nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Jonathan 27

451 posts • joined 21 Jun 2010

Page:

DVLA denies driving licence processing site is a security 'car crash'

Jonathan 27

Re: PCI-DSS Compliance

It's if you store any CC data. In the theoretical event that I wrote a site that used exclusively a 3rd party to process payments I would never record any of the information locally to get around having to have PCI compliance. You can also hand off the details to a second, more secure storage system that you also write and maintain, then only that needs to be PCI compliant.

This is of course definitely a theoretical situation.

0
0

Microsoft says 'majority' of Windows 10 use will be 'streamlined S mode'

Jonathan 27

Seeing as you can't run a 3rd-party browser in "S" mode I don't see this coming to pass. Microsoft needs to get over it's fixation on controlling the browser if it wants anyone to take Universal Windows Apps as a serious alternative to win32 applications.

5
0

Windows 10 S to become a 'mode', not a discrete product

Jonathan 27

Re: pwned again

Citrix receiver is a remoting tool. The app would be running on a Citrix server, not the Windows 10 S machine.

4
0

Too many bricks in the wall? Lego slashes inventory

Jonathan 27

"There wasn't enough room to get 2017 toys into the stores, and the toy trade is driven by newness,"

Is that really true of Lego? They sell so many different sets that I'm not sure anyone would notice if they didn't release any new sets for a year.

5
0

BBC Telly Tax heavies got pat on the head from snoopers' overseers

Jonathan 27

Re: Subsidy

Radio is relatively cheap to produce and broadcast.

1
0
Jonathan 27

£150.50 seems like a lot just for over the air TV, and even then only 4 channels. Here in Canada all over the air signals are free (in fact it is illegal to charge for over the air TV or radio). Because I like downtown in the largest city in Canada I get 17 channels, which are a mix of domestic and US. Although I rarely watch them. Obviously, it's mostly ad-supported (except for a few "member supported" channels) but I can definitely see why you guys wouldn't want to pay £150.50 A YEAR for the BBC. That's more than Netflix!

2
1

A dog DNA database? You must be barking

Jonathan 27

Re: Laws only stop dogs who follow the law.

If it makes you feel better, DNA couldn't determine which "breed" a dog's ancestors were. Breeds are an artificial concept created and maintained by humans. They're regularly inbred, interbred and re-hybridized to maintain the required look and generally are only concerned with a very small number of genes.

6
12
Jonathan 27

Re: Fuck livestock

Perhaps you'd be interesting in testing out my new lawn-defense laser. It incinerates trespassers of all sorts after a 60 second warning countdown. Note: no warranty against ED209 incidents.

1
0

uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

Jonathan 27

Re: re: how do you know

That's ridiculous logic, you can't fully trust software you wrote yourself either. To do so is to assume you're perfect and the software has no bugs. I code all day every day and while my performance reviews are stellar, I still make plenty of mistakes that I'm constantly fixing.

I'd put open source software you're reviewed the code for (and compiled yourself) to be on the same level as software you wrote yourself. Mostly safe.

7
0

Use ad blockers? Mine some Monero to get access to news, says US site

Jonathan 27

Yeah...

It's funny to see all these stories about this, seeing as the script they use is so incompetently written that it only works against really outdated adblockers.

2
0

Bloke sues Microsoft: Give me $600m – or my copy of Windows 7 back

Jonathan 27

Yeah...

This lawsuit is idiotic. Even if he wins the most they can award him is the price of a copy of Windows 7. Which, if the PC shipped with Windows 7, he already has a license for, he just needs a copy of the media.

Which you can get here:

https://www.microsoft.com/en-gb/software-download/windows7

0
1

Boffins upload worm's brain into a computer, teach it tricks

Jonathan 27

Re: As simple as that thing may be...

Why do people keep calling Donald "Daddy's Money" Trump "self-made"? I think you're stuck in a reality distortion field.

14
0

Due to Oracle being Oracle, Eclipse holds poll to rename Java EE (No, it won't be Java McJava Face)

Jonathan 27

The marketing name doesn't really matter. Anyone who uses J2EE is going to know it pretty much immediately. It's their job. The open source version of PhoneGap is Apache Cordova and that didn't stop the community from embracing it.

0
1

You can resurrect any deleted GitHub account name. And this is why we have trust issues

Jonathan 27

"DevOps" is what everyone is doing now, outside of your standard 20-years behind the times bloated IT departments. I know this site is particularly filled with older neckbeards stuck in dead-end IT support jobs, but that's just reality now.

I'm a developer and when I went looking for a job last year there wasn't a single job description that didn't contain the phrase "agile" or "DevOps". I'm not saying this is a good thing, just that it is now the reality we live in.

And yes, if NPM or Nuget falls over, so does our build process. We're also totally dependent on a big cloud service provider for everything. No I don't think this is good, but it's not up to me.

10
37

It took us less than 30 seconds to find banned 'deepfake' AI smut on the internet

Jonathan 27

Re: Ooopss

What does it say about the Daily Mail that I can't tell if you're joking or not?

18
0

BOFH: We want you to know you have our full support

Jonathan 27

To get a second-hand vase to regain its lustre, don't you only need to wash it in dish soap and water?

I could be wrong, I'm not a vase technician.

7
0

Beware the looming Google Chrome HTTPS certificate apocalypse!

Jonathan 27

I don't know why anyone would buy any security products from Symantec anymore. It's like buying a bowl and getting a sieve.

4
0

Long haul flights on a one-aisle plane? Airbus thinks you’re up for it

Jonathan 27

Re: The Golden Age of flying is over

The last short-haul flight I was on an Embraer 190, which is the sort of little jet that makes you wonder if you'll make it at all. I had a better time of it than on recent Boeing and Airbus jets because there was more legroom and only 2 seats on each side. I don't think the actual size of the plane matters as much as the seating layout.

10
0
Jonathan 27

Re: The Golden Age of flying is over

Yeah, it's not "spreadsheets on a laptop" that we're worried about here. I'm pretty tall, and if the person in front of me reclines their seat it will slam directly into my knees. There is no reason at all for economy seats to recline, it's a practice from back when there was actually space to do so. If I'm on a flight I now jam the recline mechanism of the seat in front of me (if I'm unable to get a bulkhead seat, as I attempt to immediately at booking time every time, but quite often they're booked up somehow, months and months in advance). The other option is to splay my legs into the lap of the people beside me, which is heaps of fun as you can imagine.

But, I hear you say, why don't you book a more expensive seat? Well, quite often there is no option, or if there is it's only first class for 10x the price. But I will say, no economy seat should be reclining unless they're actually putting them far enough apart to accommodate the passengers behind. I'm not sawing my legs off to fit on a plane.

P.S. 6' is not that tall, you're only slightly over average height.

12
1

Are you taking the peacock? United Airlines deny flight to 'emotional support' bird

Jonathan 27

I feel like this whole "emotional support animal" thing is a scam that people are using to fly their pets around for cheaper than if they did it properly.

16
0

Apple whispers farewell to macOS Server

Jonathan 27

How can it compete with Linux or the BSDs? Mac OS requires expensive, proprietary hardware and the cost adds up. You end up with a server OS that only appeals to people who want to use it as the back-end for their Mac desktops, large server deploys just don't make any sense. Mac OS server was always destined for failure.

5
5
Jonathan 27

Re: CUPS

Did Linux suddenly disappear?

3
0
Jonathan 27

I genuinely thought Mac OS Server was discontinued back in 2010 when they discontinued the server hardware. I've quite literally never seen an installation of Mac OS Server, ever. Any company I've ever been involved in with Macs as their only clients has used Linux servers and mixed environments often use Windows servers.

4
1

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

Jonathan 27

I'm willing to head a team to develop this new magic encryption technology. We'll need complete autonomy and £200,000,000.

P.S. Who wants in on the scam?

5
0

Fancy coughing up for a £2,000 'nanodegree' in flying car design?

Jonathan 27

If it's not an accredited college or university, it's not an accreditation. Might as well give that money to Trump University.

4
0

Bell Canada Canucks it up again: Second hack in just eight months

Jonathan 27

Re: It's their own fault

Three letters, CGI. Can you remember who built that "amazing" website for the US affordable care act (HealthCare.gov), the one that was totally reliable (tm)?

Oh yeah, CGI.

0
0

STOP! It's dangerous to upgrade to VMware 6.5 alone. Read this

Jonathan 27

I think the clue that you have to read it is that it's a 300 page document.

8
4

Biker nerfed by robo Chevy in San Francisco now lobs sueball at GM

Jonathan 27

If my memory serves me correctly, IF the biker was lane-splitting, then GM's account is totally legit because lane-splitting is only legal if it's safe. Otherwise the biker is in the right.

5
0
Jonathan 27

"Surely overtaking on the wrong side is a problem for wetware with one set of eyes but no different for a self-driving car?"

No, that's not illegal in the USA. Failing to yield to faster traffic is illegal, it's basically the opposite. If someone can pass you on the right legally, you're breaking the law.

9
1

Maverick internet cop Chrome 64 breaks rules to thwart malvert scum

Jonathan 27

Re: Advertisers sort your shit out

Agreed, why do ads need JS and why do sites allow 3rd party code? The liability alone could sink your website.

7
1
Jonathan 27

Re: A good thing

I was just about to post the same thing. There hasn't been a legitimate need for iFrames since XHR (AKA Ajax) requests were developed. At the moment they only seem to be be used for nefarious purposes. Yes, there will be a cost associated with getting rid of them for some legacy applications. But that's pretty much par for the course when it comes to web applications.

1
4

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

Jonathan 27

Re: recall

Pentium Pro.

But seriously, at least all CPUs sold in the last 5 years.

4
0
Jonathan 27

We need to replace these CPUs now, there is no fix. So how is Intel getting away without refunding or replacing the chips?

3
0

Meltdown/Spectre week three: World still knee-deep in something nasty

Jonathan 27

Re: Had to disable Spectre mitigation

I've updated two systems with the full set of microcode and Windows patches, a Dell XPS 9550 and a desktop with a Gigabyte Z170-Gaming 7 and niether has experienced any blue screens. It's a pretty small sample however, and both systems have derivatives of the same CPU design i7-6700k and i7-6700HQ (sky lake 4 core). Those are my personal machines, we're leaving the business ones a while to see.

0
0

Blockchain rebrand sends Stapleton Capital's shares soaring

Jonathan 27

This is asinine.

5
0

OnePlus minus 40,000 credit cards: Smartmobe store hacked to siphon payment info to crooks

Jonathan 27

Re: Are European cards vulnerable?

It depends, can you process transactions without verification? Some schemes I'm familiar with like Secured by Visa/Mastercard Securecode only work if supported by the vendor, so they'd just use your card at an unsupported vendor. If it doesn't require vendor support (unsupported vendors would have to be deined), and you can't use the card to make point of sale transactions on a magnetic (not chip) card, then you're probably safe. But it would be my guess, that is probably not the case.

I'd call your credit card provider and ask them to cancel and replace that card.

1
0

Goodbye Netscaler, Xen. Hello Citrix SD-WAN, Citrix Desktop, Citrix...

Jonathan 27

Big-scale re-branding is generally a side effect of serious product problems. It also rarely ever works, it's often the last-ditch attempt to save a foundering corporation. How long until Citrix joins Blackberry circling the drain?

2
1

Customers reporting credit card fraud after using OnePlus webstore

Jonathan 27

Re: oneplus update

If you buy through PayPal the vendor never gets your card details. So anyone claiming they bought through PayPal has either had their details stolen elsewhere or gave OnePlus their credit card information at some other point in time.

0
0

Junk food meets junk money: KFC starts selling Bitcoin Bucket

Jonathan 27

Yeah...

Obviously, Craig Steven Wright is a an idiot who presented patently fake (and publicly available) information as proof he created bitcoin. The only reason his story picked up traction is that so many media outlets never do any sort of fact checking.

0
0

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

Jonathan 27

Re: Anyone seen a single line C program ?

Promises are just a better way to use callbacks. It's all syntactic sugar.

2
1
Jonathan 27

Re: Anyone seen a single line C program ?

If I was his supervisor I would have bitched him out on the first comment-less and whitespace-less commit and if he continued cancelled his contract for poor code quality. If you're a contractor, everything you produce belongs to the company, they're paying you for your time, not whatever you feel like giving them.

4
1
Jonathan 27

Yeah...

"What's more, this laissez-faire approach makes JavaScript fairly forgiving, which in turn makes it more appealing to inexperienced programmers."

And also a terrible choice for inexperienced programmers, a language with strict typing is much easier to debug and therefore a better choice for inexperienced programmers.

As for semi-colons, I always put a semi-colon on the end of every line in JavaScript. You can really kill yourself looking through code forever just to find an error caused by a missing semi-colon. Making them a language requirement will prevent a few errors, but it will also not be backwards compatible. Is the small benefit worth the small risk for existing code bases? I'd say it's defendant on what your existing code looks like. For mine, it looks just fine.

3
0

Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages

Jonathan 27

The just demonstrates the major weakness with NPM and integrating it so deeply with your development. It falls over and your build chain falls over. Sadly, it's very difficult to avoid these days. My company does primarily .NET web apps, but we're still reliant on NPM for bower, grunt and some other tools from NPM (and bower for front-end components, which is just as bad). It's really difficult to avoid these days, even if you don't like or trust it. The one plus is that at least deployed systems still work, it's not like using a CDN where if that does down EVERYTHING does down.

0
0

Linux Mint 18.3: A breath of fresh air? Well, it's a step into the unGNOME

Jonathan 27

Kubuntu is pretty similar.

0
0

Proposed Brit law to ban b**tards brandishing bots to bulk-buy tickets

Jonathan 27

Good luck enforcing this, ticket scalping bots are illegal in the part of Canada I live already and it hasn't helped. The people doing this in the first place are criminals and they don't care if it's illegal or not. It will take some serious crackdowns to make a difference.

2
0

HTC U11 Life: Google tries to tame the midmarket

Jonathan 27

Galaxy S8, Note 8, Pixel.

Sorry, it looks like overpriced is the new standard.

3
0
Jonathan 27

Re: Two years?

That's not true, it just requires Android to be a more platform-agnostic OS. Google is working on that, but as soon as you can update the OS without needing to update the whole system platform underneath there is no technical reason Google couldn't just ship updates out to every Android phone on the planet.

0
0
Jonathan 27

If Google was smart they'd rebrand all of HTC's phones to Google. Keep the Pixel as the top of the line and bring in a few lines under it, They could even reuse Nexus for mid-range phones. Google has the good mindshare that HTC doesn't. Maybe they're waiting until they have some products that Google had design influence over first, that sounds like a brilliant move. Maybe they'll just do what they did with Moto.

3
0

2017 – the year of containers! It wasn't? Oops. Maybe next year

Jonathan 27

Too many competing standards and there seem to be more every day. I don't think the "year of containers" will occur until one or two of these standards are accepted as the standard(s).

1
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing