Feeds

* Posts by tnovelli

172 posts • joined 4 Feb 2011

Page:

AWS CloudFront wobbles at worst possible time

tnovelli
Bronze badge

it's a meta-basket!

I don't mind using cloudfront but I keep my servers elsewhere.

0
0

Second time's a charm: Adobe has another go at killing Flash hijack flaw

tnovelli
Bronze badge

Re: A simple patch on Linux

No you can't... not in Debian 7 64bit, anyhow. Flash/Chrome crashes galore. What distro/version are you running?

0
0

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

tnovelli
Bronze badge

Nice POS, shame if someone were to pwn it

Isn't this just a preemptive form of ransomware?

Who's commissioning the most sophisticated malware... nation-states, or this freaking shadow-government industry?

0
0

DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS

tnovelli
Bronze badge

Re: Well....

Yep... by default, pending comments appear right on the admin dashboard so the administrator can approve or delete them. If you can inject script tags there, it's game over.

0
0
tnovelli
Bronze badge

@ Trevor Pott:

Nice theory about the benefits of a mature ecosystem and plugins and all, but that's not the reality of WP. The core CMS is a bloated rat's nest full of bugs and dodgy practices (soft-fail, functions that second-guess their arguments, etc). The plugin/theme interface is "everything is global, you can do whatever you want, but please use our poorly documented monkey patching hooks". It doesn't matter how secure WP core is - any plugin can undermine it. Even the official WP repository is full of shoddy plugins. Few users possess the knowledge (or time) to choose wisely.

Most WP sites I've seen have so much custom code that they might as well be written from scratch. When you have to copy-and-modify half of the login/signup code to make the client happy, it makes you wonder if you're really gaining anything from a ready-made CMS.

If the #1 CMS did just the few things WP does well, built on a solid architectural foundation, then you'd have a point.

WP's handling of this vuln/update is another red flag. First, they downplayed the severity in their update notice, saying a "contributor or author" could "compromise" a site, versus the apparent reality of total ownage by random commenters. Second, the update broke a bunch of sites & plugins; people are screaming about it on WP forums, questioning the wisdom of auto-update.

"Static" sites just keep looking more and more attractive...

2
1

Google's Chrome to pull plug on plugins next September

tnovelli
Bronze badge

Flash crashes constantly in Chrome 35+ on Linux (Debian 7 at least) i.e. ever since the switch to PPAPI. Chrome itself (and Chromium) has been almost unusable all year. Yayyyyy Google.

0
0

Mozilla remembers 2013. Y'know, back when it still gobbled at the Google money-trough

tnovelli
Bronze badge

Re: Lots of fat to cut from their budget

It's not even a new OS, it's basically just Firefox running on a stripped-down Linux distro... like Chrome OS. I like Javascript... but it will never compete with native apps for battery life. End of story.

We won't have to wait 2 years to find out how Mozilla's faring. Layoff annoucement coming in 3... 2... 1...

4
0

All ABOARD! Furious Facebook bus drivers join Teamsters union

tnovelli
Bronze badge

Supposedly it's so pricey in silicon valley, the facebookers' and googlers' $100k salaries are barely enough to survive... certainly those who moved from elsewhere and were forced to pay market rates for housing. 100k salary, 50k taxes, 40k rent... ouch.

So if you're a bus driver making 30-40k, you won't find affordable housing within an hour's drive.

9
0

Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority

tnovelli
Bronze badge

Re: Do I understand this?

This provides no better authentication than self signed certs. If Mozilla and Google want encryption everywhere, authentication be damned, they could just tweak their browsers to quit bitching about self signed certs.

3
0

Remember that internet sales tax? Wasn't that a great idea? It's dead

tnovelli
Bronze badge

Re: What are they thinking?

Yes, there's no reason for the discrepancy. Sales tax is a can of worms. Offline sales should be tax-free as well.

Unfortunately that can only happen if we repeal the 16th amendment. Hmmm.... "Repeal the war tax" just might work.

3
2

DAY ZERO, and COUNTING: EVIL 'UNICORN' all-Windows vuln - are YOU patched?

tnovelli
Bronze badge

SSL lib quietly patched

Is Microsoft just catching up to the round of fixes OpenSSL got in the months after heartbleed?

For all we know, SChannel could be a proprietary fork of some old version of OpenSSL.

3
1

Patch Windows boxes NOW – unless you want to be owned by a web page or network packet

tnovelli
Bronze badge

XML too

Interesting that Microsoft's XML libs still have security bugs. Same deal in Linux; a few libxml2 security patches this year. Normally one would expect more robust libraries for a (lamentably) near-universal 15-year-old file format.

But we always knew XML was shit.

5
0

SO LONELY: Woman DARED to get rid of her iPHONE - Apple DUMPED all her TXTS

tnovelli
Bronze badge
Thumb Up

Teach 'em good

Having never used an iPhone, it took me a while to realize why I started getting unreadable MMS messages toward the beginning of this year. Only workaround is to reply "didn't get that.. please turn off iMessage and try again". Arrrgh.

Google should take note as well - Android phones do something similar but only when texting to multiple recipients... so it's even harder to guess why.

3
3

Red Hat goes nuclear in Linux container wars with Atomic Host beta

tnovelli
Bronze badge
Mushroom

may contain systemd

Too radioactive for me.

2
0

Words to put dread in a sysadmin's heart: 'We are moving our cloud from Windows to Linux'

tnovelli
Bronze badge

Re: Retitled

As a Linux admin, the only thing I dread is being expected to run these former Windows cloud systems.

11
0

Apple OSX Yosemite infested by nasty 'Rootpipe' vuln

tnovelli
Bronze badge

Re: Ubuntu etc too?

I was thinking trojans, drive-by downloads, the sort of attacks that have been biting casual Windows users for 20 years.

Downvoted?? Apparently I rattled the Ubuntu fanboy contingent, all 2 of them.

2
5
tnovelli
Bronze badge

Ubuntu etc too?

The way all these Apple-aping OSes use Sudo makes it easy to trick people into entering their passwords.

0
6

Mozilla promises browser just for DEVELOPERS3

tnovelli
Bronze badge

Great. Fix the UI and I might like it. If it's actually fast and light, non-devs will flock to it in droves, then we'll almost have to use it.

I was using Chrome mostly, but new versions are unusable on Linux, crashes all the time. Midori is getting better, could be the nicest open-src browser if they plug the mem leaks.

Could always switch to mobile app dev...

1
0

Hey, YouTube lovers! How about you pay us, we start paying for STUFF? - Google

tnovelli
Bronze badge

Re: Hosting/Bandwidth Costs?

I figure $3m (say £2m) for 2 billion views, or $0.0015 per view. That's based on 50MB for a 720p MP4 video, served via CDN at $0.02/GB.

0
0
tnovelli
Bronze badge

Re: You can get an add free youtube already...

Sure, but if they say I've gotta log into Google+ AND fork over ten bucks a month, it's not happening. The crap on that site isn't worth real money.

And that's a good thing indeed. It'll give other, ah, unprofessional video sites a chance to compete.... finally.

12
0

Mozilla releases geolocating WiFi sniffer for Android

tnovelli
Bronze badge

Re: So remind me how these two tally up?

Just change your SSID everytime you reboot or replace your router, I guess.

0
1

BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast

tnovelli
Bronze badge

Re: "I'm not a moon landing denier by any means, but I still ponder about how we got men to the moon and back over 40 years ago and yet these days even getting things up to a low Earth orbit is a problem."

It was a relatively sane and optimistic time in America... less distraction and communication overload and software fragmentation, very little automation. Engineering was basically done by hand, and all of it checked and rechecked by humans. Now we're in a 1-step-forward 2-steps-back situation with regard to tech.

I wasn't around back in the day and I'm no rocket scientist, but I've perused enough new and old civil/mechanical drawings to get a feel for quality standards over the years: excellent from the early 1900s to the 80s, then CAD came along and we got sloppy... too busy fussing with our tools to do our work properly.

I've also done just enough government work to see how government agencies and contractors function (loosely speaking). Top-down decision making by unqualified politicians and bureaucrats with budgets beyond their comprehension. Technical staff who show up from 9 to 5, do what they're told, and don't ask questions, or just kill time. This isn't new but apparently it's been getting worse as governments become bigger and more controlling.

