Forgot your password?
typodupeerror

Comment: Re:Next release codename? (Score 5, Informative) 177

by Straker Skunk (#43546549) Attached to: Ubuntu Releases 13.04, Sticks To 6-Month Release Rhythm

I think the spyware has been a radioactive enough issue that any derivatives are going to make a point of cutting it out.

That said, I don't see the need. As much as I don't like what Ubuntu did with the shopping lens, I've long switched to Xubuntu anyway, which is more sanely managed. (The original reason was to get away from Unity, and their avoidance of subsequent Canonical brain damage cemented the deal.)

Significantly, when you use [KX]ubuntu, you still benefit from all the release engineering work of Ubuntu proper, including security updates---a point on which I'm a little more wary of derivatives like Mint.

Comment: Re:How would an attack happen? (Score 2) 100

by Straker Skunk (#43313169) Attached to: Security Fix Leads To PostgreSQL Lock Down

I know it's not always easy, but most data input into web forms is quite straightforward. The application should not be checking whether the data is invalid - it should be checking that it's valid. That's a subtle distinction, and I'm probably going to fail to explain it!

You'd probably have an easier time explaining it as whitelisting versus blacklisting. A developer can't hope to ever enumerate all the bad things an app should reject, so s/he should instead enumerate the much smaller set of things it should accept. Same deal if you're using a regex or whatnot to sanitize input instead of matching against a list.

Comment: Re:One-time pads (Score 1) 284

by Straker Skunk (#36384110) Attached to: Court Rules Passwords+Secret Questions=Secure eBanking

  • Attacker posts the malicious transfer form and performs the query to tell the bank to send out a text message.
  • Attacker displays a fake copy of the verification form where you are supposed to enter the info from the text message.
  • You read the text message, especially the part describing a $20,000 transfer to Zurich.
  • You don't enter the verification code.

Fixed that for you.

Comment: Re:How soon does it work after infection? (Score 1) 208

by Straker Skunk (#34175636) Attached to: Pee On Your Phone STD Test

You're thinking about HIV, you're right, that takes months. The clap (ghonorhea) will show up the next day as will several others (actually, most STIs will show positive the next day). There's no cheap test that separately identifies Herpes Simplex 1 from Simplex 2, there is a cheap test that does not distinguish and will show positive if you have either.

The cheap herpes test works that quickly, too? My understanding is that HSV is harder to detect, not least because the virus isn't always being shed.

If the test is reliable, and quick to yield a positive, that would be pretty good---given that condoms don't necessarily protect against HSV, and we don't have a cure for it as yet...

Comment: Re:Perhaps a new mail header? (Score 3, Insightful) 251

by Straker Skunk (#29897841) Attached to: jQuery Dev Bemoans Overwhelming Spam On Google Groups

PGP/GPG is overkill. Just drop messages that fail an SPF check. Spoofing is part of the problem here, and SPF was tailor-made to address spoofing.

If you do use PGP/GPG, you don't need an extra header for the signature; it's usually added as a small attachment, and better mail clients already pick up on that for verification.

Comment: Things that FM.fm provides that Gmail doesn't (Score 5, Informative) 135

by Straker Skunk (#29632079) Attached to: Interview With Jeremy Howard of FastMail.fm
  • Server-side Sieve filtering/sorting
  • File storage, optionally Web-accessible (I use this to serve up a simple, static-only Web site)
  • Various authentication options (reduced-access password, one-time logins, passwords via SMS, etc.)
  • Teh Google is not reading your mail, so you can put your tin-foil hat away :-)

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Working...