* Posts by /dev/me

147 publicly visible posts • joined 13 Jun 2008


Yet ANOTHER IE 0-day hole found: Malware-flingers already using it for drive-by badness


Re: Why don't they name the sites so they can be avoided?

Because these sites will probably be victims themselves, compromized using some vulnerability in an out-of-date CMS or one of its plugins. But notfications will have been send out to the hostng providers of these websites. And in all likelyhood the websites will have been taken offline, and a call to the website owner explaining they have been compromized and they have to clean their website, update their CMS, change passwords and whatnot before their website can be allowed online again *)

Besides, if you have google safebrowsing turned on, your browser will shield you from the known compromized websites.

*) Or at least, that is how it's supposed to work in theory.

Obama proposes four-point plan to investigate US data spooks

Big Brother

Re: Time to grow up

"nearly half of whom don't bother to vote even in Presidential elections"

Ehhh, 95% of the people don't even get to vote in US presidential elections. Please remember that statistacally speaking the Americans are the foreigners. And the data gatering affects us, natives of our lands, who have no rights under the US constitution and who are spied upon by a foreign power and yet we are not even mentioned by Obama in his quasi-we'll-look-into-it statements.

As long as we have nation-states, we have sovereignty, and we can tell you to fuck off. Top German telco's are currently moving their email away from US businesses, at my company we see Amazon as less and less of a competative threat due to all this, there's rumors that US spying policies cost the US economy billions of dollars in lost sales. Rightfully or wrongfully, keep these practices up and it'll only get worse.

Got a BlackBerry? It may be telling your friends when you watch pr0n


It's not the pr0n

It's the cat videos that I'm ashamed off...

Yahoo! drops! size! limit! on! email! attachments! with aid from Dropbox


Re: Just because you CAN do it, doesn't mean its a good idea

Those poor poor email servers where never meant to move large files. Just because our users don't want to learn about a protocol like FTP doesn't mean we should try to widen the maximum attachment size into what I've come to call FTP over SMTP. (and a promising DOS attack vector)

And now all the webmail vendors seem keen on inventing some two step program where email is integrated with a service that is basically nothing more than FTP over HTTP.

Sending large files over the internet is perfectly valid and we have a fine protocol for that. If the major browsers had put just a little more effort into supporting the FTP protocol more fully than they did, we wouldn't have to be in this mess... le sigh

BYOD: Bring Your Own Device - or Bring Your Own Disaster?


Re: The problem here is shitty IT departments

Paranoia is a good thing for a sysadmin.

But; at my old job we had a very active BYOD policy. User devices where physically separated from company infrastructure and didn't even share the same internet connection. But as dozens of soon to be disappointed users found out they could not mount network shares on their iPhones/iPads and one of them, a user with half a clue, found the solution.

By the time we found out about it, they had been building a shadow-fileserver using Dropbox for months. They had been emailing their documents to themselves so they could upload them and where now using Dropbox as the online collaboration suite they had always wanted. We found out because some overconfident conspirator joked that soon we wouldn't need no stinking fileserver because everything was in the cloud these days.

Luckily for me, it befell to my boss to explain to our CEO why exactly this was a Bad Thing(tm), as I wouldn't have had patience enough. Because the CEO was of the sorts that actually applauded this sort of initiative. So despite all our measures of keeping the network and data safe, the shadow-network had no better protection than the assumption that no one would be interested.

'007' job ad for an assassin appears on official UK.gov website


Not just MI6, the police are looking for a killer as well

Alas they rejected my application, claiming they are looking for someone with experience.

Microsoft: 'To fill 6,000 jobs, we'll pay $10K per visa'


Re: J.G.Harston

I understand your frustration. I got around the problem by avoiding at all cost applying with companies that seem big enough to have a HRM department.


Re: Less pay, more work

And what if our aspiring water fountain technician was a felon? Surely holding a proper job like water fountain service maintenance would be a good thing for a someone wanting to get back on the straight an narrow? I should even think, our ex-criminal might strive to improve himself and one day be promoted to water fountain emergency repair field operator. Or if he proves himself a poor driver, might with due effort become a water fountain maintenance planner.

And being Dutch I can tell you, if you take drugs in your free time and it doesn't affect work, then it's none of your boss' business.

Why is the iPhone so successful? 'Cause people love 'em


May I compare thee to a nice looking car...

Except that the Lada Riva wasn't designed and marketed as beautiful. It's sole purpose was not to break down and strand it's occupants somewhere on the Siberian tundra at -40C because they would suffer the cold and die.

Oh, and it had to be cheap as hell...


Black Helicopters

Re: Why doesn't someone hack into NASA's computers to find out?

Hacking the NASA servers by penetration testing port 80, I've found the secret documents that reveal both the location and the nature of the prints. And a movie-file disclosing the individual who found them.

It turns out, NASA has used an old but neigh unbreakable form of encryption that we used to know as README.TXT-encryption (the most secure method of hiding useful information) but is now modernised by the HREF (or linked article)-encryption standard. Even Real Haxxors have trouble with those.


Anyway, the noise of those black helicopters is starting to drive me crazy and I hear footsteps on the roof. I think I'm off to the US of A!

Don't download that app: US presidential candidates will STALK you with it

Big Brother

"Even reputable sources like the official presidential campaigns"

I'm not quite sure, does that really count as a 'reputable source'? I mean, /really/?

Hypersonic Waverider scramjet in epic wipeout


Damn you sir, I say, damn you!

After a quarter of a century, I now have that tune stuck in my head again...

tududup tudududum tadadatatada jadadadadadada tadadatatada

McDonalds staff 'rough up' prof with home-made techno-spectacles

Paris Hilton

Re: Cyborg uprising

Yeah, I was thinking this should be filed under RotM; human victory.

/Paris, for want of a WIN icon

Behold: First look at Office 2013, with screenshots


Re: Microsoft in schools IS a GOOD thing

Children should be taught concepts, not products.

And what are 'Windows skills' anyway? regedit?

Post-pub nosh deathmatch

Paris Hilton

May I suggest 'Pain Américain'?

No that's not 'pain' as in 'au' but as in 'French bread'. I gather it's being sold in France to homebound drunk people, and is basically French fries, hamburger (and/or sausage) on a banquette with ham, cheese, loads of sauce and optionally some green things that grow from the ground. I tried to create this, once, and I can still see the stains on the carpet. But I do have a vague memory of it being a worthy contender for this deathmatch.

BOFH: The back-up backdown smackdown

Big Brother

Re: "result in a P45 and/or a prison sentence"

Only if you get caught. Which is unlikely, if you're a pro-BOFH.

The security guards will be pleased with access to youporn and .xxx domains, and so may have inadvertently recorded over the CCTV tapes some user claims holds the evidence of his abuse.

And you can always casually mention to someone in upper management that you are working on long term resource usage analysis in order to compile your multi-year hardware acquisition recommendations and that you stumbled on the curious fact that /some/ users have gigabytes worth of data in hidden folders in their home directories.

Upon being asked to investigate, which you will only reluctantly agree to after receiving a signed order to do so, what with you valuing your users privacy as much as you do, you then have carte blanche to shove donkey porn onto whichever user you need to get rid of quickly.

Then, of course, your admin status on the proxy server, specially the write permissions on the log files, can be put to good use to get rid of said upper manager because it's bad practise to leave witnesses.

Google makes Opera bloggers an offer they can't refuse: Use Chrome


Re: False negative through outdated over-restrictive regex perhaps.

If that where true, that could be tested.

On the other hand, if the regex against Opera 12 turns out false, it should lead to a default "unrecognized User Agent, but we'll do our best"-scenario, not a warning.


What was that again, something with standards?

I once thought the whole idea of basing the web on open standards was that website builders don't have to support browsers, only standards. But it was just a dream...

RIM shares take a bath after uninspiring BlackBerry 10 unwrap


There can be only one (or two, at most)

What is it with this mobile market that all players, but most notably the press reporting on them, are so openly striving for world domination? It's all formulated in terms of winners and losers, rather than as a market seeking equilibrium.

The whole Android -vs- iOS fanboi-battle with accompanying announcements of the death of WebOS, the demise of Symbian, RIM losing grip and WP7 failing to take off makes it look as though yes indeed we want a monopoly, we want a monoculture, we want to be able to chose the colour of the device but not what powers it underneath.

I could say the same thing about browsers, where one tiny percentage point drop one early rainy saturday morning is brought in the news as a battle lost. And I could rant on about how we used to think the smartphone market would remain a vibrant market where consumers had something to chose rather than the almost binary choice of a (black|white) iPhone if I can afford it or any of a thousand candy bar coloured Android devices if I can't.

Apple flooded with iPad 3 wireless connection complaints


Weird wireless problems are weird

<anecdote> At work, we have a wireless accesspoint. All the iPad[(1|2)s have no problem reaching it. Neither do the iPhones, the HTC Hero's, WinXP and Win7 laptops and my Palm Pre.

But the WinVista laptops (however rare), the HTC Desire's and oh dear oh dear my own SL6 laptop keep losing connection. And indeed, the iPad3s we have also keep losing connection.

We bought a better router, and all the problems are gone.</anecdote>

Apparently I have no idea why this is. I thought these wireless protocols where device/platform agnostic. Maybe there's something wrong in the implementation somewhere, but we did upgrade the firmware of the cheapo router to the latest version.

I dunno, but when I had this connection problem on my plate for a while, I could not rule out that it was indeed the router where the problem was. Testing with different routers would be my first step.

Of course "change your router, no big deal" is not a solution to the problem. But apparently there are devices that just don't like talking to each other over wireless. In my experience this includes, but is not limited to, the iPad3.

Yes, Prime Minister to return after 24 years


Re: Deja Vu

I watched the series again some time ago. Really amazing how modern the topics where, and how views on these topics have changed.

ID cards? European non-sense. The Brits will never buy it! We'd have a revolution on our hands.

A National Database? Outrage in the land, the papers and the news... privacy is at stake.

Facebook: Your boss asks for your password, we'll sue him! Maybe


Re: Think about the company and the job before you respond....

Scenario #1 is I think the only valid case for employers to ask for FB details.

The times that I saw a SysAdmin job opening on such an institute, it made it absolutely clear that the candidate should have no misconceptions that a very extensive security screening is part of the selection process. They don't surprise you with these kinds of questions in an interview. The security screening is formalized as part of the procedure.

Alas, as thoughts about high levels of security kept triggering my fetish for KGB agents of the long blond hair, big boobs and leather pants variety ("Ve vill be talked about zekret in hotel room")... I never really came round to applying.

Testicle-boiling new iPad ignites fanboi fury

Paris Hilton

Re: Back to school!

As 0 degrees Hilton (0H) is the temperature of Hilton at rest (36C)

And 100 degrees Hilton (100H) is the temperature of Hilton during intense activity (38C)

So the iPad3 can get as hot as 550 degrees Hilton. And now you know why this is newsworthy.

For comparison, room temperature, what most people feel comfortable in, is -700H. And that's a big difference. So there's no argument; it's all proven facts and science. The iPad gets hot and makes you sweaty. Whether that's a Bad Thing, I'll leave to the philosophers...

Eddie Murphy heading for worst movie ever glory


Re: At least Steve Martin can play the Banjo.

You know the definition of a 'gentleman'?

Someone who can play the banjo, but doesn't.

Social networks breeding spatial junk


But there's a workaround

They check Twitter and other sources of user generated content to verify information. Probably relying on the philosophy that truth is just the average of all errors.

pcAnywhere let anyone anywhere inject code into PCs


Re: How does a firewall prevent a buffer overflow

Hmmm, the way I read it, I thought by setting max packet length

iptables -A INPUT -p tcp --dport 5631 -m length --length $maxlength: -j DROP

Or something like that. But as the article says, it would be stupid to rely on this. I'm also wondering if commercial (hardware) firewall vendors would include this kind of fine grained rules per default. I somehow doubt it, but it would be interesting to ask.

Outside-the-box thinking literally can't be done inside a box, say profs


Jake, I take it

You are laughing because of your doubts how a University can empower Management with value-added knowledge intensive processes and leverage potential efficiency margins in the Human Resource area? I know, I know.. that's what consultants are for.

Boffins find new 2012 glyph on 'secret' Mayan brick


every 13 baktunoob the cosmos is regenerated

Also known as patchbaktunoob, we get important updates and a reboot.

/looking for the changelog

Brussels: Water cannot be sold as remedy for dehydration


Good call

I wouldn't want to live in a place where water is sold as a cure for dehydration.

But even if someone /is/ dehydrated, I thought you'd have to give him water, not sell him water.

Microsoft seeks patent on employee spy system



"an increase in an employee’s trust in the boss is the equivalent to a pay rise"

Oh, well, if it's all the same, I'll take the pay rise thankyouverymuch

Mysterious sat-pic China desert markings - EXPLAINED


Earth (planet): mostly harmless

[citation needed]

Too rude for the road: DVLA hot list of banned numberplates


Would G12W UP be a valid license plate?

...that's what she said

Gulf of California terrorized by ONE-EYED MUTANT SHARK!

Paris Hilton

Re: Times change

A one eyed monster is something /quite/ different in my book. It's something (see above) Paris would eat. But lets not get into this any further *that's what she said* for the mere thought causes harm and distress to children and vulnerable people.

Windows 8: Half million previews downloaded in 24 hours


Like a pro

Just drink without spilling, who needs physical media anyway?

Apollo 17 Moon landing: Shock revelations


undated photograph

Forensic analyses of your 'undated photograph' shows it's hidden timestamp set to the exact time my system clock was on when I downloaded it. Coincidence? I doubt it! Clearly, this is not a still photograph but an embedded live feed from the lunar surface.

I'll quickly write a GUI interface in Visualbasic for a bi-directional transceiver and upload it to the Internet. Then you can open a two-way comms channel and interview the king before he leaves the building again.

Here lies /^v.+b$/i



exit ${status:-0}

DOH! Housing contractor loses unencrypted stick down the pub


Re: USB ports shuld be closed

When we buy machines they are have empty disks. We load an image in it. Then hook it up to the domain, and from there it gets its policy as to what to do with inserted media. And you can differentiate between mice/keyboards and storage devices. You can do that in Windows just as well as you would on any *nix flavour.

And yes, we get on average one person per day asking us to enable USB ports for storage devices. And we say 'no'. Most of the time in this line of business you'll find that most of these common problems have been solved already technically, even by MS. Although the settings are not always in clear view. Sometimes you have to search a little, but what's more difficult is keep telling the users 'no'.

Most of these problems aren't technical problems. They have to do with users demanding the same kind of functionality from their workstation as they have at home, and that includes demanding laptops, USB storage, local admin rights, world writeable shares, flash plugins and certainly no screen lock or strong passwords.

/enough about work

LOHAN spaceplane project starting to shape up nicely

Paris Hilton

Vulture Evolution; or how we went from 2D to 3D printer .. ehm .. output material?

""Structure formed from composite material (eg, carbon-fibre-reinforced polymer), or selective laser sintered nylon.""

I don't understand how this is still a question?

Vulture 1 (PARIS) was created from high quality (but 2D) printer paper, providing it with the necessary IT angle. It's only a natural step in the evolution of the Vulture project that #2 (LOHAN) is created by a 3D printer.

Objections? No? Then it's agreed :D

Moderatrix kisses the Reg goodbye


I hate goodbyes!

But I hope your evil scheme to world moderation works out. Give 'm hell!

Blow to the head makes people feel good about religion


Religious people might be happier

But depressed people are more realistic.


Help! My Exchange server just rebooted


real sysadmins...

...don't use third party recovery tools. They just promise the boss they'll have it fixed by Tuesday. Then they get out for an early beer. Let the whole company sweat for a few days. Then log in via the pub's wifi on Monday afternoon, restore the snapshot taken 10 minutes prior to the corruption and take all the credit for fixing the catastrophe ahead of schedule.

Google: Our rapid load won't give you anything nasty


only works with Google Chrome

A. This site is best viewed in Netscape Navigator.

B. This site is best viewed in Internet Explorer.

C. This feature only works in Google Chrome.

D. Click here to install the Silverlight-plugin.

E. The web is based on Open Standards.

Which doesn't belong?

RIM taps Microsoft Bing for phone and tablet search



Do an image search on Bing, do something adventurous like scrolling down the page. And lo! What happens? It hijacks the browsers [back] button as every movement of the scroll wheel or bar gets counted as a separate page in your browser history. Running up well into the hundreds. At least in FF. And from what I understand also Chrome and Safari.


This may be a slightly off topic post, but if I where RIM I would think twice about getting into such an ordeal. 'Worldwide rollout of defective JavaScript-r-us'?

Microsoft breaks own world record for IE nonsense


Re: Why don't you learn English?

Who knows English, who only English knows?

Some languages are more flexible than others, and in some adjectives, nouns and verbs are interchangeable. In Dutch and German I could easily use HTML5 as a verb, and in context it would even make sense. For example: "we're currently HTML5-ing our Webinterface."

That said, I can see what an HTML5 experience is. You /can/ use HTML5 as an adjective. Perhaps this strokes against the 'Current Best Practices of English Language Usage' but it certainly does not disagree with semantic rules of other languages.

So it is possible to deliver an HTML5 experience. And, when the look and feel of a website is akin to a local app, one might even say, indeed, a native HTML5 experience.

Please note however, that the keyword here is 'experience'; a clever marketing word that has nothing to do with any technology involved. It is subjective, unmeasurable and only vaguely defined in terms of look&feel (which in turn is also subjective and unmeasurable). And you can claim exclusivity on a certain kind of experience, simply by changing the definition.

So, there you have it. IE can deliver a native HTML5 experience, at least from an end user perspective. Programmers, developers, administrators et al might get confused by using otherwise well defined jargon in such a marketing manner. But that is sales people for you*). They will gladly tie some buzzwords together with vague concepts to form sentences that reveal nothing to the initiated.


*) If you like this sort of thing, we at work call our serverpark 'the fat clients' we call the patch panels 'the servers', we call desktops 'thin clients' and we call the databases 'the intranet' ... all according to real life misuse of IT jargon by sales people and consultants.

TV sitcom opens up the world of penetration testing


That's wrong with VB

If time were of the essence, why would you need to write a GUI interface to tie outputs of existing commands together? Notice how she did not say she was going to write (perhaps back-end; that too sounds cool) tracking software.

She specifically said how she would "create a GUI in VB; see if I can track an IP address" which by itself is like saying "I'm going to install a switch that lights the room". This is Catweazle's "sun in a bottle" territory at best. Magic.

And what is 'track an IP address' in this context? I know of Windows types that might choose to run tracert and Unix types that are content typing traceroute, whereas Hollywood types might prefer some custom 3D interface and preferably (oh please) if not a touch screen then a laptop with the rubber feet removed so you can slide it across the table... but whatever your reason and whatever your platform of choice, for the task at hand I see no reason to prioritize on the GUI.

And that is what's wrong with VB.


And to go on a bit>People who claim a WebBlog is updated in Real Time might do with a lesson in stateless protocols. Is that JavaScript I hear ticking? :p

Polyglot 419 scammers target German and Welsh speakers


And how would that sound like?








etc etc

Dutch develop world's largest touchscreen


In Uni

The big college classes where students(N=700), it was too large to effectively aim a piece of chalk, and sometimes the inattentive students outnumbered the available pieces of chalk 50:1

A professor of mine solved said problem by showing (on a roughly 2~3 meter screen) a close-up of an injection needle being injected in a human eye. Maybe it was just imagination, but I saw Real Fear in that eye.

As sound effect behind it, the screaming brakes of a cargo train making a full emergency stop. You think 'nails on chalkboard' is bad?

Suffice, it was quite efficient in getting our attention...


Really, all you need is a .gif, an mp3 and a few lines of code to tie it together as an app. Call it iScream and you can sell it in the app store for $1,99

Microsoft has shifted 1.5 million Windows phones


"at least half a billion dollars on promoting the platform"


Thats $500m and oversimplifying the equation: $500m / 1.5m telephones, that's $333.33 per telephone sold. Even if we assume they sell 15m per mid 2011, that's still a marketing budget $33.33 per telephone sold.

Makes one wonder how many they expect to sell, before these margins become reasonable (or for that matter; profitable).

Brussels quizzes UK on school kiddyprinting


Kids: wash your hands after you've used the public fingerprint reader.

And the next generation of stand-up comedians will joke:

I always wash my hands after I use a public fingerprint reader. So how come they say it's a source of infection? Oh! Because I wash my hands *after* I use the fingerprint reader.

My Droid EXPLODED mid phone call, says Texan



No health insurance, but money enough to buy a smartphone? At the risk of being called a socialist, but I think there's something wrong with his priorities.

Speaking of priorities. Spending four hours in the Emergency Room to get a couple of stitches? I don't know how these things work in the US, but down here spending time in the ER is an inverse measure of how badly hurt you are. It just means he was triaged to the bottom of the list, and spend his time in the waiting room reading magazines.