* Posts by John Foo

11 publicly visible posts • joined 13 Dec 2007

Transgender man prepares to give birth

John Foo


@mark_t : please study transgenderism a little, examinate more deeply what gender dysphoria is, and come back with a brain. thanks.

and for all the "heterosexual couple is teh norm" over here. we don't speak of 'mother' and 'father' but of 'feminine referent' and 'male referent'. a woman can be a male referent, that has never been proved a problem.

</psychologist ranting>

aside from that, if this kind of event were to be more common place, perhaps we could push more openmindness in the usual normative nutjobs (be them religious or whatever else). kind of a good non-news :)

haven't any of you guys dreamt to give birth ? pregnancy would even give them a look at how bitchy they can be when doubling volume :)

Al-Qaeda seeks geek fanatics for Jihoo!

John Foo


oh yes yes ricin is soooo credible in a terror attack

is that the fact that at 3% medium concentration (10% for specificly engineered species) of ricin in ricinus seeds makes pretty spottable the refining ("good morning mister, i would like three tons of castor beans.") of the substance ? no no, let's assume they dispose already of the refined form.

so with a ton of ricinus they will have 30Kg equivalent of somewhat pure ricin. ok now the hard part

LD50 is 1mg/Kg of matter by inhalation or injection means (500mg for ingestion). unlike the Markov case, where the poison was directly administered by a small hollow pellet *directly into the circulatory system, the only somewhat realistic way you'll have to conduct a real terror attack is by aerosol.

so assuming a crowded train station (with your average terrorist being ready do die in horrible suffering by the action of his bomb) you'll have to *diffuse* with appropriate means (compressed gaz with double action valves (we wouldn't want to kill our own jihadi in the lab wouldn't we ?) or low explosive powered deflagration (black powder, nitrate/fuel etc...) with 160Kg of body matter per cubic meter at ground (probably way more at busy hours)

so assuming you want to fill 100 cubic meters of your aerosol that would represent a whooping 160 Kg of ricin to aerosolize by appropriate means (count double weight around effective payload for appropriate aerosolizer/propellant/container)


of course you can consider my ramblings as totally irrelevant. or not.

oh btw a nitrate/fuel bomb is far easier to make, and pretty effective blowing people apart. ask the IRA

Hackers find clever new way to hose Google users

John Foo

Dancho is working in Dutchland

but born in bulgaria, yes.

</pendanticness contest>

happy that theregister quotes him, as not being a hugely known researchers, some errrm.. professionals doesn't hesitate to vaguely rephrase and repost his work.

keep up the good work Dancho, you're our primary source of information on RBN/NMMG

Dungeons and Dragons co-creator Gary Gygax dies

John Foo

Funeral rites

1D4 backups have been lost due to network congestion provoked by ettercaps

1D6+2 strange mail have been sent to random users, from random users

2D8 + 1 users have been disconnected from their session

1D12 pints will be dropped on ground

and 1D20 minutes of silence is to be observed

rest easily mister Gygax, us nerds won't be forgetting you soon

*wants weeping red dragon icon

Security boffins unveil BitUnlocker

John Foo


ooooh, another cleartext/keys-in-ram-attack.

soooo scary.

ok so to get a hold on my data, the guys will need to

1 : have the box powered, and booted

2 : not hibernated in crypted swap (yes, my ram images are in crypted swap. what's the fscking point of TrueCrypting your whole partition if the guy can straight dump it from memory with a fscking PCI card ?

3 : bootable from other mean that i defined. too hard to prevent, seriously.

4 : freeze the damn dram with nitrogen or whatever will bring the temp down enough to stop the bits from flipping. oh. on a electrically powered machine. wonderful idea, really.


motivation needed : high

skill needed : high

time available : *very low*

assessed threat level : near nil.

end of processing, have a good day.

btw, the NSA called, they want their paranoia back. NOW.

Wikileaks judge gets Pirate Bay treatment

John Foo
Paris Hilton


technically, we speak of "civil" and "military" *grade* encryption. this gets back to the time where 3DES was the NSA standard. civilians (the few who could get their filthy geek hands on a early IBM/PC) where constrained to "low grade" encryption algorithm, "high grade" (such as 3DES) was under the same regulation as war materials. in fact over here in sarkoland we are legally still constrained to a 56bits maximum symetric cypher. not that anyone cares.

as for document authenticity : that's not binary. you can't uniquely identifie a leaked information as "authentic" or "fake" intelligence would be SO much more easy. you'll have to make research, gather contextual information, and yes, if that piece fits perfectly in the puzzle you can say you have a high probability of allegation being true.

PH, because i'd take a wikileak on her face with my friends anytime.

UK teen is world's youngest certified ethical hacker (maybe)

John Foo
Paris Hilton

one and for all

recruitement should be based on pure skills (skills has in "man, this guy has *skills*) not on experience, age, gender, or anything else. i have seen 14 yo far better coders than many "i have 20 years of FORTRAN under the belt, so *of course* i am a good C coder. now get back to school *snortling*" so called professional coder.

every day we are confronted with code monkeys/ pseudo sysops which, as they have survived for a decade in the field (mainly by ducking a lot, and a*slicking even more) are screwing with our jobs. one of the exemples today. an application stops working mysteriously. of course, the client calls us (systems & network) bitching around how ne'er do well we are. and after a few hours digging into the binary (we don't have of course access to the source... we don't have their mad coding skills don't we ?) we finally discover a *huge* leak AND THREE OVERFLOWS. in a bubble sort. of course.

what do we do ? we call the dev team (of course, we have no bug management system...) which start to get mad, because that *can't* be them, no it's not worth to look, it just can't be them. they know how to code. we don't know our job. of course it's us. and valgrind ? what's that ? code coverage ? what ? what do you mean by Q&A. WE KNOW HOW TO CODE, UNDERLING !

yeah. IT support most stressful job ? no wonder... would *so much easier* if RH started by filtering the bozo's at all level. we have one in our team too of course. perfect for logging support call, an general monkey work. he will never have any root password. neither should the code monkeys have commit access. hey they can still do the documentation.

well enough renting for today, i have still to hack *his* software to make it looks like its working. or not.

PH, because she is pure emptyness

John Foo

it's not because is young that he's automagically a SK

hey this kid reminds me someone. me.

started coding very early (4) with the C64 my uncle gave me after i disemboweled one of is boxen (was working as a CS consultant at that time, and he had access to *incredible* hardware), and had a linux installed in 1992. hell yeah i'm 23.

for many people , this kind of early acquisition is often viewed at best as laughable weirdness, or worse, plain bullshit.

but for fsck sake ! anybody who have been in the situation of presumably not having any skills, in any field, for the mere reason they're "too young" are eager to prove they just *can*. i don't really know how it is here in good ol' albion, but on the other side of the channel, RH are tempted to trust *only* your diplomas (may you have 20+ years doing precisely *this* job) and i kept until recently hearing "no, you can't know what you are saying you know", and that from people *who don't even the start of a clue*. not fitting in the-little-case isn't good.

give us assault courses anyday. we'll have many surprises (or not). i personally think that RH should strictly rely on a two part (text, theory based test ; assault course) recruitement to evaluate the candidates. that should strike off the list the-people-we-shouldn't-have-recruited.


ah, and @rory alsop thanks for pointing CREST :)

Brits can't distinguish history from the TV listings

John Foo

I For One Welcome Our New Apian Overlady

'nuff said

mine's the sting-proof burqa please

How to lose $7.2bn with just a few Basic skills

John Foo
IT Angle

to a banker, we're all hackers.

where's the IT angle ? come on we're speaking of *banks* here, ginormous infra powered by a start up mentality...

i work as a UNIX system engineer (contractor) at a large competitor of SocGen, and what surprise me is that our shitty infrastructure, absent management makes *billions*

i work nearly 60h/w (yeah, some french works, but then i am more confortable with my english coworkers than the french ones) for what ? mending stupid holes, hacking kilometers of *ugly* scripts (seems like every single guy who work/worked here has *his* langage of choice, that *no one else* use. hell, a dev has scripts in *brainfuck*)

SocGen is known for having a not-too-stupid management of its IT assets. i wonder how much we would lose ? (yeah our risk management app, a few thousand blades, ginormous databases, and.... rolling a 10% of its potential because of crap algorithms. and a blade a day to change...)

ah au fait. i am mainly paid of coffee and slaps behind the head.

dominic, whenever you want :)

Megan's Law snafu fingered in rapist's murder

John Foo
Thumb Down


fscking simple and not subject to discussion in anyway

the victim (yes, whatever his crimes were, he is the victim) as i understand had done its time. which means that on a legal point of view, he was a normal citizen. no more, no less.

he has been killed. period. this is a not even murder, this is assasination (as the suspect has clearly stated). the suspect should be judged, and if sufficiant proof are brought, convicted. period

that's how law works.

whatever the reason of the act is, the sole point we have to consider is "lawful or not"