Bug/Vulnerability Reports
PoC||GTFO?
Posts by An_Old_Dog
3700 publicly visible posts • joined 26 Mar 2010
Page:
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
Supermicro co-founder arrested, charged over $2.5B Nvidia GPU sales to China
Microsoft breaks Microsoft account sign-ins in Windows 11 with latest update
Struggling to put your AI aversion into words? Here's a handy glossary
Thursday 19th March 2026 23:53 GMT 
Re: Compared with what?
There are characteristics of Eliza/modern fake-AI "conversations" / reports which flag them for being what they are.
Perhaps not everyone has the mental pattern-matching, and/or other human whatever-it-is which allows one to differentiate between the real and the fake.
Eliza's conversations don't "go anywhere"; it's like talking to a brick wall. One screenful of interaction with Eliza was frustrating-enough I quit the program.
LLM reports spiel on for screens of text which could be condensed to seven to nine numbered, short sentences. These screens are filled with fluff. Reading that shit is like going to a restaurant, ordering a steak, and being served a two-gallon bucket of cold popcorn.
I have read horribly-written documents (government-issued RFPs), but as horribly-written as they were, they were (to me) unmistakably human- written.
Thursday 19th March 2026 13:05 GMT
Re: Shame
@ Cloudseer:
For example consider an hypothetical LLM trained on a non-copyrighted corpus, using renewable energy, verified free from bias, developed by a community steering group could address many of the criticisms levelled at the current implementations.
Unfortunately, human greed, stupidity, and foolish fascination with anything which simulates humans ensures your hypothetical LLM will remain just that.
Inventor: "I just invented an anti-fungal cream."
TechBro: "I can see how that would make an awesome bio-weapon!"
There's more profit in bio-weapons than in anti-fungal creams, so the cream is made into bio-weapons.
Your next car might need 300 GB of RAM, and so will autonomous robots
Medical equipment techs beg for right-to-repair lifeline
Thursday 19th March 2026 01:20 GMT
Re: Included Documentation
It doesn't matter that computer companies are pushing cloud subscriptions. People bought the hardware, and they ought to have all the info about it if they want it. The company already has the info; making it available to all and sundry costs the company nearly-nothing.
Saturday 14th March 2026 12:33 GMT
Missing the Point
@ M.T. Ness:
The problem here is not that the devices need to talk to each other, it is that the proprietariness of their many storage formats make the DiCOM image-viewing software larger, more-complex, and buggier.
I worked at a place where I had to spec out some high-end workstations with WORM drives attached to SCSI cards, so that medical staff could transfer ultrasound studies stored by ultrasound machines onto said WORM discs, onto PCs.
The ultrasound machines had 9-inch, black-and-white (technically, "black and blue-white") cathode ray tube displays, and medical staff needed to examine the studies on decent-sized, decent-resolution computer screens.
Saturday 14th March 2026 12:15 GMT
How "Safe" is "Safe"?
The US Federal Drug Administration has a set of security "guidelines" for medical devices and medical records systems.
"Guidelines" are not legally-binding rules. They are suggestions, which may be ignored as easily as a Southern California freeway driver swerving across multiple lanes of traffic to get to a freeway exit ramp.
Manufacturers ignoring/flouting these guidelines still can get their medical devices and medical records systems approved, provided they comply with the FDA's requirements.
Depending on the manufacturer and the device, there might not be a password required for root access.
(I have a non-medical device with the no-root-password flaw. The manufacturer, Patriot, issued a single firmware update, which I applied. This update did not fix that problem. The device is now manufacturer's-abandonware.)
Microsoft publishes a workaround for Samsung's C:\ drive woes
Thursday 19th March 2026 00:40 GMT
Possible Microsoft Error in Recovery Procedure
I looked at the instructions and associated batchfile here:
https://support.microsoft.com/en-us/topic/recovery-steps-samsung-galaxy-connect-or-samsung-continuity-service-might-cause-loss-of-access-to-the-c-drive-48c242aa-242a-4ddd-a9ad-98ea25fc04c1
The procedure has you add the group "Everyone" (and MS default permissions?) to C:
The batch file, as its last step, invokes icacls to remove permissions for group "everyone" from the C: drive.
Notice the difference in capitalisation of the group names.
IF capitalisation matters here, then group "Everyone" had permissions added, and non-existant group "everyone" had permissions removed, resulting in group "Everyone" retaining its "temporary" permissions.
Comments from any current Windows pros?
It's not a binary choice. Independent boffin builds a ternary CPU on an FPGA
Wednesday 18th March 2026 12:26 GMT
Busy, Busy NSA
ABSTRACT
"An alternative basis for development of a completely incompatible digital infrastructure is presented here. This minimizes the potential for leakage of information, particularly malware and other covert content from our existing digital infrastructure. This effort can be described as taking security through obscurity as a fundamental design principle. ..."
The NSA and other such TLAs have likely already been doing research into this area to compromise the supposed security-through-obscurity of these systems, as well as the earlier duodecimal systems.
Switzerland built a secure alternative to BGP. The rest of the world hasn't noticed yet
Wednesday 18th March 2026 11:22 GMT
The Problem I See with this Approach
... is that while it way work well for Switzerland, whose culture generally accepts a high degree of regulation[1], it doesn't work well elsewhere, because it is requires people to, virtually-speaking, sign a blank check. (But do not conflate this approach with the considerable merits of the tech.)
The procedure of, build the governance first, get the key parties committed, define the trust roots requires people to agree to a process whose details are not yet defined.
The devil is in the details.
[1] If you live in an apartment in Switzerland, you have an assigned "laundry day" and possibly, an assigned time-slot on that day. (https://myswissstory.com/2022/06/22/doing-laundry-in-switzerland-all-you-need-to-know/).
I've seen Swiss adverts for compact washer/dryer combo units you can buy to put in your apartment, to work around this major inconvenience.
Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes
Microsoft points at Samsung after Galaxy app bug locks users out of C:\
Tuesday 17th March 2026 12:03 GMT
Re: "recovery options for devices already impacted remain limited."
Any automatic permissions "fixup" program would have to make possibly-incorrect assumptions.
With a Windows recovery environment-type bootable medium, PowerShell, icacls, and some scripting, presumably you could automatically change permissions to "just make it work", but run the risk of leaving your system vulnerable/more-vulnerable to computer raiders and malware.
District denies enrollment to child based on license plate reader data
Thursday 12th March 2026 23:48 GMT
Should-Be Obvious Failure
I live here.
She lives there.
She sleeps over with me at my place, so her overnight vehicle plate scans will show her as "living" here.
That this common life pattern was disregarded, or never considered, by the morons who (mal-) interpret the data from these systems is yet another example of lunatics running the asylum.
India tests whether AI can stop trains hitting elephants
NanoClaw latches onto Docker Sandboxes for safer AI agents
Monday 16th March 2026 06:26 GMT
"Thar's GOLD in Them Hills!!"
this is just a cult that demands a tithe to bring you to the promised land.
I think it's a bunch of merchants selling shovels, pans, and pickaxes to prospective Gold Rush propectors. And starting rumours, taking out double-page newspaper ads, salting some mines, and doing everything else they can think of to whip up interest.
Salesforce data missing? It might be due to Salesloft breach, Google says
Those who 'circle back' and 'synergize' also tend to be crap at their jobs
Sunday 15th March 2026 16:43 GMT
... And PowerPoint
The findings, described in a recent study, suggest that employees who rate this sort of language as insightful are more likely to struggle with analytical thinking and workplace decision-making.
I once worked in a job where everyone above me in my chain of command spoke in business-style word-salad mode. Once they had little cards printed up for everyone which illustrated the seven (or was it nine?) "pillars" of "our core values".
We had quarterly all-IT meetings in which upper management made talk-talk sounds, accompanied by PowerPoint decks showing unrelated things as being in hierarchical relationships.
Is there a specific word for nonsensical diagrams in PowerPoint decks?
Microsoft veteran Rajesh Jha prepares to retire, triggers yet another reorg
RAM is getting expensive, so squeeze the most from it
Saturday 14th March 2026 05:04 GMT
Re: Everything old is new again!
Old people, with old computers, with old RAM ... Single Inline Memory Modules using Fast Page Mode RAM or Extended Data Out RAM, will not make useful RAM theft targets. Likewise people with REALLY old PCs, with individual RAM chips installed into individual RAM sockets.
Techs at computer store I worked in back then called the process of installing those chips onto the motherboards "RAMming up" a mobo.
Now get off my lawn.
BOFH: What physics defines as impossible, sales calls a challenge
Pentagon AI chief praises Palantir tech for speeding battlefield strikes
Friday 13th March 2026 04:35 GMT
Some Friction Desireable
For some things, some friction is desireable.
We don't want "automatic boom". Given that the military's purpose is to kill people and break things, it is morally essential that we do all that we can to avoid mis-targeting and collateral damage.
We want humans in the loop. We want many opportunities for a knowlegable officer in the planning office, or in the chain of command, to be able to say, "Excuse me, sir, but this targeting order says to attack Kebandabibble. Shouldn't that be, Kebandabebble, instead? Those are two different cities, 270 klicks apart, in two different countries."
AI systems short-circuit human review and decisionmaking.
Smart mirror shows dumb Windows in elevator
Thursday 12th March 2026 12:46 GMT
Useful Info vs Disturbing the Ignorant
As a techie, I liked the amount of detail available in the old-style NT4/W2K/XP BSODs.
I understand MS doesn't want to disturb technology-ignorant users with "scary", incomprehensible-to-them technical details, so hence the sad-faced LBSODs ("Light-Blue Screen of Death").
How about a "consumer-facing" LBSOD, with a "Press Control-T for detailed technical information." BSOD option?
Whitehall seeks lone C++ coder to keep airport passenger model flying
Hotpatching goes default in Windows Autopatch whether you like it or not
Microsoft adding Xbox mode to Windows 11 – even the Professional edition
Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them
HPE tweaks T&Cs so the price it quotes may not be the price you pay
Tuesday 10th March 2026 22:06 GMT
Re: "none said they will defer purchases due to higher prices"
Any computer that you bought five years ago will still do the job fine now, especially for business usage
Large corporations like to keep their PC fleet under repair warranty. Major vendors (Dell, HP, etc.) have purchaseable extended warranties which have a maximum length of four to five years.
Tuesday 10th March 2026 11:58 GMT
Customer Agreement
"By having touched this printed document, I, as an employee and/or agent of HPE, Inc., I wholely and unreservedly accept the terms of this document on behalf of HPE, Inc.
The current quote and order of equipment (details attached) from HPE, Inc., by Wexly's Widgets, Inc., shall be deemed PAID IN FULL by the receipt of a knuckle sandwich by myself, delivered by a customer representative of Wexly's Widgets, Inc."
Louis "Ville" Slugger Dewey,
Dewey, Cheatham & Howe
Solicitors for Wexly Widgets, Inc.
Lenovo shows off snap-together laptop with removable keyboard, screen, and ports
Tuesday 10th March 2026 21:14 GMT
Re: Concept Cars, #1 Missing Feature
Your point about external USB-C battery packs is well taken -- provided the laptop in question ACCEPTS power via USB-C.
My current laptop, bought used, does not. With today's insane prices I do mot wish to buy a new laptop. My beloved, now-deceased, EeePC not only had externally-swappable battery packs, it conveniently ran on 12VDC. When an extended power failure struck my area, I was able to continue using my Eee via a gelled-electrolyte 12 volt hobbyist battery I had.
Fake job applications pack malware that kills endpoint detection before stealing data
Sorry, kids. Memory crunch threatens to kneecap Chromebook shipments
Tuesday 10th March 2026 18:01 GMT
Re: Cruelty
It depends on the Chromebook. I did my web research, and on my C720, I voided the warranty, opened it up, used a bit of aluminum foil to short two jumper pins, did the dance, and installed SeaBIOS from johnlewis.ie after which I could and did use it as a "real" x86 netbook.
I ran OpenBSD on it, and used it for years, till the keyboard went wonky.
Your mileage will vary. The "de-Chroming dance" is unreasonable for a non-techie to have to perform.
Oracle moves to assure MySQL community it really does care
Supposedly big-brained execs are outsourcing decisionmaking to AI
Sunday 8th March 2026 13:53 GMT
Jet A Taxes
Hey, Anon:
Jets aren't used primarily for vacationing rich people.
They move mail, corporate support items, and (small) finished goods.
Do you care about increased prices?
Or are you attempting to slow the pace of business (not necessarily a bad thing)?
"We'll have that chip sample over to you -- probably -- in a month or two. It'll be coming in on the Windjammer III."
Anthropic bods rework AI damage yardstick, find scant labor impact
Saturday 7th March 2026 16:38 GMT
Re: Jobs
I hope you don't believe programmers don't need keyboards.
In the brave new world envisioned by AI-enthusiast executives and bureaucrats, programmers do not need keyboards. They will simply speak to the computer, and AI will transcribe the programmers' speech*.
*Ignorant of, or uncaring of, the speed-reduction and accuracy-reduction this entails. I can type a hell of a lot faster than I can dictate. Dictation requires different brain-mode use than does typing.
Voice transcription accuracy sucks. I saw/heard my lead worker's command, "Call Seung", spoken in a quiet room, transcribed by his phone into, "Call Beth" -- at 05:40AM.
Bundle of human neurons hooked to silicon learns to stumble through Doom
AI agents now help attackers, including North Korea, manage their drudge work
Transport for London says 2024 breach affected 7M customers, not 5,000
Saturday 7th March 2026 13:01 GMT
CISO == Potential Scapegoat
It's not cut-and-dried that a breach is the CISO's fault.
If the CISO makes security recommendations, and the board of directors refuses them, or budgets insufficient money and staff time to implement them properly, or budgets no funds and time at all (whilst saying, "Yes, please do implement that."), it's not the CISO's fault, it is the Board's fault, and they are the ones who should be sacked, sans golden parachutes.
Biting the hand that feeds IT
