* Posts by Rajiv Dhir

14 publicly visible posts • joined 5 Dec 2008

Collective SSL FAIL a symptom of software's cultural malaise

Rajiv Dhir

Is the malaise "Feature Creep" or "Sleep Creep"

Sure security is hard, but would someone at Apple care to explain how such a straightforward bug made it through regression testing. Do they have regression testing? Is it complete?

One could equally complain, that if the coding standards at the organisation insisted on braces, the second ctrl-v MAY have caused a compile time syntax error. Its also possible, that the programmer put it in deliberately to test something and forgot to take it out.

Perhaps the malaise is focusing on features rather than writing boring test harnesses for core libraries?

While everyone points the finger at M$ for this, its not exactly unique to them.

Hey, O2 punters: Kiss goodbye to 4 MEELLION* Openzone hotspots

Rajiv Dhir

yes but I hate openzone, being paranoid, and having enough data in broadband plans, I don't want to be promiscuous with WiFi. I find it a general pain on devices, having to turn WiFi off when leaving the house to stop it connecting to Openzone.

El Reg in email address blunder

Rajiv Dhir

I think you mean 46K ex readers!

subject says it all

Fretting Googler retracts anti-Google+ rant

Rajiv Dhir

Well his truth is an old truth to programmers. It isn't a proper language if you can't write the compiler in the language itself.

Anonymous smites Orlando after charity arrests

Rajiv Dhir

There is more info available on the net

a) You need a permit for feeding in a public park - passed several years ago in Orlando (2006)

b) You may only do so TWICE a year.

c) Orlando council paid for two permits for Food Not Bombs.

d) Food Not Bombs then continued to Feed the Homeless or in fact anyone who turned up.

They only started enforcing because the appeal against the ordnance was finally dismissed. In fact the appeal succeeded, as the court of first instance found it violated free speech. The appeal court said giving out food was not protected speech.

I suggest they talk while giving out the food!

And yes the taxpayers are basically saying we don't want no hobos in our park.

Slack bank practice creates opportunity for phone phishing scams

Rajiv Dhir

Always ask for a callback

I always as a matter of policy ask for a callback reference. I then call the public number. If I found a bank not doing this I would close my account immediately. I have had no difficulty with this with HSBC and firstdirect no matter what the call was about.

HSBC also ask a security question that is verifiable but not part of your normal security response for matters that are somewhere in between, eg getting further details for product applications that will later be verified by other means.

Seagate tells flash bigots to get real

Rajiv Dhir

Seagate should get real

agreed. However it does boil down to price sensitivity. Currently a cheap notebook HD is maybe £25-£35 + VAT. An SSD of reasonable capacity ie 120GB is still £100. On a £380 notebook that's about a 20% uplift in price. When it comes down to 120GB = 5% uplift, then I think HD don't stand a chance. That uplift will speed up the laptop enormously, and is worth while as a speed upgrade rather than a "capacity downgrade".

My view is that while most people can live with 60GB it is a little tight, 120GB is easy to live with and can hold as many games, photos and as much iTunes music as most people are likely to need given current compression techniques (AAC, JPG, MP3) . So when 120GB flash drives cost £50 then HDD guys should get worried. Either that or they need to that bit torrent is shut down.

The capacity demand in laptops is driven by HDD guys building denser disks, the cost of a platter remains fixed.

Facebook unveils 'next-gen' messaging system

Rajiv Dhir
Jobs Horns

This is what I use my Palm Pre for

And it works because on a smartphone, you have access to all the channels and its immediate. Nobody's friends are exclusively on one channel, nor do I use use a consistent channel for with each friend. I have one with a blackberry who replies to emails with texts (go figure), she does it to avoid the danger of reply all.

So when this service is available on a smartphone or it can incorporate a lot of channels its might be worth worrying about.

Short passwords 'hopelessly inadequate', say boffins

Rajiv Dhir

Can we drop the word "password" and start saying "passphrase"

And then a whole bunch of attack vectors go away. Not its not a universal solution, and you will still need a phrasebook to eliminate weak phrases and Ithe other two solutions that need to go in lock step are a password vault which can interactively query a website for its passphrase restrictions and generate something strong, now there's a use for SOAP, and or take the manual approach of securing using a passphrase set appropriate to the site.

On the internet you have to believe everything can fail and that includes security, so assume the site you are using will be hacked.

Whatever happened to the email app?

Rajiv Dhir

Windows 7

"Long story short, if your application stops talking to Windows, Windows will want to kill it."

I expect the same will apply to users soon too.

Apple blueprints warranty Big Brother

Rajiv Dhir

Remember You are Licensing ...

You only have a license to use this hardware, you do not own it. Apple may terminate this license at any time, should you

1) talk to the press

2) complain to apple

3) fail to worship St Jobs thrice daily

4) open the device

5) use unauthorised media on the device

6) allow the device the to burst into flames by turning it on.

7) fail to make your children fan(children)

8) allow your coolness level to fall below a level to be determined by apple

9) participate in any patent lawsuit against apple

10) participate in any class action lawsuit against apple.

oh sorry that's an iPhone

hell I'm surprised they haven't patented the "Mission Impossible" self-destruct as a feature.

Microsoft strikes back at Outlook 2010 rendering grumbles

Rajiv Dhir

Someone tell the XBOX Live Team

I just noticed that the top of XBOX Live promotional emails says

"Read this issue online if you can't see the images or are using Outlook 2007"

Thats not really being a team player. After all what we need is Office 2010 for Xbox


The mobile phone as self-inflicted surveillance

Rajiv Dhir

email retention

But surely all I have to do to defeat the email tracking i have my own smtp server and use tls, any halfwit can rent a virtual server, follow howtoforge.com and keep no logs. Now if you monitored the server somehow you might find the destination host but if you are sending to hotmail or gmail how will that help.

Powerline Ethernet and ring mains

Rajiv Dhir

Powerline can be effective

Right Facts

a) The signal will leak out, but attenuate. Add a password and no one should be able to piggyback. I've found the software pretty easy, although if your device has a number for the security protocol, note it down BEFORE you plug it in.

b) The 200mbps or 85mbps is the raw rate ie you'll get less due to interference and the overhead of the protocols, but that's the same for 54mbps etc for wireless. HOWEVER the 200mbps is shared by all the devices so if you have several boxes all transmitting SIMULTANEOUSLY then they are sharing the bandwidth. Again this is the same situation as wireless, except if you re in a block of flats, there are a whole load of other people sharing it. There are no channels to avoid interference, but 85mbps and 200mbps exist at different frequencies.

c) It may not work across multiple fuseboards. My sister has a large house with three separate fuseboards and the signal will not cross. Most houses have a single fuseboard and your upstairs downstairs ring mains will just be separate circuits (fuses, breakers, rcds) on the same fuseboard

d) You can fiddle with placement to improve signal quality, ie direct in the wall, on a distribution block... Software will be provided though as someone mentioned it may be windows only.

e) I have found that sometimes, 200mbps doesn't work where 85mbps does - don't know why.

f) Its great for bridging, ie plug it in to a router, or combine it with wireless access points. Sure there are bandwidth limits, but unless you are shunting multi gigabyte files, or multiple 1080p video streams it'll be ok.

g) It really is easy to set up and is a breath of fresh air after wireless.