* Posts by frymaster

385 publicly visible posts • joined 18 Feb 2008

Page:

Microsoft Security Essentials shakes up consumer antivirus

frymaster

re:spynet

....I take it noone read the thing saying it's opt-in?

without opting in, the only thing sent is what nasties were detected, and what action you took

y'know, like it says in the privacy policy

Researcher: No emergency patch for critical Windows bug

frymaster

@Fritz

"They don't consider it to be critical"

not saying you're wrong, but where does it say that?

all it says is they aren't going to release an OOB patch

Open sourcers strike back at Google cease-and-desist

frymaster

Not just google

...there's some of the HTC apps shipped with the Hero in the mod too (like the greatly improved on-screen keyboard)

on the one hand, it would be best for android as a platform if these apps were available to everyone... on the other hand, with other manufacturers getting involved, obviously HTC are likely to want to preserve their work, and I wouldn't be surprised if they are next in line with the lawyers

as far as the google situation goes, couldn't they

- release the marketplace ONLY, as an installable-over-the-USB-cable app (wouldn't need to be open sourced)

- make the rest of the "default" apps downloadable from the marketplace for free (since every android should come with them)?

Mozilla plans to tie Firefox 3.7 pigtails in pretty Ribbon

frymaster

functionality improvements would be nice

If they're going to windows-ise the windows version a bit, how about support for group policy, and picking up user-installed SSL certs?

oh, and have they fixed that bug where the browser cache is stored in the roaming part of a person's profile instead of the local part?

Microsoft and Intel port Silverlight to Linux

frymaster

why 2 silverlight implementations?

Easy. MS wants silverlight on intel's distro. intel wants a decent level of support. moonlight won't, or can't, provide that. So MS will.

so why have moonlight? Easy. MS wants silverlight on every other general-purpose distro. It knows that all of the freetards (as opposed to people who use linux or think that OSS is a good thing) would object if MS supplied it, more so if it wasn't open source (there are legitimate reasons why OSS advocates might not like that, as well as the knee-jerk freetard reaction). So MS gives support to other people to write moonlight as an open source silverlight implementation

Archos punts 9-inch Windows 7 tablet PC

frymaster

@Tony Paulazzo

everything except the photoshop it'll do. If you're wanting to do something with serious grunt (video playback doesn't count these days thanks to hardware decoding) you need a proper processor, not an atom. Which means you need a more expensive, less economical chip, which means you also need fans, which means you also need a bigger battery, and by the time you've added all that then it's:

- bigger

- heavier

- more expensive

at least 2 out of 3.

I have to say I'm not entirely sure how big the niche netbooks occupy is, but that archos occupies it brilliantly. Doing serious graphics work means needing a tablet PC that's probably ten times the cost.

Archos adds Android 'andheld to PMP collection

frymaster

Confused at comments

Why is offering a lower price for people who don't need the extra cost that licencing various codecs incurs a _bad_ thing? As long as you do your research and realise what the headline price doesn't include... I like the pluggable nature of my archos, it keeps my costs down

It's a shame there's not going to be a phone version of this until next year, though

Apple and Snow Leopard take-downs - just say no

frymaster

@sleepy

"without relying on materials under NDA"

as they said in the article, they never signed an NDA

MS phishing filter blacklists everything

frymaster

@admin / ElReg!comments!Pierre

"Another reason...for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today."

You do know you can turn the filter off, right?

"It just needs to be standard compliant"

most of said tat/bling is from css3. css3 is not a standard (yet). Microsoft have this little thing called "backwards compatibility" which can be boiled down to "try not to change the behaviour of an application without a version change, if ever". Unless you are seriously wanting another round of designing practically 2 different websites depending on IE version, you should be _BEGGING_ MS not to implement css3 until the spec is completely stable

Microsoft's Windows 7 pretzel takes fresh twist

frymaster

Confused

"However, PC-buying customers in EU countries would only have been eligible for new copies of Windows 7 E and would not have been able to buy upgrade versions from Windows Vista."

I don't recall seeing that anywhere.

I recall seeing info that you could not perform an upgrade installation of win 7 E... I never saw info that said you couldn't have an upgrade licence

Bug exposes eight years of Linux kernel

frymaster

Easier to exploit and harder to fix than some think

"OK, now deploy it to all 60/600/6000 machines you have running Linux. Some of which are running mission critical applications"

and every single embedded linux system like routers, print servers, access points, mp3 players...

oh, and getting user-level access? Are you in your linux distro's security update mailing list? See how often updates come through for user-level access exploits in things like file archive reading, image reading etc. You could exploit a linux mailserver just by sending it an email, if it was doing virus checking.

Microsoft's Windows 7 price gamble - and why it's flawed

frymaster

Don't think MS is wanting to drive upgrades to win7 pro

... i think they are wanting to drive upgrades from pirated versions to legit. At the discounted prices, I know a lot of people who buy computers as components who are taking the plunge

Feminist org declines nude calendar cash

frymaster

What is the point of this charity?

Is it a " feminist movement" campaign griyo or it meant to be a support group for victims of abuse? The second? Right, then any political views they might hold can fuck right off.

ISP redesign unites the web in nausea

frymaster

I quite like the design...

"Ok I'm going to say it: The new web site is quite nice. A brave choice and not to every bodies taste but I like it"

I think it looks quite nice, however:

1. It displayed other people's details

2. It's a NEW site, they specifically say they DON'T support ie6... and it's not valid html. No excuse

btw for me the certificate worked when I checked...

(if you _really_ want to see it looking hideous, change backgrounds from the drop-down box...)

Council punished over theft of laptops from locked room

frymaster

"password protection"

...meaning the absolute best case, assuming it's a bios password and being a laptop it doesn't let you reset it, is that the bad guys have to go to the "effort" of extracting the hard drive to get at the details.... not very good, is it?

I'll admit they were probably stolen for the kit rather then specifically for the data, but I bet whatever man down the pub techy they use to wipe them knows someone who knows someone who pays for that sort of thing...

Microsoft opened Linux-driver code after 'violating' GPL

frymaster

re: losing their job

I can quite imagine someone losing their job

while developers aren't lawyers, it's pretty common knowledge that you can't include GPL code in a closed-source app. some MS developer probably took shortcuts and used it, and didn't even bother to raise a query with the (formidably large) support staff. A while down the line, someone notices the infringement, quietly points it out to MS, and they have to release the whole thing as GPL (trying to spin it in the process)

that's my hypothesis, anyway

Tasered Oz man bursts into flames

frymaster

A TASER IS NOT A STUN GUN

"Officers were attempting to arrest the unnamed Aboriginal man for sniffing petrol"

A taser is not a god-damn stun gun. It's an alternative to a normal shooty gun that might not kill people as much. it should _only_ be used as a "less lethal" solution in situations where you'd have had to use a gun before :/

Microsoft set for open source outpouring?

frymaster

windows and linux partitions

"Run Windows and it thinks the Linux partitions are unformatted - despite third-party drivers being available for Linux file systems."

actually, for me, it says it's an unrecognised partition and warns me if I go to format it that it's probably being used by a non-MS OS.

does it read non-MS partitions? no... I'm not sure what the legal status of any of the IFS drivers that support EXT-2 is, but I'd imagine none are BSD-style licenced... and the difference in permission/ownership systems makes any such system vaguely annoying

Virgin Media sets throttle on hardcore hogs

frymaster

"why should I be throttled?"

"So tell me exactly why I should be throttled for a legitimate and legal use of my connection ?"

because you are using a far greater than average share of a contended resource at a peak time. throttling isn't a "punishment", it's a quick and dirty (and therefore low-ping-impacting) way of trying to ensure everyone gets a fair share.

frymaster

re ac @adam52 and frymaster

Read their policy again. What you have described is a theoretical maximum download assuming the cap lasts for 5 hours twice a day

Yes.

There are 2 periods, each 5 hours long, during which you can get throttled. Throttling lasts for up to 5 hours. Thus, in each period of throttling, you can only be throttled once. Thus, you will be throttled for up to 10 hours a day.

Not seeing where what we're saying differers from what the policy says:

http://allyours.virginmedia.com/html/internet/traffic.html

frymaster
Happy

@ac re "fail" (also ac re "idiots, seriously)

"@Adam 52. Your sums are wrong. Please see VM throttling policy for 10Mb package and try again"

2 periods for throttling, in the afternoon and in the evening. Each is defined as a maximum of 5 hours duration. Assume worst case.

14 hours per day @ 10mbps is 61.5 gigabytes

(http://www.google.co.uk/search?hl=en&safe=off&q=14+hours+*+10+megabits+per+second&meta=)

10 hours per day @ 2.5mbps is 11.0 gigabytes

(http://www.google.co.uk/search?hl=en&safe=off&q=%2810+hours+*+2.5+megabits+per+second%29+%2B+%2814+hours+*+10+megabits+per+second%29&meta=)

Total amount: 72.5 gigabytes

http://www.google.co.uk/search?hl=en&safe=off&q=%2810+hours+*+2.5+megabits+per+second%29+%2B+%2814+hours+*+10+megabits+per+second%29&meta=

Turns out adam's numbers were conservative

High spam response powers junk mail economy

frymaster

not using filtering?

"around one in five (21 per cent) fail to use email filtering software or services."

possibly many of them have filtering via their isp and don't realise it (for viruses if not for dodgy links)

ImageShack hacked in oddball security protest

frymaster

ironic?

"Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list."

I'd image that's kind of their point ;)

my own view is that full disclosure should only happen,

a) sometime after the vendor issues a patch, or

b) after attacks are known to be widespread, or

c) if the vendor isn't updating their stuff

Police decline to reopen mobile phone hacking case

frymaster

So what the police are saying is...

"... we know they did it, but there's sod all way to prove it, and that hasn't changed since last week"

Rogue CA update bricks Win XP systems

frymaster

re:signatures

"and digital signatures for them to spot when they have been modified"

indeed, why don't they just assume any file digitally signed by MS that's valid is NOT infected?

BT abandons Phorm

frymaster

@Lionel Baden

"I wonder if you could leave them without penalty fee's because you feel they are infringing your privacy ??"

If and when it ever got introduced then yes, it would be enough of a change to your service that you'd be able to cancel before any minimum contract period was up

.

Microsoft enlists WSUS, ex-Superman, and puke in IE8 push

frymaster

Re:Gap?

Aye, unless that's a poorly-worded reference to the previous point about FF taking market share from IE, it makes no sense. I'm an IE user by choice - but only because I'm used to and comforatble with it. While IE has some unique features I'd be the first to admit FF has more

Samsung Story Station 1TB external HDD

frymaster

Brightness knob isn't a gimmick...

... if you keep yours permanently attached to a bedroom computer. My mate had to put black tape over the LED in his external drive...

Tiny-traffic DoS attack spotlights Apache flaw

frymaster

Apache trying to spin this a bit, methinks

They are quite correct that this sort of thing isn't new, but:

" For example, the Event MPM effectively nullifies this attack, and was first included in a production release of Apache in 2005."

So I go to the apache website:

http://httpd.apache.org/docs/2.2/mod/event.html

"This MPM is experimental, so it may or may not work as expected."

"Production" and "experimental" are mutually exclusive, no?

That Digital Britain report in full

frymaster

re: fake IPs on torrents

"Since TPB and others are now peppering torrents with random and innocent IP addresses; innocent people are going to be cut off."

"Although my IP address could theoreticalyl b obtained by querying a tracker for peers on a torrent, this has been shown to give so many false possitives it is not accepted as proof."

That's really not hard to get around. All you have to do is only list IPs that have actually uploaded a verified chunk of file to whatever snooper they have connected to the torrent. That also ensures they are targeting "providers" not just "downloaders". Yes, that's a meaningless distinction to make in a p2p network. Yes, there's been cases of people getting letters as a result of fake IPs in swarms before (although not in this country, I believe). But if your immunity relies on them never ever wising up, I'd be just a little bit less assured...

Hitler kicked off iPhone

frymaster

Parody does not work that way

Using someone's video to parody them is fair use. Using someone's video to parody something ELSE is not. So the video that uses the clip from Downfall to make fun of the MPIAA is NOT fair use.

Back in the real work, it's always going to happen (and think how idiotic people would have to be to object) - nevertheless, the point stands.

Malware infested MPs' PCs inflate leak risk

frymaster

@Geoff Mackenzie @Nick Palmer

The statement is not precise. "86% attacked" implies Nick's interpretation, "78% automatically cleaned" implies Geoff's. I'd imagine a large about of that 78% was indeed blockings, while all of the 8% that required an engineer, and some unspecified amount of the 78%, was indeed the detection of something already resident.

France says 'Oui!' to three strikes for music pirates

frymaster

@Andrew Fraser

"Everyone in France start torrenting Linux Distro's, creative commons, and your own licensed work !

When the bastards cut you off, sue them into the ground, with complete logs of everything you file shared, showing NO piracy at all"

That would only work if they were doing some sort of man-in-the-middle snooping of your traffic. Not only would that, as you've suggested, be inaccurate (especially for encrypted p2p) but it'd also be expensive, possibly rights-breaching, and also totally unnecessary. All the regulators have to do is connect to a swarm for a torrent of unlicenced media, verify the media IS in fact, what it claims to be, and record the IPs of any peer that sends them a valid (non-corrupt) file fragment.

HOWEVER this is where it all breaks down. What regulation is there to ensure the ips/times submitted are correct? What regulation is there to ensure the ISPs can resolve an IP and time back into the customer that was connected at the time? iirc in the comments for another one of these articles an ex-BT employee said the script they used for the job was a horrible frankenstein bit of hackery that was notoriously flaky...

technically, there is no problem ensuring only infringers get caught (or at least, infringer's connections - but most ISPs have a "you are responsible for what hackers do on your line, you are responsible for securing your equipment" line in their T&Cs.. and you'd hope after the first or second warning they'd sort it out). It's the human/beuracracy factor that makes this scheme dangerous.

Microsoft’s Silverlight 3 delivers decent alternative to Adobe

frymaster

@Frumious Bandersnatch

it compiles to CIL, not raw assembler (else it won't be patform independant, unless you are meaning that CIL is the assembler language of the CLR) but I think only a subsection of the full .net APIs are available (the linux download is 9 meg, which I wouldn't classify as "hefty")

as regards sandboxing though: how is that any different from the sandboxing people have to rely on to make sure flash code, or browser javascript, or pdf javascript doesn't take over their systems?

having said that, moonlight 2 is nowhere near done, and its sandboxing code is at best not yet tested ( http://www.mono-project.com/Moonlight/SecurityStatus ) which means that you can either have platform independance (moon/silverlight 1 and javascript) or language independance (silverlight 2) but not both

Irish Wikifiddler hoaxes worldwide journos

frymaster

re:still a wiki fan

"It's an invaluable resource for helping the kids with their homework, or just spending an afternoon expanding your knowledge. It's great for getting an overview on a subject and supplying you with key words to search for using Google. You've just got to be careful NEVER to repeat anything indiscriminately, without following up references and getting confirmation from secondary sources."

but the point that's being made, time and again, is that if even those who are supposed to make a living from information are getting incorrect data from wikipedia, what chance do schoolkids have? If I want to expand my knowledge, what good does a source whose validity I don't yet have the knowledge to evaluate do me?

The furthest I go is checking out the sources/references on a wikipedia page, and that's _after_ checking the discussion page for signs of wikiDrama: but evidently lots of other people aren't. This may be a problem with people, rather than with wikipedia, but humain nature ain't gonna change.

Lame Mac 'email worm' limps into view

frymaster

@Dear fundamentalist, please calm down

Well said!

however, I'd qualify your last point (appearances do matter) - different people have different working habits and modes of thought. one man's "it just works!" is another man's "i have no control!" and one man's "I have total contro!l" is another man's "why isn't this configuration automated?" - and sometimes it's the same man ;)

Microsoft blocks dirty dozen apps from mobile store

frymaster

@Jodo Kast

You need to read his comment instead of just copypasting a standard rebuttal (the "proven monopoly" line was a giveaway :P )

that AC was proceeding on one interpretation of the rules. I don't see how the interpretation he's using (that the rule is "no program may alter the user's preference over what the default browser is", NOT "you may not write a browser") embodies monopolistic tactics, and I'm genuinely curious if you can explain that.

of coure, the wording is a little wooly, and it's possible the correct interpretation is indeed the braindead one. In which case it's not only monopolistic, it's damned stupid.

frymaster

"replace default browser?"

does that mean you _are_ still allowed to have a browser, it just can't make itself default? and can the _user_ make other browsers the default?

If "yes" to both, then meh, it's a perfectly reasonable thing ("no apps that randomly stomp on the user's preferences"). If "yes" to the first only, it's still somewhat understandable. If "no" to both, that's totally stupid

though at least with windows mobile you can still manually install stuff if you want

Windows 7: MS plays a Jedi mind trick on netbook owners

frymaster

"why so many versions"

...because that way you pay less for a version that doesn't include things you don't want?

ignoring netbooks for the moment, there's essentially 3 versions: home, business, ultimate, where each is a superset of the one before it - in business you gain remote desktop and AD support, in ultimate you get bitlocker and what used to be called SFU. Realistically, 99% of people only want home or business, then.

The other versions are are volume licence version of ultimate, a home basic version for poorer countries, and the tesco value edition for netbooks.

Equality Bill U-turn could damage businesses, warns expert

frymaster

huh?

"The Bill also contains provisions to permit, though not compel, employers to employ people from disadvantaged or under-represented groups, but only if they are an equally good candidate for a job as someone not from that group."

are you saying up until now, if there were 2 equally good candidates we were forced to take in someone from an _over_ represented group? I don't think so...

Pirate Bay guilty verdict: Now what?

frymaster

re:"stuff some foreign beak"

(which means I'm going to continue torrenting what I want, when I want, until the pricing from the media companies becomes realistic and fair, games aren't drm'd to the point of collapse, and commercial actually works and is worth the price the manufacturers expect you to pay for it. If they didn't rip us off in the first place we wouldn't go d/ling hookey copies)

self-serving hypocrasy. "It's alright to rip these people off, because they rip people off!". Er... no it isn't. Either being a rip-off merchant is OK (in which case you should have said "I'll bittorrent because I'm a cheap git scumbag") or it's not, in which case you just DON'T BUY THE STUFF. Apart from anything else, you're convincing publishers that there's a decent market for their stuff if only they could write some better DRM.

And for myself? Yeah, I use bittorrent, and I'm a cheap git scumbag. But at least I know it, and at least I'm not trying to claim some kind of moral right to rip people off.

Mozilla considers dumping Firefox support for Win2k, early XP

frymaster

"Features thay can take advantage of in vista"

I'd be happy if they took advantage of features in XP, to be honest. I run my own website/general purpose server, and have a self-signed root certificate which signs any ssl certs I need, so I only have one thing to install to avoid certificate errors... NOT.

Because firefox, in its infinite wisdom, totally ignores window's built-in cert store, meaning I have to install the cert into FF seperately. Something that chrome managed from day 1, I might add.

And don't get me started on group policy and roaming profiles...

Dropping support for XP SP1 and win2k, yes (the only people using them will be corporate types who are forced to use IE6 anyway) but SP3 is perhaps a little recent to be enforcing it. And XP is used in 60% of computers in the valve hardware survey, which is a pretty cutting-edge market segment, so I don't see making it vista-only worthwhile.

