* Posts by thomanski

25 publicly visible posts • joined 9 Feb 2008

Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed

thomanski

Re: That is what you get for using Windows

> I've just bought an old Cisco router [...] Now I have to go back to school to learn how to configure the blasted thing.

You want "Cisco Routers for the Desperate, 2nd Edition" - http://www.nostarch.com/cisco2.htm

Collective SSL FAIL a symptom of software's cultural malaise

thomanski

Re: Malicious? Probably not... but don't rule it out...

> to those claiming that this would have been caught if "unreachable code" warnings were turned on in the compiler... how so? [...] In this situation there was no code that could never be executed, just one line that shouldn't have been there.

Look again, everything in bold is unreachable since the second "goto fail" is not conditional on the two lines above it:

if ((...) != 0)

goto fail; // this one's actually conditional

goto fail; // this one isn't, always gets executed

if ((...) != 0) // all these lines in bold are unreachable code

goto fail;

err = sslRawVerify(...);

if(err) {

sslErrorLog(...);

goto fail;

}

fail:

SSLFreeBuffer(&signedHashes);

SSLFreeBuffer(&hashCtx);

return err;

(from http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c, edited)

thomanski

Re: NSA Link

From the daring fireball link you've given :

> Once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM.

That's exactly what's needed. A proper functional test suite attempting to fool an SSL implementation. Not in the hands of the NSA but of everyone who produces SSL-based apps.

I find it hard to blame Apple they didn't have this. But they definitely should be working on it now.

Bigger on the inside: WD’s Tardis-like Black² Dual Drive laptop disk

thomanski

Re: 1 TB 2.5" platter

> 1 TB in a 2.5" platter?

Yeah but no but yeah but it's not a single platter, contrary to WD's initial claim:

"Update 2: WD initally told us that the drive is a single-platter design but they've now corrected their earlier statement. The hard drive consists of two 500GB platters" --> http://www.anandtech.com/show/7540/western-digital-releases-black2-120gb-ssd-1tb-hd-dualdrive-in-25-form-factor

Flash stash on toppa platta: WD's tasty Black² 1TB combo for LAPTOPS

thomanski

Re: Nearly an alternative to my current setup

I'm using a Thinkpad T410 with this: http://www.amazon.co.uk/Drive-Caddy-Lenovo-Thinkpad-Ultrabay/dp/B005XCQJGO

thomanski

Nearly an alternative to my current setup

Like the idea.

I've got a 250 GB Samsung 830 as main drive in my laptop and a 1 TB HDD where the DVD r/w once was. I'd consider getting it and plugging the optical drive back in, or leaving the second slot as is giving me ~2 TB which I may end up needing further down the line. I like to have all my data with me since I never seem to know upfront what I'll need.

Without Linux support I'm afraid it's not a sale though.

Apple MacBook 13in with Retina display

thomanski

"PCMark 8 score of 3184 in Home mode and 3684 in Work mode"

Would be nice to give a bit of context, e.g. how does the previous generation's MacBook Pro 13" fare, what does an i7 MacBook Pro 15" give, how does that compare to, say, a Dell XPS 13" etc.

My googling hasn't turned up much but at least I found this:

"... the Retina MacBook Pro 13 ... is basically on the same level with the 2012 Retina MacBook Pro 15 with dedicated graphics." --> http://www.notebookcheck.net/Review-Apple-MacBook-Pro-Retina-13-Late-2013-Notebook.105035.0.html

The Asus Zenbook Infinity UX301LA scores 3075 in home / 4079 in work mode: http://www.notebookcheck.net/Review-Asus-Zenbook-Infinity-UX301LA-Ultrabook.103027.0.html

Nokia wins UK patent spat: Quick, let's boot HTC One out of Blighty

thomanski

Re: Conflicted here @thomanski

> No patents are being transferred

It's true, both claims are out there. What makes you so sure The Reg is wrong and Reuters is right? I can't tell.

thomanski

Re: Conflicted here

> MS licensed them but didn't buy them

Not sure whether this particular patent is among them but apparently 8,500 patents are being transferred:

"The deal gives Microsoft Nokia’s ... war chest of 8,500 Lumia and Asha phone patents while licensing 30,000 utility patents..." - http://www.theregister.co.uk/2013/09/03/microsoft_nokia_rise_of_elop/

Z30: The classiest BlackBerry mobe ever ... and possibly the last

thomanski

Re: @Paul Crawford

Well, for what it's worth I've gone to the trouble of adding my votes to both the Ubuntu and upstream bug trackers.

> and it is symptomatic of an organisation that, because it is not on their patch, don't care.

Personally I think Mozilla are a well-meaning org taking on a number of good projects and overall doing a pretty good job while of course having more on their plate than they can do and having to prioritise.

Yes, it looks like they're continuing to fail on this but it is if I'm not mistaken a Linux only issue, it relates to printing which I think large numbers of users do not do from the browser beyond a boarding card PDF. I've never even noticed this myself (ok, mainly because I rarely print), so perhaps that's why it's not as much of a biggy for the vast majority of users and Mozilla as it is for you and some others.

...

Shouldn't adding this to user.js work, even across version updates since it's in the profile?

// Change default paper size from US-Letter to A4:

user_pref("print.postscript.paper_size", "A4");

thomanski

Re: not enough

I see. Works fine for me though.

I use Firefox mostly on Windows (at work) and on Debian Wheezy, the latter as a FF backport since it's just a tad too ancient on stable, and I haven't really encountered any issues.

Well, to be perfectly honest I frequently have issues with Java (which I need to remote into work, don't ask, and so have to en/disable all the time) and Flash but then I've never blamed Firefox for those since it's not really better in Chromium or Opera, which I occasionally use as well.

thomanski

Re: What has Mozilla done though?

> Not fixing the default-to-US-letter paper bug for over a decade perhaps

Hmm. Not being a Letter man myself I can sort of understand this being an annoyance but it seems like a tiny issue in the grand scheme.

thomanski

Re: not enough

> Canonical+Mozilla have been consistently pissing off their user bases for the past couple years at least

Canonical I have to agree. What has Mozilla done though?

Motorola teases with Moto X 'design your own' phone

thomanski

Re: Well, I know which manufacturer not to buy form then.

"So where do you get your ethically pure phone from?"

Korea

(South)

Samsung Google Nexus 10 tablet review

thomanski

Re: Productivity Apps?

SoftMaker has got three office apps out that are worth mentioning: TextMaker (~Word), PlanMaker (~Excel), Presentations (~PowerPoint). I quite like them and as far as I know their MS Office file compatibility is unmatched (by anything other than MS Office).

Should Microsoft merge Office into Windows - or snap it off?

thomanski

Well, for Android there is Softmaker Office which so far seems to work brilliantly with .doc(x) and .xsl(x). Haven't tried PowerPoint. Hope I won't have to either.

When GiffGaff falls over, is it even news any more?

thomanski

Re: I want to know what's going on with them

Thankfully The Reg is very vocal in keeping us up-to-date about issues that my wife and I never seem to notice so we know that GiffGaff is rubbish and we should really go somewhere else. From our own usage however it seems to be just fine and the prices remain unbeaten so I suspect we'll hang in there just a little bit longer.

GiffGaff: We've got no iPhones, but here's how to cut down your SIM

thomanski

Re: Nice plug but GiffGaff oh my!

Well, yes, it's £1/minute to certain countries but at least they don't block your use of LycaTel, DialWise and other cheap call through providers. So you use your free minutes to call a London number and then call through to your target. Since there's pretty decent competition in that market you do get reasonable rates. Besides, calls to Europe, US, Canada and several others are pretty good with GiffGaff.

Don't know why so many people are bashing them. Sure they had a couple of outages this year but they are fantastically priced and at least for me their customer service has worked really well and so does the 3G. Also, the forums have an answer to pretty much every question you could have readily available.

Samsung ready to drop faster SSDs

thomanski

Re: hmm

Good to hear there's improvement in that area. I had a good bit of trouble on a 2006 13" Macbook removing screws that look like this: http://apple4less.com/ebay/images/mbhdtray-2.jpg. Had to grab them with pliers to turn them and thus screw them off since none of my screwdrivers fit.

I felt somewhat bitter about the experience, presuming (perhaps wrongly) they were purposely made so they would only be easily removable by some £1,500 Apple screwdriver.

Ten external battery packs

thomanski

Re: Crummy selection

Yes, I couldn't agree more. There are several brands of what is essentially the same product: Powergen, EasyAcc and Anker on amazon, all I think at £24 with 8400mAh and although I haven't really tried it, the claim that it'll recharge an iPhone from empty to full four times before needing a recharge itself seems credible. They have one 0.6A out and one 2A out (faster but less efficient charge). Owning one of these, I don't see how any of the ones discussed in the reg article could tempt me.

Especially since there's a newer one now with 10000mAh (£32) and it comes with adapters for a number of laptops as well. And I just spotted another one with 12000mAh (£35) and 4 USB outs (bit much perhaps) from the same guys.

Apple's Retina Macs: A little too elite?

thomanski
Go

Re: Samsung

Any plans on auctioning off your Thinkpad on eBay when you've got the Mac? Please do give us a shout right here then.

Official: OOXML approved as international standard

thomanski
Gates Horns

@Aidan Thornton

> There are currently exactly zero implementations of this standard

There are hundreds of thousands of compliant consumers already and it's easy to implement a compliant producer. The Unix cp/DOS copy programs are actually both. Why?

If I may quote Rob Weir (http://www.robweir.com/blog/2008/01/standard-trolls.html):

"... in plain English, in order to be able to claim conformance with OOXML, an application must not crash when presented with a valid OOXML document, or must be [cap]able of producing at least a single valid OOXML document. This is not exactly a high threshold."

This might well mean that Microsoft can already claim OOXML conformance for Office 2007 and so could probably others for their products. In practice most people will be using MS-Office to generate their OOXML-"compliant" documents and will expect competing software to read and write these.

In how far correctly interpreting/generating Office 2007 documents then has anything to do with the otherwise *optional* features described on a further 6000 pages of the OOXML standard is anyone's guess.

Cunning, no?

Rebit: This is your grandmother's data backup

thomanski

OEMs don't always just use one partition

I've just reinstalled a Sony Vaio desktop machine for a friend and the thing was automatically set up with two partitions. In any case it's a pathetic limitation for a backup tool to have.

Equifax asks customer to email debit card photocopies

thomanski

That Thomas is me...

... thanks, John, for picking this up.

Some of the comments reminded me of another bit of entertainment I've recently had when an automated phone system called me, claimed to be my phone/broadband provider Virgin Media and demanded to know my password before proceeding. I called back and found, yes, that had actually been them. Sigh.

Much better is Citibank, although it could be argued that they are a wee bit too cautious: They don't accept messages (crafted on and sent from their online app to them) with "dangerous" characters such as single quotes and in telling you drop the text and reliably clear the form.