* Posts by Eddie Johnson

379 posts • joined 23 Oct 2007

Page:

Firesheep flames cookie capture risks

Eddie Johnson
Joke

On My Todo List

>>unless some experts have checked it

Surely everyone posting here on El Reg is completely overqualified to do so and probably reads the complete source to everything they download. I will undertake this once I finish reading Dapper Drake and get it installed. Yeah, It's taken a few years to get thru, not much plot in the middle.

Phone 7: Another Vista or another XP?

Eddie Johnson
Unhappy

Comment #10001

Needing a 100+ page document to explain why it's good tells you everything.

If it was actually good, you would just pick it up and experience it.

Kind of like how you've never even seen the online help for applications that are actually well written and intuitive.

Microsoft steers OEMs away from putting Phone 7 on Tablets

Eddie Johnson
Alert

Drivers?

>Manufacturers do appreciate an OS that works and they can adapt to different devices.

Isn't that why an OS is designed in layers, one of them being replaceable drivers? If the OS is properly factored there should be no need to be tweaking it. The tweaking is counterproductive too and drives developers away because they can't write once to many devices. Imagine the PC world if I had to do a build for Acer, a build for Dell, a build for HP, etc. That has been the bane of WinCE devices for years and needs to be moved away from. The app needs to know the screen dimensions and handle a couple standardized input devices, everything else must be abstracted. I think we even need to see some convergence to a few standard screen dimensions to simplify app development and deployment.

Want to do a desktop refresh? How would you like to pay?

Eddie Johnson
Grenade

Its an Old and Simple Rule

If you can't afford to pay cash you can't afford it.

If you need to break it into phases for a gradual roll out fine. Replacing 20% any given year is a good place to start. And end.

Any other sort of financial gimmickry cooked up is simply that, gimmickry. Anyone who uses the words amortize, leverage, monetize, lease-back or wholly owned subsidiary should be lead to the door. Oh, and anyone who says "cloud".

Oracle re-commits to ODF after OpenOffice divorce

Eddie Johnson
Unhappy

Yes

>Shit name.

Especially if they go with the final little "o" that was often used to emphasize the .org, OOo.

Just go to the LOo and download it for free.

Mozilla foot soldiers unleash 'Army of Awesome' on Twitter

Eddie Johnson
Badgers

Bandwagon Chasing

They've never met a silly fad they didn't jump all over. As long as it doesn't find it's way onto my menu bar I guess I don't much care. Although I probably won't be allowed to have a menu bar in the next version what with all the kewl kids getting rid of menus.

Small but lethal Lethic is biggest junk mail villain

Eddie Johnson
Unhappy

OK In Theory

In my experience no software will ever compensate for users who engage in risky computing. People who download any free software they see or people who click those "Free Malware Scan" links will always get pwned no matter how many layers of protection they have. The most important security tip I know is teaching people to beware of anything "free."

I do think it would be nice if ISPs contacted people and said, "hey we noticed you sent 25,000 emails yesterday, did you mean to do that?" but the problem is that it's not that easy to spot on the outbound end. At the incoming side its typically all on 1 or 2 known ports. At the sending side the mailbot is probably using thousands of different random ports so the ISP would have to do deep packet inspection of all traffic and I can't support that, they will not be able to resist abusing your data.

Stuxnet 'a game changer for malware defence'

Eddie Johnson
Flame

Yes, but....

Really, none of this matters if you don't connect your SCADA to the Internet.

I jest but I'm working on a PLC that is, wait for it, connected to and programmable over the Internet. Its not exactly critical infrastructure and the worst someone could do is burn out a couple pumps and spill a bit of poo, but I've still been appalled at how every company involved depends only upon the obscurity of the hardware for security. Much like Siemens they all advise against changing default passwords or ports. And one of the passwords is 12345. Consider this my grey hat disclosure to encourage better security.

Eddie Johnson
Joke

But... but... but....

The users will riot if we take away their access to Facebook! Accessing Facebook to carry out personal business while on the employer's clock is a fundamental human right and can not be infringed upon.

Fibre broadband is good for you, Conroy tells Aussies

Eddie Johnson
Troll

Once they Filter the Porn from Internet

All you'll need is 56K dialup. Seriously.

Do they really think people can afford to pay for enough content to fill a fiber link? If you're filling a home broadband link you're only doing it with free content. No one can afford to fill it with purchased content.

Microsoft surrenders Live Spaces future to WordPress

Eddie Johnson
Badgers

What's a User?

>handing supposedly 30 million users over

Is a user any dead or not-so-dead account that has been rotting away for 2 years or less? I would bet that less than 10% of the accounts are active. And somehow, in the transition, all but the most active will be purged.

I'd also argue that Acounts/Users > 1. I know it's not the same but this reminds me of the free web hosting sites where you'd 'homestead' 5 or 6 accounts to increase your storage and bandwidth allocations. I wonder if whoever bought out Tripod still counts me as a user? Or 6?

Europe sets minimum PNR standards

Eddie Johnson
Grenade

You Need An 'Or Else'

Unless you add mandatory prison sentences to that list I guarantee the US will be found after the fact to have been in violation the entire time and absolutely nothing will be done about it.

FBI constantly violates the law, gets investigated, receives a reprimand, management makes a statement in which they deny any actual legal violations occurred and nothing changes. Your average FBI employee should be in prison for at least 5 years.

MS pitches Windows 7 at biz world ahead of Chrome OS release

Eddie Johnson
FAIL

This Is Their Plan?

Sounds like wishful thinking to me. As if anyone is waiting for IE9.

How about offering a compelling NEW feature? No, ribbonizing an existing applet does NOT count.

Actually I'd buy in if you removed some things too, like WFP, IE*, MSN, Outhouse, etc. Or simplify WindowsUpdate so its not a house of cards requiring half a dozen services, a dozen COM registrations and a healthy dose of daily prayer.

Check Point kills scareware-style pop-up campaign

Eddie Johnson
Black Helicopters

Ah, the Memories

Yea, I abandoned Zone Alarm long ago too, probably with the buyout, switching to Kerio Personal Firewall, back in the 2.0 days before it too bloated into a "Security Suite". 2.1 still works on XP and is a lot nicer than 4.0 and later.

Seagate rolls out 1.5TB external whopper

Eddie Johnson
Coffee/keyboard

Do you really mean platters?

Or do you mean sides?

Twitter flaw creates micro-blogging mayhem

Eddie Johnson
Badgers

Same Exploit, Different Day

Again, why the hell do we need all this obnoxious dynamic capability in our browsers? The very concept of MouseOver and MouseClick events has only been used for evil in my experience. The first I saw of this was on eBay where sellers would take over the right click trying to prevent lusers from saving their images. It obviously doesn't work for anyone who knows how to use their PopupMenu key on the keyboard but it annoyed the hell out of me as someone who uses Right click Back to navigate pages. If someone wants to display some popup text the Hint attribute generally works quite well.

You MIGHT argue for some valid use of the click events (expanding tree views and such) but the MouseOvers are inherently wrong. There is an argument that when a user clicks on something they realize there is potential for code execution but simply hovering your mouse should always be safe. I remember teaching people to hover their mouse over links before clicking them to ensure the actual target matched the displayed text (This is key to not getting goatse'd on a lot of message boards).

It would be nice if the browser (or NoScript) provided a way to turn all these various events on/off with some granularity. Better yet just remove them from the browser entirely and force web sites to code their site properly.

Microsoft: IE9 will never run on Windows XP

Eddie Johnson
WTF?

XP Versus Seven

Just take a look at the published AutoCAD specs to see why XP is superior. Their published requirements note that you need more RAM and a much faster processor if you want to run on Windows 7. Kinda shows the lie in the "fastest Windows ever" statement that MS trots out with every new version.

Pirate Bay beset by tainted ads

Eddie Johnson
Happy

Fixed

Surfers can minimise their exposure to these sorts of attacks by making sure their browser is running Adblock and Noscript.

IE9 strips to win Chrome fans

Eddie Johnson
Coffee/keyboard

Your Personal Preference Of

Controlling pixel rendering is contrary to the design intention of HTML. I hate web sites that try to control the way stuff looks in my browser. I set my window size and my font size, I want stuff to wrap to it, not give me horizontal scroll bars. That is the way HTML was designed to be rendered. Sites that try to resize my browser get blackballed really quickly.

For your in house app its one thing but you are swimming against the current.

Cyberlink v. Nero media authoring suites

Eddie Johnson
Happy

So True

Cyberlink never succeeded at an 8x BDR burn for me but with the same media ImgBurn did it, and did it quickly. They also gave me a nice log so I could clearly see that it had burned, it had verified successfully, and it had done it so quickly I wouldn't have believed it otherwise.

Eddie Johnson
FAIL

Do They Still Completely Ignore...

Regional settings? My crappy Cyberlink fails to honor date settings and can't even perform a proper file sort by date. They are so lame they perform a string sort on the date in the "mm/dd/yy h:mm:ss" format of their choosing. Its disconcerting to see 12:30am sent to the end of the list after 10:30am. Doesn't give much confidence in the more important bits either.

And Nero? Their wizard design is horribly stupid. You can't go back when a burn fails, the one time you are most interested in doing so. You have the choice of restarting your layout from scratch or saving it and then starting a new project and loading your settings. Clicking Back once and trying to burn again would make too much sense.

And burning a multi-session disk? Wouldn't the old volume label be a good default for the new volume label? Hell no, not to Nero, they suggest "My Disk" or something worthless when you already have a perfectly good volume label on the disk.

I need 2 fail icons for this post.

Firefox 4 beta gets hard on Windows

Eddie Johnson
Coat

Mystery Solved

>> "In December, a few of us...had an idea," reads a blog post from Seneca College professor and Mozilla contributor David Humphrey. "What if we could visualize sound data coming out of an <audio> or <video> element? My colleagues were good at thinking in terms of 'how can we make what we have now work?' But I had another idea: 'Let’s try and teach Firefox how to do this.'"

And now we know why Firefox has become the bloated, doggy beast that it is. Any random idea the development team (numbering thousands I suppose) has while stoned makes it into the final release no matter how completely worthless.

US raygun jumbo jet fails to beam down test missile

Eddie Johnson
Black Helicopters

More An Issue Of Efficiency

If more than 50% of your energy is being wasted (and I'm thinking probably 90% waste or greater) that multi-megawatt beam is going to require a gigawatt nuclear power plant. How are we going to attach that to a shark's head?

Diesels greener than electric cars, says Swiss gov report

Eddie Johnson
FAIL

Been Saying This For Years

It took a scientific study to figure it out?

Batteries do not generate energy, they are a storage mechanism just like your metal fuel tank. All they do is shift the pollution from your tailpipe to some big plant. The same goes for hydrogen power since hydrogen gas is typically manufactured thru electrolysis. The difference is your metal fuel tank has a nearly unlimited life time and a $200 replacement cost if necessary. Hybrid vehicles are a giant scam to get the average Joe paying a higher average price for his car with no economic advantage for the driver and no environmental advantage for society. Once you factor in the high cost of battery replacement and the limited number of charge cycles your fuel savings will never pay off.

VMware boss: we rise as Windows falls

Eddie Johnson
FAIL

I Think He Skipped Something

What fits between his VMware and the applications running in this proverial cloud? Some sort of shim that handles basic input, output and file system maintenance? And what's the common term for that shim? Oh right, it's called an operating system.

Broadband pricing in US and Europe falls

Eddie Johnson
FAIL

Author's First Mistake? Believing the Advertising

"“Almost 20% of the tariffs we tracked during the second quarter of 2010 offered down- stream bandwidths of 30Mbps or greater"

The key word there being "offered." Not delivered.

No one I know of offers bandwidths of "30Mbps" or anything greater than that, anyway. They offer bandwiths of "up to..." and then they proceed to deliver 3Mbps if you are lucky. At off hours. When your neighbors are all on vacation.

They haven't gotten cheaper or faster, they've gotten better at lying*. How about doing some testing of these connections at various times of the day to determine what the actual downstream bandwidth is?

*In a lawyer approved fashion of course, with a 4 point disclaimer at the bottom of the page that can't be read without a magnifying lens.

CTOs warned to prepare for Windows 7 budget squeeze

Eddie Johnson
WTF?

Where Are They Shopping?

I haven't paid over $1000 for a PC in quite a few years. The $399-$499 range is complete crap but you can get some good performance for $700-$800.

A friend recently got suckered into buying some $499 HP PCs for his office, they ran like crap out of the box and can only get worse. It's not worth upgrading any components either because they are mediocre across the board. I always try and go with custom builds and get at least a few good components and leave some areas open for future upgrade. Get a good motherboard and a middle of the road processor for example. Then 3 years down the road you can cheaply upgrade the processor and RAM without disrupting anything.

Nominet chief tells domainers to grow up

Eddie Johnson
WTF?

Srsly?

I'd say the "domain name business as a whole" already looks pretty damn bad.

Drunken employee pops cap in server

Eddie Johnson
Dead Vulture

Damage?

Can we get the post-mortem? Did he get it in the heart (CPU=pump), brain (memory=mass storage) or the lungs (RAM for lack of anything better)? To continue this tortured analogy the NIC would be like a shot in the foot and the PSU the belly.

Did redundant power supplies and RAID keep the patient alive for hot swap organ donation?

Pentagon confirms attack breached classified network

Eddie Johnson
Alert

Still A Network Breach

A Sneakernet breach is still a form of network breach. The firewall they needed was epoxy in the USB ports.

More generally, PNP has no place in a workplace computer system - users should not have the ability to install drives, whether they be external USB or firewire, flash thumb drives, or floppy disks or CDs. I had a user destroy a computer by playing a music CD that tried (and failed) to autoinstall some kind of multimedia presentation. It failed to install but managed to hose the NT4 install somehow. This was back before I really clamped down on the NTFS permissions. A friend had a computer that would periodically shout out "Marshall!" because he'd put an Eminem CD into it once. It took us ages to realize what was going on because it did it so infrequently.

Firefox, uTorrent, and PowerPoint hit by Windows DLL bug

Eddie Johnson
WTF?

I Hope You Are Right

"Microsoft said on Monday that the flaw stems from applications that don't explicitly state the full path name of DLL files and other binaries associated with the program"

The entire point of DLL files and shared code is that your apps DON'T need to know or care where it is. Explicit full paths sound like an amateurish mistake. Reminds me of how my C:\WinNT folder was enough to break many Win95 viruses that expected C:\Windows. A few crappy applications would end up creating a \Windows folder and dropping their crap there because they didn't know how to use WinDir/WinSysDir.

Ethernet storage protocol choices

Eddie Johnson
Unhappy

Keep the Entry at each End

Keep the entry at each end, drop redundant stuff in the middle. That means Fiber Channel survives for the top end, dedicated hardware applications and the new, low cost entrant, AoE allowing people to start on a budget. But then, the case may arise where there is a need for routing on the LAN/WAN where both those stumble and that's where iScsi fits the bill. Drat. I guess we'll keep all 3.

Best Buy slaps 'God Squad' priest with cease-and-desist order

Eddie Johnson
Joke

Huh?

Won't this fall pretty cleanly under the parody exemptions? And if the GodSquadder isn't profiting by selling the stickers I think they have no recourse.

Icon for BestBuy's benefit

Adobe to patch Black Hat bugs on Thursday

Eddie Johnson
Flame

Is It Literally a Patch?

Is it a patch or a 90MB download that installs itself twice within your user profile to consume nearly 200M? As a user of roaming profiles this is a serious consideration.

Mozilla man: Firefox 4 will leapfrog JavaScript rivals

Eddie Johnson
Badgers

The Faster You Make The Engine

The lazier the JavaScript coders will get - no net gain for users but viruses will be delivered faster.

If I actually let JavaScript run on more than about 5% of the sites I use I might care.

Mozilla Thunderturkey and its malcontents

Eddie Johnson
Thumb Up

Mirrors My Experience

Your experience with Mozilla failing to fix long standing bugs mirrors my own and I see you've already received your first retaliatory downvote for daring to badmouth an OSS organization. Kudos. OSS is not a religion, I judge organizations and their products on their merit only, and frankly Thunderbird shown less and less recently.

For me though it didn't start with v3, I thought TB 1 was a major step backwards from good old Mozilla Suite. The server discovery in TB 2 was an absolute abomination when I was setting up a friend's business. It can't discover a damn thing and just gets in your way when trying to configure things properly. I haven't made the call to abandon ship yet but TB 3 feels a lot like strike 3 to me.

Philips BDP3100 Blu-ray player

Eddie Johnson
Coffee/keyboard

Timesaver

I use my eject buttons all the time. My various players can be quite slow to cough out a disk so I usually hit eject before I get up so by the time I reach the player the tray is already open. I've calculated that it has saved me 3.95 hours cumulatively over the past 10 years. ;)

Seagate pushes HAMR as next big thing

Eddie Johnson
Badgers

I'm with phcahill

I'd rather have reliability instead of increased density. How about giving me an HDD with a life of 5-10 years, meaning 43800 - 87600 hours of continuous use? Note how far this is below the total BS 400000 MTBF typically quoted. How about giving me a 5 year warranty that guarantees no drive failure? If your drives truly have an MTBF of 400,000 hours then why not provide a warranty of half that, or 22 years? If I didn't have to RAID everything then I'd increase my storage capacity right there.

Microsoft ends Office lovers' employee discount program

Eddie Johnson
Alert

What Good Does It Do...

reporting bugs that never get fixed? There are Firefox bugs that go back to Mozilla Suite. They've been in Bugzilla since then. I watch them get reassigned, closed, reopened, but never fixed.

In OOo there are 7 year old issues dating back to 1.0 that are serious deal-breakers for a lot of people but have never been addressed.

Now someone will tell me to fix it myself. What would you have me do when there is no will in the mainstream to fix deeply ingrained bugs? Create my own fork and stagnate on the current version? Constantly spend energy to reapply my fix to an ever changing base, just treading water? The problem with most OSS projects is they are driven by geeks on home Linux machines with a WFM attitude - if you don't fit in their box you are screwed. I can't MAKE the software on every damn workstation like they do. Both Mozilla and OOo seriously fail for mass deployment, requiring a new deployment paradigm and customized tools with each version. Just the changes they make to user profile management from version to version are a nightmare.

Anti-virus defences even shakier than feared

Eddie Johnson
Megaphone

The Only News Here

Is that its actually being reported in the headlines instead of posted in the comments.

Its been known for years that signature based methods were doomed to failure. While the vendors would never admit it, their secret acknowledgment was watching the default AV update period go from once a week to once a day to every 4 hours. Once they had your computer doing nothing but continuously downloading virus updates and rebooting it became a little hard to hide.

Ditch the malware magnet

Eddie Johnson
Happy

Easy as...

At the core they are just registry settings so a reg file applied via login script or a group policy could do it. Just remember to disable it for versions 6, 7, 8, 9, 10, ...

From a quick Scroogle:

HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\JSPrefs, you will see a value named bEnableJS. To disable JavaScript in Acrobat 9.0 set this to a value of 0. To Enable it, set it to a value of 1.

If only there was an HKLM\Software\Adobe\AllVersions\DisableEntireProgram.

Adobe confirms remote code-execution flaw in Reader (again)

Eddie Johnson
FAIL

The Larger Lesson Here Is...

The evils of feature creep. If PDF had been kept to its original purpose, we'd be fine. But Adobe couldn't leave it alone and wanted to start making their static documents dynamic. IMO that change from static to dynamic is what destroyed the web, made it perform like shit, and opened up tons of security holes. Geniuses that they are, Adobe copied this static to dynamic change in the web to their Portable Document Format, forgetting that the very nature of a document is STATIC. It is to *document* the state of something at a point in time. There is no reason for links, Javascript, dancing GIF animations or whatever crap the markettards want to introduce to try and sell me their overpriced, unexciting crap. Adobe has simply made the exact same mistake that pretty much the entire web has made, so as utter failures go they aren't even original, they are just copycat failures.

Adobe adopted the idea that PDF was a container for offline web information so they wanted to be able to bundle up all the features of the web (viruses included but not intended) into a compact portable format. Knowing all the investment they had in dynamic content from stuff like Macromedia it was obvious they wanted to be able to deliver animated flash presentations and shit like that in a PDF, they probably saw it as a PowerPoint killer. Well, they succeeded at bundling up all the (destructive) power of the web into an easily portable format for exchange. They succeeded so well they have now become one of the primary conduits for malware.

Kudos Adobe!

Firefox market share drops as IE makes slender gain

Eddie Johnson
Coffee/keyboard

IE6 Lives On

Because MS never released 7 or 8 for NT and 2K. And yes, there are still a significant number of those OSs running.

Eddie Johnson
Unhappy

Stop the Merry-go-round

Some people don't have the time to be upgrading every week. You have to evaluate these things. One big problem is that every major update and a lot of minor ones (ie 3.5=>3.6) break extensions and if critical extensions aren't supported you can't move forward. I still run Firefox 1.5 and 2.0 in certain circumstances.

Mozilla has adopted an annoying pattern of taking things away recently too. Things like cookie file compatibility, the forms tab of Page Info, useful stuff. With a track record like that updating blindly is insanity.

I just found they've taken away the ability to globally install extensions via a command line option. There's still a way to do it but it requires a lot more investigation and time investment, not exactly what I'd call progress. Just the fact that they keep rearranging things for no obvious reason annoys me to no end.

Firefox update fixes plug-in snafu

Eddie Johnson
Unhappy

And the Print Bug

They seem to have zero interest in fixing the print bug that crashes the browser too. It's been around since 2.0 at least.

Lite-on iHBS112 internal Blu-ray writer

Eddie Johnson
WTF?

Prices Go Down

Not sure where you're shopping but I buy BR media for less than $2.50 per disk. Remember when DVD disks were that much too? They always start expensive and fall as adoption increases. I used to use 2 CDs rather than half a DVD for price reasons, now a DVD costs the same as a CD. Soon a BDR will cost almost the same as a DVD. Sure Sony sells singles in a jewel case and hasn't lowered the $19.99 price since the beginning but that's a trap for people not paying attention.

As for recording times I have no problem burning a full BDR in an hour and that is WITH verify. You're crazy if you don't.

Eddie Johnson
Megaphone

You Hit the Weak Point

I used to respect Cyberlink's DVD playback stuff but their BD software is absolute crap. There's no option to reset archive bits after burning for one thing but the absolute fail is that they sort files wrong when you do it by date. They do an alpha string sort on the date/time format that they have chosen (because they FAIL to honor regional date settings).

The people who wrote this crap should be fired and barred from the industry.

Empires built on free code aren't cheap

Eddie Johnson
WTF?

Quite a Lopsided Field You Chose

"Facebook has to run all that open-source software somewhere, and does so in its own custom data center and leased space within others' data centers. Twitter just announced its first data center. Google? Its data centers are legion."

So you're comparing the start-up to 3 companies who are pretty much at their pinnacle? Not to mention 3 companies which are all ad based so they need to churn huge terabytes of traffic to make a tiny margin? How about comparing to some actual companies that generate actual, useful products? (I'll concede Google's product does have some actual value but not the other 2.)

Or is your point that worthless, nonproductive companies catering to the latest fad are the future of venture capital and the internet? You may be right with that, I've never been impressed with what I saw the VC dollars chasing. They seem more interested in longshots than useful products.

vBulletin vuln gifts admin credentials to unwashed masses

This post has been deleted by a moderator

IE and Safari lets attackers steal user names and addresses

Eddie Johnson
Alert

Not Quite...

I believe the article states that cookie deletions will be global because a cookie flood forces the browser into panic deletions to free space.

Of course since I always run Firefox in "ask me every time" mode for how long to keep cookies I get prompted at least once for each site. After the first few cookies I choose not to accept them if the site is working fine without them or to accept them for a longer period if its a site I would actually return to.

I'm also sitting behind a cookie blocking proxy so I normally only see cookies if I've enabled Javascript for the site and they are set programmatically.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020