* Posts by xslogic

24 posts • joined 29 Apr 2013

Europe dumps 300,000 UK-owned .EU domains into the Brexit bin

xslogic

Re: Where are the Brexit fans?

As to the topic of the article, the ".eu" domain, there are non-US companies registered as ".com",

US domains are .us, not .com. If you check Wikipedia, you'll find .com is "Commercial entities (Worldwide)"

I know technically it's US run and it tends to be biased to US firms - but it's still worldwide.

Windows 10 grabs 22 per cent desktop market share in a year

xslogic

Re: Great Table

Why would they need scripting? The user agent gets sent with each and every access and usually (Unless you deliberately change it) contains the the browser name and the OS that it's running on.

Letters prove GCHQ bends laws to spy at will. So what's the point of privacy safeguards?

xslogic

Re: Lack of knowledge over ... signing

Ah yes. Yes, [Prime] Minister - the show that, apparently, had the civil servants saying they had ministers down pat - but the civil servants were a bit off. And the ministers said the civil servants were accurate - but the ministers weren't quite how they were portrayed...

It killed Safe Harbor. Will Europe's highest court now kill off hyperlinks?

xslogic
Thumb Up

Re: Take down all road signs...

Exactly.

It's not as if HTTP haven't had things like password access for a long time or that encryption doesn't exist.

The legal implications if they did decide that this was wrong are a little worrying. I can see people ending up having to prove that they got URLs off a legitimate source.

Call of Duty terror jabber just mindless banter

xslogic

Re: See what happens when you think CSI:Cyber is a series of training films?

I've seen a couple of episodes - because I didn't believe it was as bad as I'd heard.

But then, I'd also watched a couple of episodes of Scorpion. So - I suppose I should have known it could be far worse than I'd heard...

xslogic

Re: Yes, but....

Whoever said that terrorists would have long, detailed discussions by this means?

Continuing with that theme, wasn't there a court case last year against alleged terrorists (Don't know if they got charged) where they were looking at a terse message and saying "This bit could mean" a lot...?

YouTube puts T-Mobile US on naughty list for throttling all vids to 480p

xslogic

You say that it isn't copyright infringement to watch in anything other than the resolution given - (I'll choose to use that phrasing rather than native resolution because - it's youtube and they'll rescale it) - but are you sure that the way they've written the "format shift" parts of the copyright law have been written with this in mind?

I mean, any playback device can and will reformat it - by necessity - but I wouldn't be surprised if somebody in parliament went "Whoop! We've actually made this normal use case entirely illegal - never mind" (Bare in mind that the UK government has made it so they can ask for the keys for your SSL traffic and then arrest you for not being able to provide them - and want to have "connection records" but to fully comply with that you'd need to track every data packet between every router - after all, the description is so woolly and every packet is effectively a connection...)

Untamed pledge() aims to improve OpenBSD security

xslogic

Re: Pretty bad idea

Well, for a start - you appear (Unless I'm missing something) to be talking about changing directories and pledge() is about disallowing parts of the API. If openvpn is designed to read files from a directory, changing the directory that it's reading from will not be affected by pledge(). If you then go to read it in from some exotic device that requires extra API calls - then that is going to require a rewrite to your code to require extra API calls. (Which does mean that the person writing the code is going to have to know which parts of third party libraries may or may not be called. This may be interesting if, for example, you upgrade a dynamic library for reading device information and it suddenly sprouts support for talking to some exotic device that requires extra API calls...)

pledge(), for example, would allow you to start a webserver up, bind to a socket and then get rid of socket(), setsockopt(), bind() and listen(), never to be used again. If it's a daemon and you want to fork() once at initialisation and then never more - fine, cut it off. If you decide you *do* want to use it later on, it's likely going to require recoding the application.

Using both may be useful, though.

The training is a tricky one. It'd be possibly - but you would have to make sure you fully exercised the code.

Finally, I'd guess that the upfront model failed on Android because a) a (very) large number of people have an Android device, b) applications are relatively easy to develop and deploy, c) the original vendor of the code is interested in selling convenience, rather than security (To a point) On the other hand, at least the last point is false for OpenBSD. (Yes, you have to weigh your options and decide if it's a wise thing to do - but then you'd have to anyway)

xslogic

Re: Pretty bad idea

If you need to make it do something different, you're probably modifying source anyway. Anything you want the program to be able to do shouldn't be dropped.

You're talking about using signed policies which are less flexible. (Both in terms of having to provide 2 separate files and from the point of not being able to drop privileges when you no longer need them)

There are privileges that you may not want the binary to have at all, even briefly - but you'd probably still want to bake them into the binary directly in some way that they get activated before the binary is run.

It's an extension of what most (ftp, http) servers do. (e.g. typically servers used to start as UID 0 (Normally "root") and drop down to another user who can do less damage when they've opened the relevant port number. (Port numbers less than 1024 normally require UID 0 access - dunno if any of the security frameworks affect that...))

'To read this page, please turn off your ad blocker...'

xslogic

Re: ODFO

Indeed.

And I'm sure if there weren't so many obtrusive adverts out there - and that's not just counting the Trojan horses and the tracking tools of which he mentioned - he may have had a point.

It isn't theft for my browser to ignore parts of the data you've tried to give it any more than it is theft for me to run a virus scanner. (Also, I do wonder how many websites break either the computer misuse act or the data protection act)

On the other side of the coin, it's okay to block browsers for not displaying adverts. That is not theft either

Running the Gauntlet: Atari's classic ... now and then

xslogic

Re: Home computers

The C64 version also scrolled:

https://www.youtube.com/watch?v=zu17nSw65co

Heinz cockup sees Ketchup's QR codes spurt saucy sites

xslogic

Because they take up less space, cause less "errors" in typing and everybody has a smartphone, obviously.

Apart from the fact they take up more space, cause errors like this and I'm in the minority of not actually having a smartphone*, that is.

*Well, I do have one. It's a cast off I got when somebody moved up to the latest model. I occasionally use it to watch video, but my SIM card is too big to fit in it.

UK.gov loses crucial battle in home-taping war with musicians

xslogic

Re: "The government has already vowed not to introduce a levy on copying music."

I can see somebody using it as another reason to leave Europe.

Course, somebody else did make the comment that the music industry say they're selling us the licence to listen to the music, rather than the physical media, we should also be able to take in goods that have become defective, and indeed swap for other formats. (e.g. we should be able to hand in CDs and get something we can put onto our MP3 players - after all, we've already bought the licence to listen to the music...)

Open source power-up on the way for arcade game emulator MAME

xslogic

Re: Would love

I have to admit, I tried it at the local showing of the games master exhibition and... Yeah, I preferred using left and right on the computer versions instead of having a "turn around" and "thrust" button.

Might have gotten used to it if I'd spent a bit more time on it but - limited time and all that.

Facebook echo chamber: Or, the British media and the election

xslogic

Re: @AC (the fucking idiot) @fruitoftheloon @Rich 11

To be fair, the Tories complained about it - made some vague statement about stopping PFI - and then continued on doing it. Sometimes it does feel like an outgoing government deliberately leaves a mess for the next lot.

One lot wanted us to pay for the privilege of having ID cards, the other lot wants to push through laws to make what the security services currently do legal. (Even though it's questionable whether they are or not, privacy wise. This is not the first time a UK government has put through an illegal law, though - and probably won't be the last)

Also, the thoughts of leaving the EU and getting rid of human rights (Most of them appear to be postfixed with "national security trumps this", the last I saw) is more than a little worrying. (The first of these is mainly, it has to be said, because of the second one and troublesome things like the data protection act)

VMware sued, accused of ripping off Linux kernel source code

xslogic

Re: Case..

The thing with Cisco, IIRC, is that they were providing a version of GCC on their website as a binary. They themselves had received it from the chip vendor - who had not provided them with the source code. The developers can't sue the chip vendor (After all, they give no offer of the binary to developers) and Cisco isn't going to sue the chip vendor - they still want their chips.

Thus Cisco wanders off and decides not to donate engineering time to Linux.

I'm not saying the Cisco is whiter than white - but it's all shades of grey. I'm sure there are also companies who comply with the letter of the law on GPL that you wouldn't want developing for it.

(You are right, though - the licence does have obligations, (Just like the BSD licence - which most GPL developers seem to forget) just like any licence with Windriver or Microsoft or anybody else would)

Don't pay for the BBC? Then no Doctor Who for you, I'm afraid

xslogic

Re: Devices (@ Illiad)

Errr... No. The only thing that's currently subscription on Freeview is BT sport. And for that you require a box that'll plug into your HDMI socket. There is no option of a CAM.

Besides which, I'm less sure on TVs, I'll admit, but I do know it's difficult to get a cheap Freesat box (Which also has to be catered for) with a slot for a CAM these days. (I speak as somebody who tried to find one to buy)

Internet of Things? Hold my beer, I got this: ARM crafts OS to rule them all

xslogic

Re: We all saw this coming...

You got a license for me to sign? Your product dies.

Errrr... And why do you think their product will die just because you disagree with signing licences?

If people producing products didn't agree with licences, that'd mean there were no Freeview or Freesat boxes on the market - Not that that would necessarily be a bad thing, as such, because you could still create a box that'd *receive* the stuff - and it would not be able to decode HD content (Because you need a licence for H.264 which they use for HD) and no Dolby decodes. (And thus some of your channels would be quiet)

Just because you - who wouldn't generate them any money anyway - disagree with signing licences, it does not mean that the people who *do* generate money for them won't.

xslogic

Binary blobs?

Except you don't know that.

Looking at the current tree, (A casual look through some of the directory - admittedly not comprehensive search through everything) at the very least the ethernet drivers for Freescale and NXP are available as source under, what looks like, a BSD like licence.

https://github.com/mbedmicro/mbed/tree/master/libraries/net/eth/lwip-eth/arch

There's also a bunch of other drivers under this directory:

https://github.com/mbedmicro/mbed/tree/master/libraries/mbed/targets

Just dipping in, plenty of .c files and .h files, the odd .cpp and .s files. The odd one has the Apache licence.

In the article there is mention that the TLS library is not open-source - part of it, at very least, appears to use axTLS - which is BSD licenced.

xslogic

Re: I first saw this info on the BBC website

The BBC mostly don't annoy me - but this seems particularly bad given that it appears to be BSD/Apache licenced and the MIPs and Intel crowd could fork it and write their own drivers, if they so wanted. (Imagination may be interested, but I can't see Intel looking to something quite that small)

David Cameron: I'm off to the US to get my bro Barack to ban crypto – report

xslogic

Re: MP's IT Training? @Bloodbeastterror

A slightly better link: (And a little shorter)

http://dilbert.com/strip/1995-04-03

xslogic

AVS key?

What, like this one?: http://www.revk.uk/2013/12/abs-lock-vs-3d-printer.html

Apple: You thought Google dodged taxes? Get a load of THIS

xslogic
Coat

You mean...

...this is a rare case of Apple copying Microsoft, rather than vice-versa...

Ten ancestors of the netbook

xslogic
Unhappy

Re: Less is more

Yeah - a lot of people seemed to want a small device that would fit in their pocket with a large screen, a full sized keyboard and the processing power to fully simulate a universe while costing less than a loaf of bread.

Just replacing my Eee 901's keyboard for the second time.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020