* Posts by Infernoz

409 posts • joined 20 Sep 2006

Page:

Flaw-finding Ruby on Rails bot steams past humans

Infernoz
WTF?

This is one of several reasons why major systems moved to Java.

So some people are /still/ using Ruby for software systems especially the security bug feast called Ruby on Rails, WTF!

Dynamic typed languages like Ruby and Python are fine for limited scripting, but not smart for larger programs, especially when they can become write-only code due to unknown interface typing and meta-programming confusion!

Any kind of duck typing is liable to type ambiguity/abuse and any lack of strong typing of declared function/method parameters can easily become a quite stupid ticking bug-bomb, because it can make automated/manual analysis/re-factoring/testing/runtime-optimisation much harder and/or much less reliable!

A lot of these kinds of vulnerabilities can be detected in Java by IDE source editors and existing compilers, and most of the rest get detected by the mature static analysis tools Java has had for several years now, including FindBugs and PMD.

2
7

Devs, skill up and help teach Alexa new tricks

Infernoz
Flame

IoT fraud of ownership

Anyone with any sense should shun consumer slave shit like this and it should be made illegal to sell stuff with unnecessary external dependencies like this.

Local automation is only OK if the device(s) can be fully used with no internet access, with secure external corporate servers only providing enhancements/information like weather forecasts and not required for normal operation and configuration, otherwise it is bad and even evil design!

Compulsory operational automation dependency of devices on external corporate servers is fraudulent deception of ownership, a critical point of failure when the internet connection is not available (/not/ unusual), an obvious security risk vector and may even result in physical damage or death! Some evil server providers are WTF even cheeky enough to claim ownership over the local data sent to them!

I'll keep my NAS and jail hosted automation server thanks, and prefer automation capable devices I can control myself, like a RaspberryPi 3 for automation, rather than deceptively pay less for an IoT device which becomes a costly ownership, data, security or total liability!

5
0

Let’s re-invent small phones! Small screens! And rubber buttons!

Infernoz
Holmes

Yes, proper, actual buttons on devices for common stuff!

I had a damned touch-screen heating control effectively become scrap because the touch screen became unusable on a damned critical area for the screen for some virtual buttons, twice! F-up brand will never get any more money from me!

At work I see people with stupidly huge tablet size phones and they look even more WTF ridiculous with a protective case on them, no fracking way will those bricks fit in most pockets! It reminds me of an old comedy sketch with a comedian talking loudly in public into a huge mockery of a mobile phone.

Ages ago I did an Human Computer Interface course at university, the purpose of which was to make interfaces usable by normal people, not be some colour blindness frustration, hipster tosser design or other fashion disaster. Interfaces can be aesthetically nice, but they must be easy to use with our common physical, sensory and mental limitations, and those of the artefacts too!

9
2

Adobe will track you across all your devices with new co-op project

Infernoz
Devil

Re: Note to Adobe:

I'd be nice if Flash, with its retarded insecurity and demonstrated significant slow down of browsers, just died and was forgotten, similar for Microsoft Silverlight too.

I will always use SumatraPDF in preference to bloated Acrobat PDF reader.

1
0

Clear April 12: Windows, Samba to splat curious 'crucial' Badlock bug

Infernoz

Yet another reason why of-the-shelf NAS are a bad idea, and why FreeBSD based and actively maintained FreeNAS is a much better idea.

0
0

Californian tycoons stole my sharing economy, says Lily Cole

Infernoz
Devil

Miss clueless doesn't get that Socialism is an economically bankrupt idea.

Only nothing is free, everything else has some cost attached which someone has to pay, even just in effort and time. She didn't model for free, did she, and is quite welcome to use her wealth to pay for her stupid ideas...

The whole idea of capitalism is property ownership and its incentives to do the right things enough to prosper, and fail when you do the wrongs things too much. This would work if Socialist governments hadn't distorted markets so much with disincentives and incentives to do the wrong things, and require wasting resources on pointless junk, so cause new and smaller businesses to die prematurely!

0
3

McAfee gaffe a quick AV kill for enterprising staff

Infernoz
Flame

Because windows security granuality is too coarse and static!

The reason that a lot programs run at admin level is because of the crap static way, user access levels work and quite stupid default security restrictions on commonly used resources, so it is often much less faff to use compatibility mode with admin level or even turn off user access control!

This keeps biting me as a developer, so damned right I need admin level access!

I will agree that software trying to store config./extensions in Program Files is quite stupid, and too many programs still do this! Junk like Chrome goes too far and stores the software where only config. and extensions should be stored, SRWare Iron shames it!

I hate that stodgy slowness call McAfee, especially on laptops, where the limited CPU and I/O bandwidth it wastes is even more costly!

0
3

Amazon kills fondleslab file encryption with latest Fire OS update

Infernoz
Facepalm

Idiots

The fire sales will end for users with at least adequate computer security awareness.

I had considered one for non-media purposes, but won't any more...

I refuse to get a Kindle too, because I detest the Amazon lock-in and the non-zero possibility of deletion of content!

I have minimal trust for most mobile device security anyway, so limit how much information I keep on them.

3
0

Raspberry Pi 3 to sport Wi-Fi, Bluetooth LE – first photos emerge

Infernoz
Pint

Not having BLE on perfect for IoT board was quite stupid

The Arduino is a nice idea, but crippled by lack of /built-in/ BLE, and too costly and clumsy via shells. The Pi is even more stupid without /built-in/ BLE for low power wireless comms and peripherals, because USB is a clumsy way to add extra features to tiny computers.

BLE should be consider as compulsory for any tiny device now. WiFi is a nice to have when you need to use a LAN or WAN with a device and wired Ethernet is a pain or a security risk.

A project I have in mind will need loads of BLE attached battery powered, wireless environment sensors, so I'll need loads of tiny cheap computers with built-in BLE which I only need to add environment sensors, storage and batteries to, the new Pi 3 looks like it may be suitable and economical for this.

0
12

Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan

Infernoz

Re: One last missing point on distribution

The problem is, ZFS would be excellent for boot disk protection, and to do this, it would need to be loaded early by or in the OS.

1
0
Infernoz
Facepalm

An OS without ZFS support sucks, because journalling filesystems are so dated.

ZFS is not just seriously more robust, it doesn't need nonsense like partitions or bolted on versioning/RAID, and is transactional and multi-threaded, so does need breakable stuff like journalling.

It can also be repaired on the fly without OS reboots, unlike in-use journalling filesystems.

1
0

My devil-possessed smartphone tried to emasculate me

Infernoz
Go

Keeping a mobile in a trouser pocket is asking for trouble

It may not just physically hurt tackle, but may also give them cancer from close range, long duration, pulsed microwave exposure!

It may get bent if pressed into a curved surface like the thighs or butt.

0
1

Reminder: How to get a grip on your files, data that Windows 10 phones home to Microsoft

Infernoz
Devil

Solution: have a broadband router supporting domain filtering

I've added what I think are the relevant spy domains, from the list in BlockWindows on Github, to my router's domain filter, because I don't trust any software solution on a Windows 10 machine to be 100%, including the hosts file.

2
0

The Nano-NAS market is now a femto-flop being eaten by the cloud

Infernoz
Holmes

FreeNAS is better

FreeNAS installs and Pro-OS boxes are probably killing off crippled, over priced, of-the-shelf mini-NAS, because they are plain better and much better value.

USB drives can't be properly shared by a set of desktops, laptops, tablets and phones, and lack fail-over redundancy, so are a dead-end except for bulk physical data transport and limited local storage extension and backup.

Less technical users and users with limited finances who need shared data probably use the /much much/ slower, inherently less secure (and much more expensive for several TBs and high use) cloud and streaming services.

I just love what I can do with many FreeNAS boxes with ZFS which make off-the-shelf mini-NAS look so dated too.

0
3

'Unikernels will send us back to the DOS era' – DTrace guru Bryan Cantrill speaks out

Infernoz
Holmes

I've used non isolated OS before and mistakes bite hard

On a OS which doesn't isolate apps, it only takes a pointer mistake and the OS can crash hard and you have no idea why, so have to guess more!

Passing data between app and OS does not need to be slow if you use lightweight queued message passing and minimise memory copying.

16
1

Sainsbury's Bank web pages stuck on crappy 20th century crypto

Infernoz
FAIL

Re: I think they meant

Indeed and the SSL layer for the web UI is the most critical because lots of critical data could be sniffed via MitM attacks, especially logins!

3
0

AMD to nibble the ankles of Nvidia this summer with 14nm FinFET GPUs

Infernoz
Meh

Re: AMD

BS, an EVGA Nvidia 980 Ti is loads better for good 4K at a reasonable price, has better power usage and better drivers. No more AMD/ATI cards for me until I see real competition with Nvidia!

1
6
Infernoz

Re: power consumption

It is a big deal because excessive idle/peak power usage compared to Nvidia (w/ GPU damaging heat), a more expensive PSU, and worse performance do cost time and money.

0
3
Infernoz
Meh

H/W vapour and too damned late, probably still with poor drivers.

Getting this 1/2 size shrink to work well enough is probably going to be hard and I can't wait another year or more!

I did like AMD/ATI, but my new main machine will not just have an Intel CPU, but a high end Nvidia GPU too (probably a 980 Ti) to properly drive 4K monitors, both with reasonable power consumption.

1
0

Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

Infernoz
Big Brother

IMO anyone logging in Windows 10 with a microsoft account gets what the deserve..

..their security raped. I have a non-main Windows 10 machine which I only set-up for and use with a local login, and have anything which looks like it can leak stuff to the net disabled.

1
2

IT bloke: Crooks stole my bikes after cycling app blabbed my address

Infernoz
FAIL

Re: Common sense

He and the other victims need to sue Stava for a negligent, default security fail!

GPS cloud tracking apps must have a minimum radius around detected start/end points where tracking data is always hidden from the public to avoid this kind of security fail.

Publishing any movements you make is a security risk anyway and could get you directly hurt or otherwise compromised.

8
7

Alert after Intel Skylake chips, mobo sockets 'warp under coolers'

Infernoz
WTF?

Are people really still using huge heat pipe CPU cooler towers instead of water cooling?

You can get economically priced pre-assembled CPU water coolers which the beat pants off the biggest heat pipe CPU cooler towers. A much lighter and low profile water cooler CPU water block is probably a lot less likely to damage a CPU, socket or even board in transit than a heavy bouncing and wobbling heat pipe CPU cooler tower.

My pre-assembled CPU water cooler has been running 24/7 for several years, no problems, and the radiator is a hell of a lot easier to dust than a huge heat pipe cooler heat sink!

3
15

Facebook to Belgian data cops: Block all the cookies across the web, then!

Infernoz
FAIL

Crocodile tears and self-harm me thinks...

It is one of several 'social' corporations who "drive by" track people outside of its sites too, via images etc., so it needs to be fracked up moar.

This bogus login requirement will further reduce the relevance of both face-palm and it's members.

7
1

Ofcom spins out Wi-Fi checker app just in time for Christmas

Infernoz

Also Virgin is being cheeky says that 3Mbps (if even actually provided consistent) is adequate when multiple devices are using the same connection e.g. a better off home, a family home or any business! Multiply that by a least 10, then it's getting adequate.

3Mbps is only about 300KBps, which is horribly slow for downloading or uploading large content, like say OS DVD ISOs, or OS, device or app updates, and multiples worse when multiple devices need to do this!

7
0

Hillary Clinton: Stop helping terrorists, Silicon Valley – weaken your encryption

Infernoz
WTF?

I think a Black Hole Pot calling the merely tanished Kettles Black

Governments have proved that time and again that they become increasingly incompetent, especially as they grow larger. We know that they have caused events like this to occur to allow Shock Doctrine usurpation of yet moar power, aka False Flags, which they are even less competent to use, including for WW1, WW2, Vietnam and the Middle East! Why aren't these liars strung up already?!

Ancient Rome degraded from a rich city to a plundering bankrupt empire in the same way as the USA effectively is now, because of corrupt politicians. The Roman empire doesn't exist any more, even Byzantium eventually fell, I think there is a lesson there.

It is rather ironic that we had to rely on the Moslems to find and preserve ancient knowledge (for military advantage), during the Dark Ages because Roman Catholic Christian zombies tried to destroy it all, then have it seep back from the Moslems and trigger the Renaissance before the Moslem empire too collapsed from it's own corruption, plunder and incompetence.

Nazi Germany is a more recent example. Hitler usurped absolute power and plundered Germany, and it was only plunder from other countries which made Germany seem rich again. Of course when the external plunder supply became inadequate, the stolen wealth quickly dissipated and Germany was defeated. German then needed USA help to raise the country back from poverty and starvation. You would have thought that the USA should have seen this as a warning too.

9
0

Coffee fixes the damage booze did to your liver, study finds

Infernoz

Re: Possible NO!

Coffee contains loads of antioxidants, and probably has higher antioxidant content if made fresh from ground coffee beans via an expresso or other pressure based coffee brewer like an Aeropress. Decent coffee does not need milk to be drinkable. You can also brew coffee cold too, but that takes 18 hours and needs more ground coffee beans.

Instant coffee probably has less antioxidant content, which is one of the reasons it tends to taste less nice and needs milk and may need sweetening.

Coffee also protects the brain e.g. you're less likely to go senile etc.

1
0

MetroPCS patches hole that opened 10 million user creds to plunder

Infernoz
Facepalm

Bet it was a lazy designed AJAX lookup

If the information could be used for financial or other advantage (including a competitor or an agent), only a matter of time before a fishing script had been or was written.

If a page needs to do lookups of private information, it would seem best to try and limit the scope of the lookups to that relevant to the user login, use session/page guard tokens, have lookup use count limits and limit the information returned by earlier step lookups to block or slow down fishing requests.

1
0

NoSQL: Injection vaccination for a new generation

Infernoz

NoSQL would seem to have another major security disadvantage

If it can't run stored procedure and stored functions to remove direct access to all tables, and possibly pre-validate data before it is stored or used to search for data, all protected by a database user login.

0
0

Your taxes at work: Three hours driving to turn on politician's PC

Infernoz
Holmes

Re: This one time...

That is exactly the point of the seemingly ironic "But what do I know? I'm just a brain surgeon." statement in the Volvo advert. Most people don't need to know how a tool like a car or a computer works, just be competent in using it. If someone is really smart or challenged in their occupation, they may even be incompetent in other areas, they should be competent in, because they have neglected them.

5
0

TalkTalk: Data was 'secure', erm, we beat rivals on price. Um, scratch that...

Infernoz
WTF?

Re: Errors, we've had a few, but then again, too few to mention...

I would have thought that being able to use a spreadsheet and simple formulae was a basic office skill...

0
0

Google open sources machine learning software

Infernoz
Alien

Re: So the world's biggest software companies

They will probably eventually hit some nasty hard limits on digital data size and processing, then they crash!

Even just one of our relatively large and greedy analogue brains, for our body size, to allow consciousness, are still many orders of magnitude smaller, lower power, and probably the same for processing and memory capacity, than all the digital computers on Earth!

Many orders of magnitude faster digital clock speeds and increases in memory density are very improbable because we are already getting closer to the expected physical density limits of semiconductor components in solid state materials, thus the stop-gap move wider to multi-core CPUs and computer clusters. I doubt that 3D chips and fluid cooling will provide enough increase, so I think that fear of conscious digital computer AI or skynet is fantasy.

Computers will probably have to become analogue again, with different programming technology, because I doubt that Quantum computers can ever be dense, fast or adaptable enough!

Psychology and brain scans are revealing just how amazingly sophisticated our analogue brains are and by inference even smaller brained animals' brains are too! Some people say they have modelled small living things brains, but have they really, especially the brain plasticity required for learning etc.?!

For example human brain waves appear to not be like a clock signal but rather carrier waves for faster analogue signals via network router like nodes, which self-optimise signal travel time between 3D distributed, /self-rewiring/ brain cells for memory storage and retrieval, and composition. Trying to build this kind of self-adaptive architecture ourselves would probably be very very hard.

0
0

Untamed pledge() aims to improve OpenBSD security

Infernoz
Meh

The whole point seems to be for an application to declare restrictions on expected behaviour, so an 'all' option is nonsense because it implies no restriction. Yes, an access monitoring tool would be a good idea for fine tuning security, possibly via configuration driven pledges; however the developer should still have some idea of behaviours an application should never do e.g. try to modify or delete some application resources, configuration or data, or try to do other things it shouldn't, which may not even be blockable by user account restrictions.

It would be nice if Windows had security like this too and not just bolted-on security systems which can miss or break stuff, like anti-virus etc.

2
0

UK lawmakers warn Blighty to invest more in science, or else

Infernoz
Meh

It is stupid to encourage and enable too many people to do higher education in narrow STEM (or arts) subjects which may not be in demand at least a decade ahead. You just get more (expensive) unemployed graduates, people in mismatching lower grade jobs and a student debt time bomb!

Highly specialised division of labour only works well in an Industrial Age, it has already become an increasing liability in developed, Information Age countries e.g. tech. oriented jobs need some arts skills, and arts oriented jobs need some STEM skills too. It is already the case that most people will have to change career several times during their lifetime!

Developed countries are already in transition to a Design Age, so there needs to be more hybrid STEM and arts courses in schools and universities, so that people are wholly educated, so that they can adapt better. There also need to be tax incentives for businesses to train employees to upgrade their skills for the design age, to prevent needless unemployed burden.

Business should also be encouraged to donate to validated, public, STEM research organisations or even researchers, including for areas like Psychology, via tax incentives, because state funding bodies are often poor investors!

0
2

UK government looks to harness the potential of open data through APIs

Infernoz
Facepalm

Re: Yes minister?

I think that's from the film Brazil, not BBC boringness like Yes Minister!

0
0

Slow connections can’t come fast enough as industry eyes low bandwidth

Infernoz

A dubious idea because of line of sight, power and future availability.

Re: "Huawei provide TalkTalk Routers"

Lol, not likely when BT supplies a crappy two box 'solution', but Draytek have done it in one box for years now, and a different sector anyway i.e. wireless cell radio, not wired boardband!

The higher the frequency, the smaller the wavelength, so yes, smaller aerials, but the much greater need for line of sight and (well over) 10 years is a long time to expect the same provider, cell radio standard and target infrastructure to stay available...

I suspect that a touch registered mesh network is far smarter for IoT than star networks like WiFi and via a cell tower, because each device may use far less radio power for orders of magnitude shorter distance to the next node, and it may avoid most of the need for line of sight. With some local mesh network data caching and broadcast it may even significantly speed up firmware, config. and settings changes and significant reduce the load on and cost of using external networks.

0
0

Lithium-air: A battery breakthrough explained

Infernoz

Re: Did I miss the part...

The volume matters too, especially for slim portable devices or devices needing a lot of power; the volume difference does not appear to be mentioned and the mass/weight will increase as the battery is charged because of the added Oxygen atoms.

0
3
Infernoz
Coat

Re: interesting..

It patents net slow development of technologies (they do), then patents, say on Graphene, are not just anti-property rights, anti-capitalist, state monopoly privileges, this counter productive behaviour also rather effectively voids the social benefit myths, thus are net negative!

I don't see the benefit of this tech. unless it can produce much higher energy density (it doesn't seem to yet) at affordable purchase and life-time cost, but use of Graphene does suggest that it may not be affordable.

I also wonder how much longer we will have cheap enough Lithium to build more affordable batteries...

1
4

MPs launch 'TalkTalk' inquiry over security of personal data online

Infernoz
Meh

Political points scoring, maybe a veiled attack on the Tory establishment and it's security hypocrisy, and possibly ironic security hypocrisy by some of the investigating MPs.

I'm sceptical that anything genuinely useful will come from this political inquiry, but maybe the worsening image of Dodo will cause CEOs to give customer data security more serious consideration and take the piss less with inadequate security.

0
0

Wireless charging desks are coming

Infernoz
FAIL

This idea will just end up with loads of useless or scrapped desks when the wireless charging systems change! There may even be things which unexpectedly malfunction inside a wireless charger field, which could be annoying or worse, that may include living things like our bodies!

Just how fracking stupid are these designers? Just supply plenty of shutter protected 2 Amp USB charging sockets in desks, much like some desks include mains sockets, so that people only need USB charging leads, they are still a lot faster than any current wireless charging system.

At home I have a tiny 40W Anker USB charger brick with /one/ mains lead, which can charge up to 5 devices at up to 2A, because I got fed up with loads of 5V portable device charger plugs in a mains strip and guessing which leads supplied 2A!

2
0

Here's how TalkTalk ducked and dived over THAT gigantic hack

Infernoz
Meh

PCI and the Data Protection people should have mandatory fines and even loss of merchant status, so that there is no choice; PCI should forbid personal detail leaks too because the card issuers rely on personal details for customer anti-fraud enquiry authentication. Yes, ID theft is possible, as is Social Engineering, especially when joined up with other data sources.

Point of Sale (shop till) software seems to be migrating to using security hardened, external services and devices to handle credit cards and user information for robust security, less need for PCI-* certification, and for flexibility; there is no reason that web software can't do the same. If any user data could be captured, it should be orders of magnitude smaller quantity of transactions.

1
0
Infernoz
Meh

There is no excuse for building dynamic SQL directly as bare strings at all, that includes template APIs which don't know about SQL escaping. Developers should use either a mature SQL builder API or a mature persistence API which automatically append SQL escaped values or uses parametrised SQL. All code should be routinely security audited and upgraded, that also includes early rejection of bad parameter values which could cause denial of service, database data-type specific exploits or value reflection exploits.

All software architects, designers and developers should be security aware, because vulnerabilities can be quite subtle and much harder to fix later; this gets even more complex on distributed systems like cloud systems.

0
0

Anti-adblocker firm PageFair's users hit by fake Flash update

Infernoz
FAIL

Re: Hah!

Sorry, it's too late to argue for sloppy design advert funding of sites now. Adverts streams, an insane flood of analytics streams, various bugs and other covert deceit are out of control, so no sympathy or mercy!

7
0

Think Fortran, assembly language programming is boring and useless? Tell that to the NASA Voyager team

Infernoz
FAIL

Replace technology drudgery by automated life-cycle convention.

Why didn't NASA port to an OSS maintained, cross-compiler tool-chain decades ago, like say GCC, and have the toolchain automatically generate any extra machine code by life-cycle convention, like Maven does for Java artifacts? The test rig should only be need for final testing, all prior testing could be orders of magnitude faster in an emulator, so WTF have they been playing at?

I wrote assembler for single digit MHz machines as a child, and the reason it was slow and hard was the more primitive software development technology, not just the technology limits of the hardware.

Any employer who isn't proactive about, or doesn't allow, cost effective reduction of developer drudgery (e.g. via build automation, appropriate better hardware/software/process) deserves to loss all their developers and be rejected by potential recruits.

Sorry, software developers were never factory worker 'cogs'. We are well past the Industrial Age, and have been transitioning from the Information Age to the Design Age for well over a decade now!

2
22

Yamaha unleashes motorcycling robot

Infernoz
Terminator

A precursor to the "Daemon" book plot maybe?

With two armed, Samurai-like robot motor cycles, with spare blades on board.

1
0

ICO 'making enquiries' into bizarre shopper data spill at M&S

Infernoz
FAIL

Cache control directives in HTTP responses and HTML content are the wrong answer, and not reliable.

All web pages with any sensitive content, including any personal and financial details, must only ever be over HTTPS, for security, including preventing caching; it is fracking negligent not to do this!

I'd suggest that all session derived content should go over HTTPS anyway to block caching and traffic spying.

0
0

Microsoft now awfully pushy with Windows 10 on Win 7, 8 PCs – Reg readers hit back

Infernoz
WTF?

Re: Tool

BS, XP holdouts are zombies, because it has no security fixes now, so it is an open door for crackers!

0
2
Infernoz
Facepalm

Re: Tool

Bogus, no google.xml in my Linux Mint 17 (latest) Cinnamon and I use startpage anyway for search in all OS and Firefox, because google are the worst for tracking!

0
0

Lawyers harrumph at TalkTalk's 'no obligation to encrypt' blurt

Infernoz
Facepalm

Filesystem encryption is only useful to prevent unauthorised access to data on a physical storage device or clone, so useless for a logged in user. Proper database encryption is not coarse database file encryption, because it needs to be user permission based.

SQL injection attacks are avoidable if parameterised SQL with robust value validation (including blocking exploits in complex data types like XML and JSON) are done, better still is if the application user only has database permissions to use some stored procedures and some stored functions (with robust value validation), and some restricted views for dynamic query use, but no direct table access.

It isn't just SQL injection, public facing servers must now be both sneaky and paranoid about both provided and received data, this includes not passing secret data in 'hidden' web content, using mapped tokens and using varying page security tokens to reject abusive reuse of page requests or repeated submission issues. Sneaky reflection injection attacks can be prevented by use of whitelists, maps and other anti-reflection validation. Browser side page validation is useful to improve user experience, but useless for security!

Talk Talk look to seriously need some up-to-date web developer and DBA security training, proper databases which have the functionality and user security to do security properly, and security awareness all the way up to director level to support this. The CEO is still ultimately responsible, especially when they reveal how clueless they are!

4
0

TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)

Infernoz
FAIL

It's not about what's legal, it's about ethics, reputation and best practice.

/All/ customer data held by any business should be encrypted by default, just-in-case lots of stuff!

It doesn't matter a frack if it is a staging area, or for marketing, just encrypt it.

This silly girl needs to shut up, get competent security and public relations advice, and read "Friend and Foe" by Adam Galinsky & Maurice Schweitzer to get some perspective so that she doesn't frack up!

2
0

Joining the illuminati? Just how bright can a smart bulb really be?

Infernoz
Meh

Re: cart before horse

Doesn't work at the wall switch unless you have power there, either Live, Neutral and Earth wires, or a battery.

I bought motion sensor bulbs for a tiny fraction of the price, which do me fine.

0
0

Page:

Forums