Yep, it's a great size, beautiful screen, just needs a better OS. I stopped at 4.4 and performance is so-so, and Android just ... sucks. I'll have to put Cyanogen or something on it if I want to get a decent lifespan out of it. Which I do, seeing how nobody's making anything I like these days.
277 posts • joined 4 Feb 2011
That's Velv's argument, and I'll second it. The web is not the internet - no need to play ball with bureaucrats who insist it is. Let their censored networks become useless.
Re: bureaucrats rather than techies
Tried the load balancer approach recently. Good idea, should've been easy, but no such luck.
Ting has sprint+tmobile now too, though not on the same SIM. Neither network is as good as Verizon's out here, but at $6/mo per device with volume discounts for increased usage, that's a trade I'm happy to make.
Re: I've got it now.
I did that a few years ago, if you want to call it a screensaver. Probably not the first.
I've attempted enough JS game programming to have a pretty good idea how this attack works. Create a TypedArray containing the OS keyboard driver structure for each key. Every ~50ms, read them all, measuring each access time. If it's fast, and it was slow last time, that key was just typed.
Countermeasures: type your pw super fast. Transcode 5 videos at once to bust the cache. Stop everything to stagnate the cache. Run a program that simulates random key/mouse event structures used by all common OS drivers and other programs that handle keyboard input (good luck with that). Dump passwords in favor of keys, biometrics, etc.
This could be the Tacoma Narrows Bridge of future computer engineering 101 courses. :)
I used just enough oil... strained the excess back into the pan for step 2. Turned out just fine.
Re: Nail -> head - missed totally.
My town is actually very good about potholes, plowing, parks, drinking water, and hopefully broadband soon. I don't have a problem with paying property tax. It's not the fairest but it's simple and non-intrusive.
The IRS and the state income/sales taxes, on the other hand, require mountains of paperwork and as discussed below, are really starting to undermine basic human rights worldwide. These taxes were banned by the US constitution for good reason. Unfortunately those protections were trashed in WW1 and we're still suffering 100 years later. WTF.
Is this the plan?
1. Deprecate the CAs
2. We'll stop laughing, maybe
4. Encrypted connections to ALL privacy-invading websites!!!
Re: This is the problem I have with auto-updates generally
Exactly... Chrome/Android apps already have a reputation for abusing auto-updates to foist adware and malware.
The Android (and Chrome?) permission system is a complete joke, too. Updates can grab additional permissions within a group - approx location -> precise location for example - without notice to the user.
Took long enough
This issue was well known in WordPress ... WordPress!!! ... forums a few months back. Of course, a bunch of those people stuck their heads in the sand. And they hold the keys to a bazillion websites.
If the Chocolate Factory actually produced poisoned chocolate, billions would've died by now. But it's only privacy at stake...
Sit back and enjoy the trainwreck :D
Re: Requires a valid nonce?
@Robert, unfortunately your outdated knowledge is closer to the truth. I recently had a look at WP's perverted nonce code, and... it's NOT a cryptographic nonce (number used once). You can use it as many times as you want for 12-24 hours. Seems near worthless for security purposes.
As I remarked yesterday, Android apps are 99% crap. I'd rather run vanilla Linux on Android hardware, thank you.
I'm pretty sure the amount of crap extensions is closer to 99%. Same with Android apps.
General rule: if I can't read the code, I don't install it.
Re: Will there be a jury trial?
Nah, these guys know the game is rigged. Also, considering public opinion of cops these days, they're practically guaranteed a conviction on all counts. Et tu...
And the same old shitty software, with more eyecandy and bugs.
Re: Blaming it on the SatNav in ... 3, 2, 1
"Siri, where can we get some Mead around here?"
Will browsers finally ban cross-site JS?
I can see CORS becoming mandatory for JS this year... Chrome and Firefox start it; site owners jump to keep their analytics working; IE9-and-under users have to upgrade. That would break half the internet, but if this kind of attack becomes rampant it'll break the whole thing.
High-end hosting biz needs VC marketing money to chase low-end growth market.
There goes the high end.
Re: Few missing questions
They didn't even tell users to change passwords, just said they use bcrypt which is one-way. Uh huh, sure.
This doesn't surprise me given their primary userbase: wordpress users.
Safe Harbor is a joke
I actually looked into it years ago when working on a website to market US crap to Europe. Basically it exempts US companies from most EU privacy laws. All of them, if you consider that it's enforced by our Commerce Dept which really doesn't give a flying fuck about your rights.
CMake is pretty nice for cross-platform C++. Beats the hell out of VS; I can't imagine MSBuild being much better except that it's not(?) tied to a friggin' IDE.
Cut to the chase
Security starts with chip fabrication and involves every bit of code in every little peripheral microcontroller. So maybe when "silicon printing" becomes as accessible as 3D printing is today, security will start to become practical... for 1970s-PC-level hardware barely capable of encrypted text messaging. One would need to learn enough about circuits and VLSI to verify that the schematic matches the mask matches the finished product under a microscope. Think that's too hard? You haven't done web-dev lately...
The endgame, decades from now, is 100% open hardware *and* software that's simple enough to give end users real control. If anybody ever cares about that...
I'd have to install their mobile app and give them my CC#... hell no.
Besides, most of my FB friends live within throwing distance :)
Re: Conspiracy of Optimism
Nah, we hate our own crap code. However, we hate other people's crap even more. Some of us, anyway, sometimes. Most coders don't give a shit.
Re: "has to be written in C"
You can write crap code in any language, yep. I worry more about PHP, SQL injection, and XSS than I do about OpenSSL. Of course that's because I don't pretend it's possible to build secure websites.
To be fair, I see tons of security patches coming through for C libs used in web servers/browsers; those concern me. It's too bad that C didn't evolve a bit further before becoming the de facto standard systems language.
Re: Or, just *maybe*
lol.. the conspiracy theorists are way ahead of you. That's exactly how I first saw this story, days before The Register picked it up.
If it.sucks is taken, you'll just have to take it to the next level... it.sucks.ass perhaps.
In all seriousness, this tld is going to suck. What are the chances that the first person to register a this.sucks domain is going to be a good critic of said thing?
Re: One page?
Wow, it is long. Marketing fail, hahaha
Re: Even better idea.
I'll take a guess... management run Windows (evidenced by all those leaked PPT slides) and the techies are forced to use a clunky locked-down Linux distro that doesn't have all the latest security patches, let alone patches for the secret vulns NSA created/discovered. This is a government agency we're talking about.
I suspect that a lot of ad networks are run by sketchy people, so it's no surprise if they allow outright criminals to use their services to distribute spam and malware.
So ought there be more laws against this? No, we just need more secure systems/networks.
The person you really need to talk to isn't in this system because your company didn't deem them worthy of a license fee. Not that they have time for this shit, anyway...
Re: oh well
Hackers will find a way to edit binary logs, or simply delete them. Remote logging is the proper solution for that.
Huge text logs are actually pretty manageable. If they're up in the gigabytes range, you're probably running a huge internet empire and already remote logging to a central cloud database. But that's overkill for the other 99.9999% of users.
Mainframes didn't exist in the sixties! We're not reinventing them even worse than before!
Re: Color management
Good question. Works for me, on Linux at least. Check your about:config - if you have old custom settings for gfx.color*, try the defaults.
I got an 840 *and* an 850 a couple months back. If Samsung doesn't come up with a fix that doesn't involve transplanting my SSDs into a Windows box I'm just gonna wipe 'em, give 'em to some kid who's got time to patch 'em, and replace them with Intel SSDs, and blacklist Sammy for a few years.
....should lose its root cert for doing this. Browser vendors could revoke it unilaterally.
And then there'll be, what, 2 major SSL CAs? And when their conflicts of interests come to light, there'll be zero, and SSL will finally die.
Wishful thinking, I know...
Re: Here we go again
It was Iran! Definitely Iran.
Re: Pompous Twats
Deb+Ian, I never knew that.. haha.
I would be more willing to donate to distros if they would limit themselves to just integrating a solid base system, rather than the usual exercise in world domination. I try to reward the people who actually develop/improve/maintain the few softwares I *like*. Package systems unfortunately make it a bit too easy to install software without giving a thought to those people, and then in Debian's case especially, you get some old alpha version (Midori browser, for example).
There are better ways for free/open/indie software to be economically viable: A) cultivate a direct relationship with users, or B) keep it very simple and make your money elsewhere.
Adblock Plus headed down the same road when they started whitelisting ads for a price. Hence all the forks like Adblock Edge. Some do what they say... and some are out to trick unsuspecting users.
Isn't it funny how anti-crap software always morphs into the opposite?
And SSL is so awesome, it couldn't prevent this either.
And the company pushing SSL the hardest, which everyone loves and can do no evil, has, like Comodo, morphed into a self-perpetuating robot army that feeds on sleazy advertising.
*sigh* Why can't we have an internet that favors decent ads, and honest search results, and privacy, and...?
Tip of the iceberg
Even the C guys will admit it compiles too damn slow; Go doesn't. GCC has always been slow, but autoconf/autocrap is far worse. Linux+package build times could be maybe 10-100 times faster just by switching to cmake.
However, that won't change the fact that Linux/Unix toolchains/libs/environments are cumbersome and bloated. It'll never be as frictionless as say JS, it'll never be ported to a better language (not even a modestly-improved C), and it'll never be guaranteeably secure. It's the best thing going now, but it's a dead end, and as a sysadmin I'm afraid it's all going to unravel in the next few years (months?) in the face of increasingly sophisticated attacks.
I would put my money - and time - on new OSes, languages, and hardware, all designed for simplicity and maintainability and uniformity. And that's for a secure communication platform only, not fun stuff - you can't have it all.
Re: If only
So easy to break in, not so easy to keep other hackers out. Especially at the other agencies; I can't imagine their security is any better than Sony Pictures'.
Prediction: NSA will be forced to admit it's been pwned for years, by the end of 2015. :D
THIS isn't my problem
I live in Massachusetts, which couldn't even get its exchange running at all until a few months ago. And it's just a wordpress site that sends you off to some corporate site. Oh, and the Mass Health Connector is run by Dell, who should really stick to making hardware...
This year I'm going uninsured... I dread dealing with these damn insurance companies and tax headaches, more than anything else (like cancer, for example). Unfortunately I don't foresee this getting fixed anytime soon because it's not so bad if you're poor, like so many Americans these days. OTOH I don't know if you can buy votes with crappy free healthcare after you've taken away everything else.
Yep... a bit.
Kind of a crappy name for Britain, India, etc...
Re: >Scylla and Charybdis
I was hopeful about it a few years ago, and I've done a lot with JS, but there's too much inertia. Maybe in 10 years it'll be halfway there. In that case, I don't want to still be developing for this platform.
Price optimization relative to other retailers? You mean price fixing.
I keep switching it to duckduckgo, and it keeps switching back to Yahoo! every! time! Firefox! updates!
Still, good to see Google cut down to size.
Not a problem
I can't possibly imagine a reason to dump Linux and BSD for any Microsoft server platform.
Not even systemd.
Google sold out ten years ago. IPO. Since then, profiteering has guided the company with entirely predictable results.
There may be employees who care about the right thing, even executives. Doesn't matter. Shareholders rule.