* Posts by Pomgolian

53 posts • joined 26 May 2012

Page:

Safe browsing checks fail as 16,000 WordPress sites hacked this year

Pomgolian

Plugin Hell

As other commentards have pointed out, the Achilles heal of Wordpress is the poor quality of some of its plugins, and they should be avoided like the plague. Non-free plugins in particular are a no-no because often there is no patch available.

A lot of people mistake Wordpress for a content management system. It isn't - it's a blogging platform. If all you want to do is blog, then it's mostly OK, provided you update regularly.

If on the other hand you want a full featured CMS, take a look at https://www.concrete5.org. Last time I checked on cve.mitre.org there were barely a handful of issues listed, compared with hundreds if not thousands for Wordpress, Drupal and Joomla.

2
1

Sex is bad for older men, and even worse when it's good

Pomgolian
WTF?

Fuck me!

...or perhaps not!

7
0

Let's Encrypt ups rate limits

Pomgolian
Holmes

Maybe...

...they could reduce the traffic by 75% if they allowed annual renewal rather than three months which comes around all too soon....or maybe even allow wildcard certificates which would would render the "20 certificates per domain" limit moot.

1
1

BBC detector vans are back to spy on your home Wi-Fi – if you can believe it

Pomgolian
Facepalm

Oh for Fuck's sake

99.99% of people watch T.V., listen to radio or stream live video. Therefore, the blindingly obvious thing to do is to scrap the licence fee, the "detector vans" and all the useless twuntards in the licensing and enforcement departments and simply take it out of general taxation (yes, it'll go up a bit, but it's a lot harder to dodge). Some formula linked to census statistics ring fenced so the gubbermint can't dick with it when they need a new nuclear weapon should give the beeb all the cash they need without needing to bung the courts up.

Thank fuck I live in NZ now and don't have to put up with this shit.

3
2

How to scam $750,000 out of Microsoft Office: Two-factor auth calls to premium-rate numbers

Pomgolian
FAIL

FFS

Is it really so hard to validate the format of a phone number? Most countries are fairly well organised and have a common prefix or number range for certain types of phone number. It should be no more than a hight school project to set up suitable regular expressions to filter out obvious crap like this.

12
3

Microsoft wins landmark Irish data slurp warrant case against the US

Pomgolian
Holmes

Re: Common sense prevailed?

Grammar.

It's the difference between knowing your shit and knowing you're shit.

28
0

Visiting America? US border agents want your Twitter, Facebook URLs

Pomgolian
Headmaster

Re: I'll have whatever you're smoking.

>when the muppet in charge of the stationary cupboard

Well, let's hope the aforementioned muppet does indeed keep the cupboard stationary - last thing you want are cupboards flying around all over the shop. Think of the children!

Perhaps there are other muppets out there who whose portfolio includes stationery. They're the ones to steer clear of.

21
0

Cash-strapped English and Welsh cops prepare to centralise all 43 forces' websites

Pomgolian
WTF?

Re: In theory a nice idea...

> what exactly do you not like about the most popular website platform on the planet?

You're confusing "Popular" with "Good". Donald Trump is apparently quite popular, but that doesn't make him a "good" choice for president or in fact "good" in any other way I can think of, except perhaps entertainment value.....on the other hand when HM Constabulary are pwned it might be quite amusing so what the hell. Don't forget to install all the plugins you possibly can, you know, the ones than in a decent CMS would be built in and secure.

2
0

Boring SpaceX lobs another sat into orbit without anything blowing up ... zzzzz

Pomgolian
Stop

Re: Ob: Pournelle

>Except the Thunderbirds are a figment of imagination

Noooooooooooooooooo!!!!

You have just destroyed my childhood. Next you'll be telling me that hiding behind the sofa so the Cybermen wouldn't find me was unnecessary. I was damn certain they were real when they were in black & white and I was five.

52
0

US nuke arsenal runs on 1970s IBM 'puter waving 8-inch floppies

Pomgolian
Coffee/keyboard

Re: Programming skills .NE. programming languages

+1 for ExpertSexChange. ROFL.

5
0

Catz: Google's Android hurt Oracle's Java business

Pomgolian
WTF?

Shurely Shome Mishtake?

So... ASF produces harmony/dalvik, based on Java, and Google pinches it and runs it on Android. Oracle couldn't make anything stick against ASF, so how on earth can they expect to make it stick against Google? Google surely were permitted to do what they did under the terms of whatever Apache licence the ASF attached to harmony/dalvik. Surely a case of nothing to see here or am I missing the point? Oh Yeah. Larry is a ****.

0
0

Pop goes the weasel! Large Hadron Collider blown up by critter chomping 66kV cable

Pomgolian
Coffee/keyboard

Re: Such sabotage is intolerable!

New keyboard required - I'll invoice you now. Ger bill is in the post.

6
0
Pomgolian
Joke

Was it a Weasel or in fact a Stoat?

It can be difficult to tell. Here's a handy tip:

A stoat is weasily recognised, but a weasel is stoatally different.

17
0

Apple stuns world with Donald Trump iPhone

Pomgolian
Joke

iPhone SE

So.. what's SE an acronym for? Small Edition?

0
0

BBC telly tax drops onto telly-free households. Cough up, iPlayer fans

Pomgolian
FAIL

FFS

99.99% of people watch TV or use iPlayer. Since consumption is near universal, just like the NHS, schools, roads etc, i.e. everything else your taxes pay for, why the bloody hell don't the government simply scrap the licence fee, and increase VAT or income tax by an appropriate amount per capita and simply pass that on to the Beeb? They'd actually save money, because they'd scrap all the administration and enforcement bollox that goes along with it.

0
4

This is why copy'n'paste should be banned from developers' IDEs

Pomgolian
Pint

I once had to write a report for a service management application, that produced a list of outstanding service exchange jobs. Being limited to an 8 character name space resuted in O S EX JOBS, or as it became known, the SEXJOBS report.

0
0

Don't touch that PDF or webpage until your Windows PC is patched

Pomgolian
FAIL

Re: A fresh install of Mint 17.3 down to 12 mins with an SSD, fully updated.

No problems here. Win 7 Pro does everything I need, works just peachy with an SSD. I have GWX Control Panel running to prevent any unwanted upgrades, and windows update set to notify me and not do anything until I'm good and ready.

As for Linux Mint, tried it and gave up. All I wanted was my three monitors to work together like they do on WIn7. If I manage to get two working, they either have horrendous refresh issues or I can't drag windows from one to the other.

10
5

Celeb gossip site TMZ was pushing malware at innocent surfers

Pomgolian
Holmes

Adblock & Noscript

...plus not giving a flying ***k about celebutards in general means I'm unlikely to have been hit.

4
0

Windows 10 overtakes Windows 8.1's market share

Pomgolian
Facepalm

So in other words...

...everyone apart from Windows 7 users, who if they're anything like me find it a solid, reliable OS that does everything they with minimal annoyance, is upgrading. No surprises here. Move along.

10
0

Someone please rid me of this turbulent Windows 10 Store

Pomgolian
Pint

Re: What went wrong?

>Occasionally waking up, make wild and uncoordinated moves and statements, then collapse in a pile >again is not a strategy. It is what homeless drunks do.

I'll drink to that.

16
0

Kiwi hackers crack crap algo, showcase 40c-a-litre DIY fuel discounts

Pomgolian
Pint

Re: Just back from NZ

>Still more expensive in the UK. £1 per litre is about $2.20 per litre.

You should have stayed - it's typically around $1.70 right now, which works out at 77pence.

0
0

Rejoice, Penguinistas, Linux 4.4 is upon us

Pomgolian
Facepalm

Re: So will 2016 be the year of Linux on the desktop?

>I really, really do not understand why the majority of people who never leave the browser run >Windows.

Because Linux isn't always trivial to install. For example, I have three screens on my c2010 vintage PC. Why? because I haven't got desk space for 5. I tried installing Linux Mint 17.3. Sadly, if it actually manages to detect all three of my screen, two of the three suffer shocking refresh bugs -moving or scrolling a window results in a "mouse trail" of the previous position. More likely though it only detects two but won't let me move the mouse between the two. I've spent a good few hours buggering about with xorg.conf, installing proprietary drivers etc. Nothing. I'm not a complete noob - I was an RHCE 16 years ago. Sticking with Win7 Pro X64. Might try again next year or wait until support runs out whenever.

1
4

Patch now! Joomla attacked in remote code execution blitzkrieg

Pomgolian
Alert

Temporary Mitigation

I case any one wonders what it looks like:

194.28.174.106 www.example.com - [15/Dec/2015:08:50:49 +1300] "GET / HTTP/1.1" 200 22504 "http://google.com/" "__test|O:21:\"JDatabaseDriverMysqli\":3:{s:2:\"fc....eval(base64_decode(..."

Snipped to discourage skiddies.

A temporary mitigation is to block any user agent that contains the word base64 or eval:

if (strpos($_SERVER['HTTP_USER_AGENT'],'base64') !== false)

die();

if (strpos($_SERVER['HTTP_USER_AGENT'],'eval') !== false)

die();

Added to the top of index.php

0
0

WordPress.com ditches PHP for Calypso's JavaScript admin UI

Pomgolian
Headmaster

Had to read that twice

>The challenge is that WordPress’ venerable PHP code base

Was I the only one that read that as "vulnerable" the first time round?

1
0

Tech goliaths stand firm against demands for weaker encryption after Paris terror attacks

Pomgolian
WTF?

Asphinctersezwat

>If you create a product that allows evil monsters to communicate in this way, to behead children, to >strike innocents – whether it's at a game in a stadium, in a small restaurant in Paris, take down an >airline – that is a big problem.

That could equally apply to every single gun, bomb, drone and nuclear warhead the US ever produced.

Maybe if we just banned all weapons, then the bad guys wouldn't be able to use them against us?

Correct me if I'm wrong but the 'merkins have an extremely vocal redneck contingent defending their constitutional right to bear arms in case the old English Queen should decide to invade. Why single out encryption? Guns are the real problem.

8
4

Bacon as deadly as cigarettes and asbestos

Pomgolian
Headmaster

>Unsurprisingly, the Mail predicts economic porkocalypse,

Unsurprisingly, the Mail predicts economic aporcalypse

FTFY

0
0

Ireland moves to scrap 1 and 2 cent coins

Pomgolian
Childcatcher

Downunder too

Here is NZ and Aus, "Swedish" rounding is the norm. EFTPOS (bank card) transactions are very common and thus rounding doesn't really have much impact. Some smaller shops, convenience stores aka "dairies" have been known to round up even when paying by card. It's not enough to leave your scooter outside the dairy, nekminnit you're being overcharged. (Obscure NZ internet meme)

0
0

WIN a 6TB Western Digital Black hard drive with El Reg

Pomgolian
Angel

It doesn't take divine inspiration to pwn Donald Trump's website, but my god, it's soooo much fun.

0
0

Nice try, Apple. The Maxi Pad is no laptop killer – and won’t scratch the Surface

Pomgolian
Paris Hilton

Is it just me...

... or does "maxi pad" bring to mind feminine hygiene products rather than tablet computing?

0
0

Microsoft backports data slurp to Windows 7 and 8 via patches

Pomgolian
Terminator

Security Essentials

They really want this info - I am regularly in the habit of blocking hosts I don't like or adding other hosts while the DNS catches up in my windows hosts file. Never had an issue before, but after pointing settings-win.data.microsoft.com and vortex-win.data.microsoft.com to 127.0.0.1 Security essentials pops up a warning about "SettingsModifier:Win32/PossibleHostsFileHijack". Clearly it's a big deal for Microsoft, so it ought to be an even bigger deal for all of us to avoid it.

3
0

CVS shutters photo website in credit-card hack attack scare

Pomgolian
FAIL

Token Billing

Why the hell were they storing card details in the first place? There really is no real need to do that if you use a proper card provider who offers token billing. The token is completely useless to anyone except the merchant. This set of morons deserve to have the PCIDSS police crawl up their small dark passages and be made to squeal loudly.

2
0

Jamie Oliver's ministry of malware served slops AGAIN

Pomgolian
WTF?

Concrete5

@CKOne - I suggest you look again, preferably with your glasses on, a bright light and possibly a brain of some sort. It's Wordpress, no doubt about it. The page source is full of links to wp-content and there is no trace of any of the hallmarks of Concrete5, no JS variables in the page, no CONCRETE5 session cookie...

Concrete5 is one of the most secure CMS systems there is - got do a search on cve.mitre.org and you'll find barely a handful of issues for C5, versus several hundred for Wordpress, Drupal etc.

0
0

DON’T add me to your social network, I have NO IDEA who you are

Pomgolian

Re: Bit Sneaky. Reprinting That Particular Article During Dabbsy's Absence

>real whiskey

is actually spelt whisky, just so you're sure to be sure.

5
0

Aye-aye Eyeo, go safely on your way-o, says German judge

Pomgolian
Paris Hilton

Re: According to Eyeo, AdBlock Plus is used on 50 million devices

c:\windows\system32\drivers\etc\hosts

127.0.0.1 doubleclick.net

127.0.0.1 googleadservices.com

...

rinse and repeat

6
1

Mozilla to whack HTTP sites with feature-ban stick

Pomgolian
FAIL

>Mozilla, whose Firefox is used by a quarter of net surfers,

Yeah, right, they'd like to think so, but it's more like half that and dropping every month.

I can just imagine the response from the customer base when asked to stump up for an SSL certificate and my time to manage it all. Firefox support will get dropped faster than you can say "chrome".

Jog on, Firefox.

6
5

Web geeks grant immortality to Sir Terry Pratchett – using smuggled web code

Pomgolian

Practising What You Preach

..and just in case anyone is inclined to check, el Reg's server sends this:

X-Reg-BOFH: pfy

X-Clacks-Overhead: GNU Terry Pratchett

Nice one.

7
2

Qantas' biggest problems are … Apple, Samsung and Google?

Pomgolian
Coat

I support two teams...

Sounds like the typical whining you get from them ozzies whenever they're not winning at something.

1
0

Moon flashes Earth after getting pounding from MASSIVE meteorite

Pomgolian

I for one, welcome our drunk driving alien overlords.

8
0

Google underwrites Firefox another year, even as Chrome outpaces it

Pomgolian
Facepalm

It's not IE..

>it has no incentive to encourage anyone to use Firefox.

Yes, it does. If you can't force Chrome down their throats, let them eat Firefox instead - the point here is that Firefox ain't IE, which must not be used at all costs.

2
0

New Zealand to bar software patents, again

Pomgolian
Happy

Huzzah!!

....that is all.

2
0

Web host Linode, hackers clash over credit-card raid claim

Pomgolian
Pirate

Cean up required

This might explain why I've had a rash of attempts to crack open POP mailboxes from lots of different IPS resolving back to xxxx.members.linode.com. Hope they've cleaned it all up.

0
0

Internet Explorer makes modest gains against Google Chrome

Pomgolian
Boffin

Re: Meanwhile, in the antipodes...

Most probably true, I was merely paraphrasing for those in the northern hemisphere.

My point was their stats are based on server logs, and not on samples collected by websites where the webmaster has added code to feed back to StatCounter. As such it's probably quite a fair reflection of the browsers that people at least in NZ are actually using as opposed to those that they are reported to be using.

0
0
Pomgolian
Paris Hilton

Meanwhile, in the antipodes...

Down here in Chrome infested NZ, IE is continuing to sink. TradeMe is the Kiwi equivalent of ebay and thus the stats are probably typical of the average web user.

http://labs.trademe.co.nz/trade-me-browser-stats-march-2013

makes for interesting reading

1
0

Six things a text editor must do - or it's a one-way trip to the trash

Pomgolian
Pint

Re: There is only one thing a text editor needs

=====> :)

I did that for 15 years. Mine's a pint.

0
0

Yahoo! webmail! hijacks! are! back!...

Pomgolian
FAIL

Staying signed in

There was an outbreak of this sort of nonsense with the yahoo/xtra email service down here in NZ last month.

The advice here was that it was a cookie stealing vulnerability, which affected those who had the "stay signed in" option set when they signed in to their webmail. Clear your browser cookies and don't check that option.

0
0

Microsoft: Office 2013 license is for just one PC, FOREVER

Pomgolian
Linux

May I be the first to say..

...Fark that for a game of soldiers.

3
0

Microsoft's Surface Pro team takes on Reddit to finesse fondleslab

Pomgolian
Devil

Re: MS Surface pro FAIL

>you can have the man-with-breasts thing.

More likely some sort of gender-confused eunuch

1
1

Ancient Mars: Covered with life, oceans, clouds, and imagination

Pomgolian
Pint

Full Marks

...especially to someone who allegedly used GIMP to do anything useful. I'll buy that man a beer.

1
0

Kim Dotcom flashes his rack

Pomgolian
Black Helicopters

Mansion?

"Dotcom’s famously flamboyant lifestyle bespeaks considerable wealth, inasmuch as he bought a colossal mansion"

..er....no. He's renting it. He wasn't allowed to buy it because at the time he didn't have permanent residence or something and was thus a "foreign investor". Shame for the spooks who spied on him illegally that he didn't remain so. He has now, apparently, been cleared to buy the mansion, but can't because his funds are frozen.

Can't argue about the cars though.

1
0

Page:

Forums