* Posts by tnovelli

277 posts • joined 4 Feb 2011

Page:

Google TUGS Nexus 7-INCHER slab from online store

tnovelli
Bronze badge

Yep, it's a great size, beautiful screen, just needs a better OS. I stopped at 4.4 and performance is so-so, and Android just ... sucks. I'll have to put Cyanogen or something on it if I want to get a decent lifespan out of it. Which I do, seeing how nobody's making anything I like these days.

1
0

NASA guy to White House: Be really careful with that HTTPS stuff

tnovelli
Bronze badge

That's Velv's argument, and I'll second it. The web is not the internet - no need to play ball with bureaucrats who insist it is. Let their censored networks become useless.

0
0
tnovelli
Bronze badge

Re: bureaucrats rather than techies

Tried the load balancer approach recently. Good idea, should've been easy, but no such luck.

1
0

Google it onna Google phone onna GOOGLE NETWORK. MVNO plan imminent

tnovelli
Bronze badge

Ting has sprint+tmobile now too, though not on the same SIM. Neither network is as good as Verizon's out here, but at $6/mo per device with volume discounts for increased usage, that's a trade I'm happy to make.

0
0

JavaScript CPU cache snooper tells crooks EVERYTHING you do online

tnovelli
Bronze badge

Re: I've got it now.

I did that a few years ago, if you want to call it a screensaver. Probably not the first.

I've attempted enough JS game programming to have a pretty good idea how this attack works. Create a TypedArray containing the OS keyboard driver structure for each key. Every ~50ms, read them all, measuring each access time. If it's fast, and it was slow last time, that key was just typed.

Countermeasures: type your pw super fast. Transcode 5 videos at once to bust the cache. Stop everything to stagnate the cache. Run a program that simulates random key/mouse event structures used by all common OS drivers and other programs that handle keyboard input (good luck with that). Dump passwords in favor of keys, biometrics, etc.

This could be the Tacoma Narrows Bridge of future computer engineering 101 courses. :)

5
0

Post-pub nosh neckfiller: Tortilla de patatas

tnovelli
Bronze badge

Re: Success!

I used just enough oil... strained the excess back into the pan for step 2. Turned out just fine.

0
0

America was founded on a dislike of taxes, so how did it get the IRS?

tnovelli
Bronze badge

Re: Nail -> head - missed totally.

My town is actually very good about potholes, plowing, parks, drinking water, and hopefully broadband soon. I don't have a problem with paying property tax. It's not the fairest but it's simple and non-intrusive.

The IRS and the state income/sales taxes, on the other hand, require mountains of paperwork and as discussed below, are really starting to undermine basic human rights worldwide. These taxes were banned by the US constitution for good reason. Unfortunately those protections were trashed in WW1 and we're still suffering 100 years later. WTF.

1
1

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

tnovelli
Bronze badge

Is this the plan?

1. Deprecate the CAs

2. We'll stop laughing, maybe

3. ???

4. Encrypted connections to ALL privacy-invading websites!!!

0
0

A MILLION Chrome users' data was sent to ONE dodgy IP address

tnovelli
Bronze badge

Re: This is the problem I have with auto-updates generally

Exactly... Chrome/Android apps already have a reputation for abusing auto-updates to foist adware and malware.

The Android (and Chrome?) permission system is a complete joke, too. Updates can grab additional permissions within a group - approx location -> precise location for example - without notice to the user.

9
1
tnovelli
Bronze badge
Facepalm

Took long enough

This issue was well known in WordPress ... WordPress!!! ... forums a few months back. Of course, a bunch of those people stuck their heads in the sand. And they hold the keys to a bazillion websites.

If the Chocolate Factory actually produced poisoned chocolate, billions would've died by now. But it's only privacy at stake...

Sit back and enjoy the trainwreck :D

3
0

FBI to WordPress users: patch now before ISIL defaces you

tnovelli
Bronze badge

Re: Requires a valid nonce?

@Robert, unfortunately your outdated knowledge is closer to the truth. I recently had a look at WP's perverted nonce code, and... it's NOT a cryptographic nonce (number used once). You can use it as many times as you want for 12-24 hours. Seems near worthless for security purposes.

1
0

Google takes ARC Welder to Android, grafts on Windows, OS X

tnovelli
Bronze badge

Ewwwwww

As I remarked yesterday, Android apps are 99% crap. I'd rather run vanilla Linux on Android hardware, thank you.

2
1

Google cracks down on browser ad injectors after shocking study

tnovelli
Bronze badge
WTF?

Only 200?

I'm pretty sure the amount of crap extensions is closer to 99%. Same with Android apps.

General rule: if I can't read the code, I don't install it.

2
0

Feds cuffed for allegedly PILFERING Silk Road drug souk's Bitcoins

tnovelli
Bronze badge

Re: Will there be a jury trial?

Nah, these guys know the game is rigged. Also, considering public opinion of cops these days, they're practically guaranteed a conviction on all counts. Et tu...

0
0

CIOs: What tech will be running your organisation in 2020?

tnovelli
Bronze badge

4K finally(?)

And the same old shitty software, with more eyecandy and bugs.

0
0

Cross-dressing blokes storm NSA HQ: One shot dead, one hurt

tnovelli
Bronze badge

Re: Blaming it on the SatNav in ... 3, 2, 1

"Siri, where can we get some Mead around here?"

6
0

GitHub jammed by injected JavaScript, servers whacked by DDoS

tnovelli
Bronze badge

Will browsers finally ban cross-site JS?

I can see CORS becoming mandatory for JS this year... Chrome and Firefox start it; site owners jump to keep their analytics working; IE9-and-under users have to upgrade. That would break half the internet, but if this kind of attack becomes rampant it'll break the whole thing.

1
0

$23m to a WordPress biz? Why top-end hosting is big money

tnovelli
Bronze badge

Alternative headline:

High-end hosting biz needs VC marketing money to chase low-end growth market.

There goes the high end.

1
0

Flak for Slack chaps in yak app hack flap: User database whacked

tnovelli
Bronze badge

Re: Few missing questions

They didn't even tell users to change passwords, just said they use bcrypt which is one-way. Uh huh, sure.

This doesn't surprise me given their primary userbase: wordpress users.

0
0

Get off Facebook if you value your privacy, EU commish tells court

tnovelli
Bronze badge

Safe Harbor is a joke

I actually looked into it years ago when working on a website to market US crap to Europe. Basically it exempts US companies from most EU privacy laws. All of them, if you consider that it's enforced by our Commerce Dept which really doesn't give a flying fuck about your rights.

0
0

Microsoft open sources MSBuild, aims for cross-platform dev tools

tnovelli
Bronze badge

CMake FTW

CMake is pretty nice for cross-platform C++. Beats the hell out of VS; I can't imagine MSBuild being much better except that it's not(?) tied to a friggin' IDE.

2
1

Noobs can pwn world's most popular BIOSes in two minutes

tnovelli
Bronze badge

Cut to the chase

Security starts with chip fabrication and involves every bit of code in every little peripheral microcontroller. So maybe when "silicon printing" becomes as accessible as 3D printing is today, security will start to become practical... for 1970s-PC-level hardware barely capable of encrypted text messaging. One would need to learn enough about circuits and VLSI to verify that the schematic matches the mask matches the finished product under a microscope. Think that's too hard? You haven't done web-dev lately...

The endgame, decades from now, is 100% open hardware *and* software that's simple enough to give end users real control. If anybody ever cares about that...

0
1

Facebook unveils P2P moola-to-mates payment feature

tnovelli
Bronze badge

Oh

I'd have to install their mobile app and give them my CC#... hell no.

Besides, most of my FB friends live within throwing distance :)

2
0

OpenSSL preps fix for mystery high severity hole

tnovelli
Bronze badge

Re: Conspiracy of Optimism

Nah, we hate our own crap code. However, we hate other people's crap even more. Some of us, anyway, sometimes. Most coders don't give a shit.

3
0
tnovelli
Bronze badge

Re: "has to be written in C"

You can write crap code in any language, yep. I worry more about PHP, SQL injection, and XSS than I do about OpenSSL. Of course that's because I don't pretend it's possible to build secure websites.

To be fair, I see tons of security patches coming through for C libs used in web servers/browsers; those concern me. It's too bad that C didn't evolve a bit further before becoming the de facto standard systems language.

2
2

Big Data shocker: Over 6 million Americans have reached the age of 112

tnovelli
Bronze badge

Re: Or, just *maybe*

lol.. the conspiracy theorists are way ahead of you. That's exactly how I first saw this story, days before The Register picked it up.

1
0

Well.That.Sucks: New rude dot-word sparks outrage

tnovelli
Bronze badge

If it.sucks is taken, you'll just have to take it to the next level... it.sucks.ass perhaps.

In all seriousness, this tld is going to suck. What are the chances that the first person to register a this.sucks domain is going to be a good critic of said thing?

2
0

'Get your privacy policy down to one page': AVG CEO throws glove down

tnovelli
Bronze badge
Thumb Up

Re: One page?

Wow, it is long. Marketing fail, hahaha

1
0

Kaspersky claims to have found NSA's 'space station malware'

tnovelli
Bronze badge

Re: Even better idea.

I'll take a guess... management run Windows (evidenced by all those leaked PPT slides) and the techies are forced to use a clunky locked-down Linux distro that doesn't have all the latest security patches, let alone patches for the secret vulns NSA created/discovered. This is a government agency we're talking about.

8
0

Ad bidding network caught slinging ransomware

tnovelli
Bronze badge

I suspect that a lot of ad networks are run by sketchy people, so it's no surprise if they allow outright criminals to use their services to distribute spam and malware.

So ought there be more laws against this? No, we just need more secure systems/networks.

1
0

Never escape the boss again: Salesforce tracks down your best people any time, any place

tnovelli
Bronze badge

Oh darn,

The person you really need to talk to isn't in this system because your company didn't deem them worthy of a license fee. Not that they have time for this shit, anyway...

0
0

Grab your pitchforks: Ubuntu to switch to systemd on Monday

tnovelli
Bronze badge

Re: oh well

Hackers will find a way to edit binary logs, or simply delete them. Remote logging is the proper solution for that.

Huge text logs are actually pretty manageable. If they're up in the gigabytes range, you're probably running a huge internet empire and already remote logging to a central cloud database. But that's overkill for the other 99.9999% of users.

0
0

'If cloud existed decades ago, backups wouldn't have been developed'

tnovelli
Bronze badge

shhhhh...

Mainframes didn't exist in the sixties! We're not reinventing them even worse than before!

6
0

Firefox 36 swats bugs, adds HTTP2 and gets certifiably serious

tnovelli
Bronze badge

Re: Color management

Good question. Works for me, on Linux at least. Check your about:config - if you have old custom settings for gfx.color*, try the defaults.

0
0

Errant update borks Samsung 850 Pro SSDs

tnovelli
Bronze badge

Aargh

I got an 840 *and* an 850 a couple months back. If Samsung doesn't come up with a fix that doesn't involve transplanting my SSDs into a Windows box I'm just gonna wipe 'em, give 'em to some kid who's got time to patch 'em, and replace them with Intel SSDs, and blacklist Sammy for a few years.

1
0

Bad dog! PrivDog chews HTTPS, hurls clear text

tnovelli
Bronze badge

Comodo

....should lose its root cert for doing this. Browser vendors could revoke it unilaterally.

And then there'll be, what, 2 major SSL CAs? And when their conflicts of interests come to light, there'll be zero, and SSL will finally die.

Wishful thinking, I know...

3
0

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

tnovelli
Bronze badge
Mushroom

Re: Here we go again

It was Iran! Definitely Iran.

16
3

Elementary, my dear penguin: It's the second beta of Freya

tnovelli
Bronze badge

Re: Pompous Twats

Deb+Ian, I never knew that.. haha.

I would be more willing to donate to distros if they would limit themselves to just integrating a solid base system, rather than the usual exercise in world domination. I try to reward the people who actually develop/improve/maintain the few softwares I *like*. Package systems unfortunately make it a bit too easy to install software without giving a thought to those people, and then in Debian's case especially, you get some old alpha version (Midori browser, for example).

There are better ways for free/open/indie software to be economically viable: A) cultivate a direct relationship with users, or B) keep it very simple and make your money elsewhere.

2
0

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

tnovelli
Bronze badge

Adblock Plus headed down the same road when they started whitelisting ads for a price. Hence all the forks like Adblock Edge. Some do what they say... and some are out to trick unsuspecting users.

2
1
tnovelli
Bronze badge

Funny

Isn't it funny how anti-crap software always morphs into the opposite?

And SSL is so awesome, it couldn't prevent this either.

And the company pushing SSL the hardest, which everyone loves and can do no evil, has, like Comodo, morphed into a self-perpetuating robot army that feeds on sleazy advertising.

*sigh* Why can't we have an internet that favors decent ads, and honest search results, and privacy, and...?

1
0

Debian on track to prove binaries' origins

tnovelli
Bronze badge
Coat

Tip of the iceberg

Even the C guys will admit it compiles too damn slow; Go doesn't. GCC has always been slow, but autoconf/autocrap is far worse. Linux+package build times could be maybe 10-100 times faster just by switching to cmake.

However, that won't change the fact that Linux/Unix toolchains/libs/environments are cumbersome and bloated. It'll never be as frictionless as say JS, it'll never be ported to a better language (not even a modestly-improved C), and it'll never be guaranteeably secure. It's the best thing going now, but it's a dead end, and as a sysadmin I'm afraid it's all going to unravel in the next few years (months?) in the face of increasingly sophisticated attacks.

I would put my money - and time - on new OSes, languages, and hardware, all designed for simplicity and maintainability and uniformity. And that's for a secure communication platform only, not fun stuff - you can't have it all.

0
0

Hellooo, NSA? The US State Department can't kick hackers out of its networks – report

tnovelli
Bronze badge

Re: If only

So easy to break in, not so easy to keep other hackers out. Especially at the other agencies; I can't imagine their security is any better than Sony Pictures'.

Prediction: NSA will be forced to admit it's been pwned for years, by the end of 2015. :D

2
0

Ready to fill out your US taxes? Cool. Got ObamaCare? Not so fast

tnovelli
Bronze badge

THIS isn't my problem

I live in Massachusetts, which couldn't even get its exchange running at all until a few months ago. And it's just a wordpress site that sends you off to some corporate site. Oh, and the Mass Health Connector is run by Dell, who should really stick to making hardware...

This year I'm going uninsured... I dread dealing with these damn insurance companies and tax headaches, more than anything else (like cancer, for example). Unfortunately I don't foresee this getting fixed anytime soon because it's not so bad if you're poor, like so many Americans these days. OTOH I don't know if you can buy votes with crappy free healthcare after you've taken away everything else.

0
0

Evil CSS injection bug warning: Don't let hackers cross paths with your website

tnovelli
Bronze badge

Yep... a bit.

0
0

Samsung buys LoopPay ... to be better at bonking than Apple

tnovelli
Bronze badge

Re: Loo

Kind of a crappy name for Britain, India, etc...

0
0

Mozilla's Flash-killer 'Shumway' appears in Firefox nightlies

tnovelli
Bronze badge

Re: >Scylla and Charybdis

Sure, a compiled language could work in-browser. JavaScript ~7.0 (ecmascript really) is heading in that direction... shifting from prototype OO to classes, support for static variable types, etc.

I was hopeful about it a few years ago, and I've done a lot with JS, but there's too much inertia. Maybe in 10 years it'll be halfway there. In that case, I don't want to still be developing for this platform.

0
0

Big Data, empty bellies: How supermarkets tweak prices just for the sake of YOUR LOVE

tnovelli
Bronze badge

Price "optimization"

Price optimization relative to other retailers? You mean price fixing.

0
0

Yahoo!'s Firefox search hook-up pays off as it nicks Google's US clicks

tnovelli
Bronze badge

dirty tricks

I keep switching it to duckduckgo, and it keeps switching back to Yahoo! every! time! Firefox! updates!

Still, good to see Google cut down to size.

1
2

Sorry, admins: Microsoft says NO new Windows Server until 2016

tnovelli
Bronze badge
Linux

Not a problem

I can't possibly imagine a reason to dump Linux and BSD for any Microsoft server platform.

Not even systemd.

5
0

'YOUTUBE is EVIL': Somebody had a tape running, Google...

tnovelli
Bronze badge

Google sold out ten years ago. IPO. Since then, profiteering has guided the company with entirely predictable results.

There may be employees who care about the right thing, even executives. Doesn't matter. Shareholders rule.

8
1

Page:

Forums