Feeds

* Posts by ElReg!comments!Pierre

1774 posts • joined 22 Jun 2009

BOFH: Oh DO tell us what you think. *CLICK*

ElReg!comments!Pierre
Silver badge

Re: Laptop! Lucky bastards

Our BOFHs have us all on VMs.\

It's for your own good; besides, that's what the comittee decided. Of course, we'd be glad to reconsider. Just drop us a line in the suggestion box.

0
0

OpenSSL Heartbleed bug sniff tools are 'BUGGY' – what becomes of the broken hearted?

ElReg!comments!Pierre
Silver badge

unfortunately

Yes, but in large organisations there's always the odd box under a desk that hosts a "pirate" server setup by an intern 3 years ago, badly configured and unpatched because you wouldn't expect Lucy from receiving to know her way around sh (and the root password is long lost anyway).

2
1
ElReg!comments!Pierre
Silver badge

Re: I'll raise your false positive and see you in court

Heartbleed is a fairly easy vuln to test for, so there's no false positive (as outlined in the article) and false negatives are necessarily very contrived set-ups. It's good that the false negatives are found and added to the detection tools, but there are very few systems affected in the real world. Of course you wouldn't want them to be yours...

In any case the detection tools are mostly useful for the clients. As a sysadmin, if you're going to spend that kind of time checking if your pant is down, chances are that you'd better use that time to update OpenSSL instead.

3
0

Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS

ElReg!comments!Pierre
Silver badge

Re: As has been proved time

and time again, fingerprint scanners can be fooled by a dedicated team with heavy equipment. In a lab. Set up specifically for that purpose. With previous knowledge of both the "key" and the target. Within FOUR DAYS, assuming the target did not notice their ultra-hush-hush device went missing. FOUR DAYS AGO.

Bah humbug.

Meanwhile, "good" passwords are cracked almost instantl by the million every single day by virtually anyone on the planet, leading to numerous kinds of frauds, costing real money.

Kids these days.

0
0
ElReg!comments!Pierre
Silver badge

Re: Biometrics...

A password that you cannot change, and leave written everywhere you go. I can't fathom why people think it's a good idea.

I have 2 reasons for you:

-It takes days to counterfeit for a team dedicated to the task with expensive hardware, a dedicated lab and specialized skills. Most passwords can be cracked in a matter of minutes by a script kiddie with a 200 bucks laptop from eBay.

-you can't possibly forget it. Most "hard-to-guess" passwords end up written on a post-it, which is demonstrably worst than holding them at your fingertips (litterally). And most of them aren't hard to guess at all anyway, cue the obligatory xkcd reference: http://xkcd.com/936/

1
0
ElReg!comments!Pierre
Silver badge

Re: iSuppli estimates

The same is true in any hardware company. The details of parts supplier deals are always deep secrets, because both the competitors and competing suppliers could take advantage of them.

You're right, but for the wrong reasons. BOM are uncannily difficult beasts for a "real" all-encompassing tech company like Samsung. At Apple it's mostly a matter of trade secrecy, because Apple is mostly a product _designer_; for companies like Samsung (and, to a smaller extent, Moto for example) you have to factor in the fact that they actually make a lot of the parts in their devices themselves... but in different branches, branches which bill each other almost as if they were different companies. But only almost. Now factor in the cross-licensing deals that Samsung (and Apple, but to a staggeringly smaller extent, because they don't hold as much IP in the electronics or manufacturing departments) have with external manufacturing companies, most of which are not per-piece or even per-product and you may -just may- approach the complexity of the thing. And now remember all these Branches in Samsung? well, if they are remotely as retorse as Western companies they have internal "intellectual property" deals as well.

Now I need to stop and grab a beer, because if I go on I'll need an Aspro instead and that's much less fun.

2
0
ElReg!comments!Pierre
Silver badge

both have the same correction factor

A lot of the parts in the iPhone and the Galaxy are manufactured by Samsung.

You're taking for granted and evident that Samsung and Apple pay the same for these parts. It may be the case, but it's not an obvious (or safe) assumption to make.

1
2

Look out, bankers! It's Lily Cole and her (Brit taxpayer-funded) WISH-PRINTING ATM

ElReg!comments!Pierre
Silver badge

Exactly what I thought. I just hacked the Lexmark to print a python module manual. F34R MY 1337 5¦<1LL><0R

5
0

Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'

ElReg!comments!Pierre
Silver badge
Coat

No doubt Amazon will be sued for billions over this...

...as soon as Apple has submitted the patent application paperwork.

16
4

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

ElReg!comments!Pierre
Silver badge
Coat

Re: OpenSSL "blueprints"

If only there were more volunteer willing to check OpenSSL's UML designs, all this wouldn't have happened.

0
0
ElReg!comments!Pierre
Silver badge

Re: "Google's Android 4.1.1 is vulnerable"

unsuspecting clients connecting to malicious servers (servers which will still be expected to present a valid SSL certificate)

Not necessarily, from what I gather the malicious server wouldn't have to present a valid certificate. Your point still stands, people are extracting useful info from servers by hammering them with malicious SSL requests; I can't see that happening on a phone. Remember that in the 64k you can extract at a time, most is truncated or otherwise uninterpretable garbage. Moreover, on a client machine most if not all of that garbage would be data that the malicious server previously sent to begin with (ot that was sent to the malicious server by this particular client). In chrome and Firefox, tabs are run in separate processes, so even if the attacker managed to hammer your phone with malicious requests at the right instant -extremely unlikely to begin with- they couldn't snatch your bank credentials from a concurrently-open tab.

Not terribly scary then. Still needs patching.

1
1
ElReg!comments!Pierre
Silver badge

Re: "Google's Android 4.1.1 is vulnerable"

Yeah, my thought too. If you're worried about this bug on your handset I have a personal meteorite deflecting shield you may be interested in. Heartbleed can leak some of the calling process' memory stack.

If memory serves, both Chrome and Firefox fork processes on connection, which means that a malicious website would have access to 64k of... it's own prior data exchanges with you. In other words an attacker could use your ram as his own history. Oh noes, the end is nigh etc.

This bug is really only a concern on massively multi-user servers, where the 64k of leaked memory could contain _someone else's_ data. A client machine typically has only "one-on-one" server-client connections, so attackers can mostly retrieve data they already have. And that is, if they can make use of the tiny time frame in which the connection is established (typically, client system are not designed to accept out-of-the-blue SSL connections; they establish the connection for a particular need they have, say, to retrieve the list of emails in a distant mailbox, then shut it down).

A server is vulnerable because it is designed to be listening to random connection requests, and potentially has a huge number of users connected to it. Unless I missed something, neither is happening on a client system.

0
1

Half of Twitter's 'active users' are SILENT STALKERS

ElReg!comments!Pierre
Silver badge

That's better than I expected then

44 per cent? That's better than I expected. Not everyone has something interesting to say, and even though these 44% are probably a tiny portion or the users who don't, it's still good to know that almost half of Twitter's users know when to sut up. Now for the other half...

4
0

Apple is IMMUNE from Heartbleed, it says. But don't check if it's true

ElReg!comments!Pierre
Silver badge

> I gave myself permission to look at one of our Mac Book Airs

And how do you reckon the vuln could have been exploited on your MBA anyway?

1
4
ElReg!comments!Pierre
Silver badge
WTF?

Server-side vuln...

I bet iOS and OS X are immune from smallpox and H1N1 too. Oh and rickets too.

If that's all Apple PR dept found to make the headlines this week, that's weak.

5
7

Snowden lawyer PGP email 'crack' flap: What REALLY happened?

ElReg!comments!Pierre
Silver badge

That, or...

... once one of the machines is compromised you don't even need the key...

4
0

Gay marriage foes outraged at Mozilla CEO flap, call for boycott

ElReg!comments!Pierre
Silver badge

Re: Shame, Mozilla!

Shame indeed.

I have been a Firefox and Thunderbird user since long before they were separated from the main suite; I had switched mail clients a few month ago due to thunderbird becoming a right pain in the arse in resource-constrained environments and I was on the verge of switching browsers because of the growing bloat. This scandal pushed me over the edge, all my machines are now Mozilla-free.

The only thing that bothers me a bit is that some clueless morons may associate me with the christian bigots calling for the boycott ("if you're not with us you're against us" and all that bullshit). But then again I don't care terribly much about what clueless morons think of me.

2
0

Drone 'hacked' to take out triathlete

ElReg!comments!Pierre
Silver badge

Re: Why bother with... @dan1980

> played on an oval

Yeah, I had kinda missed that part of your post.

0
0
ElReg!comments!Pierre
Silver badge
Trollface

Re: Why bother with... @dan1980

> swap the goals for four posts and exchange both the grounds and balls for elliptical versions. That'd do it.

I really, really hope you're referring to the version whith grown men dressed in cloth, not the one with overweight armoured dancing queens. The latter is almost as boring as baseball, and that's saying a lot. Why they insist on calling "sport" an activity that consists mostly in standing absolutely still is beyond me. And aren't these -perfumed?- handkerchieves lovely...

1
0

Windows XP still has 27 per cent market share on its deathbed

ElReg!comments!Pierre
Silver badge

Re: How many XPers?

> Does El Reg have any stats as to how many people running XP are reading its hallowed words?

Well, there's me, for example. My personal machines mostly run Debian but this work one is an old XP system, with manny overexpensive specialist pieces of software installed. I'm probably going to upgrade in the coming weeks, but I still don't know what to do about said software...

0
0

'Hello, is that the space station? NASA here. Can you put us through to Moscow?'

ElReg!comments!Pierre
Silver badge

Nose duly cut sir

No report from the face yet.

4
0

ICANN boss: 'Russia and China will NOT take over interwebs'

ElReg!comments!Pierre
Silver badge

Worried?

Most of the world is relieved, not worried, that the US will have less direct control. The "worried" part of the world is a few thousand people in the semi-tech fringe of the US republican party... that's not much of the world population.

4
1

Money? What money? Lawyer for accused Silk Road boss claims you can't launder Bitcoin

ElReg!comments!Pierre
Silver badge

Re: Of course you can't launder bitcoins.

> Bitcoins are always anonymous, that's the whole point of bitcoins: they're always freshly laundered and smelling faintly of lavender.

Not sure what you mean by "anonymous", but they are traceable. That's the whole point of the chain. The equivalent of laundering would be the pooling shops that mix the content of wallets, making the coins hard to trace -but not impossible.

0
0

Dropbox nukes bloke's file share in DMCA brouhaha – then admits it made a 'HASH OF IT'

ElReg!comments!Pierre
Silver badge

Re: well personally

> In the Google?

Yes, in the Google.

> What does that do?

It allows you to share your cat videos with your grand-grand-kids

> What do I do after?

Nothing

> Did you mean double-click?

Yes

> "That's 2 steps." Which don't actually work

They do. Just try.

> and presume much more knowledge than your target actually audience has.

Not more than using Dropbox. And it relies considerably less on unspoken visual codes than "dumbed-down" (but unintuitive and undocumented) solutions like Dropbox.

The cowards here lack the tech clout of a elderly woman apparently. Dropbox is _not_ easy for the non-technical people, especially the older ones (its retarded interface is based on Facebook visual codes, which is not familiar to the elder).

Also, local solutions these days are plug-and-play, more so than Dropbox. In most cases, _no_ config changes at all are needed. The only cases where I've seen them fail was on internal network where the admins had put a lot of effort into insulating the local network from the outside world. On a home system it'll go directly through the firewalls Go look up the stuff you diss (filezilla et al), you'll look considerably less stupid.

1
1
ElReg!comments!Pierre
Silver badge

Re: well personally

> Quick, in 5 easy steps how does your non-IT literate granny spec, install, configure, secure, maintain and back-up a public-facing FTP server?

-download Filezilla-FTP-for-dummies-setup.exe

-click on Filezilla-FTP-for-dummies-setup.exe

That's 2 steps. You're welcome.

0
2
ElReg!comments!Pierre
Silver badge

Re: Or

> \o/ The first commentard who seems to get it. Well done Sir/Madam.

That the "smiley" for a gaping... something or other?

0
0
ElReg!comments!Pierre
Silver badge

Re: well personally

> You forgot to tell us what perfect tool we should all be using...

SFTP

0
0

UK cops: Keep yer golden doubloons, ad folk. Yon websites belong ta PIRATES

ElReg!comments!Pierre
Silver badge

You pay them to do this

It's the Intellectual Property Crime Unit, their very raison d'être is to be Big Media's private police paid on the taxpayer's money. So, it's very unlikely they will ever stop.

1
0
ElReg!comments!Pierre
Silver badge

Actual CnP from their site:

" The companies that run the Internet, companies like Google"

4
0

Sick of walking into things while gawping at your iPhone? Apple has a patent app. for that

ElReg!comments!Pierre
Silver badge

Re: Uhm,,,

Nonononono you don't get it. T's with tablets that it will be hillarious.

I really hope this hits the streets soon. Imagine how fun it will be, all these iPad users holding their shiny stuff vertical at eye tlevel to text. If you thought that people look a bit like dorks when they take pictures with their tablets, then this system will make you cringe so hard it'll become funny.

Not to mention that they'll need to shackle the thing to their wrist, as people holding a $800 piece of kit in front of them at arm's length will be a delight for hit-and-run thieves...

3
0

Ugh! This DUNKABLE wearable tech is REPELLENT

ElReg!comments!Pierre
Silver badge

Fuck that tech!

And now I need a fishbowl for my Pi. As if my living room wasn't cluttered enough as it is.

2
0

Gr8, it's the new M8! Ideal for that celebrity funeral selfie

ElReg!comments!Pierre
Silver badge

Re: DoF

Technically you can't alter the focus, just add some artificial blur. The 2 lenses are just here to get "distance" information, which lets you blur similarly objects that are the same distance away. There are some cameras that really let you "alter" the focus after the fact, but they are rather more sophisticated, relying on proper lens arrays (which means that you don't "change" the focus as much as "define" it after the fact). They also tend to be low-def and to be absolutely horrid as soon as the light goes slightly down -well, that or they are humongous and cost the price of an appartment. I bet this thing, although not really being able to define the focus after the shot like a proper lighfield camera, is much better on the resolution and low-light fronts.

Comparing it to the lytro is just plain wrong; this here thing is just adding "distance" information to the picture, letting you apply a wonky blurring filter selectively to objects that are the same distance away from the lens.

0
0

BOYCOTT FIREFOX, rage gay devs as Mozilla appoints JavaScript daddy as CEO

ElReg!comments!Pierre
Silver badge

Re: His anti-gay stance is unfortunate

> Firefox already got rid of the user-friendly UI option to turn JS off

Fortunately The Proxy did not get rid of the command-line friendly option to send JS go fuck itself elsewhere.

In any case I don't think getting rid of the UI-oh-look-shiny-clicky-clicky ways to set options is necessarily a bad thing. In fact I for one support the good old config-file approach, just fire up a text editor and presto! all the setting in the same place for you to merrily meddle with. And you can save the old file for one-step full restore should you do something stupid.

As such, FF current system is rather a step in the right direction, even though it's lacking in the inline documentation department.

0
0
ElReg!comments!Pierre
Silver badge

Re: I'm boycotting FF too

Midori

Iron

Dillo

I could go on... and that's before we reach text-mode (w3m, links, lynx etc)

Of course with some you'll miss out on the "most advanced features of today's rich-content web" (or whatever else they call JavaScript these days) which is either a flaw a feature depending on your personnal views on the rich-content agile cloud-based paradigm.

On the issue of gay marriage, my current boss would say: "They make me smaile. As a young straight woman 40 years ago I was demonstrating for the right NOT to marry. But everyone should have the right to make their own mistakes".

3
0
ElReg!comments!Pierre
Silver badge

Boycott...

... the form of "activism" that is only slightly less efficient than electronic petitions.

9
5

MH370 airliner MYSTERY: The El Reg Pub/Dinner-party Guide

ElReg!comments!Pierre
Silver badge

Re: @ElReg!comments!Pierre: You'll Need To Do Better Than That.

I'm not responsible for anyone's poor culture or impovishered language. Here, have two example of inanimate object extermination, on the house:

"The following passage in Æschines's Oration against Ctesiphon confirms the usage of such a law as the above It would be a grievous thing in you, O Athenians, who are used to exterminate from your territories such pieces of wood, of stone or iron, things inanimate and senseless as have been the accidental cause of a man's death, by falling on him; for you who cut off and bury that hand separate from the rest of the body, which hath committed self murder; for you to reward the undeserving."[...]

"If any thing inanimate (lightning or other weapon sent from heaven excepted) shall either by its own fall, or by a man's falling upon it, deprive him of life, let application be made to the judge and let the inanimate thing be exterminated as is the case of animals"

in FULL INQUIRY INTO THE SUBJECT OF SUICIDE (to wich are added as being closely connected with the subject) TWO TREATISES ON DUELLING AND GAMING.

Charles Moore, Rector of Cuxton and Vicar of Boughton, 1790.

I'm sure Google will yeld plenty other examples.

0
0
ElReg!comments!Pierre
Silver badge
Meh

Re: @ElReg!comments!Pierre @ Turtle

Oh look at what the Oxford dic say:

exterminate

Line breaks: ex|ter¦min|ate Pronunciation: /ɪkˈstəːmɪneɪt, ɛk-/ verb [with object]

1 Destroy completely

> /shakes head.

Indeed

0
0
ElReg!comments!Pierre
Silver badge

Re: Another interesting hypothesis @ stu 4

> http://blog.oxforddictionaries.com/2012/09/does-decimate-mean-destroy-one-tenth/

So it means either to kill one in ten, or to tax -normally, by one tenth (tithe)-... mmmh, I wonder which one the original user meant.

0
0
ElReg!comments!Pierre
Silver badge

Re: The simplest explanation and confirmation bias

> I discount the military radar data because I am familiar with such radar data and I have a good idea what it does or doesn't show. For those who aren't personally familiar, I suggest you read the accounts of the incident where the U.S.S. Vincennes shot down an Iranian airliner by mistake.

I suggest you read the accounts of the incidents where US forces shot their Brit allies by mistake, or where they bombed a whole block killing numerous civilians because they mistook a camera lens for a RPG launcher. It has nothing to do with radar tech, everything to do with the "shoot first, think later" culture of the US forces.

That particular radar had the 777 in sight for most of its flight, including the part when it was broadcasting its ID. There is little to no doubt that there identification is correct. Now that's not the same for altitude data, that is not reliable.

1
0

Say CHEESE: Samsung files patent for transparent camera

ElReg!comments!Pierre
Silver badge

Re: Transparent display?

Yeah, there's this stupid SLR fashion... everyone now gets one, often an entry-level one, and they keep the kit zoom that came with it (which is unvariably a crappy one). So you end up with something bulky and overexpensive that makes not-so-good pictures. Most people would be better off with a high-end compact (Canon S series, Panasonic LX series, or even Nikon P310). Less expensive, easier to handle, and better cameras if you're not going to change the kit lens on your SLR (which most people never do).

0
0
ElReg!comments!Pierre
Silver badge

Re: Transparent display?

> the display will show what the actual picture will look like, but what you see through the display will be completely different.

Why? No. Compacts with an optical viewfinder work somewhat similarly, and high-end compacts such as the Leicas or the Fujifilm X100 have optical or "opto-digital" viewfinders too, with or without paralax correction. There's decades of technical expertise in that field. I have 2 rangefinders from the 70s that even have mechanical parallax correction (ie the viewfinder physically moves as you change focus, so that the field of view in the finder corresponds to the image projected on the film). Another widely known example is the dual-lens reflexes, in which 2 different mechanically coupled lens are used, one ->eye and the other ->film.

Of course it won't work for macro, as the distance between the viewfinder and the lens becomes a problem at very short distances, but starting from ~1 m it's virtually indistinguishable.

1
0

BOFH: On the PFY's Scottish estate, no one can hear you scream...

ElReg!comments!Pierre
Silver badge

Re: Nice!

> "Sending money to Uganda" has a nice ring to it as a veiled threat for those in the know

Ho noes he's gonna become a registered Vim user!

http://iccf-holland.org/

0
0
ElReg!comments!Pierre
Silver badge

they won't need these 70k in equipment anyway

Not after everything is moved to the cloud (surely that would not be equipment budget).

Which is where I tought everything would go sour, with someone taking a short but entertaining flight from the retreat environment to the tiered greenspace. Possibly a duo flight even.

2
0

Bono bests Bezos in Fortune's 'World's 50 Greatest Leaders' list

ElReg!comments!Pierre
Silver badge

Bring back the Moderatrix, I say

Wah-pessshh!

0
0
ElReg!comments!Pierre
Silver badge

Re: Wrong angle, fellow commentards (@myself)

Aw, seems my keyboard is acting up again...

0
0
ElReg!comments!Pierre
Silver badge

Wrong angle, fellow commentards

Although I agree with a lot of what was written so far in the comments, it's Fortune's list of leaders, which means "top snakeoil merchants". People able to initiate and/or perpetuate a cult centered around them. By that measure most of the nominees do belong here.

And don't forget it's a merkin list, only people visible from inside merca are taken into consideration; and merkins are favored. Hence the shortstop whose name I can't be bothered to aknoledge. Had it been a brit list it would have comprised Brian O'Driscoll. Same diff.

0
0

Tor Project claims 'fake' Tor Browser sat in iOS App Store for months

ElReg!comments!Pierre
Silver badge

Re: Simple question

Have course, I'm happy to help; here is an excerpt have the TOR FAQ page:

I would of thought that a copyright-based complaint was their mode have action, but Apple's speed have reaction may of been modified by friendly pressure by the NSA... or they they would of acted faster if the claiment had been one have the Ass. of America.

How can I use the name "Tor"?

The Tor Project encourages developers to use the name Tor in ways that do not confuse the public about the source of anonymity software and services. If you are building open-source non-commercial software or services that incorporate or work with The Tor Project's code, you may use the name “Tor” in an accurate description of your work. We ask you to include a link to the official Tor website https://www.torproject.org/ so users can verify the original source of Tor for themselves, and a note indicating that your project is not sponsored by The Tor Project. For example, “This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.”

Can I use the Tor onion logo?

If you're making non-commercial use of Tor software, you may also use the Tor onion logo (as an illustration, not as a brand for your products). Please don't modify the design or colors of the logo. You can use items that look like the Tor onion logo to illustrate a point (e.g. an exploded onion with layers, for instance), so long as they're not used as logos in ways that would confuse people.

Can I use the word "Tor" as part of the name of my product or my domain name?

Please don't use Tor in your product name or domain name. Instead, find a name that will accurately identify your products or services. Remember that our goal is to make sure that people aren't confused about whether your product or project is made or endorsed by The Tor Project. Creating a new brand that incorporates the Tor brand is likely to lead to confusion, and commercial confusion is a sign of trademark infringement.

0
0

'Arrogant' Snowden putting lives at risk, says NSA's deputy spyboss

ElReg!comments!Pierre
Silver badge

It's funny because * it's ** true.

*everyone knows

**not

0
0