Posts by Pierre

Naughty Israel

You mean, in addition to running the worst apartheid regime of all times, in addition to the ongoing genocide, they are hacking TV channels? Now *that* is naughty.

Ha, twitter....

The (in)famous blog 2.0 tool finally found a suitable use. Too bad they froze the accounts. Looks like some celebs will have to go back to the old press release method to keep the world informed of their bowel movements. Unfortunately the non-celeb who had their account compromised cannot do the same. I hope the world can survive without knowing when Joe Bloggs goes potty -in real time.

"Microsoft moves Macs closer to PC parity", huh?

You mean, MS is giving away massive market shares to Job? Old news, Vista is almost 2 years old now. As for DCC, exchange and all that stuff, why bother with a MS version when you can get real, working software?

Unusual?

Unusual. It only happens every other month in the US (apparently robber apprentices there are told by TV shows that it's safer to write your threats instead of voicing them). The Darwin Award website is full of that kind of stuff (though not in the main section).

Cloud computing...

Unreliable by nature, but kinda cheap. Perfect for data I don't care about, and applications I don't rely on. The other (even more unexpensive) solution is to channel all that to /dev/null. At least you know for sure. Using cloud computing for business? You are kidding, right? Free "cloud" e-mail have been available for decades, I don't see any large business relying on Google Mail or Yahoo Mail for core business. There's a very good reason for that. Cloud computing? Maybe, for home users with an overdevelopped hypster gene and no IT skill. That's it.

I don't need no stinking title

"Attackers always have the advantage over defenders in cybersecurity and, by extension, cyber-warfare. Problems such as maintaining extended supply lines or knowing the terrain on which battles are fought really translate into the sphere of cybersecurity."

Shurely controlling which nodes go online, which is connected to what, and what -passive or active- protections are in place is how "extended supply lines" and "knowing the terrain" translate to. And it's definitely giving an advantage to the defenders, not the attackers. Now the attackers are still one step ahead, because of the element of surprise, and because the defenders typically need to keep the systems online as much as possible, which prevents them from really using the "supply lines" and "knowing the terrain" advantages to their full extent. So, yes, the attackers usually have an advantage, but it's because the "Problems such as maintaining extended supply lines or knowing the terrain on which battles are fought" do _not_ "translate into the sphere of cybersecurity" terribly well.

Appart from that, this is not a real surprise. Saying "US cybersecurity defence fail" is a bit like saying "UK civil servants lose data". Bleeding obvious.

Caching vs net neutrality?

Since when caching and net neutrality are antagonist things? They want to use the ISPs as mirrors, and are prepared to pay the price for the server space used. Good on them, it will prevent the lolcats addicts from clogging my intertubes. It won't change the priority of some packets to the detriment of others, so net neutrality is still OK, thank you very much. When you lease a dedicated pipe and/or some space in a datacentre, it doesn't kill net neutrality. does it? Now the thing is, we (as end users and/or small content providers) need to make sure that the ISPs do not cut the -already over-subscribed- "public" ressources to make this additional money, but that they will open new pipes instead (yeah sure, phat chance).

@ Peyton

"The NSA can, allegedly, recover data from a hard drive that has been completely overwritten seven times, so it's not unlikely data recovery labs can do this to some extent as well. This apparently has to do with the fact that writes don't perfectly align every time, so traces remain of previous writes. This is why secure delete programs will overwrite a deleted file repeatedly with zeros, ones, and random data."

It's mostly a legend methink. As I said, given the area density of drives these days, you'd need a very powerful SEM (scanning electron microscope) and a huge amount of time, especially as you have no way of knowing the order of the non-overlapping bits (i.e. which is older than which) so you have no idea of which bit goes with which. I strongly doubt the NSA can do that (but they wouldn't tell anyway, would they?) and I am almost 100% sure that no commercial data recovery company can either. The "overwrite 7 times" is a better-safe-than-sorry policy (similar to the "no liquid on planes" one). It does serve well as a pitch for *hem* "secure delete" software salesdroids.

@ Paul

"Can't someone just make a browser that doesn't have gaping security holes to start with?"

Try w3m. Or lynx, links and the like. Or Dillo if you *need* a graphic mode. Of course, these are secure because they don't run scripts, so you won't be less safe with FF and scripts disabled.

You can use a filtering proxy to tidy up the pages, too. But then again, all the fancy JS sites will be broken. Seriously, who the heck started this scripting madness in the first place? Give me my HTML web back!

blacklist of software

You can get the list of software the BSA keeps an eye on by "reporting software piracy" on the BSA site. One should never buy any of these softs, *ever*, because redeploying hardware within your organization will lead to infringement and a potentially huge fine, _even_ if the software is not used, and _even_ if the software *cannot* be used (absence of dongle for example).

Given that there are other, less expensive -and sometimes better- alternatives for almost all of them, including some open source stuff that you can tailor to your needs, why bother? Don't buy over-expensive lock-in crap that will probably get you sued some time in the future. And now is the right time to cut these useless costs down.

Firearms protection, constitution rights and WWII in Europe

Overweight /Pater Familiae/ trying to defend their family from the occasional burglar? Best way to get yourself shot with your own gun. Try with a bat instead.

Defend your constitution rights? Who are you kidding, you would have arisen already if that was true.

Finally, unny how some people appear to genuinely think the US did much in Europe during WWII (appart from killing an awful lot of French and German civilians in high-altitude bombings). The German army was on the other side of the continent, fighting the ruskis. Now in the Pacific it's different.

So OOXML....

... wasn't really implementable, was it? Good to see that MS finally saw the light -event if they now *have* to butcher ODF beyond recovery to push their half-baked still-not-ISO-approved XML format (you know, the one that doesn't even comply with the transition specs that were supposedly designed to describe it). Bah. May the recession take care of these pesky MSOffice users who litter my servers and mailbox with their clunky droppings.

Bias, I write your name

Pessimistic and/or disgruntled respondents are pessimistic and or disgruntled. Well done.

Seriously, can't you see the bias here?

Christoph

"they *still* have to open it in case it's genuine" [...] "the recipients will still be legally liable."

I don't know about Oz, but in many countries you are liable only if it can be proven that you actually read the document. Signature on a receipt is widely used as a proof you read it, though if you sign the receipt but send the letter back (unopened) you're presumably still in the clear. I doubt that any tribunal would take the delivery of an e-mail in a mailbox as a proof that the attachment was read, but just to be sure it's probably a good idea to read it (or not) and quietly bounce it afterwards.

The real idiotic thing is that the judge recommended the documents be served by e-mail so that not everyone could see them. What a pathetic joke.

Well...

Kentucky got handed "poker" domain names, the MPAA and RIAA are trying to silence the Pirate Bay, domain names providers have been cut off, "terrorist", kiddie porn, and otherwise "illegal" websites are blocked here too. And think of The Great Firewall of OZ, Phorm and the like. I am not a fan of the Chinese ways, but we sure lost the right to go all judgemental on them.

Prosumer

"The service is aimed at prosumers and the small business market" ... "availability everywhere"

Read " we target home users with an attitude". Still they don't have a MacOS version ready yet. Nor have they a 64 bits version.

Marginally more luser-friendly than ftp while presumably hugely more expensive, expect security holes (I'd like to know more about the protocol and the encryption...). Actually, forget the home users, it's clearly aimed at the gov!

A school in Texas huh?

Would Karen be less than convinced by the evolution or Big Bang theories by any chance? one of those teachers who think the universe was created by a god a few thousand years ago? In anyway, a perfect example of a FauxNews-fed paytard. "Free software? Must be some counterfeit pirated Chinese stuff downloaded via p2p shurely!"

The part about MS is hillarious too. I think I will ask Stevie B. for a few free older versions of Windoze, and watch at the chairs flying!

"Suggested workarounds...

... to defend against the flaw, pending a security patch from Microsoft, include disabling active scripting"

The only really efficient workaround is to switch to another browser. The other recommended measures are only half-arsed mitigations (as MS admit on their page about the vuln).

So many Blancmange invadors...

and such a long time before Wimbledon.

Guten Tag AC137?

>What distos are hot at the mo'?

What distro are *not* hot at the mo? (appart from Ubuntu, of course)

>I take the point about revamping oldish hardware

Now think of it not as "revamping oldish hardware" but as "replacing your harware every 10 years instead of every 3 years" and look at the $ signs dancing before your eyes.

>but on a 30" screen linux seems like redressed Windows 3 to me

[I reckon we are only talking Desktop from now on]

egg-Jack-telly. Appart from the fact that your statement does not mean much (what with the miriad of distros, and more importantly, the miriad of graphical environments available?), most linux distros are developped by people who seek (and, sometimes, find) efficiency. This approach -usually- leads to very efficient work environments, potentially looking like crap (but efficient crap). Also, it the look doesn't please you, you can, well, you know, design your own. That said, it is possible, in the Linux world as everywhere else, to find bloated eyecandy GUIs (including several 3-D desktop environments). it is even possible to find graphical interfaces that put bloated symbolistic crappy-looking design before anything else (Ubuntu, I'm blandly staring at you now).

But the average user is hugely more efficient in front of an efficient specialized interface. It looking like crap is a plus: people tend to waste much less water and time when they have to shower with cold water than when they have a sauna and a jacuzzi. Replace "water" and "time" with "CPU cycles" and, err, "time". BOFH forever!

Of course the learning curve might seem steep, and when you will reach the ultimate "me and my computer think alike" monster nerd, your significant other will probably ditch you. But look at the bright side: by the time, if you're wise, you'll have installed a complete domotics system that allows you to control the doors and windows by blinking. The filthy harlot won't escape. MwahahahAHAHAHA.... sorry, what was I saying? Ah, just one little thing: don't appempt that if you are a genius of a filesystem developper but unable to do some cleaning. It most certainly will fail.

I'm sorry, *what*?

"But when are we going to see the utility of the platform taken to another level, like when spreadsheets appeared on the Apple ][ and desktop publishing appeared on the Mac?"

You're talking about a frigging phone, you know. The paramount of creativity on such a platform is to successfully scale down and port an existing app. The natural app-king in this ecosystem is a cheap frivolous fancy "ringtone app". If you think you're going to make big bucks by developping a network audit app or a thermodynamics simulation app for the Jesus phone, your perception of target audience is so twisted that you desserve every FLAIL you get

I second Christoph and David Wilkinson

So most -if not all- of the results obtained from Premier/Diebolds (or whichever name these crooks choose) machines might be rigged. And this goes at least 2 presidential elections back. Shouldn't the UN send observators?

STDs?

Hem, you cook your food, right?

As for raw stuff (salad dressings or whatever, I don't even want to know), I guess the secret is to do the same as with raw meat: carefully source your supplies...

Good old whitelisting

... the most efficient, flexible and reactive approach to security... (or would that be the _least_?)

@ Andrew Macrobie

"It's simply unwise and unfair to entirely blame the students for this fiasco, at least 50% of the blame lays with their lecturers for not making them understand the course requirements and for allowing them to submit their work in this format."

The prof. is probably partly responsible, but are you saying that the students should be pampered to the point where they don't have to bother about anything (the teacher will take care of everything)? Are you suggesting that they should have passed because the teacher let them behave stupidly? Apparently, people in "the education" have more common sense than that.

Also, this part of you comment is in direct contradiction with your immediately preceding paragraphs. Equip flail, part 2.

Alan Fisher is mostly right

Especially about drugs. But also about MS. Lecci cars, well, not that good an analogy. It would have been OK with cheap alternative fuels such as colza oil for diesel engines.

That's a awful lot of money for little power...

Aimed at Apple clients maybe?

Browser-in-the-cloud

"is that even possible?"

Yes. A web browser is not the only way to remotely connect to a server, you know. Then it's just a matter of feeding the remote data directly to your X server. But I was being ironic. The part on Vista should have been a clue. Actually, the current trend is toward dumping whole websites on the clients instead of serving only the requested page, so putting the browser in "the cloud" would be quite counter-productive.

Examples don't work here...

... and it's without NoScript.

Swiss cheese?

More like cottage cheese.