Forgot your password?

Comment: Misfeatures (Score 3, Informative) 163

by Arker (#47510679) Attached to: Firefox 31 Released
"Malware blocking" = yet another bad signature/reputation based scanner. If I wanted one, I would have one installed - and Firefox versions without this misfeature would still use it to scan, so in what universe was this worth doing?

If you really want to do something about malware, disable javascript by default.

"Automatic handling of pdf and ogg files" - I have a pdf reader already. I dont need another one, and I dont need one 'integrated' in my browser, period.

"loaded with new features for developers." Pretty sure that means for advertisers.

Comment: Re:So (Score 0) 181

by Arker (#47509615) Attached to: A New Form of Online Tracking: Canvas Fingerprinting
"There are those who say you need to use RequestPolicy and Ghostery and AdBlock and NoScript (and some other stuff, like a cookie blocker) to catch everything...."

It's a sign of utter insanity among the browser maintainers.

All this crap should be guaranteed off by default, and require an extension to enable, rather than the reverse.

Comment: Re:The point? (Score 0) 427

by Arker (#47507399) Attached to: MIT's Ted Postol Presents More Evidence On Iron Dome Failures
"So how much is your family worth?"

An emotionally resonant argument but not a rational one.

Cancer, heart disease, kidney disease, and diabetes are the leading causes of death in Israel. Rockets fired by Hamas is waaaay down the list, and it would still be waaaay down the list without the interceptors.

Let's say you can spend a billion dollars to save one person from death by rocket, or the same billion to save 250,000 from cancer, but of course you cant do both, once the money is spent it is spent. Which is the wiser use of the money?

Comment: Re:Yet another reason to turn off Ecmascript (Score 2) 181

by Arker (#47507137) Attached to: A New Form of Online Tracking: Canvas Fingerprinting
Not really. The Amish reject technology across the board, whether useful or not. People that are on the internet are obviously not rejecting technology across the board - javascript-in-the-browser is a single, very problematic technology, which is responsible for the vast majority of computer infections.

So no, people that do not allow javascript are not much like the Amish of the internet. We are more like the 'people who know how to use condoms' of the internet.

Comment: Re:The point? (Score 0) 427

by Arker (#47506749) Attached to: MIT's Ted Postol Presents More Evidence On Iron Dome Failures
So it's designed to stop the threat that does not exist, and therefore should be excused for failures against the one that does? That makes little sense.

"And eve if it really was only 5% effective, I'd take 5% less ballistic missiles headed at my town thank you."

Irrational. When the damage done by the ineffective rockets is less than the cost to shoot them down, the money could clearly be better spent elsewhere.

That would be true even if the conflict were not one of choice, but is doubly so in the current situation.

Comment: Re:As it should be (Score 1) 229

by Arker (#47503137) Attached to: Verizon Boosts FiOS Uploads To Match Downloads
"Sacrificing upload to gain extra download makes perfect sense when the person at the end of the line does far more downloading than uploading"

Two false postulates concealed here.

First that upload and download can be totally separated. Common misunderstanding. The way the internet works, all traffic is bidirectional - even if you are coming as close as possible to 'pure downloading' you are still using your upstream for traffic management. So while a certain amount of asymetricality can be tolerated, as long as the usage cases are very narrowly limited, even with all those caveats it can still amount to fraud. At least, if you are paying for 100mbit download but given so little upload allowance that you could not use it, you would probably call it fraud (when and if you caught on.)

But that is relatively minor in comparison to the second, which is that the internet is designed and should be used as a peer to peer network. It is not a broadcast network, and it was not designed to replace TV or facilitate more intrusive advertising. Asymmetrical bandwidth caps are thus seen correctly as direct attacks on the Internet itself - attempts to limit customers, to prevent them from truly and fully joining the Internet, since the cable companies prefer to keep making their monopoly rents instead of having to compete for our dollars.

Comment: Re:Angler PC malware? (Score 0) 122

by Arker (#47497243) Attached to: Critroni Crypto Ransomware Seen Using Tor for Command and Control
"You are trying to say that users needing to type chmod +x ./ , is sufficient protection to prevent end users from running things they shouldn't.... "

I did not actually say that, but it is probably true. Most users are either a) smart enough to realize they do not actually want to do this or b) not actually capable of pulling it off without help (hopefully, from someone who belongs in category a).)

However that is NOT what I was saying. The exploits we are discussing rely on Win32 executables, NOT SHell scripts. Even if the user manages to slide in between case a) and b) somehow, setting an executable bit on a win32 application will not magically make it work on *nix. You would need to also install WINE and do some intricate configuration magic with it before this would work.

"Ransomware is not prevalent in Linux, but again, it is absurdly naive to think that it couldn't"

Notice I explicitly agreed with you that it could be done.

"Again, end user education is key, regardless of OS. Implying to under-informed users that OSX is magically secure against cryptoware, is a recipe for disaster."

Yes and no. Certainly end-user education is key, regardless of OS. And certainly it's true that no OS is magically secure against malware. And I think it's correct to say that the OS does nothing to prevent it. But that's looking at it backwards.

What OSX, and *nix systems in general, should get credit for is not that they *do something to prevent infection* but that they do *less to facilitate infection*.

Of course, the same things that make Windows an extraordinarily easy target for malware also makes it an extraordinarily easy target for more legitimate programming as well.

And that, ultimately, is why it was designed that way. Developers, developers, developers! Windows is ultra-friendly to developers, it goes out of its way to make life easy for them, and guess what? A subset of those developers make malware. And the same things that makes Windows easy for one set of developers makes it easy for the other.

OSX actually deserves some kudos because it *does* make development a little harder here and there, for the benefit of the user. And while saying OSX is 'virus-immune' would be clear BS, saying that it's an effective way for a technically challenged computer user to dramatically reduce their risk of being infected is actually true.

Linux can be deployed to even better effect on the security front, of course, though I would not recommend it for the technically-challenged unless said user has a friend or family member to help with setup and ssh in occasionally to administer it.

Comment: Re:Angler PC malware? (Score 1, Informative) 122

by Arker (#47496817) Attached to: Critroni Crypto Ransomware Seen Using Tor for Command and Control
"It is good to be proud of your operating system of choice, but it is smug to think that Linux/OSX/BSD/Solaris will do anything technical to protect from such an attack."

Well unless you have configured your *nix box to automatically privilege and run windows executables somehow, using a real OS is probably sufficient to stop this attack.

Is it conceivable that a very similar attack could be written specifically for your OS of choice and do the same job? Yes, it's conceivable, that's right. But it's not in evidence.

More generally, regardless of OS, this attack wont even trigger if your browser is configured sanely. The exploit kits and injectors all rely heavily on javascript. Make sure it is disabled and you have not only defeated this exploit before it even got started, along with all the others, but you have also taken a positive step towards making the web readable again!

Comment: Better things to do with these invoices (Score 1) 112

by Arker (#47496655) Attached to: Domain Registry of America Suspended By ICANN
"I've also had the snail mailed fake invoices from them, which I can only suppose is an illegal use of the whois database. I guess their strategy is to land these on the desks of overworked administrators who are more likely than me to rubber stamp them and pass them along for payment. Me? I always put them in the shredder."

You are too kind.

At the very least you should return to sender.

But much better! Take it to your local postmaster general. Report it as mail fraud.

The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981