* Posts by PassiveSmoking

628 posts • joined 29 Aug 2010

Page:

Moscow says writing infrastructure attack code is a thought crime

PassiveSmoking
Silver badge

The problem is how do you prove intent? In some cases it's fairly obvious that it's malware, but there are plenty of tools that were designed for security testing or stress testing that could easily be adapted to attacking systems.

1
0

IoT camera crew Titathink tells Reg it'll patch GET bug in a week

PassiveSmoking
Silver badge

Re: Grumpy old men 1 - Web experience managers 0

What do you mean a resurgence? SQL injection never went away. Just look at questions people on Stack Overflow are asking related to database querying from an external program/script. At least 90% of the people asking on that topic are building their queries by concatenating user input into query strings. It's like prepared statements don't even exist for most developers.

2
0
PassiveSmoking
Silver badge

Titathink?

I thought that was one of El Reg's joke names. Who would unironically name their company that?

0
0

Exclusive: Team Trump's net neutrality guru talks to El Reg

PassiveSmoking
Silver badge

I'm OK with this

Because as far as I'm concerned it's the perfect field test of anti-net-neutrality advocates' claims in the wild. If everything is flowers and rainbows then fine, no problem. If it's not (which given the long and inglorious history of the relationship between American-branded capitalism and its vict^H^H^H^H customers seems far more likely to me) then it will hopefully serve as a cautionary tale to the rest of the world who can then avoid going down that route. Who cares what happens to a bunch of Americans in the meantime? They're just the lab rats as far as I'm concerned. It might even teach them a valuable lesson about just how powerful and dangerous a vote really can be in the hands of the ignorant.

1
0

Take that, creationists: Boffins witness birth of new species in the lab

PassiveSmoking
Silver badge

Re: What is a created kind?

It is a pseudoscience, called Baraminology

FTFY

8
1
PassiveSmoking
Silver badge

Re: Get with the program!

Are you claiming that lions and tigers are different breeds of the same species? Because no creationist I've ever spoken to believes that.

2
0

It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging

PassiveSmoking
Silver badge

Re: Punishment

Yeah I'm sure there will be a mad rush to go with all those other UK based cloud providers whom aren't subject to the Snooper's Charter..... oh, wait.

1
1
PassiveSmoking
Silver badge

Go somewhere else then. Maybe some UK based cloud provider where your data will be protected from prying eyes. At least until the Food Standards Agency suspects you of wrongdoing and some other governmental department wants to sell your data to cold callers...

25
0

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

PassiveSmoking
Silver badge
WTF?

Fuck!

Fuck fuck fuck, fuck fuckity fuck. Fucky fucky fuck, fuckit.

11
0

Investigatory Powers Act signed into UK law by Queen

PassiveSmoking
Silver badge
Big Brother

What's that high pitched humming noise?

It's George Orwell spinning in his grave.

26
1

Inside Android's source code... // TODO – Finish file encryption later

PassiveSmoking
Silver badge

Re: Open source

If it's in Darwin then it might already be open source. I'd have to check though. (People seem to forget that Apple's OSX family of which iPhone OS is a part is partially open source)

1
0

Half-ton handbuilt CPU heads to Centre for Computing History

PassiveSmoking
Silver badge

But does it run Overwatch?

0
0

Integrator fired chap for hiding drugs conviction, told to pay compo for violating his rights

PassiveSmoking
Silver badge

He asked if he needed to disclose. The reply was no. Therefore he didn't disclose. He was told one thing but they actually meant another. That doesn't strike me as very fair.

Having said that I don't think I'd feel the same way had it been something more serious like a violent assault or organised criminal activity or something.

3
1

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

PassiveSmoking
Silver badge

Re: Welcome to the future. It's not safe.

"Some hackers are bored, have the time to spare, and welcome a challenge, and hardened targets are as ostentatious as open doors to them"

No question that there are people like that out there, but the era of the hacker who does it for the challenge being the norm is long past. The vast majority of hacking is done these days for profit, either by installing malware or spamvertising, spreading ransomware, etc. For this breed of hacker the value of hacking a system is inversely proportional to how much effort is needed. You might never be able to slam the door shut but you can make it tough enough to open to make it not worth it for the hacking-as-a-business brigade.

0
0
PassiveSmoking
Silver badge

Re: Welcome to the future. It's not safe.

"No, we can't accept that software WILL be vulnerable because that ALSO means we must accept that all software must be COMPLETELY vulnerable"

Like it or not, that's the reality we live in right now.

Pretending it's not so will not change the fact that it is. Everything is vulnerable. Of course every care should be taken to avoid coding practices that lead to vulnerabilities, and of course every time a vulnerability is unearthed it should be fixed, but while we pretend that software isn't all vulnerable we won't design systems to be able to resist attack. When we accept that all software is vulnerable we'll start applying better practices such as compartmentalising it so the damage can be contained when somebody finds a way into a system that they shouldn't have access to for long enough to prevent the attacker gaining further access.

It's like the ant colony that defends itself heavily around its perimeter with warrior ants but if you get past them you have unfitted access to the queen, the food stores, the nursery, etc etc.

0
0
PassiveSmoking
Silver badge

Re: Welcome to the future. It's not safe.

The problem is software is complex and with the best will in the world a non-trivial system is always going to contain bugs. You could take every possible precaution in your development process to avoid security holes and still end up with one exploitable bug in the system that may go unnoticed for years. Is it fair to toss people in jail for that? Especially given that most developers are fundamentally creative by nature and struggle to think in the same way a fundamentally destructively-minded hacker would and might not notice that the fantastic new feature they've just implemented could be hijacked and used for nefarious purposes?

No, it's better to simply accept the fact that all software is going to be buggy to some extent and have mitigations in place to limit the damage that said bugs are capable of causing by compartmentalising systems so a compromise in module A doesn't allow you to cause further damage by manipulating the behaviour of module B.

3
0

Veeam kicks Symantec's ass over unpatentable patents

PassiveSmoking
Silver badge

Effing software patents

The whole concept is stupid, obnoxious and unworkable. Software patents should all just be scrapped.

0
0

Why I just bought a MacBook Air instead of the new Pro

PassiveSmoking
Silver badge

Nest is killing it

I'd say that'd debatable. Nest might be the best known IoT brand but it's stagnated for years and from what I hear Google are no longer taking it very seriously, in spite of the ludicrous amount of resource they poured into it.

http://arstechnica.co.uk/gadgets/2016/06/nest-alphabet-unlimited-budget-analysis/

0
0

Virgin Galactic and Boom unveil Concorde 2.0 tester to restart supersonic travel

PassiveSmoking
Silver badge

Re: Wheels in the Wings Design Flaw

"Due to the way the engines are positioned on the Concorde the whole wing caught fire because the leaking fuel went straight into the afterburner exhaust"

None of the engines on Concorde were ever actually on fire (though the crew did get a false fire alarm on one of them). The deluge of fuel rushing over them basically drowned them - they were deprived of airflow and flamed out. The probable ignition source was a damaged wiring loom for the landing gear retraction mechanism.

4
0
PassiveSmoking
Silver badge

Re: Wheels in the Wings Design Flaw

Tire-related catastrophe is something that can happen to any aircraft. The deadliest DC-8 crash in history (Nigeria Airways Flight 2120) was triggered by a tire bursting and catching fire on takeoff.

3
0
PassiveSmoking
Silver badge

Re: YIPPEE! Great news!

My mother won a trip on Concorde (a short circumnavigation of the British Isles and a sprint up to full speed). I was so jealous that I didn't get the ride. I do remember watching the takeoff though, that noise punches you in the chest in a way nothing else does. It was glorious.

6
0

Google Pixel pwned in 60 seconds

PassiveSmoking
Silver badge

Re: Cheaper to pay bug bounties...

The fact that there's pretty much nothing out there that can't be hacked suggests the problem is not a lack of competence, but simply down to the fact that software is hard. Millions of lines of code isn't even considered a big system any more, and no matter how careful you are it only takes one slipup somewhere to introduce a vulnerability. Add in multiple threads of execution opening up the concurrency can of worms and this isn't at all surprising.

Having said that, 4 seconds for Flash is just plain pathetic, the fact it's an old vulnerability that got exploited doubly so.

13
2

Russia to block LinkedIn over data domiciling issues

PassiveSmoking
Silver badge

Russia blocks LinkedIn.

LinkedIn spam plummets overnight.

And there was much rejoycing.

4
0

Trump's taxing problem: The end of 'affordable' iPhones

PassiveSmoking
Silver badge

"Say you live in country A, where the cost of living is $20k a year for basic food and rent. Your salary therefore MUST be greater than $20k a year if you are to afford to live in your country."

This is true, but as far as most of Europe goes, the cost of living is going to be closer to 20k than to 4k so an European worker is going to expect a salary in the same range as a UK worker. Especially if they actually do come over here and have to face the same cost of living as UK residents face. The guys in India may be a hell of a lot cheaper than that, but the guys in India also turn out terrible terrible code that's not worth even the cheap price you pay for it. Trust me, I've made a few quid cleaning up the mess one of these outsourcers left behind.

"Automobile manufacturers didn't leave the Rust Belt because the workers weren't good at their jobs. They left because people in Mexico could do the same job and yet only wanted 1/3rd as much money for it"

Funny, because my understanding of the situation was that the Rust Belt car industry died because they produced shitty gas guzzling unreliable basically disposable cars that would oxidise in six months, and they subsequently got eaten alive by the Japanese when they started making high-quality economical durable products that would still start on a cold day, a situation that the oil crisis only made worse because who wants a gas guzzler when petrol suddenly costs three times as much? The American manufacturers made the wrong product for the time, the Japanese manufacturers made the right one and the free market made its choice.

4
1
PassiveSmoking
Silver badge

Re: I am Mad

Rational prudency? Trump? That's a good one

1
0
PassiveSmoking
Silver badge

I'm a tech worker in the UK and never worried about my job security from the EU open borders policy or from international outsourcing. The former is because in my experience tech workers from the EU can match UK workers in terms of talent but also demand the same level of salary, so there isn't a huge advantage to hiring them over the local talent and the meritocracy decides who gets hired. I'm perfectly fine with the best job going to the best candidate. As for development being outsourced to distant lands it's become increasingly apparent that the quality of code you get from these outsourcing development houses is terrible. You pay peanuts, you get monkeys.

If you're good at your job then globalisation shouldn't pose a threat to you.

7
1

McDonald's sues Italian city for $20m after being burger-blocked

PassiveSmoking
Silver badge

Where do I get a burger like the one in the photo? It looks lush

1
0

Brexflation: Lenovo, HPE and Walkers crisps all set for double-digit hike

PassiveSmoking
Silver badge

On the plus side, when the market decides that America is doomed after either the bad candidate or the worse candidate has won the election, the dollar should collapse and hopefully restore its relative value to the pound.

Maybe time to invest in Euros.

Or gold.

0
0

Apple, Mozilla kill API to deplete W3C battery-snitching standard

PassiveSmoking
Silver badge

And here in a nutshell is everything wrong with software development, especially when it pertains to security. Developers are fundamentally creatively-minded and simply cannot think the way a fundamentally destructively-minded hacker will. I also think that in spite of the cynical sense of humour a lot of software guys display, they are at heart too optimistic and assume that most people are basically not malicious. They will come up with what seem like good ideas, even great ideas that make things better for everybody, then some hacker comes along and realises that this great idea that makes things better for everybody can be re-purposed to run down your battery, or spam you with porn ads, or install a keylogger or anything else that ranges from mischief to full blown felony.

I think university courses on software development should contain at least one semester on how to think like a hacker so that developers are taught that no, not everybody out there is a good guy and anything you do with the best of intentions could potentially be used by somebody less noble to wreck mayhem. We did do some engineering ethics studies when I was at university, which is somewhat along those lines, but was more focused on how things done with the best of intentions could lead to accidents rather than how they could be abused.

7
0

We're going to have to start making changes or the adults will do it for us

PassiveSmoking
Silver badge
Happy

Re: Ok, so...

You're all mad.

It's quite clearly five spaces per tab.

6
1

James Dyson's new startup: A university for engineers that doesn't suck

PassiveSmoking
Silver badge

Will it include a course to teach us what a "digital" motor actually freaking is?

6
0

'Inventor of email' receives damages from Gawker's collapsed empire

PassiveSmoking
Silver badge

Invented e-mail in the late 70s, huh?

https://tools.ietf.org/html/rfc561

Note the date.

1
0

Ubuntu Core Snaps door shut on Linux's new Dirty COWs

PassiveSmoking
Silver badge

When did systemd turn up again?

Years after the COW bug was introduced into the kernel. Scapegoating is such fun, but it's rarely useful.

1
0

What should the Red Arrows' new aircraft be?

PassiveSmoking
Silver badge

They should just convert their existing jets to UKIP specifications and saw off the left wing.

4
1

Seagate has a flash early Xmas present for Xbox gamers

PassiveSmoking
Silver badge

So basically the story is "Seagate stick branding on mediocre external SSD, hopes to gain traction in the sucker market"

8
0

Cynical Apple gouges UK with 20 per cent price hike

PassiveSmoking
Silver badge

Ars Technica did an analysis on the pricing and found that once UK VAT (which is included in the list price versus US Sales Tax which isn't) and import duty is taken into account the difference in UK and US pricing is minimal, probably no more than 50 quid.

Of course that statement doesn't generate many clicks and ad impressions.

Now their SSD options on the other hand, there's a legitimate ground for beef. If you select the maxed out SSD option (2TB versus .5TB) the price jumps by more than a grand. I know OEMs don't give good deals on storage or memory upgrades, but that's just plain ridiculous. As I don't know if a user-upgrade is an option or whether this new machine is a sealed unit you can't upgrade yourself that's a very big deal.

2
0

Possible reprieve for the venerable A-10 Warthog

PassiveSmoking
Silver badge

Re: Pint due.

It's Douglas Adams' description of Vogon ships from the Hitchhiker's Guide to the Galaxy.

1
1

Cabinet Office gears up to ink mega Oracle deal

PassiveSmoking
Silver badge

Just use Postgres!

6
1

HomeKit is where the dearth is – no one wants Apple's IoT tech

PassiveSmoking
Silver badge

I'm not buying Apple IoT gear...

... but then again I'm not buying anybody else's either. I have no need for a door lock that's connected to the internet with a default password of "password"

4
0

Microsoft keeps schtum as more battery woes hit Surface sufferers

PassiveSmoking
Silver badge

You can't do that with a Mac

Wasn't one of the MS Surface ads about how much better the battery life was in these things than it is for a Mac laptop? Might want to sort this one out pretty sharpish guys, or the ASA might send you a strongly worded letter.

5
0

Oracle DB admins urged to swap their gas guzzler for an electric car

PassiveSmoking
Silver badge

Re: It's a brand problem not a technical problem

Sell it? It's fricking free.

0
0
PassiveSmoking
Silver badge

Re: It's a brand problem not a technical problem

And there was me thinking that technical excellence, reliability, robustness, strong data integrity features, strong disaster-recovery features and providing a rich, standards compliant API for developers were the really important features in a database system, when all along it's a cool name that really matters! I should just save all my data to a RAM disk and call it the Batman DB.

2
0
PassiveSmoking
Silver badge

Re: Whiff of evil?

I noticed Postgres wasn't on that list. Seriously, grab a copy and have a play with it. It's very Oracle-esque and on the whole a very nice database to work with. As for Mongo and other nosql solutions, I guess it just depends on your workload (though I personally don't care for them myself either, and it is rather telling that a lot of nosql systems seem to be trying to find ways to hack in sql-like behaviour).

2
0
PassiveSmoking
Silver badge

Stupid metaphors aside, Postgres is a very capable database, far more so than MySQL, and what's more it's not tainted by the whiff of evil that all Oracle products have.

9
0

Social media flame wars to be illegal, says top Crown prosecutor

PassiveSmoking
Silver badge

Re: John Smith

It's not uncommon for creatives (web comic artists and the like) to set up "fake" social media accounts in the name of character(s) from their works and post to them in character. If a character's name happens to clash with a real person would that qualify as a "fake social media account" and therefore constitute a criminal act?

I know to most people this might sound like a daft question, but a guy went to prison for making an obvious (albeit tasteless) joke about blowing up an airport so better safe than sorry...

0
0

Don't panic, but a 'computer error' cut the brakes on a San Francisco bus this week

PassiveSmoking
Silver badge

What's that? Design the system such that if the controller stops functioning it also ceases to emit a signal to indicate it's healthy, the absence of which will lead to the brakes activating?

Pah. Failsafe is for sissies!

Ok, how about a redundant system that's entirely mechanical and not dependant on either electrical power or computer control?

LOL, Redundancy is for wusses!

0
0

Command line coffee machine: Hacker shuns app so he can stay at the keyboard for longer

PassiveSmoking
Silver badge

Entity may be short and stout

That's all well and good, but does it implement RFC 2324?

https://tools.ietf.org/html/rfc2324

1
1

Four reasons Pixel turns flagship Android mobe makers into roadkill

PassiveSmoking
Silver badge

Apple had the right strategy

The simple fact of the matter is that OEMs make Android insecure. So long as they don't see it in their best interest to get Android patches out in a timely manner to any of their devices that are actually capable of running it, they will leave huge swathes of the Android using public vulnerable to known CVEs. They've got to go. Apple's iron grip on its devices means that devices as old as the iPhone 4S still get updated until recently.

The other big problem for Android security is dodgy apps getting into the Android Play store, or incompetently written ones that overrequest security permissions which some other malicious software can then subsequently exploit. Expect a crackdown in Google Play soon.

Apple basically had the right strategy from the get go when it comes to devices such as phones and tablets, and Google have come to the conclusion that their strategy needs to be more like Apple's.

6
0

Amazon supremo Bezos' Blue Origin blows its top over Texas desert

PassiveSmoking
Silver badge

Re: The crew capsule of death?

Formula 1 drivers routinely walk (or at least limp) away from 50+g crashes, fighter pilots can sustain extended periods of 9g with training, and I believe the record for surviving an impact is something like 214g (though luck did play a big part in that one). Provided the crew are securely strapped down (and why wouldn't they be?) that kind of tumbling is most definitely survivable. It wouldn't be very pleasant though, but given the alternative is being blown all over the local area I think most astronauts can live with it.

3
0
PassiveSmoking
Silver badge

Just like any other capsule then, with the notable exception of Apollo. During a test of its launch escape system the test rocket (a Little Joe) broke up, triggering the escape system to fire for real. That was entirely a lucky accident, however, and would be difficult to repeat intentionally.

5
0

Page:

Forums