Feeds

* Posts by Jamie Jones

1471 posts • joined 14 Jun 2007

A first-world problem solved: Panoramic selfies, thanks to Huawei's Ascend P7

Jamie Jones
Silver badge

Re: Truisms Spoken Aloud

Firstly, moron, I apologise, as the content of your post clearly shows that you are somewhat lacking in the neurons department (which may explain your anger issues), so I shouldn't really respond to your rant (which rather ironically, shows clear language comprehension issues).

With that out of the way, and leaving aside why you would get hostile at a light-hearted reply you basically baited with your original post, I'll start with reminding you what you originally said:

"What's with adding the "U" in color? Why do you misplace the second "E" in center?"

I suggest you read up on history. American Noah Webster deliberately *removed* the "U" and misplaced the E" - the arrogance suggesting they were our deviations and not yours.... The language is called "English" not American"

And why are you wittering about Canadians - Canadians spell the same way as us, so the point you make about them mainly being of Sottish or English decent, is at best irrelevant.

Here's something about the influence Spanish had on American spelling deviations: http://html.rincondelvago.com/american-english_general-historical-background.html

In future, I suggest doing some research before posting, as you've just shown yourself to be the very dip-shit you accused me of being.

HAVE A NICE DAY

HOPE TO HAVE HELPED

XOXOXOXOXOXOXOXO

0
1
Jamie Jones
Silver badge
Happy

Re: Truisms Spoken Aloud

"What's with adding the "U" in color? Why do you misplace the second "E" in center?"

You do realise that the only reason you deviated in the above 2 ways is down to the Spanish influence on yous? :-)

0
0
Jamie Jones
Silver badge
Facepalm

Re: Truisms Spoken Aloud

I know it's wrong, but I keep reading it as sounding the same as Hawaii

0
0

Mae Microsoft yn addysgu Swyddfa, Bing, siarad Cymraeg*

Jamie Jones
Silver badge

Re: The Competition

Google wins on 'i' but loses on 'yn' !

0
0
Jamie Jones
Silver badge

Re: Can't leave it alone

Indeed.

Whilst 'popty' (not 'popety' as some people think) is Welsh for 'oven', 'popty ping' is slang at best!

0
0
Jamie Jones
Silver badge
Thumb Up

Re: The actual translation

I was going to post the missing 'i' / 'to', but you beat me too it!

0
0

US broadband providers holding last-mile traffic ransom, ISP alleges

Jamie Jones
Silver badge
Happy

Re: Canada quashed this balloney ...

"Am I going senile or did you move from Vietnam?"

haha yeah! Good catch!

0
0
Jamie Jones
Silver badge

Re: I'm confused

Fatter pipes == more money for the transits?

0
0

Slow IPv6 adoption is a GOOD THING as IETF plans privacy boost

Jamie Jones
Silver badge

Won't someone think of the routers?

"Moreover, since there's a to-most-intents-and-purposes-inexhaustible supply of IPv6 addresses, your device can have the same address forever, regardless of which network it's connected to"

Ummm. Nope. Portable IP addresses for hosts is not the same as portable IP blocks with AS assignations

0
0
Jamie Jones
Silver badge

Re: NAT has to go, no..

Brilliant idea *thumbs up* (Icons don't work from this phone)

0
0

Solaris deposed as US drone-ware, replaced by Linux administration

Jamie Jones
Silver badge

Re: My worry is the admins

Obvious troll is... Etc.

6
0

Cold War spy aircraft CRASHED Los Angeles' air traffic control

Jamie Jones
Silver badge

Re: Shutting down because things get too hard?

"Sorry, I hope you were both OK after that, but that made me LOL."

:-) Yeah, a slightly dented wing and a few stones knocked from the wall were the only casualties (apart from her pride!)

It's funny - this happened about 25 years ago (showing my age!) and I haven't thought about it in years, but this story triggered the memory of someone/something throwing everything in the air and shouting "I want to stop!"

1
0
Jamie Jones
Silver badge
FAIL

Shutting down because things get too hard?

Reading this, I was reminded of the first time I gave my sister a 'driving lesson' in the front driveway.

So she wouldn't stall, I had her over-revving the engine before slowly releasing the clutch.

However, as soon as the car started to move, she lifted both feet up, held her hands in the air, and screamed "I want to stop". However, due to the high revs, the car didn't stall, but jumped forward until hitting a nearby wall.

It seems that this system had a similar panic attack. But you'd expect it to react better than a 16 year old kid who's only real worry was what my dad would say when he saw the car (and the wall!)

2
0

Symantec: Antivirus is 'DEAD' – no longer 'a moneymaker'

Jamie Jones
Silver badge

Re: The truth from the greatest liar?

To be fair to Ratner, he was attempting an (ill-advised) joke

0
0

The amazing .uk domain: Less .co and loads more whalesong

Jamie Jones
Silver badge

Re: .uk vs .gb

.gb used to be used for x400 stuff, and some MOD sites.

.gb is still assigned to JANET, but I think the only active domain now is dra.hmg.gb

0
0

Nominet boss quits after rough patch at helm of dot-UK registry

Jamie Jones
Silver badge

I don't understand..

"In the past year, it has battled with domain name registrars who failed to halt, or at least freeze, Oxford-based Nominet's unpopular second-level namespaces plan."

Huh?

Why did they battle with registrars who failed to halt something they planned?

0
0

Obama: I'm the CTRL-ALT-DEL President

Jamie Jones
Silver badge
Happy

Re: Anyone can be president

"We can all be president one day"

I can't. I'm not American (unless you include 'President of the EU' in that statement)

Strange rule, that one. It's almost like you don't trust your own selection/voting system, or even us 'forriners'... Oh...wait...

1
0

Boffins tag Android app privacy fails

Jamie Jones
Silver badge
Thumb Up

Re: Why do you put up with so much BS?

"Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. "

I'm similar, but not quite as much of a stuckist :-)

I love my android tablet, but there is a maintenance requirement that I have no desire to deal with on my phone.

My phone is an old symbian Nokia E63 which I don't intend to replace until it dies (at which point I'll be looking for another E63)

P.S. The E63 has ssh/putty, a camera, and a decent web browser by the still supported UC browser.

Not bad for a phone that came from 'the back of my brothers sock draw', and costs 2p per text, 3p per min voice, 1p a meg data (with 300mb free for a month when you top up £5) and no monthly fees!

0
0

HALF of London has outdated Wi-Fi security, says roving World of War, er, BIKER

Jamie Jones
Silver badge
Pint

Re: Why a large battery?

2 days cycling across London? Rather you than me!

You deserve a pint (or 3) for that!

3
1
Jamie Jones
Silver badge
Thumb Up

Re: re: Had to downgrade security as the TV supports WEP!

"Everything else goes over WEP2."

WPA2 you mean :-)

[ That maybe the reason for the downvote, but it wasn't from me! ]

1
0
Jamie Jones
Silver badge

....and trust a 3rd party VPN?

Even if they are totally honest, I know where I'd concentrate efforts if I was a spy agency...

1
0

You'll hate Google's experimental Chrome UI, but so will phishers

Jamie Jones
Silver badge
Trollface

You'll hate El Regs' "buzzfeed-style" article headlines

That is all.

0
0

Google forges a Silver bullet for Android, aims it at Samsung's heart

Jamie Jones
Silver badge
Coat

Re: Absolutely

"I have a Galaxy SII just like my daughter. "

Well, the Galaxy doesn't look much like a human, so I assume your daughter looks like a phone?

8
0

DreamWorks CEO: Movie downloaders should pay by screen size

Jamie Jones
Silver badge
WTF?

Re: Stupid

Errrrr, am I the only one here who assumed that he actually means resolution?

He was talking to a non-technical audience.

I assumed El'Regs comment about DRM etc. was based on errornously taking his words literally

5
0

US judge: Our digital search warrants apply ANYWHERE

Jamie Jones
Silver badge

Re: Arse

You've basically described Freenet, which is a sortof p2p cloud storage based on file hashes...

From: http://en.wikipedia.org/wiki/Freenet:

Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to store information, and has a suite of free software for working with this data store.

Freenet works by storing small encrypted snippets of content distributed on the computers of its users and connecting only through intermediate computers which pass on requests for content and sending them back without knowing the contents of the full file, similar to how routers on the Internet route packets without knowing anything about files—except with caching, a layer of strong encryption, and without reliance on centralized structures. This allows users to publish anonymously or retrieve various kinds of information.

https://freenetproject.org/

1
0

That's right, MICROSOFT is an ANDROID vendor after Nokia gobble

Jamie Jones
Silver badge
Thumb Up

Re: history is always repeated.

"Yes, but it was UNIX - Solaris, IIRC, not Linux. "

I wondered if anyone would mention that.

From what I gather, Sun Solaris run the backend mailservers and storage, whilst FreeBSD/apache the front end web servers and cgi's

1
0

Microsoft: The MORE Surfaces it sells, the MORE money it loses

Jamie Jones
Silver badge
Thumb Up

Re: Why bother with new stuff?

Have a thumbs-up from the FreeBSD camp!

3
1

Bevy of tech behemoths aim to plug the next Heartbleed with DOLLARS

Jamie Jones
Silver badge

"Linux foundation"

I realise this post will be unpopular with the GPL cultists here, but whatever.

I'm actually not trolling - I just hope there is no pressure on non-GPL projects to switch to GPL, or indeed, any bias towards GPL licensed projects.

Downvotes from people that think GPL is the solution to everything in 3..2..1...

2
0
Jamie Jones
Silver badge
Thumb Up

Re: How often has throwing money at bad software worked?

"mixing tab and space characters for indentation should be illegal)"

"+1" this!

I hate TABS

1
0

Spy back doors? That would be suicide, says Huawei

Jamie Jones
Silver badge
Facepalm

No security issues?

Broadly, we have an impeccable track record with 500 telcos in 150 countries. There's never been a security issue of any kind,” Sykes told journalists. “We wouldn't be a $40bn company today if were not good at building secure networks"

I generally think that Huawei gets political FUD thrown at them, but the above is clearly incorrect.

If you have one of their wi-fi devices, anyone can grab the wifi password without needing to go through authorisation.

http://www.securityfocus.com/archive/1/531368

0
0

OpenBSD founder wants to bin buggy OpenSSL library, launches fork

Jamie Jones
Silver badge

Re: C - the leech theraphy of coding. It will never go away!

As for heartbleed:

". buffer overruns would be a thing of the past as the overrun space would be empty."

Do we know for sure that the buffer read overran into freed memory, and not just some other data structures that were still in use?

Even if so in this case, the malloc proposals aren't a silver bullet for all overruns

0
0
Jamie Jones
Silver badge
Boffin

Re: Right, so ...

"For starters they'll probably make it work with the system malloc instead of OpenSSL's brain dead memory allocator:"

I knpw you're not implying it, but as many people believe it to be so, it's worth reminding that the hearbleed bug has nothing to do with malloc, nor memory management in general.

Also, the OPENSSL_malloc function ends up calling system malloc, but as you infer, this point is moot if they use other mechanisms to manipulate their malloced memory block in user space.

0
0

Och aye! It's the Loch Ness Monster – but only Apple fanbois can see it

Jamie Jones
Silver badge
Facepalm

"Gary Campbell of the Official Loch Ness Monster Club."

So how did his 'club' become official?

Does he know Nessies agent or something?

1
0

Akamai scoffs humble pie: Heartbleed defence crumbles, new SSL keys for customers

Jamie Jones
Silver badge
Happy

Re: Er, why?

"It's not obvious that they knew of this specific bug - developers were already concerned that OpenSSL's own "secret malloc sauce" was dangerous. Here's OpenSSH's Theo de Raadt gently remonstrating..."

Arrrrrghhh!

How many times do I need to repeat myself?

To summarise:

This bug is a buffer over-read.

Nothing to do with malloc.

No malloc/calloc/jemalloc/magic-pixies-malloc would have helped.

Yeah, guard pages and canaries could help, but as it stands, so long as the memory being overflowed to still belongs to the process, there won't be any sigsev crash.

0
0

Heartbleed exploit, inoculation, both released

Jamie Jones
Silver badge
Pint

Re: @Paul

After reading your posts, I spent a few hours going over the code again, and google, before replying.

I''m no C expert - definitely no crypto expert, but I would have to say it shows that the code is written by mathematicians rather than programmers! - loads of labels and pointers to pointers to functions and bleugh!

They even comment-out code using #ifdef 0 . Ugh

"If they are really using a stack-based source then electric fence would not have caught it, but I would have hoped some of the code profiling tools would have thrown up a warning about the copy size being potentially bigger than the buffer."

There was an interesting post (http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html) from one of the Coverity people on why they missed it, and in a linked followup post, how they've now altered their product to find such errors in future, though to me, it look like their solution is a bit of a kludge, potenially producing false positives (I'm probably wrong, but t seems to me that they are keying on a very weird scenario, not necessarily an illegal one - though I'm probably wrong! - or maybe that's how these programs generally work anyway... I don't know!)

Anyway, I agree with all your comments in general, but am curious - is there really any 'live' malloc that doesn't return a pointer to cleared/scrubbed memory? I know the spec says the contents are undefined, but surely it would be a security risk ( I suppose that a malloc optimized to not bother scrubbing memory returned to the same UID or even just process wouldn't be a hole in itself, but even that would make it easier to exploit bugyy software (especially servers))

Anyway it's a lovely day, so Im going outside. Have a cold beer on me!

0
0
Jamie Jones
Silver badge

Re: @Michael Wojcik

2 errors in the comments in this thread:

"They use their own malloc"

No. If you follow the spaghetti trail that is the source code, you'll see that their "malloc wrapper" is simply a call to the system malloc.

"This wouldn't have happened if they used calloc"

Yes it would. Try it yourself!

This bug has nothing to do with memory allocation. It seems many people think that the buffer is malloced to the 64k by virtue of the attacking packet, but only the much smaller payload is copied into the buffer, exposing the rest of the buffer as malloced but stale data.

THIS ISN'T THE CASE!

Besides, any sane malloc on a multi-user system would clear/randomize the returned buffer.

What is happening is that 64K of data is being copied into a 64kb buffer, from a char * buffer that contains the much smaller data sent by the attacker, hence overfilling the buffer with other variable data on the stack.

It can be simplified to:

char retbuf[65535];

char sentbuf[1];

strcpy (retbuf, 65535, sentbuf);

I.e. it's read-overflow (or 'buffer overflow' by reading rather than writing) - nothing to do with the memory allocation!

1
0
Jamie Jones
Silver badge
Facepalm

Re: **facepalm**

"You are aware that there are IDS rules to detect large-packet TLS responses specifically to spot Heartbleed then? No? Oh..."

Hmmmm, so you're saying the attack will be caught on those servers which have updated IDS rules, but not patched servers?

In other words, any update made to explicitly stop/catch heartbleed is irrelevent when talking about attacks against heartbleed!

0
0
Jamie Jones
Silver badge

Re: this could be exploited in just 4 bytes

"The 4 byte example was enough to show it would work, not enough to have any chance of stealing useful data."

Nah... 4 bytes is all that is needed - in fact, any more would be less effective, as you'd be 'overwriting' the out-of-bounds data you'll be getting back!

Note, this is the request data we are talking about. Many such small requests receiving 64Kb replies may be detected, though.

0
0

Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

Jamie Jones
Silver badge
Boffin

Re: Selfies can be good.

"So we dutifully used proper ones. Whereas the old self-signed could be replaced instantly. Hence paradoxically our users were more secure with selfies."

Also, don't forget that with a 'selfie' there is no third party chain of trust above you that could be hacked/pwned by gchq/nsa/blackhat etc.

0
0

Canadian taxman says hundreds pierced by Heartbleed SSL skewer

Jamie Jones
Silver badge

Re: This is nonsense...

Um. My apache servers record both the data size of the request, and the response.

If they have something like that, wouldn't checking the logs for repeated large requests that go nowhere imply they were being heatbled?

1
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

Jamie Jones
Silver badge

Re: "Google's Android 4.1.1 is vulnerable"

"Yes the library inplementing the protocol has a flaw and there is a vulnerability, but the consequences to humanity at large of unsuspecting clients connecting to malicious servers (servers which will still be expected to present a valid SSL certificate) are rather than less serious than those from malicious clients connecting to unsuspecting servers."

Ummm, I don't think anyone has said the problems for clients are just as serious, however you don't seem to understand the situation.

Are you saying you only ever visit google and your banks websites? Or maybe you use the lesser-known plugin "httpsNoWhere"?

Any site you visit could have malicious code - even a non-https site could have embedded https stuff (with a valid certificate too - that's not relevant)

So, you are basically trusting the honesty *and* security of every site you vvisit, and every third party ad company/image broker/js-library provider they use.

2
1

Running OpenSSL? Patch now to fix CRITICAL bug

Jamie Jones
Silver badge
Happy

Re: Isn't it ironic...

"Oh, and Jamie Jones: There is nothing wrong with Alanis Morissette's understanding of irony; armchair pedants who think there is clearly don't know what irony is."

Now, that's ironic!

I'm not implying that any old random URL posed is somehow authoritive, but this one is accurate:

http://fgk.hanau.net/articles/ironic.html"

0
1
Jamie Jones
Silver badge

Re: Isn't it ironic...

Huh?

Either I've missed something, or you're from the Alanis Morissette school of irony.....

5
0

Cheat Win XP DEATH: Little-known tool to save you from the XPocalypse

Jamie Jones
Silver badge
Facepalm

Re: Danger Will Robinson

"Hyperthetically"

Thank-you fellow commentards for not commenting on that abomination of a brain-fart (honestly!)

1
0
Jamie Jones
Silver badge
Pint

Re: Danger Will Robinson

Bollox.

Hyperthetically, if I have a valid license for XP that is no longer in use, I'm perfectly entitled to transfer it to another installation if it's a transfer and not a copy.

Why do people still think EULAs are above the law?

Adding to that, breaking a contract doesn't automatically mean you are breaking the law anyway.

17
0

Google-funded boffins figure out age-busting facial prediction system

Jamie Jones
Silver badge
Thumb Up

"It would be alot more convincing if they showed unfudged output images side-by-side with the real pictures. Photoshopping them into the real pictures ruins the credibility in my opinion."

I agree.

At first I though this amazing algorithm could also predict the way they stood and even the type and colour of clothes they wore!

0
0

Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat

Jamie Jones
Silver badge
FAIL

Re: Who Still Uses Malloc?

Any sane OS (basically all multiuser systems) already zero freshly malloced memory, otherwise it would be a trivial method of exteacting memory information the user wouldn't normally be privileged to do so.

This bug is nothing to do with malloc - it's a basic overflow - the data returned is bigger than the allocated size, thus returning other parts of the processes memory/variables.

So even using calloc throughout would have made no difference here.

Please check before posting that you are secure on that high-horse of yours! :-)

1
0

Tesla in 'Ethernet port carries data' SCANDAL

Jamie Jones
Silver badge
Facepalm

Re: "Because ethernet and wireless are the same."

someone could plug in an ethernet wireless adaptor in and mess up my sat-nav?

How on earth can we survive this, when all we had to worry about before was brakes lines being cut, sugar in the petrol, a banana up the exhaust pipe etc..

Sigh, if someone drives into oncoming traffic or off a cliff due to satnav issues, they shouldn't be on the road!

1
0

Torvalds rails at Linux developer: 'I'm f*cking tired of your code'

Jamie Jones
Silver badge

Re: coding

"Dismissing someone who is leading the biggest and most important software project in existence based on "he used naughty words mummy". Grow the fuck up."

Your obvious bias shows with that comment, but leaving that aside, I'd say Obama is a more important person as a leader oof something, and I'm sure you wouldn't expect him to behave the same way.

1
3

In three hours, Microsoft gave the Windows-verse everything it needed

Jamie Jones
Silver badge

Re: Too Little Too Late

"The world has moved on from Microsoft's proprietary API's to FOSS solutions like Android, ChromeOS, Ubuntu, and SteamOS. "

Hmmmmm, another one who thinks FOSS == Linux/GNU

Your use of the 'fanboi-alert' penguin icon was a clue!

5
1