172 posts • joined 4 Feb 2011
it's a meta-basket!
I don't mind using cloudfront but I keep my servers elsewhere.
Re: A simple patch on Linux
No you can't... not in Debian 7 64bit, anyhow. Flash/Chrome crashes galore. What distro/version are you running?
Nice POS, shame if someone were to pwn it
Isn't this just a preemptive form of ransomware?
Who's commissioning the most sophisticated malware... nation-states, or this freaking shadow-government industry?
Yep... by default, pending comments appear right on the admin dashboard so the administrator can approve or delete them. If you can inject script tags there, it's game over.
@ Trevor Pott:
Nice theory about the benefits of a mature ecosystem and plugins and all, but that's not the reality of WP. The core CMS is a bloated rat's nest full of bugs and dodgy practices (soft-fail, functions that second-guess their arguments, etc). The plugin/theme interface is "everything is global, you can do whatever you want, but please use our poorly documented monkey patching hooks". It doesn't matter how secure WP core is - any plugin can undermine it. Even the official WP repository is full of shoddy plugins. Few users possess the knowledge (or time) to choose wisely.
Most WP sites I've seen have so much custom code that they might as well be written from scratch. When you have to copy-and-modify half of the login/signup code to make the client happy, it makes you wonder if you're really gaining anything from a ready-made CMS.
If the #1 CMS did just the few things WP does well, built on a solid architectural foundation, then you'd have a point.
WP's handling of this vuln/update is another red flag. First, they downplayed the severity in their update notice, saying a "contributor or author" could "compromise" a site, versus the apparent reality of total ownage by random commenters. Second, the update broke a bunch of sites & plugins; people are screaming about it on WP forums, questioning the wisdom of auto-update.
"Static" sites just keep looking more and more attractive...
Flash crashes constantly in Chrome 35+ on Linux (Debian 7 at least) i.e. ever since the switch to PPAPI. Chrome itself (and Chromium) has been almost unusable all year. Yayyyyy Google.
Re: Lots of fat to cut from their budget
We won't have to wait 2 years to find out how Mozilla's faring. Layoff annoucement coming in 3... 2... 1...
Supposedly it's so pricey in silicon valley, the facebookers' and googlers' $100k salaries are barely enough to survive... certainly those who moved from elsewhere and were forced to pay market rates for housing. 100k salary, 50k taxes, 40k rent... ouch.
So if you're a bus driver making 30-40k, you won't find affordable housing within an hour's drive.
Re: Do I understand this?
This provides no better authentication than self signed certs. If Mozilla and Google want encryption everywhere, authentication be damned, they could just tweak their browsers to quit bitching about self signed certs.
Re: What are they thinking?
Yes, there's no reason for the discrepancy. Sales tax is a can of worms. Offline sales should be tax-free as well.
Unfortunately that can only happen if we repeal the 16th amendment. Hmmm.... "Repeal the war tax" just might work.
SSL lib quietly patched
Is Microsoft just catching up to the round of fixes OpenSSL got in the months after heartbleed?
For all we know, SChannel could be a proprietary fork of some old version of OpenSSL.
Interesting that Microsoft's XML libs still have security bugs. Same deal in Linux; a few libxml2 security patches this year. Normally one would expect more robust libraries for a (lamentably) near-universal 15-year-old file format.
But we always knew XML was shit.
Teach 'em good
Having never used an iPhone, it took me a while to realize why I started getting unreadable MMS messages toward the beginning of this year. Only workaround is to reply "didn't get that.. please turn off iMessage and try again". Arrrgh.
Google should take note as well - Android phones do something similar but only when texting to multiple recipients... so it's even harder to guess why.
may contain systemd
Too radioactive for me.
As a Linux admin, the only thing I dread is being expected to run these former Windows cloud systems.
Re: Ubuntu etc too?
I was thinking trojans, drive-by downloads, the sort of attacks that have been biting casual Windows users for 20 years.
Downvoted?? Apparently I rattled the Ubuntu fanboy contingent, all 2 of them.
Ubuntu etc too?
The way all these Apple-aping OSes use Sudo makes it easy to trick people into entering their passwords.
Great. Fix the UI and I might like it. If it's actually fast and light, non-devs will flock to it in droves, then we'll almost have to use it.
I was using Chrome mostly, but new versions are unusable on Linux, crashes all the time. Midori is getting better, could be the nicest open-src browser if they plug the mem leaks.
Could always switch to mobile app dev...
Re: Hosting/Bandwidth Costs?
I figure $3m (say £2m) for 2 billion views, or $0.0015 per view. That's based on 50MB for a 720p MP4 video, served via CDN at $0.02/GB.
Re: You can get an add free youtube already...
Sure, but if they say I've gotta log into Google+ AND fork over ten bucks a month, it's not happening. The crap on that site isn't worth real money.
And that's a good thing indeed. It'll give other, ah, unprofessional video sites a chance to compete.... finally.
Re: So remind me how these two tally up?
Just change your SSID everytime you reboot or replace your router, I guess.
Re: "I'm not a moon landing denier by any means, but I still ponder about how we got men to the moon and back over 40 years ago and yet these days even getting things up to a low Earth orbit is a problem."
It was a relatively sane and optimistic time in America... less distraction and communication overload and software fragmentation, very little automation. Engineering was basically done by hand, and all of it checked and rechecked by humans. Now we're in a 1-step-forward 2-steps-back situation with regard to tech.
I wasn't around back in the day and I'm no rocket scientist, but I've perused enough new and old civil/mechanical drawings to get a feel for quality standards over the years: excellent from the early 1900s to the 80s, then CAD came along and we got sloppy... too busy fussing with our tools to do our work properly.
I've also done just enough government work to see how government agencies and contractors function (loosely speaking). Top-down decision making by unqualified politicians and bureaucrats with budgets beyond their comprehension. Technical staff who show up from 9 to 5, do what they're told, and don't ask questions, or just kill time. This isn't new but apparently it's been getting worse as governments become bigger and more controlling.
Good thing they waited for the sailboat to get out of range.
And a UI that people don't hate. Hint: Chrome and Win8 are not role models.
Won't work on Linux... unless you're downloading something - like Firefox - directly from the source, because you don't want the version from your distro package repository. Central control is a half-ass solution to security.
DNS MUST DIE
Not only is it contrary to the principle of a decentralized internet, it just plain sucks.
No DNS, no ICANN.
It's gotta be one word in Hungarian.
And corporate IT departments will disable most of the new security in order to continue running 1990s legacy apps for at least 20 more years.
Re: So fork, then
Ahh yeah, sysvinit was fine until Debian devs came along and broke out all those tiny scripts and symlinks in order to build a service configurator GUI that real sysadmins never bother with. All that needless indirection was enough to keep me away from Debian for 10+ years. ArchLinux is a breath of fresh are but unfortunately way too bleeding edge for me; package updates usually break things. So I use Debian-stable because it's relatively stable and doesn't force me to use dbus, pulseaudio, etc.
Dependency hell is my biggest fear with systemd. If there are dependencies like nginx>systemd>dbus that's a problem. Every unnecessary daemon is just wasting resources and opening up gaping security holes. Yup, there was a big one in dbus a couple months go...
I really don't care about all these efforts to improve Linux/*nix. It'll never be a good OS for desktops, servers, phones, drones, or anything. NEVER. I just make do with it until something better comes along.
Re: Ummm, no.
Driverless car "Takes you to your destination"
...or a dark, deserted underground carpark where __________ awaits you...
People are idiots to use technology they don't understand, for anything that matters. Closed source? Pass. Open source but the code is tl;dr? Pass. That's ~99.999% of useful software.
Someday, maybe, we'll use dedicated secure comm boxes running a minimal, auditable, inflexible OS. Like phones without all the 'smart' crap. I think people are prepared to accept that tradeoff, but the current network protocols and file formats (pdf, docx, html even) are too inherently complex to allow for a simple enough implementation.
Bad idea to run all your traffic through Tor anyway. Web beacons, gadgets calling home, auto updaters... they'll make it easier to de-anonymize you.
Just run Tails, with its privacy-enhanced Firefox, in a VM. That's about as anon as you can get.
Re: rant-like journalism
Nothing wrong with rants in a tech tabloid. Nice rant, Trevor! :D
Who hired Elop?
Board members and/or major shareholders must have actively sought a Microsoft buyout, right?
Makes sense... Two big old companies with too much bureaucracy and a lack of vision at the top. Sad to lose Nokia's competent handset business though.
Re: P K
Haha, screw that. Tell them what they really need to do is convince Congress to unfuck us. Pass a law making CCs and SSNs and all such 'secret numbers' null and void for legal/financial purposes.
I think the permutations she refers to are IE6, IE7, IE8, IE9.... those are crap, and the newer IEs aren't that great either.
Put it another way: the competitive landscape would not be significantly diminished if it was down to Firefox and chrome.
Aren't these the same guys who gave us Design Patterns?
It's not that hard to find developers without ethics. Look at them all cranking out cheesy F2P kiddie games with in-app purchases, for one example. They're everywhere. It's up to users/buyers to avoid them.
8 IPs != DDoS... and a small DoS is all you need to take out a typical WP site.
Re: Is diaspora shrinking?
Diaspora was the right idea, but too ambitious feature-wise and not simple enough to setup and maintain, AFAIK. If at first you don't succeed....
Re: Gigabit over copper?
I'm thrilled with 30/5 Mbps but as a freelancer, more bandwidth is *always* better.
Do the math
It probably takes an upstart cut-rate VPS provider 6-12 months to pay off its hardware, maybe 2-3 years to turn a profit. I'm running bloated friggin LAMP+Java stacks on it (most of the world runs at least 5-10 years behind the leading edge) and I can't complain about price or performance or uptime... It does one thing well... It's the best ever. AWS costs more but offers more. So I'm not worried about its profitability.
Re: Interesting list of vulnerabilities
Or at least use FlashBlock if you must have Flash.
Re: The measure of Poverty
Yep, if you're below our Federal Poverty Level in the US, you're in pretty miserable shape. It happens to be ~25% of median. Public benefits are stingy too.
Our socialists simply talk about "ending inequality". Last I heard, anyway. Unfortunately it's working for them.
Re: Have lots of ideas, try them out
But this is a case of "Have a supremely bad idea, try it, fail, then RAM IT DOWN USERS' THROATS".
Thanks for the tip
Wait 5 years, then bitchslap Google. Two problems solved.
All 100% true. That said, there are ways to reduce the load... php-apc (python-like bytecode caching), CDNs, nginx & php-fpm instead of apache, nginx or varnish "static" page caching, memcache for the WP "transient cache", mysql tuning. Only takes 1 or 2 of those tricks to make WP run pretty snappy if it's not bogged down with crap plugins.
Just call it 3.10
You can do that, you know.
Eh, no thanks. We're OCD. But we'll roll out some major backward-incompatible changes in 4.1 and 4.2.
Oh Salesforce... you make Microsoft look awesome.
Re: There's a simple solution - fork Wikipedia
Yep. Fork it, flag the existing WMF-licensed pages, and start writing new content.
This is nice and all, but why bother with legacy Google when you can use not-Google?
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...