* Posts by joepie91

17 publicly visible posts • joined 16 Jul 2015

Torvalds weighs in on 'nasty' Rust vs C for Linux debate

joepie91

Re: My understanding...

Because certain information is missing from the C code - such as documentation/metadata about correct invocation - that is not only necessary for interoperability with Rust (or anything else that checks correctness, for that matter), but also independently something that should already be there for those developing against the APIs in C. It is an omission in the C code in and of itself, the Rust integration just made it harder to ignore the problem.

Meta can call Llama 2 open source as much as it likes, but that doesn't mean it is

joepie91

Then it wasn't open-source, despite whatever the vendor claimed.

Fresh GDPR ruling says even 'minor anxiety' could mean payouts for EU folks

joepie91

Re: Can I sue the EU

You probably should be blaming the websites in question, not the EU. The vast majority of those nag-walls aren't even GDPR-compliant, because their sole purpose is to bully you into giving 'false consent' (which does not count as consent under the GDPR).

A website that handles your data legitimately does not even need such a nag-wall, because legitimate purposes are already automatically allowed. The only reason these sites show you such a wall, is because they're trying to use your data for sketchy purposes.

CEO told to die in a car crash after firing engineers who had two full-time jobs

joepie91

Re: Judge on results, not appearances

It's actually very common for freelancers to bill a day rate, regardless of whether the full day was worked for the client. Which would result in basically this.

Software engineer jailed for 2 years after using RATs and crypters to steal underage victims' intimate pics

joepie91

Re: Not again..

There's a difference between bringing it up as a defense in and of itself, vs. bringing it up as a reason to reject extradition; it certainly *is* true that the US is extremely ill-equipped to deal with neurodiverse folks, and that prosecution there would result in an even more 'cruel and unusual' punishment than usual.

If I'm not misremembering, that's precisely what applied in McKinnon's case and various other cases. "Autism" wasn't an argument to defend the action, but rather an argument against extradition to the US specifically.

Freenode IRC staff resign en masse, unhappy about new management

joepie91

Lee is outright lying. The infrastructure for Freenode was provided by sponsors, not by him, and there were no expenses to finance.

When Lee says that he was putting money "into Freenode", what he really means is that he was putting money into Freenode Limited, a company which he *also* owns and controls, and which had no operational relationship with the IRC network - it was used for organizing a conference.

Until recently, he had - despite his claims to the contrary - no access to the infrastructure at all.

Talk about a Blue Monday: OVH outlines recovery plan as French data centres smoulder

joepie91

Re: Shipping containers?

SBG1 is made of shipping containers, SBG2 is not. It does use similar materials, but is actually a custom building design: https://pbs.twimg.com/media/BKfAgXZCEAEkJOl?format=jpg&name=large

.NET Core: Still a Microsoft platform thing despite more than five years open source

joepie91

Re: Always seemed an uphill task

Their "we love open source" act is already starting to slip, outside of the public perception created by their developer marketing department: https://github.com/MicrosoftDocs/intellicode/issues/201

Comodo CA acquired by Francisco Partners ...

joepie91

That's essentially just reinventing Certificate Transparency, except less scalable, more expensive, and less reliable.

Seriously, blockchains are totally useless solutions for 99.99% of cases. For almost everything, there are better non-blockchain solutions. Virtually the only thing that blockchains are actually *good* for are... you guessed it... trustless financial transactions.

How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

joepie91

Re: Cue useless drivel as defence

There's a very good reason MongoDB doesn't make it secure by default. MongoDB is a clusterfuck from a technical perspective, and the only reason it's as popular as it is, is because they've succeeded at making it *look* simple (by sweeping half the concerns of database management under the carpet).

Incidentally, this is the same reason that users tend to switch to other database over time... because as it turns out, those concerns weren't optional after all, and now they have to suffer the consequences of ignoring them upfront.

But this is precisely why MongoDB can't really make it secure by default - this would make it appear less simple upfront, and thereby tarnish their only real selling point.

Global 'terror database' World-Check leaked

joepie91

Re: I'm too SQuooL for school

Except then you discover that it isn't faster either. And at that point you should start asking yourself why you're using it again, but most of its users don't ever seem to do that.

NoSQL: Injection vaccination for a new generation

joepie91

Re: JSON API != SQL

Except there are cases where you can inject nested JSON data into a MongoDB query (with potentially destructive consequences) just like you would inject directives into an SQL query. It doesn't "remove a whole class of vulnerabilities", it just changes the parameters.

Fundamentally "NoSQL" is a meaningless buzzword, and schemaless document stores are *not* an alternative to relational schemaful database systems. They are different toolsets that solve different problems. You can't meaningfully replace one with the other.

Dell computers bundled with backdoor that blurts hardware fingerprint to websites

joepie91

Re: Genuine Question

Yeah, you can. You just can't read the response - *unless* the endpoint in question has misconfigured CORS headers, which I suspect to be the case here. Same thing as with Hola, really.

Google Adblock shock a load of cock – users mock post hoc

joepie91

Re: Epic

Epic Browser is extremely dodgy, snake-oil marketing. Specifically, it actually makes your internet usage *less* private in a number of cases (eg. with the proxy feature). I would not recommend it to anybody.

Remember Impero, the school software biz that went ape over a vuln? Someone's got revenge

joepie91

Re: Has the flaw actually been fixed?

Not in the currently deployed version, no. They *claim* that it's fixed in a future release, but that's what they said last time.

joepie91

Yeah, that's what we tried first. Then Impero ignored the e-mail disclosure.

Perhaps your ire should be aimed at Impero, given that they have been non-responsive to disclosure, lying (or at best, being incompetently misinformed) about the degree of patched-ness of their code, and most of all, developing software to *spy on kids*.

Brit school software biz unchains lawyers after crappy security exposed

joepie91

Re: Legal advice

Well, Impero is *owned* by Gateley plc, the company that send the threat. So maybe they have a bigger problem...