Feeds

* Posts by david 12

541 posts • joined 6 Jul 2009

Page:

Oz bank in comedy Heartbleed blog FAIL

david 12
Bronze badge

>NetBank does not (and did not) use OpenSS

But I think that CommBiz (which is different to Netbank) goes to https://www.my.commbiz.commbank.com.au/.

And Qualys was reporting that the Commonwealth bank had a susceptibility -- now fixed.

0
0
david 12
Bronze badge

Re: Commonwealth bank down today!

Still stonewalling on what the problem was. Which makes it likely that whatever it was, it was an act of stupidity that caused the outage.

0
0
david 12
Bronze badge

Commonwealth bank down today!

Massive failure of their EFTPOS system today. Maybe unrelated. An outside chance that they stuffed up changing their key certificates (as some other people have already stuffed up)-- I'm watching with interest.

0
0
david 12
Bronze badge

Assuming you believe him

>NetBank does not (and did not) use OpenSSL

No indication that he has anything more than a vague idea what is going on, as indicated by his repeated use of the word 'patched', in conjunction with his claim 'never used'.

Since he doesn't seem to know what he is talking about, that could possibly include "we never used the vulnerable versions of OpenSSL"

I'm not a member of LinkedIn. Does it show what his first degree was?

0
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

david 12
Bronze badge

Re: The problem is testing, not coding

>Commercial vendors can afford high quality software testing tools. Open source developers usually don't have these resources,

Coverity "testing solutions are built on award-winning static analysis technology" was doing free testing for security-related O/S projects. I would have thought OpenSSL qualifies.

0
0
david 12
Bronze badge

Re: WTF generic security software FAIL

C' mmon Vic...

I asked a question. I got a reply "Windows security is better". You replied to the reply with: "Same to you, with knobs on it"

So, I've followed the thread down, do you have anything to contribute?

0
0
david 12
Bronze badge

Re: WTF generic security software FAIL

Downvote, because you made that assertion without even attempting to demonstrate that you had any kind of knowledge about the question I asked. I don't like to downvote you, but I'd like to encourage you to do better. If you know anything about Linux security, what can you tell us?

0
0
david 12
Bronze badge

WTF generic security software FAIL

>silently siphon passwords, crypto-keys, and other sensitive information from vulnerable systems.

>We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we can’t be certain."

I'm not familiar with the OS or the applications, but isn't there a secure memory API like (on the Windows side) "SecureString" or "SecurePassword", "CryptProtectMemory", or "SecureZeroMemory"?

So that you don't leave passwords, crypto-keys and other sensitive information in memory for generic memory-recovery attacks to harvest?

2
0

VMware 5.5: Plenty that's new and exciting... but what about the obvious stuff?

david 12
Bronze badge

A single ESXi host is really only any good...you need vCenter

I agree. But I seem to be surrounded by people that think having a free VMware hypervisor, or two free VMware hypervisors, is somehow a good thing.

Are we missing something?

0
0

Turnbull gave NBN Co NO RULES to plan blackspot upgrades

david 12
Bronze badge

Everyone knows...

>Everyone with even an ounce of technical knowledge or telco/ISP experience knows that full fibre replacement was the only way to build a network for the next 50 years

I have both, and I know that FTTN was sold to the Aus electorate as Business, Health, and Education. Which was BS from the very start. It was always going to be the replacement for FTA analog TV. And the pricing was BS as well.

A system that couldn't honestly be justified on Price or Content, and you're angry, dammed angry? You should be angry about being made a fool of in the first place.

1
4

Heartbleed exploit, inoculation, both released

david 12
Bronze badge

Heartblead exposes a generic problem

Recovery of data from memory has been demonstrated many times by increasingly sophisticated malware. So the real question isn't "why wasn't this exploit detected by static analysis from Coverity?", but why on earth is Open Source/Linux/BSD software leaving vulnerable information in memory in the first place?

0
9

Microsoft builds teleporter weapon to send VMware into Azure

david 12
Bronze badge

A link would be nice.

http://www.microsoft.com/en-us/download/details.aspx?id=42497

There, was that so difficult?

A link to a MS press release would be nice too, but evidentally MS likes to keep their press releases confidental to their trusted outlets.

0
0

Why won't you DIE? IBM's S/360 and its legacy at 50

david 12
Bronze badge

Re: Too early for a Godwin?

IBM sold to the Nazis DURING WWII. They weren't 'on the American side', they were on both sides of that war. They didn't just let the German division work for the Germans: they oversited the German division, and sold required supplies to it.

How did they get away with it? Well, apart from the corruption of the American politcal process, after the war the American government hired German scientists and engineers and traitors like IBM, to help fight the emerging cold war.

1
2

Avere SPEC benchmark shows cloud's just as fast as on-premise

david 12
Bronze badge

compare apples to apples

The article compares the speed of their cloud service to a WAN.

Yes, WAN performance sucks compared to LAN performance.

And yes, if someone puts a backhoe through your internet connection, your WAN is down.

0
0

As WinXP death looms, Microsoft releases its operating system SOURCE CODE for free

david 12
Bronze badge

Re: Inspired by cp/m

>There may be many BASICs but there are only vague similarities between most of them.

Wrong.

>The "most portable programming language" for CP/M (and later MS-DOS) was COBOL,

Wrong

>Tim Paterson worked

Time Paterson wes making machines running MS BASIC. And by the time BSD started (with Pascal), BASIC was already well entrenched in business.

You shouldn't make such simple mistakes. It will confuse readers who weren't actually there at the time.

0
0
david 12
Bronze badge

Re: Only half?

> A quick look doesn't show IBMIO.sys OR EQUIVILANT

-- yous3 the hole sentance.

>IBMBIO.COM is only found in PC-DOS for the 1.x and 2.x versions. Other OEMs would have their own specific IO system.

Other OEM's would have used their own specific IO system to make DOS compatible machines, running 2.11, which was the DOS compatible version. OEM's making clones would have included IO.SYS and MSDOS.SYS

0
0
david 12
Bronze badge

Re: Trend?

>MS-DOS 2.x did, but just one, of up to 10MB

MS-DOS 2 supported installable block drivers. IBM insisted on it: it was one of the major differences between DOS 2.1 and DOS 1.1 A single line of text in your config.sys loaded the block driver. Not only that, the interface was fully documented in the manual that came with every copy of DOS 2.1. Not only that, the line editor and compiler came with every copy of DOS 2.1

The reason you didn't have disk bigger than 10MB is because you couldn't afford one. Every manufacturer who made hard disks also had a hard disk for the IBM PC. My Dad had a 40MB HD at home, and my work had a couple of 40MB HD as well.

You had to boot of the first 10MB partition, or, in older systems, off a floppy disk. The time of hidden, hacked and partly incompatible device drivers that left you unbootable if they were damaged came later.

0
0
david 12
Bronze badge

Re: Xtree.....

Please do your homework on what Windows 1 was ... it was a GUI for DOS and not a file manager. I got a copy because it came as the run-time environment for a desk-top publishing program. Where did you get your copy?

0
0
david 12
Bronze badge

Inspired by cp/m

>why did the QDOS/86-DOS/MS-DOS call to print a string terminate with a '$' character

The $ is pronounced "string", and was a familiar idiom from what was, at the time, the most portable programming language available. Tim had previously worked in this area: the only software available for the hardware he built was a stand-alone (customized) version of that programming language.

0
0
david 12
Bronze badge

Only half?

A quick look doesn't show IBMIO.sys or any equivilant. Looks like this is the command processor and the eternal commands, not the whole Operating System?

0
0
david 12
Bronze badge

Re: What was 2.0 really known for?

It was known for being followed by 2.1 and 2.11

20 years later, and they are still afraid / too cheap / too foolish to release the code for any version that was actually popular.

I admit I can see that if they released the code for DOS 3.0 or Windows 3.11, people might actually use it for something useful, but do they actually think that would compete where they are selling Win7 and Win8? Would lead to loss of revenue in any possible world?

Thank you for the historical code samples. But the dog-in-the-manger mine-all-mine attitude makes you look cheap and nasty.

10
5

Hey, Michael Lewis: Stop DEMONISING Wall Street’s SUPERHUMAN high-speed trading

david 12
Bronze badge

Re: Read the book before you write an ariticle about it.

>instead now he looks like an idiot

Well, to be fair, he always looks like an idiot. And he's used this as an excuse to drag in his favorite 'black beast' again: "a financial transactions tax to make it unprofitable".

Tim: Spread is not inherently bad, it is bad because it is an indication of some second-order badness. When the second-order effects are good, spread is an indication of goodness.

3
2

How Microsoft can keep Win XP alive – and WHY: A real-world example

david 12
Bronze badge

Re: XP will only be insecure if connected

>Windows 98 laptop ... They don't connect to the web so its not really an issue.

It's not an issue even if you do connect to the web. Modern virus, worm, rootkit etc can't run on Win 98, and the internet is mostly unusable in IE5. Even USB is not a problem: we never did get USB to work properly on our Win98 machines, and if you did, now-standard software rules rule out usb problems anyway.

1
0

Middle England's allotments become metric battlefield

david 12
Bronze badge

Re: Metric is easy to do calculations in.

If it's so easy to do calculations, why is the length of a car specified in mm for manufacturing? Because ordinary workers can't do conversions from mm to cm to m to km.

Stupid metric/imperial measurement failures that you read about are the result of errors in conversion between metric and imperial measures, which points to the only actual real advantage of a single common measurement system: it makes trade and manufacturing easier, cheaper, and less error prone. For this reason, both France and the UK had to give up thousands of traditional measure, to create imperial measurement systems.

Then the French and the English had to further agree to consolidate to only ONE common measurement system. As you no doubt know, the English agreed to use the French mesurement system and the French agreed to use the English navigation system.

Removal of conversions BETWEEN multiple national, local, and trade measurments has been a benefit. Don't confuse that with thinking that "decimal point" conversions WITHIN the metric system are easy. On an absolute scale, conversions within the metric system are approximately just as difficult and error prone as converson between systems.

0
0

Microsoft DirectX 12 pushes gaming code closer to GPU bare metal

david 12
Bronze badge

Re: Bet

If I remember correctly, DirectX was already close to the bare metal on XP. That's why it was called 'direct'. This would be the Win8 hack to make the API competitive on Win8, where DirectX would otherwise be an extra layer on top of MF.

1
0

Battery vendors push ultracapacitor wrappers to give Li-ions more bite

david 12
Bronze badge

It makes sense to me

Yes, mounting large capacitors is always difficult. Mounting a large capacitor using the mechanical battery mounts is a great idea, if that's what you want the capacitance for.

But I don't think they are trying to sell the idea to Apple. This is for people who need to trade off the cost of an expesive design against the cost of an expensive battery.

0
0

Fibre fanaticism overrode proper NBN planning says report

david 12
Bronze badge

>lessening its focus on addressing black spots.

I think it's also fair to point out that fibre-fanaticism also lessened focus on addressing black spots.

The entire black-spot rectification program was put on indefinite hold to await the implementation of FTTP. Which then, because of the lack of proper basis for the political promises, has never come near to reaching the politically-promised timetable of black-spot rectification.

0
0
david 12
Bronze badge

virtual classrooms

>Those faster communications, for example, could enable

>virtual classrooms which mean we could telepresence

>highly qualified teachers into multiple classrooms.

Exactly the same argument was made for Telephones, Cinema, Radio, and TV.

Obviously, clients and suppliers ASKED for the telepresence of highly qualified teachers in multiple classrooms with each new technology, and in a few specialised cases it was actually usefull. But overall, it's an idea that has been tried and rejected many times.

Fibre is set to combine the benefits of both Telephone and Television, but that means entertainment, and (mostly) entertainment.

On the other hand, I wouldn't be surprised if it puts some pressure on existing entertainment channels --- oh wait, that's what I told you 10 years ago, and .... told you so.

1
0

Top UK e-commerce sites fail to protect 'password' password-havers from selves

david 12
Bronze badge

Password displayed in plain text?

It's not clear how that was scored... It used to be thought that it was important to hide the pasword. 5 or 10 years ago, it was suggested (and I agreed) that the user should be able to see the password entered, unless "hide" was deliberately selected.

On the other hand, it's clear that some banks demand a short alpha-numeric password just so that they can email your password back to you, using a 7-bit compatible mail message, to make sure you know it (which they wouldn't have to do if they displayed the text at entry). I

0
0

Mt Gox fielded MASSIVE DDOS attack before collapse

david 12
Bronze badge

links

http://www.theregister.co.uk/2013/08/21/cyberheist_ddos_smokescreen/

"Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems"

http://www.theregister.co.uk/2013/10/17/bitcoin_exchange_ddos_flood/

"mystery DDoSers tried to take down Bitcoin exchange with 100Gbps crapflood"

http://www.theregister.co.uk/2013/11/29/uk_banks_cyber_threat_warning/

"Concerns that high-volume DDoS attacks of the type that interrupted the operations of US banks last year might easily be deployed against Britain banks to similar effect have fortunately proved groundless"

0
0
david 12
Bronze badge

Re: Rumors that Mt Gox was doing a bit of fractional reserve banking on the side...

>Or just the safe being emptier than it should be in the first place:

>loaning out the money one should keep in the vault so that dosh

>can be made for oneself

That's called "fractional reserver banking". That's what the words mean.

0
0

Big Content wants Aussies blocked from Netflix

david 12
Bronze badge

"escalation of copyright infringement to a criminal offence"

Last time I was interested, which was ~20 years ago, copyright infringement was already a criminal offense in AUS. (Not the case 40 years ago). The quid-pro-quo in that legislation was that it also became a criminal offense to falsely accuse someone of copyright infringment.

As one who was once falsely accused of copyright infringment, I must admit it would gladden my heart to see the police get stuck into a copyright troll.

0
0

NBN Co tells iiNet: Use Broadcom chips in VDSL routers

david 12
Bronze badge

Re: THIS again?

A lot of other people have worked on it since then. And they are selling a lot of boxes now.

0
0

How NOT to evaluate hard disk reliability: Backblaze vs world+dog

david 12
Bronze badge

"What Hard Drive Should I Buy?"

Dan Olds, Gabriel Consulting, didn't like the headline, so he's told us how clever he really is: he can actually read the posting as well as reading the headline.

Well, I read the posting too, and all the clever points Dan Olds makes are pretty obvious to anyone with reasonable reading comprehension skills. Which makes Dan Olds look not very clever at all.

Not anonymous, because I figure he put his name to it, so I can't do any less.

0
0

Climate change will 'CAUSE huge increase in MURDER, ROBBERY and RAPE'

david 12
Bronze badge

London riots

When were the 2011 riots? Between 6 and 11 August 2011. Following the hot spell with a max of 30 on August 3rd.

1
3

Australia's digital technologies curriculum published after two-month delay

david 12
Bronze badge

WTF ???

Link to August 2013 document actually links to an August 2012 document. The "new curriculum document" links to a February 2013 document.

Either an old article has been mistakenly taken off the spike, or the old references have been mistakenly copied from an old source.

0
0

Auditor rains on Bureau of Met's data warehousing parade

david 12
Bronze badge

based on both open source and off-the-shelf commercial components

So, exactly the same as the original then? A slight upgrade of the original?

No meaningful imformation provided. Not even a reference to the press release.

0
0

4K-ing hell! Will your shiny new Ultra HD TV actually display HD telly?

david 12
Bronze badge

Re: >sit too far from their screens to benefit from HD

Sometimes I would like to be able to read the credits on the screen. Particularly the music credits. I don't know if the problem is the frame rate, or the resolution, but I look forward to the day when I can read text on screen, as we used to when watching film movies on analog TV.

0
0

Furtive ebook readers push Hitler's Mein Kampf up the charts

david 12
Bronze badge

Re: The inside story

In English, Mein Kampf is a boring book. Actually, it's a typical example of a kind of German literature, and demonstrates why we read very little German literature: in translation it is very boring.

Just as the Russian Greats are recognisably Russian, even in translation, German literature is recognisably German in translation, even bad German literature. It's booooooring. boring. Booooring.

1
1
david 12
Bronze badge

Re: Even Worse. (Nah-)

... that would be a comment from a painfully self-conscious pseudo-intellectuals who DOESN'T want to be caught reading a copy.

5
0

It's not gold in the frozen hills of Antarctica, my boy, it's DIAMONDS

david 12
Bronze badge

"amounts of diamonds"

huge amount of diamond

huge numbers of diamonds

huge quantity of diamonds

4
0

James Bond's 'shaken not stirred': Down to trembling boozer's hands, claim boffins

david 12
Bronze badge

"and so been far less of a burden on society"

Come round the hospital any Friday night and try to say that without blushing.

0
1

Why America is no longer slurping electricity from Russian nuke warheads

david 12
Bronze badge

10 percent

>Total nuclear power in the USA is 8.4% of electricity generation,

-- in some years, up to 10%

>every one would have had to be running on fuel from this source

For the last 20 years, mine production of uranium has been approximately half the amount used. Half of the total uranium used has been from pre-1990 stockpiles. In other words, old weapons uranium.

1
0

Radio amateurs fret over G.fast interference

david 12
Bronze badge

Re: Talking about leaky house drop cables ...

That's the way it should be! I used to listen to the TV on the radio, until the d'd FM radio stations came in and swamped all the TV audio signal.

0
0

Chinese cops cuff Hong Kong Bitcoin scammers

david 12
Bronze badge

Surname?

Do you mean Family-name? Or are you giving us the personal-name, which is the sur-name in most Chinese names?

Given that list-of-names is one of the most popular database / list / document / program tasks, this kind of question comes up all the time in programming, and I expected a little more clarity here on The Register -- Biting the hand that feeds IT.

Although I understand that the article was tagged Policy / Law.

0
0

Visual Studio 2013: 50 Shades of Grey not a worry for MONSTER dev TOOL

david 12
Bronze badge

Do you by any chance travel to work by horse-drawn barge?

Edit & Continue? C# continues to try to catch up with interpreted BASIC.

1
0

Why Microsoft absolutely DOESN'T need its own Steve Jobs

david 12
Bronze badge

"...a proper app launcher... All the keyboard shortcuts – which everyone..."

x-windows was never a superior interface. Not a bad first shot. Good enough for people who learned that interface first. But not 'better'.

>"textbooks on this... written as far back as the late '60s"

exactly. Textbooks written in the 60s.

At the same time that the world is moving to iOS and Android, MS is overrun with people who studied C++ and *nix at school, and they've imposed their command line & x-windows design criteria on what was previously a successful main-stream business.

0
0

Meet the BlackBerry wizardry that created its 'better Android than Android'

david 12
Bronze badge

Re: This might be a lifeline, but nothing more

>Thus removing any motivation for these developers to try and write native QNX apps

dunno. Blackbetty has native support for QT: Android doesn't. It convinces us.

0
0
david 12
Bronze badge

Re: "If it uses QNX rather than Linux"

>Linux originally ran on 80386 machines, which were considerably less powerful than

>even the most modest ARM phone.

QNX originally ran on 8088 machines, which were considerably less powerful than even the most modest 80386 machines.

0
0

Doctor Who writers Neil Gaiman and Terrance Dicks talk to The Reg

david 12
Bronze badge

the 1996 movie

I'm sorry, but it was better than anything that came after it.

0
1

Page: