Feeds

* Posts by NullReference Exception

76 posts • joined 10 Oct 2010

Page:

Android's Cyanogenmod open to MitM attacks

NullReference Exception

Re: Inadequate CA CSR review partly to blame

The cheap/free certificate providers I've used (StartSSL, GoDaddy, Comodo) do NOT let you specify arbitrary values for certificate fields - they ignore pretty much everything in the CSR except for the key and fill out the rest of the cert with hardcoded values (either blank fields or fixed strings like "Domain Control Validated".) Can't speak for more expensive cert providers as I've never had occasion to use one.

2
0

What the 4K: High-def DisplayPort vid meets reversible USB Type C

NullReference Exception

Re: 100W? Isn't the copper a bit thin for that??

The USB Power Delivery spec accounts for this - there is a presence detection & handshake process that makes sure the connected device and cable can support the required voltages and currents before the power is actually switched on. If the handshake doesn't happen, you just get the standard 5 volts/500mA. This handshake process also allows for the power to flow "backwards" (i.e. from target to host), so that when you plug your laptop into a USBPD-enabled monitor, the monitor will be able to provide power to the laptop.

2
0

CNN 'tech analyst' on NAKED CELEBS: WHO IS this mystery '4chan' PERSON?

NullReference Exception

Re: Passpattern

Be careful... some of the more common keyboard patterns have found their way into password brute-force dictionaries. The folks at SANS recently started monitoring the passwords used during SSH brute-force scanning attacks. The top two are of course "admin" and "password", but you don't have to go very far down the list before you start seeing things like "1qaz2wsx" and "123qwe!@#". See https://isc.sans.edu/ssh.html

0
0

Time to ditch HTTP – govt malware injection kit thrust into spotlight

NullReference Exception

Re: SSL is a good thing

StartSSL has recently started to reject requests for Class 1 certs for any website that looks even remotely commercial, claiming that their free product is not intended for commercial use. (They appear to be manually checking sites.) They do have a pay product, but unless you plan to issue multiple certificates for a single domain it's priced higher than most of the competition.

The ultimate solution here is to distribute certificates via DNSSEC and cut the CA's out of the loop entirely, but that's a long way off. And the domain registrars will probably find some way of charging for it anyway, seeing as how many of them are also in the CA business.

0
0

Indie ISP to Netflix: Give it a rest about 'net neutrality' – and get your checkbook out

NullReference Exception

Re: ...

The post office charges you per letter, the taxi company charges you per mile, the restaurant charges you per dish (even the all you can eat buffet gets mad if you leave food on your plate), and the cinema charges you per film. But the Internet provider charges a flat rate whether you push 500 KB a month or 500 GB, simply because it's always been that way. The "solution" to this problem, unfortunately, may turn out to be metered pricing (and no, I'm not looking forward to it either.)

10
7

Microsoft thumbs nose at NSA, hardens crypto for Outlook, OneDrive

NullReference Exception

Re: So?

TLS (Transport Layer Security) - even with PFS - only encrypts the connection that transfers messages from the sender's mail server to the recipient's mail server. It does not address encryption of messages while they are stored on the server. Unless additional measures not discussed in the article are in place (such as S/MIME with appropriate key management), an adversary with access to the mail provider's systems and/or cooperation from the provider can still read people's messages regardless of whether TLS was used to transfer them.

5
0

You need a list of specific unknowns we may encounter? Huh?

NullReference Exception

It's probably slightly worse in the Army due to the leadership positions all being on ~3 year rotations. The new guy comes in and decides the previous guy was doing it Wrong and he's going to throw it out and do it Right. Three years later, when you're halfway through the new project, the process repeats. Meanwhile, the Beltway bandit support contractors are laughing all the way to the bank...

0
0

Verizon threatens Netflix in video lag blame game

NullReference Exception

Re: A simpel Ping+TraceRoute solves it.

Alternatively, they could give maximum priority to ICMP so that the pings look great even if the network is otherwise totally hosed. Or you could get really clever and send them over a different route entirely. You can't really take ping results at face value anymore (if you ever could.)

tcptraceroute is a better option, but even that can be detected and messed with.

8
0

FCC seeks $48K fine from mobile phone-jamming driver

NullReference Exception

Re: On a separate note...

These things can be purchased direct from suppliers in China. If customs catches it they will throw it out and send you a nastygram, but it's hard to catch everything. On the other hand, I remember DealXtreme used to sell cell and GPS jammers but no longer seems to carry them - a search for "jammer" returns no results. This would imply that someone, somewhere, is indeed trying to get them off the market.

2
0
NullReference Exception

Re: Decision time?

Disabling the radio in a phone moving over 30kph would prevent the phone from being used on the bus/train/etc. I imagine a large number of people would complain about that.

There has been some noise made by the US Transportation Department about technologies that could disable a phone only when it is located near the driver's seat of a vehicle. This is, in theory, a better idea (assuming the technologies actually exist and work) but could be easily circumvented as well - throw the phone on the passenger seat and use the speakerphone or a headset.

No easy answers...

3
1

US Supreme Court Justices hear arguments in game-changing software IP case

NullReference Exception

Re: A thought experiment

Fair enough. But the "exact form of the carefully arranged sand" is actually protected by copyright (technically "mask work rights", which is almost but not quite the same as copyright - shorter terms, for one thing.) A patent, should we deem the Verilog-program-expressed-as-sand to be patentable, would also protect similar arrangements of sand that do the same thing. So it's still hairy.

0
0
NullReference Exception

A thought experiment

Suppose I have an algorithm. Instead of coding up that algorithm in C or JavaScript or some other traditional language, I code it up in Verilog. Verilog is Turing-complete, so I can use it to code up any algorithm. I can then take that Verilog program and run it on a computer. I can also take the program and build an FPGA netlist from it, or (if I have more money than sense) send it to a fab and have them stamp out some chips that implement it. Is this software or hardware? Is it both? Is it patentable?

The line between "software" and "hardware" is becoming blurrier every day, so this sort of thing could become quite hairy.

1
1

OkCupid falls out of love with 'anti-gay' Firefox, tells people to see other browsers

NullReference Exception
Trollface

I notice that *no one* is calling for a boycott of JavaScript. Oh well, we can always dream...

38
0

Shuttleworth: Firmware is the universal Trojan

NullReference Exception

Re: But then we'd need hardware standards

And those with a *really* serious financial interest in getting the secrets can (literally) disassemble and analyze your hardware... the fact it's not software isn't going to stop them.

0
0

Seattle pops a cap in Uber and Lyft: Rideshare bizs get 150-driver limit

NullReference Exception

Re: Never quite so black and white

If Uber/Lyft had asked for legal clearance first, the answer would have been "Heck no" and they wouldn't have a business. By not asking, they got to fly under the radar for a while and build up a customer base (which becomes an asset during the inevitable regulatory fights - the customers want the company to stay around, and they vote.) It's ALWAYS easier to beg forgiveness than to ask permission.

0
0

Google slams Play Store password window shut after sueball hits

NullReference Exception

Gift cards

While requiring a password will certainly help, in my mind the right way to deal with this is not to use a credit card at all. Instead, fund your kid's phone with Google Play/iTunes gift cards (conveniently available at your local supermarket.) Let your kid buy the cards themselves with their allowance money. They will quickly learn that those in-game powerups cost real money and they won't break the bank doing so. This also avoids the risk of the app store password getting shoulder-surfed.

14
0

Even HTTPS can leak your PRIVATE browsing

NullReference Exception

Or your ISP and their "partners", or the wifi access point at the local coffee shop...

10
0

How a Facebook post by blabbermouth daughter cost her parents $80,000

NullReference Exception

Re: The real problem isn't that she revealed they'd got money.

Except that the gag "order" in this case was voluntarily agreed to by the father as part of the settlement. Had he chosen to go to trial, he'd be free to talk about the case as much as he wanted. (But he might not have gotten his $80K.)

2
2

What's up with that WhatsApp $19bn price tag? Answer: Voice calls

NullReference Exception

Re: I think that we may see the mother of all cage fights in the US market.

Except that most U.S. carriers now include unlimited talk & text in their plans but have data quotas with overage charges. (A few years ago it was the other way around.) So, at least as far as domestic usage is concerned, the "problem" may solve itself. International calls are a different matter.

On the other hand, on 4G/LTE networks, "voice calls" are internally implemented as VoIP. Could get interesting...

5
0

MtGox MELTDOWN: Quits Bitcoin Foundation board, deletes Twitter

NullReference Exception

Banking regulation

Can't live with it, can't live without it.

4
2

Collective SSL FAIL a symptom of software's cultural malaise

NullReference Exception

Re: Goto

Not to mention, if you use the do { /* stuff */ } while (false); construct and have two break statements where there should be one (instead of two goto statements where there should be one) you have the exact same bug...

0
0

Cut-price Linode competitor spins up Singapore bit barn

NullReference Exception

What you pay for

Rackspace has a phone number.

Linode has a phone number.

DigitalOcean has a contact form.

Now, admittedly, 98% of people don't really care (I use DigitalOcean myself for some stuff) but support is one of those things you don't miss until the time you really, really need it...

1
0

Verizon: Us throttling AWS and Netflix? Not likely

NullReference Exception

Verizon technical support...

... once tried to tell me that my computer could get a virus while it was powered off and disconnected. I wouldn't take anything they say at face value.

2
0

The other end of the telescope: Intel’s Galileo developer board

NullReference Exception

And if you need power, programmability, and the time of day, you get a Galileo.

Seriously, am I the only one in the world excited that someone is FINALLY making a low-cost Linux dev board with a battery-backed hardware clock?

1
1

Candy Crush King went 'too far' when it candy crushed my app – dev

NullReference Exception

The thing you had on your PDA in 2004 was probably Same Game, which Wikipedia says has been around since 1985... so yeah.

2
0

Almost everyone read the Verizon v FCC net neutrality verdict WRONG

NullReference Exception

Re: Nice straw man

Your comment hints at a bigger problem: there are many things that could cause Netflix service to be "degraded" on Company X's network besides intentional interference on X's part. If the links between Netflix's datacenters and X's network are all at capacity, then X's customers will have problems accessing Netflix. Who is at fault here? More to the point, the only way to fix this is to install a bigger connection between X's network and Netflix (or install some Netflix caching servers directly on X's network) - and neither Netflix nor X are really going to want to pay for this. Furthermore, since the servers supporting X's VOD service are already on X's network, they won't be affected by this congestion and the quality of service will be better. Note that there is no "intentional" degradation of service involved here!

The bottom line is that network neutrality laws and regulations are going to prove very troublesome to enforce, because "degradation" can be percieved in many ways. In the good old days when most sites were producers as well as consumers of data and traffic between networks was more or less symmetric, congestion was everybody's problem and fixing it benefitted all involved. But now that the Internet has evolved into a distribution system for YouTube and Netflix, things are a lot less symmetric and congestion therefore becomes a very thorny issue.

0
0

Will small biz get a bite of mega UK.gov IT pie? Yes: if it can pass the bulls**t sniff test

NullReference Exception

Re: Not so fast.

Agile or no, the government tends to have trouble getting past the "big picture" stage. Never mind the details...

1
0

Curiosity keeps on trucking despite government shutdown

NullReference Exception

Re: Surely this is a joke

Most of the U.S. government is funded on a year-to-year basis, with the fiscal year ending 30 September. Congress is supposed to pass funding bills for the next fiscal year before the end of the current fiscal year. If that doesn't happen, by law, the parts of the government that did not get funded are shut down until new appropriations bills are passed. (Someone, somewhere, thought this was a good idea.)

There are exceptions for functions that are essential to the protection of life and property (the definition of which seems to be left as an exercise for the reader,) so the Weather Service, air traffic controllers, half of the Defense Department, etc are still on the job. Also, things that are funded through user fees or other mechanisms that don't expire at the end of the year are still open. This includes things like the mail, courts, passport processing, Amtrak, the Patent Office, some benefits programs, and the like.

There were a bunch of shutdowns in the 1970s and 1980s as well as a couple in the mid-90s. So this is not without precedent, but it hasn't happened anytime in recent memory.

0
0

Bill Gates: Yes, Ctrl-Alt-Del salute was a MISTAKE

NullReference Exception

Re: "Oops. Did hitting that mess something up for you?"

The original Apple ][ and ][+ had a "RESET" key on the top right of the keyboard, right above the Return (i.e. Enter) key. It was very easy to hit it by mistake and lose all your work. Many users would make it harder to hit RESET by putting rubber washers under the keycap or using various other tricks. Eventually, someone at Apple realized that single-key RESET was NOT a good idea, and from the Apple //e onwards the design was changed so you had to press Ctrl+RESET to do a reset.

Bill & Co used to write stuff for the Apple... guess he forgot about this!

4
0

Boffins debate killing leap seconds to help sysadmins

NullReference Exception

Re: Unix time

Except the GPS system already broadcasts the offset between GPS time and UTC time (i.e. the leap second count since the GPS epoch)...

0
0

Chap unrolls 'USB condom' to protect against viruses

NullReference Exception
Mushroom

No

Fast chargers signal their presence by tying the data lines *to each other*, not power. Tying the data lines to the power would produce amusing results. (Well... amusing to a bystander, anyway. Maybe not so amusing to the owner of the device.)

On the other hand, a USB cable with the power lines connected but the data lines open (not connected to anything) will usually result in the device not charging at all.

1
0

KVM kings unveil 'cloud operating system'

NullReference Exception

Re: Yes, But...

Actually, it reminds me of IBM's VM/CMS (dumb OS running on a smart hypervisor.) I've often wondered what mainframe graybeards think about everyone's newfound fondness for virtualization...

4
0

Tesla cars 'hackable' says Dell engineer

NullReference Exception

Kids these days

When I was your age, the only API that my car had was a steering wheel and a gas pedal. And we liked it!

0
0

Apple erects measures to stop app-happy kids splurging parents' dosh

NullReference Exception

The game is using the iTunes/App Store payment functionality, so it uses the credit card already on file with the iTunes account. It doesn't prompt for credit card details. That's what makes this particularly nasty.

Besides passwords, another option is to not associate a credit card with the iTunes account and to fund it with iTunes gift cards instead (conveniently available in your grocery store's checkout line, at least around here.) Better yet, give your kids an allowance and make them pay for the iTunes gift cards with their allowance money. That should make it pretty darn clear that those virtual smurfberries are being bought with cold, hard, real-world cash.

0
0

Amazon founder Bezos snaps up Washington Post

NullReference Exception

Re: Debt and pension liability

Bezos isn't getting the real estate - it all remains with the Company Formerly Known As The Washington Post Co. (along with the Kaplan University distance learning and test-prep business, which is quite profitable, and a few other odds and ends including some rural cable systems.) Bezos isn't even getting the Post's office building. He's just getting the newspaper business.

All of the other businesses that are part of the deal are connected in some way with the paper - Robinson Terminal is the Post's newsprint warehouse, and I think Comprint prints the Post's regional papers.

Going to be interesting to see how this pans out.

1
0

Ultimate Radio Deathmatch: US Navy missile-defence radar vs 4G mobile mast

NullReference Exception
Black Helicopters

Re: Call me stupid

Something tells me they are a lot more concerned about the cell system potentially causing false radar returns than they are about any temporary disruptions in phone service...

2
0

Google rolls its eyes, gives Windows Phones five more months to sync

NullReference Exception
WTF?

Well supported by everything... except Android.

Seriously. Despite all of Google's supposed advocacy, Android STILL doesn't contain native support for CalDAV and CardDAV... you need third party apps. WTF?

3
0

Google Glassholes to be BANNED from UK roads

NullReference Exception

Re: incompatible

Here in the US, every factory-installed nav system that I've seen will disable input (except for voice commands) when the vehicle is moving. I guess it prevents idiots from poking at the screen at 70mph, but it's also quite annoying if you have a passenger who can work the nav system for you. Aftermarket sat navs and phone apps, of course, don't have this feature.

2
0

Intel's homage to Raspberry Pi: The much pricier Minnowboard

NullReference Exception
Boffin

Re: Minnowboard?

That's because it's not intended to compete with Raspberry Pi. From the name, price point, form factor, and level of embedded I/O, it's intended to compete with TI's BeagleBoard and its family of followons (HawkBoard, PandaBoard, etc.) Anyone familiar with the BeagleBoard will find the name quite descriptive.

Of course, the Pi has most of the mindshare, so the comparisons are inevitable even though the products really occupy two different niches - dirt cheap educational/hobbyist platform in the case of the Pi, relatively inexpensive open source embedded reference design/eval board in the case of the ZooBoards. And yes, if you've ever seen the prices for "real" embedded processor eval boards with OEM developer support, the ZooBoards are quite cheap.

1
0

Bill Gates' nuclear firm plans hot, salty push into power

NullReference Exception
Meh

Yes and no

The Manhattan Project constructed a small number of big, expensive atomic bombs, and the Apollo program constructed a small number of big, expensive moon rockets. But this was enough to get the job done - the US won World War II and beat the Russians to the Moon. Economies of scale were not necessary.

We *have* tried this approach with fusion - we've thrown lots of money and brainpower at it, and have designed and built a small number of big, expensive demonstration reactors that show that it is indeed possible to generate electricity from nuclear fusion. But, in this case, this is NOT enough to do the job. You've got to scale it up. You need to build a Model T, not a Saturn V.

2
1

WAR ON PORN: UK flicks switch on 'I am a pervert' web filters

NullReference Exception
FAIL

Re: Gesture politics at its worst @N000dles

Better kiss El Reg goodbye then...

$ nslookup www.theregister.co.uk

Name: www.theregister.co.uk

Address: 50.57.15.204

$ nslookup 50.57.15.204

** server can't find 204.15.57.50.in-addr.arpa.: NXDOMAIN

Seriously... with CDNs, name-based virtual hosts, cloudy virtual machines, load balancers, IPv4 exhaustion, NATs, and all that other stuff, probably 90% of the web doesn't have valid reverse DNS these days.

2
0

US town mulls bounty on spy drones, English-speaking gunman only

NullReference Exception
Mushroom

It's the 21st century equivalent of a nuclear-free-zone ordinance...

4
0

Are driverless cars the death knell of the motor biz?

NullReference Exception
Childcatcher

Re: flying

You can't sue a machine, but you certainly can sue the manufacturer... could get very interesting.

0
0

Emergency alert system easily pwnable after epic ZOMBIE attack prank

NullReference Exception
Mushroom

Re: Question for all...

The Presidental Alert does indeed mean "the nukes are on the way". It's a bit of a relic of the Cold War, and has never actually been used in practice in any of its forms. (Not even on September 11, 2001.)

0
0

ICANN puts Whois on end-of-life list

NullReference Exception
Unhappy

Re: Yup. Whois should definitely be going the way of the Dodo.

Exactly. Even if the contact info is bogus or private, you can tell a lot from just the registrar id and the domain registration date (mail from young domains is more likely to be spam, certain registrars are more abuse-friendly than others, etc.) It would be very handy to have an automated way to query this information to help with spam filtering or greylisting. But from the sounds of it, ICANN wants to restrict this data to people who cough up money. Yet another nail in the coffin of the small-time email operator...

7
0

Play the Snowden flights boardgame: Avoid going directly to Jail

NullReference Exception
Stop

Re: in transit

As was pointed out in the article, some countries (including the US and Canada) require that everyone go through border control regardless of whether or not you are connecting to another flight, and the airports are designed to funnel all arriving international passengers directly to the border control area. There is no neutral zone.

0
0

Report: Cloud could slash biz software energy use by 87%

NullReference Exception
WTF?

Shades of IBM

"There's a world market for maybe 85,000 computers." Ha.

Also, where's the love for on-premise clouds? You could get a lot of the same energy benefits from that (or, for smaller organizations, simple virtualization setups) without having to outsource everything to Mountain View.

0
0

Apple at WWDC: Sleek new iOS, death of the big cats, pint-sized Mac Pro

NullReference Exception
Childcatcher

Nitpick

"Designed by Apple in California" is not new. It's appeared on pretty much every Apple product and package (sometimes quite conspicuously) since the dawn of the Jobs II era. Checking my collection, the phrase appears on the bottom of my Flower Power iMac (2000) but not on my graphite G4 (1999) - possibly because the latter says "Assembled in USA" instead...

1
0

Elon Musk pledges transcontinental car juicers by end of year

NullReference Exception
Boffin

Re: Musk obviously has staff to pay his bills and thus never actually sees them ...

EV charging can be used to smooth out demand IF those EVs are being used as urban/suburban commuter cars charging in the driveway overnight and/or the parking lot of the office building during the day. EVs on cross-country road trips are a whole different animal. If you roll into Flagstaff at 3:42pm with a low battery, you don't care what the price of electricity is at 4 in the morning, because it's 3:42pm and you need to charge your car. You'll be paying the 3:42pm price, and putting the demand on the grid.

Seriously, I don't get this obsession with long-range EVs. Here in the States a lot of families already have 2 cars. The way it usually works out is that one of them is newer/bigger and is used for shuttling the kids around, road trips, and the like. The other car is older/smaller and is used for commuting and errands. You could replace that second car with a reasonable commuter EV like a Nissan Leaf and no one would notice the difference. That's a pretty large market and you don't need to build a cross-country network of public charging stations (with all the attendant issues) to address it.

0
0

Planetary Resources turns to crowdfunding to help with satellite costs

NullReference Exception

Re: There's good AND bad here...

If you're offering a share of future profits, you're essentially selling shares in your company, and there are lots of rules about that (and for good reason.) Therefore, selling shares or other investments on Kickstarter is verboten. You pays your money, you gets your gift. That's it.

No, I don't get it either. But plenty of people do it anyway, so what do I know?

0
0

Page: