Feeds

* Posts by tnovelli

98 posts • joined 4 Feb 2011

Page:

Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade

tnovelli

Re: Memory growth in v29+ on Win 7

Yeah, FF 29 broke Firebug 1.12, so you need 2.0, but there have been serious bugs in that too. 2.0.2 came out last week; maybe that's the long-awaited fix.I can't confirm, as I reverted to FF 24 when 29 came out, and I shifted to Chrome for development earlier this year. In that time I've learned that Chrome has some nasty bugs as well. Screw 'em all.

1
0

50,000 sites backdoored through shoddy WordPress plugin

tnovelli

Re: Old news - WordPress is a disaster

WWW is a huge pile of fail. FTFY.

And we keep coming back for more....

0
0

UK government officially adopts Open Document Format

tnovelli

Consumers?

It's up to document producers (also known as government bureaucrats) to lead the way.

0
0

NEW, SINISTER web tracking tech fingerprints your computer by making it draw

tnovelli

AdBlock

Just subscribe to the Privacy / Tracking / AntiSocial filter lists. No "like" buttons, no GA, no AddThis... it's beautiful.

0
0

US judge: YES, cops or feds so can slurp an ENTIRE Gmail account

tnovelli

I have a folder called "crack dealers".. as of 2 seconds ago. It's full of recruiter spam.

2
0

Programming languages in economics: Cool research, bro, but what about, er, economics?

tnovelli

Re: @Charles Manning

I would use APL if it was nicely integrated with today's software environments. Modern languages suck at vector math. NumPy feels like the cumbersome Python bolt-on it is. I'll take the funny symbols any day.

I wrote a little APL frontend to NumPy a few years ago, and someone made one for Javascript. But just setting up the keyboard layout is a chore, and there's a lot more to it implementation-wise, and I've got a million other things to do...

0
0

NSA man says agency can track you through POWER LINES

tnovelli

Re: "You would need a tap on every one of thousands of transformers..."

No you wouldn't, not if you're already tapping millions of microphones.

I doubt it's precise... maybe state- or country-level accuracy. Useful for tracking an elusive whistleblower, though.

0
0

VC who wants to split California REVEALED as Silk Road Bitcoin slurper

tnovelli

Re: Splitting California

It's true, the poorer parts of California (and NY and MA, where I've lived) would be better off without the big cities which tend to leech off them. (Maybe that's why they're poor, eh?)

Also true that Bitcoin is more stable than some countries' currencies.

0
0

Oh SNAP! Old-school '80s Unix hack to smack OSX, iOS, Red Hat?

tnovelli

Re: Confused...

We all make mistakes... especially when we're in a hurry.

2
0

AVG: We need laws to stop biz from tracking our kids

tnovelli

He's probably right

Software like AVG can't do much about social engineering, and so far at least, it hasn't been very effective against tracking and malware. Laws are ineffective against hackers and malware, but a company selling apps or running websites is an easy target for enforcement IF the law is clear. I wouldn't get my hopes up, but I'm not opposed...

[Edit:] A law against data mining would be a can of worms. Simply saying "you can't ask for certain personal info" woud stop the most egregious behavior.

1
0

MONSTER COOKIES can nom nom nom ALL THE BLOGS

tnovelli

Bingo

Yup, servers can't properly fix this. If they accept unlimited cookies they'll get DoS'd. There's no way to skip long cookies without receiving and parsing them... for example:

GET /archive/2014/06/browsers-are-total-crap

...most of the important headers...

Cookie: <100 MB of garbage>

Connection: keep-alive

Cache-Control: max-age=0

I suppose a server could stop after ~80k of cookie and ASSUME those last two headers are the only ones after Cookie, but that seems dodgy.... and more importantly it would block POSTs from commentards.

0
0

Boffins untangle why your software builds fail

tnovelli

Re: Errm, Richard...

I find that life's easier when I use a stable linux distro, even if I have to build a few things the old fashioned way. This is especially so with music/audio, where the apps are rapidly improving (and some aren't even included in distros yet) but you want to stick with an older kernel because the new ones keep breaking things. Even in webdev work, given the choice between an outdated package or config-make-install, I'll sometimes choose the latter. I'm used to it. :D

1
0
tnovelli

It gets even better

No web devs here? So many levels of hell now....

