* Posts by MacroRodent

1125 posts • joined 18 May 2007

Page:

ASLR-security-busting JavaScript hack demo'd by university boffins

MacroRodent
Silver badge
Angel

Re: Java*.*

Try VNCing a video player...

Actually, this works if you have a VNC client and server capable of "tight " compression (like TightVNC or TigerVNC): the video (and other photo-like image parts) gets sent compressed with JPEG, so it is somewhat equivalent to streaming "Motion JPEG". Oh, you want to hear the sound also? well.... I think TigerVNC has some solution for this, but have not tried that part in practice.

0
0
MacroRodent
Silver badge

Re: Java*.*

> Honestly now, what's wrong with the idea of having a HTML frame in which one has an X window (well, a thoroughly modernised equivalent) dishing up an application display from the server, instead of having that application running as Javascript in the browser?

Then the black hats will simply proceed to crack your instance of the server side application. That may or may not be more difficult, depending on the competence of the application developers with respect to security (usually dismal), and the competence of the server managers (yeah, right...).

Also you need bigger servers. Client-side computing distributes some of the load.

4
0

Netherlands reverts to hand-counted votes to quell security fears

MacroRodent
Silver badge

Re: It is not the voting, it is the counting

If you go out and pick a PFY from the street today he will look at you in disbelief given a trivial DOS error. Ditto for Linux. I am not going to even start on BSD.

If you go the live-{Linux|BSD|FreeDOS} route it should not matter. The media is prepared to boot and then directly start the friendly vote-counting software. The staff is instructed that if it does not do so on a given PC, try another. A list of verified PC models is also supplied. It should be possible to make this setup fool-proof, since there is only one application to run. The users never see the OS, so it does not matter which one it is.

2
0
MacroRodent
Silver badge

Re: Wait... Wut?

@veti: Well said! It is also the case that while some minor fraud can happen in paper-and-pencil -based elections (no system is perfect), "stealing the election" would require a big operation, with large numbers of conspirators in multiple locations that would never go undetected in honestly run elections.

3
0

GitLab.com melts down after wrong directory deleted, backups fail

MacroRodent
Silver badge

Re: So I'm having....

Nobody ever test-restored a backup.

That is a step too often skipped, because you don't want your test to overwrite live data, so you would temporarily need as much space elsewhere as the restoration takes. In fact, you better have a complete spare system to test you can make everything working with the backup. May be difficult to arrange.

9
0

Baird is the word: Netflix's grandaddy gets bronze London landmark

MacroRodent
Silver badge

Re: His mechanical system, even enhanced, couldn't compete

film that was developed in real time

It sounds incredible, but early space probes did essentially this. Images were captured on film, developed onboard, then scanned at a speed the communications bandwidth could handle.

9
0
MacroRodent
Silver badge

Bandwidth?

Telechrome, a 1,000-line electronic colour system

Uh, I wonder how he planned to transmit it? HDTV did not really become practical until sufficiently effective digital compression was available.

0
8

Google Cloud kicked QEMU to the kerb to harden KVM

MacroRodent
Silver badge

Downside of reuse

QEMU was originally intended to be a full PC hardware emulator, and soon an emulator for many other systems besides the PC. Reusing it for virtualization was convenient, but brought with it a lot of old baggage that is no longer relevant when you just run VMs containing servers. So this really is a case of reusing software that was not quite meant for the new purpose.

4
0

Windows 10 networking bug derails Microsoft's own IPv6 rollout

MacroRodent
Silver badge

Sigh

The slowness of IPv6 adoption is depressing. Technically it is quite old hat by now, and really quite nice when you get used to it... Ten years ago I worked on a telecom product that used IPv6 extensively, even for its internal communication between units. The OS was a variant of FreeBSD, and the CPU power about tenth of what you nowadays get in low-end laptops. I sort of expected IPv6 to become common in a few years. Never underestimate the inertia of installed base...

3
1

Linux is part of the IoT security problem, dev tells Linux conference

MacroRodent
Silver badge
Linux

Re: Rolling your own vs. getting Linux

Instead of starting your own kernel, try Linux "make menuconfig" sometime. Most of the features in the kernel can be turned off. By enabling only what your application needs, you save memory greatly, and reduce the attack surface.

11
0

Flight 666 lands safely in HEL on Friday the 13th

MacroRodent
Silver badge

Re: Am I a killjoy

Yes, you are. In popular culture, 666 is the Number of the Beast, because that is the value used by all translations of the Bible over the centuries. In this respect, it does not matter if there are some obscure manuscripts that say 616.

- Greetings from HEL, currently quite frozen.

4
0

It's now 2017, and your Windows PC can still be pwned by a Word file

MacroRodent
Silver badge

Re: It never stops...

If Photoshop is terrible and it edits pictures, why doesn't someone use Capitalism to replace it with a better program?

Because of network effects. Graphics people are trained in Photoshop, and there is an ecosystem of plugins. Same reason Windows hasn't been replaced succesfully on desktops. Capitalism is powerless with this kind of issue.

0
0

Meet the Internet of big, lethal Things

MacroRodent
Silver badge

Re: Do you own it, or not?

the eff's ludicrous position, apparently supported by some down-voting twats, is that if you buy a product x that should entitle you to the producer's source code and other proprietary info so you can make your own changes to it

Interface information world be enough. Software makes possible to hide what used to be observable and measurable. For example, tractors have a power output shaft and attachment points in the rear for attaching tools. Is someone measuring them for the purpose of making custom machinery somehow infringing on Deere's rights?

6
0

Hack attack fear scares Canadian exam board away from online tests

MacroRodent
Silver badge

Re: If Exams are unworkable online,

The serial number on the ballot paper is recorded when issued to a voter, so a determined entity can find out how an individual voted. This is why ballot papers are usually destroyed after an election.

Sounds bad. In Finland., the ballot is just a folded piece of paper, with a printed circle inside which you are supposed to write your candidate's number. The official record nothing when handling one to you from a pile.

2
0

Rogue One: This is the Star Wars back story you've been looking for

MacroRodent
Silver badge

Re: Tape?

That's why it's called Science Fiction and not Future History. And even the best make mistakes :-)

Sure, but in the case of Clarke, he is (or used to be) lauded as a visionary, and in some of his non-fiction writings (some passages in "The Lost Worlds of 2001" come to mind) he even congratulates himself on getting predictions right - so pointing out things he did not get is fair game, more so than in the case of other science fiction writers. (Said in a good-natured way: I am actually a Clarke fan, and as a teenager read almost every story by him I could lay my hands on...)

4
0
MacroRodent
Silver badge

Re: Tape?

The Analyzer contained just short of a million vacuum tubes

It is fascinating how even Clarke failed to foresee the advances in electronics and digital technology. In "Earthlight" (1955), on an observatory set on the Moon sometime in the 2100's, they still make astronomical photographs the old way, chemically, and one character actually observes this is one area where electronics will never take over... The transistor had already been invented in 1947, which was before "Superiority" was written (1951).

9
0

Give us encrypted camera storage, please – filmmakers, journos

MacroRodent
Silver badge
Thumb Up

Would still be useful

Even if the journalist could sometimes be compelled to reveal the encryption key, the feature could still protect the images if the camera is stolen, or surreptitiously "borrowed" for a while by agents hoping to secretly make a copy of the images.

6
0

A single typo may have tipped US election Trump's way

MacroRodent
Silver badge

Simple attach was effective

It is interesting how the Gmail security feature of sending an email warning about accesses from unusual locations was subverted by the phishers. I have got some of those when travelling, but now I don't remember if the real ones contain a link to Gmail account information change. If they do, Google should consider removing it, and informing users that they should enter Gmail by explicitly writing the Gmail URL instead.

12
0

Meet Hyper.is – the terminal written in HTML, JS and CSS

MacroRodent
Silver badge
Thumb Down

Toy

May have been an interesting exercise for the author, but for practical use I don't see any point at all. Terminal windows are one application where the performance must be good (sluggishness eats into you productivity in a very concrete way), and no bloat because a power user often keeps dozens of them open at any given time. And it is anyway a solved problem. Until last year, I used xterm for these reasons exclusively, but then reluctantly moved to Xfce4-terminal because xterm does not handle clipboard interactions with Windows when running in VM very well. Xfce-terminal solves this and is almost fast enough. (And can also open web links from selected text, if you want that kind of thing...)

12
3

US think-tank wants IoT device design regulated, because security

MacroRodent
Silver badge

Re: Accredited Standards Body

Seems the current state is so bad that just a few guidelines that would fit on a post-it note would be an improvement. Like (1) There shall be no default password that is identical on all devices, (2) any password must be nontrivial (at minimum 10 random ASCII characters) and supplied off-line, (3) the device must survive a "fuzzing" test with a state of the art fuzz tool (the tool or its version updated yearly).

2
0

HBO slaps takedown demand on 13-year-old girl's painting because it used 'Winter is coming'

MacroRodent
Silver badge

Melancholy Elephants

The story by Spider Robinson

http://www.spiderrobinson.com/melancholyelephants.html

is more relevant than ever.

How many three-word phrases that make some kind of sense are there in the English language? (eg. excluding things like "blue weep coffee", but allowing "cake has measles"). Seems like a problem similar to the one discussed in the short story.

1
0

For God's sake, stop trying to make Microsoft Bob a thing. It's over

MacroRodent
Silver badge

Re: But...

I'm farsighted, and will probably have problems with focus at such a close range.

One would expect it to have adjustable oculars, the same way as binoculars have had since forever. Would be silly to make an expensive device without such a basic feature. But then, it is Microsoft. (I find myself far-sighted or near-sighted, depending on how well I slept... The joys of being over 50...)

6
0

Microsoft plans St Valentine's Day massacre for SHA‑1

MacroRodent
Silver badge

Re: It won't be gone for decades...

I for one set my tablets User Agent to a 5 year previous string. [...] Short version: Your logs only list the UA of accessing devices, which might not represent the ACTUAL device used.

People like you probably represent about 0.001% of the users. Most people don't even know what the user agent string is, so collecting statistic based on it is reliable enough.

2
0

2016 in a nutshell: Boffins break monkeys' backs to turn them into tragic shuffling cyborgs

MacroRodent
Silver badge

Wiring set up worse than in my house

If you already know what wire connects to which, it's trivial to repair the damage,

In this case, the wires are squishy, deteriorate easily, they are unlabeled, and the communications protocol used on them is undocumented ,and varies from unit to unit...

Impressive feat connecting them, says I.

7
0

Windows 10 market share stalls after free upgrade offer ends

MacroRodent
Silver badge

Re: I'm not surprised...

I'm still waiting for printer manufacturers to develop printer drivers for Linux!

Best solved by choosing a printer with Linux support. They exist from most major vendors. Given that low-end printers now cost about the same as an ink refill, if your current printer does not support Linux, it is not a big hardship to buy one that does. Eventually the rest of the vendors might get the message.

26
3

Brute force cred crunchers gifted Username Anarchy

MacroRodent
Silver badge

Freedom

> So a pen tester is releasing this into the wild as will help hackers...?

It's the price of freedom. Unless you go for totalitarian control of information, there is no way to distribute it only to the qualified people. The idea is simple anyway, and probably already in use by black hats.

9
0

OK Google, Alexa, why can't I choose my own safe, er, wake word?

MacroRodent
Silver badge

The obvious choice

Prikazyvat, like in Larry Niven's "The Integral Trees". Uncommon enough.

2
0

Ludicrous Patent of the Week: Rectangles on a computer screen

MacroRodent
Silver badge

A new low, indeed

That looks like any number of old GUI and touch screen user interfaces. From the very short patent, it is hard to even see what novelty is claimed. But remember this is a design patent, where the bar is lower than in "real" patents. And judging by this example, they have no screening at all. Or maybe they only checked their database did not contain any identical entry.

2
0

Elon Musk: I'm gonna turn Mars into a $10bn death-dealing interplanetary gas station

MacroRodent
Silver badge

Re: Average temperature -55C, atmosphere almost 100% CO2.

Would rocket fuel do ? [as shielding]

There is the little problem that your rocket uses it up to get going. So it is not there when coasting to Mars and you need the shielding.

0
2
MacroRodent
Silver badge
Boffin

Re: Average temperature -55C, atmosphere almost 100% CO2.

Scarcity of resources is not an issue if your colonists won't likely to survive a trip or arrive with brain cancer

Obviously no-one is going until there is a solution to that. A hard problem, but not impossible. Elon's big booster rocket probably needs to make a few more trips to lift enough shielding material like water, or some hydrogen-rich plastic.

8
0

Hubble spies on Europa shooting alien juice from its southern pole

MacroRodent
Silver badge

Re: How did Clarke know ?!

The various flybys that have occurred since Clarke wrote 2001 (in the 1960s)

The speculations about the ocean on Europa do not appear in "2001", but only in the sequel "2010", written in 1982. At that time Voyager images of the Jovian moons were already available. (The "2010" was the first place I read about the ocean).

1
0
MacroRodent
Silver badge
Alien

The interstellar war would be very short

Movies are one thing, but if an alien species that has mastered interstellar travel but would otherwise not be much more advanced (the usual film scenario, to give humans some changes), I'm afraid it would be always go very badly for us. Never mind having ugly aliens shooting about in flying saucers like in ID4, or in long-legged walking tanks like in War or the Worlds. They would just abduct a few humans, study our biology carefully, then engineer a virus that would wipe us out. A virus that would spread for a few years without symptoms, then suddenly activate when everyone has it. That way they would get the planet intact, and with no risk to themselves.

Maybe that has already started. You know the alien abduction stories...

0
0

Apple to crunch iOS 10 local backup password brute force hole

MacroRodent
Silver badge
Black Helicopters

Weakening

"Apple have moved from pbkdf2 (sha1) with 10,000 iterations to a plain sha256 hash with a single iteration only,"

I wonder why. A friendly suggestion from FBI?

6
0

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

MacroRodent
Silver badge
FAIL

Change! your! Flickr! password!

I'm sure not many people actually care about Yahoo email, but Yahoo also owns the popular Flickr photo-sharing site, and it is accessed with the same account! Hmm. Got to change my password there ASAP...

Aha, the Flicr sign in now even warns about it like this: Make sure your account is secure!

To secure your account, change your password and update your mobile number.

5
1

TRUMP: ICANN'T EVEN! America won't hand over internet control to Russia on my watch

MacroRodent
Silver badge
Mushroom

Re: I honestly don't know who'd be worse

> I am confident that Hillary will not be responsible for instigating nuclear war. I cannot say that about Trump.

My thoughts also. Forget about moving to Canada, If it were possible to move off-planet, there would be a queue after Trump got elected.

Even without nukes, the planet would be in peril. Both he and his vice-presidential candidate are rabid climate change deniers.

5
1

HP Inc's rinky-dink ink stink: Unofficial cartridges, official refills spurned by printer DRM

MacroRodent
Silver badge

Re: Workaround?

So a workaround would be to set your printer's clock to an earlier date?

Probably impossible/difficult now. Most modern printers connect to the network, and get their jobs from there (at least my HP does). I assume they also get time via NTP, I never had to set the clock. One would have to set up an isolated network living in a time warp.

0
0

Opera debuts free VPN built into desktop browser

MacroRodent
Silver badge

Re: An interesting move

I don't think that applies to all BBC content. For example Dr Who credits say "BBC Cymru" (or is it a separate company?). A more relevant reason could be that BBC licenses the programs it owns to foreign broadcasters and video-on-demand providers, who don't want BBC competing with them directly on their home turf.

5
0

Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade

MacroRodent
Silver badge

Re: Ted's playing the Long Game...

> Google "Ted Cruz coloring book".

Now that left me speechless!

1
0

VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly

MacroRodent
Silver badge

Re: It seem to me

> you got robbed constantly when gangs decided it was easier to wait until you'd done the hard work killing, an animal and dragging it back and cooking it and then just robbing you.

Much the same happened in early agricultural societies. Stationary farmers made easy targets for robbers. The solution to this, organized defense, eventually caused other problems: feudal lords, serfdom.

Of course, things have improved now, at least here in the comfy first world.

0
0
MacroRodent
Silver badge
Boffin

Re: It seem to me

> We would be limited to hunting and trapping and picking berries, warming ourselves over open fires, the lucky ones having caves. Disease would be so rampant that life expectancy would be about 25.

Modern research indicates the life expectancy went down quite a bit after agriculture was introduced. Hunting and picking berries really was healthier! Among other things, agriculture meant living in close proximity to animals, which caused infectious diseases (such as smallpox) to jump to humans. Agriculture also made the diet less varied. Altogether a bad idea.

1
0

Star Trek's Enterprise turns 50 and still no sign of a warp drive. Sigh

MacroRodent
Silver badge
FAIL

Re: EmDrive is an impossible idea?

According to the descriptions I have seen, it is supposed to be so simple you could basically put it together from some sheet metal and parts from an old microwave oven. The fact that there are not dozens of reproduced results by now is a clear indication the idea does not really work.

4
0

Pains us to run an Apple article without the words 'fined', 'guilty' or 'on fire' in it, but here we are

MacroRodent
Silver badge

Wonder how it will compare to the Nokia monster cameras

as seen on the Nokia 808 and Lumia 1020. The former in particular should be hard to beat, some test reports indicate the Lumia 1020 implementation was not quite as good.

1
0

Linus Torvalds won't apply 'sh*t-for-brains stupid patch'

MacroRodent
Silver badge

Re: He's right. Again.

Drivers should be shipped as source code and built with a compiler at install time.

Yes, but even this would not work in Linux (given current policies), because the driver API is not so stable even at the source level. This is justified by the need to preserve the freedom to change the kernel implementation.

3
8

Google emits three sets of Android patches to fend off evil texts, files

MacroRodent
Silver badge

Re: When I were a wee lad, data was data and code was code.

> So how do you do a JIT compile, where data is necessarily code and code is necessarily data? Harvard architectures can't do a JIT compile, which is a necessary speed boost sometimes.

Compile the code as data to a page (or pages) marked non-executable, then change the protection to execute-only. Arrange things so that the compiler is the only application that can change the page protection bits this way, and that it will compile only data that has been originally loaded from valid bytecode files (use checksums for example). This also requires that the CPU refuses to execute anything from a writable page. Perhaps not foolproof, but should make it much harder for malware to write stuff to a data page at run-time and then execute it.

1
0

Adobe reverses decision to kill NPAPI Flash plugin for Linux

MacroRodent
Silver badge

Re: Good

Can anyone give such an example? Genuine question.

One relevant example (for me and other Finns) is YLE Areena, the streaming site of the Finnish equivalent of BBC. They used to serve Microsoft media streams, so Flash in this case was actually a step forward....

2
0
MacroRodent
Silver badge

Good

Flash may be bad, but tell it to the web site builders. Until they dump Flash, it is only good that Linux users can view them, too.

8
0

YouTube breaks Sony Bravias

MacroRodent
Silver badge

Re: Obviously the haven't even heard of defensive programming

No defensive programming can fix that.

No, but that is not what it is about. The application must just be able to decide it cannot handle the situation, give a sensible error message, and exit, instead of mysteriously freezing. This is especially important for software in consumer devices.

Handling error situations well is one of the things that distinguishes quality software from poor hacks.

5
0
MacroRodent
Silver badge
FAIL

Obviously the haven't even heard of defensive programming

Sony: “The symptoms being experienced are not a failure of the TV, but are as a result of specification changes made by YouTube that exceed the capability of the TV’s hardware.”

Total BS from Sony. If your system crashes because it gets unexpected input from the network, it is your fault. The Youtube application need not work with the unexpected input, but it must notify the user and shut down gracefully, without taking the system with it.

But the Bravia bug is typical of the software quality of consumer devices. Like the LG DVD player I have that locks up if it is fed a disk in a format it cannot handle, or is too scratched.

7
4

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

MacroRodent
Silver badge

Re: Two separate projects are a waste of resources

LibreOffice is now what OpenOffice should have been. It is already far ahead. Among other things, LibreOffice has cleaned up the code base and build system, making further development much easier.

Problems in the original build system was one reason why the security bug was not fixed in a timely fashion in OpenOffice: they could not even compile the dang thing! OpenOffice really is a dead office suite walking.

16
0

Windows 10 now rules the weekend, taking over from Windows 7

MacroRodent
Silver badge
Linux

Re: Lies, Damn Lies, and Statistics

Or in my case it was, "I have to upgrade because I keep getting that security message".

The living-room laptop had that disease until I finally got annoyed enough to find and run a "never10" (or some such) free utility on it, which shut it up by patching registry. The other Windows 7 laptop in the house got the Linux treatment.

The first one would have been Linuxified as well, but I need one WIndows machine to run my negative scanner that has no Linux driver.

2
0

Page:

Forums