* Posts by Tomato42

478 posts • joined 31 May 2011

Page:

FCC swivels to online privacy, gets bitten in the ass by net neutrality

Tomato42
Bronze badge
Boffin

and if I have a PBX in my business, no one can call my desk phone without me telling them the internal number

damn, more ways in which telephone and Internet systems are alike

0
0
Tomato42
Bronze badge
Boffin

You know what else is an old law? The constitution and its amendments.

I only see "It's the end of the world, cats and dogs living together", etc.. No explanation WHY equating IPs to telephone numbers is bad. No explanation WHY making ISPs just dumb pipes that pass packets around is bad.

So to me this looks more like a list of people being paid by the cable industry.

8
0

EU wants open science publication by 2020

Tomato42
Bronze badge
Boffin

Re: That's eminently reasonable

> Someone will have to pay for managing and hosting this data. Who will pay that bill?

you mean who pays for arxiv.org? Cornell University Library. In all honesty, hosting one such site is probably cheaper than subscribing to 2 or 3 journals in only one of the fields covered by arxiv (yes, subscriptions have outrageous prices)

27
0

Got a Fitbit? Thought you were achieving your goals? Better read this

Tomato42
Bronze badge
Trollface

Re: How to get in on these scams

Why are you talking about the Fontus? it's not in the article!

2
0

Your next server will be a box full of connected stuff, not a server

Tomato42
Bronze badge
Paris Hilton

Can somebody remind me, why exactly do we listen to Gartner?

40
0

Oculus backtracks on open software promise

Tomato42
Bronze badge
Devil

Re: Inevitable

"Exactly. Considering there are already competitive alternatives like the HTC Vive, it could be really bad for Oculus if games could be modded to run on alternate VR headset."

Yeah, that would mean direct competition and that's bad for business. If only those pesky customers didn't demand Vaseline for shafting, we would have pure profit!

4
0

SWIFT moves on security in wake of hacking attacks

Tomato42
Bronze badge
FAIL

That's what happens if you consider IT _only_ a cost centre: you get an even bigger bill at the end of the day

8
0

Zombie crypto still rules smart grids: OSGP vendors need to kill RC4

Tomato42
Bronze badge
Flame

If only they knew earlier that the RC4 may be insecure... /s

but that's IoT for you, until you beat them with a heavy rod, they won't do anything

1
0

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day

Tomato42
Bronze badge
Happy

Fla-what?

it's been so long I had it installed I forgot it exists

those were very blissful moments

1
1

Android's security patch quagmire probed by US watchdogs

Tomato42
Bronze badge

Re: sigh

EU law allows you to simply return the device after 2 years if it does not match advertised feature set or breaks down in normal use.

Some things should really have longer terms, but the basic framework is in place.

0
0
Tomato42
Bronze badge

Re: I am (perhaps naively) hopeful...

I would say that your optimism isn't completely unfounded, Tom Wheeler was quite effective up till now

1
1
Tomato42
Bronze badge
Angel

Re: sigh

To fix this we really don't need much.

The first thing is that software defects should not be excluded from warranty (that includes disclosed vulnerabilities).

Then we just need a label that clearly, in standardised manner, informs the customer:

1). how long is the warranty for all defects

2). what is the manufacturer designed expected lifetime of the device (that means, at the minimum, that replacement parts, including software, will be available)

3). what (if present) is the length of time software updates of the device will be provided

allow for paid/free options on top of that, and then there's _some_ chance that the market rights itself up

10
2

This is what a root debug backdoor in a Linux kernel looks like

Tomato42
Bronze badge
Facepalm

and that's why you should always deploy code only after it goes through upstream review and merge

but some ARM device makers still "know better"

4
1

Stop resetting your passwords, says UK govt's spy network

Tomato42
Bronze badge

Re: Too Many bad Movies

passwords are more likely to be guessed the more they are used; but it is offset very easily by making it longer

the original advice of the 30-day lifetime of a password assumed a fairly simple password (essentially a single word selected uniformly at random from greatly reduced English dictionary), double the password (use two words) and the 30 days suddenly become 80 years at the same level of security

oh, and another thing often forgot: the original advice included mandatory rate limiting on incorrect logon attempts

4
2

How 'flexible' can the UK actually be on EU data protection law?

Tomato42
Bronze badge
Joke

Flexibility?

given their ability to suck their own jingle bones, I would asses the government's ability to be flexible as "extraordinary"

0
0

Batten down the hatches! OpenSSL preps fix for high impact vuln

Tomato42
Bronze badge

Re: Oh, good, more bullshit from the Reg

It's because the fact of branding a vulnerability doesn't mean anything.

There are severe vulnerabilities which are not branded and irrelevant vulnerabilities which are (Grinch attack as an example).

By focusing on branding you simply focus on the wrong thing. You should focus on the security and vulnerability parts.

0
0
Tomato42
Bronze badge
Stop

All software has bugs. Software that is highly scrutinized will turn up a lot of bugs.

It would be far more worrying that if after Heartbleed we wouldn't be getting a semi-constant stream of security fixes for the library.

16
1

AWS outgrows its own resource numbering scheme

Tomato42
Bronze badge

Statistics

Because of the birthday paradox, if the identifiers are assigned at random (and they better be or the whole system is insecure) that after assigning about square root number of all available means you have a 50% chance every time you assign a new one to pick already selected one.

In other words, they prepare for a more modest number of about 1.69266 * 10^13 (16 trillion short scale, 16 billion long scale) tracked items.

0
0

US data suggests Windows 10 adoption in business is slowing

Tomato42
Bronze badge

any more of the malware campaign by MS for the 10 and people may really start going back to XP, as you won't get them there... security be damned ("it worked before, so why it won't work today")

26
6

Microsoft's Windows 10 nagware storms live TV weather forecast

Tomato42
Bronze badge
Facepalm

Re: That's why you should always avoid complexity

Here, have a rock, it has all your computing needs covered.

2
6
Tomato42
Bronze badge
Linux

Re: GWX Control Panel might help here

> There are reasons not to?

you may need Win 7 for the occasional application that doesn't have Linux native version or doesn't work in wine

17
1
Tomato42
Bronze badge
Stop

Re: Do what I've done

at least Linux problems don't require an army of people hunting all the updates that normal people do not want, and even with that the little buggers get through

while if you install Gnome Classic desktop, you won't see TIKFAM forced on you next restart after update

26
5

Mozilla slings Firefox patches at flaw found by GCHQ's infosec arm

Tomato42
Bronze badge
Angel

what? GCHQ donating patches to open source projects used by millions of people. US Congress unanimously voting in a bill requiring warrants for accessing email, photos and all other documents stored in cloud.

Did I wake up in an opposite world today?

6
1

MoD contractor hacked, 831 members of defence community exposed

Tomato42
Bronze badge
Trollface

"Cyber"

No wonder they were hacked to death. They are experts in "cyber hacking", while they were brought down by a garden variety "computer security" shortcomings.

0
0

Ten years in the clink, file-sharing monsters! (If UK govt gets its way)

Tomato42
Bronze badge
Facepalm

> then _also_ proving who knew what.

ah, right, because the ignorance of the law does not protect proles, but does protect the inner party

Manslaughter and paedophilia, crimes that cause real, long lasting harm to very specific people have less severe penalties than this new law.

Piracy hurts only big fish in distribution, don't even try to give me the shit that it hurts artists. Artists get peanuts from MAFIAA for their work. (not to mention that there are hundereds of artists that release their work for free - ever heard of The Martian? the ebook was released for free

so, please, have some effing perspective

3
3

Not OK, Google! FTC urged to thrust antitrust probe into Android

Tomato42
Bronze badge

Re: Consumer Watchdog...

@Michael Habel: well, they could rule that it's illegal for Google to require an "all or nothing" approach to Play store. And rule that google can't revoke a phone manufacturer access to Play store just because they released a device with CyanogenMod preinstalled.

2
1

FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that

Tomato42
Bronze badge
Big Brother

Re: WHAT Constitution?

well Oceania, pardon, USA, has always been "at war". Just look at the homicide rates, it's a literal war zone.

3
1

NYPD anti-crypto Twitter campaign goes about as well as you'd expect

Tomato42
Bronze badge
Thumb Down

@Dan 55: yes, and it's a better place than we would be otherwise.

Even though we dropped it, there still are multiple exploits related to this broken "crypto" getting, well, broken. Look up: FREAK attack, DROWN attack, in part also LOGJAM attack. All because software had support for export crypto.

5
0

Intel literally decimates workforce: 12,000 will be axed, CFO shifts to sales

Tomato42
Bronze badge

Re: Wonder what this kind of news means for AMD

Remember that AMD is selling both processors and GPUs for all the consoles.

12
0

Belgian boffins breed 'digital canaries' to test your random numbers

Tomato42
Bronze badge
Boffin

Re: Uh ... harmonic discordance here ...

I don't think the idea was to expose this numbers anywhere near end user code, and rather have two modules - one HWRNG and one verifier. This way you can have independently designed RNG and the thing thing that performs the runtime checking.

This is rather good idea, as we know how to design whitening functions that pass all statistical checks on the output while fed no entropy at all. In other words, RNGs passing statistical tests doesn't mean it's a good RNG, it just means it's not horribly broken.

9
0

Linux command line mistake 'nukes web boss'S biz'

Tomato42
Bronze badge
Facepalm

Re: It's Friday

can't believe that anyone is stupid enough to make servers _push_ data to backup servers instead of the backup server pulling the data from the server.

Not only a troll but a stupid one at that.

1
0

You won't believe this, but… nothing useful found on Farook iPhone

Tomato42
Bronze badge
Facepalm

what? no latent cyber pathogens?! inconceivable!

this whole ordeal was pathetic on USGov part...

17
1

Flying Spaghetti Monster is not God, rules mortal judge

Tomato42
Bronze badge
Angel

Re: Theological Canons

example? The whole "666" thing referred to the contemporary Caesar Nero, with many scribes knowing the "joke" better than being able to read and transcribed it "616" instead.

1
3
Tomato42
Bronze badge
Facepalm

Re: HERESY!!!!

Exactly! What next?! That the religious texts weren't written by human hands with the guidance (inspiration) of His Noodly Appendage?

Seriously, all religions were created by humans, if "being created" is the disqualifying property, I want to see Christianity and Judaism next on the table.

58
5

Look who's here to solve the Internet of Things' security nightmare – hey, it's Uncle Sam

Tomato42
Bronze badge
Unhappy

Re: Stricy liability would help

the problem is that "reasonable lifetime" for them is a year tops, after all the PHB responsible would have changed department at least twice by that time

also, the vulnerabilities should be fixed not exceeding 6 months of them getting to know about, not the public

0
0

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Tomato42
Bronze badge

Re: You learn something new every day

To be honest, Bush wasn't so bad. He was stupid, but it was the stupid we knew. It was predictable.

Trump is a complete wild card.

1
0
Tomato42
Bronze badge
FAIL

or if you have any text written in Linear A

2
0
Tomato42
Bronze badge
Facepalm

Re: If Stupidity Were a Crime

don't worry, a bill legislating that pi is equal to exactly 3 is in the pipeline, no one has the time for all this .1415... rubbish!

2
0

Euro Patent Office board to hold emergency meeting

Tomato42
Bronze badge
Facepalm

Re: Must have filled in the wrong from

EPO is not legally bound to EU in any ways

oh, and the "straight bananas law"? also untrue

0
0

How do you build a cheap iPhone? Use a lot of old parts

Tomato42
Bronze badge

Re: Media Praise

Given that all flagships (bar Sony Xperia Compacts) are phablets now, the SE form factor indeed makes it a "small" phone. Not Nokia 2330 classic small, but "smartphone small" still.

5
0

Ever wondered what the worst TV show in the world would be? Apple just commissioned it

Tomato42
Bronze badge
Unhappy

Re: yep

@Destroy All Monsters: That's some industrial-grade optimism right there. With the things are going, surviving till the second half of the century will be a serious achievement.

1
2

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Tomato42
Bronze badge
FAIL

Re: Thames

Red Hat does this little thing called "review" and "Quality Assurance" before the code goes anywhere near release process, let alone signing and publishing in repository.

As does any other half-decent Linux distribution. Hell, even Apple and Google do at least cursory review of the fart apps they ship through their package managers.

While anyone can publish anything on sites like PyPI, NPN, RubyGems... Admins/Moderators/Owners of those simply Don't Care™

5
0

Labour: We want the Snoopers' Charter because of Snowden

Tomato42
Bronze badge
Big Brother

Re: You can see what they're aiming at

@ Voland's right hand: if that ever stopped politicos

they just need to look at Hungary and Poland for "inspiration"

2
0

Docker may be the dumbest thing you do today

Tomato42
Bronze badge
Coffee/keyboard

Re: have a CoW man

"Linux decline"

you sire, owe me a keyboard, but a good laugh is what I needed this Friday

2
0

Hardcoded god-mode code found in RSA 2016 badge-scanning app

Tomato42
Bronze badge
Boffin

Re: More likely to be found out

this problem was solved years ago: don't store password in plaintext, store it after hashing; preferably something standard like scrypt or PBKDF2 with large amount of rounds

1
0

Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

Tomato42
Bronze badge
Boffin

Re: UL

because if you extend accounting auditors jobs to checking if IT procedures are followed you get Diginotar breach

electronics and software is sufficiently apart that they shouldn't be under the same certification program

0
1

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

Tomato42
Bronze badge
Trollface

Re: Beastly, Just Beastly

yeah, you go rewrite the kernel in C++, just don't be surprised you have two problems on your hand then

1
0

ICO fined cold-call firm £350k – so directors put it into liquidation

Tomato42
Bronze badge
Devil

Re: "lay down a marker"

yeah, liquefying him would show a nice precedent

no, not a typo

2
0

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes

Tomato42
Bronze badge
Boffin

Re: Oops!

*cough*CVE-2014-6321*cough*

all software is buggy, because OpenSSL is used by huge amounts of servers and is at the centre of many security systems, it is in the spotlight of all the researchers - for good reason, as it also in the spotlight of the crooks

1
0

Metel malware pops bank, triggers 15 percent swing in Russian Ruble

Tomato42
Bronze badge
Boffin

Re: Seems like banks are going to have to beef up at last

And Windows machines suffered from something even more catastrophic in TLS: CVE-2014-6321 (by some branded "Winshock")

Linux may or may not have less security-critical bugs than Windows.

But applications on Linux definitely have access (and more often than not, actually use) many more technologies for limiting the damage from those bugs; SELinux, ASLR, FORTIFY_SOURCE, stack protector, and so on.

5
2

Page:

Forums