* Posts by PassiveSmoking

429 posts • joined 29 Aug 2010

Page:

AdBlock Plus, websites draft peace deal so ads can bypass blockade

PassiveSmoking
Bronze badge

Sorry, but any ad blocker that knowingly doesn't block all ads isn't fit for purpose.

I don't block ads because they annoy the ever living crap out of me (although they most definitely do), I block them because I can't trust them not to be infested with malware, spyware, etc etc. We've already had a couple of stories this week about ad servers being compromised by bad guys who then use them to push malicious ads. If I can't be certain that there's zero risk to me and if there's no benefit to me (and watching your ads is not a benefit!) then why take the risk?

It also kind of smacks of extortion. "Nice ads, it would be a shame if somebody blocked them"

Does anybody an ad blocker for firefox and/or chrome that's run by people with more integrity than AdBlock?

0
0

London seeks trials of Google's robo-cars

PassiveSmoking
Bronze badge

Re: fire all the meatsack drivers

As someone who is a) unable to drive on medical grounds (eyesight below the minimum for a license) and b) sick and tired of being scared half crapless by drivers not paying any attention, I can't wait for these things to replace meatsacks. The idea of being to go where I want without depending on public transport or paying through the nose for a kamikaze warrior in a minicab is something I can't resist.

5
0

It killed Safe Harbor. Will Europe's highest court now kill off hyperlinks?

PassiveSmoking
Bronze badge

Re: An analogy?

There is a big problem with that analogy, namely if somebody finds something that doesn't belong to them and keeps it/shares it then it's still technically theft. For example if you leave the front door of your house hanging open and somebody burgles it, then it's still burglary even though they didn't have to break and enter.

The other big problem with your analogy is that linking to a document doesn't deprive the document's owner of the content, it merely makes everybody aware that the content exists.

5
1
PassiveSmoking
Bronze badge

Isn't putting a document on a public server an implicit publication? I'd say it is.

17
1
PassiveSmoking
Bronze badge

I'm sorry, but the point at which it's a breach of copyright to point out that something exists is the point where copyright law will be so far up its own arse that it can see its own tonsils. If you don't want people to know about your top secret content then the onus is on you to not put it on a public-facing server.

8
0

Pentagon can't check F-35 maintenance thanks to insecure database

PassiveSmoking
Bronze badge

Something goes wrong with the F35 project

surprising no-one.

10
0

Little warning: Deleting the wrong files may brick your Linux PC

PassiveSmoking
Bronze badge

Re: if EFI and Linux is problematic

Because Apple's EFI implementation doesn't suck?

0
0
PassiveSmoking
Bronze badge

Re: Sounds Really Clever?

Having a separate write and delete permission wouldn't really fix things. There'd be nothing to stop somebody with write permission but not delete permission to overwrite a sensitive file with a zero-length one.

14
3
PassiveSmoking
Bronze badge

Scratch Monkey

Whenever you mount things that aren't really filesystems as filesystems you always risk some user running an inappropriate filesystem command on them. Users need to be aware that what they think they're doing and what they're actually doing might not necessarily be the same thing. Conversely, system designers should really think a bit more about how they might choose to expose certain things (like the EFI vars in this case). If these had been exposed via some interface other than the filesystem there would have been no problem.

This puts me in mind of the scratch-monkey story. Allegedly, an old VMS mainframe was being used to monitor brain activity in monkeys using skull caps wired up to the machine through its disk interface with a hacked driver that presented the raw data to the machine as a read-only filesystem. One day a Digital engineer was called in to run regular maintenance on the machine. He apparently re-mounted the monkey filesystem as read/write and commenced the standard diagnostic routines on the disk hardware. The result was electric shocks were delivered to the monkeys, stunning several and killing a few. The fallout of this incident was apparently quite significant, as a valuable scientific experiment was destroyed, several monkeys were killed, and everyone directly involved was traumatised.

So before you do anything crazy with your filesystem, always mount a scratch monkey.

5
0

UK taxpayers should foot £2bn or more to adopt Snoopers' Charter, says Inquiry

PassiveSmoking
Bronze badge

Dear readers

If any of you voted for these clowns at the last election I hope you feel suitable ashamed of yourself now.

5
0

30 years on from Challenger, NASA remembers the fallen

PassiveSmoking
Bronze badge

Re: All failures of management

Kranz ran a tight ship, for sure.

1
0
PassiveSmoking
Bronze badge

All failures of management

Aside from all happening in the winter, NASA's three big failures all have something else in common, fundamentally they were all failures of management.

Apollo 1 happened because NASA management let quality control and oversight slip and put the schedule ahead of everything else. This resulted in North American delivering the block 1 Apollos in such a shoddy state that they were basically death traps.

Challenger's management failures are already well understood and are used to this day as a case study in how not to manage high risk projects. Management had ridiculously optimistic estimates of the risk of operating a shuttle which, as Richard Feynman noted, would mean that you could launch a shuttle daily for 300 years and expect not to have an accident if true, a figure that was blatantly ridiculous to even the rankest layman and which flew in the face of NASA's own engineers who put the risk of failure at 1 in 200 (which while still optimistic as it turned out, was far closer to reality than Management's figure). It seems they were in the habit of minimising risks and ignoring engineers and when the engineers raised concerns over the Challenger flight they were ignored once again, but this round of Russian Roulette was one round too many.

It's disheartening to know that Management made almost the same mistakes with the Columbia disaster. Once again, Management started minimising known risks for the sake of the schedule, ignoring repeated incidents where the heat shield was damaged by shedding tank foam, treating the incidents as annoyances rather than life-threatening events. Once again, engineers raised concerns that the heat shield had been damaged and wanted to plan some contingencies, and again they were ignored. And while a rescue was unlikely there could have been options if only the engineers had been allowed to formulate and execute a rescue mission of some sort.

On the other hand, arguably NASA's biggest success, the safe return of the Apollo 13 crew, was largely down to superlatively good management. Managers and engineers pulled together and worked through the problems one by one and the end result was three exhausted and traumatised, but alive, astronauts standing on the deck of the USS Iowa Jima.

NASA needs to learn the lessons all of these events have to teach and learn them properly. Until they do they'll simply be waiting for the next disaster.

7
0

Back to the Future's DeLorean is coming back to the future

PassiveSmoking
Bronze badge

Re: A couple points ...

When the original design began to fall apart they turned to Chapman to try and fix things. The chassis used for this car is to all intents and purposes the one from the Esprit. Except on stilts and wobbling all over the place like a clown car.

4
0
PassiveSmoking
Bronze badge

Re: A couple points ...

Both the gutless performance and wallowy handling have their roots in Californian emissions and safety laws at the time, respectively. American petrol is lower octane than its European equivalent so the engine which wasn't that great to start with was already down on power in America, and then California insisted that a load of emissions control equipment (catalytic converter etc) were added as well (such things weren't as widely used at the time as they are today).

On top of that, California road safety laws required a front bumper at a very specific height from the road, and the Delorean was too low slung to meet that requirement. In the end the company got around that problem by taking the path of least resistance and simply raising the suspension to the bumper would be at the required height, but this ruined its handling characteristics in the process.

The result was a "sports" car that could barely even get to 88 mph and rolled like a marble.

17
0

GitHub falls offline, devs worldwide declare today a snow day

PassiveSmoking
Bronze badge

Re: re: when GH goes down its like a free holiday

But my code's compiling!

https://xkcd.com/303/

3
0

If you're one of millions using Magento – stop whatever you're doing and patch now

PassiveSmoking
Bronze badge

Re: Magento does not properly validate this email

Javascript validation huh? I think I know how such a secure system can be bypassed.

> curl --data 'email=%3Cscript%3Ealert+%28%22owned%2C+beeyotch%21%22%29%3C%2Fscript%3Eme%40email.com' -X POST http://my.magento.installation.com/register.php

If your validation is client side only then you have no validation. It's rule freaking one of developing an app. Be like Fox Mulder when it comes to user supplied input and trust no-one.

A newbie developer can be forgiven for making a mistake like that (after they've had it beaten into them not to do it again of course). A "professional" outfit like Magento should know better.

0
0

Mobile dev toolkit biz Appcelerator gobbled up by Axway

PassiveSmoking
Bronze badge

Appcelerator is already a bloated mess, though, so they can't really make it much worse.

0
0
PassiveSmoking
Bronze badge

I hope the first thing Axway does is scrap the the Eclipse-based IDE that's an affront to all that's good and right in the world and replace it with one that actually works.

0
0

Sainsbury's Bank web pages stuck on crappy 20th century crypto

PassiveSmoking
Bronze badge

Re: “Someone there should be beaten to a pulp with a keyboard.”

Unless you got blood on it. Liquid was the Model M's kryptonite.

1
0

Adblock Plus blocked from attending ad industry talkfest

PassiveSmoking
Bronze badge

I don't just block ads because they suck (which they do), I block them because they're far too much of a security and privacy risk. One I'm not prepared to put up with for the "benefit" of seeing ads which suck.

4
0

Evil OpenSSH servers can steal your private login keys to other systems – patch now

PassiveSmoking
Bronze badge

Re: Java

I nearly said java, but then I remembered how many security flaws the JVM and JDK seem to lead to so thought better of it.

0
0
PassiveSmoking
Bronze badge

I think the time has finally come to admit that security-critical subsystems should never be written in a language as hairy as C. There's so many gotchas (double-free, dangling pointers, buffer overruns, etc etc etc) that you can't depend on C code to keep sensitive data private.

We need an SSH library written in something that doesn't let the programmer make so many mistakes and makes it very obvious when they do make one, preferentially one that does all the error-prone memory management for the programmer. C# or Swift, maybe?

0
7

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

PassiveSmoking
Bronze badge

Don't be too hard on them, they're only ensuring that their equipment is Snooper's Charter Compliant.

Also, "management authentication issue"? nice double-speak.

0
1

UK NHS-backed health apps 'riddled with security flaws'

PassiveSmoking
Bronze badge

Don't be too hard on them, they're just making sure their software is Snooper's Charter Compliant.

5
1

Nvidia GPUs give smut viewed incognito a second coming

PassiveSmoking
Bronze badge

Do you need bottled oxygen atop that high horse you're riding around on? The air must be awfully thin up there.

3
1

Lovelace at 200: Celebrating the High Priestess to Babbage's machines

PassiveSmoking
Bronze badge
Thumb Down

Re: Sexist shite

Go back to Return Of Kings, its comments section is far better suited to your attitudes.

16
2

Mozilla warns Firefox fans its SHA-1 ban could bork their security

PassiveSmoking
Bronze badge

Re: I've known this for a while

You can turn it off (the article even tells you how)

2
0

Reverser laments crypto game protection, says wares dead after 2018

PassiveSmoking
Bronze badge
Big Brother

Don't worry Fifi, the UK government amongst others are moving to make the encryption technology that protects such products from piracy illegal, or at least neutered to the point of uselessness, because terrorism. Their ignorance should ensure that legitimate uses of encryption such as protecting copyrighted works from the likes of you will cease, because as everybody knows if you're not a government then there are no legitimate uses for encryption.

3
2

Periodic table enjoys elemental engorgement

PassiveSmoking
Bronze badge
Coat

117

Masterchiefium?

0
0

Physics uses warp theory to look beyond relativity

PassiveSmoking
Bronze badge

There's your warp bubble, Wesley.

0
0

Google chap bakes Amiga emulator into Chrome

PassiveSmoking
Bronze badge

Re: Ahh, Amiga

And pre-emptive multitasking in 1985 as well, something most consumer grade Operating Systems didn't have until 2000 (Windows XP and OSX)

5
0

How I Learned to Stop Worrying and Love the Star Wars Special Editions

PassiveSmoking
Bronze badge

Re: Blade Runner

Yes, but all the various cuts have been made available, whereas Lucas seems intent on burying the older cuts. I've got a 5 disc box set with all five cuts of Blade Runner from the work print to the Final Cut.

11
0

Brit 'naut Tim Peake thunders aloft

PassiveSmoking
Bronze badge

Re: 2 Tims ? - is this a good idea?

Roger, Roger. What's your vector, Victor?

5
0
PassiveSmoking
Bronze badge

I could not believe how calm he looked during ascent. I'd be screaming all the way to orbit. But I guess that's why he's in orbit and I'm debugging ecommerce software.

Good job, hope it all goes flawlessly up there and you make a safe return.

1
0

GCHQ Christmas Card asks YOU the questions

PassiveSmoking
Bronze badge

Santa Claus is coming to town

The lyrics could just as equally well describe GCHQ with some slight tweaking.

They're making a list

They're checking it twice

They're gonna find out who's naughty or nice

A government SWAT team is coming to town.

They know when you are sleeping

They know when you're awake

They know if you've been bad or good

And if your name is Mohammed you'll get dragged off to Belmarsh for enhanced interrogation

7
0

Boffins teach cars to listen for the sound of a wet road

PassiveSmoking
Bronze badge

You could measure the temperature and if it's low enough for black ice to be a possibility then adopt the required driving style. If they're connected to the internet they could even download weather reports to refine the decision.

As for detecting it in real time, I'm pretty sure it's more reflective than a normal road surface so maybe that could be used to spot patches of the stuff?

2
0
PassiveSmoking
Bronze badge

Re: What the what?

As opposed to wind, snow, ice, fog...

0
0
PassiveSmoking
Bronze badge

Re: 93.2 % accuracy

That's why it's still a prototype :)

1
0

Obama calls out encryption in terror strategy speech

PassiveSmoking
Bronze badge

He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they? Doing so would surely eradicate all terrorism because all you ever see on the news is terrorists riding around in Toyota Hiluxes full of AK47s and RPGs.

Come to think of it he never asks weapons manufacturers to make it harder to use their products for terrorism either.

Why is the technology sector being singled out for this kind of treatment? Even after being told what he wants is mathematically impossible and that any back door that makes it easier for law enforcement also makes it easier for criminals and terrorists? Could it be that encryption is seen as s convenient scape goat maybe?

11
0

Infosec bods rate app languages; find Java 'king', put PHP in bin

PassiveSmoking
Bronze badge

PHP has had support for SQL prepared statements for years (which while they don't make SQLi impossible, they do make it very very difficult).

Yet time and time again I see people on Stack overflow showing code examples where SQL is constructed from strings, even worse from $_GET/$_POST/$_REQUEST etc. And then I see that coding style all over the place in live codebases too. It's depressing.

One problem is I think most people who learn Java do so at university or as part of some formal learning process, whereas a lot of PHP programmers are self-taught and learn from tutorial sites. There are far too many PHP tutorials knocking around that date back to the PHP 4 days so you see the same bad practices being learned even though there are far better options now.

There's also the issue of Java being hard and PHP being easy. With Java you really have to understand it at least on a basic level to get it to do anything at all, whereas it's ridiculously easy for a complete beginner to write a PHP script that does something. While everyone bitches about Java's strictness, it does force programmers to be a bit more careful.

But really, there's no excuse for bobby tables any more.

0
0

Are you the keymaster? Alternatives in a LogMeIn/LastPass universe

PassiveSmoking
Bronze badge

"Dashlane is just like lastpass"

Except that you don't get synch for free and there's no Linux support.

So.... not really that much like LastPass at all then?

2
0

Sued for using HTTPS: Big brands told to cough up in crypto patent fight

PassiveSmoking
Bronze badge

I've got a better fix

Scrap software patents and business process patents. They're so beyond ludicrous that it would be funny if not for the economic damage they do.

23
2

VW's Audi suspends two engineers in air pollution cheatware probe

PassiveSmoking
Bronze badge
Unhappy

Scapegoating!

It's a thing!

0
0

Finding security bugs on the road to creating a verifiably secure TLS lib

PassiveSmoking
Bronze badge

Invisible features

"In addition, many fail to see the benefits of upgrading until a particular serious vulnerability in older technologies is exposed."

And the Titanic only needed 20 lifeboats until it was sinking.

The problem with things like security is that they're invisible to the user, therefore it's normally very difficult to impossible to make a case to management for investing time and resources into improving security, until Bobby Tables has stolen your database and you're all over the news for the leak of 40,000 sets of credit card details you were responsible for.

This attitude needs to change if any real progress is to be made. You can improve the TLS library all you want and it won't do any good if developers are not allowed to update the TLS libraries in their software because management want a cute song to play whenever a customer puts something in their basket.

1
0

Cartoon brings proper tech-talk to telly

PassiveSmoking
Bronze badge

passwords can be brute-forced in moments

That bit's actually fairly accurate, given that most people still use some variant of "password" as their password (passw01d, wordpass, password123, etc etc), and given that certain clueless entities (*coughtalktalkcough*) store passwords with cryptographically weak hashing and no salt, or even as plain text.

0
0

Who's right on crypto: An American prosecutor or a Lebanese coder?

PassiveSmoking
Bronze badge

The elephant in the room

The thing that nobody seems to want to discuss at this point is the simple fact that at least half the Paris attackers were already known to authorities, said authorities had been alerted to the threat they posed by Turkey, and their activities had been tracked for at least a year in some cases prior to the attacks. They already had a wealth of information on these guys, none of which was encrypted, and there were alarm bells ringing that seem to have been ignored.

If the security services can drop the ball so badly when there's plenty of information available saying "Hey, these guys might be planning something awful" then why would having access to even more data ensure that such a tragedy can't be repeated in the future?

Maybe the security services need to learn to effectively use the cornucopia of data they have at their disposal already before demanding access to even more.

22
0

Tech goliaths stand firm against demands for weaker encryption after Paris terror attacks

PassiveSmoking
Bronze badge

Unfortunately, she's not being a moron. She's actually being very clever. By using such sickening language she's getting the general public who listen to her (most of whom aren't as cognisant of the fact that encryption is the cornerstone of the modern commercial internet and that they almost certainly use encryption themselves on a daily basis) to think with their hearts instead of their brains. She's also implanting a narrative in their heads that encryption is somehow inherently evil and immoral and something that only bad people would ever dream of using.

And the real tragedy is that it's working.

Just look at a typical comments section on the Daily Mail related to security, hacking, encryption etc and you'll find at least a third of the commenters are repeating the hold "Nothing to hide, nothing to fear" canard, completely ignorant of how much of their own personal data needs to be protected from prying eyes for their own good.

8
0

Big Bang left us with a perfect random number generator

PassiveSmoking
Bronze badge

Re: but but

It's God's final message to His creation.

Decrypted, it reads: "WE APOLOGISE FOR THE INCONVENIENCE"

21
0

Comcast resets 200k cleartext passwords, hacker claims breach

PassiveSmoking
Bronze badge

So they store the passwords as plain text.

Quality service!

Can we have a rule please? Anyone who uses SHA-1 or weaker for passwords gets publicly slapped.

Anyone who uses plain text gets a kick in the balls.

And that's per password.

1
0

UN privacy head slams 'worse than scary' UK surveillance bill

PassiveSmoking
Bronze badge

Thanks UN for stating the obvious. Not that our "publicly elected servants" are going to listen.

3
0

Page:

Forums