been integrated into a single chip, up to on-die inductors an all that jazz - and even they don't work without some form of external antenna. Do these magic chips come with a note attached, saying "please route 3cm of impedance-matched dead-end PCB trace to pin XYZ, okthxbai"...?

Ubuntu 17.10: We're coming GNOME! Plenty that's Artful in Aardvark, with a few Wayland wails

DropBear

Re: Gun, meet foot.

"Mebbe you wanna think about spending less time surfing dodgy pron sites?"

Ah, yes - the famous Linux Defence. When faced with "doesn't work" just reply "but why would you want to do that...?"