* Posts by david 12

1035 posts • joined 6 Jul 2009

Page:

It's September 2017, and .NET lets PDFs hijack your Windows PC

david 12
Bronze badge

Re: Just say no to software developed using unsafe languages like C/C++

>I wonder when people are going to wake<

Not anytime soon judging by the voting pattern here...

0
0

Everyone loves programming in Python! You disagree? But it's the fastest growing, says Stack Overflow

david 12
Bronze badge

Re: Usefulness

> but it would be so much better if they'd just use some { }.<

After a while, I realized that one of the reasons I prefer Pascal and BASIC is because I'm a left-handed touch-typist.

0
0

Crowdfunding scheme hopes to pay legal fees for Marcus Hutchins

david 12
Bronze badge

Still looks like a DOS attack against a security white hat.

10
0

IT worker used access privs to steal £1m from Scottish city council

david 12
Bronze badge

Can't happen again. Now. WTF were the doing for the last 10 years? Where's the asset recorded against the expense? Who's checking the double-entry book keeping? Do they think that self-authorized theft is a new invention? That gambling-related theft is a new thing? Did they think it all?

Was this amount of money so small compared to management wages that they didn't think it was important to follow up?

2
0

nbn™ blames cheap-ass telcos for grumpy users, absolves CVC pricing

david 12
Bronze badge

Yes, it's a mistake. The NBN is talking about using FTTDp to replace "longer twisted pair runs" required by.FTTN where the node is too far away...

0
0
david 12
Bronze badge

Re: Oh FFS

This "fantastic infrastructure plan" was bullshit from moment it was announced. It was specifically exempted from any kind of economic evaluation, and it was justified on the basis of "education" and "tele-medicine"

The initial pricing promises from the government were wildly inaccurate: they went to tender and nobody was interested. The "education" idea was predictably just as realistic as the previous ideas that TV, Film, Radio, Telephone and Telegraph would revolutionise education. And the idea that you would use the high speed internet to get medical interventions in your own home was sheer fantasy.

Yet that was the justification offered, and for years their supporters believed that BS. At least most people have now come around to the realization that was obvious even then: the high speed internet was going to replace Free To Air TV, and the bandwidth would be released for mobile data.

0
0

10 minutes of silence storms iTunes charts thanks to awful Apple UI

david 12
Bronze badge

Re: Not limited to iPhones

>baked into whatever mass produced Chinesium<

It's baked into (American) Apple software licensed to the people who build cars.

5
3

Disgraced US Secret Service agent coughs to second Bitcoin heist

david 12
Bronze badge

Silk Road, Bitstamp... Mt Gox was under investigation by the same people when the money disappeared and it went bust. Has anyone asked him about that? He might already have enough salted away, even after giving up the Bitstamp profits

1
0

The future of Python: Concurrency devoured, Node.js next on menu

david 12
Bronze badge

Re: Async not always easy

>Alongside shell scripts, Perl, and the occasional C language external utility, it's a nice addition to a computer that's used to "get things done".<

And it would be even better at that if it had resumable exceptions.

Resumable exceptions make speed optimisation more difficult (not impossible, but more difficult). On the other hand, resumable exceptions enable finely-grained exception handling for i/o-bound exception-prone multi-threaded asynchronous processes that spend most of their time waiting anyway.

And once you've written your first application with a separate try/catch block for every single line you've learned why resumable exceptions are not universally a bad idea.

1
0

Windows Subsystem for Linux is coming to Windows Server

david 12
Bronze badge

Note that word “currently.”

>It could be loose language or it could be a clue to future developments. <

It's absolutely typical MS product announcement. "Windows 10 includes a Graphical User Interface". "Windows 10 does not currently include Nuclear Fusion".

MS never admits features existed in past products, and since the vapourware scandals of the 1980s with the possible anti-trust implications, MS has been very careful about anouncing only actual products.

But I've always suspected that it's because the people writing the PR/press/documentation have no idea at all other than what they are told.

4
2

CMD.EXE gets first makeover in 20 years in new Windows 10 build

david 12
Bronze badge

Re: Bah

>Have those idiots figured out most of us have monitors that can display more than 80 columns?<

Yes. Have they figured out how to make idiots stop complaining about the absence of features that have been there for years? No.

0
1
david 12
Bronze badge

Re: But can I get a login/command prompt ...

>a login/command prompt ... on a dumb terminal plugged into a serial port <

On every version of Windows I've used since DOS 2.11

Only up to Win7: I haven't had a need to try since then.

0
0
david 12
Bronze badge

They did port one of the unix shells over. They called the system "xenix". DOS was more popular.

0
4

Your top five dreadful people the Google manifesto has pulled out of the woodwork

david 12
Bronze badge

Re: Assuming They Don't Post Anonymously

>First, if there was anyone complaining to HR it was in fact Mr Damore<

Well, obviously /someone/ complained to HR, because Mr Damore got fired.

And yes, I did read at least that far. Since I'm not here looking for long-form articles, I was slready stretching at that point, and that bit of carelessness indicated to me that you were too.

22
47

One.Tel to finally die in November, 16 years after collapse

david 12
Bronze badge

IT content?

Actually, another company death due (partly) to software failure: Billing system never completed and didn't work.

0
0

Linus Torvalds pens vintage 'f*cking' rant at kernel dev's 'utter BS'

david 12
Bronze badge

>that only he seems to find acceptable.<

I take that to mean "that no editor would find acceptable", and I take that to mean "in published print, although it would be normal in some newsrooms"

As such, it's a perfectly reasonable (though strangely ignorant) opinion of a journalist.

13
2

Firefox doesn't need to be No 1 – and that's OK, 'cos it's falling off a cliff

david 12
Bronze badge

Still using 3.6.28

Cause it's faster and smaller.

And it has better menu/buttons/layout

1
0

Now here's a novel idea: Digitising Victorian-era stamp duty machines

david 12
Bronze badge

Re: +1 for HMRC

>- Browser based (well worked in Chrome, so assume Firefox and IE would work too) <

Chrome is currently the most popular browser in use, and is the default browser for many jobs. Most sites work with any modern browser, but of those that don't, Chrome is the only browser certain to work.

0
2

It's an important ID, so why isn't the Medicare card chipped?

david 12
Bronze badge

Re: 2 factor authentication

Signature is not really part of your ID. It's your argreement that you will pay charges made to your credit card. Retailers used to, of course, check that you actually agree to pay when you bought something using a credit card: this requirement has been relaxed by CC companies.

Your agreement to pay CC bills is not the same as using your CC as points to authenticate your identity when opening a bank account, getting a passport, drivers licence etc.

0
0
david 12
Bronze badge

2 factor authentication

For the most part, the medicare system already has 2 factor authentication: you need to have the number for the rebate, and you need to be physically present for the examination. Adding a third factor (chip and pin) addresses a small number of situations. Chip and Pin is NOT, for example, used when you present a credit card to authenticate your identity.

0
1

Medicare data leaks, but who was breached?

david 12
Bronze badge

Re: AUS Medicare and US Medicare

>I'm just wondering who the stupid blokes who actually purchased some 60+ of these are.<

Drug abusers getting repeat prescriptions on false ID, but mostly drug abusers getting medicare rebates (money from the government) on a false ID.

For these purposes, the medicare card is (??was ??) the accepted and required form of ID.

2
0

Who botched Oz cancer registry rollout? Pretty much everybody

david 12
Bronze badge

To be fair..

>nine Department of Health officials handling the project didn't disclose that they held Telstra shares<

That is a lot like saying that "9 officials didn't disclose they ate food" on some food related contract.

People who own Telstra shares are mostly / disproportionally people who don't know anything about shares, have no other shares, have no interest in shares, and don't know anything about the company results.

Also, Telstra is a big company, and this is a tiny unimportant part of the company with no effect on the share price.

You could argue that these people have a political bias towards Telstra, and against private charities, but in that case "owns Telstra shares" is redundant: you've already said that they are public servents, and the rest follows from that.

1
3

'Janus' resurfaces: I was behind the original Petya. I want to help with NotPetya

david 12
Bronze badge

"An antidote might yet be developed"

?? Like this ??

http://www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/

Or is there confusion about which attack is which?

1
0

Cisco and McAfee decide users just can't be trusted not to click on dodgy attachments

david 12
Bronze badge

This is new?

I'm not sure I'm following. Is tha article saying that McAfee has just added a feature other systems have had for years, or is there anything actually new in this press release?

0
0

Report estimates cost of disruption to GPS in UK would be £1bn per day

david 12
Bronze badge

Re: Fun with Glonass

GPS started working in 1995. The program was launched by Reagon after 1983. Which is 12 years of non-secret development of a civilian system for civilian purposes. The period 65-85 saw a complete revolution in electronics and satellite technology: "GPS" was not based on obsolete military technology, and the technology it was based on was not secret.

In the USA, the "military budget" got used to develop lots of civilian technology. It was used as a method of trade protection ("Free trade! (except for military contracts)") and as a method of pork barreling ("No government intervention in the market! (except for military contracts)").

The military does, of course, have an interest in navigation, just like the rest of us. Their proposals for navigation systems would eventually have seen civilian use, if the civilian system based on new technology hadn't been developed and funded.

1
0
david 12
Bronze badge

Re: Fun with Glonass

>GPS was top-secret US technology.<

GPS was a system disigned, implemented, funded and politically justified for civilian use. The military-industrial complex got a free ride on the civilian infrastructure.

1
2
david 12
Bronze badge

Re: That's why the EU has started Galileo...

>...which prompted the Russians and the Chineese to do the same,<

The Russian systems long predate Galileo, and the Chinese system is an ordinary bit of pork barrelling for local industry. -- Something that anyone directly involved with Standards would understand.

2
0

Grenfell Tower -- IT angle

david 12
Bronze badge

Grenfell Tower -- IT angle

Not meaning to offend, but I was driving and thinking about this, and my IT experience broke through, as I drearily thought to my self, "Well, if they were serious about fire safety, they would have done a run-through where they actually /burned out/ a flat to test their system/"

'cause that's what you do.

0
0

Software dev bombshell: Programmers who use spaces earn MORE than those who use tabs

david 12
Bronze badge

Left handed touch-typist

So keys under the RH little finger are annoying for me. Including the ubiquitous {} keys.

And I absolutely understand why Right-Hand coders would not have made the connection to why they think that the tab is <just wrong and stupid>.

0
0
david 12
Bronze badge

Re: Tabs are inconsistent...

>I suspect most printer driver filters for text files are hard-coded to 8 spaces for a tab, <

I suspect that only a person who doesn't use tabs could believe anything like that.

0
0

It's 2017 and someone's probably still using WINS naming. If so, stop

david 12
Bronze badge

Re: "Bet that's not what they said when they introduced it."

>avoiding the "broadcast" messages"

So now we have mDNS and LLMNR instead.

Massive bloated software stacks and continuous broadcast storms that do the same thing, only with shining levels of complexity..

2
0

Gordon Ramsay's father-in-law gets six months for hacking sweary super-chef's computer

david 12
Bronze badge

Re: Something seems off

>I'm thinking Windows and SMB shares... Do a 'dir', a couple copies, read those a bit, then another 'dir' might have to reauthenticate, and so on. That kinda thing?<

No. That step does not require "reauthentication". What it requires is re-checking the file permissions. You can watch this stuff happening if you turn audit logging on, which is presumably what the external security consultant did.

2
0

Apple appears to relax ban on apps fetching, running extra code – remains aloof as always

david 12
Bronze badge

My reading of this is...

My reading of this is watching a 1950's analysis of Soviet Russia.

1
0

The open source community is nasty and that's just the docs

david 12
Bronze badge

Re: Have they surveyed other groups?

It is nastier than other communities. Agree that claiming the open source community is nasty is like saying that the sun rises in the East, but back in the day there was an obvious diffence between the MS newsgroups and the OS newsgroups.

It wouldn't have come as a surprise to anyone that the BSD newsgroups were denigratory and abusive: like Linus, they had that reputation and were aware of it. But it did come as a surprise to see that members of the Python mailing list thought that it was friendly, helpful and supportive!

I'm not talking about swearing: I've never haunted mailing lists where swearing was common. And I'm not talking about moderation: although spam was removed, non of the groups had moderators removing postings just for being unhelpful or wrong.

The MS newsgroups I read and contributed to had regular, expert, volunteer contributers who politely and correctly answered basic repetitive questions without insulting anyone, and who didn't make dispariging comments even when they didn't understand the question or the subject matter..

15
7

Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1

david 12
Bronze badge

Re: XP not affected

One reason XP is not affected is because on XP, remote (SMB) files are not locked on execution. You can "start" $MFT as many times as you like: if it's on a "share", it's not going to be locked.

There are other differences between the locking behavior of Win 5.x and Win 6.x, so there may be other factors involved as well.

0
0
david 12
Bronze badge

Re: So easy to trigger

>start c:\$MFT\123<

Yes, this was the second error in the report. "accessing" a file doesn't lock it. On Windows, "locking" a file locks it, and "running" a file normally includes locking it (and is more likely to do so on Win7 than on XP). .

2
0

Microsoft founder Paul Allen reveals world's biggest-ever plane

david 12
Bronze badge

Re: Not Maetric not interested

It's not "Imperial measurements". Those are "International measurements", from the international yard, adopted by the USA in 1933 / 1959. And the United Kingdom went off the "Imperial Standard Yard" in 1930 / 1963, so you aren't using Imperial measurements either.

0
0

Windows is now built on Git, but Microsoft has found some bottlenecks

david 12
Bronze badge

Re: GVFS sounds super dumb

>Powershell is the bee's knees. I was late to come around to it, but I'll never use cmd.exe again.<

And look how many keystrokes I can save by typing 'cp' instead of some verbose COBOL crap like 'copy', intended to make scripting 'easy', so that 'you don't need to be a dev to do scripting'.

As if making readable scripts ever worked. That's the problem with readable scripts: it makes people think that anyone can do it.

2
0

Fat-thumbed dev slashes Samba security

david 12
Bronze badge

Not a bug, that's a feature!

But it doesn't obviously make sense. A Samba client should be calling CreateFile or TransactNamedPipe or CallNamedPipe. A Samba server should support those calls.

Assuming that the server accepts "CreateFile" for a named pipe that is actually the name of an executable, and that pipes are implemented at the server end through the same mechanism as file access, it should be doing CreateFile, not Execute File.

And "CallNamedPipe", in spite of the slight ambiguity of the name, is supposed to Call the Named Pipe, not Call the OS. That is, it is supposed to read and/or write to the Pipe/File. Again, why would reading or writing a file at the server cause it to execute?

On the face of it, it looks like there might be deeper problems that are being fixed in the short term with a quick simple patch?

0
0

Ransomware hits Australian hospitals after botched patch

david 12
Bronze badge

Unpatched PC's ?

Wannacrypt patch requires an up-to-date OS. (On XP requires SP3). Perhaps they hadn't been patching, and had to roll out a lot of patches at the same time?

On Win7, windows update can get into a broken state that does not complete -- which is difficult to differentiate from the normal state where it just takes an unknown amount of time thinking about it.

From the broken state, manual patching of the Update client can take more than an hour, with frequent reboots to be sure that everything is correct.

0
0

Orbital boffins cut four years off NASA mission to shiniest object in the Solar System

david 12
Bronze badge

Orbiting the object?

Object is big enough to put the satalite into a useful orbit?

Or they plan to 'circle' the object instead of 'orbiting' it?

0
5

What is dead may never die: a new version of OS/2 just arrived

david 12
Bronze badge

Re: Nice for abandonware

>businesses that would have been far better using NT3.5 or OS/2 Warp.

I tried.And it's not like I was tied to Windows at the time. Didn't like Win3. OS/2 user long before Win95. Painful Win95 installations, and it wasn't enormously stable.

But Win 95 application availability was better, and development support was better, and that's where I ended up, because overall, it was far better than using NT3.5 or OS/2 Warp.

0
0

Payroll-for-contractors company named at centre of AU$165m tax scam scheme

david 12
Bronze badge

>seems odd<

He's been done for discussing business with his son. That's because it is against the rules to discuss business with his son. The same rules affect lots of people in the tax office: their job requires them to not discuss business with people.

It's not a particularly strict condition, but the people I know will only discuss business in general: they won't discuss /my/ business at all.

0
0

Good news, OpenVPN fans: Your software's only a little bit buggy

david 12
Bronze badge

If system() is compromised on *nix, the system is already compromised. Therefore it does not enhance security to use the solution suggested. A clear example of "Security in shallowness" if there ever was one.

But if GetSystemDirectory (the method used internally by Windows) is compromised, the system is unbootable and inoperable.

And for all those people who upvoted the suggestion that I 'join the team' or write my own VPN instead of helping improve this one: no doubt you have the same opinion about Dr Matthew Green, and I look forward to seeing your comments about that.

0
3
david 12
Bronze badge

Only analysed Linux platform?

>

Windows-Specific Options:

--win-sys path

By default, if this directive is not specified, OpenVPN will use the SystemRoot environment variable.

[....]

The Windows ipconfig /all command can be used to show what Windows thinks the DHCP server address is.

<

It runs an external executable based on what an /environment variable/ pretends that the system root is.

This, after they have decided to use execve() instead of system() on *nix platforms.

I pointed out that this was insecure on Windows platforms, and that the secure alternative (the Windows API for findng the system root) was always used, more than 10 years ago. I gave them examples using the Windows API. Their response was that using an enviromental variable to find the system root was a normal method, they didn't think it mattered, and they didn't know anything about Windows API.

Still the case I guess.

3
1

VAST stuff-up leaves new satellite TVs TITSUP

david 12
Bronze badge

Re: Just why?

>Why does anyone need to register for a free-to-air service?<

It is not a free-to-air service. It is an encoded satellite TV service, carrying FTO content. The service is provided by a commercial satellite TV service, and they would charge the Aus government more if it removed their ability to run the competing paid service.

You can buy a sat-TV decoder and smart card, and register your smart card with the provider. That suggests that the broadcast signal contains information that activates your decoder. How exactly does that work?

1
0

US copyright law shake-up: Days of flinging stuff on the web and waiting for a DMCA may be over

david 12
Bronze badge

Re: Contemporary Hollywood films do not pass the threshold of originality required by copyright

>Some, like Independence Day, contain stuff to hit any techie's funny bone<

"A week later, she got a comm from a recruiter. “Hey, Lisa, I just saw your resume, and have I got an opportunity for you! An established invasion fleet with a proven track record of subjugating alien planets needs some junior engineers to provide tier–1 technical support. This is a great entry-level job, with 100% travel, which is such an amazing opportunity for a "

More at TheDailyWTF:, http://thedailywtf.com/articles/independence-day

9
0

Australian Taxation Office named as party preventing IT contractors being paid

david 12
Bronze badge

Re: I know who will have first dibs

>he second to the taxman, then from memory it's staff (non-directors) salaries<

I think in Aus it's staff first, then tax, but Im not sure of the details.??

1
0
david 12
Bronze badge

Re: ATO = Australian 'Tards Office

> (hours of support 09:30 - 16:00 <

Sydney time.

They used to have WA offices, but they closed down for 'efficiency', with very limited 'after-hours' supported provided only by forcing Sydney/Canberra/Melbourne staff to work irregular hours without compensation.

3
0
david 12
Bronze badge

Re: @ Red Bren

> Not Negotiable on it, the cheque cannot be cashed.<

Except that when I was learning about it (many years ago), the Aus courts had held that banks could ignore that instruction without penalty. They had to follow the instruction, but if they didn't, it didn't matter.

Yes, banks are bastards too.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017