* Posts by Jach

93 publicly visible posts • joined 25 Jul 2007


Microsoft: IE9's web privacy hole? A feature, not a bug


Interesting idea of a whitelist

Whitelist is now a copy of the blacklist and the whitelisted domains are the ones that are missing from the original blacklist.


Programmer gets 8 years for theft of stock trading software


You fuck with Goldman Sachs...

They fuck you even harder.

Anonymous hacktivists fire ion cannons at Zimbabwe


Re: voting et al.

It is on the shoulders of the smarter minorities to realize that their votes are worthless, but to convince the majorities of the opposite while at the same time convincing them to vote for something resembling the most rational possibility. The world sucks, and at present whoever most skillfully manipulates the unthinking majority wins. That war didn't stop because of the monk, it would have stopped without him, along with countless other individuals whose contributions were even less, yet it's a necessary delusion for those countless individuals to believe they are making a difference, because even tiny amounts add up. Idealogical resistance, as you put it, is very important.

Nevertheless I still personally believe DDoS attacks belong to the same category of Stupid Ideas along with "Quantitative Easing", Zimbabwe's screwed enough as it is, and with corporations, if only it were so easy for the masses of botnets to forcefully close customer accounts and sells. A few million to beef up their DDoS protection systems is nothing, losing a few million customers could be much more harmful.

Mozilla tames Firefox tab monster with Candy


Trees are better

You can group them much more quickly and still have all of your tabs available when you want. Other options include tab mix plus for multiple rows, but sorting all your tabs into a tree really rules.


PerlMonks suffers unholy hack


Smug Mode Activated!

Ya know, just 'cause it's Perl this time instead of PHP. :) (Yes I know language doesn't really matter if you know security and blah blah blah.)

On that note, here's some code to generate and rip a combined salt+hashed_with_salt_pass code, in PHP of course:

function get_salt($hash, $salt_length=10) {

$salt = substr($hash, 0, $salt_length);

return $salt;


function create_hash($plain_text, $salt_length=10) {

$salt = substr(md5(uniqid(rand(), true)), 0, $salt_length);

return $salt . sha1($salt . $plain_text);


Former astronaut takes control of NASA

Thumb Up


Colonizing extra-terrestrial planets seems to me more doable and more profitable (especially in the long term, and especially in the -long- term when the Sun swells up and almost eats Earth) than spending money on, say, feeding the starving children of Africa. But if you're meaning something like alternate energy, I couldn't agree more that money should be spent on that, and it would benefit NASA too. (Rockets don't exactly use a small amount of fuel.)

Also I doubt you (or I) are completely aware of the benefits the spending has given mankind. I know a sizeable handful, but I'm sure there are tons more.

Anyway, this guy looks great for the job! Let's hope he succeeds without much government squashing (come on, there has to be some right?).

Microsoft hosts Feynman lecture series


Bah Silverlight

I guess I'll emerge moonlight and see if it works, 'cause I really want to see these, but I'm also tempted to wait out a torrent that's in a different format...

rofl at the "No restart is required" sales pitch on the link. I don't remember what it's like to have to restart after installing anything. (Oh wait, yes I do; I recently installed Firefox 3.5 for a Windows friend.)



Nope, no dice. Sucks for us Linux users (and I guess Mac users). Now to purge moonlight from my system...

@AC Since we don't have the option of "click here to install! and all will be well", Silverlight is indeed the problem.

Masked passwords must go

Big Brother

Not a fan

Like hell I'm going to write the simple JS for offering a choice. (Okay, maybe if this catches on...)

But jeeze, if you fail with your password, write it down or use your browser's remember password feature, or memorize it already.

What would be a more welcome change would be an end to retarded password policies. If you want me to have upper and lower case and digits and funky chars, let me use my 34 character password, don't force me in the 6-8 character range where I have to do something like &i1eLmH& (if I ever Lose my Hands, song-generated style). In my own code I don't care; if they want to 'protect' themselves with a 1-char password, go for it. Same with a 100 char one.

Stallman: open-source .NET 'danger' for Debian


Wrong Attitude, I think

The quality of an application comes first (especially to non-coders), not what language it was written in, and not whether it might disappear in the future due to legal crap. If this is really at all worrying, the more logical thing to do I think would be use them now, and start porting the code over to a different language (if it's open source C#). I'm all for free software and Python and so on, I even use Gentoo Linux, but I'm not going to limit myself to crappy applications just because I don't like what language they good ones were written in, or because I'm scared Microsoft might try to do something I doubt it would get away with easily if at all. Remember, converters, that what the masses care about are good applications, not ideals about software.

Firefox 3.5 gets third release candidate


3.5 is awesome

It's super fast AND it has a tiny memory footprint. See http://dotnetperls.com/chrome-memory

To people complaining about start up times, is that really an issue at all? How long does it take your OS to boot up? How long does it take to log you in and start all those programs by default?

Only downside I've found so far is that several add-on devs haven't been keeping up.

Twitter profile hack pwns Mormons


Thanks, Reg

I live in Utah, and this escaped my notice. Of course I don't watch t.v. any more, so the garbage of "Fox 13, Utah!" and other Mormon tentacles can't get me...

Unsafe at any speed: Memcpy() banished in Redmond


Problem with the coders, not the language

Banning parts of a language because they could be dangerous or used unsafely is frankly ridiculous. It's a reason Java doesn't have real operator overloading and multiple inheritance. It's a weak argument people use to bash PHP (because it's easy to pick up and lots of idiots who shouldn't be programming in the first place use it).

Obama pledges 3% of GDP for science


It's a start

Personally I'd like to see more. But this is the right direction.

The internet is for violent jerks, study finds


Another conclusion?

Taiwanese teenagers, who are "net addicts", are jerks.

Google backs EU's Microsoft antitrust battle


Problems with implementation?

How does MS exactly "play fair" with this? Bundle every browser on the planet with their OS and let users pick from a daunting list (with IE conveniently placed at the top, and the biggest competitors such as Firefox and Safari at the bottom), or at least provide a list of mirrors for each of these that their selection app then fetches? (The user wouldn't be able to go get one themselves, having no E. Unless Windblows has a native wget utility?)

Bunches of Linux distros just stick Firefox as the browser, with wget and sometimes links or lynx ready in the shell, and the user can go get a different one online or through the package manager if they like. So it should be with MS. Sure they have an advantage, but that's about all they have going for them with IE usage. Keep making the browser loads better than IE; MS will improve IE by copying the ideas to keep the masses from flocking away (tabs!), there's the competition to do something better and innovative.

ISS astronauts lose 'alarming' amounts of hipbone strength


The solution:

More women in space! Married couples make it easier, too.

Microsoft boasts 'out of box' IE8 clickjack protection

IT Angle

Did I miss something?

"Microsoft has beefed up its latest Internet Explorer browser with an "out of the box" feature that it says will protect users against a serious class of attacks that allows maliciously controlled websites to manipulate the links visitors click on."

"The protection, it turns out, relies on special tags webmasters must put on their pages that prevent clickjacking by returning an error message when malicious links are detected."

So they expect these maliciously controlled websites to implement a tag that kills their own naughtiness?

I'm also as confused as Brent about what clickjacking is supposed to be. Something so simple as making a link, but onClick it redirects elsewhere?

Church of Scientology seeks 'ban' against HIV+ protesters


@AC Buddhism

I suggest reading about the Virtue of Selfishness before you denounce it as most mystics do.

Ah, the CoS... Just pray to <deity of choice> that they don't have the longevity of the catholic church and can be squashed before the century's out. I suspect it won't be long.

Microsoft issues emergency IE patch as attacks escalate


Nasty little browser...

I'm glad I'm free of all of it with Linux. You have to hand it to M$ though for fixing it in such a timely manner.

Apple files 3D-interface patent


Wow, Apple.

I remember seeing this stuff years ago. Losing innovative touch?

@Pierre: I suggest you use slocate or RTFM on find to speed up those searches. =P But now I'm going to check out lout.

Native-Linux music player Amarok gets major overhaul


I love Amarok

But I'll hold off the upgrade; maybe when it's not masked in Portage I'll consider it more. (Plus I imagine there's a bunch of dependencies I'd need to compile as well.)

@Paul: You can easily configure where it looks for your music; on this craptop of mine I never have speed problems because I turn off the annoying GUI stuff and if I put a music file in my music dir I usually see it right away when I switch to the Amarok window to add it to the playlist.

Python 3.0 appears, strangles 2.x compatibility



Though a bit of reporting fluff on the non-compatibility with 2.x. If a developer hasn't known it or hasn't been taking the proper precautions (assuming they want 3.0 users to run their code), they deserve the complaints. Though there's plenty of help/tools to convert your code and it's not too different anyway.

I'll be upgrading once they address some speed issues, and when it has a good chunk of community uptake; then again, I might just get 2.6 for a while.

Rock-solid Fedora 10 brings salvation to Ubuntu weary


I'm among the no-Fedora crowd.

7 wouldn't even go, I played with 9 a few weeks ago and the liveCD struggled for the longest time on fairly decent hardware that handles Ubuntu's just fine. I played with yum, really felt like apt was a way superior system, and RPMs have made me mad too many times. (Source-based with Portage for the win!)

Winning contestant dies during competitive eating event


Life imitates Simpsons

Anyone else think of the episode where Homer competes with the trucker in a meat eating contest and the trucker dies after finishing?

Palin demands $15m to search her own emails


Hire me?

I'll do it for free, I wouldn't mind exposing all their fraudulent activities. Give me Palin's password and I'll find enough to convict her on in a few minutes.

Literacy leads to happiness and luuurv


Another interesting observation...

Literate people can read, and illiterate people can't read.


I'm sure bread has something to do with illiteracy, since I bet all illiterates use it in some form or another.

Phreakers seize government phone system



First their site falls to an SQL Injection attack, now their phone lines have been hacked. These people are supposed to be protecting me? (Besides, I thought phone hacking was something of the old ages, stamped out long ago...)

Scientists unravel galactic spaghetti monster



Even more proof of Him. I shall eat spaghetti later on to celebrate. RAmen.

Clay minerals point to vast Martian lakes


Wake me up...

...when you actually find Martians. I'll even be interested if it's just simple alien bacterium. (Just be careful about bringing it back or you'll destroy the Earth!)

Global warming to stone US kidneys


I also see a relationship, here:


Is this science? What's with predicting things 40+ years from now? For one thing, I'm really not seeing how something like the cost of treating kidney stones will rise that much; if anything I'd expect it to go lower as medicine advances and the treatment becomes hyper-mass-produced because so many people will apparently need it.

Google will anonymize YouTube data before sharing with Viacom


Means of scrubbing

Randomly go through the database and replace the IP address, username, other info with a number, increment, go to another row, etc.

"Oh, let's sue user #2823 for watching this! Wait..."

US school cheat hack suspect faces 38 years jail


A little harsh, but...

I feel no pity for him. The dummy should have watched more of The Simpsons; don't cheat for an A when you've been getting F's and D's, go for C's and B's. (And a D turns into a B so easily on paper...)

If he were smarter he wouldn't have gotten caught (one tactic being changing a ton of people's grades, not just his own), but then if he were smarter he probably wouldn't have needed to change his grades in the first place.

Mine's the one with Star Trek: The Wrath of Khan in the pocket; Khan failed in that movie too.

1,076 developers, 15 years, one open-source Wine


Its time has not passed

After all, there are tons of PC gamers who are sick of M$ and then switch to Linux (it's my opinion that Windows is only good for the latest computer games these days), and for a handful they require extra tweaking but for the most part Wine works. Hopefully in the future game developers will start using open languages and release them for open systems, but at the time, it's not happening so much.

I've been happy with Wine for a long time. It's run the apps I've told it to run, though I tend to stay away from the beefy DirectX-heavy stuff. Now I shall go and grab the update.

Firefox 3 Download Day falls flat on face


Finished compiling my copy a while ago

@Ian: perhaps you misunderstand the other meaning of free. When I say Firefox is free and IE and Opera aren't, it's a matter of liberty. Free to redistribute, modify, copy, or look at what happens under the hood (it wouldn't surprise me if M$ does data collection practices like Gmail does with IE, but there's no way to reassure me of that). Albeit Firefox isn't completely free (like RedHat) because they use name branding, but nevertheless. All the add-ons for Firefox exist because it is Open Source. Not to mention us who like to compile it can choose to compile stuff OUT of it so it's less bloated, and it's also compiled specifically for our machines.

As for the new URL bar that others dislike, it has grown on me, but I bet there will be an add-on released sometime in the near future to change it back to the old one. (You can completely disable it by setting a variable in the configuration, but I forget which one that is.)


Currently emerging it...

I wonder, will they get in contact with all the major Linux distros to see how many downloads were made to the repos, or will they just count each distro mirror that adds it to the repo as one?

rc1 had one bug for me: sometimes it'd freeze up if I closed a tab with Gmail on it from another tab. That's not enough to make me switch to something else though. (I emerged Opera 9.5 the other day, and I was not impressed at all.)

As for the server being down, a friend of mine said the server wasn't responding but I told him to clear his cache and it worked.

Pentagon hacker vows to take extradition fight to Europe


Poor Guy

Waiting all this time for the slow court system. I hope he wins his extradition case and this country full of corrupt officials who are embarrassed at how easily he got in don't get their hands on him.

OpenOffice update completes bumper patch crop


@ Jaowon

I love you now. I was beginning to really hate OO for being so slow, but now it speeds happily along.

The Reg surfs for porn with a San Jose councilman


Here at my library...

They have a person looking at miniaturized screens of everyone's computers, and they can click on one to blow it up, then go boot 'em out if they're doing something "inappropriate." (e.g., chatting on MSN.) I think they also have some sort of filter as well.

My solution: install Linux (or if they really want to be a pain, DOS) sans GUI and make them run Lynx. (Not links, since that has a graphical mode.) Have a few Windows machines or whatever not connected to the internet for word-processing and other uses.

Did anyone else find the quote "We remain concerned, incredibly concerned." incredibly amusing?

Attack code in the wild targets new (sort of) Adobe Flash vuln


AdBlock and NoScript

Two God-sent extensions.

OLPC and Microsoft punt Windows-only XO laptop


Too bad

I've had high hopes for the project from its beginnings, and only had doubts when there were rumors about moving to Microsoft. But now it's confirmed, and all I can say now is that I hope the company dies a swift death and Asus' lappy takes its place to be given to the poor kids.

Guido van Rossum's comment in the other article is interesting, though. The whole thing does sound like "We're better than you because we have technology, let us civilize you."

'Secure' PayPal page is... you guessed it



NoScript for Firefox is great. It even warns me of XSS attempts.

Id Dooms gamers to new shoot-'em-up sequel


I still have the original shareware version.

And I'm quite happy with it. =P idspispopd idbeholdl, etc.

LaCie's rugged rubber drive hits 500GB


Neat Idea

But too expensive. I can get a regular 500 GB drive for about $60-$90.

SQL string in URL exposes sex offender data



"On another note, why the hell are they using GET instead of POST for this kinda stuff? This kind of stuff is what gives PHP a bad name."

If you're saying using get vars is bad, perhaps you need to go back to web school. It's this kind of developer stupidity, though more obviously shown in the article, that gives PHP a bad name. Anyone can learn it and then use it so insecurely, which is bad...

@Others. htmlentities(), stripslashes(), and mysqli_real_escape_string() (as well as mysqli in general) are pretty good for keeping your databases safe. Regexes can also help. I wonder if this server was using PHP 4? And if they're using Perl, there's really no excuse for not using parametrized queries or being dumb...

Nintendo preparing DS Lite update, pundit claims


Uh oh..

I still have the original DS. I hope the new games for the new hardware will still be backwards compatible.

Microhoo! deal roadmap goes round in circles


Such evil...

I agree with Dave.

On another note, AOL is still around?

eBay pulls Vista laptop pwned in hacking contest


Do harm?

I distinctly recall purchasing a sword through ebay... If that doesn't do harm, how is a little virtual-ness going to?

Creative threatens developer over home-brewed Vista drivers


StumbledUpon the forum a while ago

Quite the mess of people who will never buy another Creative product again. As for me, I hadn't ever heard of them until I heard about this, but just because of their idiocy I'll never buy one and I'll make sure to check to see if any machine I get comes with one...

Creative should treat the guy like a god, getting something to work on Vista at all is an achievement of deities.

Exec sounds death knell for games consoles



When all's said and done, I'll retreat back to my SNES for hours of joy.

I couldn't imagine playing only PC games, especially online! No way am I paying $80 a month for a high speed connection, $1000 for a nice computer, $x a month for whatever online fees there would be, and another $20 for a decent controller so I don't have to use the keyboard and mouse.

See, I remember hearing this future talk years ago about how in a short time all the consoles would be gone and we'd all play games in virtual realities like the Matrix...