* Posts by tnovelli

547 posts • joined 4 Feb 2011

Page:

Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months

tnovelli
Bronze badge
Coat

Re: the way it goes

Yeah... sinking ship. Can we get an icon for that? Should get a lot of use this year.

1
1

This is why copy'n'paste should be banned from developers' IDEs

tnovelli
Bronze badge

Re: Size doesn't matter

The K&R version: magic numbers, implicit int type, no superfluous args...

main(){return 0;}

1
0

Reports of Twitter's death greatly exaggerated, says CEO

tnovelli
Bronze badge
Mushroom

Re: I hope the death of Twitter is not exaggerated

I recall a similar announcement about Firefox a few weeks before it was officially shitcanned. Here's hoping Twitter follows suit...

0
0

FTC: Duo bought rights to Android game – then turned it into ad-slinging junkware in an update

tnovelli
Bronze badge

Small fries

These guys must be small fries. This update switcheroo bullshit is rampant in appstores. But you don't hear about regulators going after the big crap-app developers or Google, Apple, Microsoft, Facebook, Amazon...

2
0

Mozilla officially kills Firefox OS for smartphones in favour of 'Connected Devices'

tnovelli
Bronze badge
Joke

Re: > we can make the biggest impact in IoT.

Mozilla OS - that's one way to nip the IoT in the bud!

0
0
tnovelli
Bronze badge

I knew it

It's dead, dead, dead.

As for Ubuntu phones, I had a nightmare about that 3-4 years ago. Walked into a Verizon store in a mall, agonized over the crappy choices, walked out with a dim, grainy, cheap feeling Ubuphone that made me want to cry. Seemed implausible in the heady days of 2012 but now, sadly prescient.

0
0

Cruz missile slams into DNS overlord ICANN over Chinese censorship

tnovelli
Bronze badge

Where to draw the line?

I'm pretty sure ICANN is also complicit in US internet censorship.

12
0

Z-z-ZAP! Salesforce.com reveals Lightning release and price hikes

tnovelli
Bronze badge

Thank you sir may I have another!

Keep raising those prices... AFAIK companies are already skimping on SF licenses. If this convinces them to drop it altogether, it'll make my life easier!

1
0

Software devs' new mantra: Zen dogs dream of small-sized bones

tnovelli
Bronze badge
Thumb Up

Spot on IMHO

All the points and numbers in this article concur with my experience in freelance team webdev work. 1-3 month projects seem to work best (aim for 1, expect 2-3), along with occasional small updates/fixes on live sites.

The longer a project goes on, the more time it takes to keep track of everything up in the air - diverging codebases, db schemas, artwork, server config changes... which leads to more friction and bugs at deployment time. We forget things. People change jobs. Other projects push long-running projects onto the back burner. That's more than enough to erase any gains to be had by queueing up changes.

1
0

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

tnovelli
Bronze badge

JSf**k

Sounds like a variant of Brainf**k. Never thought I'd see a practical* application for that programming language!

*practical for crooks

0
0

Slashdot, SourceForge slurped by travel publisher

tnovelli
Bronze badge

Re: Sourceforge is the best, bar none

Viruses, wow. Yesterday I noticed that UBlock Origin blocks *.sourceforge.net as a "Badware site". Ouch.

3
0
tnovelli
Bronze badge

Re: Sourceforge is the best, bar none

Sourceforge always sucked; it was merely the first and only service to host opensource version control, until better ones came along.

Now you can host git+ssh on any old VPS. As for support tools (bug tracking, mailing lists, etc), good luck. Don't get too attached because you'll be switching every year or so. And don't expect opensource to magically fill the gaps. It's extremely difficult to develop & maintain community websites. I, for one, have better things to do.

1
3

EU agency warns of cyber risks from using big data tools

tnovelli
Bronze badge

The headline

Says it all. Could be a wake-up call for bigdata/SaaS addicts.

0
0

Chip company FTDI accused of bricking counterfeits again

tnovelli
Bronze badge

Re: Not counterfeit

The fact that you need to buy a USB ID from a monopoly organization is a fatal flaw in USB.

4
4

'Unikernels will send us back to the DOS era' – DTrace guru Bryan Cantrill speaks out

tnovelli
Bronze badge

Re: Unikernel, No-kernel, whatever

No, quite the opposite. All a hacker has to do is break into a container through an old unpatched hole, and look for valuable data or stepping stones to other systems. Unikernel is even better for hackers, if every exploit yields full access to the container.

Also, containers are a poor abstraction for systems-of-programs. The Unix architecture doesn't have a good solution, so we're stuck with bolt-on kludges like this until we get a new architecture.

0
0
tnovelli
Bronze badge
Facepalm

Unikernel, No-kernel, whatever

This is OK in limited circumstances: stateless embedded devices, game consoles, audio/video workstations (maybe), and under virtualization -- ONLY IF the application has no access to sensitive data AND any data you wouldn't want to lose (savegames, recordings) is securely+reliably stored elsewhere, in a storage system that assumes the client is pwned. Essentially that means NEVER.

Containers are a kludge for people trying to run a "system stack" (ie. Linux, Nginx, MySQL, PHP 5.3, Nodejs 0.10.x - note that those are insecure outdated versions) as an "application" in a single process under another Linux system where they can't easily install those old versions. Generally they're just trying to make it work, they don't know or care what's inside the container, and they don't know the risks of data leaks or privilege escalation. Dangerous.

0
2

Medical data experiment goes horribly wrong: 950,000 records lost

tnovelli
Bronze badge

Re: The problem with the health care industry

Healthcare came long before IT, and was never very computerized until the big EMR and insurance-for-all push of the last decade or so. Take away the profiteering and you still have a computer-illiterate culture.

I would also point the finger at governments, for A) monopolizing funding, B) collecting everyone's personal data, and C) the war on encryption (together with their toadies Oracle, Microsoft, et al). This wouldn't happen if OS vendors made it easy for terrorists, criminals, and doctors to encrypt stuff.

1
3

Linux Foundation quietly scraps individual memberships

tnovelli
Bronze badge

Re: Time to switch to a BSD?

Let's hope PCBSD doesn't lead to the Ubuntuzation of FreeBSD, though. Making it too easy, at the cost of underlying complexity bloat, is what killed Linux.

1
0
tnovelli
Bronze badge

Re: Disappointing

Gnome was always one of the worst offenders for dependency bloat. If they dropped systemd it must be because it *really* sucks, not because they found their missing engineering sense under the sofa cushion. Those guys are software sophists through and through. They should just throw in the towel and go work for Apple.

4
2
tnovelli
Bronze badge
Coat

...exclamation point!!

Already got my coat, walked out the door, now settling in at that joint across the street with the pitchfork-wielding daemon mascot :)

Stick a fork in that penguin-arse and turn it over, it's done.

9
1

AI pioneer Marvin Minsky dies at 88

tnovelli
Bronze badge

Also invented the confocal microscrope, used in all kinds of neat stuff from LASIK to the Bluebrain Project. This guy was the da Vinci of our times.

10
0

Show us the code! You should be able to peek inside the gadgets you buy – FTC commish

tnovelli
Bronze badge

Re: fat chance

Seems to me that most MCU code isn't valuable IP at all, just some simple control logic and perhaps some libraries for USB, wifi, etc. When that's the case, why waste time locking down the code?

Ok, you might be reliant on 3rd-party proprietary libs, or worried about patent trolls scanning your code for reasons to sue you, or covering up something dishonest (like VW), or bound by [moronic] regulations to prevent users from modifying safety/regulatory controls, or following the time-honored tradition of milking customers with exorbitant fees for simple repairs and modifications.

But I think embedded will be flooded with new developers who don't give a damn about any of that, who see a competitive advantage in transparency, moddability, geeky loyal customers with IT $$$ to burn, and leveraging [often crappy, yes] open-source libs to reduce development costs... FWIW.

1
0

How to save Wikipedia: Start paying editors ... or write for machines

tnovelli
Bronze badge
Mushroom

It cannot be saved

Wikipedia and cloned pages dominate the search results for any sufficiently obscure subject. The articles are sloppy and factually suspect [try it yourself]. It's not even a useful starting point when it lacks important citations. But it's all you'll get. Wikipedia is turning the 'serious' side of the internet into an echo chamber. It's knowledge-spam.

What I really want to see, in general, are different opinions on a subject, not Wikipedia's synthesized 'consensus facts'.

Where objective facts are concerned, I want a Git-style distributed knowledgebase with a robust chain of attribution - links to sources, copies of content, and change history.

2
2

You, yes YOU: DevOps' people problem

tnovelli
Bronze badge

> So you're a marketer.

Ever since starting my career as a programmer, and through being an industry analyst, strategist, and, now, marketer

Yep, that's where I stopped reading. Well actually, my BS early warning system keyed on "analyst" first. A cursory skim through the article confirms it was not a false alarm.

This article says absolutely nothing of substance regarding Devops.

1
0

MariaDB hires new CEO with code daddy Monty in as CTO

tnovelli
Bronze badge

Re: Robert, a wee paranoid?

I've been running MariaDB for a couple years, no problems (other than being a fork of a poorly designed DBMS which is still infinitely better than the wannabe CMS that depends upon it) - knock on wood.

Oracle, dear sweet Oracle... why would they sabotage a low-end open-source product they own in name only, which has 2 or 3 popular forks they don't control, which isn't an appreciable revenue source for them? I would ask, why not? They're greedy cutthroat bastards who do that kind of thing everyday before breakfast. They make Microsoft look saintly.

1
0

Someone please rid me of this turbulent Windows 10 Store

tnovelli
Bronze badge

Re: Search

It's really not difficult these days to set up your own fulltext search engine... there's Solr/ElasticSearch/Lucene in Java land, Xapian in C++, maybe a few others. But apparently it's pretty impossible if you insist on working in Microsoft-land.

6
0

SpaceX: launch, check. Landing? Needs work

tnovelli
Bronze badge

If a Falcon 9 explodes when it tips over after a gentle touchdown, it'll definitely explode if you just drop it in the ocean. Solid fuel rockets burn completely so they don't have that particular problem.

1
0

Dialog box shut: Now Microchip is set to gobble up Atmel

tnovelli
Bronze badge

Re: PIC

JAL.. dear god, no. That's what I mean about being like wordpress. Half-assed crap like this, all over the place.

1
0
tnovelli
Bronze badge

Re: Missing the point of Arduinos

Just use assembler, sounds about right. I was going to help a friend with PIC programming last year but I didn't know where to start with the toolchain. Decided PIC* is the Wordpress of embedded (blind leading the blind and all that). Just use AVR assembler... if I get around to it... if Microchip doesn't ruin everything.

*Yes... one could compare Arduino to Wordpress... but not AVR.

0
0

Nest thermostat owners out in the cold after software update cockup

tnovelli
Bronze badge

My boiler and mercury thermostats (and wood stove) have been running at >99.999% uptime for 30 years. Extremely low-maintenance. I see no reason to "upgrade" to new crap to squeeze out an extra 5-10% efficiency. Gonna keep those babies going as long as possible.

0
0

Video game retailer GAME in email marketing FAIL

tnovelli
Bronze badge
Devil

Spammer Protip

Get on as many of these marketing lists as you can, and set up a .procmailrc rule to extract all the Cc: address. MUAHAhahaha!!!

Marketard protip: just use friggin' MailChimp, Mailgun, Constant Contact... it's cheap, it's easy, and some of your drivel might actually make it out of the recipients' spam folders.

0
0

Engineer's bosses gave him printout of his Yahoo IMs. Euro court says it's OK

tnovelli
Bronze badge

Re: Expectation of privacy on company supplied systems in the workplace.

> Yes I think the best way to describe such a work place corporate culture would be

... a hostile work environment. (I've been there. Boss was reading a coworker's personal webmail. Creeped everyone out.)

2
0

2015's horror PC market dropped nine per cent

tnovelli
Bronze badge

Re: Wearing mine as I write.

> Sorry but who wants to be tied to a desk any more? Anyone?

I do.

I can't tell if that's sarcasm, but seriously: Why would I want to bring my work everywhere I go and try to do it with a small touchscreen and lightweight CPU, when I can sit down at my desk, bang it out 10 times faster, and take a proper break?

3
0

Whatever Android-ChromeOS mashup looks like, it's gotta be better looking than this

tnovelli
Bronze badge
Facepalm

Looks familiar

Ah yes... looks like Ubuntu's Unity.

They tried. It sucked. Now someone else is trying it again.....

0
0

Microsoft’s Revolution Analytics buy pays off, Linux-based R Server launched

tnovelli
Bronze badge

R Language, R Services.... how about just using a stats lib for whatever language one normally uses?

Being a language geek, I've looked into R briefly... IIRC it's slow, adhoc, and its syntax doesn't even offer any particular advantages over a lousy run-of-the-mill general purpose lang. It's only popular because a bunch new-to-programming stats geeks latched onto it a couple decades ago. Am I right?

1
6

Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods

tnovelli
Bronze badge

Re: When will the horror end?

Voice of experience speaking: "the browsers all suck"

I wouldn't touch SVG for games, when there's an immediate-mode equivalent: Canvas API. For a stupid web game that doesn't push the performance limits of a phone/tablet, it's fine. The bigger obstacle for most people coming to HTML5 from Flash is async resource loading. You can punt by embedding all your resources in one HTML file (audio+images in base64 data:// urls) but if that ends up being more than a few MBs in size, give up.

0
0

T-Mobile US boss John Legere calls bulls*** on video throttling claims

tnovelli
Bronze badge

It's not throttling

Network bandwidth is maxed out, and the wireless link speed is severely degraded due to extreme distance to the nearest available tower, but there's no throttling. Is that what he means?

0
0

Firefox will support non-standard CSS for WebKit compatibility

tnovelli
Bronze badge

Re: I'm sorry.....

Some of both. But with the shit that browser makers are throwing at us, even good programmers are bound to fumble quite a bit.

0
0
tnovelli
Bronze badge

Re: I'm sorry.....

Dev/design shops don't have the resources to do everything properly. Sites need to be built in a timely fashion, and updated to meet rapidly shifting requirements from all sides... which requires developing primarily in one browser (latest Firefox or Chrome), relying on a lot of 3rd-party code, and then debugging other browsers as an afterthought. There's a ton of outdated, preliminary, erroneous, and obfuscated documentation to sift through as well. And experienced devs and designers tend to burn out, so even big-budget projects are understaffed. And that, in a nutshell, is why we're in this mess.

1
0
tnovelli
Bronze badge

Re: One day we'll look back and see

Webkit IS the platform.

1
1
tnovelli
Bronze badge

Oh what the hell. If it reduces the pain of web development in the web's dying years, go for it.

Now, Microsoft/Apple/Google, how about you guys add support for the new/experimental/convenience Javascript features (String.trim, String.startsWith...) that Firefox so "thoughtfully" added without an opt-in compatibility switch...?

2
1

Furious Easyspace customers moan about 'random' site outages

tnovelli
Bronze badge

Re: Cause?

My guess: Easyspace uses Linode infrastructure?

0
0

Irked train hackers talk derailment flaws, drop SCADA password list

tnovelli
Bronze badge

First world problems

Over here in America, we don't need hackers to derail our shiny new medium-speed trains. I'm always hearing about derailments and emergency track closures on the main northeast rail lines. All it takes is a rockslide, a neglected track, an engineer with a smartphone...

0
0

Linode: Back at last after ten days of hell

tnovelli
Bronze badge

The rest of the world will just have to stop running botnet-friendly OSes if it wants to see our, umm, botnet-friendly PHP sites again.

In the meantime, those who know what they're doing can use proxies, if it's that important to them. And I expect that anyone running 'important' sites on Linode - or DigitalOcean, Vultr, AWS, Azure, etc - will soon be adept at migrating to another VPS host when their current one falls over.

0
0

Trustworthy x86 laptops? There is a way, says system-level security ace

tnovelli
Bronze badge

Re: What is the weakest link?

> there aren't enough hours in the day to do all that. This means I have to depend on and ultimately trust others to help out.

If people would lower their expectations it would be doable. And you can rely on others if you can check their work. That's standard practice in engineering, surveying, accounting, lots of professions... but not IT.

I figure nobody will give a damn until there's an epic existential tragedy... i.e. millions die as a direct result of blindly trusting IT.

1
0
tnovelli
Bronze badge
Thumb Up

Re: Trusted storage

That's basically what I've been thinking. Separate (or separable) hardware for compute and storage. Preferably redundant local and remote storage, which doesn't need to be trusted if the compute device encrypts everything sent to storage.

I don't think she's paranoid enough though. On x86 (and ARM, MIPS, etc), system-level software can see your decrypted data in RAM, and there's no way to verify that no system-level malware is running. It's a black box. So I say, use x86 for fun and games, and a slow-but-trustworthy compute device for communications. Implement it entirely in FPGA. Or discrete TTL chips (not particularly difficult). Of course, even a 7404 chip is a black box, as are most display & input devices. The ultimate solution is a DIY-friendly manufacturing process, from raw materials to finish. Until then, trust no electronics.

4
0

Cache-astrophic: Why Valve's Steam store spewed players' private profiles to strangers

tnovelli
Bronze badge

Re: Gaming's not much fun any more

I haven't used Steam enough to notice that you can't play a game while it's downloading updates. WTF, really?

At least some of us are still making offline single-player games... and not releasing them half-finished...

3
0
tnovelli
Bronze badge

Re: There have been many mistakes caused by caching...

> Sensitive billing information should be delivered from a secure source down a secure pipe into the recipient's browser

Nice thought, but CloudFlare is doing really funky stuff - essentially MITM - to cache requests for what *appears* to be a direct SSL connection to a site (unless you view the cert). Presumably other cache/CDN services like Akamai and Amazon are doing the same. All in the name of convenience and "ENCRYPT ALL THE THINGS!!!!!"

I think the web's days are numbered. HTTP is just a glorified anonymous-FTP protocol, designed to transfer static files without the overhead of logging in and holding a TCP session open. Dynamic content, scaling, decentralization, encryption, authorization, authentication, privacy, and security in general, were all afterthoughts. It's only going to get worse until these crappy old protocols bite the dust.

1
0

Brian Krebs criticises PayPal’s security as authentication flaws exposed

tnovelli
Bronze badge

"But he didn't lose money"

Just watch your accounts like a hawk, don't sleep or do holiday things, and you'll be fine. Mmmkay.

You know what else I hate about Paypal? Having to answer trick questions for every purchase. "Would you like to pay for this using your PP balance? Would you like to pay for this by signing up for a PP credit card?" Enough with the bullshit already!

2
0

Beyond iTunes: XML boffins target sheet music

tnovelli
Bronze badge

Re: Multiple standards?

There are no standards in music anyway, not the kind that everyone agrees on. A=440, equal temperament, 12 notes per octave, 7 (or 5) of those 12 to form a scale, repeats and jumps, straight 8ths or swing rhythm... that's just Western Music Theory 101. It amazes me that 500 year old music is totally readable, but the level of standardization is minimal.

ABC is fine for melodies. Lilypond is slightly better for polyphony. Musescore is so much easier, though, especially v2. But all they're all too awkward for a lot of keyboard/guitar/drum music with polyphony that doesn't fit the software's concept of "voices" - one of those ancient concepts that's less rigid than programmers realize. No doubt MusicXML suffers from this flaw, in addition to being XML. Dear God, I hate XML. After 20 years, XML parsers still aren't secure or consistent. It's hopelessly complex.

My rule of thumb: Handwrite for human players. Piano-roll editor for MIDI. Notation software for professional-quality printing/publishing. Audio recording for accurate reproduction.

2
0

Page:

Forums