* Posts by Tomato42

347 posts • joined 31 May 2011

Page:

Intel infosec folk TEE off open source app dev framework

Tomato42
FAIL

real question...

Does it help with buffer overflows?

No? Then not interested.

What's the point of checking if the code is signed if the code is still coming from Adobe?

We need to "trust" all CAs in operation in TLS and we know this is bad, so now we're going to trust all big software makers. How exactly does that make the situation better?

0
0

IETF updates TLS/SSL best practice guidance

Tomato42
FAIL

Re: Maybe the IETF should visit Redmond

you mean, like here: https://support.microsoft.com/en-us/kb/245030 ?

0
0

Killer ChAraCter HOSES almost all versions of Reader, Windows

Tomato42
Linux

Re: Does this also ...

actually, you can have rootless X for some time now, dunno how many distros default to that

4
0

Why is it that women are consistently paid less than men?

Tomato42
Joke

Watch out for the pitchforks!

This is a heated debate, not a cold reasoned calculation!

<insert calls to patriarchy, discrimination, etc. here>

5
4

Stealing secret crypto-keys from PCs using leaked radio emissions

Tomato42
Headmaster

technically speaking it is news

it's certainly not newsworthy, I'll give you that

7
0

Chrome, Debian Linux, and the secret binary blob download riddle

Tomato42
Facepalm

the world is changing, get over it

2
44

British banks consider emoji as password replacement

Tomato42
Windows

New most common password

And the most common password isn't 1234 any more, its

:) :) :( ;)

8
0
Tomato42
Trollface

Re: I'm still trying to wrap my head around

Chimps communicate using grunts.

Doesn't make the communication any meaningful outside their social circle, but it's useful enough to attract a mate and get rid of competition.

9
0

LastPass got hacked: Change your master password NOW

Tomato42
Boffin

salt just needs to be unique, 256 bit one is beyond overkill, it requires there to be 2^128 accounts before the chance of two salts repeating comes into 50% probability territory.

2
1

Would EU exit 'stuff' the UK? Tech policy boss gets diplomatic

Tomato42
FAIL

Re: Straight banana

The UK then could officially become the Air Strip One it so desperately wants.

0
0
Tomato42
Stop

Re: “national measures” continue to entangle the single market

"They would both then have to apply to join the EU, which would require them to join the Euro, you think that the Scots would be that daft?"

where this FUD comes from?!

You don't have to join the Eurozone to join EU. Neither Czech Republic, Poland or Croata use Euro!

0
8

Amazon turns up spectacularly late to 'transparency' party, pours a large one

Tomato42
Boffin

Re: No need

just because it's not required doesn't mean it's not a good idea, even with A(EC)DH or self-signed certs

3
0

China's hackers stole files on 4 MEELLION US govt staff? Bu shi, says China

Tomato42
Boffin

if you run puppet or ansible you are aware and have catalogued every single one machine, including transient virtual ones

0
0
Tomato42
FAIL

Re: Jeez

problem is that IT is woefully underfunded and its importance underrated

we really need to change that, because a world where a bored teenager will be able to wreck half the federal agencies is not a nice one when really malicious actors start using it

the only way to fix it is to start finger pointing and demanding real solutions, not just "security audits" that achieve squat

0
0

The weapons pact threatening IT security research

Tomato42
FAIL

"Mom, I have given a friend a copy of GDB, now Interpol is looking for me as an arms dealer."

Seriously, has this agreement ever helped? Al Queida had guns from CIA, South American drug lords from FBI... It's such a massive FAIL that I have no words to describe it

25
0

We stand on the brink of global cyber war, warns encryption guru

Tomato42
IT Angle

Sony hack costing $15 million? I think they counted only the cost of cleaning ladies and detergents, not BOFHs working overtime.

2
0

Facebook farewells flaky SHA-1

Tomato42
Unhappy

Re: Trust, which trust?

it's as if users already weren't trained to click through all the cert warnings by corporate networks and home routers.

3
0

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Tomato42
Boffin

Re: The only upside I can see...

actually, most sites will get faster after switch to HTTPS as the traffic won't be inspected and analysed by everybody on the way

see https://www.httpvshttps.com/

0
3

Why voice and apps sometimes don't beat an old-fashioned knob

Tomato42
Coffee/keyboard

Re: New fashioned knob

"Puzzled Happy Face with Eye Twitch."

damn you, I'm in stitches!

1
0

Docker Hub images buggy and vulnerable, say researchers

Tomato42
Facepalm

I'm surprised that it's only 30%. I would have put this closer to 30% not being vulnerable.

Developers don't care for security, they just want their apps to work.

Icon as the whole Docker idea makes me do that.

0
0

Beware Red Hat interviews: You'll pay for coffee, lunch and fuel

Tomato42
WTF?

Re: Sounds appropriate...

@AC 28 May 2015: Last time I checked Red Hat was still paying salaries to all employees and contractors... and then releasing that work for free under OSI approved licenses...

20
0

IEEE's prescription for med-tech crowd: preventing hacks is better than a cure

Tomato42

Re: So of course they will do the reverse

you forgot to add that will also run Linux 2.2 or other as ancient OS

0
0

Microsoft: Free Windows 10 for THIEVES and PIRATES? They can GET STUFFED

Tomato42
Stop

Re: Waiting for the genuine pirated version

you missed the part where he is the paying customer, and as a paying customer he gets worse experience than a pirate

5
1
Tomato42
Linux

Re: Where's my checksum?

if you have iso md5 or sha1 sums, you can record them on read only media and then use a known good OS (this 5 year old Linux live CD will do fine) to verify it on an airgapped PC

similarly with the files, just switch the read only media to a disk with installed system behind a read-only adapter

Linux, 'cause this features come standard there

3
1

Reddit: Gonna SCRUB these TROLLS right outa my hair

Tomato42
Alien

as Chozo said, this doesn't help for canvas fingerprinting

0
1

Blocking pirate sites doesn't weaken pirates say Euroboffins

Tomato42
Facepalm

well, how about the distributors providing a site with half as much of content in a single place that I can watch on demand on any device of my choosing, without problems with stupid DRM

most of Europe doesn't even get Netflix, yet alone Netflix with the same content as in US

19
0

You have the right to be forgotten 41.3 per cent of the time says Google

Tomato42
Alien

YouTube

With search results they are precise to a single comma placement, but with YouTube they are fine to comply to all the shotgun fired DMCA takedowns, even if the claimed reason is they include barely audible music in public domain.

If you ever wondered who Google does respond to...

3
0

Enjoying the Spring? Microsoft has 13 ways to fix that

Tomato42
Devil

Bug fixes to such an old OS? ha, good one!

0
4

Relax, it's just Ubuntu 15.04. AARGH! IT'S FULL OF SYSTEMD!!!

Tomato42
Stop

Re: systemd? Do not want.

do you want a Pentium Pro with them, or those MMX extensions are too newfangled too?

3
11

Mozilla to whack HTTP sites with feature-ban stick

Tomato42
Boffin

Re: Eeejits!

"What are these few basic checks that can make a self-signed certificate trustworthy and give full confidence to all your visitors?"

Those are the same checks that regular certificates from "big names" do - check if the email comes from [email protected] or [email protected] or that you can place a file with specific content on the server. All domain validated certificates require you to have control over that only.

The certificate doesn't mean that the content is trustworthy or that the content comes from a given entity (unless it's a green-bar-enabling EV certificate). It just says that the same people that controlled the domain at some past time are the ones that are controlling the connection you are doing right now.

0
0

Zuck'ed up: Facebook opens up free internet in India – but bans HTTPS

Tomato42
Joke

Re: Data gathering and ad insertion

The mineshaft^W evilness gap!

1
0

Stubborn 'won't fix' Google U-turns on Chromecast vid judder twitching-eye blunder

Tomato42
Joke

It's snowing in hell, obviously

1
1

Good luck displacing Windows 7, Microsoft, it's still growing

Tomato42

Re: Windows 7 is popular because it is easy to pirate

Except the "given away Win 10" is actually a 1 year trial copy

5
5

DDoSsers use reflection amplification to crank up the volume to 100Gbps+

Tomato42
Facepalm

"cloud hosting"

also known as "hosting"

11
0

Google versus the EU: Sigh. You can't exploit a contestable monopoly

Tomato42
FAIL

Re: So....

Your average punter has no idea what a browser is, let alone that Google isn't "The Internet".

And I don't care about google shopping, it has always been utter garbage so I've been using different sites. The problem is that they abuse their monopoly in any way they can: YouTube users turned into G+ users, 60fps YouTube - Chrome only, 360° YouTube - Chrome only, gmail IMAP - non standard compliant, gmail POP3 non existent, offline gmail - you guessed it Chrome only. That's just few examples.

Shopping is just the tip of the iceberg.

19
19

Google pulls plug on YouTube for older iPads, iPhones, smart TVs

Tomato42
Happy

Re: The ONLY way to watch YouTube is...

either I'm watching youtubers which don't enable this kind of ads or my version of ABP does some wonders, as I literally never see ads other than the ones _maker_ of the video inserted

4
0
Tomato42
Holmes

Re: Google is pushing Apple sales

what is scary is that Stallman is basically always right, he's just sometimes proven right 10 years later, not right away

8
0

ID yourself or get NOTHING (except Framework), snarls Metasploit

Tomato42
FAIL

Morons, the lot of 'em.

...because the only technical expertise resides inside US, especially after they have offshored all jobs they could.

8
0

Virgin Media takes its time on website crypto upgrade

Tomato42
Boffin

Re: TLS 1.2 intolerant == not patched is Total rubbish

No cryptographic library in any RHEL5 release under support (including extended support channels) is TLS1.2 version intolerant.

Yes, OpenSSL in it doesn't support TLSv1.2, but clients don't have to fall back to TLSv1.0 to be able to connect.

2
0

Google chips at Amazon's Glacier with Cloud Storage Nearline

Tomato42
Thumb Down

Re: The real business model

Well, I wouldn't call it exactly cheap, terabyte of stored data will cost you $10 a month. That's $120 a year. At the same time you can buy a 1TB drive (hardly the cheapest per GB) for $65. Times 5 or 10 years (typical of long term storage) and it's going into serious money territory.

Or in other words, you can buy two drives a year for the price of same amount of Galcier storage!

For a storage that will cost you additionally to retrieve (realistically $0.10 per GB), those are exorbitant prices. It may be fine for occasional ODF, but it certainly is not for images, films, database dumps, etc..

0
0

Hey, big spender. Are you as secure as a whitebox vendor?

Tomato42
Unhappy

Re: Sticking everyithing behind a firewall sounds like a good first step but...

@P.Lee: "All you really need to do is hook it up to a serial port and the power supply switch."

That assumes you're using a real OS, not Windows. And since it's the suits that make the business plans, it has to be Windows compatible, otherwise they won't believe it is actually working unless they see the Desktop.

0
0

Silly sysadmins ADDING Heartbleed to servers

Tomato42
Trollface

Opera inc. is Norwegian company. And while they do have oil, it doesn't look like US wants to bring Freedom®™ to them just yet.

2
0
Tomato42
Thumb Up

Re: Remaining servers need extra pressure from users

well, even if it doesn't result in users complaining (they want their cat macros and want them now, those pesky warnings are just in the way), it still causes bad PR and obviour error to the _admin_ that runs the site.

1
0

Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

Tomato42
Unhappy

of course they are not vulnerable

of course most of the home routers are not vulnerable, they usually ship software that's at least 5 years old!

Remember Linux 2.6? Most routers still chug along with 2.4.

critical vulns on SOHO routers are a problem, but Heartbleed is not one of them

3
0

Torvalds rails at Linux developer: 'I'm f*cking tired of your code'

Tomato42

Re: it's no coincidence

check how many people Red Hat employs, then compare the stats "per capita"

0
0
Tomato42

using profanities makes it 100% sure that the other side will get it that you are not "just displeased" and that your comments can be just brushed aside

you don't have the luxury of verbal intonation in email context

2
0
Tomato42

Re: Mozilla

@Alan Johnson: They tortured him until he couldn't take it any more. If that isn't the definition of "basically murdered", it should be.

Don't dismiss such issues as trivial, this makes it more likely for the situation to occur again.

9
4
Tomato42

Re: coding

@Don Jefe " the entire Linux movement is being denied the commercial support it so desperately needs so that 'free' isn't the only thing the general public thinks when they hear 'Linux'. "

Red Hat, SuSE and Novell, all of them sell commercial Linux support, from the kernel up to font rendering in the browser. And those are just the three largest companies that do Linux support. There are many more.

So, what the hell are you talking about?!

26
1

iFixit boss: Apple has 'done everything it can to put repair guys out of business'

Tomato42

Re: Is resilience the flip side to repairability?

I've always used nokia phones, and each of them survived more than 3 years of use, even with the multitude of times I dropped them on floor

the only one I replaced because it broke was the one I dropped into water -- worked fine for 3 or 4 months after I dried it, but ultimately it went down

0
0

Little pink handjob: Sony's Xperia Z1 Compact

Tomato42

Re: But can I wipe it..

dunno about proper, but cyanogenmod has builds for it, we will have to wait few more months for Meamo or Sailfish, but I wouldn't hold my breath for it

0
0

Page:

Forums