15 posts • joined Tuesday 1st September 2009 15:06 GMT
Java isn't secure, but then nothing ever is.
Let's be honest now, the only vulnerable system with java installed is one that has the public JRE runtime (which I think will install the browser plugin) installed.
I have java installed (after all i am a java developer); and with *just the JDK* installed, and no browser plugins, there isn't an attack vector other than programs that I explicitly download and run (there will be no getting around my stupidity).
So the question isn't that java is "insecure"; it is, but then so's every complex computer program that's even been written; the problem is the *shit* that Oracle chooses to bundle with it and how Oracle chooses to deal with that...
Hmm, it's not really that apparent you know, cultural and social norms will have an impact on how the language is used.
If you want to take a transaction in a coffee shop as an example, all the Americans that I know and socialise with would say something like "Coffee thanks", whereas the Brits would say "Coffee please"; in cantonese I would say: "Coffee, thank you".
So, it may seem to a Brit, the yank isn't being polite, but he is, he just doesn't use the word please; nor do the cantonese (I've personally never used "please" when I speak cantonese, I'm not even sure there is a word that fits that concept).
From the point of view of transactional efficiency, it's actually far more efficient for you to say thank-you beforehand, rather than to say please, and then waste time saying thank-you afterwards...
Street fighter ordinary?
I remember the original street fighter at the arcade just on the edge of Chinatown (London). There were two pressure sensitive pads for punch and kick respectively... Depending on how hard you hit the pad affected which move was triggered. Fun times.
I suspect that after (not too long, I remember it being there for about 3 months) a while it got damaged enough that they made the 6 button version because it was cheaper to maintain.
Still, Ken for the win. It was downloadable on the xbox360 a while ago it does bring back the memories.
Why the fatwa
The I'm a member of the worlds smallest minority group. It's been a while since I read it but IIRC the section that resulted in the fatwa was a dream sequence-esque thing whereby the prophet Mohammed was imagined to be human and to have human foibles.
That was pretty much it. It was about 1/2 way through.
Facebook doesn't allow you to compartmentalise your social relationships so I have to have more than 1 account. One for me and another for my evil twin skippy.
Yeah, I get an email through the webs (from Scottish Power) saying it's time for me to give my electricity meter readings...
So as per my built-in priority system; this was shunted off to long term storage and ignored.
Then about a month later, I get a phone call on my home phone (I was in a the time) by an auto-dialler asking for a meter reading. Funny thing was, the automated system just put me through to customer services which then couldn't work out that I'd been forwarded their by their own auto-dialler.
I've been in the (un)lucky position of hiring a few developers in my time; I was a drop-out (still am as I suppose I never graduated) so I don't bitch and moan at HR to only give me degree holding candidates.
This is a Java shop, and Java certified programmers are 10 a penny so I have a programming test that they can download and take away, based on that I ask back for 2nd interviews. It's wholly unstructured; it will take about 1/2 a day. It's not even that hard; I could google or bing all the "programmatic answers" in about an hour.
What they send back can tell you a lot of things the applicant; you just have to find your system that lets you make the best decision.
Degrees vs No-Degree isn't just about whether or not having that piece of paper improves your job prospects (it might do, but *only at the start of your career* IMO). Even though I dropped out, attending university gave me the "best years of my life"; I've made good friends and contacts, but I probably shouldn't have gone when I did at 18.
Blame is only partly ms
Stupid is as stupid does. The problem here is probably one of user education. There are always going to vulnerabilities insoftware. Blaming ms makes us feel better doesn't it but it isn't helpful; Perhaps these researchers need windows to do their job? Some archaic nuclear fission modelling software that still only runs with a particular version of visual c++.
The vuln was made public in pwn2own. The booby trap was injected into the system on April 7 a week before patch tuesday. Pretty hard-core don't you think?
MD5 has a flaw in the design. It's broken you shouldn't be using it.
So, if you're going to bang on about security, do your research. Any site that proclaims its use of MD5 as the hashing algorithm may as well have used crypt().
We aren't having the final round of SHA-3 just for fun you know.
DRM / ePub
Of course, ePub is used quite widely by those libraries that support ebooks, which has DRM to delete the file after the lending period is up. This isn't mentioned in the review as a downside of the Kindle, as you can't borrow from your local library.
but of course DRM being DRM it is already..., let's just say I suggest you goto the i (heart) cabbages blog.
Calibre is a good shout for the ePub conversion; it does make a number of assumptions I don't like, but it's not a deal-breaker.
I have the Wifi version delivered last Friday. I have issues with PDF rendering, but then the PDFs that I'm reading aren't rendered by any e-reader particularly well; the only device I've seen it render well on is the iPad and I'm not about to stump up that kind of money.
£25 for a stand for a phone?
Indeed. Cable conduit? surely you can build one out of a business card. Works perfectly acceptably with an iphone w/o any case.
(yeah, and I always have a business card + a knife of some description).
Well, linux based shops would be affected if the malware is customised for your company; it's pretty irrelevant what the platform is.
They've spent the time to target your company, you're connected to the internet; you're vulnerable.
It doesn't matter if you run as a privileged user or not; the problem, as they say, exists between chair and keyboard.
4 digit PIN is just rubbish
How many of us use a 4 digit PIN?
Now, how many of us can't change our PIN to anything longer than 4 digits because the bank's ATMs/back-end systems/whatnot don't allow it
This attack is amusing, and yet appears non-trivial to implement. What is trivial to implement (as AC posted previously) is to shoulder surf and to lighten the victims wallet.
So, how about giving us the option of a PIN of any arbitary length; those of you who can't remember more than 4 digits can carry on using a 4 digit PIN, those of us that can use planck's constant.
Until Sweden passed the Predator? law, relakks, though not especially reliable, was good for these sorts of things.
Now, who knows of a country whereby your IP address is not disclosed unless there's a prison sentence at the end of it; and there are ISP's offering you VPN tunnels to the internet...
If you are concerned about this sort of thing you should already be using them. The going rate is about 50 euros a year. It's like buying contents insursance isn't it.
Know what you want to use it for; then make your decision!
I bought one of these when they were first released from dixons online (of all places, it was the only place I could find it). I think it's worth the extra coin. I use it for taking to customer sites, and being productive w/o having to lug the backbreaker around.
The trackpad (for me) is much better than the NC10 (which may no longer be the case, given the re-issues of the NC10).
The battery life can't be faulted; full day of work*; it went from about 80% charge to 30%.
Performance is good enough (comparatively) for a spot of fly-by-night seat-of-your-pants hotfixes; java compilation was only 2-3x the time on the laptop.
Personally, I've never liked glossy screens, but they do seem to be all the rage, I haven't been bothered by the gloss or not; my matte laptop isn't necessarily better in bright light, it's just different.
*work in this instance was note taking during meetings; demo's using the external VGA, putty ssh/sftp, cygwin (ant +javac).
- Apple's spamtastic iBeacon retail alerts launch with Frisco FAIL
- Submerged Navy submarine successfully launches drone from missile tubes
- Cache in the Attic El Reg's contraptions confessional no.2: Tablet PC, CRT screen and more
- Pix Astroboffins spot HOT, YOUNG GIANT where she doesn't belong
- Developer unleashes bowel-shaking KILLER APP for Google Glass