Posts by DZ-Jay

NSA Discovers OWASP. Movie at 11.

Top scientists and the NSA have come together and realized that regular application code monkeys can be as dumb as web skiddies.

http://www.owasp.org/

-dZ.

And why not?

Send them to the salt mines in Derbyshire, that's what I say.

-dZ.

Re: This is not a threading issue

@Mike,

True, it is not a threading issue (I never thought it was). Technically, reentrancy bugs can be solved with semaphores, but it would be a much better solution to actually, well, design the damn thing appropriately to not have side effects.

-dZ.

Beautifully said

>> And He did reply unto them, saying: No.

Perfect!

-dZ.

A letter to Gartner

Dear researchers, Gartner et al:

I like CDs very much, and do not appreciate digitally compressed, DRM-laden files available only on intangible media.

I hereby respectfully request that you leave CDs alone, and fsck off.

Thank you for your attention.

-dZ.

A great day for the intarwebs

Whether they are doing it because they decided it is time to set things right, or because the threat of legal action from the European Union is too great to ignore; I think this marks a great day in the development of the World Wide Web. (Possibly, it further evidences the downfall of the once great giant.)

I understand the disruption that this may cause in the short term, but I believe that this is the best way to ensure common compatibility among all web sites and browsers in the long term, working towards the ultimate goal of complete platform and brand independence.

Most web sites which are not compatible are so because of bad code and lazy developers: the fact that they are a limited number is evidence that there are ways to implement sites which are viewable on most commonly used browsers--including older IE--without resorting to browser-specific hacks. This has been known by many developers for years. The days of absolute incompatibility between browsers which required implementing a site twice, once for each of the two popular browsers of the time, has long gone with the death of Netscape 4.0.

-dZ.

>> "larger than the city of Los Angeles and up to one-half-mile thick"

How much is that in football fields?

-dZ.

Now, look what they have done!

All that bitching has had some effect on them. Why is it that every self-righteous freak gets a saying on every part of someone elses life?

Just now, they renamed the minifig to a more generic "White Bandit" (of course, it couldn't be any other color of bandit, lest they offend someone else), and changed the image to an "exploded view", showing off all the accessories. They also hid the fully assembled "Taliban" action shot from their list of available merchandise.

http://www.minifigforlife.com/theprostore/main.php?P=product&pid=C000057

The site seems to be dedicated to collectors, not to kiddies. Their specialty is custom-made weapons for Lego minifigs, pressumably for grownups.

-dZ.

Re: fall asleep on train/bus

That sounds reasonable, yet I still think it's not compelling enough to warrant an entire application.

-dZ.

Brilliant!

"Fillet O'Phish" -- you, sir, are brilliant.

Just that. Cheers!

-dZ.

Re: I have the solution!

Brilliant! You should apply for an engineering job at NASA.

Cheers!

-dZ.

Re: Javascript

@Andrew Ness:

Simple: The JavaScript code runs on the client side and is granted, by the client's security model, the same privileges as a same-domain script. This means that it now has access to the global memory space reserved for the entire application (on the client side, of course), which in turn includes being able to perform requests to the server as if it was part of the original application served by the it.

The article gives the example of the script having access to the Session Cookies set by the server; this alone is a big threat, as it may give the third-party who controls the external script access to session information, or in a worse case scenario, same-privileges to execute requests on the server as the logged-in user.

You seem to misunderstand the threat. It is not that evil JavaScript is going to hack into the server; the threat is that an external party--one over which your organization has absolutely no control--may have access to the same functions, privileges, and features of the application at the server side available to a local user trusted by the server.

-dZ.

What the heck is TR2N

Is it pronounced "Truh-too-un"?

While we're at it, I don't think I like "Tron Too-Point-Oh" either, as it reminds me of crappy and slow web sites with shiny colors and rounded corners.

And, why call it it "Tron" at all? The character Tron had actually a supporting role in the film, and it seems that it's not even going to be present in the sequel. Perhaps it should be called "Flynn" or even "Clu", which was the name of Jeff Bridges' alter ego in the computer world (though, admittedly, that sounds rather silly).

I'll go see it, along with the upcoming "Logan's Run" and "Wargames" remakes, though I know they're going to be crap.

-dZ.

So many to choose from...

I can't make up my mind! I'm glad to see the resurgence of "chesticles", I had almost forgotten that one.

P.S. This will probably not go through, if indeed the one month ban is in effect; but if it does... w00t!

er... damn it!

-dZ.

Confirmation

But the question is: can they see the old U.S. flag and confirm that they actually landed on the Moon back in 1969?

-dZ.

A solution to the wrong problem

Once again even the "gurus" fail to recognize the nuances of the argument, and once again they propose solutions to the wrong problem. The traditional view is that RDBMs embrace and embody the Relational Model, and since they may not be able to scale to modern needs, this is therefore an indictment on the Relation Model. At the root of the problem is that this argument is faulty because its assumptions are wrong.

The Relational Model is a mathematical model, designed to impart coherence, structure, and integrity to the amorphous data it contains. At its heart is a strong separation between the logical model (how users interact with it and organize the data logically) and its physical layer (how its actually stored and retrieved in practice). The Model defines everything about the former, and says nothing (except perhaps makes some accidental suggestions) on the latter.

It has been understood for decades that modern DBMS systems tend to commingle both layers in an effort to simplify design and improve performance. This is not dictated by the Relational Model, and in fact deviates from it. Also, SQL is decidedly not relational, but a declarative language with many faults and limitations. The fact that modern DBMS systems anbd SQL are not able to cope with the necessities of the modern business world says nothing about the Relational Model itself; so looking to "solve" or "fix" or even replace the it is not necessarily warranted.

-dZ.

Israel... in Europe?

Wow, they just let anyone in Europe nowadays, do they? I wonder how Turkey feels now...

-dZ.

Ted, is that really you?

What happened to the swearing? Come on, Ted, just one instance of "sh*t"? Slacker!

-dZ.

Goodbye, Mr. Crichton

I read a lot of your books, and enjoyed them immensely. From "A Case of Need", "The Andromeda Strain", and "Eaters of the Dead"; to "Rising Sun", "Jurassic Park", and "Airframe". I also enjoyed and admired your handywork in such great, through-provoking, and yes, entertaining films such as "Coma", "Westworld", and "Looker", which provide not only a thrilling experience, but social commentary on the human condition.

My warmest regards go to your family and friends; may you rest in peace. You will surely be missed.

-dZ.

Re: With atypical American family. Grammar Nazi Alert

>> "With atypical American family" does not mean the same thing as "with a typical American family."

You committed the same typo as the writer of the article: you typed "atypical" instead of "a typical"--they are not the same thing.

What's that? You actually meant to write "atypical"? Oh. You mean there are legitimate uses of the word? Could irony be one of those?

-dZ.

WTF?

I guess 'tis Friday.

-dZ.

Re: We(')re on theregister.co.uk

YO! CHEK ME OUT! I'M IN TEH INTARWEBz!!!11one

YAY!

KBYETHX

Ha! Ha!

From America I say to you: Good luck with that!

-dZ.

Next stop... pr0n advertising!

Do no evil, indeed.

-dZ.

Re: The solution: Fly with a gun

Sounds like a terrific idea! But I would think that carrying a gun on board would automatically put you into one of those "lists", which means that your security checks (and perhaps even your on-board presence) will demand more close scrutiny from everyone; which may undermine the conveniences you mentioned.

-dZ.

Not *everything* yet...

>> "In case Google's work with mobile phones, word processing, web browsers, disease prevention, encyclopedias, email, watercraft, cartography, and humanitarian aide hasn't driven home Google's aspirations to have its hand in absolutely everything, try a new $4.4 trillion energy plan on for size."

It'll finally sink in when I see Google-branded chips at the corner store. (Er, that's "crisps" for you brits.)

-dZ.

I'm impressed!

I vote it best use of that Intarwebz yet!

-dZ.

Re: overreaction, scare mongers

I think the implication of those comments was that the law would contain provisions to exclude visitors from other countries.

>> "The US supreme court has ruled the foreigners do have civil rights"

Yes, and the Constitution of the USA defines some rights for its citizens also, which obviously did not affect the policies of the current administration (hum, the 4th Ammendment comes to mind).

-dZ.

Head tracking, please!

Please, please, puhleeeeeeeeeeeeez! include some sort of Head Tracking VR feature, as demonstrated by Johnny Chung Lee:

http://hackaday.com/2007/12/21/wiimote-head-tracking-desktop-vr-display/

http://www.cs.cmu.edu/~johnny/projects/wii/

I'd buy it in a heartbeat!

-dZ.

Where'd the subtitle go?

I like the new look, but I just noticed that on RegHardware pages, the "subtitle" does not show up. For example, on this page, the subtitle below the headline on the front page is "Online war of words went too far?", but it doesn't appear on article page itself.

Is this on purpose?

-dZ.

0m/h to 60m/h in 9 seconds?

Is that meters per hour? Damn, that's slow!

-dZ.

Re: Idiots

Bravo! I couldn't have said it better myself. I also can't comprehend how this is such an alien concept to others: The limitations of technological solutions are intrinsic to the solution itself, and therefore known before hand.

When a publisher chooses an advertising delivery system which is mostly autonomous, he is consciously surrendering control of the advert selection to such system. As Chris C. said, they could decline such system and have a human make the advert selection, or they could build their own system that would prevent such misalignments as discussed in the article. The fact that these alternatives are more expensive or difficult is not an excuse to chose a system that violates laws or policies.

The publisher must understand that he still has liability for all the content he publishes--regardless of who is making the decisions, be it his editor, account manager, or yes, even a machine.

-dZ.

[title of show] is the name of the show

Apparently it is indeed the real name of a play::

http://en.wikipedia.org/wiki/Title_of_show

-dZ.

Re: Reason to be cheerful?

But it is *not* running an Open Source OS. Google claims it will, eventually, but it hasn't released the source yet.

Plus there is really no suggestion that the platform where the OS is running (i.e. the hardware) will be open. It may just turn out to be like a TiVO: soft and chewey open source middle with a hard, closed shell.

-dZ.

Woo-hoo!

We moved a rock!!! Yay!

-dZ.

Re: Freetards

Ok, I'll bite.

I refuse to be subjected to advertising, out of principle, and avoid it to the extent that I can. I, personally, would have no problem with no web-content to read that "isn't subscription based or Government funded". Why does everything have to be ad-supported? So that you feel you're getting something for free while being subjected to subconscious brand persuasion? Talk about freetards.

If it is worth the ticket price, I'd gladly pay it--and I have repeatedly said that I would happily subscribe to The Register if there were a subscription-based, ad-free, navigation surveillance-free version. (If there is, I apologise for missing it, and would appreciate if you could point me to it.)

Nobody has the right to push advertising on anybody else, and contrary to common believe, there is no unspoken social contract between the publisher and reader. Just as I am free to read a book--even freely distributed pamphlets--in any order that I like, skipping which parts I want, so to I can skip any parts of a web page I do not want or like.

Next you'll tell me that I cannot walk out of the room or change the channel when a commercial break occurs while watching a television show. I have no obligation to watch the ads. And to that end, I tend to avoid commercial television, and subscribe to commercial-free channels that I do enjoy. Most of the time I just watch DVD videos (which I have legally purchase, since you ask).

The Register publishes their web site, and they chose advertisement as their source of income. With this comes the risk that some people will not enjoy the ads, will not be swayed or influenced by them, or will skip or even block them. I did not participate in this decision. If they decide to refuse me entry to the site because I do not want to view the ads--which is their prerrogative--or if they frankly tell me flat out that I, as an ad-blocker, am not welcomed, I'll oblige them and leave for good.

It'll be a pity, though, as I do enjoy it much; I read it every day and tend to pass links to my friends and colleagues (some of which do not block ads).

If it makes everybody feel better, in lieu of a subscription option, I can certainly, voluntarily, send a yearly cheque to the editors, of a reasonable amount that would cover any revenue that my page views would have generated had I accepted the ads. Really. I think the Register is worth some money. El Reg editors, just say the amount.

I am not a "freetard", I just do not like advertising as a matter of principle.

-dZ.

Re: Although...

>> And much of the hubbub that grew up around the orgone idea was eventually debunked as a load of old cobblers. Which will hopefully be the ultimate fate of a lot of this cloud computing nonsense,

Congratulations! You appear to finally "get" the reference in the tag line. On behalf of everyone here, I would like to welcome you to The Register. Enjoy your stay, and try not to strain yourself too much trying to figure out the witty quips from the writers in the future.

-dZ.

Mobes??

I thought "mobes" was banned by decree from El Reg. What's next, mentioned of "lappy" on an HP story?

-dZ.

Couldn't resist, uh?

Had to milk the franchise one more time? Couldn't let the old chap lie in peace? Perhaps it should be titled "Mostly Spent".

-dZ.

What the heck does it do?

From the Gears FAQ:

"For example, webmasters can use Gears on their websites to let users access information offline or provide you with content based on your geographical location."

How does it let users "access information offline"? This is just what the world needs: some new magical link that allows your browser to phone home to Google when disconnected from the network.

-dZ.

Re: Freedom to commit crime?

@Keith T:

Nobody is stating that criminals should be allowed to do harm, nor that freedom of speech should give license for criminal activity. However, the basis to determine that an actual crime has been committed is usually a legally nuanced one, and should not be arbitrarily made by the service provider. As Julian Field mentioned, a Domain Name Registrar should not be allowed to cancell service indiscriminately--which can result in financial losses--by the mere fact that someone complaint, or that your name appears in some arbitrary list presumed to be official, but compiled by (possibly anonymous) volunteers.

@Franklyn:

The analogy stands when you consider the fact that the telephone company will not discontinue service on the basis of a single complaint of one of those charges you mentioned. If considered serious, the telephone company would indeed investigate, and if a crime is suspected, the appropriate law enforcement agencies will be involved.

By contrast, as noted in the article, sometimes all it takes is a complaint or inclusion on a third party list for a domain registrar to cancel service unconditionally. As Julian Field mentioned, it is indeed scary that their lists assert such influence

-dZ.

Re: Collective semantics

Oh no, are you proposing the "enwikification" of the World Wide Web? Isn't that what we have now with the Web 2.0, blogging, tagging, and of course, Wikipaedia? And isn't that what is taken to be the problem?

There has been numerous studies done that show collective mass opinion can be significantly more accurate than small numbers of experts--sure, for a very liberal definition of accurate. Just because every uninformed idiot agrees it is true, does not make it so.

-dZ.

Would you get some perspective, please?

We're talking about Spam, i.e. unsolicited e-mail. Not murder, nor armed-robbery, nor kidnapping; it's e-mail that is not solicited.

Nobody, not even the judge in this case, is saying that what he did was fine, nor that he should be let go without punishment. They are just saying that the particular law the state threw at him is unconstitutional for various reasons. That just means two things: first, go back and make a better case that relies on existing laws of subverting proprietary systems and electronic trespassing and such (of which there are many); and second fix the damn anti-spam law to be more narrow in prohibiting unsolicited commercial advertising without preventing freedom of speech.

This is what happens when lazy legislators make knee-jerk reactionary laws to please the populace without proper research into the legal implications of the statute.

-dZ.

Looks good to me

I'm one of those who thought it was weird how stories moved their way around on the page and never got it. I like this new look, and it does indeed appear to solve the problems you attempted to address.

I hope it works out for you, though I still won't accept the ads; I use AdBlock. I'd be willing to pay a subscription to El Reg, like with any other rag of interest, but I just don't like ads.

Cheers!

-dZ.

We can has permishoon?

>> "We've updated the Community Guidelines to address some of the most common questions users ask us about inappropriate content."

From: j****@alqaeda.online.org

To: support@youtube.com

Subject: Help with content

Attachments: recrutmen1.mov; recrutmen2.mov

Deer sirz:

were planing to show one of our videoss in yur site to recrutment of yoofs into our troopz. plez you can chek the attach videoss and letus now if is ok. we can has permishoon to post?

kthnxbyek.

Convenient

So first they claimed that it must have been an expert because of the specific knowledge required to make the spores into a weapon (see, I'm American, but I can avoid 'izing' every other word). Then, when the counter-argument came that the alleged single expert with access to the stuff had not the knowledge or skill for such activity (not to mentioned that the other alleged single expert who actually had the knowledge in bio-weapons had to be cleared of all charges with a big apology cheque), then it turns out that it really wasn't all that hard to create weapons (look ma', no 'ize') from the bacteria, and any old Joe could have done it.

And all the proof ever needed to point the finger indisputably at our guy comes from a brand new branch of biology and test protocols which were invented precisely for this occassion.

Rather convenient, isn't it.

-dZ.