* Posts by tnovelli

766 posts • joined 4 Feb 2011

Page:

Man killed in gruesome Tesla autopilot crash was saved by his car's software weeks earlier

tnovelli
Silver badge

> Yes, I read the article and others... other drivers slowed and avoided the truck

Thanks for pointing that out. Instead of "biting the hand.." as usual, this time El Reg left out some minor details that look bad for this technology.

- This "divided highway" isn't a freeway, it has intersections.

- The truck made a left turn from the oncoming left turn lane (think right turn, Brits).

- He should have seen it and anticipated that the trucker might turn in front of him.

- Time was 3:40pm on May 7 so glare likely wasn't an issue.

- "White truck, white sky" is the lamest bullshit excuse...

P.S. some of the other articles say a lot of other autopilot users reported that complacency is a huge problem, and the autopilot occasionally does really dangerous things like switching off during a lane change. Personally I would feel safer with a texting drunk driver at the wheel than ANY 'autopilot' or self-driving car. AI is bunk.

17
10

FCC starts running from cable box rip-off kill-off

tnovelli
Silver badge
Trollface

Pyrrhic victory

Doesn't matter. Cable TV is a burning platform :)

0
1

Apple, Amazon and Google are screwing us, warns Elizabeth Warren

tnovelli
Silver badge

Too little, too late.

Warren's officially a sellout now. Not that I ever believed the hype about her.

4
4

Fedora 24 is here. Go ahead – dive in

tnovelli
Silver badge

Re: Not good enough for my use.

@DCFusor - just sit back and watch the upvotes roll in once the shills move on to their next assignment and more real people dig into the comments. Tends to happen on the weekend.. you know, real jobs and all.

0
0
tnovelli
Silver badge

I do. I'm talking about all Linux distros. Fedora's on the 12-month end, CentOS and RHEL on the 24-month end. I have used all three. Not a lot; too much trouble on both ends.

LTS is a myth. It falls apart the moment you need to install a newer package that you can't even compile from source because, for example, it depends on a newer library you can't install without breaking something else. Sometimes you can sort it out if you waste enough time and/or skimp on security.

0
0
tnovelli
Silver badge

A 12-24 month rebuild/replace cycle is par for the course this decade. That goes for all Linux distros, server and desktop, bleeding edge and stable/LTS alike, including "good old" Debian. You might do better with CentOS, and I with FreeBSD... we'll see... but they all have to run the same apps/libraries/services, so I'm setting low expectations.

0
4

Microsoft releases open source bug-bomb in the rambling house of C

tnovelli
Silver badge

Re: C is not an applications programming language

It's a shame that null-terminated strings became the standard in C and most low-level APIs. Their slight space/speed advantage goes out the window when you do length checks.

C was a decent language that could've used an overhaul in the 1990s to address a few issues like this. Instead, we got the frankenstein monster C++.

0
0

So. Why don't people talk to invisible robots in public?

tnovelli
Silver badge

Re: I use it quite frequently

Way quicker than typing - on a 5" touchscreen, you mean?

0
0
tnovelli
Silver badge

Re: Elephant in the room

And they would need true intelligence to do decent speech recognition. Therefore speech recognition will always suck.

0
0

On her microphone's secret service: How spies, anyone can grab crypto keys from the air

tnovelli
Silver badge
Megaphone

Does it work when you're blasting heavy metal at >100db?

1
0

Google to kill passwords on Android, replace 'em with 'trust scores'

tnovelli
Silver badge
FAIL

On the shoulders of giants

This sounds quite similar to the credit card industry's fraud detection systems. Ought to work about as well too.

3
0

Gillian Anderson: The next James Jane Bond?

tnovelli
Silver badge

Re: " will have to to beat off stiff competition"

Meh. As double entendres go, this one's half-cocked and premature. Wait for a story where the double meaning is closer to the truth than the literal interpretation. The kind where you're halfway down the page before you realize "holy shit, that's fucking filthy - and hilarious!"

3
0
tnovelli
Silver badge

Re: Which way will a new Bond lean?

Hell yes - have you seen that series where she's investigating serial murders in Northern Ireland?

1
0

China caught astroturfing social networks

tnovelli
Silver badge
Trollface

Countertrolling 101

"Letting an argument die, or changing the subject, usually works much better than picking an argument and getting someone's back up (as new parents recognize fast)."

Therein lies the answer. If you see something, say something .... defensive, eh?

0
0

Facebook's turbo-charged Instant Articles: Another brick in the wall

tnovelli
Silver badge
Trollface

Re: Bah!

I assume the Reg staff use adblockers like the rest of us.

1
0

Google-backed solar electricity facility sets itself on fire

tnovelli
Silver badge

Re: Predicting Problems

"Safe alignment"? That would be due North, or face-down. That would require far greater range of motion than normal operation...

1
0

Hacked in a public space? Thanks, HTTPS

tnovelli
Silver badge

> In 2016? It's been a few years since browsers were showing the site's icon in the same place as they would show the padlock icon.

Firefox and Chrome, yes. Palemoon still shows a favicon in the url bar - with red/green/blue colors for various levels of HTTPS. Not that the average hacking victim would notice.

Just to be clear: as far as your privacy/security is concerned, HTTPS is worthless.

2
5
tnovelli
Silver badge

SSLstrip substitutes a fake "padlock" icon for the site's favicon. Crude but effective.

"SSL Inspection" proxies the victim through an actual HTTPS connection, so it's less obvious, but the attacker must install their own root cert on the victim's computer (corporate PC, or via malware, or via dumb PC manufacturers) - unless they've obtained the private key for a "real" root cert...

4
2

Dark net LinkedIn sale looks like the real deal

tnovelli
Silver badge

Yep - why change your password when there are a so many reasons to delete your account?

Networking is everything, but only the old-fashioned kind, not 'social networking' facilitated by these spam factory websites.

2
0

Google asks the public to name the forthcoming Android N operating system

tnovelli
Silver badge

Why candy?

Android Ketamine

Android LSD

Android Methamphetamine

Android ... Nicotine?

4
0
tnovelli
Silver badge

Re: Recycled Options

Android NothingHitlerDidWasWrong

3
0

Catz: Google's Android hurt Oracle's Java business

tnovelli
Silver badge

JAVA hurt both Oracle and Google

Anyone who's ever used an Oracle Java webapp knows what a mistake that was, and that's entirely Oracle's fault. By flooding the corporate world with that garbage, Oracle undermined Java's value. Maybe that was part of a plan to acquire Sun at fire-sale price, but that acquisition and subsequent lawsuit(s?) were the final nails in Java's coffin. What a greedy, boneheaded company.

I can only imagine that the Android devs chose Java in their formative years due to the popularity (among geeks) of JVM languages like Scala and Clojure at the time. LLVM would've been a better choice if its future had been more certain back then.

0
0

Free tool aims to make it easier to find vulns in open source code

tnovelli
Silver badge

Re: DevOps approach to Security

Lordy, but you people (Charlie Clark aside) do not understand code analysis.

I certainly do. Languages like JS, PHP, Python, Ruby, C/C++ are fairly opaque to static analysis. Fuzzing isn't the answer to everything either.

Auto-analysis tools are a machine gun approach to software defense; spray 'n' pray. Not a substitute for the (almost nonexistent) engineering that's so sorely needed.

0
0
tnovelli
Silver badge
Meh

DevOps approach to Security

I think I get why this is filed under Hype DevOps... because it plays to the idea that you can just write a ton of bloated crap code, run it through a few tools like this, and get secure software. Nope. You get... ImageMagick.

That's not to say you shouldn't bother with automated tools like this. But if they find ANY real security flaws, I'd say it's not enough to plug those holes. The software in question needs a thorough going-over.

3
4

Kill Flash now? Chrome may be about to do just that

tnovelli
Silver badge

Re: Off-topic (almost)

LOL, you want NoScript. It'll turn off 80% of HTML5 and break 99% of websites, and it's not exactly easy to selectively unblock scripts. Yep, it's 1999 all over again.

1
0
tnovelli
Silver badge

Re: "exempt the top 10 domains"??

Youtube has been working impeccably well WITHOUT flash for years.

In your parallel universe, maybe. But you can use youtubedown without flash or a browser...

0
1
tnovelli
Silver badge

Re: Google catches up to Apple, while Microsoft trails the pack

Hey - at least Microsoft gave the world a Flash replacement. It's called Silver light. ;-)

Was. It's already gone...

Adobe can play that game too: it's called HTML5. To be fair, Microsoft accidentally started it with an undocumented feature called XMLRPC (AJAX), and the Canvas API came from Apple, but a huge chunk of Web 3.0 crap is basically a Javascript port of Flash. (No wonder it's crap)

1
0

The fork? Node.js: Code showdown re-opens Open Source wounds

tnovelli
Silver badge

Re: "Then what?"

Moving the repo is easy but what about Travis, Coveralls, etc?

I never use the bells & whistles. Most of the git repos I work on are private and self-hosted.

Issues and pull requests would seem to be more important for open-source projects. I don't know. In practice, I see thousands of them in a few popular repos I track, which just confirms that those projects are hopeless clusterfucks. Is Github making it too easy?

0
0

ImageMagick hexed again

tnovelli
Silver badge

No silver bullet

It's interesting that Böck and others have tried fuzzing ImageMagick before, and didn't find ImageTragick, which is a pretty trivial vuln.

0
0

Marc Benioff apologizes as Salesforce NA14 instance goes TITSUP

tnovelli
Silver badge

Re: Power Supply Problems

Wild ass guess: since there are so few "instances" given the size of the company and the bloatyness of their SaaS, might they be using mainframes? I vaguely remember rumors that they were a poster-child for mainframes last decade; maybe they still are. And while mainframes would surely have dual-redundant PSUs, if one fails but the sysadmins don't notice or take their dear sweet time to replace it, then the other one fails... they're SOL. It's a proprietary replacement part. And it takes a courier about 12 hours to drive it down from upstate New York.

But what do I know? I use commodity 'cloud' hosting and I don't have to deal with problems like this... because they never happen.

0
0
tnovelli
Silver badge

Re: That's amazing downtime

If it knocked itself out, yes.

0
0
tnovelli
Silver badge

Re: Optional

God I hope so. I haven't been cajoled into doing any Salesfarce integration in over a year but I still receive crap data exported from it on a regular basis. Please just die, Shitforce.

1
0

Google asks Unicode to look over 13 new emoji showing professional women

tnovelli
Silver badge
Facepalm

emoji for "wankers"?

Like a lot of this decade's additions to Unicode, these don't belong in standard fonts. They're like hieroglyphics that no one has ever written by hand, with no common meaning or significance whatsoever.

Yesterday I was saying (not here) that UTF-8 text is a good archival format, in spite of some issues with bloat. I take that back. Unicode must die.

2
0

Huge embarrassment over fisting site data breach

tnovelli
Silver badge

I haven't checked my spam folder today but wouldn't be surprised to see a signup for this site. But I think IPBoard actually does email verification, unlike Ashley Madison.

0
0

ImageMagick exploits spotted

tnovelli
Silver badge
Alert

Patch AGAIN

If you applied the 5-line policy.xml patch, patch again. It's 9 lines now, per https://imagetragick.com/

Or uninstall ImageMagick and install GraphicsMagick (but test if you care; it's not 100% compatible)

1
0

Linux Mint to go DIY for multimedia

tnovelli
Silver badge

systemd

I knew this day would come. I'll stick with Mint 17.x until either Mint or someone else releases a no-bullshit distro that's not based on systemd. Or at least until systemd solves more problems than it creates for me.

And if every OS is utter crap by the time Mint 17.x reaches its effective EOL, it's time to get out of this business (again).

2
0

Experian Audience Engine knows almost as much about you as Google

tnovelli
Silver badge

Wide open. Hackers have been waltzing through all the CC bureau databases since the 80s, and I don't see security getting any better in the web/mobile age.

1
0

New Firefox versions will make you activate all new add-ons – except one hacker favourite

tnovelli
Silver badge
WTF?

Firefox lovers

What's with all the love for Firefox? I can understand hating it a bit less than Chrome, Safari, and IE/Edge... but only a wee little bit. Firefox ain't what it was 10 years ago.

6
0

Learn a scripting language and play nicely: How to get a DevOps job

tnovelli
Silver badge

Re: Dear ElReg

MORNINGTON CRESCENT!!!!

5
0

Crack'n'hack stack Phrack's back, Jack!

tnovelli
Silver badge

Re: Adobe Flash player bugs

Who needs Flash (or HTML5) when you can publish 80-column ASCII text files. The good old days... :D

1
0

Have Microsoft-hosted email? Love using Live Mail 2012? Bad news

tnovelli
Silver badge
Happy

Nope

Not affected in the least.

3
2

Commercial software chokkas with ancient brutal open source vulns

tnovelli
Silver badge

Re: What?

But how many commercial devs give a shit? They hide their GPL infringement behind their closed source.

Which makes GPL more of a burden on the "good guys" than on the "bad guys". BSD/MIT FTW.

0
0
tnovelli
Silver badge

Re: In fairness...

Code reuse is a basic requirement of software development

Code reuse was last century's Holy Grail of software development. We pretty much found it, but there's a catch: it's poisonous.

It's a requirement for the Agile(TM) Rapid(TM) programming-lite "development" of Cheap and Bloated software.

Thing is, most useful software seems to fall into two classes, A) small throwaway scripts not shared with the world, and B) highly polished applications relying upon a conservative set of stable OS/library code (and high-quality specialized hardware in some instances).

0
1

Jailed hacker 'Guccifer' claims Hillary server gave him spillery

tnovelli
Silver badge

Inarticulate

Yeah, this Fox story is all hand-waving, no substance.

Still, Hillary's own spin on this is enough to convince me. "I never emailed classified documents through that server" and so on (left unsaid: "I spilled the beans in my own words"). She's as bad at lying as she is at opsec. On the bright side, if she wins the election, move over Snowden - she'll be the greatest Leaker In Chief EVER.

3
0

Siemens Healthcare struck by rebranding madness

tnovelli
Silver badge

Doctorow may be the world's foremost authority on Clickbaitineeriing.

5
0
tnovelli
Silver badge

I worked on a rebranding project that actually was necessary. The company's old name sounded like a commodity; I'd heard it in ads for years without realizing it was a brand. But they put a lot more thought into the new name than these "Healthineering" hacks :)

2
0
tnovelli
Silver badge
Trollface

Re: If only...

Me, a commenteer? No.

Them "imaginatards". Them "healthintards".

3
0

Server-jacking exploits for ImageMagick are so trivial, you'll scream

tnovelli
Silver badge

Re: Lest we forget

Sorry for the downvote, but text formats are anything but inherently safe. Text parsing is one of the trickiest things to get right. Even a simple format like PNM could conceivably be used for an exploit, especially if you're using dozens of obscure tools.

0
0
tnovelli
Silver badge

Re: Who's using ImageMagick on the server?

Last decade I switched from PIL to GD to ImageMagick because of image quality, in spite of their inferior APIs and code quality. A few clients/employers thought PIL in particular looked worse than other sites; I did some comparisons and they were absolutely right.

And, PIL and GD have not seen much improvement (or security patching?) since then. Although I just noticed there's a fork of PIL called Pillow.. anyone using that?

0
0

Router hackers reach for the fork: LEDE splits from OpenWRT

tnovelli
Silver badge
Thumb Up

Re: You say downside, I say upside...

I'm glad to see these forks. Debian has the insurmountable bureaucratic and architectural problems one should expect from a huge 2-decade-old FOSS project. OpenWRT (and DD-WRT) look pretty sketchy as OS distros go. I realize part of the problem is the profusion of more-or-less proprietary consumer router hardware, but I'm not at all surprised to hear about the political/bureaucratic issues.

If they want to do different things, they should just fork off and do different things. Competition is beautiful.

1
0

Page:

Forums