* Posts by tnovelli

332 posts • joined 4 Feb 2011

Page:

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday

tnovelli
Bronze badge

Re: Older version safe?

Most likely it's another hole in a new feature, like Heartbleed; that was DTLS.

1
0

150,000 angry Redditors demand Chairman Pao's head on a spike

tnovelli
Bronze badge

Re: Getting the popcorn in...

Transformation.

Reddit has become ... Facebook

1
0

Let me PLUG that up there, love. It’s perfectly standaAAARGH!

tnovelli
Bronze badge
Facepalm

Re: XML meets SQL

The last time I was given XML from a client - ummm, this year - it wasn't even proper XML. Embedded in it were chunks of unescaped invalid HTML. I had to parse it with adhoc regexes.

And then there's JSON, which would be OK if everything consisted of arrays, dicts, floats, and strings; if JSON serializers were all 100% bug-free; and if it didn't have to flow through a pipeline of cloudy REST APIs and database layers that don't know whether to escape it as SQL, JSON, XML, HTML, urlencoded, PHP-serialized, or what have you. This includes gems like WordPress's maybe_unserialize().

Just to be safe, better use a custom text format and base64 it....

1
0

Rampaging fox terrorises rural sports club, victim sustains ‘tweaked groin’

tnovelli
Bronze badge

'Tweaked' groin?

Is that like "hackers 'tweaked' OPM"?

0
0

Script-blocker NoScript lets in ANYTHING from googleapis.com

tnovelli
Bronze badge

Re: Chrome and uMatrix

less also has a history of vulns; you should consider using more.

1
0

Devs, welcome your EVIL ROBOT OVERLORDS from MIT

tnovelli
Bronze badge

Re: Exploits

Devless dev houses? We already have those. Too bad CodePhage can't handle WordPress...

0
0

Wallet wafting into the Cloud? Amazon hears your pain

tnovelli
Bronze badge
FAIL

We're still waiting for hard cost limits, Amazon.

0
0

Why OH WHY did Blighty privatise EVERYTHING?

tnovelli
Bronze badge

Re: Causation versus correlatooncorrelation

Sounds like coincidence to me. If you look at our situation across the pond, you'll see the opposite situation with water - state and municipal systems providing excellent water while privatized systems charge a fortune for crap water. Probably has more to do with regional economics and long-term drought than with ownership.

Then wr have horrible rail systems public and private, phone/cable companies that can hook you up in 3 days (months? LMAO)... it's all over the place.

Personally I'm in favor of *competitive* capitalism, but Tim's not making a good case for it with these statistical anecdotes. Combining the two most-abused forms of 'evidence' is even less convincing.

3
0

Humongous headsets and virtual insanity

tnovelli
Bronze badge

Not realistic enough for gaming?

I can already see where this is going: a handful of AAA showcase games, second-tier titles with insufficient funding to break through the Uncanny Valley, and a bunch of gimmicky indie games.

Then it's "not realistic enough, yawn" and at the same time "too realistic, not fun".

0
0

Apple pulls Civil War games in Confederate flag takedown

tnovelli
Bronze badge

Re: Principled stand?

Oh no, don't tell me I can't play Dixie anymore. Seriously, it's one of the great old tunes. To hell with politics.

1
0

Killer ChAraCter HOSES almost all versions of Reader, Windows

tnovelli
Bronze badge

Should be secure, but aren't necessarily. There's been a slew of security patches for various bitmap loader libs this year. (PNG anyone?) Much better odds than PDF though.

Open-src font libs are also potentially vulnerable to similar attacks, and the PDF readers on Linux... yeah they've got major problems too.

4
2

Facebook and Twitter queen Taylor Swift: Facebook and Twitter are RUBBISH

tnovelli
Bronze badge
Thumb Up

Re: Updated Christmas Card list

Sometimes I 'like' stuff I really don't, just to keep people (and heuristics) guessing. Plus, it causes FB to show me even more crap so I waste less time there.

2
0

Pluto plastered in what looks like 1970s orange wallpaper – proof

tnovelli
Bronze badge

Re: Twice the goodness

Late 80s dialup speed. Not bad if you don't have to share the phone line. I remember downloading Linux 0.x via some old modem bank that still hadn't been upgraded in 1993. It did the job though.

3
0

JavaScript creator Eich's latest project: KILL JAVASCRIPT

tnovelli
Bronze badge

Re: Replacing readable code makes you more secure?

Quaint. If only you could convince all the devs to stop using minify/uglify...

0
0
tnovelli
Bronze badge

So I read Eich's actual blog... he freely admits it's become a cliche that JS is web assembly. This is actually a binary AST format for Asm.js, to cut the client's parsing overhead.

I share your scepticism, 1980s_coder. To paraphrase a line from yesterday's Elon Musk article, it's a shame that all these language designers are fiddling with the web instead of just designing a better language.

3
0
tnovelli
Bronze badge
Coat

Re: JS is the problem in the first place

While we're at it, let's dump ALL the Bad Parts (tm): DOM, HTML, XML, CSS... until all that's left are LLVM and some cross-platform 'native' APIs. Cross-platform apps! Wait, this sounds familiar *cough* Java *cough* ... but can we learn from those mistakes? Nah...

I was hopeful about JS and HTML5 a few years ago but it's not working out. On to plan C...

6
0

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

tnovelli
Bronze badge
Thumb Up

Re: Of course...

Actually it was, in a way. They made the laws, they set the budgets and policies... watering down crypto so NSA can spy on everyone more conveniently, and treating hacking as a law enforcement matter instead of a preventive security measure.

8
2

LastPass got hacked: Change your master password NOW

tnovelli
Bronze badge

The problem with LastPass and kin

1. They store your passwords on their servers; 2. Their servers can and do get hacked; 3. If you enter your master password when their servers are compromised, the hackers can decrypt all your saved passwords.

It's a significant risk. For anything beyond "silly social crap" you need a local app + file sync (or version control), compartmentalized with separate master passwords for different teams and security levels. Nope, there isn't a good answer for non-nerds.

2
0
tnovelli
Bronze badge

Re: KeePass

and KeePassX is open-src, runs on every desktop OS including Linux.

I've also heard good things about 'pass' - a commandline pw mgr that stores data in text files.

0
0

Cinnamon 2.6 – a Linux desktop for Windows XP refugees

tnovelli
Bronze badge
Trollface

Re: A very good choice

...or an obsolete version of Linux. Lookin' at you, Ubuntu and Fedora...

2
9

Google wants you to buy Nest CCTV, turn your home into a Brillo pad

tnovelli
Bronze badge

yep... google 'shodan'

0
0

Amazon turns up spectacularly late to 'transparency' party, pours a large one

tnovelli
Bronze badge

...smallpox spores

...mustard gas

...depleted uranium

0
0

Vintage Ask toolbar is malware – and we'll kill Jeeves, says Microsoft

tnovelli
Bronze badge

A little late, Microsoft

You could have blocked this crap 10-20 years ago, but you prioritized your profitable partnerships with these scum instead. Now everyone thinks you're scum too. (Me, I always did..)

11
1

Facebook: Your code sucks, and we don't even have to run it to tell

tnovelli
Bronze badge

And how many bugs remain undetected? Sure seems like a lot.

0
0

But... I... like... the... PAIN! Our secret addiction to 'free' APIs

tnovelli
Bronze badge

Not just free

You can't even trust them with APIs that cost big money. They'll drop 'em, or jack up the price 300% on renewal ...

2
0

I block, you block, we all block Twitter shock schlock

tnovelli
Bronze badge

I thought about filtering but decided I really wanted to block everything, so I just stopped using twitter.

0
0

Apple extends idiot-tax operation, makes devs pay to fix Safari snafus

tnovelli
Bronze badge
Devil

Malware Maker Safari Edition ... $666

Dummy app reskinning (offshore) ... $333

Yearly app store listing fee... $99

Owning mad noobs... priceless

2
0

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat

tnovelli
Bronze badge

Re: Seriously?

Well, how else are you gonna buy nice things with all that dirty money? Convert it to 'legitimate income' by paying taxes on it.

It's an old open secret that Uncle Sam loves money launderers, banksters, arms dealers, drug runners. One big happy family.

2
0

Apple to tailor Swift into fully open-source language – for Linux, too

tnovelli
Bronze badge

One language won't help much, given the mind-boggling array of different APIs.

0
0
tnovelli
Bronze badge

Exceptions??

No thanks. This sounds like a kitchen sink language, not a systems language. I'll look at it if it's on Linux but only to see what the hype is all about.

1
0

Fedora 22: Don't be glum about the demise of Yum – this is a welcome update

tnovelli
Bronze badge

Re: Gnome3

"It's not that bad" says an anonymous noob who cares about *terminal transparency*...

Gnome3 isn't bad from a casual user perspective, though it takes some getting used to. The problem is its web of dependencies, including systemd and its dependencies. This is a complex, fragile, un-adaptable system. Piss-poor engineering.

0
0
tnovelli
Bronze badge

Is DNF any faster than Yum?

Not that I care - Fedora's got bigger problems, like systemd.. no thanks.

2
1

EU-US safe harbour talks are lingering just outside port, says US

tnovelli
Bronze badge

Definitely not worth the paper it's printed on. It's basically a blanket exemption for US companies acting "in good faith". If there's a genuine effort to add teeth, it's only to cement the market position of Google and Facebook.

0
0

Hackers steal files on 4 million US govt workers

tnovelli
Bronze badge
Mushroom

Good point. And I don't see much point in casting blame. It's tough to keep any system secure, impossible for one as big and old as this. Everyone's info has presumably already been looted from one place or another anyway; we just don't know it yet.

2015: Year of the Datapocalypse

2
0

Wikileaks publishes TiSA: A secret trade pact between US, Europe and others for big biz pals

tnovelli
Bronze badge

Re: Wouldn't actually be all that expensive to keep data

DCs in every country of the EU? Unnecessary pain in the ass for the internet titans, and it means death for their future competitors. So no, no problem if you like corporate hegemony.

1
1

Dodgy colon bug is a total pain in the butt for Skype users today

tnovelli
Bronze badge
Facepalm

The one day I use Skype, this happens. Update, talk, crash, update again. And unlike EVERY OTHER TIME, it didn't ask "how shitty was your user experience?" after the call.

Where's the head-in-ass icon?

1
0

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

tnovelli
Bronze badge

Re: If selling certificates becomes like selling domains...

If? godaddy and all the domain registrars are already selling cheap certs...

2
0

Holy SSH-it! Microsoft promises secure logins for Windows PowerShell

tnovelli
Bronze badge

I started powershell by accident once. Took 10 seconds or so. LOL.

8
5

KFC takes legal axe to eight-legged mutant chicken claims

tnovelli
Bronze badge

Re: The red flag

They've already bred chickens to have humongous breasts. Apparently those varieties are so unhealthy they require antibiotics for their entire ~2 month lives. Mmmmmm.

0
1

Finally! It's the year of Linux on the desktop TITSUP

tnovelli
Bronze badge

They didn't have BEEELIONS like Shuttleworth.

4
0

Web tracking puts lead in your saddlebags, finds Mozilla study

tnovelli
Bronze badge

Re: A revelation

Even Adblock blocks most trackers (all but one on this site) IF you choose an appropriate blocklist. If these guys tried that, they neglected to mention it in their paper. Probably because it makes their own work look unimpressive.

0
1

Look out, Dixon! That there is a dangerously INTELLECTUAL cow

tnovelli
Bronze badge

How did all my fellow Linuxtards miss the sarcasm in that first COTW? Buncha hardcore 'spergs? Never seen Win8.x? Even XFCE has more bling than this throwback to the 80s. And in terms of technical fuckery, systemd's got nothing on it.

8
0

Celebrating 20 years of juicy Java. Just don’t mention Android

tnovelli
Bronze badge

Re: Alternatives? [and weird Java requirements]

Just put a shortcut/symlink to the binary on your desktop. Better than having Java.

1
0

Small WordPress sites leaking like sieves

tnovelli
Bronze badge

Re: There are benefits...

You can auto-update by running wp-cli from a cron job.

Dumping WP sounds like the best solution though.

0
0

Attackers target new XSS in millions of WordPress sites

tnovelli
Bronze badge
Mushroom

Yeah, this is easy to overlook - just a bit of JS in an HTML file. Only problem is, it's using unsanitized input from window.location.hash, and it's found in predictable locations on target sites. The hardest part of exploiting it is tricking an admin into clicking a crafted URL.

The WTFs are that the offending JS was newly added window dressing (it's not in the twentyfourteen theme's example.html) and that something so innocuous is enough to own WP or any CMS.

Nuke icon because WWW doomsday is coming...

1
0

Phablet for the biz fleet with easy typing: Microsoft Lumia 640 XL

tnovelli
Bronze badge

Re: Good idea

Have an upvote, even though I loathe Android and Ubuntu. Nokia actually had a few decent OSes, but alas... Microsoft.

The reason switching mobile OSes is such a pain: too much locked-down proprietary hardware, and douchebag manufacturers and carriers. OSdevers have better things to do.

1
14

Relax, it's just Ubuntu 15.04. AARGH! IT'S FULL OF SYSTEMD!!!

tnovelli
Bronze badge

That bored, huh? I've got better things to do. Mint MATE is working, not great, but better than my old pre-systemd Debian desktop. I can't imagine any improvement from systemd (which I've experienced in Fedora 17-18) or the Ubuntu stuff that Mint excludes for a reason.

1
0

Mozilla to whack HTTP sites with feature-ban stick

tnovelli
Bronze badge

And conversely, if you don't want spooks sniffing your metadata (say you're reading anti-goverment blogs in China, or merely NSFW at work) then HTTPS isn't enough. Hell, TOR isn't enough unless it's baked into the net so that using it isn't a red flag.

3
0

REVEALED: The 19 firms whose complaints form EU's antitrust case against Google

tnovelli
Bronze badge

You're probably right. Apparently I live in a remote oasis where Yelp is spot on - which surprises me. I've never seen another ratings startup that hasn't been gamed into irrelevance. As far as I can tell, most are outright pay-for-ratings scams.

heh... Yelp stock crashed 25% a couple days ago.

0
0

Wordpress munching contagion turns Linux servers into spam bots

tnovelli
Bronze badge

Re: Targeting platforms not OSes

Agreed, but you're too kind to PHP. The language is an unstructured mess of nifty features grafted on from real languages, wholly unfit for its sole purpose. Those other languages are merely crappy. Frontend JavaScript also plays a role here: botnets are exploiting XSS to gain admin access on WP sites.

WordPress is also egregious; I relented a few years ago and started working with it, thinking my opinion of it was too harsh... nope, it's far worse than I imagined. Why does everyone use it? It's a cult of noobs, feeding the hype cycle until they awaken, too late, to the monstrous reality of it...

2
0

Page:

Forums