Microsoft conjures imaginary 'Apple Tax'

frymaster

qualified disagree

I agree that article is a piece of mince, but your dell vs apple comparison isn't too great either. All you've proved is that it's possible to find systems more expensive. But the thing about PCs is that you aren't forced to buy from the one vendor. It's certainly possible to get a machine with the same spec as that apple for less

Facebook in Pirate Bay block Fail

frymaster

re: as per usual

"Totally ILLEGAL, i wonder how much Cash facebook got criminal organisation such as the MPAA and RIAA to illegally censor content?

Facebook now join the rank of common crook..."

er, no, because it's not against the law for them to remove content from their own website.

Next-gen SQL injection opens server door

frymaster

This article is a bit irresponsible

"SQL Injection" isn't what happens when you don't validate your input. It's what happens when you use a way of talking to your database that requires validating your input in the first place!

Like many of the commenters have suggested, using parameterized queries / bound variables, or whatever you want to call it.

Validating your input is for preserving the sanity of your data, _NOT_ for preventing injection attacks. Optionally, you might quote/validate input that you know is only going to be output in one format (say, text in a web page) to save you doing output validation (but I prefer to escape html entities on output and leave my data "pure")

Why the iPhone's megapixelage alone won't matter

frymaster

Even better

... just assume _all_ cameras on _all_ phones are crap :P

While i'm sure there are exceptions, like presumably the ones mentioned in your article, in general they are all crap because of the optics. I have a very old digital camera with less megapixellage and it's miles better than any camera phone ever

I thought the feature list on the original iPhone was lacking in many many ways; the quality of the camera wasn't one of them

Firefox 3.0 ekes ahead of Internet Explorer 7 in Europe

frymaster

@Psymon

Don't forget certificates. many corps may have a root certificate that signs all kinds of in-house stuff (vpns, websites, programs etc.) which is self-signed because it would cost too much for internal computers they can install the cert on anyway. Except FF totally ignores the windows cert. store (whereas chrome, for instance, works perfectly)

these apps would do better if they tried to use the features of the OS instead of going their own way. Makes sense in the linux environment (all apps are self-contained; can't make assumptions about the OS because it could be heavily customised), but not on windows

(I wonder if anything other than IE uses the windows RSS store, for instance? though even outlook doesn't use it yet...)

US mums sue anti-sexting crusader

frymaster

The guy's logic fails

". Frankly, it's sad to me that their parents don't realize this is wrong and they should be encouraging them to take the classes"

"Parents thinking their children's behaviour was wrong" is not equivalent to "parents thinking their children's behaviour is criminal" or "parents thinking their children's behvaiour means they need to attend a re-education program". It's very possible for their parents to be standing up for their kid's rights without them endorsing their behaviour, and well done to them.

Microsoft 24 hours late with IE8 pwn protection

frymaster

@danny_0x98

"So, IE8 was being rolled out in Beta (and released on Thursday) and they didn't include the ASLR/DEP until the day after? I mean I do believe it, I'm just not smart enough to figure out why the security gets added on D-Day plus 1."

that's not what the article said

the article said the security wasn't in the beta (which was what was targeted during pwn2own) but was present in the final release.

Opera chief: Microsoft's IE 8 ‘undermines’ web standards

frymaster

Missing the point a bit

"It also means that Microsoft continues to exert undue and damaging influence over the web"

If IE8 didn't support these older sites, it wouldn't drive those webmasters to upgrade. It would drive network admins to block IE8 from autoupdate on their networks

"What about the home consumer?" I hear you ask. The home consumer is either using firefox, doesn't care, or only goes to sites that work in every browser ever made anyway.

This is and always has been about the crufty intranet sites that dinosaur corporations rely on; if IE 8 didn't support them all that would happen is that there wouldn't be a clear upgrade path for those sites (like, say, crufty site -> works in IE8 -> rewrite to be standards compliant, which should still work in ie8 -> roll out firefox)

And it's slightly arrogant of opera to criticise MS for going their own way, and then moan that Apple won't let Opera go _it's_ own way; it implies some kind of "I know better than you" attitude. And it's ironic that of the 2 popular paid-for desktop OSs*, MS is by far the most open...

*Just to avoid whether or not people consider linux a viable broad appeal desktop OS, which is something for another day

Page: