* Posts by Vic

3524 posts • joined 7 Dec 2007

I ain't afraid of no GHOST – securo-bods

Vic
Silver badge

"Without a reboot, services using the old library will not be restarted"

That's the problem right there.

Not really - it's not actually true.

Services must be restarted, but that's a trivial matter. The machine as a whole does not need to be rebooted in the short term; this might, of course, lead to certain daemons still running the old code, but the attack surface is minimised and the public-facing services left running the patched version.

Restarting web, mail and other network services takes less than a minute all in.

Vic.

0
0

Is it humanly possible to watch Gigli and Battlefield Earth back-to-back?

Vic
Silver badge

Re: Mine...

And I thought that Starship Stormtroopers was bad enough

Starship Troopers was an excellent movie. It just wasn't the moviue most people seem to think it was.

If you saw ST as an action romp, with the good guys shooting up the evil aliens - you missed the whole point of the movie. It is a satire. It is a reflection on a society entirely beholden to its military, unable to see the evil it is perpetrating.

The sequels, howver, were total unadulterated crap. Despite having Jolene Blalock in one of them.

Vic.

1
0

Copycat drug souk Silk Road 2.0: Another man cuffed

Vic
Silver badge
Joke

Re: Lies, damned lies, and US government statements

whichever group made the bust is good at their job and at least needs to keep getting their funding at the current level if not higher.

Because they have reduced GDP by around $100m?

Vic.

1
1

Telcos try to head off net neutrality rules with legislation

Vic
Silver badge

"Forbeared" ?

There's a handy page on conjugating the verb here. A brief skim leads me to believe it's at least largely correct...

Vic.

0
0

Which of UK's major ISPs will let you have exotic p0rn? NONE OF THEM

Vic
Silver badge

Re: @ Graham Marsden - Obligatory......

I don't might paying for content, I just object to retards stealing my life.

I was doing a few bits at a mate's place the other night. He put on a DVD for the kids.

At the beginning was an unskippable ad for Coco Pops. I was horrified...

Vic.

0
0

Warning: Using encrypted email in Spain? Do not pass go, go directly to jail

Vic
Silver badge
Black Helicopters

Re: Get a grip...

I don't trust the government any further than I could kick them up a chimney.

I've no idea how far *any* of us could kick a government up a chimney. I doubt it's ever been quantified.

This sounds like something that needs further research...

Vic.

0
0
Vic
Silver badge

Re: Another reason for Google to leave Spain

It's sort of like a cop stopping you for speeding, and then adding the broken headlight.

It isn't - it's like a cop stopping you for (allegedly) speeding, then adding in the fact that you have headlights which could be used for nefarious purposes.

Vic.

1
1

Scary code of the week: Valve Steam CLEANS Linux PCs (if you're not careful)

Vic
Silver badge

Re: Don't use rm directly

find ${start} -type f -user ${user} -name <reg-exp> -print | xargs rm -f

Don't do that!

You will get unexpected results if you have filenames with spaces in - potentially leading to a name-clash that will wipe out the wrong directory.

If you must use such things, use the -print0 flag, and supply the -0 arg to xargs.

Vic.

0
0
Vic
Silver badge

Re: Achievement unlocked: The Scientist!

Legend has it there was once a comment in the UNIX kernel that said "You are not expected to understand this."

I once left the following comment in code I wrote for a customer :-

# This next bit is evil. Look away now.

Vic.

[ It was evil - it was a nasty perl bless to sort out an error in CGI.pm, which doesn't return filehandles from multi-part uploads in the way the docs say it should. ]

0
0
Vic
Silver badge

Re: script write should have checked.... but

Should have been seen with at least one review, especially with the comment.

I was working somewhere last year where a near-identical piece of code was submitted for review.

Of course, every reviewer screamed at it. But the coder complained to his management that he was getting a hard time, and management then *insisted* that the code be used. So it went live.

That particular code didn't go to external customers, but it will cause the system to melt down eventually...

Vic.

0
0
Vic
Silver badge

Re: Scumbag Steve Meme goes here

1) Writing "# Scary!" in the code

You missed :-

0) Not using the right command in the first place (e.g. readlink)

Vic.

0
0

El Reg Redesign - leave your comment here.

Vic
Silver badge

Re: @ChrisElvidge (was: Who brought back the "expand comments" idea)

Demanding people be sacked is ludicrous.

So is the "expand comments" link...

Vic.

2
0
Vic
Silver badge

Page numbers on comment pages...

When a comment page spreads over multiple pages, there doesn't seem to be a way to tell which number page you're actually reading...

Oh - and the "newest" ordering still gives you the oldest page of comments if you go in through the tab on the right. I reported that yonks ago, but no-one seems to want to fix that :-(

Vic.

2
0

Peers warn against rushing 'enhanced' DATA SLURP powers through Parliament

Vic
Silver badge

Re: Fast track

There shouldn't be any fast track. For any legislation. All legislation should face thorough scrutiny and debate before being passed

*Very* occasionally, emergency legislation does need to be passed. *Very* occasionally.

In such a case, any such legislation should have a maximum duration related to the length of time it had for scrutiny - with no extension permissible. A non-subvertible sunset clause...

Vic.

0
0
Vic
Silver badge

Re: Not getting my vote...

Lib Dems? Opposing snooping is about the only thing they have been consistently firm on.

They were very consistent on opposing tuition fees - until they got the chance of power :-(

Vic.

1
0

Sony boss: Nork megahack won't hurt our bottom line

Vic
Silver badge

Re: If what I've heard about the Sony hack is true, then he's full of hooey

Supposedly 15K servers were destroyed (not just infected or erased, but actually rendered non-operational)

The thing about attacks such as this one is that exaggeration of the damage is always to be expected...

To destroy a server physically, you've got to do something like turning off the fans - and even then, most units will just shut down, not melt. I don't believe a word of it.

Vic.

0
0

Erik Meijer: AGILE must be destroyed, once and for all

Vic
Silver badge

Re: TDD

The developer should write the test and code

I disagree.

The bug that causes the most expensive screw-ups is the spec ambiguity. The coder goes off and does what he thinks meets spec - and might even do so - only to find out that that wasn't what the spec-writer meant.

By having two separate individuals write the code and its test suite, you get two goes at interpreting the spec. If there is a disagreement, it's pretty clearly a spec problem, and that can be sorted out earlier rather than later.

Vic.

3
0
Vic
Silver badge

The cheapest time to fix bugs is at the requirments phase

Sadly, I've seen more than one organisation interpret "Agile" as "We don't need no steenking requirements".

That works just as well as you might expect...

Vic.

6
0

Get your special 'sound-optimising' storage here, hipsters

Vic
Silver badge

Re: Bit-perfect copying

This isn't commonly a problem for music cds but in extreme cases the ripped tracks are so far off that you get audio from one track slopping over into another, with the last bit of music in the last track cut off completely. I've seen it happen.

For a first post, you should probably have put a "Joke Alert" icon on your post - until we know your sense of humour, there's a possibility some people will think you're being serious...

Vic.

0
0

Ford recalls SUVs … to fix the UI

Vic
Silver badge

Re: Do the designers ever drive these things ?

And that the car was only available with a foot operated parking brake (what you'd normally call a handbrake). Try doing a hill start in a manual car with that !

It's a skill you learn very quickly.

I used to drive XMs. They have the same arrangement[1]. My first hill start was a proper WTF! moment, but after a little while, it became easy.

Vic.

[1] Having once lost a hydraulic pump drive belt on the M3, I was actually very glad of that pedal. Stopping a car that heavy on a hand-operated brake could have been interesting...

1
0

Apple's 16GB iPhones are a big fat lie, claims iOS 8 storage hog lawsuit

Vic
Silver badge

Re: @ Ian Joyner (was:@Vic (was: The storage is there, as advertised.))

programmers should never have direct access to registers

Errr - bullshit.

Vic.

1
0
Vic
Silver badge

Re: @Vic (was: The storage is there, as advertised.)

You are wrong, Vic.

No, I'm not.

All that useless video ROM (and a couple other bits), could be worked around

Yes, it could be worked around. But that didn't make it part of lowmem. Memory - both extended and expanded - could be added to a system, but it could never be part of lowmem. That didn't make it inaccessible under any circumstances, but it was never, ever part of lowmem. It simply couldn't be, because lowmem was bounded by the video hardware in the memory map.

Now you can try to convince us of how clever you are to your heart's content - we all used more than 640K back in those days, you weren't special. But none of us had more than 640K of lowmem because that is physically impossible, and trying to claim otherwise is simply incorrect.

Vic.

1
0
Vic
Silver badge

Re: @Vic (was: The storage is there, as advertised.)

You are wrong, Vic

No, I'm not. The video hardware was mappe din at A0000, and that's what limited lowmem.

It's true that you had to know how to make use of bits & pieces of RAM above 640K

Of course it is. There was memory there - albeit some masked by the video hardare that was inaccessible under any circumstances - but the memory space above the hardware could be addressed, usually using things like himem.sys. But that wasn't lowmem, which was necessarily limited to 640K on the grounds that there was a gert chunk of non-RAM hardware in the memory map.

Vic.

1
0
Vic
Silver badge

Re: The storage is there, as advertised.

DOS could use 760K(ish) of so-called "low-mem", before it ran into IBM's built-in hardware stoppage

It couldn't, it could only use 640KB before it ran into the video hardware at address A0000.

Vic.

0
2
Vic
Silver badge

Re: This..

my s3 is cocking awful. It's just cocking awful

I'll give you £20 for it...

Vic.

3
0

Cheap Android phones? Bah! How about a $29 mobe from Microsoft?

Vic
Silver badge

Re: Perfect second phone for music festivals and similar

Seriously nobody buys lumia

I will.

It's not going to displace the Android in my jacket pocket, but it'll make a decent emergency phone for the van.

Vic.

2
0

Elite:Dangerous goes TITSUP

Vic
Silver badge

Re: I'm not a programmer.

Its quite funny that some of you think its easy to have a database containing 400,000,000,000 star systems and their associated celestial bodies on a home PC.

Why on earth[1] would you want that much data for a single-player game?

Cutting it down by 6 or 7 orders of magnitude would be just fine. And that leaVes you - according to your calculations - with a database of a few tens or hundreds of MB. And I don't believe your calculations[2].

Viuc.

[1] Or anywhere else, for that matter...

[2] Are you really trying to claim that they've generated nearly 400TB of data, and have it sat in a server farm? That's remarkably unlikely.

1
0

Norks SCOLD Prez Obama over Sony mega hack payback sanctions

Vic
Silver badge

Re: oh an Btw

Daddy is a Philanthropist, in english, thats a guy who can't keep his dick in his pants

Errr - you might like to consult a dictionary. A philanthropist is nothing like what you described.

I suspect the word you're after is "philanderer".

Vic.

0
0
Vic
Silver badge

Re: Why aren't our sanctions against NK already maxed out?

A spanking!

And after the spanking?

Vic.

[ Who is quite happy to accept a certain amount of peril ]

1
0

Microsoft has made excellent software, you pack of fibbers

Vic
Silver badge

Well I had (~1980) a UK101 built from a kit with a 6502 MS ROM Basic

I had one of those. It had a "high-res"[1] mod that swapped out the character generator for some addressable RAM. The joys of nasty little hacks :-)

I still have my Dragon32 from that era. That has a MS Basic in it - and it's quite clear that the testing wasn't exactly stringent. Some of the documented calls had clearly never been used, because they simply don't work.

Vic.

[1] Ha!

1
0

Cops think Mt Gox meltdown was an 'INSIDE JOB' – report

Vic
Silver badge

as it is they have completely destroyed the value of the assets of the company... something NO administrator should do.

I watched the SCO bankruptcy play out. Leeching out all the value of the company appear to be standard practice...

Vic.

0
0

1,000mph ROCKET CAR project dogged by beancounters

Vic
Silver badge

Nice to see HTP + catalyst pack making a comeback.

I was chatting to a REME engineer on the Bloodhound stand a while back.

He was somewhat surprised that this HTP lark wasn't new technology. I told him the story of the Sidon...

Vic.

0
0

UFOs in the '50s skies? CIA admits: 'IT WAS US'

Vic
Silver badge

Re: I am outraged by you all

the meaning of Christmas to you is just that its the prime time to restock your tin foil?

You get the extra-wide turkey stuff...

Vic.

0
0
Vic
Silver badge

Re: of course it was U2s

a radar operator at a USAF radar station outside Charleston, SC, detected something flying high and fast in 1967

A mate of mine used to be ATC at Buchan. One morning, he was sent the flight plan of an SR71 that was coming through.

There was hell to pay...

Vic.

0
0
Vic
Silver badge

Re: nothing changes

All these sightings over the US were the CIA... perhaps they forget what country they were supposed to be spying on

They have to land somewhere - and I'm pretty sure you can't put a U2 down on a carrier.

Vic.

0
0
Vic
Silver badge

Re: Yes but

He also said that the pilots also saw the odd UFO

Yeah, Meth's a hell of a drug...

Vic.

0
0

Want to have your server pwned? Easy: Run PHP

Vic
Silver badge

Re: And the alternative is ?

I am almost sold on Python (>=2.6, probably < 3.0)

>>> def foo(item, list=[]):

... list.append(item)

... print list

...

>>> foo(2, ["one", "sheep", 6])

['one', 'sheep', 6, 2]

>>> foo("arse")

['arse']

>>> foo(2, ["one", "sheep", 6])

['one', 'sheep', 6, 2]

>>> foo("arse")

['arse', 'arse']

And let's not even get started on object destructors...

Vic.

0
0
Vic
Silver badge

PHP is usually way behind the web server

No, it isn't...

Vic.

0
0
Vic
Silver badge

Re: And the alternative is ?

IMO anyone who's coded in assembler deserves an upvote

I started programming in 1802 assembler. I still believe it's useful to have an understanding of how processors work at that level[1], but to put it bluntly, most compilers do a better job than hand-crafted assembler[2] these days, so it's no longer the bdge of office it once was.

There are certainly programming languages that should be avoided, but of the rest, it's important to pick the one that fits the job spec best, not the one you like most.

Vic.

[1] For examp;e, I've lost track of the number of coders I've met who claim that floating-point operations are more accurate than fixed-point. Floats give you dynamic range, not accuracy...

[2] I worked on a processor a while back where we wanted to get the application code available at the same time as the silicon. So we wrote a wrapper layer whereby you could call pseudo-functions that would emit assembler directly if you were building for the target, or else call a library function if you were building for a development host. What was surprising was the amount of optimisation that the compiler would do on that code if you built for the dev host - it often gave insight into how to optimise the code for the target, leading to dramatically faster code...

0
0
Vic
Silver badge

Re: And the alternative is ?

I've seen unsanitised inputs in raw SQL in PHP, sure

I saw a "recommended" Python MySQL library doc claim that MySQL doesn't support prepared statements, so the library doesn't either. The former has not been true for many years. The statement as a whole was part of the reason I removed that library from all our code...

Vic.

0
0
Vic
Silver badge

Re: And the alternative is ?

Doesn't your argument give weight to the fact that what you just described is actually what most people want from a language?

That depends on what you're after.

If you want average code monkeys to deliver something that works, then yes - it is.

If you want stuff that is accurate, correct, and secure - then no, absolutely not.

The trouble is, the former seems to be the "popular" outcome required. And that's why there's so much shite code around :-(

Vic.

2
0
Vic
Silver badge

You've just described what an IT Manager's job role is. If your IT Manager is NOT doing this then they don't deserve the job.

IT Managers don't do this. Their job is primarily to say "no" to the BOFH's security suggestions. And then to tell upper management that it is the BOFH's fault that they pwnage happened.

Their secondary function is to fall down lift shafts. But far too few fulfil this function.

Vic.

0
1
Vic
Silver badge

Re: Seriously, he actually believed the advertised PHP version on the server?

That's no more than spray and prey[sic]

Spray and pray is how the vast bulk[1] of exploits are used; they're bulk-fired from botnets. I'm currently getting a metric fuckton of it from Argentina - and, having taken no significant part in the Falklands Conflict, I'm pretty sure that's not personal. It's just that botnet attacks are so cheap, that's what you get.

PHP is as secure as any other "web" development languages

The stats would tend to disagree with you there. PHP is an easy language in which to get stuff running quickly - but there are a number of jaw-dropping flaws in pretty much every release, and portability isn't that great, so you tend to have crap old versions still running...

Vic.

[1] There are obviously targetted exploits from assorted bad guys - but these are a minority of attacks.

0
0
Vic
Silver badge

Re: Not just my opinion

Still lots of people like it and write good (well reasonable), secure (well not too fucked) code in it.

And lots of people write fucking awful code in it.

I was once called in to fix a CMS that had lost ~70% of its content. It turned out that a (fairly aggressive) web spider had got into the admin section and spidered all the "delete" links.

The entry route was that an inexperienced editor had accidentally posted a link to his edit page, rather than the published version. But the security breach was that PHP had several methods to retrieve environment variables (e.g. current username), with a big red warning on the doc page to tell you that mixing those methods would lead to credential leakage. The CMS in question did exactly that, so the web spider had erroneously been given admin credentials just before it came across that duff link...

Vic.

0
1

Stale pizza, backup BlackBerrys, payroll panic: Sony Pictures mega-hack

Vic
Silver badge

Re: I keep hearing about backups in the comments

Part of the issue in the cleanup will be what can you trust? How long were you really rooted

This is why you segregate data from OS.

It's a simple enough matter to rebuild servers with the automated deployment system[1] you keep offline and powered down except for such difficulties. The passwords will be a little stale, but that;s not the end of the world. At that point, you have a blank server that will do what is needed.

All you then need do is to apply the relevant data - which, being non-executable, doesn't complain any root exploits.

This doesn't fix any directory services you might have running - they're probably toast, and need to be rebuilt from whatever you can find - although it appears that both OpenLDAP and Active Directory can both export to XML, so your backup could help there, even if it does require manual inspection before restore.

But what you really need is a management structure that gives a flying fuck about DR. And they're remarkably thin on the ground[2].

Vic.

[1] I use Cobbler and Puppet for this sort of thing, but there are many options.

[2] Many a time and oft I've been called in[3] to fix massive data loss. Invariably, someone on-site has bitched about proper backup in the past, but been ignored because it's not a problem management had encountered before, so they don't believe it will happen to them...

[3] There are a number of people in the area purporting to do the same as I do, but for sigificantly less money. I get called in - often by my competitors - once they've failed.

0
0

If BT gets EE, it will trigger EU treasure hunt for fixed lines

Vic
Silver badge

Re: Quad play

Vodafone is missing an opportunity here as they could easily build on the fixed line infrastructure they already have by rolling out fibre along sewers,tunnels,telegraph poles and power networks to avoid expenses.

That idea requires them to have access to those sewers, tunnels, telegraph poles and power networks at a reasonable price. Guess who owns many of them...

Vic.

0
0

El Reg tests portable breathalyzers: Getting drunk so you don't have to

Vic
Silver badge
Joke

Re: Drink and drive, a simple rule:

Same rules I use when flying. 12 hours between bottle and throttle

Glider pilot, eh?

Vic.

1
0

Freedom of Info at 10: Tony Blair's WORST NIGHTMARE

Vic
Silver badge

Re: Bureacrats Are a Sociological Class

In the UK I'm encouraged to spend all my budget before year end otherwise it suggests I inflated my initial budget request

This extends even to contingency planning - councils put aside a chunk of money each year in case the roads need salting/gritting. If the winter is mild, the salt money doesn't need spending.

But if the budget is unused, it will be seen as superfluous, and cut next year. So to protect the contingency plan, it gets spent on assorted traffic projects in early Spring.

Disclosure: I used to be a beneficiary of such spending :-)

Vic.

0
0

Why has the Russian economy plunged SO SUDDENLY into the toilet?

Vic
Silver badge

Re: Gulp!

He may be backed into a corner, but he's not a raving lunatic

[Citation needed]

Vic.

1
0

Buses? PAH. Begone with your filthy peasant-wagons

Vic
Silver badge

Re: The best urban transport

It is pollution free once manufactured.

That depends on what pollution you're looking at...

I did some rough calculations whilst cycling over the Itchen Bridge one day. My CO2 output per mile was easily exceeding a small car's...

Vic,

2
1

Forums