Feeds

* Posts by Kevin McMurtrie

693 posts • joined 15 Jun 2007

Page:

Oracle rushes out patch for critical 0-day Java exploit

Kevin McMurtrie
Bronze badge

Not servers?

One feature of Enterprise Edition Java web servers is multiple contexts. This is where multiple applications can run on a single server and JVM process but in complete isolation. The advantage of this is greatly increased memory efficiency and simplified management. The disadvantage is increased complexity and the need for a Java Security Manager. From what I've read in the exploit sample code, servers running multiple contexts are vulnerable. Specifically, the big Enterprise Edition servers that big companies pay Oracle support for. A JSP file should be able to execute code outside of its context the same way an applet would. Distributed/Cloud computing servers that execute sandboxed tasks from JAR file may be at risk as well.

0
0

Oracle knew about critical Java flaws since April

Kevin McMurtrie
Bronze badge
FAIL

Re: Different Java editions

It's about escaping the security layer by having trusted JVM classes run your code in their environment. Normal Java applications have no security layer or any need for it. The security layer is critical for auto-loading applets and multi-application web servers, though. Not only are web surfers at risk, but also the big corps funding Oracle's paychecks with those bloated multi-function Java Enterprise Edition server deployments. This hole means that almost any employee can hijack a corporate Java web server and the web server's role with a little malicious JSP code. (Smarter businesses running single function servers with no security layer have nothing to fear here.)

2
0

Court confirms $675,000 fine for sharing 30 songs

Kevin McMurtrie
Bronze badge
Mushroom

$22,500 per track

I bet a lot of musicians wish they were getting paid that $22,500 for each track that Sony takes from them.

4
0

Scribe's mobe, MacBook pwned after hacker 'fast-talked Apple support'

Kevin McMurtrie
Bronze badge

It makes rain so it must be a...

Apple, Microsoft, and Amazon are data centers. They are not a cloud. The cloud is when your computer has full access to the systems of your choice. The cloud would be you, your family, and a few friends having online storage in their homes that you share with each other. There's nothing technically new or difficult about software to aggregate multiple systems into one robust virtual device. The problem is that ISPs have money making monopolies/duopolies that must be protected with tight customer usage controls. You don't get a static IP address, you aren't allowed to run servers, and anything that doesn't make the ISP money gets throttled. As long as ISPs don't allow it, nobody is going to create the software for it either.

2
3

Zynga plays BLAME GAME with Facebook as stock tanks 40%

Kevin McMurtrie
Bronze badge
WTF?

Moooo

$332m doesn't pay costs of operating online games?! Either they haven't realized that they can simulate the game in computers without using actual farmland, or somebody is pocketing a lot of money.

1
0

Mac malware Crisis as Apple lets slip its Mountain Lion

Kevin McMurtrie
Bronze badge
Facepalm

Re: Java VM = malware portal

Applications have no security except for those placed on the current user. That goes for Java, Scala, Applescript, C, C++, Objective-C, PHP, Ruby, Bash, and everything else. Be happy that the viruses aren't being hand-coded in lean and mean x86-64 yet.

As for Java's speed - it depends on the quality of the code. Anti-aliased image rendering runs in Java just as well as C if given the same level of optimizations.

0
0
Kevin McMurtrie
Bronze badge
FAIL

Playing in the shadows

Apple assumes their users are dumb so they have come up with various ways to hide and disguise important files from casual access. Bundles make directories sometimes appear to be files. A shocking amount of critical data is placed into hidden directories starting with a period. 10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view. These areas are normal user directories so any application written in any language has permission to alter them. Essentially, Apple has gifted malware with big play areas without the assumedly dumb users being able to easily spot them.

4
3

Ten... dual-band wireless routers

Kevin McMurtrie
Bronze badge
FAIL

Sync today, gone tomorrow

The #1 problem that I've had with access points is that they aren't reliable. A quick check of online reviews shows that I'm not the only one having this problem.

I had purchased and returned more access points than I can remember before I found one that could run for a week. Most of them started malfunctioning immediately or lacked features that were right on the box. Some good testing points are: Does the router survive many hits to bloated web pages, can devices remain continuously connected without WPA glitches, are broadcast packets reliable, and are the features on the box actually implemented. Now try that again after being on for a week.

It's also weird that this review complains about a brand of AP missing features when the reviewer has explicitly chosen a model missing those features.

0
0

Exploit posted for vulnerable F5 kit

Kevin McMurtrie
Bronze badge

In the wild

The code is a testing tool unrelated to the exploit being out in the wild. The advisory shows the exact nature of the problem and gives the single private key used for root login. Copy & paste it into any SSH client and you're good to go.

This is a pretty amazing vulnerability, that the installation guide would not disclose a default root login that needs to be changed.

0
0

Menaced cartoonist raises $60,000 for copywrong

Kevin McMurtrie
Bronze badge
Thumb Down

Let's play DMCA

I don't know if the DMCA was involved but there were takedowns:

http://theoatmeal.com/blog/funnyjunk

The DMCA is a game, not a tool. Infringers will take down the offending content but create an environment where it instantly and legally re-appears. YouTube mastered this abuse as much as the RIAA and MPAA mastered their own abuses.

19
0

Apple introduces 'next generation' MacBook Pro with retina display

Kevin McMurtrie
Bronze badge

Ethernot

Needing to carry a separate Ethernet adaptor makes the laptop considerably less portable. WiFi is great for surfing the web and checking e-mail but it's crap for getting work done.

5
2

Samsung 'to launch Galaxy S III in US', snubs Apple's ban bid

Kevin McMurtrie
Bronze badge
Thumb Down

The [Apple/Samsung] is better than the [Samsung/Apple] you own now

Does Apple or Samsung actually have any worthwhile upgrades to release? It seems to me that they both released half-assed products last year and have both decided to move on rather than help their ailing customers. It's like the American political system where we forever alternate between two parties, thinking that we're teaching one a lesson by electing the other. The SIII and iPhone 5 aren't worthy of so many news articles.

1
0

Missed the Venus solar flyby? It's only 105 years to the next one

Kevin McMurtrie
Bronze badge
Trollface

███• • • • • • •███

Cool, but that video is over the top. I expect many Venus flyby parody videos to follow.

0
0

Who needs Spotify? Samsung launches Music Hub

Kevin McMurtrie
Bronze badge
FAIL

ø (No Service)

This is great. I've always wanted to replace my reliable 32GB SD card with intermittent playback from an overloaded cell tower while paying a monthly fee.

8
0

Smoke-belching flash drive self-destructs on command

Kevin McMurtrie
Bronze badge
Trollface

Re: It's fake

I think the data can be restored using Photoshop's healing tool.

1
0

Samsung Galaxy S III: A Swiss army knife of wireless tech

Kevin McMurtrie
Bronze badge

...an IQ of 6000. The same IQ as 6000 PE teachers.

95% of the power goes to 'Android OS' even after a factory wipe. Samsung's SII firmware is buggy as hell - GPS rarely works, 3G doesn't work near other 3G phones, can't maintain 4G, phone spontaneously gets hot in weak reception areas, buggy sound drivers, and rapid battery drain. Samsung's fix for this mess is to release a new phone. People will buy the new phone thinking it will free them from the problems with their old phone. I have my doubts.

0
2
Kevin McMurtrie
Bronze badge
Trollface

Wireless Charging Kit

My Galaxy SII powers off from a dead battery in 25 hours when it's lying on a table or 4-8 hours when it's moving in any way. Perhaps the SIII wireless charging feature is absorbing all the power radiated from nearby SII phones.

1
0

Megan Fox fingers fondleslab in sexy store promo

Kevin McMurtrie
Bronze badge
Happy

You're probably wondering where to find the other pics...

http://www.reghardware.com/2008/10/02/eee_girl_saga_continues/

1
0

Revealed: Inside super-soaraway Pinterest's virtual data centre

Kevin McMurtrie
Bronze badge

Re: what on earth...

It's distributing rows of a standard relational database across many databases. You still have relational data but the relationships have a limited spans that always fit within one database. It's a solution when you have very complex customer data requiring transactions but at the same time have little customer-to-customer interaction.

0
0

Microsoft squashes Hotmail password hijack bug

Kevin McMurtrie
Bronze badge
Windows

Too late

These hacked Hotmail accounts are being used to create spam for sleazy web sites. It's unflattering and non-stop so my guess is that its not spam, but a vengeful attempt to create a flood of complaints against the advertised web sites. Whatever it is, I had to blacklist Microsoft's 65.52.0.0/14 this morning.

1
1

Ghost of HTML5 future: Web browser botnets

Kevin McMurtrie
Bronze badge
WTF?

WebSocket

A WebSocket is not a naked socket, but a protocol upgrade of an existing HTTP stream coordinated by both the client and server together. The JavaScript side can not open an arbitrary socket or speak an arbitrary protocol over it. Recent exploits have centered around using WebSockets as another form of HTTP header injection, which requires help from external brokenware.

3
0

Microsoft unveils paid SkyDrive options

Kevin McMurtrie
Bronze badge

Draindrop

You can put 64GB on a phone's microSD card so using the cloud instead seems tedious. I find online storage useful for the file that I didn't expect that I'd need - a tiny file out of terabytes of files. Right now that's easy to accomplish with a home server but nearly impossible with cloud storage.

0
0

'I'm no visionary': Torvalds up for $1.3m life-changing gong

Kevin McMurtrie
Bronze badge

Git out

Ask the world what they want a source control system to do, make a big feature list, and keep cramming features into your source control system until everything in that big list is checked off. That's Git. Git has such a rich feature set that it will take you months of experience to chose the right feature for a simple task and years of experience for a complex task. Merging conflicting lines in a file is not enough, as you must merge another dimension of conflicts in the file's evolutionary history as well. Your experience in the first few months of Git will be streamlining the process deleting your local repository, fetching a fresh copy, and merging a backup of your work on top of it after a failed attempt to resolve conflicts. After years of training you will become an enlightened Master who swears by the virtues of Git and sees SVN and Perforce as toys. Or you will smash your computer, quit your job, and find a less frustrating place to work. Probably the latter.

4
1

Fusion-io shoves OS aside, lets apps drill straight into flash

Kevin McMurtrie
Bronze badge
Thumb Down

Re: I would be more impressed...

This is what I've assumed makes the most sense too. Specialized APIs are scary because they have unpredictable behavior, complexity, slow bug resolution, and tech lock-in. Have 128GB SDRAM and 20TB Flash as swap. Now the apps can do what they need to do and let the OS worry about the most efficient way to handle memory. Flash card makers can make their money selling highly optimized virtual memory implementations.

1
0

RIP Ceefax: Digital switchover kills off last teletext service

Kevin McMurtrie
Bronze badge

More bandwidth

DTV has huge amounts of spare bandwidth compared to analog TV. It's odd that there's no UK replacement.

In the US, it's common to multiplex low bitrate audio and video subchannels into the broadcast. They're usually weather, news highlights, international satellite feeds, and such. KAXT-CA is notable for being nothing but 20 of those streams.

0
0

Nokia drops Lumia 900 price to $0 in response to bug outrage

Kevin McMurtrie
Bronze badge
Facepalm

Wow

The Samsung Galaxy SII sold by Sprint has been plagued with problems that kill the cellular and GPS radios, and they both act as if that's normal. I should have bought a Nokia.

5
1

Mac Java hole exploited by wild Flashback Trojan strain

Kevin McMurtrie
Bronze badge
Thumb Down

Re: java such a turd

Actually, Java is a very nice development language. It's the applet environment that's a turd. You can disable applets that aren't signed by a trusted source using the "Java Preferences.app" in your MacOS utilities folder.

0
0

Microsoft tarts up custom Mustang Muscle Microserfmobile

Kevin McMurtrie
Bronze badge
Coat

Under the covers

I heard that the live axle still runs DOS.

3
0

Spider venom to be tested for pesticide potential

Kevin McMurtrie
Bronze badge
FAIL

Spider resistance

Spraying fields is what gives insects their resistance. Areas receiving partial doses breed insects having the most natural resistance. No such thing happens with actual spiders. Regardless of whether the victim is killed or stunned by the venom, step two is fatal mummification. Imagine what would happen to pest populations if spraying spider venom renders spiders harmless.

10
0

Mobile phones cause ADHD in rodents

Kevin McMurtrie
Bronze badge
Boffin

Hz of Ghz

I doubt the transmission frequency matters much because it's way beyond what a cell can directly interpret. What I would expect to matter is the packet rate, which is in the milliseconds range. A constant transmission may do nothing more than slightly alter some chemical thresholds in some insignificant manner. Modulating the transmission with a low frequency could modulate those thresholds in a way that generates biologically significant signals. It's similar to how a cellphone makes an audio amplifier buzz. The audio amp's semiconductors have an operating limit around 30 to 200 MHz but the higher cellular signal can slightly alter characteristics. A constant 900GHz signal would do nothing but a modulated one can produce the familiar buzz.

0
0

Nanocapacitor slab to boost car batteries

Kevin McMurtrie
Bronze badge

One billion dollars

If you try to buy prototype capacitors from CAP-XX, you'll find that they're tiny surface mount components. 2.4F; 2.75V; ESR - 26 mΩ; 39.00mm x 17.00mm x 1.85mm; -40°C to +85°C, $16.25 USD. Those are great specifications, but the price is crazy. BTW, 1990 posted to a BBS that it wants its video back.

0
0

SECRET of the flashing Amazon jungle Drobo EXPLAINED

Kevin McMurtrie
Bronze badge

Will SSDs come to desktop Drobos?

Desktop Drobos are much slower than the spinning disks inside them. The only reason to put SSDs in them would be to lower your electric bill. Automatic cloud backup would be very nice.

1
0

Java won't curl up and die like Cobol, insists Oracle

Kevin McMurtrie
Bronze badge
FAIL

No primitives?

The advantage that Java has over scripting languages is exactly the primitives. It's missing C's unsigned math and bulk structure allocations, but data crunching generally compiles into something efficient. It can do multithreaded image rendering and compression, resample data, and it can pack binary data streams into dense indexed structures. You're free to ignore the decade of bloated libraries created by Apache, Sun, and Oracle when performance matters more than simplicity. Eliminate the primitives and one might as well go to PHP, Ruby, Python, etc. that sacrifice performance for superior simplicity.

2
0

LOHAN is heading towards REHAB

Kevin McMurtrie
Bronze badge
Joke

Maintain thrust, blow its load early, or fall flaccid

There's no air filling the gaps and defects in the rocket that would otherwise slow and cool hot exhaust gasses, so it could explode. There's also less maintained exhaust gas pressure against the propellent so it could fizzle. Either way,wear goggles and be prepared to tell the rocket that it could happen to anyone.

0
0

41-megapixel MONSTER mobe shutters Nokia knockers

Kevin McMurtrie
Bronze badge
Thumb Down

Marketing in charge

According to Nokia's whitepaper on the technology, there are 41M low quality pixels that are normally downsampled to produce about 5M high quality pixels. It says that the downsampling is reduced to perform digital zoom with fewer losses than you'd get with upsampling.

The camera used for Nokia's 41 Mpix sample pictures has hot pixels and other pre-prouduction defects that show up as 3x3 pixels. I can also find no high frequency details that wouldn't be created by an upsampling algorithm. Something's not right. I suspect that Nokia's Marketing department demanded that the 5 Mpix images be upsampled back to 41 Mpix images.

Overall the images are nothing special for a modern cellphone. They suffer from the usual defects caused by a tiny lens, a tiny sensor, and a body with little angular momentum.

2
3

Anti-phishing DMARC adoption gathers (free) steam

Kevin McMurtrie
Bronze badge
FAIL

Check that invitation list

abuse@google.com, abuse@gmail.com, groups-abuse@google.com, and abuse@yahoo.com don't seem to function. Fixing that would be a huge step towards eliminating spam floods and phishing.

0
0

Feds apply for DNSChanger safety net extension

Kevin McMurtrie
Bronze badge
Terminator

Kill them

March 8th should be payback for all the damage that unmaintained computers are doing. Buy a computer that you can maintain or don't plug it in to the rest of the world.

4
0

New Mac OS X: Mountain Lion roars at unauthorised apps

Kevin McMurtrie
Bronze badge
Thumb Down

Don't want a MacPad Pro

Mobile devices are useful but I need a desktop/laptop when to get serious work done. I want it faster, more powerful, more elegant, and capable of running more applications. 10.7 was a step backwards in a work environment because it lost performance and common tasks (find/replace, mail and calendar integration, saving/discarding changes, etc.) lost their elegance. If Tweeting and an App store is what there is to look forward to in 10.8, I'll pass.

2
1

Google will swap you a box of crisps for your web privacy

Kevin McMurtrie
Bronze badge

100% of my world likes crispy fried food

There has to be something more to this. Everybody knows that giving people stupid gifts in exchange for survey data causes your data to represent exactly the portion of the population who like stupid gifts. Google must know it so you have to wonder what they're up to. It sounds like they've found a way to sell services to low-income people at large enough scales to make Googly-sized profits.

0
0

Nikon stretches Coolpix focal-range beyond belief

Kevin McMurtrie
Bronze badge
Meh

Hazy shade of gray

Nikon omits the aperture from their product specifications but "1:3-5.9" is on the barrel in their product views. I have lens that's f/5.6 at 300mm and I don't think this will work. f/5.9 isn't going to produce much sensor illumination for anything that isn't in unfiltered sunlight. The sensor will be running at maximum ISO and that won't produce a clear enough image to compensate for the large amounts of atmospheric haze to be expected at such a high zoom level.

1
0

Ex-Apple engineer emits Zevo ZFS for Mac OS

Kevin McMurtrie
Bronze badge
FAIL

Mac OS X = Terminal

I see LOTS of developers using MacOS X. That catch is that they're writing, executing, and debugging platform independent code to eventually be deployed elsewhere. Mac OS X is like a modern day terminal - it's a human interface to large systems running other Unix variants. It was never a good fit for data and processing clusters and Apple has declared that it shouldn't be. It's odd that somebody would bring ZFS to Mac OS now, especially when 10.7's user-experience features consume resources like it owned the whole box. It better run a lot faster than HFS+ because bandwidth is all MacOS X needs.

4
2

Two million-degree matter from SLAC laser

Kevin McMurtrie
Bronze badge
Mushroom

Anybody not wearing 2 million sunblock...

It's going to get messy when a military mounts this on a truck (or shark). IR lasers waste a lot of energy cutting a hole past the surface of targets. An x-ray laser would cook deeply through targets without needing power for melting or vaporization.

1
1

Yahoo! cofounder! Jerry! Yang! quits!

Kevin McMurtrie
Bronze badge
Mushroom

No stranger to blacklists

Yahoo stopped being serious about their own spammers. Yahoo is easy for spammers to exploit yet nearly impossible for victims file a complaint. The rest of the world has responded by tuning Yahoo's spam scoring high into the false-positive range. Yahoo's attempts to expand beyond simple portal services can only fail because they can't reliably send e-mail anymore.

1
0

Ferguson Hill FH009 home theatre system

Kevin McMurtrie
Bronze badge
FAIL

Engineering nightmare gets 80%

Fail 1: Acrylic turns cloudy and shatters when it absorbs oils. Touch those horns and the'll be destroyed in two years.

Fail 2: 65W with a thump and a hum? It sounds like they used the reference schematic for a cheap 5-pin amplifier chip. Both of those failures are caused by grossly asymmetric circuits and/or multiple signal grounds. Even in high school I could make a 100W amp that was perfectly hum-free and thump-free. It doesn't require muting or filtering - just a decently balanced circuit with a single audio ground.

Fail 3: How much copper for a measly 65W? Power semiconductors are fine running very hot. Keep them thermally isolated from the more sensitive components and you need very little cooling metal for 65W.

Fail 4: 50Hz cut-off? Was that an attempt to lessen the amp's line hum? That won't do for music, movies, or video games. I'm sure it sounds awesome with Skype.

1
1

Apple's TV killer 'on shelves by summer 2012'

Kevin McMurtrie
Bronze badge
Meh

Direct to surplus

The original Macintosh TV was released when Apple was trying to maintain outrageous profit margins while having no justifying technical innovations. A TV hack was added to the "Performa" series of Macintoshes which, despite the clever name, was probably the poorest performing computer series that you could throw a heavy wad of cash at. As was then, Mr. Jobs is not leading Apple and here comes a rumor of another TV product. Surplus stores are probably freeing up shelf space right now.

1
0

Another Alliance pushes into White Space

Kevin McMurtrie
Bronze badge
WTF?

Please send your answer to 'Old Pink'

Who uses these long range WiFi slots? The two or three local microwave ISPs are hardly crowding the airwaves. It doesn't seem that cellphone providers have run out of places to put antennas. Individuals rarely need to send WiFi long distances because there's no fat pipe for the upstream. ATSC TV channels are ~19Mbps - hardly exciting for public Internet connections. I see nothing but lawsuits and ownership battles over useless RF gaps coming from this. Leave it for TV.

1
0

LOHAN fires up sizzling thruster

Kevin McMurtrie
Bronze badge

Need space for more thrust

That tiny jet of exhaust is probably creating a vacuum over the nozzle, like a venturi pump would. Since the nozzle cap has more surface area being sucked on than the jet has area being pushed on, atmospheric pressure is not in your favor. This rocket could chemically perform worse in space yet end up producing more thrust.

Pedantic science nazi: Why put the rocket in a sliding holder for a bathroom scale? Surely you could get the difference in measurements from before and during the test when the whole apparatus is on the scale. How much is a gram in space?

1
0

Anti-piracy laws will smash internet, US constitution - legal eagles

Kevin McMurtrie
Bronze badge
Trollface

Like the death of dialup

That should free up all of those TCP ports being used to slowly trickle data through American last-mile internet. Everybody wants the same data so lots of people with slow connections consume more resources than lots of people with fast connections. Sorry, I meant "series of tubes."

1
0

2011's Best... DSLRs

Kevin McMurtrie
Bronze badge

The real dirt

I've been using DSLRs for a while and it doesn't matter whether the camera body is made of plastic or metal. For well made cameras, both body materials with outlast the digital technology by 10 years. The real longevity issue is with how well the camera is protected from dust. Any lens that changes size during use is inhaling and exhaling air from somewhere. Dust coming with that air can cause glare in the lens, confuse focus sensors, and wear away mechanical parts.

0
0

FCC (finally) cracks down on BLARING! TV! ADS!

Kevin McMurtrie
Bronze badge

AC-3 audio

Between the encoded amplitude and the Dialnorm metadata, this should be quite confusing to enforce.

1
0

Page: