Posts by Ascy
21 posts • joined Friday 25th November 2011 09:45 GMT
Headhunter my arse
You're a recruitment agent who's blatantly insecure about it and can't resist the opportunity to let the world know you may have some technical knowledge. Let it go man, let it go.
Terrible
Some developers might actually have to figure out the solution to their problems all by themselves.. How terrible.
I e-mailed my MP about the Net Snooping Bill
I e-mailed my MP about the Net Snooping Bill and was sent a response back from someone on behalf of the government laughably stating that encryption wasn't a problem, but they couldn't explain how they'd get around it. I can't believe that there exists a person so stupid that they think anyone who had the intelligence to raise the technical points that I had in the e-mail, would buy such crap. On top of that, they reckoned they would just record endpoints of communication, not the traffic itself. They didn't explain how a cheap encrypted VPN connection to another country with more liberal Internet laws would not thwart their incredibly expensive plan to spy on everyone (because it would, making the whole thing completely pointless for general, population wide snooping).
I think government needs refreshing from top to bottom with people who are at least almost competent at their jobs, as opposed to the clowns we have had these last 15 years.
I e-mailed my MP about all this...
...and got a reply back from some government department (which I plan on responding to, but have been too busy thus far). One of my points was that the general public haven't got a great deal to fear from any of this, but MPs have. Can you imagine how much private investigators would pay some minimum wage worker in TalkTalk for some MP's browsing and e-mail history? I bet foreign powers and big business would all love this information! I was told not to worry as the Information Commissioner was going to make sure all the data was protected. I can only assume that the person who actually wrote the reply letter was from an alternate universe, one where the IC didn't sit idly by while Phorm spied on BT broadband users and Google went round slurping up wifi data.
The best bit of the letter I had, though, was when it was stated that the government have ways round encryption, but for obvious reasons they couldn't tell me what they were. Now I'm no cryptography expert, but I am a software developer (for the enterprise) and I have raid the odd beginner's book on cryptography, and that statement just shows how technically illiterate people working for (or advising) the government) really are.
Tempting...
This would be a tempting upgrade to my Bookeen CyBook, but is there a colour version that's going to appear soon? There are colour e-ink screens available, after all.
Anyway, hurry up with the full review, already!
It's a good default
But MS could backtrack slightly by asking users when they first launch the browser whether they want it on or off and recommend it's set to on. Then nobody has cause to complain, unless they think users should be kept ignorant so that it's turned off.
Post .Net World?
And you're going to make your dynamic MS websites in what, JavaScript (I'm sure node.js is amazing, but really...)? C++? And what about enterprise, where they are JUST starting to move to Windows 7? Other than Paint.Net, I can't really think of many .Net consumer desktop apps I doubt it would affect too many jobs even if .Net did disappear from the consumer desktop (which it isn't about to do). And can anyone (in their right mind) seriously imagine people who have to enter any substantial amount of data doing so using a touch interface (enterprise will remain with the classic desktop for a LONG time to come)? A mouse and keyboard are much better input devices.
But what I really love is how we're going to learn about the technical direction our careers should take based on the predictions of a recruitment agent. The Register has lost its god damned mind, I tell you!
BTW, this isn't me being defensive, I love learning new technologies and languages (I started out with Java at uni). It's just this whole .Net is dead thing is complete bollocks.
Surprise, controversial article from Orlowski
Patents are utter BS! Can you imagine someone way back when patenting the spear? The bow and arrow? It's a stupid system - humans copy from each other, it's what we do. It's why we speak the same language. The problem with the world is stupidity and laziness - there are lots of people who are daft enough to believe the crap about patents helping innovation and allowing for people to invest. Then there's lazy people (like myself) who know this is a complete rubbish, but can't be bothered to do anything about it. How can stopping someone from using an idea help innovation?! It just keeps a wealthy few wealthy while killing real competition. This is especially true when it comes to software and, as someone who writes software for a living, I am completely against software patents. If someone can rip off my idea and do it better than me, then good luck to them!
Then there's the sick position of patents on medication, where people literally die because they can't afford to pay the steep price of medication. And would the giant medical companies go bust if they were forced to sell their discoveries to people who required it at a price they could afford? I'd bet a great deal of money that they wouldn't! The day that anyone I care about is on death's door, but could be saved by some drug that's too expensive for them to afford, then that's the day I'll come for the CEO of that medical company. Though sadly, I think I'm probably in the minority there.
Applies/applied to Play.com
Play.com also keep/kept user's password in a way which can be retrieved - years ago, they e-mailed it to me when I forgot.
Missed opportunity to stick it to whoever made them change
Well the obvious new name was Ortem - sticking up two fingers to any trademark nonsense.
Still, this whole Metro crap reminds me of The Onion's Macbook Wheel sketch, where the newsreader lady says something at the end like "And it's yet to be seen how the business world will react to the Macbook Wheel, where computers are used for actual work and not just dicking about." Replace 'the Macbook Wheel' with 'Metro' and the same thing could well apply.
Rumours of RIM's death may be premature
I tried a PlayBook in a shop the other day and really liked it, initially appears to be much better than Android on my Galaxy Tab 8.9. For a start, there's no stupid bar that takes up part of the screen which just looks plain ugly (yes, you can hide it if you've rooted your device, but you need to keep enabling it and disabling it, causing apps to resize and it's just not nice). Whoever came up with that idea should be given the sack.
I've had a go with a PlayBook previously, but didn't buy one because there wasn't a decent PDF reader that remembered reading position for it. Now you can run most Android apps on the tablet (albeit, repackaged), it has a much larger number of decent apps (one of the best things RIM did for the platform, if you ask me). I really like the fact that RIM's business isn't spying on you and selling that information to advertisers. I really like the swiping from the sides doing things. I really like that the 32GB model only costs £150, so I've put in an order.
If RIM can pull off a decent touch screen phone (the London?) next year for a good price, my next phone may well be a BlackBerry running BB10. Though I'm happy enough with my Galaxy S running an unofficial ICS at the moment (but battery life could be a little better, at least it doesn't suffer from the performance problems Samsung introduced with the last two updates).
SpiderOak
Assuming they are telling the truth, SpiderOak is pretty good for keeping items secure as it lives encrypted on their servers and they don't know your password and thus how to decrypt the data themselves. So providing you keep your password safe (and use something sensible and not just 'password'), your data is pretty safe (though, as with all encryption, with enough computing power and access to the original data and encryption algorithm, good old brute force guessing would still decrypt the data).
The SpiderOak client isn't great and I've no idea whether their employees leave files around containing customers' email addresses, but if you'd like to sign up then use the link below and we both get an extra 1GB of storage.
https://spideroak.com/download/referral/7f8fc358f1e5084bb21cd6a13047657b
Re: Have had the e-mail this morning
I understand how salting is required, I'm just wondering how the salt can be random without storing it somewhere (and I would guess that this location would be in the user table, along with the hashed password). So in my blog, I recommend hashing something like the following:
moo@test.comNVIDIA_SECRET_SALT_[user password]
What NVIDIA seem to be doing from what i've read is hashing the following:
[random text][user password]
If the random text is truly random on a per account basis, there must be a record of it somewhere in order to be able to hash it with the user's password in order to produce the correct hash (so the user can log in). I'm curious as to how NVIDIA handled this random hash - if they stored it in the user table, it won't provide a great deal of protection against hash table lookups as it will quickly become obvious the the criminals who obtained the data that they simply need to subtract the details of column 'X' (or whatever it's called) from the password to get back to the user's password. Admittedly, you have the same problem with my approach as it will become obvious that 'NVIDIA_SECRET_SALT_' is appearing in all the passwords.
Have had the e-mail this morning
Am glad they have informed me (though quicker would have been better) and they do seem to have done the right thing with their passwords (salting and hashing) as I recommend in a blog post of mine. However, I'm curious about this 'random salt' part. Does each user have a unique, random salt? If so, is that appended to the password or stored in a column in a row. Either way, not sure what a random salt would add over hashing, say: [e-mail]+[nvidia_global_salt]+[password]. Modifying the result further in a custom way would also help obscure the password against hash table attacks (eg XORing against the hash of the e-mail), but I wonder how much better that would be in practice (a question for somebody knowledgeable in cryptographic maths). My guess is that, to a certain degree, the more steps you add, the more likely an attacker is to give up before discovering a method to reverse the password - provided it doesn't impact on the effectiveness of the original hash.
Really the only malware to make it past the review process?
"The app is mostly likely the first piece of malware to make it past Apple's censors and reviewers..." And your basis for making this claim is?
Registration really essential?
Similar to what a previous commentator has pointed out, I didn't think it was necessary for a business to register with the ICO if you used the information for running your business - as of the latest DPA, at least. You just had to comply with the rules.
Restriction Of Ideas Is Silly
I don’t think ideas should be restricted. Can you imagine the first spear or the first bow and arrow being patented? It’s ridiculous - copying other’s ideas, other’s behaviour, other’s way of speaking, it’s what we do! Somehow we’ve be tricked into putting made up restrictions on that behaviour for the benefit of a relatively small few.
I do think some rules need to exist. Thus, you shouldn’t be allowed to sell a band’s performance of a song. However, you should be allowed to do your own performance (copying lyrics and notes) and sell that. If you can make a Ford Fiesta cheaper or better than Ford, then why can’t you? Because Ford came up with the design first?
Contrary to the popularly held belief of progress being stalled, it would probably be sped up - no restrictions on the copying of ideas, no lawyers stopping someone with a slightly improved tablet selling it. The world wants new, better things and as long as money changes hands for those things, people will keep improving items and doing research, even if they can’t then restrict others from benefiting from it also. If I write an amazing program or a fantastic website and someone else wants to copy the look and functionality and thinks they can sell, maintain and run it better than me - then good luck to them!
The only thing that should be protected is a name - so you know from who you are buying something with, say, Sony written on it, that you really are getting the Sony produced version of that product. There would be some details to sort out for novels and news stories, and even performances of songs by another band - they should clearly have an original source attribute.
A full day's work?
"...set about attempting to do a full day's El Reg work..." How does the Metro interface prevent you from dicking around in the pub?
Surely you do need root!
I would have thought it obvious that you's need root access to add a printer or wireless network! There are a lot of good arguments for this behaviour, as the point of root (as I understand it) is so that users cannot make changes which affect the system and other users. On the upside, at least his daughter could find drivers for the printer...
What a waste!
Apologies if anyone's already posted this, but in the time it took me to read the article I came up with a better idea - which begs the question how do these idiots get funding! Why not just float beside the piece of space debris and then ram it like a snooker ball, knocking it off course down to Earth, while leaving your DustStar (TM) free to target further junk until it's supply of compressed gas (or whatever for thrusters) runs out? You could attach something to the ramming side to make it so it didn't even have to be that accurate (like a bowl). If you need to control it around obstacles, just set up a few relay points. Or use the Hubble Telescope to focus sunshine and turn up bits that way.
There's so many other things you could do too, harness the kinetic energy of the debris, while sending the debris itself down on a slow path to Earth. Use the debris as a fuel source depending on what it is...anything, do anything but this crap idea!
Loyalty?
Brand loyalty is the most pointless thing ever. Why would you buy an inferior product for more money simply because you've bought that brand in the past? It's not like after 20 years of buying XYZ brand, that company is going to turn round to you and be 'loyal' back. "Oh, you can't afford a phone these days - well, you've been buying our phones for twenty years, so have a free one on us." Don't think so.
