* Posts by JavaJester

13 posts • joined 21 Dec 2015

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'


ISPs: Configure your networks properly

"Essentially, you launch a load of small requests at a bunch of devices on SSDP UDP port 1900, spoofing the source IP address as your victim's IP address." Network operators have switches and routers that allow a packet traversal of a packet from within the network but claiming to originate from outside of the network to anywhere within their network or the public internet? How embarrassing. They should get their act together and configure their network properly. It would make launching this sort of attack using their infrastructure impossible.

AT&T, Sprint, Verizon, T-Mobile US pledge, again, to not sell your location to shady geezers. Sorry, we don't believe them


FCC's ability to protect privacy eviscerated by the Republican Party

Wouldn't it be great if the FCC could make regulations to protect privacy? Too bad, they can't! The Republican controlled Congress and President eviscerated their ability to make such regulations by approving a resolution of disapproval for FCC privacy regulations, which also forbids any similar regulations.

"Those rules would have required ISPs to obtain users' consent before selling their personal data – including location, browser history, health and financial data and other sensitive information – to advertisers."

In light of recent developments, the "– to advertisers." caveat was too optimistic.


Tech support discovers users who buy the 'sh*ttest PCs known to Man' struggle with basics


UI Guidelines mandate saying "Press a key to continue"

I worked at a company that had UI guidelines that included command line and text interactive programs. The guidelines actually mandated to never use the words "any key". The correct phrasing was "a key". The document went on to reason that clueless lusers would search in vain for an "any" key before driving up helldesk costs with their calls. If "a key" was used, the users would search, and their search would not be in vain: they would find an "a" key.

Personally I think those guidelines were inspired. They were probably written by someone who had gotten their start from the helldesk and answered that question many, many more times that anyone should have to.

'Pure technical contributions aren’t enough'.... Intel commits to code of conduct for open-source projects


Recommend singular "They" for Inclusive Language

At the risk of infuriating language purists: "Using welcoming and inclusive language" could also recommend using the singular "they" over "he". This can be immediately understood by any English speaker. Although alternating "he" and "she" can achieve the same effect, it can make a complex workflow with many actors more difficult to follow as the genderfluid actors randomly change gender as the flow progresses.* Since that doesn't often happen in literary books, it can by jarring and confusing when reading such technical material. The singular "they" also avoids this mess of proposed alternative third person pronouns. You would need to take a class just to know how to use all of them. https://en.wiktionary.org/wiki/Wiktionary:List_of_protologisms_by_topic/third_person_singular_gender_neutral_pronouns

* Why is the CM manager editing code now? Why is the Developer reviewing the CM workflow? Oh, my fault, the CM manager has become a "he" now, and the developer is now a "she". True story when I was learning about a new CM processing by reading its documentation. It is why the alternating "he" and "she" is unloved by me.

Redis does a Python, crushes 'offensive' master, slave code terms


Developers Who Say "Ni!"

The Developers who say "Ni!' demand a sacrifice. Your Git project has a branch called "master". We demand that its name be changed at once to "Ekke Ekke Ekke Ekke Ptang Zoo Boing!" and you bring us a Shrubbery.

Seriously, Cisco? Another hard-coded password? Sheesh


Why not Machine in the Middle?

If you change Man in the Middle to Person, then you must change the acronym to PitM. This will serve to confuse new comers reading past literature, and experienced practitioners reading new literature. It will likely be off-putting enough that after a few eye rolls it will be added to the to do never list.

If you change it to Machine in the Middle, the acronym stays the same and the gender neutral goal is accomplished. Historical literature using the MitM acronym remains understandable without any additional burden to the reader (assuming new entrants to the security field who are taught the new terminology), and experienced practictioners do not have to learn another acronym for an arguably flimsy reason.

Kentucky gov: Violent video games, not guns, to blame for Florida school massacre


The Guns are Not the Cause You're Looking For ... Move Along

One of the oldest NRA mind tricks: It isn't the real guns that spray bullets and kill people that are the problem, it's the pretend ones in video games that are the threat. This gun fetish must not be pandered to any more. How many people need to die before America wakes up and has the political courage to try the obvious solution of limiting access to deadly weapons? Australia and the UK did it to great success.

You can resurrect any deleted GitHub account name. And this is why we have trust issues


It's Not GitHub's fault

The fault is dynamically loading code from random folks accounts on GitHub rather than from a proper repository and then hosting either in a CDN you control, or within the application itself. The Maven/Gradle model, where the code VCS is divorced from the code repo is a much more grown up way of doing things. I don't see why JavaScript libraries can't either use the central repository, or come up with something like it. With this model, if my project states that it uses version 1.1, then that's what it will use until I update my dependencies. My site won't suddenly go batshit or start mining cryptocurrency because of some change in a library. I won't get the new version until I ask for it. To me, this is a much better way of doing things than to rely on a third party repo that could change and bork my application. It buggers my mind that people would want to always get the latest changes from third party sites the don't even know, let alone control.

FCC douses America's net neutrality in gas, tosses over a lit match


Achievement Unlocked - Capture the FCC

Playing as a telecom provider, regulatory capture the FCC by installing a majority of puppet commissioners.

Software dev bombshell: Programmers who use spaces earn MORE than those who use tabs


C Requires Tabs?

The C programming language has never required tabs, or even spaces for that matter as the Obfuscated C Code site http://www.ioccc.org/ demonstrates.

So what's the internet community doing about the NSA cracking VPN, HTTPS encryption?


Shor's algorithm

Shouldn't there also be an effort to use post quantum cryptography? All the effort to increase keysize will be for naught if a practical quantum computer exists to defeat it.

Gaming apps, mugging and bad case of bruised Pokéballs


Golem Searches for Pokémon

Must find Pokémon... The Precious Needs more Pokémon... Pokémon Go is our master now...

How to log into any backdoored Juniper firewall – hard-coded password published


Oddly Appropriate Juniper Related Quote

1 Kings 19:4 "But he himself [Elijah] went a day's journey into the wilderness, and came and sat down under a juniper tree: and he requested for himself that he might die;"

Biting the hand that feeds IT © 1998–2019