* Posts by tnovelli

374 posts • joined 4 Feb 2011

Page:

Nano – meet her: AMD's Radeon R9 4K graphics card for non-totally bonkers gamers, people

tnovelli
Bronze badge

Re: $649 (£420)

Yep. That IS totally bonkers.

0
0

Obi: These ARE the 'droids you're looking for

tnovelli
Bronze badge

Would someone please

Would someone please just make a big boxy brick of a phone?

Bright screen, big battery, qwerty clamshell/slider. And an OS that isn't a bloated repurposed server platform from before you were born.

0
0

French woman gets €800 a month for electromagnetic-field 'disability'

tnovelli
Bronze badge
Boffin

Not implausible

A relative of mine has this, mildly. Only noticed it when laptops got up into the GHz range. Apparently being within inches of poorly shielded processors and busses can stimulate nerve endings or something like that, causing a painful tingling sensation. Being sceptical, I tried placing my hand on a laptop for a few minutes, and indeed I felt something, quite plausibly the RF field.

I'm sure there are millions of fakers, but RF interference is a major problem for electronics and we know that higher levels affect living things. There are legitimate scientific questions:

- What RF frequency/amplitude ranges are *irritating* to the more sensitive people and critters?

- Besides RF, are there electrostatic or magnetic interference issues? Audio, light, etc?

- How can we efficiently test for levels below the average engineer's sensory threshold?

- How can we objectively test people's sensitivity?

1
4

Krebs: I know who hacked Ashley Madison

tnovelli
Bronze badge

So Krebs thinks Zu is less important than himself, and nobody else likes Thunderstruck... uhhh.. Q.E.D.

1
3

Visitors no longer welcomed to Scotland's 'Penis Island'

tnovelli
Bronze badge

Re: Proof, (if it were needed)

Fair point. Sounds like Affirmative Action in the US. No need for that, with all the language geeks around.

I know a little gaelic and a few other languages I'll probably never use. Just for the hell of it.

1
0

LA explosion knocks LogMeIn's British customers offline

tnovelli
Bronze badge
Trollface

Re: Shania Twain also had issues at a live concert...

"outage in one of our primary data centers"

"We began a roll over to our other global data centre"

Translation: All they had were a few servers in those two DCs? Does "roll over" mean "spin up a VPS and restore from last week's backup"?

Are they still running it like a free service?

1
0

Biz that OK'd Edward Snowden for security clearance is fined $30m for obvious reasons

tnovelli
Bronze badge

Did someone say ISIS?

Close enough...

1
0

Microsoft pushes us closer to the Edge: Test new web browser now in free Windows 10 VMs

tnovelli
Bronze badge

Re: Stepped back

The DVs are probably from alien slashtard invaders who don't realize that downvoting stuff around here does nothing to bury it. ;)

I'll withhold judgement as I haven't tried Win10 yet, which I will now that these VMs are out.

2
1

Budget UHD TVs arrive – but were the 4Kasts worth listening to?

tnovelli
Bronze badge

Re: Sky and UHD

MOAR PIXELS, yeahhhhhh... I'd rather have 60 Hz minimum (120+ is nice in games that run fast enough) without messing around with expensive bleeding edge GPUs and monitors.

Besides, you really don't want to see every little imperfection in your favorite porn film stars.

0
0

Wordpress issues second urgent patch in two weeks

tnovelli
Bronze badge

Re: "Easy"

If hackers ever target your company in particular, they'll have an easy time finding holes in Typo3. But that's ok if the worst they can do is vandalize the site, and it's not part of your main revenue stream...

I definitely wouldn't switch from WP to Drupal, Joomla, or PHP-anything. (BTW, the WP 4.2.3 security fix consisted of a fuckton of regex crap, not unlike that which ushered in the Drupocalypse.) Django is decent but it does get a few XSS patches every year; anything with web-based admin has a questionable future.

My strategy for smaller sites where I have enough control:

- Static HTML build process whenever possible

- Simple PHP header/footer templates (if a build process is impractical)

- Compartmentalize the hell out of dynamic features (search, comments, user logins, admin logins, etc) so that a hole in some seemingly low-risk feature doesn't yield full control

Long range plan: bail out of webdev

0
0
tnovelli
Bronze badge
Coat

"Easy"

@Richard Lloyd - That's basically what I was going to say, with some added sarcasm. I haven't automated the process, as I only run a handful of WP sites doing things WP was never meant to do. They're more vulnerable to updates than hacks.

Yeah, I'm frustrated with WP. The very reasons clients want to use it (to move fast and use lots of plugins) are detrimental to good practices. Most don't even use it as a CMS, so these end up being mostly static sites with the complexity/performance/security headaches of a blog/CMS as a "bonus". And, it's harder to find good developers than one would imagine, because they tend to quit WP once they understand it, if they ever touch it at all.

So yeah, I'm pushing other solutions. But dammit, everyone wants WP.

0
0

Oh no ZigBee, as another front opens on home networking insecurity

tnovelli
Bronze badge

Smart People

I guess smart people will just stick with Battlestar Galactica 'dumb tech' standards for the forseeable future.

0
0

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin

tnovelli
Bronze badge

Re: An alternative option..

It doesn't matter if truecrypt (or ANY encryption system) is good, because the systems it runs on are woefully insecure. They should not be used to store valuable information, period. Anyone doing so should go back to the drawing board and figure out how to operate without relying on electronic devices to keep secrets.

Truecrypt is a stopgap solution at best.

1
1
tnovelli
Bronze badge

Re: yes

LOL. Letter/number/symbol substitution was a feature of password cracker tools 20+ years ago.

Decryption/analysis speed is more important than password strength. IF you can try decrypting just the boot sector of a truecrypt partition and scan it for signatures, that's too easy. (Does anyone know if that's the case?) It should take *several seconds* per pw. Goal is to raise the hardware+electric cost of brute-forcing way above what your data's worth, ie. millions for measly consumer banking info, trillions for state secrets. Good luck with that...

0
0
tnovelli
Bronze badge

I'm going with "he wrote it down and they found it". Could *you* remember a strong 30-char pw?

6
2

Fork off! FFmpeg project leader quits, says he's had enough with these forking AV libraries

tnovelli
Bronze badge

Re: ffmpeg vs. libav

Dear god man, you have no idea how much Microsoft forks and ruins its own frameworks. At least ffmpeg/libav is still maintained and usable. Even on Windows I'd rather use that than whatever MS is pushing this year.

9
1

W3C's bright idea turned your battery into a SNITCH for websites

tnovelli
Bronze badge
Flame

Kill it with fire

Battery-hungry websites will never spend the money to implement this. It's as pointless as DNT.

5
0

W3C's failed Do Not Track crusade tumbles to ad-blockers' Vietnam

tnovelli
Bronze badge

Re: Irony

> the advertisers could have had a little more respect for privacy and playing fair

For real. I'm pretty sure most advertisers never even get around to using/abusing the data they collect on comment spammers, wordpress botnets, and potential loyal customers. Ain't got time for that!

0
0
tnovelli
Bronze badge
Pint

Re: Irony

Some forums sprinkle their site with polite text reminders to subscribe/donate. We adblocker users see them because they're not ads. Hint, hint.

3
0

Will the PC glory days ever return, WD asks as its finances slip

tnovelli
Bronze badge

It pisses me off that it's getting hard to find VPS hosting with HDD storage. SSDs are too small and expensive (and unnecessarily fast) for big audio/video/images. And we've seen a number SSD reliability issues reported this year, now that everyone's using them.

FWIW, I'm running SSD+HDD in my Linux->BSD desktops, and plain old HDD in my Win8 beater laptop. Good enough.

And if XPoint/RRAM/etc lives up to half the hype, I'll take XPoint+HDD over SSD any day.

0
1

Edge out rivals? No! Firefox boss BLASTS Microsoft's Windows 10 browser brouhaha

tnovelli
Bronze badge
Trollface

But! it's! OK!

But it's OK! when! upgrading! Firefox! switches! your! search! engine! to! Yahoo!

39
1

Tired tablets don't tickle the imagination, so sales fall again

tnovelli
Bronze badge

Re: Marketers can't think the unthinkable

Everyone who WANTED one got one - often at a steep discount - and they never want another one.

Smartphones may or may not succeed in the long run. Tablets have already failed.

1
1

Bloke cuffed for blowing low-flying camera drone to bits with shotgun

tnovelli
Bronze badge

Re: He should go free...

Also, birdshot decelerates quickly and generally won't hurt anything on the way down... no more than small hail. Less dangerous than drones, for sure.

The cops charged the guy with firing a gun inside city limits - which would be justified in a clear self-defense situation - not with shooting the drone. Perhaps the drone operators will face charges as well, if the cops can find a law they broke. If not, expect a new law.

5
1

SPUD – The IETF's anti-snooping protocol that will never be used

tnovelli
Bronze badge

This sounds good.

Some sort of proxying is needed to prevent IP address leakage. It'll make the old IP layer redundant but pruning it is probably too much to ask at this stage. Privacy next decade, efficiency a few decades later, maybe.

I wonder if anyone's got a working UDP-based implementation today that allows P2P gaming without exposing IPs to the other players or their ISPs; that's the gist of this. Then eventually SPUD's successor would standardize, optimize, and simplify such protocols, right? Nah... that's basically TOR; too much latency. We need ISP/backbone routers to support anonymous routing... verifiably... in a DDoS-proof manner. In all sincerity, good luck with that!

2
0

LinkedIn users rebel after personal data siphon crimped

tnovelli
Bronze badge
Megaphone

Since you obviously give a damn, why not reset your password and delete your account?

0
0
tnovelli
Bronze badge

Re: Gullible people everywhere

I flag them as spam. The more people do that, the harder it'll be for them to deliver email spam. You could also nuke your account, if you have one (why??)

I wonder if the recent report saying "spam is declining" included linkedin as such. I'm guessing not, else there'd be nothing to say.

0
0

Google bows to inevitable, stops forcing Google+ logins on YouTubers

tnovelli
Bronze badge

Re: And here's how to delete your Google Plus profile:

No loss for me. When this all started I said fine, delete my youtube channel/profile. And I'll never take google seriously again.

This latest is good news for people who actually gain something from their youtube channels though!

1
0
tnovelli
Bronze badge
Thumb Up

Re: Schadenfreude?

Nah. It makes you a good person.

0
0

Got an Android phone? SMASH IT with a hammer – and do it NOW

tnovelli
Bronze badge

Five years' support?

No problem, that'll be $3,000.... or $100/mo on a 5-year contract.

1
0

BURN ALL BLOGS! WordPress has a critical cross-site scripting flaw

tnovelli
Bronze badge

Re: doesn't seem too bad

Every site with user-contributed content has tons of Author/Contributors. There's a "default new user role" setup option. Easy peasy. Easy to pwn in 5 minutes too...

1
0

Want longer battery life? Avoid the New York Times and The Grauniad

tnovelli
Bronze badge
FAIL

Trend setters

NYT, Facebook, Twitter - they open-source a lot of their bloatware and frontend devs eat it up. It's 'best practice'. Underscore, Backbone, Bootstrap, Coffeescript(?), maybe AngularJS (notorious hog), and layers on top of all these, and soon WebComponents.

Seems like a good idea at first, enabling modular/functional programming in JS, but the temptation to overleverage it is irresistible.

P.S. - installed NoScript for the first time in 5+ years. Renders 90% of sites unusable but so be it. This is getting ridiculous.

1
0

OpenSSH server open to almost unlimited password-guessing bug

tnovelli
Bronze badge

Re: But...

> Why?!??

Because SSH actually works.

3
0

Were the FIRST AMERICANS really FIRST? MYSTERY of vanished 'Population Y'

tnovelli
Bronze badge

Re: Well Duh!

People from the same tribe that boated over to New Guinea ~80,000 years ago might have continued up the coast of Asia and boated across the Bering Strait, maybe that same year, maybe centuries later, who knows. If they remained nomadic (rather than building empires) they wouldn't have left many traces for archaeologists.

2
0

Dumb MongoDB admins spew 600 TERABYTES of unauthenticated data

tnovelli
Bronze badge

Re: нет!

At most VPS hosts you're on your own, but it's pretty easy to block everything but web and SSH traffic. Look up IPtables and Fail2ban...

As for databases, may I suggest... Postgres? Best of both worlds these days.

1
1

Salesforce unleashes red-tape-as-a-service for regulation-heavy users

tnovelli
Bronze badge
Mushroom

Security-compliance-as-a-service... at a time when everything is getting hacked and all this "certified secure" crap is about to get flushed. Is this corporate suicide? Then go for it, Salesforce!

1
0

Citizenfour director Laura Poitras sues US for years of border security harassment

tnovelli
Bronze badge

Re: The pen could be used as a weapon.

That was a mile from here, in jail no less. Police captain's son turned ISIS sympathizer. Allegedly. FBI is busily building up a track record of giving guns to crazy dudes so they can arrest them, so nobody has much credibility in this matter.

0
2

Five lightweight Linux desktop worlds for extreme open-sourcers

tnovelli
Bronze badge

Re: Bad marketing El Reg

I'm one of those "extreme open sourcers", I guess, and I'm here. Ok, I admit I just skimmed the article, and I ditched my bare bones Debian+Openbox setup for Mint 17.1 (thanks for the tip, El Reg) because Linux in general is going downhill rapidly and I just want something that works ok with no major changes until it becomes practical to use a much simpler OS.

Openbox is decent - I might go back to it at some point - but it's a bit bloaty for a "minimal wm", and that XML config file, deahhh gahhhd....

2
3

Wow, another NSA leak: Network security code appears on GitHub

tnovelli
Bronze badge

Re: They uploaded it, therefore not a leak...

You may be onto something, @Mark85 - sounds like a PR gimmick. A token gesture of goodwill, nothing more.

1
2

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know

tnovelli
Bronze badge
Mushroom

"We should be improving cybersecurity"

Good luck with that. Just like GTW, the only way to win this game is not to play.

There is no legitimate reason for governments and companies to hold private personal information that ruins people's lives when it inevitably gets into the wrong hands. And no one is safe, including the bad guys of all stripes.

0
0

GIGANTIC galaxy-chomping black hole rips boffins a new one

tnovelli
Bronze badge

Just another edge case.

0
0

Crap crypto crackdown coming as FBI boss testifies to US Congress

tnovelli
Bronze badge
Coat

Crossing the line

If this plan goes through, I won't be in this line of work much longer. Or not in the US.

2
0

GhostShell back from the other side with mass data dump

tnovelli
Bronze badge

Then there's all the people writing wordpress plugins with no SQL experience at all...

1
0

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday

tnovelli
Bronze badge

Re: Older version safe?

Most likely it's another hole in a new feature, like Heartbleed; that was DTLS.

1
0

150,000 angry Redditors demand Chairman Pao's head on a spike

tnovelli
Bronze badge

Re: Getting the popcorn in...

Transformation.

Reddit has become ... Facebook

1
0

Let me PLUG that up there, love. It’s perfectly standaAAARGH!

tnovelli
Bronze badge
Facepalm

Re: XML meets SQL

The last time I was given XML from a client - ummm, this year - it wasn't even proper XML. Embedded in it were chunks of unescaped invalid HTML. I had to parse it with adhoc regexes.

And then there's JSON, which would be OK if everything consisted of arrays, dicts, floats, and strings; if JSON serializers were all 100% bug-free; and if it didn't have to flow through a pipeline of cloudy REST APIs and database layers that don't know whether to escape it as SQL, JSON, XML, HTML, urlencoded, PHP-serialized, or what have you. This includes gems like WordPress's maybe_unserialize().

Just to be safe, better use a custom text format and base64 it....

1
0

Rampaging fox terrorises rural sports club, victim sustains ‘tweaked groin’

tnovelli
Bronze badge

'Tweaked' groin?

Is that like "hackers 'tweaked' OPM"?

0
0

Script-blocker NoScript lets in ANYTHING from googleapis.com

tnovelli
Bronze badge

Re: Chrome and uMatrix

less also has a history of vulns; you should consider using more.

1
0

Devs, welcome your EVIL ROBOT OVERLORDS from MIT

tnovelli
Bronze badge

Re: Exploits

Devless dev houses? We already have those. Too bad CodePhage can't handle WordPress...

1
0

Wallet wafting into the Cloud? Amazon hears your pain

tnovelli
Bronze badge
FAIL

We're still waiting for hard cost limits, Amazon.

0
0

Why OH WHY did Blighty privatise EVERYTHING?

tnovelli
Bronze badge

Re: Causation versus correlatooncorrelation

Sounds like coincidence to me. If you look at our situation across the pond, you'll see the opposite situation with water - state and municipal systems providing excellent water while privatized systems charge a fortune for crap water. Probably has more to do with regional economics and long-term drought than with ownership.

Then wr have horrible rail systems public and private, phone/cable companies that can hook you up in 3 days (months? LMAO)... it's all over the place.

Personally I'm in favor of *competitive* capitalism, but Tim's not making a good case for it with these statistical anecdotes. Combining the two most-abused forms of 'evidence' is even less convincing.

3
0

Page:

Forums