Feeds

* Posts by Chris Ovenden

38 posts • joined 4 Apr 2007

PC-pwning infection hits 30,000 legit websites

Chris Ovenden
Thumb Up

NoScript is changing web development

The number of sites which absolutely require javascript is decreasing. Nowadays it is much easier to argue for a scriptless fallback to every bit of javascript functionality with clients and pointy-haired bosses, due in part to the rise of NoScript. Which in turn makes it more likely people will use NoScript, confident that sites they're using will still actually work.

Half a million downloads per week is not to be sniffed at (although that probably only translates to about half a million active users, as it is very frequently updated).

Also, I haven't studied this particular attack, but it would be unusual if the script is hosted on the same domain as the site, as that would require two separate modifications to the site's code. In which case the most common NoScript habit of only allowing scripts from the same domain would prevent it from running, assuming the site is in the user's whitelist or actually requires scripts to be enabled. IMO NoScript is "good enough" protection against script-borne attacks. Shame it requires a certain level of knowledge to use effectively.

0
0

Mozilla mauls Microsoft on IE, Windows 7 bundle

Chris Ovenden
Thumb Up

@Rob Elliott

I freaked out when I first read your idea, but after I calmed down a bit I realised what a good one it really is. There *is* a browser equivalent of WordPad. Let Windows' only built-in browser be Lynx.

0
0
Chris Ovenden
Thumb Up

Isn't it amazing

... how many thick people read The Register!

Microsoft are specifically not allowed to leverage their OS monopoly to disadvantage competitors in other areas, in either the EU or US, and probably elsewhere in the world too. The same rules don't apply to non-monopoly players.

I am in complete agreement with the proposal to bundle Firefox with Windows 7, as the second most popular browser, and perhaps Opera, Chrome and Safari too. There aren't actually that many. Maybe the first time a user clicks the Internet icon they could be asked which browser they want to make the default, much as MS have already had to provide a way in IE for users to select their default search provider.

0
0

Wi-Fi BlackBerry Storm rumour blows in

Chris Ovenden
Boffin

Feature?

Can the lack of something be considered a feature?

0
0

Google advises flushing your website

Chris Ovenden
Boffin

@ratfox, you don't get it

According to the article, "Only about nine per cent of the time the user waits for the page to load is spent getting that html document". Yes, some of the rest of the time is spent requesting external assets like CSS and javascript, but those are likely cached after the first page - the rest is processing time; nothing to do with how fast the user's connection is.

0
0

Web giants urged to bar Phorm

Chris Ovenden
Alert

"watch your logs"

... won't help. If I understand how Phorm works, it intercepts packets between the user and the website, so leaving no trace on the site's server logs.

Someone, somewhere clearly wants all internet traffic to be encrypted in the near future.

0
0

Microsoft claims IE8 is 'a leap forward in web standards'

Chris Ovenden
Gates Halo

Is it just me, or

... do I finally discern the long-trumpeted anti-Microsoft bias for which this publication is supposed to be known (it always seems more anti-Apple to me)?

Passing ACID 3 was never a stated goal of IE8; the very laudable goal was to make IE fully compliant with CSS 2.1. This will definitely make developers' lives easier, while ACID 3 is quite esoteric. I'm pretty sure I read all this here, so shame on you for going the easy I-strangle-your-newborn route.

Of course, Microsoft are still playing catch up with the other browsers after IE's six dead years, but I feel that praise is due for picking the right first step towards proper standards compliance.

If you really want to beat up the new version, why not pick Microsoft's utter silence on the subject of SVG support? Doubtless SIlverlight is to blame, but lack of SVG is now IE's main impediment to web innovation.

0
0

Microsoft promises 'lessons learned' on IE 8 download day

Chris Ovenden
Thumb Down

It's hard to know

... where to begin pointing out errors in this article. I will focus on the main one: that IE8 does *not* require a special tag adding to sites to render in standards mode. That idea was kicked into touch a long time ago.

It's developers who can't be bothered to fix their sites to render properly in IE8 standards mode who need to add a special tag.

Devs who already code for Firefox (and who can afford not to nowadays?) should be ok, provided they don't use browser detection to feed hacks to all versions of IE. At least, until the inevitable bugs in the release version of IE8 begin to surface...

0
0

Vodafone Music drops the protection

Chris Ovenden
Thumb Up

MP3 is still good enough

Agree with what other people have said about MP3 (except I use 192kbps VBR not, uh, 200) - sound quality is fine, even on expensive headphones, and it's compatible everywhere.

I can listen to my own MP3s on my Vodafone Samsung Omnia without a problem. Don't know what other formats the built in player supports - being a Win phone there's probably a player out there for AAC (sadly, OGG is dead) - but why take the chance?

0
0

Google kills iPhone-optimized iGoogle

Chris Ovenden
Jobs Horns

@gjw

"you cannot really use the G-phone unless you're a Google faithfull"

Do what? I'd love to have a G1, but t-mobile coverage is crap here in Brighton, and I'm not one of the "Google faithful" (just one 'l') - unless you're referring to those obscure cultists who like Google's search engine - I must put my hand up to that. The G1 appeals to me as a programmer because it's an open platform.

Ah. Maybe you were parodying Apple's control freakery. In which case I consider myself well and truly whooshed.

0
0

Why port your Firefox add-on to Internet Explorer?

Chris Ovenden
Gates Horns

Hilarious

Our platform is crap - that's why you should use it.

0
0

ITU plots third dimension

Chris Ovenden
Joke

Dynamic holographic display, or magic?

I thought I was still tuned to The Onion for a while, there.

0
0

Firefox update fixes four critical flaws

Chris Ovenden
Boffin

Are you people quite mad?

... you can use the FF3 Address Bar the same way as you always did, by typing in the first part of the address you want to go to until enough has been typed to narrow it down so that the URL you want is showing in the dropdown, then pick it from the list. As you're typing, other URLs may be shown in the list but they're likely to be related to the one you're typing. Even if they're not, plough on and your result will soon appear. What's the problem?

In addition, the address bar will help you find addresses where the part of the URL you can remember is not at the beginning, or where you can only remember part of the page title, but you don't have to worry your little heads about this.

You people probably don't like predictive texting either, do you? What a reason to abandon a browser: "They added extra functionality! Waaaah!"

0
0

Judge: No cryptographic hash analysis without warrant

Chris Ovenden
Alert

Jacqui is right

Laudable though the Judge's remarks are regarding the technicalities of the search, there seems also to be reasonable doubt whether the computer's owner was the one who put the files there.

Obviously there are going to be many cases like this in the coming years; it's reassuring to see this one get off on such a good foot, technologically.

One has to wonder how this software works that can hash files by inspecting individual sectors on a disk, when a file - especially a large one - is almost certain to be physically spread around.

0
0

Vodafone says termination rate clampdown would hit the poor

Chris Ovenden
Go

The end of cold calls?

Actually, I'm in favour: no more cold calls, because everyone will be unwilling to pick up a call from an unknown person.

0
0

Midwife's lost diary sparks mums and baby alert

Chris Ovenden
Coat

@Skinny

Are you saying that midwives' handwriting isn't ineligible for illegibility?

0
0

Jeremy Clarkson tilts at windmills

Chris Ovenden
Stop

@Nottingham AC

"Do what the rest of us do; Spray on Mud, Broken Plate, Clone, Or the Very Expensive and night only! IR ReactoLight LCD Cover."

Anything , ANYTHING but actually drive at or below the limit.

0
0

Mozilla insists Firefox 3.1 won't hit bum note for developers

Chris Ovenden
Thumb Down

Bollocks!

I find it amazing how hard people are prepared to look to find something to grumble about. Firefox 3 is so obviously an improvement on its predecessor, and as many have already pointed out, was in test for a good long time before its launch. As all but one of the dozen or so extensions I use regularly had already been updated, I made the switch several months ago.

But you have to complain about some obscure add-ons that weren't updated during this barn door of opportunity while conveniently forgetting the aeons which passed after FF2's launch before key extensions like TabMixPlus got updated.

I'm not sure what these extensions were that caused people trouble, but developers of complex extensions such as Firebug seem to have taken the API changes in their stride. The one that I gave up waiting for was a certain toolbar, developed by a certain sponsor of and contributor to Firefox: yep, Google. Dunno if they've got their act together yet, but Googlebar Lite does what I need and works fine on FF3.

0
0

Logitech Squeezebox Duet multi-room music streamer

Chris Ovenden
Pirate

last.fm support?

The Squeezebox used to support streaming from Pandora; glad I didn't get one because of course Pandora is no more in the UK. But I wonder whether it will play last.fm streams. (Apologies if this is answered in the article, but... four flaming pages?)

0
0

Firefox 3: now available bug-free, say devs

Chris Ovenden
Happy

Google Toolbar

I was reluctant to make a permanent switch to FF3 (actually from Flock), despite its speediness, mainly because of the lack of Google Toolbar, but then I discovered that Googlebar Lite (http://www.borngeek.com/firefox/googlebarlite/) has already been upgraded for FF3 and has every feature of the real thing I ever use (site search, I'm Feeling Lucky, the little buttons to find your search terms on et page,...)

0
0

Microsoft urges developers to tag sites for IE8

Chris Ovenden
Go

to Be Fair...

to all the "idiots who don't seem to understand what's going on", the article is not very clear. I have followed these developments closely, but was still slightly foxed, thinking for a second "are MS going to insist on a tag to identify properly-coded sites after all"? But no, they are doing the right thing, giving developers who only care about IE an opt-out of IE8's standards support.

0
0

W3C 'clarifies' HTML 5 v XHTML

Chris Ovenden
Stop

Well, argued, Robert Long & AC!

It does seem foolish to say that XML and XHTML are garbage, but neither of you has made any case whatsoever for your opinions.

As for HTML 5 vs XHTML 2 - why do they appear to be diverging? Would it really be so hard to have a single standard for web pages?

0
0

Microsoft's smiley browser face turns sour

Chris Ovenden
Gates Horns

@Fenwar

Actually, we already have the DOCTYPE switch. It was included in IE6 for precisely this reason - to allow cobweb sites to render using the IE5 tag soup engine, and this works well. The question is, why are they now penalising those developers who've already gone to the trouble of developing their sites to standards? The big change has already happened: IE6 to IE7. We have already felt the pain of that, and in fact it wasn't anywhere near as bad as Chris Wilson makes out. IE7 is 99% compliant with Firefox, which most developers use as their standards benchmark. It is fairly safe to assume that a site that has a proper DOCTYPE has been coded to work properly in Firefox, so all they have to do to make IE8 work with these sites is to plug the parsing holes which have been used to feed IE7 different CSS in the odd place where it needs help.

This smells of a directive from on high, maybe from Gates himself: "Don't break the web, like we did with the transition to IE7" Well, maybe you broke some IE-only intranets, but you didn't break the web because developers already have to support standards, thanks to the rise of Firefox. The only breakage was where you got standards support wrong. If IE8 really does fully support standards, you have nothing to worry about.

Good on Dean Edwards for standing up against this insanity.

0
0

When antivirus products (and Internet Explorer) fail you

Chris Ovenden
Stop

@I see it often

Presumably your company believes that by sticking with the market leaders - Microsoft and Symantec - they can come to no harm. But an infection a month is a very high rate - they should understand that someday it won't just be one person's workstation "acting weird" but their entire network. And that their 'stick with IE' policy will be to blame. It's your duty, AC, as perhaps the only person in your organization who actually knows about this stuff, to insist on a change of policy.

0
0
Chris Ovenden
Gates Horns

Sigh

While it is refreshing to see antivirus vendors under attack for poor detection, rather than, as is traditional, end users for allowing their machines to get infected - a car analogy usually helps with this - I can't help feeling that an anti-IE paragraph is required in this article.

People have been told again and again how unsafe IE is. If they continue to use it, they must take part of the responsibility when one of its myriad vulnerabilities trips them up.

0
0

Microsoft sics worldwide braintrust on XP vuln

Chris Ovenden
Stop

Foxit also vulnerable

Since no-once answered the question I asked when the vulnerability was first reported, I'll answer it myself: According to the guy who discovered it, Foxit reader *is* also vulnerable to the PDF exploit. (http://www.gnucitizen.org/blog/0day-pdf-pwns-windows)

0
0

Nasty PDF exploit runs wild

Chris Ovenden

@AJ Stiles

Great idea. I can see the media furore now... the scourge of Closed Source software.

@AC

I agree totally. Some of them can't even spell 'intolerant'.

0
0
Chris Ovenden

What about other PDF readers?

I gave up using Adobe's slow and bloated reader a long time ago. I use Foxit Reader which is free and fires up in seconds. Does anyone know if this or other alternatives are affected by this exploit?

I'm tempted to add something to the effect of Reg readers not being stupid enough to open unsolicited attachments, but nobody's perfect, and the scammers are getting cleverer (naming the attachments things like "INVOICE.pdf").

0
0

Acer plans renewed effort to drag up PC prices

Chris Ovenden

Good News For Planet Earth!

... computer sales are down. Can mobile phones be next, please?

0
0

Microsoft settles eight year patent case with Eolas

Chris Ovenden

Does this mean...

that we can soon go back to embedding flash into HTML like in the bad ol' days pre-2005?

0
0

Amazon punts grot flicks to hardcore Natalie Portman fans

Chris Ovenden

Is it possble...

...that Amazon simply made a mistake?

0
0

BT Wholesale hires new CEO

Chris Ovenden

The title got me wondering...

how BT Wholesale had previously managed with a pixellated SEO?

0
0

Microsoft re-assures partners on Vista compatibility

Chris Ovenden

"8,000 WPC delegates"

Surely the conference doesn't need that large a police presence - and why all female?

0
0

TorrentSpy filters pirated videos

Chris Ovenden

Interesting Strategy...

Expect the Pirate Bay's stats to take a jump

0
0

The Pirate Bay admits links with right-wing benefactor

Chris Ovenden

Erm

While I admire the robust pro-TPB sentiments here, I have to say it would bother me quite a bit if they actually did turn out to be backed by Daleks.

0
0

P2P pinball lawyers say ignorance is no defence

Chris Ovenden

Is Copying Software Actually Illegal?

It may be illegal to use software without an appropriate license, but is it really illegal just to pass around the bits? AIUI that just isn't the way software licensing works.

Adobe make most of their software available as trialware. Cracks exist that can turn these trial versions into non-expiring full versions. Obviously using one of these cracked versions is counter to Adobe's license, but Adobe (or a magazine which carries the trial on its cover CD) isn't liable for distributing "illegal software".

I suspect Davenport don't have a legal leg to stand on.

0
0

Commercial child abuse websites growing

Chris Ovenden

Thanks for not calling it 'Kiddie Porn'

I admire your writer for calling it what it is: images of child sexual abuse.

0
0

Children to nag adults through CCTV

Chris Ovenden

Three days too late

Is this some kind of timeshifting protest againat April Fools' Day?

0
0