* Posts by rmacd

38 posts • joined 10 Mar 2010

Ex-boss of ICANN shifts from 'advisor' to co-CEO of private equity biz that tried to buy .org for $1bn+

rmacd

Takes "conflict of interest" to a whole new level.

I'm glad sale was blocked at 11th hour but I suspect we haven't heard the end of this yet ...

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers

rmacd

And this is exactly why SRI is so important & needs to be enforced across all browsers as standard... and flag any sites that don't do this.

More fundamentally, the idea of uncontrolled/3rd party resources being pulled in on client-side without any checks at all is just ludicrous in this day and age. This is precisely what happened in BA's massive keylogging hack, and I'm sure loads of other high-profile examples are just a search away...

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

rmacd

Re: It gets worse

Not quite following what you're saying here.

But if you're referring to Wayback blocking archiving depending on a site's robots.txt, as far as I know this 'feature' was removed in 2018.

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report

rmacd

Re: Well duh

You do realise by "the contractor" they mean, in this case, the company and not a rogue employee of the company?

Swedish data centre offers rack-scale dielectric immersion cooling

rmacd

Re: With 500MW

You got me all excited there for a second.

From Wikipedia:

> The associated hydro-electric plant was converted into a general purpose power station connected to the National Grid

Better late than never... Google Chrome to kill off 'tiny' number of mobile web ads that gobble battery, CPU power

rmacd

Does anyone else see "you're using adblock, please disable to continue" and then take great pleasure in saying "ah well, your loss" before closing the page? Especially those ones that have you manually click through 1024 "vendors" (presumably just to fuck you off)?

One exception I'll make is sites that state they will only show ads that, by default, don't track me.

rmacd

Re: Bugger AdBlock, it's Internet advertising that's theft.

I've often thought about sticking everything through a proxy for accurately logging everything and then totting up the data at the end of the month.

Call me old school, but I do £10 for 3GB mobile data and it's pretty much only for emails and emergencies.

Anything from *.doubleclick.net? That would be invoiced to Google as a proportion of the £10 for the month.

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?

rmacd

Personally as soon as I see Joda Time being used in a 1.8 project in 2020 my instinct is to VERY TENTATIVELY lift up the hood to the rest of the project, expecting all the bugs to come showering out in my face

Find your wallet, Apple: Ex-engineer adds eight more patents to lawsuit seeking credit for his developer work

rmacd
Devil

Playing devil's advocate

I've worked with a couple of people over the years who have claimed my or someone else's work.

Best one was a presentation I went to where MY slides were being presented by our contractors as THEIR work (with my name removed, of course). It wasn't anything particularly "novel", just a new process for automatically deploying keys or something. But I sat there wondering, heck, I wonder what else they've ripped off...

rmacd

Re: Patents are worthless

> patents are worthless

apart from if you're applying for a position elsewhere: I can only imagine that your prospects of being invited for an interview are immeasurably higher if you've got a couple of patents on the CV

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard

rmacd

Brilliant, thanks Lee ... will be doing that. Didn't realise it was "potential" damage for data loss.

rmacd

> "to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach"

Sorry but F off, this has just come to light - how are you possibly in a position to say that? Who knows how long this has data has been freely online / available for? Arse from elbow issue going on here.

Charlatans.

Shame we can only sue for "actual" damages in this country, I was in the area just a few weeks ago and am livid.

FTP is crusty and mostly dead, right? AWS just started supporting it anyway

rmacd

Re: It's used because it works

This is the key point. I remember some time ago being introduced to a company's SAP infrastructure and all the contracted devs / SAP support folk would speak, sotto voce, of these "interfaces" that all had special codes: "interface 17" and the likes. It wasn't for me to know anything more, I was just to know it was an "interface" and its number was "17".

Fast forward and I figured out that an "interface" was just a batch process that brought some files in via FTP. As was to become apparent to me, these were decrepit little cesspools of filth, where files would end up being put on there in a very specific structure and set of filenames before the next application could come along and read them off the box.

It's probably still running in exactly the same way - I dare you to "improve" it.

At last, the fix no one asked for: Portable home directories merged into systemd

rmacd

Next RC codename ...

...I hear is "systemd-os"

Because let's face it, it's basically an entire ecosystem at this point.

What if everyone just said 'Nah' to tracking?

rmacd

Re: PiHole

PiHole also runs nicely in docker for when you’re out and about

rmacd

Another privacy extension

Look up Privacy Badger by the EFF. It's cross-browser, open source and developed by a trustworthy organisation.

"Privacy extensions" by dubious third parties give me the heebie-jeebies.

You're burning £1.2bn for what? UK spending watchdog gives digital court plans a kicking

rmacd

2017 called

They want their stock photos back

Devuan ships second stable cut of its systemd-free Linux

rmacd

I oftentimes find myself in awe at the sheer breadth of which systemd has been slathered across everything in sight. Just the other day I was doing some work on CentOS box and came across timedatectl. What's that, I hear you ask? Why, another pointless "utility" you're forced to use to abstract the ln -s that would allow you to set localtime.

