* Posts by asdfasdfasdfasdf

10 posts • joined 26 Nov 2014

SCO v. IBM settlement deal is done, but zombie case shuffles on elsewhere

asdfasdfasdfasdf

There was never any SCO code in Linux...

Ignoring the fact that Novell owned the UNIX copyrights and that both SCO and Novell licensed all Linux code to everyone under GPL on their websites, SCO never presented any code in Linux that wasn't followed up and proven to be independently written.

My theory is that someone at SCO copied chunks of Linux code into SCO's code base, and they didn't realise it was that way around until *after* they started the lawsuit...

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

asdfasdfasdfasdf

Re: Really?

"My question is how do they know it's being exploited in the wild if it's a local exploit? "

What Google do is run honeypot clients that go around the Internet to see what happens. Presumably they hit a website that broke through a Chrome (or whatever) zero day, and then ran code that used this vulnerability escalating to Local Admin.

Any one security vulnerability is fairly limited, but most attackers are smart enough to chain several together.

Open access journals are vanishing from the web, Internet Archive stands ready to fill in the gaps

asdfasdfasdfasdf

Re: OA publishing

"journal where the journal's employees have read a lot of papers"

That's how I *thought* these things worked. It actually turns out that not only do Journals not employ reviewers, they don't even pay them. To publish in a journal, you also have to peer review other papers for the journal.... ...and you don't get paid for it.

Nervous, Adobe? It took 16 years, but open-source vector graphics editor Inkscape now works properly on macOS

asdfasdfasdfasdf

Inkscape has it better than GIMP

Photoshop is far more embedded than Illustrator, though. It is much easier to convince people to try Inkscape. Photoshop is basically a verb.

The Register's 2018 homepage redesign: What's going on now?

asdfasdfasdfasdf

Too few articles shown at the same time...

On mobile at least, the new site only shows 5 or so articles at a time. The old site could show 30 or so. Also on the old you could scroll left and right to make navigation much faster.

Basically it’s the mobile site curse - one very long vertical list.

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

asdfasdfasdfasdf

Wow... an administrator can...

Replace system DLLs and Registry keys? In an absurdly complex scheme to mess up signature validation?

Who knew?

Or they could install their own trusted root certificate, but that wouldn’t fill up 15 pages of pdf.

CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

asdfasdfasdfasdf

Publicly visible database

Because DNS is publicly visible and has ttl caching, it is reasonably easy to spot someone hijacking. Also anyone can run DNSSEC, you don't need to trust the root authorities (although who you'd rather trust is an interesting question)...

In any case, at least there is only one DNSSEC chain, you won't get someone "accidentally" signing a certificate for www.Google.com or *. If all else fails, why not do what you do at the moment ***and*** use DNSSEC?

Apple preps summer bonking bonanza for Brits

asdfasdfasdfasdf

The tech industry...

...is about to do to consumer banking what it did to music and book shops.

Facebook security chap finds 10 Superfish sub-species

asdfasdfasdfasdf

Re: Certificate Pinning in DNS guys!

It's actually fairly easy to set up DNSSEC...

dnssec-keygen -K <keydir> -a RSASHA256 -b 2048 -f KSK mydomain.com

dnssec-keygen -K <keydir> -a RSASHA256 -b 2048 mydomain.com

dnssec-signzone -e +1y -K <keydir> -o mydomain.com zoneFile

And past the output of this in the parent zone (alongside your NS record).

dnssec-dsfromkey <KSK.key>

UK boffins: We'll have an EMBIGGENED QUANTUM COMPUTER working in 5 YEARS

asdfasdfasdfasdf

Re: Emulation

Quantum computer emulators exist, but you don't get the efficiency.

It's a bit like having to emulate multiplication by adding number a+a+a+a+....+a. You get the right answer, but it's **slow**

Quantum computers use superposition, which is a little like white-light being made up of different colours all doing their own thing, so the level of parallelism is going to be another slow thing to emulate.

If you think about it, classical computers are basically just NAND gates glued together, it's not surprising that they fundamentally can't do everything...

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022