Posts by diodesign
3495 publicly visible posts • joined 21 Sep 2011
Page:
Vision? Execution? Sadly, omission and confusion rule Gartner's virty quadrant
IT security staff have a job for life – possibly a grim, frustrating life


Re: Re: Must be late
The point it was trying to make is that the software and hardware industries have clamped down over the years on curious-minded people reverse-engineering proprietary products and exchanging information on what they've found.
Obviously 'open' things like the RPi are there to be tinkered with. And if you crack open your no-name ethernet-to-USB printer server you bought for 10 bucks from eBay, and reverse-engineer the firmware, no one is going to know.
But, as the person who leaked the Impero encryption key found, vendors will throw lawyers at you if you go public with proprietary information. It's a tricky subject that can't be summed up in one sentence, so I've killed the line from the article.
C.
Duncan Campbell: GCHQ and me and a roomful of Reg readers
Why does it take 8 hours for my posts to be approved?


Re: Re: @ diodesign (was: Comparison)
> > You keep bitchin' on and on about moderation, which is noise"
> Only after (an) immoderate moderator(s) started rejecting my posts.
Thanks for posting comments and adding to the discussion. If something is rejected, just let it go.
> > and you post corrections when you should email corrections@thereg so we can fix them ASAP."
> It's never malicious. Are you sure skins aren't thin?
It's not about that. It's the fact that we don't have time to read every comment, and we do want every story to be accurate. So if you hide corrections in the comments, we may not see it, most readers won't see it, and it's a losing situation. If the correction is spotted, and the story fixed, the comment loses its context and becomes confusing.
It is so much more efficient to email us if you spot something bad. It's like posting a serious bug report in the app store reviews section on a popular app.
> > Many of your posts are allowed through.
> True enough. If you're ever in the SF office, drop me a line. I'll buy you a beer.
Ta. I am always in the SF office.
C.


Re: Re: @ diodesign (was: Comparison)
"Care to comment in public on why many of my posts (over the last year or so that I've been on "the naughty step") have been rejected"
Fine. You keep bitchin' on and on about moderation, which is noise, and you post corrections when you should email corrections@thereg so we can fix them ASAP. Many of your posts are allowed through.
C.


Re: Comparison
"I think it's worth ponting out that the forums of El Reg are much more civilised, intelligent and readable than most other forums I've seen. I don't know whether it's the vigilance of the moderators or the moderation of the commentards, but the result is good."
Thanks. When a conversation/discussion is flowing, we leave well alone, go for the light touch or only get involved if someone reports a comment.
By weeding out people who are just here to yell abuse at writers and daub e-graffiti on stories, and rejecting early signs of idiocy, we're clearing a space for a witty and knowledgable bunch of vocal readers.
C.
No, Microsoft: Your one-billion Windows 10 goal is just sad ... really sad


Re: Re: Goodness.
"the bitching about Windows 10 out of the writers here is getting very old"
Consider it an antidote to the acres of arse-licking in the "tech" "press" over Windows 10.
If you want 100% praise for all things Microsoft, CNN is that way --------->
C.


Re: Goodness.
"Sort yourselves out. You're a mess"
It's an opinion piece - it's the opinion of the writer. We have dozens of writers - some staff, some freelance - and we do disagree with each other.
The Reg is a broad church. Would you prefer us all parrot the same thing, or provide a range of opinion and analysis?
Tedious. Post less.
C.
Edge out rivals? No! Firefox boss BLASTS Microsoft's Windows 10 browser brouhaha
NetApp sees IBM/Cisco VersaStack as 'huge' threat to FlexPod
Windows 10 in head-on crash with Nvidia drivers as world watches launch
Moto fires BROADSIDE into the flagship phone's waterline with X Play and Style


Re: Re: Interesting..
"OK, El Reg journo's, here's a job for you: a table tracking mobile phones and how well they have been tracking Android updates"
We're polling manufacturers this week on their response timings to the Stagefright bugs (there are 7 CVE-listed bugs) and the devices that will be updated – and hope to have something to compare that to, as you suggest.
C.
Want longer battery life? Avoid the New York Times and The Grauniad
Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet


Re: Re: Congratulations on repeating exploits before they can be fixed
"your logic is flawed."
You mean, Apple's logic. Look, the matter has gone full disclosure. I can't think of anything more frustrating than an article that says "there's a local root hole in OS X Yosemite. We won't tell you the details, you'll just have to Google it."
Bonkers.
C.


Re: Congratulations on repeating exploits before they can be fixed
"Congratulations on repeating exploits in detail before they can be fixed"
Apple has fixed it. You just have to upgrade to El Capitan. Don't want to upgrade? No problem, you've been warned and are aware of the risk. There's also a workaround in the story. The exploit has been public knowledge for two weeks – the bad guys already know. You should know too.
"However, the article does not Emphasise that you must first have privileged access through an app."
You've misunderstood. This exploit allows normal software – like a simple tool you've downloaded from the web – to gain root-level access without a password. Without prompting the user for a password. That's bad.
Post less.
C.
Robot surgeons kill 144 patients, hurt 1,391, malfunction 8,061 times
TITSUP: Apple Music, App Stores, iCloud, iTunes, Radio, iBooks
Ashley Madison hack: Site for people who can't be trusted can't be trusted
Google, Adobe barricade Flash against hacker hordes – we peek inside


Re: Re: Have we just proven that Flash is a pile of crap yet again?
"expose such internal structures to do it's job?"
They don't. But they all use memory: they use memory to store variables. Variables store information for the running Flash script file. When you're using variables, you're using memory. If you abuse variables by exploiting one of the hidden design flaws in Flash you can change parts of memory that don't contain script variables but do contain information crucial to the operation of Flash. This allows you to change the way Flash works, which eventually leads to the plugin running malicious code.
Flash doesn't expose its non-variable data to the ActionScript programmer. But it has hidden design flaws that people can find and exploit to access non-variable data, and change the way Flash works.
C.


Re: Have we just proven that Flash is a pile of crap yet again?
"It's a scripting language, you shouldn't be able to furtle with internal variable details"
You're thinking too high level. JS and AS can both be vulnerable to memory corruption leading to exploitation. You have to exploit a bug to furtle with the vector length value - such as a buffer overflow or use-after-free().
eg, in ActionScript, let's say your plugin's memory looks like this: B = buffer byte, V = vector byte, L is the vector length, and . = empty space. You've got two objects, a buffer and a vector allocated near each other:
BBBB....LVVVV
There's a missing bounds check on the buffer, so you overflow it by writing too much data to it (from your malicious Flash file) and run over the nearby vector. * = the smashed length:
BBBBBBBB*BBVV
So moving the buffer objects well away from the vector objects prevents you from easily overwriting the length value.
Now, you can do this in JavaScript. There are plenty of exploits in the past where a use-after-free() has been exploited to modify memory allocated on the heap.
C.
Seagate wins HP as ClusterStor array reseller, bolts on IBM Spectrum Scale
Pan Am Games: Link to our website without permission and we'll sue
Attention dunderheads: Taxpayers are NOT giving businesses £93bn
Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals


Re: Enable click to play?
if you have Chrome: Open Settings -> click on Advance Settings -> click on the Content settings button -> scroll to the Plugins section -> Select "Let me choose when to run plugin content" -> click on Done -> Close the tab and restart the browser just to make sure.
If you have Firefox: follow these instructions.
All other browsers: reconsider your life choices.
C.
Uber to drivers: You make a ton of dosh for us – but that doesn't make you employees
Five lightweight Linux desktop worlds for extreme open-sourcers

Re: Another minimalist here
Rox! That's a good choice. Basically, there are so many Linux desktop environments to choose from, I think Scott did a grand job recommending the best for most people. Millions of people read The Register, everyone's going to have an opinion :-)
I've always been an evilwm-level user, personally.
C.
Trebles all round: The BBC's won this licence fee showdown
US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives
The bucks stop here: NYSE freezes trading, blames 'technical issue'
We tried using Windows 10 for real work and ... oh, the horror
Leap second bug?
Even Apple doesn’t mess with Taylor Swift
Super Cali goes ballistic – Uber says it's bogus (even though its contract is something quite atrocious)


Re: frank ly
This is, indeed, an homage to the Liverpool Echo's headline (later used by the Sun). We've pointed that out the last time we did a Super Cali heady.
As for the rhythm of the headline: yes, we did sing it out loud, and yes, it is missing a syllable. However, we felt it worked better with a pause to skip the missing beat rather than squeeze in a boring word like 'terms' that would have changed "is something" to "are something" and ruined everything.
Headlines. A serious business.
C.
Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X
It's curtains for you, copper: IBM boffins push the LIGHT FANTASTIC
Facebook ditches HTML mobe future in favour of Zuck-style JavaScript
Everything Apple touted at WWDC – step inside our no-hype-zone™


Re: The Fall
"Please say Autumn."
We're a UK-owned company, but our writers and editors are Americans. Fall means autumn, and autumn means the Fall.
Let's all work to get along, huh?
(PS: US readers > UK readers in the latest monthly stats. Sorry, Brits. We're trying out best with bonkers boffins headlines.)
C.