Posts by Steven Roper

Re: Love the pussy pass

Right, here's a little present for the 22 people whio downvoted me. From your own beloved pro-feminist Huffington Post, no less.

Re: Absolute proof

"No negative sign... It was marked "South". But of course, Microsoft assumes numbers are always signed..."

I could have told them that within 5 seconds of seeing where Melbourne was on the map. Japan is directly north of Melbourne and Adelaide, in fact my house is less than 15 km west of the exact longitude of the summit of Fujiyama. The mountain is also about the same latitude north as Adelaide is south; in fact if my house swapped its latitude sign I'd actually have a spectacular view of Fujiyama across the bay south of Numazu from my bedroom window!

So the first thing I thought when I saw Melbourne in that position was "The stupid sods have swapped the latitude sign!"

Re: Damage is done

"...because their critical, irreplaceable, custom application was built exclusively for Windows..."

Every day in my email I get at least a dozen messages from programmers and developers in places like India, China, Vietnam and so on, offering application-development services, often for rates ranging between $2 and $7 an hour. Some of them are dodgy, others are certainly competent. Quite a few are uni students doing their CS theses and looking for a real-world project to cut their teeth on, and these lads (and the occasional lady!) often do a very passable job.

At those prices, I would consider it feasible for a custom-application-locked business to outsource a testbed to one of these guys, if they're willing to take the risk of outsourcing to an unkown developing-country programmer over paying more for a local developer (a fair bit of our own business comes as a result of other companies not wanting to take that risk, so I'm hardly in a position to bitch!) Such a business wouldn't have to blow their custom app in one hit, they could develop a testbed and start doing some of their smaller, simpler jobs on it.

This is exactly what we did: we started with just one Linux machine in my office until I could get my head around it all, and work up a changeover plan and staff retraining program (my experience as a college lecturer stood me well there.) Then we transitioned our staff one application at a time (e.g. LibreOffice Writer instead of MS Word, LO Calc instead of Excel, etc) then dropped Linux on them as soon as they were comfortable using the open source software.

During the transition we ironed out any hitches as we went. End result: Our graphic/layout designers refused outright to move off Windows 7 and their beloved Adobe-ware; so what we did with them was to airgap the design room from the Internet and told them if they needed Internet access to use the Linux machine in there, as well as the fact that there would be no more Adobe upgrades (we're still using the pre-CC versions anyway since I long ago convinced the directors that going cloud was a really bad idea.) There was some grumbling, but that was the line that got drawn. Everyone else - sales reps, management, front office, accounts - all made the switch with very little fuss.

Granted, we're not that big, so I don't know how well this approach would work in a corporate environment, if at all. But I'm sure any locked-in SME could work up a similar solution - outsource, test, transition, rinse and repeat. If they have an app that requires an old version of Windows to run they should really look at airgapping those machines from the internet anyway, otherwise that's a time bomb waiting to blow up in their faces, as someone else commented.

The key is not to blast it all through in one hit, I think the best method is to transition piecemeal. You still have problems, but in a piecemeal scenario they tend to small enough to be readily resolvable, and this allows you not only to build a more robust replacement but to spread the costs over a longer period as well.

Re: If any bugger...

You're forgetting the police's buddies in the long house. You can bet that if any laws are passed allowing police to use destructive EMP in public places, then there's guaranteed to be a section in those laws indemnifying the police against any collateral damage, so if your equipment gets cooked during a police chase it's tough luck, Tommo.

Re: Too little, too late

"all of you obvious user-writeable areas (such as /tmp, /var/tmp and /home) should be mounted with at least the 'noexec' "

Already done. Full-disk encryption, noexec and admin application whitelisting are all in place. I'm still looking at what other measures can be taken so that link you provided is very helpful, thanks for that.

I'm sure that the goofing around with email attachments will stop once the novelty wears off. It's just that we in the office have spent so many years being paranoid about never opening attachments, never clicking on links in emails, constantly updating antivirus (and never being sure that said AV can even catch them all) and generally living in fear, that the safety and security of Linux feels strangely liberating. I've encouraged it because it eases the transition for the staff and and creates a sense of camaraderie and fun that helps them cope with the stresses of the changeover. In addition it helps me to locate and plug any potential security holes. But once things settle down properly be assured we'll be as vigilant to threats as we've always been.

Re: Yet another rich asshole's vanity project

"...to the mass vaxxers..."

Oh no, one of those...

Look, if you tinfoil-hat-wearing nutjobs want to expound on how our governments are secretly ruled by Illuminati reptoids that escaped from the hollow Earth through the polar holes suppressed by NASA and are brainwashing the masses with chemtrail-spraying airliners and mind-control rays beamed from communication satellites, be my guest, we're all entitled to harbour our pet whacky beliefs; that's what makes the world an interesting place.

But I draw the line when those beliefs start causing the deaths of thousands of innocent children whose lives might be saved but for anti-vaxxers citing long-debunked and fraudulent "studies" about vaccines causing autism and other such shit. The efficacy of vaccines in reducing the incidence of preventable and crippling diseases like polio has been emprically proven as fact time and again over the last century. That large greedy corporations profit from it is irrelevant to the fact that vaccines save lives.

Many diseases, such as polio and rubella, which we could have had eradicated by now, are undergoing a resurgence in the developed world because of the influence of anti-vaxxers. And for every child who will spend his or her life crippled by polio that a simple jab might have prevented, that's a tragedy that can be laid squarely at the feet of these tinfoil nutcases.

You aren't doing the world any favours by perpetuating such rubbish.

Haha... except that dogs, cats, pigs, goats, deer, sparrows*, mynah birds, pigeons* rabbits** all preceded cane toads - by many decades!

*Migratory birds can reach the continent on their own, we're not to blame for those!

**We didn't import the calicivirus, we invented it to try and get rid of the rabbits. It seems to have a reasonable job, considering my mate's farm has been relatively rabbit-free for the past decade or so; what few rabbits remain are readily sorted out with his .22 rimfires ...

Re: "So how long will those spiders be able to live outside their natural habitat?"

The spiders probably do have four hour erections, and I believe it is also a fact that male spiders tend not to survive the act of procreation, so death after erection doesn't really matter for them.

Almost everyone I know uses a VPN these days, precisely because of this metadata retention law. All that fuckhead Brandis has achieved with his meglomaniac idiocy is sending the entire country underground. Good luck trying to profile everyone with a lack of metadata because of extensive VPN usage, that's most of the country now by the looks of things.

Notwithstanding all this, I'm already onto that possibility. I use a VPN service (Private Internet Access) for most of my browsing but I disable it when using my bank*, online grocery shopping and ordering food from EatNow. I also have a set of sites, such as the Bureau of Meteorology, ABC News and SmartTraveller that I regularly visit sans VPN, specifically to create an innocuous metadata trail for the spooks to hoover up. But all my politically incorrect commentary, and various other interests are all masked by VPN.

Likewise, I run two sets of emails; one lot "public" that I use for business, and another lot "private," hosted on my own server that I use for friends and family. Since said friends and family also have addresses on my server, and everyone connects to it via their VPNs, there's zero metadata (or even email interception or scanning) relating to emails passing through that server.

So I actually have quite a sizeable "metadata footprint" - enough that my VPN usage can be readily explained as business-related activity.

*My bank doesn't like PIA's VPN, as it complains and starts sending me warning SMSes about my account being hacked if I try to log in with the VPN active, so I have to use my bank without it.

Re: Who cares if it isn't harmful? some pople do

"I can tell there's a smoker in the car in front of me by the smell."

This is something I always found fascinating about anti-smokers - they can walk unfazed through an intermodal with locomotives and semi-trailers belching diesel fumes every which way, yet somehow possess the olfactory senses of emperor moths when it comes to tobacco smoke - able to detect a single particle from 10 miles upwind. With said single particle subsequently causing a raft of allergic reations when inhaled.

Although I myself am an ex-smoker of many years, unlike many of my ex-smoking compatriots I never let it get to me when someone wants to have a durry, mainly because I knew how it felt to be subjected to such psychosomatic overreactions when I did smoke. The only time I can't handle cigarette smoke is if it's in a closed room or vehicle with little ventilation. If there's a bit of breeze a whiff of tobacco smoke now and again doesn't bother me!

Incidentally my own experience is that the best way to stop smoking is to come down with a two-week bout of the 'flu. It makes it impossible to take even one puff and by the time the 'flu passes enough for you to light up again, the physiological nicotine addiction is long broken and all that remains is to drop the habit.

Re: Harrumpf

"AB+ together with NoScript have kept me happy to date."

The bugbear with NoScript these days is the tendency for sites to fetch javascript from 50 different domains, all of which have to be enabled for anything to even display. Coming on to a new site with NoScript running goes something like this:

- Blank page or a message that says the site needs Javascript to work properly.

- NoScript->Options->list of domains 3 screens high appears.

- Scroll through list of domains to find maindomain.com and temporarily allow it.

- Nothing happens.

- NoScript->Options->list of domains is now 5 screens high because the bit of javascript you've allowed wants to fetch more javascript from another 20 domains.

- Get frustrated and go NoScript->Options->Temporarily allow all this page.

- STILL nothing happens because all that javascript you just allowed wants to fetch more javascript from even more domains to get anything to display.

- Give up and go elsewhere or just go NoScript->Options->Allow scripts globally (not recommended) to let the entire internet run javascript as the site wants.

I used to just walk away from sites that did this shit but since EVERY FUCKING SITE on the internet now seems to be doing it, my options come down to: put up with it or stop using the internet.

So now I just do all my internet and email on my Linux Mint box, and my Windows boxen don't see the internet at all any more. Since there's no real malware for Linux (and what little there is relies on social engineering to try to trick me into installing it rather than doing drive-by downloads) I can safely browse the web with javascript on and the browser set to clear history and cookies at end of session, and get my internet experience back.

Re: Not just google

Regarding PAYM - that still seems rather invasive as well as a rather roundabout and potentially insecure way of making payments to me. When I need to pay someone, regardless of whether I know them or not, I login to my bank's online service, select Make a Payment, and enter the amount, BSB and account number of the person I wish to transfer money to.

The service then offers me the option of storing those details in its own database in case I want to make another payment to that person later on. In this way, the bank builds up its own "contacts list" which relates to people I have paid, with no reference to people I just "talk to."

I would prefer my bank to store its own contacts list instead of using the one on my phone, because it has dedicated PCI-compliant security measures to protect that data. My desire not to give my bank access to my contacts is not about me worrying that my bank manager might find out I've been bonking his wife or something, it's more that my phone contacts list is not as secure as a banking system and could be compromised by malware or other form of intrusion, such that a payment I intend to make to a friend gets redirected to a scammer instead. At least with a contact list maintained by the bank under their own system, they have better control over who can access it and how it gets used, which is simply better security all round.

Re: OK. So...

In other news, obscure aerospace outfit Drax Industries expressed a "strong interest" today in purchasing the ISS.

Re: Technically...

BSOD equivalent on a C64 was usually a screen full of garbled characters. Or the tendency to respond with ?SYNTAX ERROR to everything even when preceded by line numbers, as when typing in a BASIC program. But since the C64 had no DOS and therefore instant-on booting, it wasn't really an issue in the first place. I wore out numerous pushbutton switches I'd hooked up to my C64's user port as reset buttons as my standard response to this.

A closer analogy to a BSOD would be the infamous Guru Meditation on the Amiga platform, aka the Black Screen of Death. At least you knew when it was coming, when you saw the power LED flashing (or brightening/dimming on later Amigas) you'd usually reset before the Guru put in an appearance.

Re: On the plus side on holiday cat feeding sorted.

"Once the bag was opened, it would take one sniff and decide that it doesn't eat that brand anymore"

My two have finally settled on a brand and flavour they've been happy with now for over a year. With them the feline idiosyncrasy is the arrangement of the food in the bowl. It must be piled as a perfect cone, like a scale model of Mt Fuji, in the exact centre of the bowl, before they will consider eating it. If the food is pushed to the sides of the bowl, with the centre hollow (as it gets after they've eaten from it), that's an empty bowl as far as my cats are concerned, even if there's still plenty of food there. A quick repiling of the food back in the centre is all that's required to get them to continue eating it!

There is a P2P social network where you control your own content, and it's free (as in beer as well as speech) and open-source.

It's called Diaspora. Look it up.

You forgot

Corporate social-justice policies that prioritise diversity over competence.

Re: So has anyone...

Bypassing the Great Firewall of China and similar restrictive measures imposed by totalitarian regimes, whistleblowers, exposing human rights atrocities, corporate corruption...

Of course, many of those things are also against the law in the jurisdictions they cover. But if you believe that standing up for freedom and justice is subordinate to blind unquestioning obedience to the law then I'm afraid we're on opposite sides of a very ugly battle.

Re: @ Steven Roper (was When I was at school ...)

Pompus Git: Jeeze, how times have changed! A teacher doing that to a student these days would end in a public lynching of the entire school faculty...

Another thing I recall from about 1980 or so, was a craze the girls had for wearing black, very brief knickers called "bumhuggers." They favoured these because the dark material was visible through the gingham dress, which of course attracted attention. It didn't take long for the teachers to cotton on to it though and the school soon banned them, although I never saw the teachers go to the extremes you describe; any girl who came to school wearing black bumhuggers was simply sent home to change.

I suppose by the 80s the anti-corporal-discipline malaise was setting in. I remember in primary school in the 70s getting the cane for misbehaviour was a very real threat, but by the time I reached Year 10 it had pretty much been phased out.

Re: Aesop's Fables: The North Wind and the Sun

While we're on Aesop's Fables, my favourite one is the shortest in the collection, but to my mind the most profound in its simplicity:

A Vixen sneered at a Lioness because she never bore more than one cub, while she, the Vixen, boasted she could whelp several at once.

"Only one," the Lioness replied, "but a lion."

Re: Firefox and NoScript @Steven Roper

"I have almost exactly the same experience but I've never yet managed to unblock enough shit to get Disqus to work."

That's different to what I've often seen. I mentioned Disqus because in my experience it's usually the first new thing to appear once you allow javascript for the primary domain. Its plugin requires you to inline its javascript in your page's HTML, so allowing javascript for the primary domain usually enables it.

One possibility is that since I have a Disqus account I've got disqus.com whitelisted in my NoScript. If you haven't, then it would no doubt be buried in the list of domains you haven't allowed yet which might explain why it hasn't appeared for you?

Re: @Same old/Life is good

I've completely disabled Windows Update on both my Windows 7 machines. Both are used for 3D modelling and rendering, video work, graphic design, gaming and testing my websites to make sure they work on Windows.

Neither one has internet access any longer. Neither one will ever be updated again.

The only machines on my network that see the internet are Linux Mint boxes - one of which is being used to post this comment.

Re: Accept? How about demand?

"And yes, the challenge question when you phone them is still my mother's "maiden" name."

With my bank the question is my date of birth. I don't know which is worse as a "security" question, but those are the two most common ones!

Re: Cabin in the woods anyone?

Nope. Anyone trying to escape the All-Seeing Eye by going innawoods will be rounded up and returned to the fold. All in the name of "preserving the environment" of course. Can't have all these Grizzly Adams wannabes cutting down trees to make log cabins and preying on the local wildlife now, can we?

Re: "Victims...

Or don't use Wordpress.

Customising Wordpress is a nightmare. Masses of indecipherable CSS and PHP files all over the place like a dog's breakfast, directories within directories containing bits and bobs and god-knows-what, it's an utter pile of trash.

Write your own code you lazy bastards. Then you know exactly what does what and where it's supposed to go. I can set up an easily maintainable small-business ecommerce website with protection against SQL-injection and XSS attacks, full CMS, invoicing and inventory management system, with at most 20 or so PHP files, 10 or so Javascript files, 3 CSS files and a single MySQL database with 28 tables. Why all this piles upon piles of crap in systems like Wordpress? With custom code you can strip it down to the bare bones required for the specific site and its needs.

Further, it confuses casual intruders. I know security through obscurity is not a good rationale for a high-profile site, but for a small-business mum-and-dad online shop it does add a layer of protection; if an intruder comes by and spots a Wordpress or Joomla install, they're more likely to exploit its known vulnerabilities, whereas fingering through an unfamiliar pile of custom PHP+Javascript for such a small site isn't worth their time and bother for the returns they'll get. These crooks look to strike in volume over hundreds of sites, because they know small-business site operators can't pay much, so they'll focus mainly on sites they can attack en masse for aggregate returns.

Re: So ...

You might be surprised.

In my dealings with confronting feminists over the years, I've often found that, head cases like Andrea Dworkin and Gloria Steinem aside, most female feminists are primarily concerned with women's issues and women's rights, and don't give two shits about what men do or don't do. Most of the directed misandry, and the weasel sophistry and goalpost-shifting surrounding the concepts of "privilege" and "patriarchy" is driven mainly by male feminists - sociopathic little political climbers like Michael Flood, Michael Kimmel and Allen Johnson, all of whom are "professors" in what I call the Socjus Triad - sociology, psychology, and gender studies. A surprising number of men take these courses, and they all consign other men to the misandrist yoke with their hypocritical rhetoric. This is why I rate male feminists somewhere between hedge fund capitalists and child molesters in the human shitpile rankings.

Interestingly, many of the men's-rights organisations are strongly supported, and in many cases even founded and helmed, by women - for example Sue Price, who founded Men's Rights Australia. Unlike their male-feminist opposites, who do it for social brownie points and to advance their political careers, the female MHRM supporters do it because they've recognised the systemic misandry present in most establishment policies and are concerned about its impact on their male children and relatives, and far from advancing their political careers, these women face considerable social and political ostracism and even harassment for their support of the MHRM.