- configure-make-install hell

- linux package dependency hell

- php/python/ruby/nodejs package system hell

- wordpress plugin hell

- browser bug/feature hell

- frontend javascript mix'n'match hell

- css's own special hell

- 3rd-party SaaS soup hell

0
0

Mozilla to cram a full web-dev IDE inside Firefox browser

tnovelli

Re: Marvellous.

Yep.. 10 years ago Firefox was JUST a browser, and it was great.

WebIDE looks like a training environment for Firefox OS mobile app creation. Try it out, then graduate to a grown-up webdev env, or iOS/Android. Should be a separate addon like Firebug.

2
0

Expert view: What is the forecast for cloud backup?

tnovelli

Re: how much data loss can you afford?

Definitely. So many idiots out there giving advice to basically do what Code Spaces did. Encrypted S3 backups don't do any good if your crypto keys and S3 credentials are sitting there on your highly hackable webserver.

0
0

YouTube will nuke indie music videos in DAYS, says Google exec

tnovelli

Re: An opportunity for the competition

Nice thought.... but most of them are already dead. Since this article was posted, one more (Pixorial) announced it's shutting down. Vimeo, Metacafe, Dailymotion, and Clowdy are about the only ones left in the running, and that's quite a stretch.

If all you care about is the music, sites like BandCamp and SoundCloud and Jamendo are competitive with Youtube.

2
0

Tech companies are raising their game (and pants) post-Snowden

tnovelli

"secure and private internet protocols, which balance legitimate access to law enforcement"

Whoa there! Protocols are either 100% secure, or not secure at all. Law enforcement backdoors are unacceptable. Cops can do detective work the old fashioned way, and find physical evidence. Electronic evidence should be inadmissible in court anyhow; it's too easy to forge.

2
1
tnovelli

Were they all in denial?

Am I the only one who *expected* the NSA to be tapping fiber optics all over the world? It's a logical step from the telephone and radio interception they've done for decades. Mark Klein confirmed it in 2006. Paying or intimidating private companies into handing over customer data? Credit card companies were doing that 20 years ago.

I'm only surprised at how amateur these guys are. The DUAL_EC_DRBG standard. The internal Sharepoint crap. The powerpoint slides where they brag about how 'l33t they think they are for doing script-kiddie hacks. The woeful lack of internal security...

5
0

Docker blasts into 1.0, throwing dust onto traditional hypervisors

tnovelli

Not convinced

As a sysadmin this sounds nice to me in theory, but as a programmer I'm afraid it will usher in a new era of platform dependence.

...as in "This website is only known to run on CentOS 5 (i386) with PHP 5.2, Python 2.1, Ruby 1.8.42, MySQL 5.1, and OpenSSL 1.0.1d"..... what could possibly go wrong?

0
1

Indie record labels to haul YouTube before the European Commission

tnovelli

Yeah! I find all kinds of stuff on there... mostly amateur recordings and bootleg concert videos from before I was born, which seem to pass below Google's indie-label-extortion radar.

But why Youtube? Why isn't there a blogosphere for music/video? There should be.

0
0

Linux Foundation flings two full-time developers at OpenSSL

tnovelli

Re: LibreSSL

LibreSSL is a stripped-down fork of OpenSSL, not a from-scratch alternative. Given that the SSL protocol itself is pretty flawed, the LibreSSL approach seems like the best compromise for now.

3
1

TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'

tnovelli
Mushroom

Replacement?

1. Ideally you understand all the crypto algorithms and write your own software, as simple as possible. You write your own OS, compiler, everything. You fab your own CPU and chipset.

2. Too hard? Ok, download something from the internet, examine the source code until you understand every line of it and know for a fact that it's flawless, and compile it yourself. Do that with the whole OS. Audit your hardware, somehow.

3. Still too hard? YES. You're screwed. Assume all electronic devices are 100% insecure.

3
0

Google's SPDY blamed for slowing HTTP 2.0 development

tnovelli

Re: WWW cannot be saved

No, do you? NSA fucking loves SSL.

Dat false sense of security...

0
0
tnovelli

WWW cannot be saved

Just search 'spdy issues' and you'll find plenty. A big one is that SPDY *requires* SSL/TLS in order to bypass proxies.

Glancing at the mailing list, I see Poul catching flak for other proposals, like "get rid of cookies", which would be great but break ~99% of websites. Thing is, mandatory SSL/TLS is also unrealistic. If that's in HTTP 2.0, most of the web will stay on 1.1.

And SSL/TLS is a security & management nightmare which should be deprecated ASAP, not enshrined in the next generation of protocols.

But anyway, this is all an exercise in turd polishing. The entire WWW is a rough prototype, long overdue for replacement.

2
3

Help. Mailing blacklists...

tnovelli

Re: Don't

"E-mail is dying in the water anyway. Within five years, it will be unusable"

That's what devs thought 10 years ago. Didn't happen. We know email's got issues but I'd like to see you invent a decentralized communication system that does any better when *everyone* is using it. But if you want to do something *useful*, the world needs better email readers after 10 years of neglect.

2
0

Graphics pros left hanging as Adobe Creative Cloud outage nears 24 hours

tnovelli

Is this any indication of the reliability we can expect from the new Firefox DRM by Adobe?

7
0

Oracle vs Google redux: Appeals court says APIs CAN TOO be copyrighted

tnovelli
Thumb Up

Re: Protecting interface monopolies = bad

I cannot upvote this enough. Open source and standards haven't stopped the bullshit. We need *constitutional rights* to interface with any API, file format, protocol, signal, plug, socket, pipe, or whatever - without anyone's permission.

12
0
tnovelli

Re: Probably the death knell of the "industry"

Scarcely relevant, yet they regularly ruin lives and good work. Why do we as a society allow lawyers and judges to make decisions they're totally unqualified to make?

I see an upside - maybe, just maybe, developers will stop using 3rd-party APIs willy-nilly.

0
4

Vint Cerf wanted to make internet secure from the start, but secrecy prevented it

tnovelli

who's calling who authoritarian?

"[Snowden's] revelations about NSA spying tactics are assisting authoritarian government"

^^ seems to me he's undermining authoritarian government in Washington DC.

9
0

Moneybags pour shower of gold on new mega-precise GPS system

tnovelli

within an inch?

When I was surveying in ~2005, it was possible to obtain quarter-inch accuracy with GPS if there was a CORS station (basically another GPS at a known location, logging its deltas online) within several miles. This was high-end gear, of course.

0
0

Google Chromecast: Here's why it's the most important smart TV tech ever

tnovelli
Megaphone

fuck streaming

I've been talking to some friends about this crap, and we aren't impressed. The internet is unreliable, and for many of us, always will be. We want simple DRM-free downloads so we can watch movies uninterrupted, at full quality, now and in the future. That is all.

3
1

Microsoft's earnings down on slow Windows sales, Surface RT bust

tnovelli

Re: rename Office 365 to office 420

I think that's right. 420 = police code for "smoking dope".

0
0

Report: Android malware up 614% as smartphone scams go industrial

tnovelli

i.e. consumers are morons

My Android phone arrived with malware pre-installed. So did the Win8 machines I hooked up the other day. And that's just what the manufacturers and carriers install. ALL the app stores are full of sketchy stuff. Almost as bad as warez sites. If you don't know what you're doing you're screwed no matter what.

5
0

Play the Snowden flights boardgame: Avoid going directly to Jail

tnovelli

the problem with boats

...is the US Navy. They would have weeks to find him, then it's a simple matter of stopping the ship in international waters and taking Snowden off it. Shooting down a commercial airliner isn't an option... even our government isn't *quite* that despotic yet.

0
2

Internet pioneer Vint Cerf predicts the future, fears Word-DOCALYPSE

tnovelli

rasters

PNG and TIFF (caveat: use a standardized codec) are decent for long-term storage. Most of the public records I've seen are black-and-white TIFFs with CCITT G4 compression (like faxes). These are things like property deeds and engineering drawings, stamped and signed by a bunch of people then scanned. Everything else gets thrown away after a few years, especially the Word docs and CAD drawings. Pretty decent system.

0
0

Microsoft splashes big bucks to blast Google Apps

tnovelli
Thumb Down

It'n Youtube, eh?

Downvoted by me and 930 others :)

0
0

Domain registrar attacked, customer passwords reset

tnovelli

I heard about it from name.com first, so that's good.

The passwords probably ARE one-way hashed - they should be - but weak passwords are still vulnerable to dictionary cracking. And a LOT of people use weak passwords. (Sheesh, you should see some of the admin pw's I've seen on EMR systems...)

0
0

Microsoft says Google trying to undermine Windows Phone

tnovelli

Now if only...

...Google could create a Youtube Android app that doesn't suck...

2
5

The year GNOMES, Ubuntu sufferers forked off to Mint Linux

tnovelli
FAIL

Re: @Mark Shuttleworth: Comments Of An Ubuntu User

LOL. "Professional" = Excel macros

You want to have it all... Canonical and Redhat and SUSE haven't been able to deliver half of that between them in 10+ years. Security and Excel macros - that's a perfect example of two things which cannot coexist.

0
0

New York takes 2,100 pervs offline, gets gaming support

tnovelli

Re: Wait a minute

"New York has the kind of extra money laying around to play "whack-a-mole" with online pervs?"

Work zone speed traps

0
0

Valve chief confirms Steam-centric console-killing PC

tnovelli

Re: I don't want to use bloody Linux

Windows is a piece of shit, but it's not as fragmented as the Linux distros. It's like Obama vs Romney.

0
1
tnovelli

Of course they'll use a builtin GPU in a console-like mass-produced PC. Either they'll convince a board maker to include a GPU with enough oomph, or design a custom board. Doesn't *have to be* proprietary or expensive (but chances are it will be, more or less)...

0
0

Is this the sleek new BlackBerry mobe that will save RIM jobs?

tnovelli
Thumb Up

UI "not the coolest but by far the most productive"

I hear that. Android and iOS... suck ass (hey, I'm sticking with the RIM jobs theme!)

Now bring back the QWERTY keyboard...

0
0

Linux kernel dumps 386 chip support

tnovelli

Re: 486?

The 486 has a few MMU features the 386 lacks, notably page write-protect in kernel mode. That's probably the source of the complexity Linus was referring to. Could be the new instructions and builtin FPU too.

2
0

That square QR barcode on the poster? Check it's not a sticker

tnovelli

QR codes are so 2011

However, anyone who still thinks they're cool is a prime victim.....

0
0

I've got the 'fastest growing THINGY ever', boasts Google+ chief

tnovelli

Re: LOL, more misguided crap from idiotic writers

I use it. It's not too bad, because it doesn't have many users. If everyone comes over from Twitter and Facebook, G+ will be just as bad. It's already slipping.

0
1

Adobe's revenge on Steve Jobs: HTML5

tnovelli

html5 dev tools = browser & text editor

Adobe loves to make everything too complicated. People know to stay away.

P.S. html5 is NOT vapourware. It's a DRAFT standard, like every other relevant internet standard. Yeah, it's got issues, but if you're only supporting recent versions of Chrome/Safari/Firefox, it's probably the least crappy viable platform out there today (which isn't saying much...)

1
0

One week left before US faces clamp down on piracy

tnovelli

Go ahead

OMG, what'll we do if Comcast boots us off the internet? Wash the dishes, take out the trash... save $70 a month... stop ordering crap from Amazon... play music... do sports... maybe even write an OS...

0
0

Mozilla needs to find alternatives to the Google umbilical

tnovelli

marketplace.firefox.com ??

Mozilla could be making money from JS apps right now. Unfortunately the effort is behind schedule. Wow, they finally opened it up to the public... but so far no desktop apps or paid apps.

0
0

Patent flame storm: Reg hack biteback in reader-pack sack attack

tnovelli

'Trivial and obvious'

The Apple patents in question, e.g. tap-to-zoom, are both trivial and obvious, while a patentable invention must be neither. This is sadly typical. Companies use dodgy patents to contrive artificial brand distinctions.

Perhaps the patent system could be saved, if all these lame "how you use it" patents were summarily invalidated, leaving only a few "ingenious mechanism" patents. But our Congress is incapable of fixing laws. So I'm in the anti-patent camp. I'm tired of living in a litigious society. I am an inventor at heart... but I decided not to waste my life inventing products that'll embroil me in legal proceedings and ultimately be shot down by bogus patents.

Could innovators compete without patents? Sure - on implementation, quality, efficiency, business practices, marketing, etc. Brilliant ideas are a TINY TINY factor in the success of a product.

2
0

Page: