* Posts by Claptrap314

2976 publicly visible posts • joined 23 Jan 2015

Block this: Using satellites to plaster ads over our skies could work, say boffins

Claptrap314 Silver badge
Angel

Re: OK now this is something

Heh. UN and a useful action in the same sentence? Don't give up your day job just yet, but a bit of working the open mic circuit & you'll be ready to turn pro!

Foreign spies hijacking US mid-terms? FBI, CISA are cool as cucumbers about it

Claptrap314 Silver badge

So all those claims about the 2016 elections being influenced by foreign actors...what about them?

Seriously, it's MUCH harder for a foreign actor to throw an election than it is to make it LOOK like it's being thrown. In 2016, the FSB provided the Clinton campaign with a ridiculous dossier on her opponent--so that her victory would be tainted. That same FSB ran a bunch of web sites attacking her--so that her loss would be tainted.

Actually stealing an election? Leave that one to the locals.

Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree

Claptrap314 Silver badge

Re: Connected to ... what?

Umm.. Just because you have to accept email from more-or-less anywhere in the world, that's no reason that you should accept powershell commands.

For starters.

Moody's turns up the heat on 'riskiest' sectors for cyberattacks

Claptrap314 Silver badge

Advice to critical infrastructur providers: UNPLUG

Seriously. No need to be on the internet in your OC. No need for "smart" meters to greenwash our operations.

The list goes on & on.

FBI: We tracked who was printing secret documents to unmask ex-NSA suspect

Claptrap314 Silver badge

Re: Degree mills

Yes, but they cannot hold a candle to the first-rate diploma mills.

Reverse DNS queries may reveal too much, computer scientists argue

Claptrap314 Silver badge

Re: "For devices on, say, university LANs that are assigned public IP addresses"

I would have thought the devices would be named "Bruce". It's easier to remember that way.

Ever suspected bankers used WhatsApp comms at work? $1.8b says you're right

Claptrap314 Silver badge

"Personal liability" is what we're talking. Having their license stripped would fix their attitudes real quick, I believe. And that would be an administrative punishment, not criminal.

Meta told to pay $175m to walkie-talkie techies for infringing IP

Claptrap314 Silver badge

Dubious at first blush, but...

It's far from clear to me that this is a "just like we've been doing, but with software" patent. Take the phone system. Originally, you DID have to wait for the other party to stop talking. Then, they create the four-wire system, so you got full duplex. In analogue. Those analogue signals got stacked into a T1, and those T1s into a T3. It was a COMPLETELY different network than the Internet, and, "hey, why don't we do here what they do there" was not something that could be whipped up over a weekend. If it could, believe me, it would have been done.

It really depends on what the details of the claim boil down to. If its, "Hey lets put some control software across, not a TCP connection, but a PAIR of UDPs", then yes. This fails "obviousness", and should never have been granted. But there is a reason that the original systems did not support full duplex, and whatever it was, that implies that there was real IP involved in implementing it. It may well be that this one is legit.

Satellite operators want option to exceed deorbiting rules

Claptrap314 Silver badge

We've got a LONG ways to go before that's a real problem, however.

Far more problematic is a business doing a default & restructure to avoid liability. You would want a bond--but there are issues with the insurance industry as well.

Larry Page's flying taxi startup Kittyhawk calls it a day

Claptrap314 Silver badge

Re: More things fail than succeed

This.

When Google bought itself out & created Alphabet, it moved all of the non-core stuff to separate divisions. You know how Sergi referred to those divisions? "Other bets". He wasn't being flippant. He was making clear that these were, by design, high-risk, (hopefully) high-reward ventures. The brass expected most to fail.

Of course, some of Google's ventures have been particularly dubious. Whether this was (at the time) properly one of those, I leave to experts.

Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects

Claptrap314 Silver badge

Torn feelings...

I realize that it's the 20's, so no one is allowed to take a position that isn't 100% on one side or another, but here I am.

I still remember 15 years ago when I was experimenting with a multidrive system and having CentOS blow up because the .spec files did the "../../../whatnot" garbage. This. Is. POSIX. I can set a mount a however I deem it appropriate, and YOU DO NOT KNOW where ".." goes.

I don't care that POSIX requires tar to support '..'. On a POSIX system, '..' is not well-defined between systems. Tarballs that use '..' are at best fragile. For that reason alone, use of tar requires care.

--

But these "researchers" are being more obnoxious than tar is. Unless you carefully examine the use of the library, you cannot know if it is actually "Insecure" or not. Are there really 350,000 open source packages out there using this library that are intended to run as root? I seriously doubt it. So the security implications are no where near what this group is implying.

--

Of course, root or not, directory traversal is a problem. If the proposal were to add a "safe mode" that prevented root or .. components, that would be great. But we're unfortunately 30 years too late to change the default behavior.

Appeals court already under fire for upholding Texas no-content-moderation law

Claptrap314 Silver badge

Here we go...

FINALLY, a legislative move to limit the have-it-our-way rule of Big Social looks like it might bite. The fact that the plaintiffs are trying to claim first amendment rights to muzzle speech that they don't like as opposed to the interstate commerce clause (which should be a no-brainer) tells you just what kind of funhouse dystopia they want us to live in.

Newspapers don't get section 230--they get the 1st amendment. Choose one.

Uber reels from 'security incident' in which cloud systems seemingly hijacked

Claptrap314 Silver badge

Re: Uber

You forgot the troll flag.

Meta disbands Responsible Innovation team, spreads it out over Facebook and co

Claptrap314 Silver badge

Re: Dem algorithms dough

Depends on the hearing, in my experience.

Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay

Claptrap314 Silver badge

Re: Excluding them makes it worthless

They've updated the Geneva Conventions on this point.

Claptrap314 Silver badge

Re: Excluding them makes it worthless

If you were one of the ones (like me) who foolishly thought that insurance might be the white knight to fix the software industry, then it is YOU who are wanting it both ways, as demonstrated by your current complaint.

Insurance has very rarely covered acts of war, and I'm surprised that cyber was covering it in the first place.

In practice, this is going to gut the cyber insurance market, but it's not the insurance company's fault. As an industry, our posture is so shoddy that ANY determined actor can acquire the capability to wreak server havoc (heh). Which means that nation-states are going to completely p0wn any target that they really want.

The problem is that our industry is simply too sloppy for insurance. The insurance companies are figuring this out, and the results are inevitable.

Retbleed slugs VM performance by up to 70 percent in kernel 5.19

Claptrap314 Silver badge

THIS IS NOT A BUG

This is NOT a bug.

T.H.I.S. N.O.T. A. B.U.G.

A "bug" is when the published specs are violated. The specs have not been violated.

Consult the front matter for a manual of one of these parts--specifically, the page that says "This product is NOT rated for use with government information classified CONFIDENTIAL or higher."

So...someone buys a plastic shield. They take it into battle with an opponent who has a steel lance. You blame the shield maker?

Claptrap314 Silver badge

Re: Speculative execution exploits in the wild?

That's the hell of these vulnerabilities (not "bugs"). It isn't clear (NOT a security researcher here, but with background in hardware validation) how to attack a home users with these. This looks like a much more serious threat for the cloud providers.

Claptrap314 Silver badge

Re: Faster, better, cheaper, WWW.

Nope. I was there. EVERYONE knew about the attack path. Many tried--AND FAILED--to realize the attack. And that's where things stood for 20 years.

In the front of the manual of these parts is a full-page warning that the part is not certified for use with government information classified CONFIDENTIAL or higher. If you consider your credit card information to be confidential, you might take than into account before using such a processor to handle credit card information.

DoJ charges pair over China-linked attempt to build semi-autonomous crypto haven on nuked Pacific atoll

Claptrap314 Silver badge

Re: Music to ears

Nothing curious about it. While the CCP might not have been nearly as forthright about its goals 57 years ago as it is today, it was been completely clear for the last 40+ that I've been old enough to pay attention. Given that Project 596 was completed the year before, however, it's probably just an obvious reference to the arms race.

Meta found guilty of flouting Washington political ad laws – again

Claptrap314 Silver badge
Angel

Huh..

Let me see... "hundreds"--that is, less than 1000. Okay, so during Q2 2022, Meta reported $6687M earnings. That's.... $73M/day. 1000*30k = $30M, or half a day's profits.

Yep, I'm certain that will change their behavior...

SCOTUS judges 'doxxed' after overturning Roe v Wade

Claptrap314 Silver badge

Re: You have a dangerous misconception of how republican democracy works

So how many voters vote for a congressman in North Dakota? In Texas?

Cloudflare tries to explain why it protects far-right forums that stalk and harass victims

Claptrap314 Silver badge

Re: If only

Okay. Does Bush Junior meet your definition?

I'm a military veteran because "never again", thank you very much. Your tactics of imputation are disgusting.

Claptrap314 Silver badge

Re: If only

Given that my shocked nine-year-old self could only respond "never again" when he came upon those pictures? Not really.

Claptrap314 Silver badge

If only

I had not had to endure 13 1/2 years (Summer 2002-Jan 2016) of "Bush = Hitler", followed by (Feb 2016 - present) of Trump being the new Hitler, I might be willing to listen to these claims. This is not the only data point. I'm too exhausted to even really be bothered much, other than to morn the Republic, when the next one happens.

If you want to drive modern Nazi's from the public internet, I ask that you first give a definition of Nazi that doesn't boil down to "whomever I say it is".

Because I believe I have ample cause to fear that I'm on the list of people to be driven off the internet.

Ex-NSA trio who spied on Americans for UAE now banned from arms exports

Claptrap314 Silver badge

Re: So, ex-NSA spies are sanctioned

Do you believe that police should have general arrest powers? Do you believe that ex-police should?

Thank-you for playing.

Googler says she was forced out after opposing $1.2bn cloud contract with Israel

Claptrap314 Silver badge

Re: The only issue

As an X-Googler, employees are encouraged to "bring their whole selves" to work--so long as that self is well-accepted by dominant clique. It's been a few years, but it seems pretty likely that this hard-left clique is getting increasingly demanding. Expect more "outrage" when outrageous behavior is not being tolerated.

Because, eventually, the revolution always eats its own.

Claptrap314 Silver badge

Re: but capitalism is working how it is supposed to.

Do a bit of research on the environmental record of the Soviet Union if you want to see how things went down in the great worker's paradise.

It was the same story in the Eastern Block, and, when the data comes out, China.

Capitalism is MUCH better for then environment than any other system in practice.

That 'clean' Google Translate app is actually Windows crypto-mining malware

Claptrap314 Silver badge

Re: Clever catch

Very little money in that, I'm afraid. The average consumer has no way to evaluate or value security.

Heroku to delete inactive accounts, shut down free tier

Claptrap314 Silver badge

Way to go Salesforce!

You broke Postgres restore functionality on 8/1 to deal with a minor security issue. TO THIS DAY, the issue is neither fixed nor acknowledged on status.heroku.com. So my choices are free, which doesn't do restores, or paid, which doesn't do restores. Except free is going away...

A third option is coming to mind...

NSO Group CEO steps down, 100 employees let go too

Claptrap314 Silver badge

Re: Hypocrisy overload

And which regime would that be?

Zoom patches make-me-root security flaw, patches patch

Claptrap314 Silver badge

Re: I remember Flash

That would be Chromium...

Warning: Apple 'could very easily' cripple Jamf

Claptrap314 Silver badge

Re: Why is El Reg quoting right wing sources?

You know, from mid-2002 to Jan 2016, we were constantly told "Bush = Hitler". Then, suddenly, Trump became Hitler.

You're going to need to up your insult game a lot if its going to impact anyone after the last couple of decades.

Claptrap314 Silver badge
Devil

Re: An ostensibly nonpartisan left-wing advocacy organization

CNN? The New York Times? NPR?

Just how many do you want?

Electrical explosion at Google datacenter injures three

Claptrap314 Silver badge

Seems unlikely

I worked for Google as an SRE when it became Alphabet.

Our systems were designed so that something like this would not cause disruption to the customer. One data center unexpectedly going offline was a core scenario, and one that we regularly exercised. (And by "regularly", I mean "more than once a month".)

Three options come to mind. The first is that this outage was deemed to be non-transient, which means that additional capacity for the affected services needs to be brought online. If someone fat-fingered the change, you might see an outage.

The next option is that the bean counters might have pushed to reduce the resilience of the systems. Of course, they don't admit that's what happens, but it does. Our PM's response to one such initiative was brilliant, "It is in Google's best interest that you pretend to believe these calculations."

Third is, just a coincidental fat-fingering of an unrelated change that happened to be on that day.

Claptrap314 Silver badge

Re: Arc flash?

They do. Source: I worked for G as an SRE.

Foxconn will have to forget about investing in Tsinghua Unigroup

Claptrap314 Silver badge

Re: Propagoonda... let's play GO

Name checks out.

Google's bug bounty boss: Finding and patching vulns? 'Totally useless'

Claptrap314 Silver badge

Still an order of magnitude on the cheap side

We're reaching the point that you need a team of people to go after these bugs. These companies are outsourcing their QA, and they're doing it on the cheap.

Student crashes Cloudflare beta party, redirects email, bags a bug bounty

Claptrap314 Silver badge

"And a job offer"

Seriously, why doesn't someone like this get an on-the-spot job offer? This kid has already demonstrated more subject mastery than 70% of professional programmers.

<sigh> We'll probably lose him to a stock trading company.

China-linked fake news site shows disinformation on the rise

Claptrap314 Silver badge

Re: SuperGoodDoublePlus Inc

Dude! Make me log in just to upboat. Well done, sir!

Software issues cost Volkswagen CEO Herbert Diess his job

Claptrap314 Silver badge

Re: deploy basically on a weekly basis and to be attractive for software talent

If people define Agile in such a way, yes. But for many companies, production deploys several times a day is actually good.

Claptrap314 Silver badge

Re: Agile, no?

"Agile", properly executed, is the continuous, deliberate search for better ways to do things. A proper agile process won't look the same for two different companies, and will be entirely different between different industries.

Meta proposes doing away with leap seconds

Claptrap314 Silver badge

"We have created a solution for our own systems. It is not at all clear how to make this work for other people's systems, since they lack primary NTP servers, and our solution depends on having them."

Seriously, evaluate each statement fairly.

Microsoft closes unfilled job openings in cloud and security

Claptrap314 Silver badge
Angel

In ENTIRELY UNRELATED news

a formal response to the Outlook.com suspicious login messages is expected in 10 years. 6 months. 5 years. 8 months. Never. 20 years. 6 years.

Outlook email users alerted to suspicious activity from Microsoft-owned IP address

Claptrap314 Silver badge

But not Fancy Bear or one of Pooh's friends? How very selective of you...

UK lays world's longest autonomous drone superhighway

Claptrap314 Silver badge
Devil

I'm certain

that is is done with the best of intentions...

Just because you failed doesn't mean you weren't right

Claptrap314 Silver badge

Re: I don't understand.

Incoming fire has the right of way!

Claptrap314 Silver badge

Re: " including the country they were in had it been 1945 or earlier!!"

Because they were able to leave?

What are server makers really doing to and for the climate?

Claptrap314 Silver badge

No Pooh. It's not.

Cruise self-driving cars stopped and clogged up San Francisco for hours

Claptrap314 Silver badge

What matters...

is intelligence of SOME form for detecting all the ********* **** ******* faked injuries.