* Posts by tnovelli

291 posts • joined 4 Feb 2011

Page:

Look out, Dixon! That there is a dangerously INTELLECTUAL cow

tnovelli
Bronze badge

How did all my fellow Linuxtards miss the sarcasm in that first COTW? Buncha hardcore 'spergs? Never seen Win8.x? Even XFCE has more bling than this throwback to the 80s. And in terms of technical fuckery, systemd's got nothing on it.

4
0

Celebrating 20 years of juicy Java. Just don’t mention Android

tnovelli
Bronze badge

Re: Alternatives? [and weird Java requirements]

Just put a shortcut/symlink to the binary on your desktop. Better than having Java.

1
0

Small WordPress sites leaking like sieves

tnovelli
Bronze badge

Re: There are benefits...

You can auto-update by running wp-cli from a cron job.

Dumping WP sounds like the best solution though.

0
0

Attackers target new XSS in millions of WordPress sites

tnovelli
Bronze badge
Mushroom

Yeah, this is easy to overlook - just a bit of JS in an HTML file. Only problem is, it's using unsanitized input from window.location.hash, and it's found in predictable locations on target sites. The hardest part of exploiting it is tricking an admin into clicking a crafted URL.

The WTFs are that the offending JS was newly added window dressing (it's not in the twentyfourteen theme's example.html) and that something so innocuous is enough to own WP or any CMS.

Nuke icon because WWW doomsday is coming...

0
0

Phablet for the biz fleet with easy typing: Microsoft Lumia 640 XL

tnovelli
Bronze badge

Re: Good idea

Have an upvote, even though I loathe Android and Ubuntu. Nokia actually had a few decent OSes, but alas... Microsoft.

The reason switching mobile OSes is such a pain: too much locked-down proprietary hardware, and douchebag manufacturers and carriers. OSdevers have better things to do.

1
14

Relax, it's just Ubuntu 15.04. AARGH! IT'S FULL OF SYSTEMD!!!

tnovelli
Bronze badge

That bored, huh? I've got better things to do. Mint MATE is working, not great, but better than my old pre-systemd Debian desktop. I can't imagine any improvement from systemd (which I've experienced in Fedora 17-18) or the Ubuntu stuff that Mint excludes for a reason.

1
0

Mozilla to whack HTTP sites with feature-ban stick

tnovelli
Bronze badge

And conversely, if you don't want spooks sniffing your metadata (say you're reading anti-goverment blogs in China, or merely NSFW at work) then HTTPS isn't enough. Hell, TOR isn't enough unless it's baked into the net so that using it isn't a red flag.

3
0

REVEALED: The 19 firms whose complaints form EU's antitrust case against Google

tnovelli
Bronze badge

You're probably right. Apparently I live in a remote oasis where Yelp is spot on - which surprises me. I've never seen another ratings startup that hasn't been gamed into irrelevance. As far as I can tell, most are outright pay-for-ratings scams.

heh... Yelp stock crashed 25% a couple days ago.

0
0
tnovelli
Bronze badge

Yelp is the only useful one on the list. Everyone running a US business in the last 5 years remembers Google's blatant campaign to eat their lunch by incorporating business reviews into Maps and G+. If that's not abuse of dominance I don't know what is. I wouldn't say it worked here, but maybe it did in Europe.

0
2

Wordpress munching contagion turns Linux servers into spam bots

tnovelli
Bronze badge

Re: Targeting platforms not OSes

Agreed, but you're too kind to PHP. The language is an unstructured mess of nifty features grafted on from real languages, wholly unfit for its sole purpose. Those other languages are merely crappy. Frontend JavaScript also plays a role here: botnets are exploiting XSS to gain admin access on WP sites.

WordPress is also egregious; I relented a few years ago and started working with it, thinking my opinion of it was too harsh... nope, it's far worse than I imagined. Why does everyone use it? It's a cult of noobs, feeding the hype cycle until they awaken, too late, to the monstrous reality of it...

2
0

Microsoft: It's TRUE, you'll get Android and iOS apps in WINDOWS

tnovelli
Bronze badge
FAIL

Fragmentation++

Windows 8 already has an identity crisis. This won't help.

Useless for iOS/Android testing because it's not the real thing. I would be surprised if Apple's and Google's own apps don't refuse to run on it. There'll be compatibility problems too.

MS store is still a joke, right? Nobody needs another stupid app store.

0
0

Comments considered harmful: WordPress web hijack bug revealed

tnovelli
Bronze badge

Re: Mitigation...

You can get owned by a ~200-char comment.

1
1
tnovelli
Bronze badge
Coat

Re: Ah Comments.

Don't forget to block the retarded 'pingback' stuff. I saw a few XSS attempts coming in through that backdoor.

I'll get me coat... had enough of WP's crap security and emergency updates.

0
0

Surgery-bot can be hacked to HACK YOU TO PIECES

tnovelli
Bronze badge

Re: Surgery Via A Stallite Link???

Not to mention, satellite links can be hacked.

0
1

Google TUGS Nexus 7-INCHER from its online store

tnovelli
Bronze badge

Yep, it's a great size, beautiful screen, just needs a better OS. I stopped at 4.4 and performance is so-so, and Android just ... sucks. I'll have to put Cyanogen or something on it if I want to get a decent lifespan out of it. Which I do, seeing how nobody's making anything I like these days.

4
1

NASA guy to White House: Be really careful with that HTTPS stuff

tnovelli
Bronze badge

That's Velv's argument, and I'll second it. The web is not the internet - no need to play ball with bureaucrats who insist it is. Let their censored networks become useless.

0
0
tnovelli
Bronze badge

Re: bureaucrats rather than techies

Tried the load balancer approach recently. Good idea, should've been easy, but no such luck.

1
0

Google it onna Google phone onna GOOGLE NETWORK. MVNO plan imminent

tnovelli
Bronze badge

Ting has sprint+tmobile now too, though not on the same SIM. Neither network is as good as Verizon's out here, but at $6/mo per device with volume discounts for increased usage, that's a trade I'm happy to make.

0
0

JavaScript CPU cache snooper tells crooks EVERYTHING you do online

tnovelli
Bronze badge

Re: I've got it now.

I did that a few years ago, if you want to call it a screensaver. Probably not the first.

I've attempted enough JS game programming to have a pretty good idea how this attack works. Create a TypedArray containing the OS keyboard driver structure for each key. Every ~50ms, read them all, measuring each access time. If it's fast, and it was slow last time, that key was just typed.

Countermeasures: type your pw super fast. Transcode 5 videos at once to bust the cache. Stop everything to stagnate the cache. Run a program that simulates random key/mouse event structures used by all common OS drivers and other programs that handle keyboard input (good luck with that). Dump passwords in favor of keys, biometrics, etc.

This could be the Tacoma Narrows Bridge of future computer engineering 101 courses. :)

7
1

Post-pub nosh neckfiller: Tortilla de patatas

tnovelli
Bronze badge

Re: Success!

I used just enough oil... strained the excess back into the pan for step 2. Turned out just fine.

0
0

America was founded on a dislike of taxes, so how did it get the IRS?

tnovelli
Bronze badge

Re: Nail -> head - missed totally.

My town is actually very good about potholes, plowing, parks, drinking water, and hopefully broadband soon. I don't have a problem with paying property tax. It's not the fairest but it's simple and non-intrusive.

The IRS and the state income/sales taxes, on the other hand, require mountains of paperwork and as discussed below, are really starting to undermine basic human rights worldwide. These taxes were banned by the US constitution for good reason. Unfortunately those protections were trashed in WW1 and we're still suffering 100 years later. WTF.

1
1

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

tnovelli
Bronze badge

Is this the plan?

1. Deprecate the CAs

2. We'll stop laughing, maybe

3. ???

4. Encrypted connections to ALL privacy-invading websites!!!

0
0

A MILLION Chrome users' data was sent to ONE dodgy IP address

tnovelli
Bronze badge

Re: This is the problem I have with auto-updates generally

Exactly... Chrome/Android apps already have a reputation for abusing auto-updates to foist adware and malware.

The Android (and Chrome?) permission system is a complete joke, too. Updates can grab additional permissions within a group - approx location -> precise location for example - without notice to the user.

9
1
tnovelli
Bronze badge
Facepalm

Took long enough

This issue was well known in WordPress ... WordPress!!! ... forums a few months back. Of course, a bunch of those people stuck their heads in the sand. And they hold the keys to a bazillion websites.

If the Chocolate Factory actually produced poisoned chocolate, billions would've died by now. But it's only privacy at stake...

Sit back and enjoy the trainwreck :D

3
0

FBI to WordPress users: patch now before ISIL defaces you

tnovelli
Bronze badge

Re: Requires a valid nonce?

@Robert, unfortunately your outdated knowledge is closer to the truth. I recently had a look at WP's perverted nonce code, and... it's NOT a cryptographic nonce (number used once). You can use it as many times as you want for 12-24 hours. Seems near worthless for security purposes.

1
0

Google takes ARC Welder to Android, grafts on Windows, OS X

tnovelli
Bronze badge

Ewwwwww

As I remarked yesterday, Android apps are 99% crap. I'd rather run vanilla Linux on Android hardware, thank you.

2
1

Google cracks down on browser ad injectors after shocking study

tnovelli
Bronze badge
WTF?

Only 200?

I'm pretty sure the amount of crap extensions is closer to 99%. Same with Android apps.

General rule: if I can't read the code, I don't install it.

2
0

Feds cuffed for allegedly PILFERING Silk Road drug souk's Bitcoins

tnovelli
Bronze badge

Re: Will there be a jury trial?

Nah, these guys know the game is rigged. Also, considering public opinion of cops these days, they're practically guaranteed a conviction on all counts. Et tu...

0
0

CIOs: What tech will be running your organisation in 2020?

tnovelli
Bronze badge

4K finally(?)

And the same old shitty software, with more eyecandy and bugs.

0
0

Cross-dressing blokes storm NSA HQ: One shot dead, one hurt

tnovelli
Bronze badge

Re: Blaming it on the SatNav in ... 3, 2, 1

"Siri, where can we get some Mead around here?"

6
0

GitHub jammed by injected JavaScript, servers whacked by DDoS

tnovelli
Bronze badge

Will browsers finally ban cross-site JS?

I can see CORS becoming mandatory for JS this year... Chrome and Firefox start it; site owners jump to keep their analytics working; IE9-and-under users have to upgrade. That would break half the internet, but if this kind of attack becomes rampant it'll break the whole thing.

1
0

$23m to a WordPress biz? Why top-end hosting is big money

tnovelli
Bronze badge

Alternative headline:

High-end hosting biz needs VC marketing money to chase low-end growth market.

There goes the high end.

1
0

Flak for Slack chaps in yak app hack flap: User database whacked

tnovelli
Bronze badge

Re: Few missing questions

They didn't even tell users to change passwords, just said they use bcrypt which is one-way. Uh huh, sure.

This doesn't surprise me given their primary userbase: wordpress users.

0
0

Get off Facebook if you value your privacy, EU commish tells court

tnovelli
Bronze badge

Safe Harbor is a joke

I actually looked into it years ago when working on a website to market US crap to Europe. Basically it exempts US companies from most EU privacy laws. All of them, if you consider that it's enforced by our Commerce Dept which really doesn't give a flying fuck about your rights.

0
0

Microsoft open sources MSBuild, aims for cross-platform dev tools

tnovelli
Bronze badge

CMake FTW

CMake is pretty nice for cross-platform C++. Beats the hell out of VS; I can't imagine MSBuild being much better except that it's not(?) tied to a friggin' IDE.

2
1

Noobs can pwn world's most popular BIOSes in two minutes

tnovelli
Bronze badge

Cut to the chase

Security starts with chip fabrication and involves every bit of code in every little peripheral microcontroller. So maybe when "silicon printing" becomes as accessible as 3D printing is today, security will start to become practical... for 1970s-PC-level hardware barely capable of encrypted text messaging. One would need to learn enough about circuits and VLSI to verify that the schematic matches the mask matches the finished product under a microscope. Think that's too hard? You haven't done web-dev lately...

The endgame, decades from now, is 100% open hardware *and* software that's simple enough to give end users real control. If anybody ever cares about that...

0
1

Facebook unveils P2P moola-to-mates payment feature

tnovelli
Bronze badge

Oh

I'd have to install their mobile app and give them my CC#... hell no.

Besides, most of my FB friends live within throwing distance :)

2
0

OpenSSL preps fix for mystery high severity hole

tnovelli
Bronze badge

Re: Conspiracy of Optimism

Nah, we hate our own crap code. However, we hate other people's crap even more. Some of us, anyway, sometimes. Most coders don't give a shit.

3
0
tnovelli
Bronze badge

Re: "has to be written in C"

You can write crap code in any language, yep. I worry more about PHP, SQL injection, and XSS than I do about OpenSSL. Of course that's because I don't pretend it's possible to build secure websites.

To be fair, I see tons of security patches coming through for C libs used in web servers/browsers; those concern me. It's too bad that C didn't evolve a bit further before becoming the de facto standard systems language.

2
2

Big Data shocker: Over 6 million Americans have reached the age of 112

tnovelli
Bronze badge

Re: Or, just *maybe*

lol.. the conspiracy theorists are way ahead of you. That's exactly how I first saw this story, days before The Register picked it up.

1
0

Well.That.Sucks: New rude dot-word sparks outrage

tnovelli
Bronze badge

If it.sucks is taken, you'll just have to take it to the next level... it.sucks.ass perhaps.

In all seriousness, this tld is going to suck. What are the chances that the first person to register a this.sucks domain is going to be a good critic of said thing?

2
0

'Get your privacy policy down to one page': AVG CEO throws glove down

tnovelli
Bronze badge
Thumb Up

Re: One page?

Wow, it is long. Marketing fail, hahaha

1
0

Kaspersky claims to have found NSA's 'space station malware'

tnovelli
Bronze badge

Re: Even better idea.

I'll take a guess... management run Windows (evidenced by all those leaked PPT slides) and the techies are forced to use a clunky locked-down Linux distro that doesn't have all the latest security patches, let alone patches for the secret vulns NSA created/discovered. This is a government agency we're talking about.

8
0

Ad bidding network caught slinging ransomware

tnovelli
Bronze badge

I suspect that a lot of ad networks are run by sketchy people, so it's no surprise if they allow outright criminals to use their services to distribute spam and malware.

So ought there be more laws against this? No, we just need more secure systems/networks.

1
0

Never escape the boss again: Salesforce tracks down your best people any time, any place

tnovelli
Bronze badge

Oh darn,

The person you really need to talk to isn't in this system because your company didn't deem them worthy of a license fee. Not that they have time for this shit, anyway...

0
0

Grab your pitchforks: Ubuntu to switch to systemd on Monday

tnovelli
Bronze badge

Re: oh well

Hackers will find a way to edit binary logs, or simply delete them. Remote logging is the proper solution for that.

Huge text logs are actually pretty manageable. If they're up in the gigabytes range, you're probably running a huge internet empire and already remote logging to a central cloud database. But that's overkill for the other 99.9999% of users.

0
0

'If cloud existed decades ago, backups wouldn't have been developed'

tnovelli
Bronze badge

shhhhh...

Mainframes didn't exist in the sixties! We're not reinventing them even worse than before!

6
0

Firefox 36 swats bugs, adds HTTP2 and gets certifiably serious

tnovelli
Bronze badge

Re: Color management

Good question. Works for me, on Linux at least. Check your about:config - if you have old custom settings for gfx.color*, try the defaults.

0
0

Errant update borks Samsung 850 Pro SSDs

tnovelli
Bronze badge

Aargh

I got an 840 *and* an 850 a couple months back. If Samsung doesn't come up with a fix that doesn't involve transplanting my SSDs into a Windows box I'm just gonna wipe 'em, give 'em to some kid who's got time to patch 'em, and replace them with Intel SSDs, and blacklist Sammy for a few years.

1
0

Bad dog! PrivDog chews HTTPS, hurls clear text

tnovelli
Bronze badge

Comodo

....should lose its root cert for doing this. Browser vendors could revoke it unilaterally.

And then there'll be, what, 2 major SSL CAs? And when their conflicts of interests come to light, there'll be zero, and SSL will finally die.

Wishful thinking, I know...

3
0

Page:

Forums