* Posts by bogsheet

24 publicly visible posts • joined 9 Nov 2007

RIP Full Disclosure: Security world reacts to key mailing list's death


Re: Someone

This person made legal threats to FD if they did not comply in removing this thread - that's why it suspended. It is the guy who posted the 'vulnerability' and got shredded due to his response to the 'community'. The arbitrary file upload to YouTube is not a security vulnerability on its own, but it was the response to being told this combined with narcissistic self-delusion and denial that resulted in the meltdown that ensued.

Some background research into his satellite expertise and academic credentials, not to mention the recent article on Softpedia commenting on the disappearance of the Malaysian 777, are essential reading to understand the full extent of this individual's issues.

Drupal looks beyond open source zealots


Analysis of analygous

Perhaps the legacy of the former imprinted in your brain resulted in the spelling of the latter... Or has digital made you forget analog?

Men more different from chimps than women, say boffins


In response to 'No I will not fix your computer'

The main reason two non-identical twins differ is because they are conceived with separate sperm (not to mention separate eggs) which differ principally because the process of meiosis involves the 23 pairs of chromosomes in the father splitting, with the resultant two sperm having a 50/50 chance of having either one or other of each distinct chromosme pair. This results in 2^23 possible combinations of chromosomes for a given sperm long before you factor in chromosomal crossover, which is what you describe. It's almost as if to suggest that without chromosomal crossover, there would only be two different genetic make-ups in resulting sperm! I think not...

You also say that in meiosis, chromosomes are duplicated. This is also incorrect. It is fairly fundamental biology that normal haploid cells contain 23 pairs of chromosomes, which split into diploid cells containing 23 single chromosomes. There is no duplication here...

It's going to be pretty difficult for the Indomitable Gall or anyone else to accept criticism or correction on these matters from your good self bearing these mistakes in mind, not to mention the fact that you spell 'chromosome' wrong. It looks like the spelling has undergone two distinct mutations in your mind resulting in 'chromasone'.

I never cease to wonder how frequently people make critical posts on internet forums in a tone as to suggest they are more knowledgeable than those whom they attempt to correct, when in fact their 'corrections' are littered with factual errors. Please be critical of your own knowledge before you criticise that of others!

DOJ sinks another EliteTorrent admin


Parallels with Oink? Where was the copyright data?

Surely there is fundamental detail missing here... The crux is surely whether they were actually hosting copyright material, or just trackers that point to it. It is for this reason that prosecutors in the UK are struggling to pin anything on the administrator of the Oink private torrent site.

It would be interesting to know if the US legalities are the same, and whether they take a similar or different approach to dealing with this subtle technical point which is very powerful legally.

Rogue MP3 Trojan streaks across P2P networks


another for Mikey C!

hey mike, just had to throw in my tuppence worth on that crock you wrote. most points have already been addressed, but the last paragraph is something i have to come back on...

"To all you kiddies out there that por through torrents to get all the free stuff you can"

well i download a fair bit of stuff from torrents but i ain't a kiddie, either from the perspective of age or technical knowledge...

"first of all sooner or later you're going to get nailed by a virus like this or worse"

as a professional reverse engineer and malware researcher i doubt this is gonna happen... but thanks for your concern

"second, you'll ned up starting all over from scratch regularly since likely you have no backup for your hundreds of GBs of data..."

again cheers for the kind thoughts, but you'll be relieved to know that i have a very thorough system of backups across my machines that ensure that i have at least two and even sometimes three copies of all my data! including all my music and films:o)

Biologists track down elusive lungless frog



Well I think it is particularly notable if not amusing that the argument from the "creationist" who just joined the debate says that unless we can *prove* something, we can't make a conclusion based on that assumption!

I barely even feel it necessary to finish my retort, as I'm sure you can see it coming. Incredible really that the argument picks a couple of examples from nature to try and lend itself credibility. What of all the other numerous examples that support the hypothesis of evolution?

But anyway there is little point trying to defend evolution from scientific stand point when faced with an attack from someone who proposes completely foundless non-scientific fairy-tales as their counter. See Genesis? I'm glad I still have my sense of humour in tact, as the last time I checked Genesis was a book written by men a couple of thousands of years ago who then passed it down to us via a process akin to Chinese whispers. I'm not sure if I would want to believe anything people believed thousands of years ago, as they were without the benefit of scientific thinking and knowledge... At least they had an excuse for believing that God created the Earth - they had nothing better to choose from. For people nowadays there is no such excuse.


Our own loss of the appendix?! @Franklin

I think perhaps you should revise your human anatomy.

Ever heard of appendicitis? Not that rare a human condition, it would be difficult to have this if humans had evolved to no longer have this organ.

Perhaps you are confusing some biology lesson from years ago where it was argued that the appendix no longer performs a critical function in humans and can be safely removed if infected without significant impact on the person.... unless they live on grass.


Surface area...

Being flat does not increase the surface area of the frog!

It increases the surface-area-to-volume ratio! Doh!

Kraken stripped of World's Largest Botnet crown (maybe)


A rose by any other name would smell as sweet....

What's in a name? This discussion, and the response from Damballa, is really a meaningless exercise in grouping and naming. Alas malware does not lend itself to being precisely named nor grouped.

The history of malware is littered with similar examples of worms that are given new names when a new feature appears, whereas in fact this new feature has simply been added to an existing code base. Is this a new family of malware or an old one? The answer is it doesn't make any difference what the family name is. The divisions between families are all very blurred, the evolution of these things is incremental.

Whether a new feature deserves a completely new name is moot; malware authors share code and the architecture of bots is modular and has been for a very long time. Whether bolting on a new communications module that uses encrypted TCP on port X instead of plain HTTP deserves a new name or not is up to you. Pick what you will, so will everyone else. There will be differences, but in the end it doesn't really make any odds what it's called.

Microsoft gives XP an extra two years to live (kinda)


@Wayland Sothcott - Onwards and Upwards? I don't think so...

Wayland tells us: "We could freeze all hardware right where it is and the computer industry would still produce faster computers. Software would slim down and speed up. With Vista, Microsoft is using software to drive the hardware market which does not seem to want to follow."

Now this sounds great, ideal in fact. But I'm afraid that this is idealistic fantasy.

We might all like to think of software development as continual fine-honing of software, optimising here, tweaking there, until you are left with a smaller, faster, more refined piece of code.

Sadly this is nothing like the reality, certainly as far as Microsoft is concerned, but regrettably most other developers too. The problem is that making code more secure only serves to add bulk to it in most cases. Bounds checking, input validation and the like all require more code. We have seen Firefox, sadly, become more bloated and slow with every security update they release. Don't get me wrong, I still love it and use it, but it isn't getting any faster, at least not at the moment (version 3?).

I like the ideal, I wish code was becoming more refined, faster and smaller. But that don't make it so. The reality is that securing code only makes it more bulky and slow in the vast majority of cases. And that is without mentioning the effects of adding new functionality, and other inexplicable bloat for which Microsoft has become renowned.

DDoS packets soak up to 3 per cent of net traffic


Data Culling?

"according to the data, which was culled over 18 months."

Culling refers to the minimising or reduction of the amount of data to acquire a smaller set. I wonder if this verb has been used correctly here, as in the context it appears that the data was simply collected.

US Wi-Fi piggybacking won't put you in pokey



Yes you're right, the motorbike was a poor analogy, as indeed you have to pass a test to be allowed to ride one on the roads. So I will borrow Peg's better analogy of skiing instead. You don't have to pass a test to do that. Would you let your gran bomb off down the slopes on her own? Or would you help her to do it safely?

My argument isn't flawed, the analogy I used to illustrate it was. With a more appropriate analogy the argument still stands; computers have potential to do great evil as well as great good, and anyone who uses them without knowing anything about them and without securing them puts themselves and others at risk of bad things.

This is not the way it should be!


With great power comes great responsibility...

... so in response to Mr Seagal's argument about his poor old gran who can barely use her computer for email - she deserves no sympathy.

You wouldn't let the old dear drive a motorbike or a sports car - she might hurt someone else as well as herself. So why should you think it's ok to let her off with incompetence with another powerful machine, the computer?

If she gets infected with malware, she could be contributing to the spam problem, malware spreading, all sorts of electronic evils. If you want her to be able to use email and wifi, then you better flippin secure it if she can't.

I detect a hint of sarcasm in what you say, but the words are absolutely spot on. If she doesn't know enough about the power of the system she is using, then yes, she deserves everything she gets.

Microsoft buys virtualization tot for help with Vista



er... what?! do you think you are being clever or witty with your writing style? well i got tired of reading your crappy capitalise-each-word-in-acronym style in a nanosecond. it is just meaningless crap. not funny or clever.

Excuse me sir: there's a rootkit in your master boot record

Thumb Down

Rutkowska - Zero Credibility

Joanna Rutkowska has no credibility with anyone with proper technical understanding of malware. Her reputation exists entirely upon smoke and mirrors, and a couple of big scaremongering stories from a couple of years ago.

Anyone remember the 'blue pill'? Joanna warned us years ago that she was working on.... wait for it.... Undetectable Malware! Yes, she claimed that she would soon present her working prototype of her blue pill technology which would be completely undetectable to A-V software. She gained a _lot_ of press and attention for these extreme claims, and became quite famous on the back of it all, but professionals working in the industry were extremely skeptical...

...with good reason. Nothing she has ever claimed has amounted to anything of substance. Where is this ground breaking undetectable hypervisor-based malware she promised? All we ever got was an extremely detectable first prototype (memory scanning was sufficient to detect it) and the promise of a new version soon that would be live up to all the promises.

We're still waiting. And with every day that passes in the meantime the reputation of Joanna Rutkowska means less and less.

Why do women get plastered at fancy dress parties?


right then!

well if ever there was a reason for going to the extra effort of arranging a fancy dress party, this is it!

this will replace my apathy with enthusiasm for such events :oD

Thom Yorke dismisses net-only album paradigm


back @ Paul M

Well I don't want to start a flame war... But like I say this isn't something I conjured up out of theory, like I said I _actually_ have tried this. I believe in science, so I performed the experiment, and I have done so on a few different pieces of good quality kit. I have done it with high quality amplifiers, speakers and even headphones to try and cut out any other noise. And yes, the volume was sufficiently high...

Now maybe your hearing is better than mine, but even if my life depended on it I honestly couldn't hear any difference as long as the mp3s are ripped at highest possible quality. I was able to hear the difference at 128kbps CBR but not VBR0.


MP3 quality - got to agree with Christopher P Martin...

i am becoming a bit tired of hearing or reading supposed 'audiophiles' harp on about how they despise 'lossy' mp3s and how they listen to cds (or even worse vinyl) on their high quality system because they want to 'really hear' the music. In particular you Paul.

Take up the challenge - I have. I am not talking from principle, but from practise. If you rip an mp3 well, for example with LAME codec using VBR0, you WON'T BE ABLE TO TELL THE DIFFERENCE between that and the original cd. On any system. I have tried numerous times on expensive gear. Especially not if you're getting on a bit as your hearing isn't what it used to be... Oh get someone else to test you too, just to make it fair.

For a good discussion on this topic (and also some info on why vinyl isn't all it's cracked up to be) read the reg comments on ‘Compact Disc: 25 years old today’ :


P.S. The plural of mp3 is mp3s not mp3's - that apostrophe winds me up almost as much!

Radiohead prep New Year's Eve net gig

Thumb Up

Tis true, statistics might be misleading....

The number of people that downloaded the album 'In Rainbows' for nothing, or the fraction of the total number that were downloaded for nothing are both pretty meaningless statistics in terms of illustrating whether or not this new style of music sale was a success or not.

It was the first of its kind, and an experiment, so it is not surprising that a huge number of people went online to download it for free. As well as the freeloaders, there were many people eager to test for themselves whether it really was true. But forget this fraction, it is the total of the money that was taken, and Radiohead's opinion of this total, that are the important indicators as to whether this novel approach to music sales is a goer or not.

From what Iain says it sounds like a resounding success to me.

Nintendo kills Wii ads due to console shortage


@Steve Rowsell

Ah no, Steve you miss my point.

You think my post was about me?! Ah no, you would be wrong, read it again! I won't be buying any console this Christmas...

But to admire Hedley Phillips for "taking a stand against the 'must have at all costs' attitude of too many people" by buying an ancient console from several years ago on the cheap is pretty empty headed in my opinion...

The real point is that, although a PS2/NES/whatever might convince you, it won't convince any youngsters this Christmas! Now if you want to criticise this "must have" attitude then I suggest you start with all the kids in this country, it is they who embody it most... and see quickest through any BS that out-of-touch old folks might try to pull on them!


@Hedley Phillips : your stingyness won't wash with the kids!

Quote : "We have just bought a PS2. Not only did we get it for about £30, but we got loads of games with it.

"Are we the only ones who see a way out of this mad, I must have it now economy we live in?"

Er no, you are a stingy old fool who will be playing an extremely outdated old console this Christmas, I just hope you don't have kids to disappoint with this!

'Hey kids, forget that film in the cinema, I picked up a VHS of a five year old film for a quid in a car boot sale! It's great honest!'

Eee PC: better with Windows?


nLite : Shrunken faster Windows

As someone has just mentioned, nLite is a great way to shrink as well as speed up Windows.

I have installed an nLited XP on my Asus, installed it to less than 1gb without removing any important functionality, and it boots in 25 seconds. NTFS is of course no problem either.

So all in all, the question for me is why bother sticking with the Linux distro when my Windows install is small, fast, fully functional, and damn sweet!

Apple hit with another class action


My iPod has never touched iTunes...

...in its 2 years of existence. I chose to use the excellent Anapod software to manage my iPod, it allows me to do anything and everything that I could possibly want from an mp3 player.

Six-month hangover for 60-pint Scotsman



it is so utterly tragic to me that so many people comment by repeating the same thing stated previously... surely you guys can read that someone has already beaten you to the 'only 15 pints a day' (first post), 'east vs west' (second post) or the really clever 7 month mathematical calculation (third post)?!

one sad mofo even repeats two of these in two separate posts as if they were his own clever and witty comments... but he shall remain anonymous.... the coward.