* Posts by Tufty Squirrel

76 publicly visible posts • joined 2 Jul 2010

Page:

SCO vs. IBM case over who owns Linux comes back to life. Again

Tufty Squirrel

It's only lawyers now.

There ain't no SCO left. No Darl, no Ralph, nothing.

It's all about using up the final bits of what was SCO's assets. SCO went into Chapter 11, then Chapter 7 ,bankruptcy; they are run, without any oversight or need to keep business records, by a trustee (The right "honorable" Judge Cahn) - the only meaningful cashflows they have are going from the rotting corpse of SCO to Cahn's firm (and, presumably, some minimal flow for "expenses" to BS&F, who are otherwise stiffed on doing the litigation for free).

The "business" side of things (xinuos.com) has shrunk to nothing, all but two of their offices are closed, a one-roomer at best (shared, no less, with "Effectual Systems", whoever they might be) upstairs from the Bellevue Eye clinic in Berkley, CA, and something similar in Tokyo. There's no real estate, no real "offices".

Boffins freeze brains, then thaw them – and they're in perfect order

Tufty Squirrel

Re: near-perfect condition

> I suspect that some value of "near perfect" in their terms might not be what the rest of us were hoping for.

It's still dead, innit. What more do you want?

Thanks for playing: New Linux ransomware decrypted, pwns itself

Tufty Squirrel

Re: Crypto-101.

>> What would you suggest as a better random number generator then that doesn't require specialist hardware?

5

It's a random number between 1 and 6.

Nippy, palaver and cockwomble: Greatest words in English?

Tufty Squirrel

Shitbiscuits

is a favourite of mine

BOFH: My diary is MINE and mine alone, you petty HR gimps

Tufty Squirrel

When I worked for "a well known airline"

we installed some "largeish" monitors in order to display the engineers' schedule. Specced at 42", because apparently that's too big to for the thieving pikey engineer bastards to nick. It took 4 people to lift the bastarding things.

They got nicked.

Apple preps summer bonking bonanza for Brits

Tufty Squirrel

Re: There are people outside the US reading this...

Do Mr Cow Vend My Nuns Tit?

Tufty Squirrel
Paris Hilton

I've been …

… paying to bonk for years. Even the upped 30 quid limit doesn't get you very far, I've found.

Is this what Windows XP's death throes look like?

Tufty Squirrel

Gosh

It's almost down to Windows 8 levels.

Dear departed Internet Explorer, how I will miss you ... NOT

Tufty Squirrel

Re: Just one more thing...

And the <blink> tag. And <marquee>

Hanging's too good for 'em.

Hackable media box based on the Raspberry Pi compute module: Five Ninjas Slice

Tufty Squirrel

Re: LEDs turn of-and-on-able?

Yep, but it's presumably part of that kickstarter bonus thing. Kickstarter overfunding bonus - ability to disable the device's only USP.

And yeah, Ethernet is also over USB.

A far, far, better alternative would be one of Olimex's boards, probably the A20 Lime2, which has *real* SATA, *real* *gigabit* ethernet, more memory, and no annoying LEDs. For 30 quid.

Tufty Squirrel

It's a USB->SATA bridge.

From the comments on the original announce of the compute module, http://www.raspberrypi.org/raspberry-pi-compute-module-new-product/

acb : So it won’t perform any better or be any more robust than plugging a USB-SATA dongle into an existing Pi? Isn’t there a way to bypass the USB layer altogether?

gert : The USB is the only high speed data interface which the BCM2835 has.

Bite my shiny metal Ask: Java for OS X crapware storm brewing

Tufty Squirrel

Re: Java still needed here...

*ahem* http://eniper.sourceforge.net *ahem*

Get yourself connected: GrovePi+ Starter Kit

Tufty Squirrel

Teensy...

...can indeed be interfaced with pretty much anything, but it requires a certain amount of software ability. Indeed, it fits rather into the "work out how to interface it yourself" camp.

El Reg Redesign - leave your comment here.

Tufty Squirrel

Oh, for fuck's sake roll it back.

It's fucking awful.

Slippery Google greases up, aims to squirm out of EU privacy grasp

Tufty Squirrel

Re: No sympathy from me...

> I didn't ask ...

Yes you did. You used sites that make your downloads and actions public, you have a public blog, twatter account, and register account using the same handle. You give away your identity on the first two, and then complain that you're easy to find?

If you cared, you wouldn't do that.

Google clamps down on rogue Chrome plugins and extensions

Tufty Squirrel

So...

No more youtube video downloaders, which are verboten on google's extension list.

Potentially no more adblockers, ghostery, etc.

Your browser is currently a general purpose computing environment. That's about to get restricted.

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

Tufty Squirrel

Re: A rant, and a question (the question's at the end)

Oh, and this : http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Tufty Squirrel

Re: A rant, and a question (the question's at the end)

My guess (based on how most half-sane people would do it) would be that they're salting each user's password with a unique-per-user salt, so when you enter your new password it's merged with "your" salt, hashed, and the hash then compared against your previous password hashes to detect "naughty" password reuse.

This approach would keep 99% of the usefulness of the salt (i.e. you can't generate a rainbow table and mass-reverse everybody's hashes), and any additional weakness this introduces is rather overshadowed by their insane password policy anyway.

Ebay's password policy, in which password space is bounded to 6 <= length <= 20 characters, passwords must contain 2 of [lower-case, upper-case, punctuation-symbols], with no single dictionary words allowed (amongst other things), whilst removing the possibility of passwords like "apple", reduce the search space for brute-forcing algorithms significantly (with the main culprits being the low minimum length requirement and the bounding of password length to 20 characters)

Tufty Squirrel
Mushroom

Re: "Encrypted" passwords

>> It would have been more useful if they had said whether the passwords were salted or

>> not. If my salted hashed password has been released, I'm totally "meh" about it,

>> where as if my unsalted encrypted password has been released then I'm much more angry.

You're wrong, then. Let's assume (and it may be a rather large assumption) that ebay are not complete fucking maroons, and are not only salting your password, but salting your password with a unique-to-you, or better, unique-every-time-you-change-your-password salt. Now, as the bad guys have your salted password hash, they can't do anything with it, right? Wrong. Of course they can. If they've managed to extract your salted, hashed password from ebay's database, we can also assume they bothered to extract the salts at the same time, and they know the salting & hashing algorithm that ebay use. Because they aren't fucking mongs either; indeed, we should assume they are somewhat smarter than you or I. So, if your account particularly takes their interest, they are perfectly capable of building a rainbow table for reversing your password hash to its original plaintext version of "ebay.com". If it's salted uniquely per password, they can't then use the rainbow table to reduce the time taken to do an *en masse* reverse; they effectively need to brute force every password. And even that is less of an issue should they happen to have a botnet at their disposal; all they need to do is distribute hash/salt pairs out, and have their bots do the crunching via brute force rather than rainbow tables. That's how I'd do it, anyway.

We can probably assume that ebay have fallen into the common trap of using lower-complexity hashing algorithms, on the grounds that 500ms is too long to wait to log in, and the combined compute load of their users logging in would be too expensive should they use something "heavweight". Which is fair enough, but it makes brute-forcing feasible, time-wise. And even if they are using something "hard", all the brute forcer needs to do is give up after a certain amount of time, or put harder hashes "back onto the queue" for later attention, focussing on getting the lower hanging fruit first.

Whichever way you look at it, if they want into your account, you're proper fucked whatever happens.

Microsoft Surface 3 Pro: Flip me over, fondle me up

Tufty Squirrel

Re: So close...

This.

As for "pissing about with remote computers whilst I'm in the marshes", I can do that just as well, and probably better, with my thinkpad. What the surface brings (and the *only* thing it brings) is the "tablet" side of things, which is utterly useless for the aforementioned remote login stuff (and, of course, is available far more cheaply on a non-surface laptoplet hybrid.

It's a shame really. The ARM version is far too locked down (at the current $199 for a "refurb" - read "written off as part of the $900M loss MS took on them - it would be attractive if you could do anything useful with it), the Intel version far too expensive, and neither of them fill a particular niche.

So far, MS have pissed away nearly a billion and a half on Surface. I don't see this version turning that around.

Apple, Beats and fools with money who trust celeb endorsements

Tufty Squirrel

Re: Delicately put

Up to a certain point, there are gains to be had. If you have a decent amp, source, and speakers, then you /may/ be able to hear the difference between super-cheapo "wet string" bellwire speaker cable as shipped with Dixons-style hifi and a "fatter" speaker cable. You will not, however, be able to tell the difference between £10/m speaker cable, £1000/m monster cable, or 10p/m 1.5mm solid core mains cable - there is none.

Tufty Squirrel

Directional?

Of course it's directional. One pair of wires goes in the direction of the left speaker, and the other goes in the direction of the right speaker.

I don't do 16mm^2, though. 1.5mm solid core is fine. Well, overkill, really.

Boffins build billion-synapse, three-watt 'brain'

Tufty Squirrel

...and be sure that, instead of doing its designated task, the damned thing will send its time arguing about japanese comic trivia or star wars on the internet.

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

Tufty Squirrel

Re: I don't get it..

>> I don't know with Open Source either. What I do know is that it's much easier to go find

>> new holes in Open Source given the motivation as you can look at the source code...

Cobblers. Holes are mainly found by fuzzing, not by poring through source code. Exploits rely on code mishandling user-supplied data - fuzzing involves sending enormous quantities of deliberately broken data at something until it does something it's not supposed to. This is far easier than having to work out what some piece of logic is supposed to be doing, what it's actually doing, and why it's broken in this or that edge case. Chuck a load of crap at a victim machine (that you also control), wait for it to go bang, and then work out what you are going to be able to do while the smoke's clearing.

http://en.wikipedia.org/wiki/Fuzz_testing

That's it, we're all really OLD: Google's Gmail is 10 ALREADY

Tufty Squirrel

Re: those so called 'killer features'...

> What were you using in the 90s that had those features?

gnus (the mail client in emacs), but IIRC mutt did threading too. And, if I'm not mistaken, so did eudora on the mac.

Spam blocking was a bit more tricksy, but gnus allows you to do that too.

and it does newsgroups.

Microsoft exec: I don't know HOW our market share sunk

Tufty Squirrel
Coat

3% of mobile devices? Surely that can't be right?

After all, there's all those Zunes out there. They've gotta count, right?

Windows hits the skids, Mac OS X on the rise

Tufty Squirrel

Re: But do all Macs run OSX?

>> Let's say I have xcode on screen one, photoshop on screen 2. Working in xcode.

>> Now I need to do something in photoshop from a menu. So I have to mouse over to

>> photoshop on screen 2, activate it, mouse back to screen one, select from the

>> menu, mosue back to xcode.

That's not only a fairly contrived example (I doubt many developers have XCode and Photoshop open at the same time for work on the same project), but it's also 100% wrong. I currently have emacs on my laptop's built-in monitor (along with Chrome that I'm typing this into, and a bunch of other crap), and IDA Pro (my old windows copy, running in a VirtualBox VM) on the external monitor. Now, should I need to touch the apple menu bar on the external monitor (rare with VirtualBox, it's got shit-all you'd want to fiddle with anyway, but the principle remains the same), I mouse over to the other screen (well, pen, actually, wacom tablet so no dragging needed), activate the app (one click, the same one you'd have to use under windows or a single-screen mac) and the apple menu bar automagically pops up on the external monitor. I'll grant that for a draggy mouse you'd have extra mileage to get to the other screen, but you'd have that under windows as well.

Horses for courses, really. I use a mac because I like the way it works, it can be made to fit(t) with my workflow. I don't like windows because it can't. A lot of that is probably because it's what I'm used to, that my expectations of how my workflow should flow is at least in part based on the way I'm used to OSX (and MacOS before it) behaving - the same can probably be said regarding your experience and opinion.

Windows 8.1 becomes world's fourth-most-popular desktop OS

Tufty Squirrel

Re: MS took that to heart and people still complain.

> There is no winning.

But there /is/ whining.

Your kids' chances of becoming programmers? ZERO

Tufty Squirrel

Re: 6502/6809's rool btw...

EIEIO on the 6502? You jest. It's the PowerPC "Enforce Instruction Execution In Order" opcode. It *might* go back as far as IBM's 801 processor, or more likely the original POWER ISA, but no further. The first time you're liable to have come across this unless you were doing low level AIX development on IBM hardware is when the first PowerPC Macs came out in 1994. About ten years after the 6502 was commonplace.

iPad Air peels off in racy pics for wide-eyed geeks, reveals 'worst battery ever

Tufty Squirrel

Re: I can't replace the engine (myself) in my car either..

>> I wouldn't like to do it like that on a modern car with an engine management system,

No more difficult than any other car engine. Disconnect electrical bits, remove ancilliaries, unfasten engine, remove.

Pop OS X Mavericks on your Mac for FREE while you have LUNCH

Tufty Squirrel

Re: MAC users aren't that dumb.... ...?

I've got 4 of those lying about somewhere, I think. Want 'em?

Loathed wiggly-word CAPTCHAs morph into 'fun' click-'n'-drag games

Tufty Squirrel

Re: Less annoying than mangled text?

>> if it's not intrusive

That's the thing, though, isn't it? Advertising *is* obtrusive. TV ads are mastered to run at a higher volume than the programs they intersperse. Web banner ads are placed and designed such as to demand your attention. And so on.

The response is instamuting the telly every time the ads come on, adblock pro, noscript and other browser addons. Ads are largely speaking offensive (not in a NSFW sense) and intrusive, it's how they are designed, and people try their hardest to avoid them.

So what's this? An adman's wet dream. Ads that not only you can't skip, but that demand 100% of your attention whilst you're not skipping them.

Fuck them. Fuck them anally with a large pole wrapped in barbed wire.

Tufty Squirrel

Less annoying than mangled text?

Are you completely mental? It's completely evil. It'll do nothing to reduce spam (sweatshops, etc), but will do everything to put more fucking advertising IN YOUR FACE, as though you needed it.

"Bored with typing stuff in? Here's an INTERACTIVE ADVERTISEMENT YOU CAN'T IGNORE OR BLOCK instead."

Advertisers? Out round the back of the shed, two barrels upside the head..

Double-click? Oh how conventional of you, darling!

Tufty Squirrel

Re: Did you take the GS to a garage?

Ah, Citroen handbrakes. Gotta love 'em. Especially when you've got a flat rear tyre on your BX (yeah, I had the super-cheapo model, if you think the GS suspension was bad you need to try a clapped out BX), and you're parked on an icy car park. Hint - the only way to stop the wheel spinning on the ice is to block it - OK if it's the left hand rear, as you can use a blanket laid under the front and rear wheels, but the right hand rear is basically impossible.

Bill Gates: Yes, Ctrl-Alt-Del salute was a MISTAKE

Tufty Squirrel

*Some* people?

>> Some people even called the shortcut a three-fingered salute.

Not "some people", it was /everyone/. Everyone called it that. Everyone. Even people like me, who didn't use DOS or Windows, called it that. Because everyone knew what it meant.

'Occupy' affiliate claims Intel bakes SECRET 3G radio into vPro CPUs

Tufty Squirrel

Re: *epic facepalm*

Exactly.

We (the western world, and probably much of the rest) have a huge problem with illegal drugs. We don't even know the full scale of it, because, as an illegal situation, it's almost entirely underground. The only bits we see are the health and criminality repercussions, which are a secondary problem, not the primary one.

How would legalising help?

The supply chain would no longer be in the hands of criminals. Primary suppliers (the cocaine farmers in South America, for example) would be paid a fair price, improving their way of life. A significant load would be taken off the hands of customs and excise. Drug mules would no longer be risking their lives.

Quality control would no longer be in the hands of criminals. Rather than having drugs cut with whatever shit comes to hand, users would be guaranteed pharmacological grade drugs. Result - less overdoses, less secondary health effects, a huge weight taken off the health service.

Distribution would no longer be in the hands of criminals. Result - tax income, and a concrete idea of how big the problem is. An ability to contact and help those who are dependent, without having to "overlook" the criminal aspect of what they are doing.

FWIW, my grandfather came home from the first world war with half a leg less than he went with, and a lifelong diamorphine addiction that he didn't have when he went. After coming back, he held down a responsible job until retirement, despite twice-daily doses, and finally passed away aged 92. The difference between his addiction and that of the average street junkie was that his heroin came direct from the NHS.

Legalising is the first step to solving the problem. Criminalising is a total abandonment of duty.

So, yeah, this lot might be a bit nutty in some respects, but they're bang on the money as far as drugs go.

Microsoft: Surface a failure? No, it made us STRONGER

Tufty Squirrel

Re: Ultimately a worry.

>> Microsoft's domination over integrated HW/SW designs will be of great concern for everyone.

Nah.

Look what happened with XBox.

V1 was pretty much a PC in a funky case, and worked better as a PVR than a games console. It tanked compared to the PS2.

V2, the original 360, was awesome, modulo the odd hardware issue. It kicked the PS3's ass so hard MS thought they had won, and started fscking with the interface, making it an ad delivery platform, etc. Result - PS3 is winning again.

V3, the Xbox "one", is dead in the water compared to the PS4. MS have backtracked and u-turned on their plans so often I doubt even they know what their plans are.

Sony are evil, arguably more evil than MS, but they aren't incompetent. MS have both in spades.

Stylus counsel: The rise and fall of the Apple Newton MessagePad

Tufty Squirrel

Re: The first PDA

It was (and, to some extent, still is) far more than just a PDA. It was a full computing platform, and while people who haven't used them in earnest (I still have, and use, my MP2100) focus on the handwriting aspect*, there was far more to it than just that.

- No "filesystem", just a big "soup" of data. You don't need to worry about where their data is stored in some arbitrary hierarchy of devices and folders, or what you've called it, all you ned to know is what you're looking for. There's nothing quite like that, even now.

- Extreme integration. This lives on, to some extent, in some of Apple's software (for example, highlighting of (fuzzy) dates in Mail.app enabling you to add items to the calendar, etc, but Newton hooked into everything, even 3rd party apps.

- Write anywhere. The handwriting recognition might not have been perfect, but it fit perfectly with the form factor of the handheld Newtons. Keyboards worked too, of course, and would have been good for a "desktop" NewtonOS device. MS might be failing with their "one UI fits all" paradigm, but newton had it in the '90s.

- Expandability. USB, Wifi, Bluetooth, ATA storage cards, all aftermarket "hacks" for the Newton that work very nicely despite the fact they hadn't even been invented when it was released. Quite astounding when you realise the restrictions of the platform.

- Instant on. Really. Totally instant in most cases. Straight back to where you were when you turned it off. Even if that was weeks, months, or even years ago (in which case you might need to boot from cold, but you lose nothing - try taking the batteries out of your Palm pilot and see where that gets you)

What really killed it (apart from the price and the heckling) was the fact it was so radically different from other platforms. It was hard to make it work properly with the "status quo". Sure, you could sync it and keep your data safe, but that was about it. Interop with desktop apps other than calendars and address books was hard to do (and is even harder now).

Newton is probably the closest thing to the perfect computing platform ever invented (eclipsed, possibly, by the Lisp machines). It's a crying shame the rest of the world hasn't managed to catch up.

* The descendant of the Calligrapher cursive recogniser used by the later Newtons is now, I believe, owned by MS, which is why OSX's "ink" recogniser (OSX 10.2+) only handles printed handwriting.

One day we'll look back and say this was the end of the software platform

Tufty Squirrel

I know it's Friday and all, but hey.

>> a standalone Nokia under Elop, which has been going great guns for the past year.

Since Elop's infamous "burning platforms" memo, Nokia have gone from being the number one mobile supplier (and projected to stay there), the world's biggest smartphone supplier (and projected to stay there) to an industry joke. In the 2 years from 2010 to 2012, Nokia's business fell back more and more on the featurephone market, with smartphones dwindling from 35% to 14% of their output. They currently have around 2% of the smartphone market. That's "stellar"* performance.

If standalone Nokia under Elop had been going "great guns", they wouldn't have been bought out for pennies on the Pound by Microsoft. The only gun they've been wielding is the footgun, and Elop's been using it with great precision.

* as in "brown dwarf"

That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?

Tufty Squirrel

noise generation

>> Previous revelations have revealed that the NSA routinely stores encrypted traffic transmitted over

>> Tor for subsequent cryptanalysis.

Time for some noise generation, then. A pair of apps that ping-pong encrypted chunks of random data across tor should be pretty simple to set up.

WIN a RockBLOCK Iridium satellite comms module

Tufty Squirrel

SPAFF - Serious Problem Activates Final Failsafe

GOO - Geosynchronous Orbiter Override

SLAG - Satellite Lohan Abort Gizmo

STIFFY - Satellite Technology Imminent Failure Failsafe Yanker

FAP - Failsafe for Aerial Payload

Why Teflon Ballmer had to go: He couldn't shift crud from Windows 8, Surface

Tufty Squirrel

Alternating versions - cobblers

That one keeps coming up, but it's, amongst other things, :

1 : forgetting Win2K

2 : forgetting that XP was almost universally loathed until at least SP2 ("Tinkertoy interface"), and was pretty much crap until SP3.

Tufty Squirrel

Re: "he himself"

>> redundancy

Yep, that's what we're talking about.

'You've had your fun. Now we want the stuff back'

Tufty Squirrel

Sounds like the anti-terrorist police are playing 'softly-softly' these days...

...after all, they found a Brazilian and all they did was question him, rather than carrying out a summary execution in public.

Four ways the Guardian could have protected Snowden – by THE NSA

Tufty Squirrel

It's all a bit irrelevant, really.

Whether or not the black helicopter crew can decrypt information is largely irrelevant. The fact that they can detect that it is encrypted is enough. Once they know that, rubber hose cryptanalysis is enough.

There's 2 use cases.

One is that someone is leaking information that "they" would rather not have out in the wild (Snowden, Manning et al). Once the information is leaked, what they want is to plug the leaks and "deal with" those involved in the leaking. So the whole idea of secrecy is about hiding who you, and your sources, are. Cryptography doesn't help much in that.

The second is that you are transmitting information that you'd rather nobody knows about. It may be that you're cheating on your significant other, it may be that you're planning a terrorist attack. Here you want to keep the information *and* identities secret - at some point the information must be decrypted, so "they" only need to find one end or the other of the chain and, again, apply rubber hose cryptanalysis methods.

Once one or more of the identities are known, all bets are off. Decryption may be possible (if expensive), but rubber hoses are cheap and readily available.

"Don't trust electronic communications" is the only reasonable approach.

Legal bible Groklaw pulls plug in wake of Lavabit shutdown, NSA firestorm

Tufty Squirrel
WTF?

Re: Intimidation

>> We began trending towards socialism after the "Red Menace" was no longer a threat.

No, seriously, WTF? The US trending towards /socialism/? You're completely mental.

Despite Microsoft Surface RT debacle, second-gen model in the works

Tufty Squirrel

Re: Wow, it truly is amazing the mis-steps Microsoft is making.

>> Excel is still the best spread sheet.

No, Excel is the most commonly used spreadsheet. It was left in the dust in terms of features by Improv and Quantrix, and still hasn't reached where they were 20 years ago. Excel is probably the number one example of a market leader stifling innovation to the point of holding the market back.

As for Windows RT, I' sure MS will manage to improve on that $900M writeoff.

The hammer falls: Feds propose drastic controls on Apple's iTunes Store

Tufty Squirrel

Nah, you want to be the one who "surveys" material on the web to make sure it's not breaking Osborne's guidelines on pr0n. Qualifications required : ability to type 80wpm with one hand.

INVASION of the UNDEAD ANDROIDS: Hackers can pwn 'nearly all' devices

Tufty Squirrel
Paris Hilton

Re: Simple solution

>> SD card blah blah apps to SD card

But you still run out of space. Not space to store applications and documents on the SD card itself, but "internal" memory used by applications and Android itself. My several-hundred-euro tablet running Android has >16GB free on its SD card, but won't check my mail because

"Out of space ... Free up some space and try again"

Fuck Android. It's crap. I've tried to like it, but it's crap.

Ballmer: 'I call it all Windows, all the time'

Tufty Squirrel
Black Helicopters

Innocent until proven guilty, m'Lud.

As it happens, it's *alleged* sexual assault, and he's not yet been actually *charged* with anything. He, of course, denies the allegations, claiming the relationships in question were consensual, and reckons the whole thing is a put-up-job to make him more easily extraditable to the US.

He has, however, offered to meet and co-operate with the Swedish investigators at his current "abode", or to go to Sweden if guarantees are issued vis-a-vis his safety from extradition to the US. The Swedes have refused both options.

Page: