* Posts by david 12

859 posts • joined 6 Jul 2009

Page:

Microsoft releases open source bug-bomb in the rambling house of C

david 12
Bronze badge

Re: >handling pointers directly makes for efficient, “close to the hardware” programming>

Yes, standard c is not actually Turing Complete: the behaviour is undefined when it runs out of stack space.

But dynamic allocation is not the same as runtime-created data. And most C programs have lots of dynamic allocation which is statically determined. C makes it difficult to check: other languages have it built into the basic language design, and are faster and more efficient for the same level of safety.

0
0
david 12
Bronze badge

>handling pointers directly makes for efficient, “close to the hardware” programming>

>handling pointers directly makes for efficient, “close to the hardware” programming<

Why do people write garbage like that? Why do people repeat garbage like that? Isn't anything useful taught in Comp Sci?

C was an efficient, "close to the hardware" programming language when compared to Scheme, Lisp.

It was an inefficient, slow, bloated, language compared to languages designed for efficiency like FORTRAN and Pascal.

This isn't "despite" the lack of language/compiler support for managing pointers: it's BECAUSE C lacks language/compiler support for handling pointers.

There has, in fact, been significant changes in pointer handling between "ANSI C" and C11, specifically intended to make possible to write code as fast and efficient as Pascal or Fortran code, by (incompletely) inferring the pointer target from the pointer type: something fast and efficient languages were able to do by correctly and completely by design.

PS: Dynamic bounds checking is something you do only where your language can't handle static bounds checking. Yes dynamic bounds checking is ineficient: that is a reason why languages that support static bounds checking are faster and more efficient for the same level of safety.

0
2

Microsoft bans common passwords that appear in breach lists

david 12
Bronze badge

Password length

It's not clear from the references that password length requirments are uniquivically bad.

Complexity requirements are bad in general, hiding the password as typed is bad.

And very short passwords will of course fail the uniquness tests.

But it's not clear to me that you don't get a benefit from requiring a password to be 10 characters or more.

0
0

Crims set up fake companies to hoard and sell IPv4 addresses

david 12
Bronze badge

Back in the day, there was no legitimate way for a company to sell their IP block, so there was no comercial reason to do so. Has that changed?

Certainly, if there is value, the net registries could expediate the process by buying back blocks at market value, rather than just waiting for them to be relinquished.

0
0

EPO president caught threatening independent appeal board

david 12
Bronze badge

"all disciplinary proceedings are confidential"

That seems like a very straight forward and simple explanation.

0
0

Admins in outcry as Microsoft fix borks Group Policy

david 12
Bronze badge

Re: Just to remember MS

Perhaps you fail to understand the nature of the reported "feature".

It changed an authentication method.

That's a fail regardless of if you apply the new feature from a file or by some other method.

It can be rolled back.

This isn't a "feature" that failed because it was not "properly logged", or failed because it was not implemented through the windows installation service. It's a fail because it was a poorly thought out and poorly communicated change.

0
0
david 12
Bronze badge

Re: Not entirely

No, I do not know that >"Read" a policy means APPLY the policy<.

I assume that you think that you mean that "filtering" is the same as "read permission". It is not. There are several ways to alter permissions independent of filtering, and filtering independent of permissions.

0
0

Apple quietly launches next-gen encrypted file system

david 12
Bronze badge

Re: Next-gen?

>Again, POSIX requires case sensitivity.

I don't require that aspect of POSIX from Apple. I don't buy computer systems from POSIX, we don't demand POSIX certification from any of our suppliers, and, in particular, my Apple users couldn't give a flying f- about POSIX compliance.

3
1
david 12
Bronze badge

Re: checklist

>but if you want case insensitivity in filenames, you have to specify the locale too.

Yes, if you want locale-sensitive font-sensitivity or locale-sensitive character-sensitivity, you have to specify the locale. True of both file systems and database systems.

Fortunately for people who want locale-sensitivity, such file systems and database systems are in common use.

I'm not entirely sure that locale-sensitivity is a good thing for all file systems (or for all programming languages), but equally I don't think those problems are solved by making the file system or programming language font-sensitive.

2
0

Microsoft has created its own FreeBSD image. Repeat. Microsoft has created its own FreeBSD image

david 12
Bronze badge

this is not your father's Microsoft.

Dam right. My father's Microsoft was Xenix.

1
1

Boffins say they've got Lithium batteries the wrong way around

david 12
Bronze badge

Re: RE: nitroglycerine.

Cooked Lithium Batteries are self-oxidising.. To my knowledge, "Metalic Lithium" is not "self-oxidising".

0
0

P-TECH education program trial expanded (but not evaluated)

david 12
Bronze badge

Technical Schools and TAFE were created by slavish imitation of the English system. They were killed off in slavish imitation of the English system. Since the English don't have any particularly new ideas to imitate, it's not surprising that imitation of the Americans has crept in.

No worries though. Just as the Freeway system was imported by a government that looked toward America, then renamed as a Motorway system by a government that looked towards GB, I'm sure that this too will be relabeled when the present opposition comes to power.

1
0

One espresso is not theft, Oz judge rules, it's part of civilization

david 12
Bronze badge

I've worked as a cleaner, and I'm not surprised he was sacked. There is no clear black line between coffee and stealing stock -- just a series of grey borders, and you have to make the effort all the time to stay out of the grey, lest you slip into the red.

0
1

Transfer techies at SWIFT tell Bangladesh Bank: Don't shift blame for $81m cyberheist

david 12
Bronze badge

2 factor authentication

Swift is already 2 factor authentication: You need to know the password, and you need to have (access to) the Swift terminal. That's what 2FA is, and that's what Swift is, and that's why the Swift terminal is locked in the Swift terminal room.

Not that 3FA is not a new idea, or a bad idea -- remember that nuclear launch requires 2 people, and 2 keys, and 2 codes -- but there are diminishing returns from more factors, and if the bank can't protect their passwords and systems and swift terminal, you have to wonder if adding a mobile phone or a key fob would have helped.

0
0

Bug hype haters gonna hate hate hate: Badlock flaw more like Sadlock

david 12
Bronze badge

Re: MS Windows ?

Thanks. The Windows vulnerability was still unpublished/reserved when I posted.

0
0
david 12
Bronze badge

MS Windows ?

The listed problems are all in Samba, not in "Samba and Windows". They all appear to be Samba-specific errors. None of them look like the kind of problems that would be shared with another implementation.

But the publicity says "Windows", and MS has also listed a patch. What is the nature of the Windows patch and the Windows problem?

1
1

Google yanks Chrome support for Windows XP, at long last

david 12
Bronze badge

Re: "In many ways, the existence of Chrome with support for Windows XP"

IE6? No, a lot of the web blocks IE6. I had to roll back to IE5.5 to get a working web browser.

0
0

Windows 10 with Ubuntu now in public preview

david 12
Bronze badge

Re: Hmmmm???

>"The chances of Microsoft emulating (say) POSIX threads correctly seems pretty remote. It even took Linux itself years to get that right."

Yes, it wasn't until Microsoft SFU version 3.5, in 2004, that Windows got POSIX threads.

1
0
david 12
Bronze badge

Re: So problems with pocesses and filesystems

"Top" is in the previous versions of SFU (2.4, 3.0, 3.5) , so either the problem is specific to Linux, or to Win10, or they just haven't got around to it yet.

1
0

Australia's broadband policy is a flimsy, cynical House of Cards

david 12
Bronze badge

Re: This article is a joke right??

Article started by equating Dynamic Range "blacks so dark the panel looked like it actively sucked in ligh" with Resolution, "4K stream", and went downhill from there. How could it be anything but a joke?

0
2

Legion of demons found in ancient auto medical supply dispensing cabinets

david 12
Bronze badge

XP embedded?

SP3 went out of support in January. XP embedded 2009 goes out of support in 2019

There are also "point of sale" versions with other dates

7
0

The bill for Home Depot after its sales registers were hacked: $19.5m

david 12
Bronze badge

Re: Software nasty installs itself on cash registers?

Yep, looks like they didn't update their point of sale software for more than 7 years.

0
0

Steve Jobs, MS Office, Israel, and a basic feature Microsoft took 13 years to install

david 12
Bronze badge

Re: Mac OS X didn’t support Right to Left (RTL) languages?

MS Office for Mac was written using the Mac Carbon API, which wasn't RTL. The osx Cocoa API, which came out immediately before "13 years ago", did support RTL and other scripts. It's taken MS 13 years to do a complete re-write of MS Office for Mac.

0
0

AT&T: Three-quarters of our network is going virtual, and we're open-sourcing the tools

david 12
Bronze badge

Too early, too late.

Kevin Mitnik, Herbert Zinn, Leonard Rose, "Legion of Doom", come back, all is forgiven.

0
0

'Just give me any old date and I'll make it work' ... said the VB script to the coder

david 12
Bronze badge

Re: People Love to hate VBA

I love to love VBA. But this feature of VB/VBA/VBS, which MVP Michael (michka) Kaplan memorably dubbed "evil date guessing", is a bug that did nobody any favours.

However, the memory of the original poster is incorrect, because although VB/VBA/VBS had this flaw, it wasn't in the thing called cdate( )

1
0

Woz: World-changers to Apple Watches, why pay for an overpriced band?

david 12
Bronze badge

watch bands

I've got a review of the original IBM pc that says it's ~average~, but ~redefines~ the PC keyboard. I'm reminded of that because I've read reviews of the original Apple Watch wrist bands, which say that if Apple isn't actually -redefining~ the wrist band market, it's certainly defining it: that the Apple wrist bands were market leaders, and better than what you would pay $1000 for elsewhere.

I'm not a wrist-band guy myself, but Woz isn't either, and doesn't pretend to be. Perhaps being in the jewelry market isn't a bad thing for todays Apple.

0
0

Michigan shooter says 'mind controlling' Uber app told him to kill

david 12
Bronze badge

Re: That's pretty sad

In South Australia, they really did just close all the asylums and put all the people out on the street, leading directly to one murder. There was a bit of a political scandal. In all other Aus states, they were a little more careful about it, and all now have programs for locking up people for a day or two when there is an obvious murder risk.

As in the USA, a very high proportion of prison inmates are crazy, damaged or insane, if not outright psychotic. But the advantage of closing all the asylums was that they were state funded. Crazy people on the street are on unemployment or sickness benefits, and attract no state-level costs.

There were and are many good arguments for closing asylums and institutions of all sorts, but the driving force behind it was money. All the arguments in the world wouldn't have mattered if it wasn't for the money, and all the arguments in the world don't matter because of the money.

0
0

Get lost, Windows 10 and Phone fans: No maps HERE on Microsoft's OS

david 12
Bronze badge

Dollers to Donuts, it's a UAC-aware re-write that is required.

Modern apps are required to use UAC elevation requests to access resources. It's a major rewrite.

Legacy systems (Win V/7/8) allowed legacy non-UAC-aware applications. Win 10 is tighter. Win10 phone is/will be tighter. I don't know what will be tightened in the new Win10phone release, but it's a no-brainer that UAC elevatoin will be tighter.

0
0

Every Australian address - yes yours, and even yours – just became open data

david 12
Bronze badge

No Aus Post DPID?

I guess Aus Post still charges if you want to find out the correct Delivery Point Identifier to barcode your mail.

"If you're using PreSort Letters, Charity Mail or Acquisition Mail, you'll need to barcode your items. For this, you need AMAS-approved software - or you'll need to find a mail house to help you. "

0
0

Microsoft hoses down Windows Server hardware support change fears

david 12
Bronze badge

Zero inpact on most home users. Zero impact on most servers

Since most of them are on OEM or hardware-linked licences, you can't install new or copy old once they stop selling anyway.

It's been awhile since I was corporate, but it used to be most workstations had floating licences. That's not true of servers now.

0
0

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

david 12
Bronze badge

Re: I have a retina iMac

>outrageous money for cheap commodity hardware with an expensive badge stuck on

Still living in the 00's ? In 2016 Apple OSX laptops are not cheap commodity hardware: they are top-line hardware at a reasonably competitive price. I wouldn't put Win8 on one, but that's because Apple provides crap Windows drivers for the hardware. Running OSX, you'r paying top price for a top quality laptop.

2
0

Linux Mint hacked: Malware-infected ISOs linked from official site

david 12
Bronze badge

Re: Can happen to anyone...

>"not the same as"

Yes, doubtless the server that was hacked was one of those ridiculous malware-prone MS IIS servers that no sane educated person would use. Run by amateurs, lusers, victims of MS's relentless dishonesty.

In no way the same as.

2
1

Alibaba security fail: Brute-force bonanza yields 21m logins

david 12
Bronze badge

Re: 2 factor?

>They now do 2 factor

Or, as Alex Papadimoulis of The Daily WTF memorably called it in 2007, "Wish-it -was 2-factor security"

Real 2F security is "something that the user knows, something that the user possesses or something that is inseparable from the user"

0
0

Why the Sun is setting on the Boeing 747

david 12
Bronze badge

>the aircraft that made Boeing into the global leader it is today

I thought it was the DC10 that made Boeing into the global leader ....

Yes, the whispering T-Jet was quieter in economy, but the 747 was still much quieter in economy than a modern Airbus. And, originally, nothing like as crowded as economy on a modern flight. I remember a quite civilized flight on Air France in the early 70's.

0
0

ABC storage project adrift in 'brown ocean'

david 12
Bronze badge

wtf is 'brown ocean' ?

When I read the title, I thought they maybe meant the project was adrift in a sea of shit ??? But when I read the article, the've aparently used the phrase seriously to mean somthing like "a brown field site" -- a usage I've never seen or heard before. Can someone point me to a definition and other usage?

0
0

Volkswagen Australia says 77,000 local diesels need software fix

david 12
Bronze badge

Null Change = No Effect

My understanding is that all these vehicles meet existing Australian emissions regulations. VW has promised Australian owners that the change will not affect fuel economy or power.

It seems likely to me that in Australia the "fix" may be just to change the engine softare so that it does not dishonestly modify emissions when tested.

Owners would be eligible for compensation only to the extent that their buying decision depended on the quoted emission levels -- ie probably not at all.

1
0

Telstra costed fibre to the premises before it was Telstra

david 12
Bronze badge

ADSL happened

We were looking at the same time frame. ISDN was expensive. Frame Relay was expensive. Dial-up was slow. Fibre to the Office was the obvious choice, but for us had 2-3 year pay off period compared to ISDN, because the installation cost was so high.

Then - BANG - ADSL happened. ISDN became obsolete. Prices plunged, and Fibre, instead of becoming something that will happen in 1997, because something that did not happen in 1997.

2
0

Volkswagen used software to CHEAT on AIR POLLUTION tests, alleges US gov

david 12
Bronze badge

Re: have a software update that corrects this

Aus. is watching this with various degrees of outrage and indifference. My understanding is that the cheating engines still meet Australian standards, and I'm guessing that the Aus. 'fix' which has been promised to owners here, will be just altering the software so that it doesn't report dishonest values during testing.

Due to Aus population and weather patterns, this is less of an immediate helath issue here than it would be in Bejing/London/LA

0
0

ANN-IE-LATION: Microsoft to axe support for older Internet Explorer next week

david 12
Bronze badge

MS, like many other companies, already doesn't support IE8, in the sense that great swathes of the Microsoft.com website are unavailable to IE8.

0
0

Reverser laments crypto game protection, says wares dead after 2018

david 12
Bronze badge

Re: A month.

>the USB emulation facility - which generally works fine, or alternatively use hardware passthrough

YMMV. My hardware doesn't support passthrough, and the USB emulation facility doesn't work fine. (Works then requires a virtual machine reset).

0
0

Dick limps towards inglorious end: Gadget retailer on the brink

david 12
Bronze badge

Re: JB HiFi killed them?

They never made the transition from hobbiest to high-street store, partly because they never threw off the legacy locations and commercial leases.

As a hobbyiest store, people would, as described above, go out of their way to shop at DS. Once they moved to selling commodity electronics, their shop locations were mostly non-commercial. The new private owners had a shot at fixing that (many years to late), but picking up good retail locations is a tough and long-term proposition.

2
0

Happy 2016, and here's the year's first ransomware story

david 12
Bronze badge

[apparently, someone thought this was a good idea – El Reg].

I'd like more information about that. What exaclty is NW.js? What exactily is JS sandboxing? Am I right that server-side implementations of JS allow "interaction with the underlying operating system,", and that this malware includes/installs a server-side implementation of JS?

5
0

Software bug sets free thousands of US prisoners too early

david 12
Bronze badge

Re: surely its normal to check these things

" but surely in a prison in particular"

Prisons operate with almost no feedback. The only people watching what happens are the prisoners, and nobody cares about their opinion.

This mostly includes the release date. Prisoners get "time off for good behaviour" which is under the control of the prison admin, and can be revoked. And they get "parole", which is under the control of the parole board, and can be revoked, but in general they don't have a right to immediate release even if they are eligible for "parole", and it's all subject to administrative processes, and even the guards don't know who is going to be released, let alone the prisoners.

0
0

Microsoft mandates browser-extension defence to malvertising

david 12
Bronze badge

Re: Didn't understand a word of that

"Personally I've never found the uninstall button for IE Add-Ons. Could someone be so kind as to point me in the right direction please?"

Tools | Manage add-ons

0
0

Oracle ordered to admit on its website that it lost the plot on Java security

david 12
Bronze badge

Re: Java, Road to hell paved with good intentions.

"It was a good idea, badly done, a sort of C syntax Visual Basic for every platform. "

All the readability of C, with the shear speed of interpreted BASIC.

1
0

MPs question value of canning Raytheon from e-borders

david 12
Bronze badge

Re: Procurement question

Does a customer go into a contract thinking "I'll just leave it all up to the contractor to decide what I want"?

A rhetorical but serious question.

1
0

Digital Transformation Office hits deadline for Gov.au prototype

david 12
Bronze badge

aaaaaaggghhhh

"and then we present relevant content and information"

That is, they deliberately hide information until they have forced users to "tell us a little about their circumstances "

0
0

Oxford Uni opens infosec ivory tower in Melbourne

david 12
Bronze badge

Oh, it /is/ an operations centre then? Last time, it was a "security" centre, with hundreds of "security" jobs.

0
0

Windows' authentication 'flaw' exposed in detail

david 12
Bronze badge

Re: Never say never

The reason Windows has support for NTLM (v1) authentication is for backwords compatiblity with systems which have no support for anything more modern. For years, this was primarily SAMBA installation: (Win98 had an update available) SAMBA itself was, naturally, late to support Kerebos and NTLMV2, distributors were later, and users were even later.

When MS turned off default support for NTLM authentication, there was /outrage/ from the community of SAMBA users (I don't speak for the developers).. M$ had /deliberately/ broken compatibility with Open Source community!!! Windows was /incompatible/ with Open Source software!!!

The fact that SAMBA still has support for NTLM authentication suggests that they still have users with clients other than Win95/98/SE/2K/2K3/XP/Vista/7/8/10 that are unable to authenticate using other protocols.

And for Windows, the reason is the same: NTLM (v1) authentication is still supported for use with old versions of non-Windows clients.

None of this, of course, has anything to do with the memory-capture flaw described here, which relates to the use of a stored hash, not NTLM authentication, and not even particularly the hash method: since the stored hash is captured from memory, it could have been hashed by any modern hash/encryption method, and the flaw would still exist.

1
0
david 12
Bronze badge

Re: Well, Ain't that dandy!

"setting the localtime into the hardware clock during DST changes"

I can only guess, given that this is the comment section of "The Register", that you think that comment somehow applies to something like Windows or OSX or some Linux distribution.

But it doesn't. Not to Windows, not to OSX, not to any common Linux distribution.

0
0

Page:

Forums