* Posts by pitagora

64 posts • joined 2 Oct 2009

Page:

Domain registrar attacked, customer passwords reset

pitagora

Re: Bad security?

They can't encrypt data the system actively uses in an automated way, such as emails, because then they would need to also keep the private keys in handy for the server to use. If the keys get compromised it's like you never encrypted the data at all. It would render everything pointless

2
0

'How I CRASHED my bank, stole PINs with a touch-tone phone'

pitagora

Re: Is it just me...

seriously? I know people like to play devils advocate but this is silly. Why would anybody implement arithmetic (think how hard this is to do) on pins vs the very simple possibility that pins end up in a query such as:

select * from Accounts where PIN = 31337 * 1 *1 *1

For the record, when testing parameters for injection the first approach is indeed to use math operators and see if they get evaluated. There is no legitimate reason why these would be evaluated other then if they end up in a sql statement in raw form. The fact that it's a blind injection doesn't make it any less dangerous because you are very well known methods of obtaining table and field names using this boolean result. There are automated tools designed for this.

0
0

Trojan targets Mac's built-in security defences

pitagora

Wouldn't have happened if they used......wait.....they did. Never mind.

1
0

Check your machines for malware, Linux developers told

pitagora
FAIL

Santa: the problem is a supposedly an uptodate Linux got rooted and nobody knows how? Doesn't this concern you at all? It's a disaster. This could mean every single Linux machine out there could be vulnerable. Until we know for sure that how we should treat the situation. Personally I don't have/run any Linux servers, but some of my contacts do and they are freaked out!

0
0

Pandemonium as Microsoft AV nukes Chrome browser

pitagora
Thumb Down

Chrome = spyware

Every 1-2 weeks I have to delete Chrome from my parents PC, and they swear they don't even know what it is. I'll tell you though: it's a nasty peace of spyware that installs it's self with other products and steals personal information without the users knowledge, and then legalizes this through a very long T&C.

Chrome is spyware, so good riddance. As for my parents PC, I wish MSE has some option like "permanently consider this program a spyware", because in the end this is what Chrome is.

1
1

Windows 8 to ship with built-in malware protection

pitagora
FAIL

I have a feeling that "productively" for you means office apps like wordperfect for DOS :)) You know so people's needs go beyond typing documents. I for instance need synchronization of documents with my coworkers and versioning (Office 2008), access to ERP and reporting software (powered by hopefully a fast database preferably not stored in a file on my DOS system but somewhere where my colleagues can access too - even those working in other locations then me), need some CRM software preferably integrated with our voip phone system. My colleagues at marketing also need a powerful image editing software, email applications (not text only!!!) to be able to send drafts of their work, etc.

As for other people, "productive" applications also tend to include engineering design applications (and please don't tell me AutoCAD R12 for DOS because at today's standards there isn't much you can do with it), architectural design applications, simulators, etc. Most of these tasks couldn't be done with the software or hardware available in that period. Without them we'd all just be living 80s-90s, without all the technological advancements done since. If we are at it, why don't we just give up technology entirely and live caves like we used to, right?

0
0

Linux.com pwned in fresh round of cyber break-ins

pitagora
FAIL

This would have never happend if you were running Linux. Oh wait...they did....

1
2

Much of the human race made up of thieves, says BSA

pitagora
FAIL

how do you know how much is fair?

The problem is: what is a fair price? How does the user know what is fair? I mean yes, the development cost is the same when selling 100 million copies or selling 1 copy, but how do you know how much we sell? Did anybody bother to calculate how much it would cost to develop that software? Did anybody ever think that for each sale made there is a cost in support and in the sale it's self? Sometimes up to 50% goes to the person/company that sold the product, not to the one that made it. Did you know that? Does that go into your fair price too?

I have a software company in Eastern Europe (where price are considered to be small and everybody outsources). A programmer costs about 3000$ a month with salary/taxes/social security. Developing a small application (like dentist office management tool) needs a few months and a team of a few people to develop. For a 6 month of work and 4 programmers we already have 72000$ just in development costs.

Now what is a fair price for the application? What do you think is fair? 200$? Noooo....you'll scream....windows does more and costs less. Unfair! Lets steal it instead. Well it's all about volume. My case there is a small target audience, reached hard. We are not expected to sell millions of copies. In fact in order to break even (and not make any profit at all) we are going to need to sell 360 copies at 200$. But oh wait: the application doesn't sell it's self so put some marketing in it. Selling 360 copies requires finding 360 doctors and convincing them to pay 200$ (if they think it's fair), and don't already use another app. For each sold application you'll have a cost in marketing. Then you realize that with the cost of sale you need to sell about 500 copies to break even.

You sell your 500 copies and you notice that your phones are ringing all the time. There are 500 users that need support. You hire some support people to answer the phone and assign a developer or 2 permanently on dealing with bugs and issues, and offering patches to customers. Just supporting your small application costs about 10000$ a month.

In the end you realize you can't sell more then 500 copies because there aren't enough dentists around you that need it. Most of them already use a competitor product (or if your product is truly good - most of them will use a pirated copy of your product) or some simply use Excel (most likely pirated). Your own pirated copies become your competitor. You can't sell because they already have it for free.

Now the above is just hypothetical. It's just an example. We sell a different kind of application with a different (unfair) price. The hard truth is in our case that we know there are about 3 times more copies in use then we sold (we have some callbacks in the app). We are at the point where we haven't even broken even yet and I think it's unlikely to. We are about to discontinue the application ironically not because it isn't needed or used but because of people steal it instead of buying it.

As for difference between piracy and theft: is there any? If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....

4
6
pitagora
Thumb Down

theft (stealing a cd) = pirating + 50 cents for the cd

If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....

0
7
pitagora
Thumb Down

letters and/or digits

and why don't they? MS Office has a licence fee, while Open Office is free. I'll tell you why: because the latter is full of bugs and issues. Try use it instead of the pirated MS Office for a change.

1
11

Twitter users charged with terrorism for false tweets

pitagora
Thumb Down

guy caused 26 accidents by sheer panic - how is it not terrorism?

I don't know about you but last time I had a family member in a hospital (for something unlikely to be life threatening by the way) I was speeding across town at night 130 km/h (with the obvious 50 km/h limit of course). Until you are in that panic situation you can't even image how it feels to be afraid for a loved one. If I though my family was being held hostage somewhere I probably wouldn't have even looked at the red lights anymore and just hit the paddle. No wonder there were 26 accidents because of this when everybody started to drive like in need4speed.

PS: I have a great prank idea. Lets tell everybody at a clinic they have HIV and lets see if any of them kill themselves over the news. Afterwords we can say: sorry, it was just a prank.

1
1

Mozilla cranks out Firefox 5 with cross-platform 'Do Not Track' feature

pitagora
Thumb Down

F off Mozilla

A lot of plugins aren't working on FF 4 yet. I still regret updating to this day! If we upgrade to FF 5 even more will break. You know, just f off! The only reason FF is great are plugins, and you are taking that away from us. We will switch to chrome if this continues.

0
0

Mozilla to shift 12m surfers off 2-year-old Firefox 3.5

pitagora
Thumb Down

@The BigYin

Actually it's the "platform's" responsibility to keep some level of backwards compatibility. If you think about it what would happen if every time you change your windows version ALL your applications stopped working, like it happens in firefox? Lets be honest here, Microsoft has done a very good job keeping Windows backwards compatible. There are incredibly few applications that don't work (even windows 3.1 apps), and those that truly don't are the coders fault, for using undocumented features, that were subject to change.

I can't say the same about Firefox. I upgraded to FF 4.0 and I'm pissed that some essential plugins for my work no longer function!!! They are essential to me. I have to downgrade, or else.....

I don't see other options then downgrading, other then perhaps looking for a Chrome plugin that would do the same job I need....

1
0

Google sued over – yes – Android location tracking

pitagora

google = evil

no comment

1
3

McAfee recovers from Sesame Street email filter mix-up

pitagora
Thumb Down

permanent vs temporary error

the 533 error sucks big time, because it's a permanent error. It means the mailing software is not supposed to retry sending. Some ppl got removed from mailing lists, etc. Sucks.

0
0

Teens who listen to music a lot are at high risk of depression

pitagora
Thumb Down

new study!!!

I just made a scientific study on me and my gf. Apparently 50% of the people listen to hard rock and metal, watch only scifi movies and play Quake in their free time. The other half of the world listens to Enya and likes to talk a lot about their feelings.

Given that both studies have a similarly badly chosen sample they have pretty much the same scientific value.

2
0
pitagora
WTF?

study is amaturish

The study involved 106 adolescent participants, 46 of whom were diagnosed with major depressive disorder...

WTF? What kind of idiot make a statistic like this? The sample is good, only if almost half of the teens worldwide are depressive. Otherwise the whole study is bent.

Doing a study on a group of depressive teens has a different meaning: the statistical conclusion they should have taken is that depressive teens don't like to read books (perhaps it's even more depresing to do so) and listen to music. Not the other way around! Basic statistics!

0
0

How to slay a cellphone with a single text

pitagora
Thumb Down

base 2 != binary characters

Actually us programmers refer to any character other the letters, numbers and a few other characters you would use to write a message, as binary.

To make it short, for us programmers there are two types "messages": text and binary.

0
0

Reduced growth forces Sophos to shed 80 jobs

pitagora
Jobs Horns

"Sophos remain a very strong company with growth potential,"

year right :))

0
0

Google illegally divulges user searches, suit claims

pitagora

all do and none do

all do. In fact none do. Not even google. Your browser is the one that shares the referrer not google. It can't be changed by google and normally it shouldn't. Those experiments are more like hacks that have nasty side effects. One of them is that the search engine would not work for anybody that has javascript disabled or for browsers that don't support ajax.

1
1

Microsoft gives temporary fix for info leak in ASP.Net

pitagora
Thumb Down

ScriptResource.axd is the key to download any file

IIS will serve it through ScriptResource.axd. All you have to do is encrypt the arguments with the machinekey. ... the same machine key you can steal with this exploit. Ups...there goes your DB connections strings :) And if you have an shared host like most people do, you might have a sql server that is accesible from the internet (hosts do this so they allow you to connect with SQL Server Management Studio). In this case your database just got really public. All your sensitive database, and possibly admin accounts get shared with dog + world. Nice eh?

0
0

Dell warns on spyware infected server motherboards

pitagora
Gates Horns

The title is required, and must contain letters and/or digits.

well actually I am running secure servers on windows, and I've also seen professionals editing videos on linux. So bad example. I guess every OS can be used for everything.

0
0

1,000+ webpages poisoned in latest mass malware hack

pitagora

The title is required, and must contain letters and/or digits.

the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.

Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.

1
1

Quit Facebook Day flops

pitagora
Flame

what pledge?

WTF? What pledge? Was I supposed to say something before I quit? So if I didn't do a pledge first I don't count? bullshit!

2
0

Siphon Wars: Pressurist weighs into Gravitite boffin

pitagora
Thumb Down

Check out Bernoulli's Equation

Guys! Check out Bernoulli's Equation, and look at the terms that it uses to calculate a siphon. Gravity is not a factor! density is, P is pressure, h is height.

And by the way...siphons work in 0 gravity too :) The gravity however does create air pressure which in term drives the siphon, but it can work in the absence of gravity as well as long as the air pressure exists (i.e. artificially created)

0
1

Hackers crack Ubisoft always-online DRM controls

pitagora
Flame

will never buz ubisoft games ever

My last experience with ubi soft so quite bad :( The game didn't work because I have an emulator installed (which for the record I use only with legal ISOs - I have a MSDN Pro Subscription and the only way you download the software from it is as ISO).

Anyway why buy a game if in the end I still need to find a cracked version to be able to play it? I refuse to pay them money just so I end up looking for cracks and warez and exposing my self to viruses because Ubisoft tries to dictate what I can and can't have installed on my PC? If they would say all these restrictions on the box, so I can see them before I buy this piece of crap yes, but I just hate surprises and no refunds! No more buying from Ubisoft for me!

0
0

Jobsian drones shackle gamer with 'lifetime' iPad ban

pitagora

....or smoking :))

lol

0
0

Is iFlorist the greatest website in the universe, ever?

pitagora
FAIL

fake

1 post • joined Tuesday 30th March 2010 06:42 GMT

It's so no nice that you registered just to tell us that. Too bad you haven't posted since. Looks like flowers is all you are interested in :)))

0
0

Microsoft's web privacy push: 'We're the anti-Google'

pitagora
WTF?

WTF???

I didn't know google is reading my mail :( I guess I have to announce all my contacts that I'm changeing my email address. How about yahoo? Is it safe?

0
0

Don't blame Willy the Mailboy for software security flaws

pitagora

The title is required, and must contain letters and/or digits.

it's the other way around: internal variables in functions are not kept, but function names are. All class and member names are kept in the byte code. This byte code can be fully decompiled to a working java program.

As for you suggestion of naming variables A, B and C: that's called obfuscating and it's a very common practice, except it's done directly on the binaries using some expensive software :) Basicly that software will rename all your classes and methods to things like A.A.A and A.A.B and overload methods to the absurd. You would end up with 20 unrelated methods A in class A. Good luck to anybody trying to reverse engineer it.

0
0

'Smart roof' coating made of old takeaway fryer oil

pitagora

what about...

flammability?

0
0

Virgin Mobile fined for pushing mobile spam

pitagora

The title is required, and must contain letters and/or digits.

doesn't really have to be an insider. You can send sms messages to come from any number, and you don't need somebody working at your telephone company. An yes of course, it's legal.

0
0

Cybercrime's bulletproof hosting exposed

pitagora
IT Angle

The title is required, and must contain letters and/or digits.

1. You can't fight a crime with another crime. It's illegal to infect somebody's PC, for whatever reason, even if you have good intentions

2. AV companies that could do this if it was legal (which it is not) would not benefit from this. Their goal as a company is to make money, to pay salaries and dividends to share holders. They have to bring money home to their families. Nobody can afford to work for free.

1
0

Feds use phony MySpace profiles to nab bad guys

pitagora
Dead Vulture

The title is required, and must contain letters and/or digits

it was always like this. Undercover agents are supposed to infiltrate and if necessary do things that would otherwise be considered illegal. This was always the case. Besides, the intention is to catch pedos, not to drive a young girl to suicide. It's quite a different thing.

1
0

Windows Phone 7 - what's in and what's out

pitagora
Stop

The title is required, and must contain letters and/or digits

Looks like windows mobile is about to take all the defects of Iphone, without any of the benefits. The reason I like WM now is that I can develop apps for it without being censored of the likes of Apple. This leaves room for open source, for custom software made for business use, etc.

If WM becomes an Iphone clone, then I don't want it anymore. If I have to chose the lesser of two evils, then I will chose the one with the most apps available (and that's iphone).

So message M$: removing the freedom in programming (all that control) will definitely loose me as a customer, and developer).

0
0

Microsoft's Internet Explorer 9 embraces - yes - HTML5

pitagora
Gates Halo

yeah.....

....it's confusing to have the two together. Developing for IE is a pain, but I have to admin that it's a lot better then Chrome. IE 7 and 8 complies with the standards a thousand times better then Google Chrome. At least M$ is doing steps towards compliance, while Google is going the wrong way.

0
7

'The LHC will implode the Moon or PUT OUT THE SUN'

pitagora
WTF?

The title is required, and must contain letters and/or digits.

considering black holes are infinitely small I'm really wondering where they got that 1.9 cm figure.

0
0

Forgot your ThinkPad password? Get new hardware

pitagora
Dead Vulture

I think the author is hasn't done his research

"a variety of password recovery tools will do the job for around $80"

The tools exist, but they don't do the job. Resetting the superviser password involves replacing an EEPROM chip on the motherboard, among others. This is very risky to do by hand even by a specialist. The board has a very high density and even the slightest mistake will destroy that board. There is also the question of resetting the TPM chip if one exists. Now these chips are designed so that they can't be reset. At least the procedure is a very close guarded secret. Can't say the superviser password can't be reset with the right equipment and expertize, but it would definitely cost more then a brand new laptop.

0
0

Ubisoft undone by anti-DRM DDoS storm

pitagora
FAIL

i would pay for a crack

considering that I don't have always have an internet connection and the only thing I can do on the PC to amuze me when I don't, is play single player games, this is going to be a problem for me. The only reason why I would buy a single player game is to play it offline. Multiplayer games are a lot more fun, but since I don't always have an internet connection I can settle for single player. Well apparently not in this case :(

I'll be very honest here: I will probably play the regardless if I pay the money to some guy that found a smart way to crack it, instead of UbiSoft. YES, I'm not willing to buy the game if can't use it offline, but I would be willing to pay the full amount for a cracked version, as I am sure others would too. So a message to anybody out there trying to crack it: you have at least one customer if you succeed.

0
0

Chinese schools deny Google cyber-attack links

pitagora
Thumb Down

and google...

.... stays evil as usual

0
0

Adultery website boosted by Christian publicity campaign

pitagora
FAIL

viral marketing campaign?

he is either a very stupid man (if he honestly thinks he is hurting them) or a very smart one (if he's on their payroll and is doing a viral marketing campaign).

0
0

IE6 exposed as Google China malware unpicked

pitagora
Thumb Down

I test my websites on ALL browsers above 1% market share.

As a web designer I have to design pages to look great on all browsers. Yes, IE 6 is a nightmare as it doesn't comply with lots of standards. Second on the nightmare list is Chrome and then IE 8. Unfortunately when the client comes and tells me the page looks shitti on IE 6 I can't tell him to change the browser because it doesn't comply. He will ask me to fix the problem. He pays me for that, and since I can't fix IE 6 and I have to fix my page. And lets not forget that over 20% on the users still have IE 6. No way they can be ignored simply because you don't like that browser.

So yes, I test my websites on ALL browsers above 1% market share.

2
1

Judge awards Dish Network $51m from satellite pirate

pitagora
Thumb Down

same thing actualy

yes it's exactly the same, because producing that content costs money. That money was paid for, and it's not coming back in the form of revenues. So people do loose money! It's essentialy the same thing. Somebody steals the money from your back account, or they simply steal your salary even before it gets to your bank account. Either way you don't get the money you worked for, do you? Do you like working for free?

0
0

Kingston coughs to security flaw in 'Secure' flash drive

pitagora
Flame

backdoor

The crypto key was stored on the disk, but encrypted with a universal key for all drives. This is obviously supposed to be a backdoor too allow them to decrypt any drive. They probably stuck a deal with the FBI or something. Unlucky for them, somebody discovered the backdoor.

My 2 disks go directly into the camp fire. I will never buy again from Kingston!

0
0

Existence of 'Sea of Krakens' on Titan confirmed

pitagora
FAIL

not frozen

nobody said they were frozen. We are talking about methane here. It's liquid at that temperature. So sailing is an accurate description.

0
0

Microsoft IIS vuln leaves users open to remote attack

pitagora
Thumb Down

IIS has the next largest marketshare after apache

IIS is the best web server available on windows servers. Of course you could install a free apache, but the features simply don't compare. 99% of windows hosting companies use it for both asp.net and php.

0
0

Attack exploits just-patched Mac security bug

pitagora
Thumb Down

java and backwards compatibility shouldn't even be in the same sentence

it's hard to update java runtime when java and backwards compatibility shouldn't even be in the same sentence :(

0
0

Germans devise attacks on Windows BitLocker

pitagora

keylogger wouldn't work

@oliver 8: you can't install a keylogger if you can't boot the machine. You can't even flash BIOS to include a keylogger because the TPM chip would get you. The combination of TPM+Bitlocker is supposed to make the PC tamper proof.

0
3

Collisions at LHC! Tevatron record to be broken soon?

pitagora
Stop

newtonian physics on a quantum level is a big NO

"Concerning the energy of collision, the kinetic energy of the particles would be (1/2) * (mass) * (velocity squared), see http://en.wikipedia.org/wiki/Energy."

@Rocketman: you are taking newtonian physics and applying it on a quantum level. That's plain wrong! E=mc^2 is what you should apply to particles.

0
0

Why can't Google be more like Microsoft?

pitagora

even microsoft is more open then google

Windows is 10 times more open then chrome OS. As a developer on windows you access to all releases even from the alfa stage to be able to build up on their platform. You get sdks and good msdn documentation. With google you get promises of something open source, that doesn't really let you run anything and is restricted to certain rare hardware. If you ask them anything they'll tell you it's secret atm.

Guys.....if it's open source give us access to at least what microsoft gives on it's closed source platform. Give us access to alfa versions as they are developed, give us sdks and documentation!

0
2

Page:

Forums