Because it's too difficult to have a webform that does this as well so I don't have to copy/paste the email address?
Posts by Pete Spicer
201 publicly visible posts • joined 28 Mar 2008
Google devs: Tearing Chrome away from OpenSSL not that easy
Four fake Google haxbots hit YOUR WEBSITE every day
Sneak peek: Microsoft's next browser (thanks, IE Developer Channel)
Waiting gamer slams no-show show: E3 – was that it?
Happy Birthday Tetris: It's flipping 30
Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt
As much as TdR is abrasive in style, he does actually care about security, and having been involved in forking software and having to deal with patches, I fully sympathise with his point of view.
In fact, I just donated to OpenBSD because the OpenBSD project actually cares about code quality - and that means users benefit too. That's really important.
Antivirus firm Avast! takes down forums after breach
They were not using their own platform, they were using the free and open source package SMF. Exactly what version of it is not entirely clear, and it's been modified beyond pure aesthetic changes from the stock distribution. The extent of modification is not entirely clear.
The method used by SMF 2.0.x series (which is what they're using) is SHA1(lowercase(username) + password), which is what SMF has always used, and the developers are upgrading that in coming releases. I could try and defend the reasons for staying with this but most of them amount to 'OMG we have to keep compatibility with hosts' which is why it wasn't until this week that the 2.1 series actually bumped its minimum PHP version to 5.3+ instead of 5.1+ (and 2.0 series will work on PHP 4.4.x)
There are no known vulnerabilities in the 2.0.6 or 2.0.7 releases (the 2.0.7 release strictly addressed minor bug fixes and PHP 5.5 compatibility after the preg_replace function deprecated use of /e, both of which are therefore considered 'secure' releases by the developers).
I still wonder, though, whether this was the fault of the software or someone with a bad password. It's certainly not unheard of for admin passwords to have been bruteforced - and all kinds of things that happen afterwards. Unfortunately there is a persistent stubbornness from the SMF team about allowing their package manager to do what it does (find/replace on raw code, which of course requires it be writable!), and anyone who bruteforces or otherwise acquires an admin account subsequently can upload any code they like to the server and most admins leave it insecure.
My understanding is that the developers have reached out to Avast to find out what happened, though details are apparently not especially forthcoming.
Disclaimer: I am one of the people that, in the past, has contributed to SMF. I am not trying to defend my contributions; all I worked on were minor bug fixes and new stuff for the current in-development version as well as providing support.
Shockwave shocker: Plugin includes un-patched version of Flash
I haven't seen anything in Shockwave in probably a decade - while in that time I've still seen a bunch of Flash and slightly less so for Java applets (mostly ones that I've been helping rewrite to be not applets!)
I honestly thought Shockwave was a dead thing... what can you do in Shockwave that you can't in Flash?
eBay slammed for daft post-hack password swap advice
Comcast exec says wired broadband customers should pay-as-they-go
The future's so bright, Google Glass now comes with shades
Peril sensitive sunglasses. Joo Janta 200 Super Chromatic Peril Sensitive Sunglasses, I assume he's referring to, which turn black at the first hint of trouble, allowing you to develop a relaxed attitude to danger by not letting you see anything that might alarm you.
Hitchhiker's Guide to the Galaxy is responsible for many such witticisms :D
Watch out, Yahoo! EFF looses BADGER on sites that ignore Do Not Track
DNT is great in theory, except it was doomed the minute Microsoft decided to make it on by default. A cynic mind might even suggest it was done deliberately to compromise the idea. Don't forget - this is not the first time something major has chosen to explicitly ignore DNT being set, on the basis that you couldn't actually rely on the user having made the choice.
Stephen Hawking: The creation of true AI could be the 'greatest event in human history'
Early! Do! Not! Track! Adopter! Yahoo! Says! It's! Rubbish, Bins! It!
Analysts: Bright future for smartphones, tablets, wearables
Report mash-up: Apple to sell 65 million $269 iWatches in first year
Re: @ Peter Spicer - You know they have reached market saturation
Who actually says Apple does? There's been a lot of speculation about it, sure, but only the analysts are saying it. Thing is, Sony's tried it a number of times, Samsung's Galaxy Gear met with limited success and even Apple isn't so blind that it would try to launch a product in those shown-to-be-lukewarm waters unless it knew it had an angle that was unique and inspiring because the iFaithful aren't *that* faithful.
Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets
Hot, young under-25s: Lonely slab strokers who shun TV
Re: Going against the trend
You do not need a TV licence to watch TV from a PC provided you are not watching 'live TV', i.e. shows as they are broadcast.
"You do not need a television licence to catch-up on television programmes in BBC iPlayer, only when you watch or record at the same time (or virtually the same time) as it is being broadcast or otherwise distributed to the public. In BBC iPlayer, this is through the Watch Live simulcast option.
Anyone in the UK watching or recording television as it's being broadcast or simulcast on any device - including mobiles, laptops and PCs - must, by law, be covered by a valid TV licence.
A 'live' TV programme is a programme, which is watched or recorded at the same time (or virtually the same time) as it is being broadcast or otherwise distributed to members of the public. As a general rule, if a person is watching a programme on a computer or other device at the same time as it is being shown on TV then the programme is 'live'. This is sometimes known as simulcasting."
Note you can substitute ITV Player, 4OD or 5 Catch-up (or whatever it's called now) for BBC iPlayer and everything still holds up true.
Didn't you know? Today's Patch Thursday! Adobe splats hijack bug in Shockwave Player
It's a BLOCKBUSTER: Minecraft heads to the silver screen
Update your Mac NOW: Apple fixes OS X 'goto fail' SSL spying vuln
My smelly Valentine: Europe's perfumers wake to V-Day nightmare
PSST! New PCs with Windows 7 preinstalled are out there – and will be into 2015, at least
Facebook debunks Princeton's STUDY OF DOOM in epic comeback
I thought the original article had a reasonably intelligent point, but trying to debunk it with the same methods was never going to work. Note: this is all about discrediting the report by attacking its methods than about proving that it is flawed for any other reason... it's almost an ad-hominem.
Mozilla CTO Eich: If your browser isn't open source (ahem, ahem, IE, Chrome, Safari), DON'T TRUST IT
This puff piece is nonsense.
Open source, theoretically, should be more provable as secure than not. Which is fine, if you have the time, resources etc. to actually audit such code.
Real users do not, they do not download and compile from source (Linux on the desktop is increasing, sure, but it's still a rounding error compared to the Win/OS X userbase, and even then most of the time they're not building from source either), they download a 'trusted binary'.
And of course then there is the argument about compilers - I seem to recall a fantastic piece about compromising compilers from Ken Thompson. It was written 30 years ago, but here's the thing... when the Mozilla folks build the binaries for Windows, what do they use? I see from their Windows build requirements page that they use Visual Studio and cygwin in concert (VS for the compilation, cygwin for the linking, presumably? Not clear.) But you're still relying on those tools to be uncompromised. That means trusting VS and cygwin (and possibly gcc) - and you can't audit VS.
http://c2.com/cgi/wiki?TheKenThompsonHack is mildly scary reading. Not totally scary, but mildly scary.
We don't need no STEENKIN' exploit brokers: Let's FLATTEN all bug bounties
RSA comes out swinging at claims it took NSA's $10m to backdoor crypto
"At that time, the NSA had a trusted role in the community-wide effort to strength, not weaken, encryption"
Wait, am I reading that right? Why would it ever be in the NSA's interest to make encryption stronger for the masses?
I mean, it wasn't until that long ago that encryption tools required a munitions licence to distribute because they were weapons of a sort. Seems to me that keeping an eye on the industry and maybe slipping the odd slight hurdle into it, on the sly, would absolutely be SOP for them. But maybe I'm just too cynical.
Microsoft bans XXXXBOX gamers for CURSING in online combat
Huge horde of droids whacks code box GitHub in password-guess attack
Winamp is still a thing? NOPE: It'll be silenced forever in December
Like some of the other commentators, I moved away from WinAmp with its 3.0 release.
Since I have a decent collection of tracker mods from ye olden games, I wanted a player that could handle reading all kinds of formats and ended up with XMPlay with one of the plugins (DelixTracker) which handles everything I can throw at it.
To the one person who asked about music devices, XMPlay lets you specify which device you want to use, including WAV encoding or LAME (for MP3) or OGG output should you need to transfer formats.
Sueball-happy patent biz slaps lawsuits on 14 tech firms
The importance of complexity
Disclaimer: I don't have a degree, however I did tackle the fundamentals of this in Decision Maths as part of an A Level in Maths so while I may not be as boffiny as some here, I do understand what NP problems are and the relevance thereof.
The only time I can actually recall using the various things I learned was in the midst of writing bits for an RTS game, where pathfinding was required. Whether you go down the road of A* or D- or whatever in between, you're still talking dancing about with Dijkstra's algorithm to some degree.
Having an understanding of the differences between bubble sort, quick sort, exchange sort etc. is always useful too and where it can be an advantage not to use the good old quick sort (if the data is already mostly or completely in order, for example, quick sort may not be any use to you over a bubble sort)
The other algorithms covered - travelling salesman, shortest method of connecting a weighted graph (like network cabling) have applications out there in the real world but I've never encountered them, and neither have any of the folks I know, but I'm sure there are uses for them.
Sweet murmuring Siri opens stalker vulnerability hole in iOS 7
Samsung Galaxy Note 3 region-locking saga CLEAR AS MUD
Great Britain rebuilt - in Minecraft: Intern reveals 22-BEEELLION block map
Hardbitten NYC cops: Sir, I'm gonna need you to, er, upgrade to iOS 7
Re: Disable Find my iPhone?
That's great, until you either want to actually use anything that's on the Internet - or shock, horror use the phone for the purpose for which it was designed, i.e. to actually talk to another human being.
Airplane mode just makes it, quite effectively, an iPod Touch.
One year to go: Can Scotland really declare gov IT independence?
Apple beckons fanbois back into its golden era... of, er, 2010
Re: That's not the right way to do it
I didn't have any problem using the current (not beta) versions of Xcode, including the 6.1.3 APIs and whatnot to push a build of my current app to my first gen iPad, which still runs 5.0 (it can run 5.1 but 5.0 was memory hungry enough on it)... Depending on how far back you want to go you might have to jump through a few hoops but that's par for the course when using any of Apple's dev tools.
iPhone rises, Android slips in US, UK
Re: I wonder if it's straightforward role reversal
He's not calling you a Chev, he's referring to Chevy - Chevrolet - the car manufacturer. As in 'as a fashion statement they are right up there with Chevrolet', a brand not entirely known for its fashionability, except the Corvette (as noted by the poster)
Microsoft Xbox One to be powered by ginormous system-on-chip
I'm intrigued by the whole 'shared memory' thing because it's nothing new at all. I'm not talking about the setup that PCs have had in recent times where the video memory was carved out of the main system memory, but every time I've seen it mentioned, I've just remembered the Amiga.
For those not familiar with the Amiga's innards (and this is a simplification, the real picture is more complex but I've forgotten most of the detail), there were essentially two kinds of memory hived out of the total system memory. The first was 'chip' memory, which could be read by all the main chips, which is where graphics and sound had to be stored. The second, was 'fast' memory where only the main controller could access, meaning that you stuffed application code there where possible, because the CPU could access it faster than it could if it were reading from chip memory. It was also possible to switch some from one to the other (e.g. like the later Amigas had a ton of chip memory but a lot of programs expected that if it saw that much memory, some of it had to be fast memory and promptly went splut)
So yeah, sharing memory between subsystems on a more unified level is not a new concept, especially when you're talking about memory that both the CPU and graphics setup can share between and essentially allow the graphics to grab from memory without the CPU being involved... it just reminds me of 1986 or thereabouts...
ISPs scramble to explain mouse-sniffing tool
Tesla tops $20bn as Elon Musk claims arm-wave design tech
Apple's iTunes Radio to launch next month with abundant ads
Fanbois taught to use Apple's new killer app: Microsoft Windows
Friend of mine is using a 3 year old iMac... and using Parallels to run Steam games where there isn't a native version of the game for OS X. I was watching him play Assassin's Creed III on it the other day and it performs surprisingly well on a 3 year old machine running through an emulation layer. In fact, when we rebooted it and ran it through Boot Camp (i.e. native Windows), it wasn't actually significantly better.
Me, I'm using a MacBook Pro (developing for the mobile things) and I'm in Boot Camp most of the time. Don't know what it is but Parallels just doesn't run very well for me. Guess my friend is the lucky one.
WoW gold farmer throws sueball over real world gold theft
Not understanding what the problem is here... she had gold bullion (physical item) in her house, which was stolen.
Unless there was some exclusion in the policy against gold bullion, I can't see that they have much of a leg to stand on... it wasn't obtained illegally as such... are they claiming the gold was proceeds from a crime? If so, what crime, actually, was committed? Seems to me that the worst that could be claimed was breach of contract (her with Blizzard) which in any case is neither a criminal matter nor anything the hell to do with the insurer refusing to pay out for the gold bullion.
What I could imagine, though, is that the gold bullion was worth more than what she had insured and that she wasn't going to get the full value back...