Forgot your password?

Comment: Re:Apple has 'done nothing'??? (Score 1) 139

by cmdrbuzz (#47489797) Attached to: Google To Stop Describing Games With In-App Purchases As 'Free'


The "Purchase app" within 15 minutes without re-prompting for a password (which is configurable) is a separate 15 minute timer to the "In-App purchase" one.

And you can easily set "ask for password for each purchase" in the settings, along with "disable in-app purchases"

Comment: Re:Duh... (Score 1) 265

by cmdrbuzz (#47068901) Attached to: IT Pro Gets Prison Time For Sabotaging Ex-Employer's System

To be honest, if my son was kidnapped, I'd do everything I possibly could to find him.

Anyone that says "You call your lawyer first", cannot possibly have children, or if they do, really need their priority sorting out!

Only thing that matters is finding your kid as fast as physically possible. If that means the police/FBI/whoever want to strip-search me to prove I had nothing to do with it, or search my house or whatever, I wouldn't care. Do whatever and however it takes to find my kid!

And I'm so, so sorry you and your family had to go through that. Holy cow, I cannot even begin to think how hard that must be.

Comment: Re:Translation (Score 1) 589

by cmdrbuzz (#46931425) Attached to: Microsoft Cheaper To Use Than Open Source Software, UK CIO Says

Thats weird, because I work for a FTSE 100 financial services company and we had a few little issues when nearly 72,000 members of the public attempted to use our online services at the same time, when our usual concurrent volume is around 4,500.

We planned for a "worse-case" of 50,000 concurrent trades, but our system DDOS-ed itself at around 71,000 (gotta love fast-switch cluster failover, and back, and over, and back... Oracle FTW!!!)

Anyhow, before we could even think to phone Oracle and shout that our newest 1.2 million pound server wasn't handling particularly well, the head of Oracle UK phoned /us/ and offered us a team of their best engineers to help get us fixed.

I'd have thought we'd be smaller than a US gov agency, but hey ho, Oracle (plus Cisco, Juniper and EMC) parachuted people straight in, nothing too much to help.

Admittedly now we have bought a lot more kit, but they weren't to know that we'd do that considering the failure.

Comment: Heartbleed not fixed in 5.5 by default (Score 0) 128

by cmdrbuzz (#46891961) Attached to: OpenBSD 5.5 Released

Just an FYI, heartbleed is not fixed in 5.5 without extra (source) patches.


  002: SECURITY FIX: April 8, 2014 All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents.
A source code patch exists which remedies this problem.

Comment: Re:sales tax is always on the FULL PRICE (Score 1) 330

by cmdrbuzz (#41885763) Attached to: Amazon Charges Sales Tax On "Shipping and Handling"

Amazon certainly do get that "luxury" as its how they are currently screwing over people in the UK for VAT on ebooks.

Amazon collect VAT from UK residents for ebooks, however as they are "based" in Luxembourg they remit a VAT rate of ZERO, so the VAT they collect is pure profit.

Comment: Re:The court didn't ask for an apology... (Score 1) 413

by cmdrbuzz (#41780445) Attached to: Apple Posts Non-Apology To Samsung

Why don't you repeat all the ways they didn't comply? I cannot see anything that they did not comply with.

And whilst Apple may be hated by you, the rest of us grown-ups realize that all companies are good and bad and Apple are just reacting to Samsung copying a design that Apple popularized. That and Samsung trying to gouge other companies using FRAND patents.

Comment: Re:The certificate is not the problem; IPv4 is (Score 1) 141

by cmdrbuzz (#41720759) Attached to: Poor SSL Implementations Leave Many Android Apps Vulnerable

Without SNI you can only have one certificate per IP address as the certificate is sent to the client before the client can send the Host: header to indicate which site he is trying to access.

The only way around this (apart from using SNI) is either wildcard certs or SAN attributes.

Once the server has sent the certificate the client will check to see if the certificate matches the DNS name it is attempting to access (either CN or SAN), however this is done by the client without the server knowing which DNS name the client is looking for. Hence the SNI requirements.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James