* Posts by Karlis 1

20 posts • joined 3 Jun 2013

Dropbox apologies for clunky administrator account access on Macs

Karlis 1

Meh, that's a poorly written article.

1) Dropbox doesn't store/retain/use or whatever your admin password. During installation it requests it so it can inject itself with an accessibility permission (which is fairly unlimited, to be granted).

2) The fishy bit is that it circumvents the existing OSX elevation methods and instead just settles for the jugular - injecting itself far deeper in the system than it should.

Which really brings the crux of the problem. Why the f*k should a cloud files sync service require kernel extensions or inject itself as a virtual filesystem in the first instance. What the hell was wrong with the model where it had a folder, kept monitoring it and if anything changed, synced the files?

Me thinks we should ring up the BOFH and point him to a couple of product managers in Dropbox HQ. Heck, I'd sharpen the spade myself.

6
0

PCI Council wants upgradeable credit card readers ... next year

Karlis 1

Fuzznugets!

Ah, throwing technology at the wall to solve:

* Slow deployment of Chip&Pin due to resistance from retailers because of fees.

* "Securing" end terminals when all the recent major breaches have targeted insecure back offices of large companies non-compliant with even tenth of existing PCI standards.

* "Hardening" POS devices when the common way to skim the card at the restaurant is to snap a photo of it.

I'm not impressed. As much as I'd like to be a leet hax0r breaking into the shops at night with a drill bit to replace the firmware on the two dented card readers I'll stick to sending funny cat videos to corporate office beancounters staff. Actually enforcing PCI DSS and having consequences for ignoring it would be far far bigger result than preventing me to target a grocery store where customers have maybe $10 left on their accounts to nick.

2
1

US Marine Corps to fly F-35s from HMS Queen Lizzie as UK won't have enough jets

Karlis 1

Re: At least he's got a good sense of humour.

This is how you know that the government knows this will never happen: "Indeed it is, beyond question, at the appropriate juncture, in due course, in the fullness of time."

(Credit to Yes, Minister. A mandatory watch to anyone interested in what politicians and officials actually mean when they seem to agree with something)

3
0

BYOD battery bloodbath? Facebook 'fesses up to crook code

Karlis 1

Not just the apps

I've long been planning to fire up a VM and measure how much traffic something like verge takes to load. And MORE IMPORTANTLY - just to stay in the background tab.

Anecdotical evidence suggests that results would be shocking, just haven't had the time to get to it. Someone with white hat could do it (referencing me as an idea, would be appreciated).

1
0

Bono: Apple will sort out monetising music where the labels failed

Karlis 1

"new music format that will make buying music “irresistible”"

Sounds to me that U2 stunt was just a test run. Next Apple will simply dump new releases in our libraries and charge our cards directly. No opt-out, therefore irresistible.

Well, maybe 'some' tailoring to your taste will be possible. Until the next Justin Bieber mega-hit will come out.

3
0

Oh noes, fanbois! iPhone 6 Plus shipments 'DELAYED' in the UK

Karlis 1

For what it's worth my pre-order still appears to be coming on time (Friday morning). Admittedly I ordered it within 5 minutes of pre-orders opening. Any delays appear to be purely due to allocated stock running out (which, for a fairly popular physical hardware, doesn't sound _too_ far stretched - it still has to be assembled at a certain bounded rate, tested, allocated to one of the launch countries and shipped).

Even if we assume that Apple is run by baby eating evil megalomaniacs in marketing it would be a bit of a stretch to imagine that they are refusing to take your cash purely to demonstrate some 'artificial' shortage.

0
0

Bonking with Apple has POUNDED mobe operators' wallets

Karlis 1

Re: Crazy.

> It seems rather like 3DTV - hyped and drooled over by 'analysts', but in reality it's a technology looking for a demand.

I never have understood why the manufacturers are trying their damnest to feck up a simple (and working) experience where you press a button and the thing displays a picture. Killing off the best display technology we had for a reasonable price in process (yeah, I'm a plasma fan). If I want to browse internet, watch porn or catch-up I will use my laptop, my tablet and my cable providers perfectly adequate box (thank God they haven't tried to put a Pentium 4 so they could offer 'premium services' in these boxes yet).

1
0

BOFH: You can take our lives, but you'll never take OUR MACROS

Karlis 1

Steering a luser to use Access. No way that is going to end well.

My bet is on Access requiring a plugin installation to work with data older than 7 years, installation media for which was just delivered in the basement, in the shipment with a carpet, showel and to bags of lime.

23
1

BlackBerry's Passport will be the WEIRDEST mobe of 2014

Karlis 1

Nokia did all sorts of very weird designs - whilst being de facto leader in the market with not a threat in sign. One still wonders how they threw it all away...

0
0

Developers: Your chance to get hands on with Microsoft Azure

Karlis 1

Or, you could, you know, use something that works. Amazon springs to mind.

1
2

BOFH: He... made... you... HE made YOU a DOMAIN ADMIN?

Karlis 1

Ah, we've been missing you

Good to see that Simon is back in form!

(Although lack of boobytraps in the domain permissions scripts seem to be a grossly negligent oversight - as evident by the costs incurred by the company now that medical insurance and scrap disposal will have to get involved)

3
0

Windows Phone app devs, this is for you

Karlis 1

Re: Re: Too bad it's Nokia :/

Good try, Chief Marketing Officer of Nokia UK.

6
3

NSA refuses to deny spying on members of Congress

Karlis 1

Re: (Yawn)

Good job on following the party line.

Of course some of us might disagree with the notion that employees in a government agency (which is proving to be ungovernable) can have all of our life communications record at their disposal a single query away. Especially as Snowden has shown again and again that his claims are substantiated and has repeatedly described that these kind of queries are being made daily by low level staffers spying on their love interests, et cetera.

But that's totally not spying. Nether is it spying the next time an important vote that might have an impact on the NSA or their friends in the commercial world comes up and key senators, hypothetically, receive a transcript or two of their anonymous communications (technically true - that's not spying, just plain old blackmail).

13
1

Dell tells staff: If you haven't got stomach for private era, leave

Karlis 1

Targeting by exclusion?

Nobody from India, nor from Singapore, nor from EMEA, nether anybody from Software group - who exactly is eligible then? A couple of janitors and the Hardware Engineering group in US only?

6
0

Calling Doctor Caroline Langensiepen of Nottingham Trent uni

Karlis 1

But was there an assignment in the first place?

The cunning bit might be that there wasn't an assignment at all - the bloke just wanted to get published to win an unspecified, but most certainly excessive, amount of lagers at the local uni pub.

0
0

Bill Gates: Yes, Ctrl-Alt-Del salute was a MISTAKE

Karlis 1

Bill looks to be wrong here

As far as I recall the C-A-D salute was actually feature of the original IBM AT design, special case being that it generated an actual _hardware_ interrupt from AT keyboard controller (the large, round 5 pin one) that would be handled regardless of the state of the rest of the system.

When it was integrated into Windows (NT 3.5 first IIRC) it was actually for sound security reasons - that is, that the corresponding HW interrupt couldn't be faked by malicious software, therefore C-A-D would always be a safe way for operating system to get to a good known state (whether it was login screen (credential snooping) or task manager (fake one masking the malicious process) irrespective of any software trying to intercept it above kernel level.

As far as I'm concerned that was an inspired hack on reusing something you wouldn't want to happen (random reboots from keyboard inputs) into something you would very much want to happen (fairly secure way to ensure that your login prompt is actually the login prompt, not a patched up worm).

1
0

Loads of mis-sold PPI, but WHO will claim? This man's paid to find out

Karlis 1

Could this article be a more obvious ad for SAS?

0
1

Egad! Could Samsung be CHEATING in Galaxy benchmark tests?

Karlis 1

Meh

I'm a consumer. Well - an ex mobile developer that used to care about this profoundly. No more.

There isn't all that much difference between Galaxy S2 and 3 or JesusPhone 4S and 5 to warrant bothering at this level of detail. Whoever is 'benchmarking' phones these days is probably a rather misguided effort. Nobody cares. It has been a PIII-733 with a GeForce 1 card by default for at least 2 years now.

4
0
Karlis 1

Re: Of course it is.

How many 'major' android manufacturers are still out there?

3
0

Inside Intel's Haswell: What do 1.4 BEELLION transistors get you?

Karlis 1

Microsoft shill?

May I humbly suggest that Intel will probably be more than pleased to allow Apple and the likes to use the new chips to run non-Microsoft software as well.

Would only make business sense - associating CPU with Windows 8 would be a commercial suicide - what is the point in investing untold beelions in R&D to only sell 3 copies? ;)

9
5

Forums