I'm waiting for RC 1.0 of etch-a-sketchctl, it can't be far off.

Thankfully I don't deal with systemd on my home PC's.

rmacd

Re: systemd-free?

There's a HUGE difference between linking to libsystemd and running systemd... so no, it's not "pretty-much the same thing".

Unfortunately Slashdot's long turned into a cesspit of people who are allergic to RTFM: https://devuan.org/os/issues

TSB outage, day 5: What do you mean you can't log in? Our systems are up and running. Up and running, we say!

rmacd

The masochist in me wants to see some of this code. Especially where AIOOBs aren't being caught. The other part of me wants to see it just to give me an ego boost.

There is something intensely gratifying about seeing CIO's fucked over by outsourcing.

No doubt though, the blame will be pinned on the (non-technical) PM than the shitty devs who don't know their arses from their elbows.

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

rmacd

Re: admin/admin

This irks me. "You haven't got the right letters after your name, so are not qualified to have an opinion".

My first degree was in music. I now work as a software engineer. I've met people who tell me they've "done" CompSci. And they know fuck-all. The most solid programmers I had the fortune to work with to date studied biochemistry and medieval history respectively.

Anyone who has studied at undergraduate level will attest that it does not matter what you study (bar vocational degrees such as law or medicine), It's your attitude to learning that matters. You get taught HOW to learn. I went to university thinking I'd learn everything about my subject. On graduating, I left knowing just how little I know, but with the confidence to know I can pick up any damn book and learn a subject just as well as anyone else.

Judge issues search warrant for anyone who Googled a victim's name

rmacd

Re: Wait! What? They have our MAC Addresses?

Incorrect. IP != MAC, end of. Unless it's done out of band there is no way they're getting MAC of source / return.

Run wireshark and take a look for yourself, note all traffic to / from your gateway will have a source / dest MAC corresponding to your GW HWADDR / MAC.

Password strength meters promote piss-poor paswords

rmacd

"paswords"

Did I miss the pun, or was the password entered incorrectly?

Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone

rmacd

"sophisticated"

Common theme with these press releases is towing of the "sophisticated attack" line. This is no exception.

Why is it never "our procedures were crap, we got owned by someone who just put some bits and pieces together that they bought off eBay and tried their chances"?

Tell me exactly why you think it was a sophisticated attack and I'll maybe, just maybe, let you use the word.

On a related note, I wish companies were obliged to give a precise account of technically, exactly why an issue occurred in the first place.

Supplier promises to nudge UK schools towards secure webmail

rmacd

Real email client?

SMTP?

No, x.400.

Yahoo! Gits! Web! Security! Scanner!

rmacd
Coat

May I borrow that editor's pencil?

Pernickety, possibly. But "footrpint", when you've just called them out for their GitHub page?

I'll grab my coat...

YES: Scotland declares independence ... from the dot co dot uk empire

rmacd

Subsidised?

Get your facts straight. We put more cash into the UK coffers than we get back out. If we're talking subsidy junkies, look at rUK first.

One-minute Koch-blocking earns attacker two years, massive fine

This post has been deleted by a moderator

Massive organ blown with Kinect

rmacd

Re: Kinect isn't the important bit here...

I ended up borrowing a Kinect for a few days and got it hooked up with Pd (open source Max/MSP) via a little OSC magic in no time - there are a couple of good libraries available.

This dude sure looks impressive on stage, but it looks like this piece has been basically pre-determined, sequenced really, with the role of the gestures changing as the piece trundles on. Pushing through a few instructions via MIDI on demand, when one has already decided it's going to be, say, a block of A minor on diapason, principal and 2', is trivial.

Meh. Move along.

Gmail users howl in anguish at 'disappeared' accounts

rmacd
WTF?

Read before you click

Yes, there's the option to 'Leave messages on the server' - but learn to read.

However as Ken rightly said, there's no easy way of restoring the mails if deleted from the server, unless you've got some way of untar'ing your maildir mails (*having converted them from Thunderbird's native implementation of mbox, for example) straight onto your mail root.

Denon Ceol with Apple AirPlay

rmacd
Thumb Up

Gaelic

Of course, Ceòl also Scottish Gaelic* for 'music'... yet people forget such a language exists and is spoken.

*Yes, I agree with above post, Irish = Irish, but Scots Gaelic is "Gaelic"

Feds asked to probe Google's leaky search terms

rmacd

No shit sherlock

What a dipshit.

You'd have thought after what... 15 years? ... people'd have picked up the nature of the referer header? Common knowledge?

Users' passwords exposed by Splunk

rmacd
WTF?

WTF

Why the hell are they keeping my password in cleartext, in any case?

Google Street View logs WiFi networks, Mac addresses

rmacd

MAC addresses

Visible? Yes, that they are.

Consider if two APs have the same SSID (happens fequently) - computer's got to know which one it's communicating with, right? :)

Whatever happened to the email app?

rmacd

Horde?

Horde does of course have its sleek dimp (d=dynamic) application which is a hell of a lot more ajax-like than the old imp. Though you can't go wrong with plain HTML.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021