3
2

KRAKKOOOM! Space Station supply mission in PODULE PRANG EXPLOSION CHAOS

tnovelli
Bronze badge
Thumb Up

Good thing they waited for the sailboat to get out of range.

19
1

Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8

tnovelli
Bronze badge

And a UI that people don't hate. Hint: Chrome and Win8 are not role models.

9
4

Tor exit node mashes malware into downloads

tnovelli
Bronze badge

Won't work on Linux... unless you're downloading something - like Firefox - directly from the source, because you don't want the version from your distro package repository. Central control is a half-ass solution to security.

2
5

The future health of the internet comes down to ONE simple question…

tnovelli
Bronze badge
Megaphone

DNS MUST DIE

Not only is it contrary to the principle of a decentralized internet, it just plain sucks.

No DNS, no ICANN.

0
5

Pay a tax on every gigabyte you download? Haha, that's too funny. But not to Hungarians

tnovelli
Bronze badge

It's gotta be one word in Hungarian.

5
0

Microsoft promises Windows 10 will mean two-factor auth for all

tnovelli
Bronze badge

Re: Security

And corporate IT departments will disable most of the new security in order to continue running 1990s legacy apps for at least 20 more years.

26
0

UNIX greybeards threaten Debian fork over systemd plan

tnovelli
Bronze badge

Re: So fork, then

Ahh yeah, sysvinit was fine until Debian devs came along and broke out all those tiny scripts and symlinks in order to build a service configurator GUI that real sysadmins never bother with. All that needless indirection was enough to keep me away from Debian for 10+ years. ArchLinux is a breath of fresh are but unfortunately way too bleeding edge for me; package updates usually break things. So I use Debian-stable because it's relatively stable and doesn't force me to use dbus, pulseaudio, etc.

Dependency hell is my biggest fear with systemd. If there are dependencies like nginx>systemd>dbus that's a problem. Every unnecessary daemon is just wasting resources and opening up gaping security holes. Yup, there was a big one in dbus a couple months go...

I really don't care about all these efforts to improve Linux/*nix. It'll never be a good OS for desktops, servers, phones, drones, or anything. NEVER. I just make do with it until something better comes along.

3
6

Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know

tnovelli
Bronze badge
Black Helicopters

Re: Ummm, no.

Driverless car "Takes you to your destination"

...or a dark, deserted underground carpark where __________ awaits you...

0
0

Careless Whisper? Anonymous messaging app accused of stalking users, blabbing to Feds

tnovelli
Bronze badge

Black box

People are idiots to use technology they don't understand, for anything that matters. Closed source? Pass. Open source but the code is tl;dr? Pass. That's ~99.999% of useful software.

Someday, maybe, we'll use dedicated secure comm boxes running a minimal, auditable, inflexible OS. Like phones without all the 'smart' crap. I think people are prepared to accept that tradeoff, but the current network protocols and file formats (pdf, docx, html even) are too inherently complex to allow for a simple enough implementation.

2
0

Securobods RAGE over $600k Kickstarter Tor box components

tnovelli
Bronze badge
Megaphone

Bad idea

Bad idea to run all your traffic through Tor anyway. Web beacons, gadgets calling home, auto updaters... they'll make it easier to de-anonymize you.

Just run Tails, with its privacy-enhanced Firefox, in a VM. That's about as anon as you can get.

2
0

Windows 10: Forget Cloudobile, put Security and Privacy First

tnovelli
Bronze badge
Thumb Up

Re: rant-like journalism

Nothing wrong with rants in a tech tabloid. Nice rant, Trevor! :D

7
2

Finnish PM: Apple has DESTROYED FINLAND

tnovelli
Bronze badge

Who hired Elop?

Board members and/or major shareholders must have actively sought a Microsoft buyout, right?

Makes sense... Two big old companies with too much bureaucracy and a lack of vision at the top. Sad to lose Nokia's competent handset business though.

2
0

Dairy Queen cuts the waffle, says bank cards creamed in 395 eateries

tnovelli
Bronze badge

Re: P K

Haha, screw that. Tell them what they really need to do is convince Congress to unfuck us. Pass a law making CCs and SSNs and all such 'secret numbers' null and void for legal/financial purposes.

1
1

Windows 10 feedback: 'Microsoft, please do a deal with Google to use its browser'

tnovelli
Bronze badge

I think the permutations she refers to are IE6, IE7, IE8, IE9.... those are crap, and the newer IEs aren't that great either.

Put it another way: the competitive landscape would not be significantly diminished if it was down to Firefox and chrome.

0
0

Software gurus: Only developers can defeat mass surveillance

tnovelli
Bronze badge
FAIL

Whatever

Aren't these the same guys who gave us Design Patterns?

It's not that hard to find developers without ethics. Look at them all cranking out cheesy F2P kiddie games with in-app purchases, for one example. They're everywhere. It's up to users/buyers to avoid them.

3
0

Researcher details nasty XSS flaw in popular web editor

tnovelli
Bronze badge

correction

8 IPs != DDoS... and a small DoS is all you need to take out a typical WP site.

0
0

Ello, 'ello, what's all this then? We take a spin on the new social network driving everyone loopy

tnovelli
Bronze badge

Re: Is diaspora shrinking?

Diaspora was the right idea, but too ambitious feature-wise and not simple enough to setup and maintain, AFAIK. If at first you don't succeed....

0
0

BT claims almost-gigabit connections over COPPER WIRE

tnovelli
Bronze badge

Re: Gigabit over copper?

I'm thrilled with 30/5 Mbps but as a freelancer, more bandwidth is *always* better.

0
1

IT crisis looming: 'What if AWS goes pop, runs out of cash?'

tnovelli
Bronze badge

Do the math

It probably takes an upstart cut-rate VPS provider 6-12 months to pay off its hardware, maybe 2-3 years to turn a profit. I'm running bloated friggin LAMP+Java stacks on it (most of the world runs at least 5-10 years behind the leading edge) and I can't complain about price or performance or uptime... It does one thing well... It's the best ever. AWS costs more but offers more. So I'm not worried about its profitability.

0
0

jQuery site popped to serve malware slop

tnovelli
Bronze badge

Re: Interesting list of vulnerabilities

Or at least use FlashBlock if you must have Flash.

1
0

Poverty? Pah. That doesn't REALLY exist any more

tnovelli
Bronze badge

Re: The measure of Poverty

Yep, if you're below our Federal Poverty Level in the US, you're in pretty miserable shape. It happens to be ~25% of median. Public benefits are stingy too.

Our socialists simply talk about "ending inequality". Last I heard, anyway. Unfortunately it's working for them.

1
0

Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp

tnovelli
Bronze badge

Re: Have lots of ideas, try them out

But this is a case of "Have a supremely bad idea, try it, fail, then RAM IT DOWN USERS' THROATS".

18
2

Murdoch to Europe: Inflict MORE PAIN on Google, please

tnovelli
Bronze badge

Thanks for the tip

Wait 5 years, then bitchslap Google. Two problems solved.

2
0

WordPress 4.0 is here, complete with one-click upgrade process

tnovelli
Bronze badge

All 100% true. That said, there are ways to reduce the load... php-apc (python-like bytecode caching), CDNs, nginx & php-fpm instead of apache, nginx or varnish "static" page caching, memcache for the WP "transient cache", mysql tuning. Only takes 1 or 2 of those tricks to make WP run pretty snappy if it's not bogged down with crap plugins.

0
0
tnovelli
Bronze badge

Just call it 3.10

You can do that, you know.

Eh, no thanks. We're OCD. But we'll roll out some major backward-incompatible changes in 4.1 and 4.2.

0
0

Salesforce cloud goes titsup: Users face another long weekend

tnovelli
Bronze badge

Oh Salesforce... you make Microsoft look awesome.

0
0

Jimbo tells Wikipedians: You CAN'T vote to disable 'key software features'

tnovelli
Bronze badge

Re: There's a simple solution - fork Wikipedia

Yep. Fork it, flag the existing WMF-licensed pages, and start writing new content.

0
0

Google flushes out users of old browsers by serving up CLUNKY, AGED version of search

tnovelli
Bronze badge

This is nice and all, but why bother with legacy Google when you can use not-Google?

6
1

Page: