* Posts by Tom 13

7544 publicly visible posts • joined 10 Jun 2009

Yahoo! fixes! password! leak! vulnerability!

Tom 13

Re: Little Bobby Tables at it again

If the breached databases were from the acquisition, and none of the native Yahoo databases were breached, it sounds more like Yahoo failed to perform a code audit when they made the acquisition and the at fault for database mistake twits worked at the acquisition company. Still a major fault for Yahoo, but if those db admins got outsourced, they deserved worse.

WikiWin: Icelandic court orders Visa to process WikiLeaks $$$

Tom 13

Re: hardcore pornography, Klu Klux Klan, and online gambling sites

It wasn't the number, it was the names. You know, like Teddy Kennedy for instance.

Oh, wait, that's right. He was a Progressive who wants the US to implement our own version of the British failed healthcare system.

Oatmealer rubs Operation Bear Love cash in troll's face

Tom 13

While I concur on the account/lawyer point,

that's not because I think the guy is absconding with the cash, but because there are so many people like you around who feel free to impune his honor.

Google sued over mobile Chrome by patent firm

Tom 13

Re: To misquote Shakespear

Aren't you being redundant again?

Phishers use less strident subject lines to deliver new cunning attacks

Tom 13

Re: "tricking prospective marks into clicking a link"

Part of the problem is that it is usually obvious to IT geeks when a link is suspicious but not so much for your average punter.

I use my mother as my average punter yardstick and she is completely clueless on this front no matter how much I try to train her. Put her on a New York/London street and she's got better street smarts than me, but it all goes out the window when she's on the PC. It took me a long time to break her of playing Pop-Cap free games and their ilk. Only accomplished it by getting her to switch to Zynga's FB games instead. At least there she's smart enough not to follow the links for free Farmville cash.

Tablets, copycats and Weird Al Yankovic

Tom 13

Beat me to it/Minor Nit

You'd probably be safe under parody laws, but it would have to BE a parody, not a cheap rip-off. Cheap rip-off and you'd still lose.

Chemical giant foils infected USB stick espionage bid

Tom 13

Re: Straw poll ? - Real-World Tech Use of USB Sticks

Way, way back in the day I worked at a facility where one of the variants of the Stoned virus was a known and accepted risk. It was an mbr variant that infected floppies and hard drives. The admins couldn't ever get everyone to bring in all of their floppies for him to scan, so even if he dedicated an entire weekend to cleaning the hard drives on the PCs and scanning all the floppies in the building, within a few weeks an infected floppy would reappear from home and re-infect the network. He did eventually manage to get a line item added to the budget for a TSR program that he could run from the login script, but it was about a year after I started working there. And it was a known problem when I started.

I remember it because as a power user, I was trained to scan all floppies I received immediately upon inserting them in my system. Back in those days, if you were the DTP guy, it wasn't unusual to think your system was Stoned even without the virus on your system.

Tom 13

In addition to different media types and depending on the age of the system

a USB stick might be registered in autoplay because it was inserted into the system before the patch was applied and a user set one of the choices as the default for that USB stick.

US mulls outlawing rival product bans using standards patents

Tom 13

Re: So let me get this straight.

Since reading the patents and having competent people checking them is the ONLY REAL solution, yes, we have to come up with it. If that involves upping the fees for patenting things, so be it. Maybe make it a % of what the inventor makes off the patent over the time it is issued coupled with clerks being personally liable if the courts deem the issued patent invalid because the patent was for something truly trivial or obvious.

Tom 13

While I concur with your sentiment about the lawyers,

there's still a problem with your proposed solution. Some patents truly are worth more than others and the people who come up with those patents ought to be rewarded according to their merits. Especially when it is a guy who is NOT working for the big corporation.

Disable Gadgets NOW says Redmond

Tom 13

Re: I do

I didn't like the clock, but I found the calendar useful.

Religious wars brewing in ICANN gTLD expansion

Tom 13

Re: Mine allows people to be themselves as long as no-one else gets hurt, yours doesn't.

No it doesn't. The existence of your post refutes your claims.

Yahoo! hack! leaks! 453,000! unencrypted passwords!

Tom 13

Re: WTF?

Don't forget to use a few silver bullets in the process, as well as a wooden stake through the heart, holy wafers in the mouth and immersion in holy water.

Just to be safe. Sunlight doesn't seem to be as effective as once it was. Damn glittery vampires.

Formspring springs a leak: 28 MILLION passwords reset after raid

Tom 13

Re: which is about 99% of users

I've never seen what I consider sufficient documentation of that claim. Yes, we keep getting reports about people using the same passwords in different hacked databases, and especially common passwords like 'password' but never from sensitive databases, only databases people don't care about.

Tom 13

Re: Site & User salts

Hard to say since it was a dev server and not a prod server. Dev servers usually have fairly light security because they are supposed to be isolated from real world connections. So if the bad guys had access to the hashed password list on the dev server, there's a fair chance they also had access to the salt hashes as well. Of course since the report doesn't go into those details, it's all speculation. The point in favor of your contention is that the bad guys posted the salted list, not a decrypted list. If they had the hashes you'd think they'd go for the full lulz and post the decrypted list.

Tom 13

@Lord Voldemortgage

In a completely proper environment, development should NEVER be externally accessible. Development is on an internal network, best isolated from the work network as well as testing and production. When development is done it gets moved to the test server, which is fully identical to and has the same security requirements as the production server. Final testing is done and then the tested platform is moved to the production server (or test server is promoted to prod and prod demoted to test depending on internal practices).

In that environment, it may be acceptable to use a copy of the live database for development, pursuant to other requirements like protecting personal info. I can see the use for a copy of the live database, (nothing is ever foolproof because fools are so ingenious OR your typical developer would never think of doing something that stupid with the configuration of their testing data), but it certainly entails risk and proper precautions need to be taken.

Tom 13

Re: Development and live should never be connected

You forgot the WTF?!?!?!?!!! title.

I are only helpdesk and even I knowed that.

Microsoft sets October date for Windows 8 release

Tom 13

@everyone's chronically short memory span

I don't think it has anything to do with short memory spans, and everything to do with the fact that until they fracked up on the XP release schedule, nobody knew how nice it could be to have a stable OS for a 5 or 6 year period. Five or six years to recover the cost of a capital investment in your company is a lot easier to swallow than every 2-3 years.

Also, in the early years there was real, usable growth in what computers could do. But we've now entered the era when improvements in computing power don't actually affect the real productivity of your typical computer user. Page layout and cad work (both things I did professionally back in the day) were slow and tedious even on the expensive rigs. These days my home system would produce acceptable performance.

Tom 13

@HolyFreakinGhost: If you're going to be fair,

You need to recognize that 98ME was a stop-gap marketing attempt to juice the cash flow because 2000 didn't. And although XP was sold to consumers, it was a combined platform for Enterprise as it was built on the 2000 kernel. I think Enterprises adopted XP much more quickly than consumers did.

In the red corner: TV star and prof in Beijing blogger brawl

Tom 13

Good for Zhou!

It's good to see an oppressive bully who is accustomed to having his backup thugs intimidate the opposition get his comeuppance. Hopefully it doesn't come back to bite her in the ass the way it all too often does when people in China stand up for themselves.

US networks: Political donations by text? Rlly nt a gud idea

Tom 13

Re: A modest proposal

No! No! And I say again No!

The company should either take their cut, or not take their cut. They shouldn't force me to donate to some group I may have no interest in supporting, no matter how "non-partisan" you feel it is. If it is important to me I can damn well send them a donation myself without some goody-two shoes insisting on doing it for me.

Tom 13

Re: Greater democracy?

Nah. The credulous and the dim-witted don't have money to donate. So it's really the most cynical justification for money laundering we've seen since, well, the last election.

Ex-NASA group plans private, crowd-funded asteroid hunter

Tom 13
Devil

Re: "Even one death is one too many"

I use to be of the opinion that the lawyers were at the top of the exclusion list for that claim, but of late I'm coming round to thinking it needs to be the EODIOTM merchants instead.

Apple 'fesses up: We broke App Store downloads

Tom 13

Re: People are going to copy your app DRM

My personal favorite back in the day was the copy protection on the copy protection breaking software for the C64. We had two different breakers, because each would copy the other's breaker, but not their own.

Tom 13
Devil

Nah,

that one isn't patentable, but it probably qualifies for trademark protection.

Tom 13
Devil

Re: Excellent. Let us hope that it is the start of a trend as far as how................

No, no. The download would have worked if punters hadn't been holding the device incorrectly.

Numbers don't lie: Apple's ascent eviscerates Microsoft

Tom 13

@Nigel 11: And it's not the first time they've Metro-ized the OS.

In fact, I'd say the Mac interface has been far more stable than the Windows interface has been. And you are quite right about the lost man-hours of work learning the "new and improved" interface.

Tom 13

Re: it's athwart the purpose of comparing these longtime rivals.

If the newcomer of only 3 years is about to reach parity with the 80,000 pound gorilla from 30 years ago, I think focusing on the 30 year old challenger is picking the wrong story. Cause if the claims for the 30 year old challenger are actually true on his behalf, and the current trend continues, by the end of next year the new comer is going to have wiped the floor with BOTH of the old farts.

DNSchanger shutdown may kick 300,000 offline on Monday

Tom 13

Re: Simple fix?

I think your proposal has a lot of merit. Make an SOP along the lines of:

1. Take down the botnet.

2. Standup temporary fix to keep things working while they get cleaned up.

3. At some defined time later either 6 months or when number of infected users <= 300,000 (or some other acceptable number) reset DNS to point to a web page that basically says "Look fuckwit, we've given you a free ride for 6 months, but your your system is infected with malware. We're not letting you go anywhere else until you fix it, and in 30 days even this message will go away and you'll have nuttin'. Got it? Good. Now get your sorry arse in gear and get this fixed. We'll even offer you a handy clean up tool here: [insert link to clean up tool]. But if you don't trust us (and why should you, but apparently you already trusted someone you shouldn't have, get some you do trust to clean it up."

4. Turn off the servers when the timer expires.

Speaking in Tech: Apple, Oracle and Google SUCK at cloud

Tom 13

Re: @Giles

Oh, and please note, I'm not saying it is RIGHT, just that it is.

Tom 13
Devil

@Giles

That's different because they're Microsoft. Excluding DOS. which they actually bought from someone else, their write and release model is:

1) Write code for something new. Release it for sale. Have the users do the Alpha testing.

2) Fix the bugs found during alpha testing. Release it for sale as a full number upgrade. Have the users do the Beta testing.

3) Fix the bugs found during Beta testing. Release it for sale as another full number upgrade. Discover users no longer want the product.

4) Kill the product. Let is mold on the shelf for a year or more.

5) Discover need for shelved product. Re-brand it. Do some actual internal Beta testing. Fix bugs found.

6) Release it for sale under the re-branded name. Roll out the hype machine. Get users to buy it and conduct additional beta testing.

7) Fix new bugs found in beta testing. Release it as a .x upgrade at a discounted price.

8) Corner the market.

So nobody is actually expecting MS to have a working Cloud product. The only thing we know for sure is that when they have a working product, it won't be a Cloud product.

US defence biz fined for busting China arms embargo

Tom 13

Re: One law for corporations...

You're not the only one. I'd guess you are typical.

And you should note that it is the International Progressives who are in charge at the moment. The same ones who like Mao's principle that all power flows from the barrel of a gun and wish they could emulate the Chinese in the USA so they could more efficiently implement their changes.

Tom 13

Re: Mugs

Mostly agree except I wouldn't have made it a bigger fine. I would have made it the corporate defense contractor death sentence: Cancel all existing military defense contracts and prevent them on bidding on new ones for five years.

I'm sure there's a clause somewhere in the contract that says the US maintains rights to use the software and even gets a copy of the source code if the company goes belly up.

Overland patent broadside: Targeted firms vow to fight

Tom 13

@unredeemed

Yeah, I mean that worked so well for (New) SCO.

Microsoft names Zeus ringleaders and notifies FBI

Tom 13

Re: Double jeapardy

I believe double jeopardy died an unnoticed death before I was born, and if not shortly thereafter. Most certainly before I began my state required education. But it's okay. It was all in a good cause. Those thrice damned lynchers of blacks had to be brought to heel.* What was left of it was further mutilated shortly thereafter. But that was okay too, because it brought social justice to those same downtrodden people.** Well, at least in the US. So that gives them at least 3 bites at the apple.

*KKK clansmen were typically brought before friendly state courts for criminal trials where they were found innocent of lynching blacks. The implemented solution was to try them again for the same crime in federal courts. This was held to be constitutional because they were not the same crimes. No I don't understand how.

**In a similar fashion, because the cases were civil not criminal, those affected by lynchings were able to sue for damages against the lynchers.

ISP CAN cut off pirates with 'three strike' rule, says Irish beak

Tom 13

Re: Why cut of the entire web access

It isn't a question of whether or not the service has a legal use. It is a question of cutting off the person who is infringing. His proposal strikes the right cord with me: take the least intrusive means of protecting IP, not the most. But then being one of those crazy 'Merkins, I'm kind of fanatical about making sure you have the right person on the infringement charge, and that they have had their day in court. It strikes me that neither of those requirements are met with the agreement between the ISP and the Music moguls. And while I'm all in favor of letting people who enter freely into contracts work out the terms of those contracts, I believe there must be actual negotiation for that to be controlling. Take it or leave it contracts don't meet that requirement.

Amazon cloud knocked out by violent storms in Virginia

Tom 13

Re: ".....load balance across multiple cloud suppliers."

Although the author may be right about the VC cash, I doubt it would fix the problem anyway. We're talking about a huge geographical area that was effectively hit by a Cat 1 hurricane without the warnings that accompany a Cat 1 hurricane and on a path no hurricane would ever take (which is part of the problem restoring power in Northern Virginia: the people they normally call on are working on their own problems and everybody is calling further west). The Wide Area Redundant Array really would need servers in practically every area of the US, Canada, and Mexico, with extra thrown in in Asia, Australia, and Europe to boot.

Viviane Reding says imitate US and form FEDERAL EUROPE

Tom 13

I won't pretend to have a qualified opinion about whether or not a federal European Union

would be good for Europe, or Britain more specifically. That not withstanding, it is quite clear that Viviane Reding is as much of a twit as the character in the Dr Who episode (Tom Baker) who went around meming "The Nimon speaks of many things." His remarks on the foundational years of the USA are so rife with errors it is impossible to catalog them in space appropriate to a comment. So I will only note that since 1790, the extant banking system has been destroyed and rebuilt in the image deemed appropriate by the pols at the top no fewer than 3 times: under Andrew Jackson (who simply hated the National bank), under Franklin Delano Roosevelt (during the bank failure of the Great Depression), and under Richard Nixon (when he took us off the Gold standard).

So whatever the specific merits or demerits of a European Federation might be, the events of 1790 have no bearing on them whatsoever.

Star Trek app warps into TiVo space

Tom 13

Mostly they did okay, but a few of them I found more annoying than Lucas adding mini-Jaba to the remastered episode IV. I'm thinking particularly of the doomsday machine episode with the planet eater whose title is temporarily escaping me. I think it actually looked better with the old b&w special effects.

Obama is best Pres 'to beat alien invasion'

Tom 13

Re: Just one question

Because it was put out by National Geographic, so it HAS to be science. Please join them and Leonard Nimoy as they go In Search of ...

Tom 13

Re: Superhero defender?

Guess you never read the Dark Knight mini series. Bats kicked Supe's ass. Literally.

Tom 13

Re: Brilliant stats

Not necessarily a problem. In the US, the first question is understood to mean actual little green creatures from Alpha Centauri. In the second context it is understood to mean, "thing people have seen that haven't been explained, or at least to which the government won't cop a plea about their black box research". And those are two vastly different questions.

Atari turns 40: Pong, Pac-Man and a $500 gamble

Tom 13

Re: Those were the days..

Yep. Commodore software had similar protection. Of course, you could buy a copy breaker to copy those. Which was itself copy protected. But if you had the other copy protector remover you could copy the first. And I think the first copied the second.

Tom 13

Re: Pac Man on the Atari...

Yep. It had to be played on the big arcade screen. Of course, the same was true of Space Invaders. I could easily clear the first level without losing a base on the console, almost never in the arcade. And I only got to play the console when visiting friends. My dad bought the Magnavox Oddesey II for us. At the time I was angling for a TRS-80. He got the Oddesey because it was cheaper but still had a module to teach "programming".

Tom 13

Re: they could take hell of a lot of punishment.

Absolutely. But even with that, a dedicated gamer could still break one.

69,000 sign petition to save TV-linker O'Dwyer from US extradition

Tom 13

Re: @Tom 13 -- Invitation: Stop! (@Turtle)

I'm familiar with Thoreau. He was an overrated liberal twit.

I didn't say it was a good idea, I said it was the law. It's why in my country I'm opposed to approval of the ICC and LOST.

But you should stop flaming out on people because it turns out that the rest of us adapt better to the slanted tactics your side started using to force their morals down other people's throats. The law of unintended questions is a real bitch on inflicting karma.

Tom 13

Re: Invitation: Stop! (@Turtle)

If you've signed an international trade treaty specifying extradition to each others countries for prosecution of listed violations, it is UK law. If you don't like it, either negotiate different terms for the agreement or don't sign the treaty.

NASA counts down to nuclear tank invasion of Mars

Tom 13

Re: More metric/imperial confusion?

We are standardized. The engineers work in units your typical American understands and the scientists work in that Celestial Goofy Shit system (CGS for short).

Western consumption helping to kill off species

Tom 13

@Zombie Womble: Re Eleven

You forgot the five to perform the peer review, and the six to format and grammar edit the paper.

Are you a hot BABE in heels and a short skirt? SCIENCE is for YOU

Tom 13
Devil

Re: Bet they fall back on the smarmy bollix of "no such thing as bad publicity"

You forgot my favorite:

By making an ad that provoked such a reaction, they got more free publicity for the ad because of how many news stations/blogs ran the vid, thus extending the value of your advertising dollar.