* Posts by 02X7Cm

27 publicly visible posts • joined 22 Jul 2013

Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt


This raises an interesting problem.

About what to do about bugs that are so severe that it is kept off public bug trackers but can affect other forks/variants/systems?

Here I guess the beef is they informed others but not the new fork.

Well, honestly, you're not required to inform others, but, it is an opensource project, and the whole system works on a system of honor, so it's kinda irresponsible to not disclose it to dependent forks.

But then again, if a project were to just disclose all such severe bugs to all who "wants" it, I'd question it's security. For all we know, the fork's developer could be working for the NSA/KGB/GCHQ :), I'm sure they could put to use such window of opportunity. IMO LibreSSL isn't used or important enough to need to know such details at this moment in time.

Time-rich Brit boffin demos DIY crazytech wolverine talons


what a nutter

PGP wiz Phil Zimmermann and pals tout anti-snoop mobe – the Blackphone


Trust? LoL

Let's see, Android -> Google -> American = check. Phil Zimmerman -> Silent Circle -> American = check.

So you're telling me they don't have to comply with what their own government wants in a secret court / backdoor dealing. I respect Phil for creating PGP, I'm pretty confident in him, but he is still an American citizen.

I might consider giving a phone some trust if it was made by a Swiss in Switzerland based off FreeBSD/Debian.

Mozilla CTO Eich: If your browser isn't open source (ahem, ahem, IE, Chrome, Safari), DON'T TRUST IT


And even if it is open source, don't trust it.

Firefox health report (on by default, and telemetery - not on by default) submits so called anonymous data back to their servers but if their servers are compromised by government surveillance schemes, they could still be used in combination with other meta data to determine the status of individuals.

There is also the option to use Chromium, which IS open source, though I'm not sure if that also has phone home statistical collection "features".

I wish Firefox would at least ask for ANY collection permission when it's installed, last I checked they didn't.

If recent events and revelations hasn't prompted the open sourcers to rethink their stance of "collecting for statistical reasons is perfectly fine" and they seem to think they can trust their own servers then frankly they're being naive.

Snapchat: In 'theory' you could hack... Oh CRAP is that 4.6 MILLION users' details?


Don't check with your e-mail address

If you're affected by the snapchat episode, don't enter you e-mail.

AFAIK (could be wrong) but reading the exploit in code and looking at their API the most detail it leaks is phone numbers, display name, username and whether the account is public/private, e-mails isn't part of it.

If you do enter your e-mail you will be leaking your own info. Who such checking sites are run by is irrelvant.

Lyrics upstart Rap Genius blacklisted by Google for Justin Bieber SEO scam


Just to add more perspective

I don't know why people don't even see this, but those affliates programs web hosting companies and even the likes of Amazon do, they're the same quid-pro-quo link building exercise.

Often those affiliate links don't contain desciptive blurbs or included in relevant contents either, and it is another classic SEO exercise as it boost page ranks and is targeted mainly towards bloggers and forum posters.


Re: I hate to break it to you

@Gordon Pryra

Sounds to me that you're one of those that aren't actually aware of much on the internet and either have nothing to do with any industry connected to the internet or you're actually quite incapable at your job but thinks otherwise.

You have no idea what my job is, nor have I mentioned it anywhere and you assume my job was spamming or somehow involved in doing such acts? I hate to use the word troll but that's what you seems like to me.


Re: Does SEO even work?

"Trying to game the SE's is easy to spot, and always hurts the site in the end."

Whilst you are "correct" in saying there are plenty of "SEO guru" selling snake oil around but sorry, you have no clue what you're talking about. SEO is done by every internet company in existence (Dropbox, Twitter, Flickr, Yahoo, Google, you name it, they've done it) plus companies who hires digital/advertising agencies to make their presence online.

At least 80%+ of sites on Google's first page would've done SEO, and I'm being conservative.

Anyone who's technically capable and been working on the internet since the 90s will be able to tell you that.


Re: I hate to break it to you

Actually having looked into this particular case, I agree they should be punished, on first read, where the article wrote "that such quid-pro-quo arrangements were only for blogs that posted relevant articles". That bit caused me to think it was the normal practise.

But looking into the actual content that company sent to the bloggers, it actually made no mention of putting in relevant content.

So I blame the statement in the artcle. My view on link building still stands though, the key part is you must have relevant content.

This isn't bad SEO, it's done because it works by utilising the PageRank "pollination" system Google has and because pretty much everyone does it, the "natural" order is arguably preserved except for small portals that are run by people who have no clue how the web works.

I won't waste my breath explaining more to people who are clueless, naive and are just looking for news to bash. But know that you are also bashing WWF, RSPCA, Greenpeace (or basically all charities with reputation) and conglomerates like P&G (and all their brands underneath) as much as every advertising agency in existence, even social media sites like Facebook and ironically Google itself.

I'm not justifying the practise's morality, that's for others to discuss, but you can't stop it - full stop. No matter how hard Google or anyone tries. As I said - in this case the company used bloggers, the bigger companies would use charities or even the press - and it's basically the same thing. Discuss or hate to your heart's content, link building is a SEO practise you can't stop.


I hate to break it to you

I work(ed) in the advertising and digital agency business and I don't see anything wrong with what they did (so long as the blog post by the bloggers do include some blurb about bieber).

This is standard practise SEO pretty much any company big or small would do. The big ones (basically any big brands) usually comes in the form of some free benefit to well known (usually global) charity or sponsorship in exchange for a link on said charity site with a blurb.

Those of you who don't know what actually goes on in companies and agencies (or the world) might be shocked at such revelations but I think Google is being too draconian, heck even the agencies themselves usually put their own link into the footer of sites as a credit link for SEO (and referral) purposes. Thing is the SEO "industry" will exist whether you like it or not, this particular event isn't even at the level of a "black hat" SEO.

Some of the comments here baffles me since such practises has gone on for longer than a decade. I guess the only real difference in this case is their reliance on non-trusted third parties, but other than that seriously, there is no difference. I'm willing to bet 80%+ of Google's first page ranks have done something similar perhaps in a different form. This is literally just akin to a link exchange and it's common(ness) dates back to the 90s.

ARM server chip upstart Calxeda bites the dust in its quest for 64-bit glory


Re: Didn't we just have a story 2 days ago...

Yeah, you have to wonder who on earth started that story.

Just because a Google engineer approached ARM to get some samples to do some price/performance analysis for their custom liquid cooled DC is hardly anything conconrete. Any sane internet engineer would do the same if they had that sort of scale.

It was a pipe dream from day 1, I'm weary that some of these tech stories now-a-days are trader/media manipulation attempts on stock prices. (not saying that was - but sometimes - the link is obvious on certain tech stocks)



It was all well and hyped back in 2009. Perhaps if they didn't take years to get the latest ARM designs out they might've stood a chance. How many product cycles has Intel released since then? Any advantage would be dissolved already.

Facebook switches itself off and on again after GLOBAL meltdown


There is no walk of shame nowadays

It's just the click of shame to turn it on and off again, because the engineers were too lazy to walk.

Windows 8.1: Read this BEFORE updating - especially you, IT admins


Use the downloaded files?

Actually there appears to be an invisible folder on your root C: named $Windows.~BT that looks to have the same structure as the original Windows 8 upgrade disk I had.

I think there is a chance it's usable. It was around 2.4GB just before installation started and that's again around the same size as the W8 upgrade disk.

I didn't bother trying since I wanted to do a fresh install I reinstalled Windows 8 fresh then just used the normal upgrade route. I only have one laptop using W8.

Run a server on your Gb/s Google Fiber? OK, fine, fine ... maybe a small one


To be honest

Plenty of people already run private servers and services on all those ISPs that bans everything anyway. As long as it's private use and are on non-standard ports the ISPs can never tell.

So really, it makes no difference does it? I remember the days when I used to run servers from my University dorm using JANET's uber-fast connections.

Krzanich: NO new Intel 14nm Broadwell chip for YOU, world, until 2014


Cloud revenue

Must be nice to have revenues that is always available and can scale on demand.

AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack


Who's the provider the got pwned?

Avira said it's "Network Solutions". Can I assume Whatsapp and AVG uses them as well or another DNS/domain provider.

It would be nice to know so we can avoid using them, and yes I somewhat agree with the sentiment that the only ones that should be shamed here is the guys behind the major service providers, so please, do us all a favour and reveal them.

GitHub wipes hand across bloodied face, stumbles from brutal DDoS beating


Re: Not even a small developer would trust it for private, internal code

When you're talking about DDOS attacks "security through obscurity" is the only way to prevent DDOS from happening in the first place. If nobody but your core developers know the location of the repository... so no it's not "stupid".

Of course you can't stop anybody from deliberately targeting your developers thru social engineering / trojan / malware / 0-day exploit that will then potentially compromise your systems, but the point here is that a DDOS attack on your "central" repository potentially stops one (or more) from working.

Git maybe decentralised, but when groups work together people still need to merge/fork/branch on common ground.

Any tech/software companies that relies on a cloud repository WILL think twice about renewing their services or bringing it 'in-house' or at least deploying a private cloud / vps (perhaps even run by the public cloud providers) where their own repo will not be affected in case of a DDOS on the public cloud.

The OP DOES make a good point in that companies like IBM where security and trade secert is of paramount importance would not even have a repository accessible from a public IP. They're more likely deployed and accessible only via limited VPN access if they're even allowed to access it over the internet.

It's pretty common knowledge that if you want things to be secure, first of all, get off the grid.

Hang in there, Internet Explorer peeps: Gaping zero-day fix coming Tues



your readership aren't using IE unless forced to by some obscure web-page that still uses javascript pop-ups to alert users that they need to use IE and whose servers are hacked into since late 2000 but to-date nobody within the orgnisation even know why there are occasionally out-going traffic spikes the size of their entire DB to a obscure IP.

Google: Thanks for the billions in revenue, UK. Here are your taxes, that's ... £11m


Re: nowt strange...they're all at it

The thing is, all home-grown UK multi-nationals are also doing the same thing. Who doesn't want to funnel money to tax havens if they can?

There isn't a solution to this problem because you can't stop a foreign company from charging a local company a royalty/service charge equals to the amount of profit in order to funnel money to a country with less corporation tax / back to their home country.

The only real solution is to encourage more home-grown multi-nationals who would be more likely/willing to funnel money "back home", but even that's questionable now-a-days where people generally aren't nationalist or patriotic to the point where they'd give up profit for the benefit of where they live/were born into. Especially once they go publicly traded, they'd be pressured to prioritise profit over everything else by investors.

Facebook reveals plan to WIRE THE PLANET


underlying costs of delivering data

I wholeheartedly agree that in order to get the rest of the world connected - the "underlying costs of delivering data" must come down.

However I fail to see a connection between the underlying cost of delivering data and effiency. Personally I believe many properly created and maintained websites and apps already deliver data efficiently enough by compressing data.

What is the problem in the ROTW however and where the "underlying cost" has a direct relationship with, is the number of underwater cables and cost of tier-1 connectivity. I hope Google and Facebook and other big internet tech giants would invest in more underwater cables AND expose them to third-parties in order to reduce the regional cost of data. The DC/telco/cabling game is currently really dirty in many regions and suffers from protectionism and under investment, that is in my opinion the real underlying cost of delivering data.

Apple to accept iPhone trade-ins at US Retail Stores


Re: UK Trade In

That's sort of what you'd expect from a large retailer doing this sort of thing isn't it? They wouldn't have bothered if they didn't find it lucrative enough to put their toes in.

ISPs: Relax. Blocking porn online won't really work


Relax? RELAX?! Are you serious?

You're trying to say now that it won't really work so we can relax?! I'm sure most if not all of us who comments already know we can bypass it on DAY 1!

The problem here isn't wether we can still access pornography. There is a HUGE list of problems with this new "law".

1] Cameron is simply trying to assert HIS idea of moral onto everyone - this isn't what government is supposed to do - we all know what happens when people try to FORCE their ideologies onto others. Hitler, Communist China are prime examples of recent history.

2] Breach of privacy - default-on involves telling somebody else at some point that you'd like it disabled - and privacy is something that needs to be respected in bedroom matters.

3] Spying - this isn't just about porn, illegal search terms being potentially intercepted.

4] Freedom of speech and expression - I know this is an American thing, but I do expect the UK to at least start tilting that way instead of towards communist China ideologies.

5] Precedence - This is BAD. Bad for the ENTIRE world. No really. The moment the British who helped invent the internet start filtering and censoring - everyone else will think it's "normal" when it isn't and shouldn't be. Iran, China, Russia will have more excuse on clamping down on their dissidents.

So given that there these 5 issues that I can see immediately, I really don't think it's a matter of whether it works or not.

Thumb Down

Re: Just get the filters installed and everyone shut up.

Epic fail. "Everyone shut up" part of your title is plenty of problem in itself.

Look, if you want to be Chinese. Move your ass to China, they need english teachers. You'd be happy, I'd be happy.

Take Cameron with you.

WAR ON PORN: UK flicks switch on 'I am a pervert' web filters


Censorship from the BBC

I was about to post the BBC, written my comment, then found that they just disabled the comment system. Looks like self-censorship already started over there over the censorship of porn.

Rotten hackers feast on mouldy Java flaws


Re: Bad written software = old versions needed = vulnerable systems

It is possible to write codes that are backward compatible, but it's impossible to write codes that are future-proofed indefintely no matter how elite one is...

Your lazy blanket statement doesn't seem to consider how softwares are made and the dependencies that are involved from top to bottom or how often organisations tries to cheap out on maintenance contracts or don't want to buy newer versions that works on the latest and greatest.

Spotify: If musicians don't give us their stuff they get pirated more


I'll never get used to paying a subscription to listen to radio, but that might just be me, artists only deserves my monetary "reward" if it's actually worth it. Let's face it, Spotify is just a subscription-based on-demand radio service.