Forgot your password?
typodupeerror

Comment: Re:DOES Affect Vista, Windows 7, Windows 8, 8.1. (Score 1) 178

by harryjohnston (#48414857) Attached to: Microsoft Releases Out-of-Band Security Patch For Windows

No, the security bulletin is very clear that the vulnerability doesn't affect client versions of Windows. The patch has been made available anyway only as a defense in depth precaution.

If you look at the "Affected Software" table, you will note that the "Maximum Security Impact" is "None" for client versions.

(OK, I guess it depends on what you mean by "affect". But the upshot is that you only need to patch servers - more specifically DCs - now, everything else can wait and be done with next month's updates.)

Comment: Re:Oh, *now* it's OK to extend the Java API ... (Score 1) 260

Hmmm. Good points. Well, I don't suppose it matters to me any more, it's been years since I wrote anything in Java. (It was a major pain at the time, though; I had a small but significant investment in Java code, and I pretty much had to abandon it. At the time, at least, Microsoft's Java was the only one that produced executables that would just run without needing something else installed first.)

Comment: Re:proof banning guns doesn't harm criminals (Score 3, Informative) 331

by harryjohnston (#48199493) Attached to: 3D-Printed Gun Earns Man Two Years In Japanese Prison

In reality, in nations like New Zealand (and Japan, I believe) criminals rarely use guns. A well-connected crook can get a gun if he wants one, but the risks generally outweigh the benefits. (For a start, using a gun to commit a crime guarantees much more police attention than you would otherwise get. And if you do get caught, you can expect a much harsher sentence.)

Comment: Re: Supreme Court Justice Louis Brandeis (Score 1) 208

by harryjohnston (#48106125) Attached to: Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

That's a slight misrepresentation. The surveillance was thought to be legal at the time it was carried out, and it *should* have been legal - that is, the original law was not intended to prohibit it but was merely badly drafted. In circumstances like that, prosecution would be grossly unjust.

Comment: Re:Technical claims as reported puzzling (Score 1) 208

by harryjohnston (#48106049) Attached to: Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

The article says "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page." That's the technical claim I'm talking about, and the only one that I've seen so far in support of the contention that the site was hacked.

If this claim is credible, then the site was in fact responding on its routable address, and might (at least in principle) have been found by scanning the internet.

If this claim is not credible, then I'd like to know what credible evidence *has* been presented.

(As an aside, a few days back I saw someone claim to have identified a specific mistake in the configuration file that caused the site to allow connections that didn't come through Tor, but I can no longer locate this claim and can't speak for its technical accuracy.)

Comment: Technical claims as reported puzzling (Score 1) 208

by harryjohnston (#48099455) Attached to: Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

Has the defense presented any actual evidence that the site was hacked?

The Ars Technica article says: "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers." ... but that doesn't make sense. If having the IP address was all they needed to identify that it was indeed the droids - sorry, server - they were looking for, well, that's easy enough these days: there are less than four billion routable IP addresses, so try them all. It might take a few days or a few weeks or even a few months, depending on what resources you can throw at it, but it's no big deal. So what am I missing? Or are the defense just blowing smoke?

Comment: Re:Arstechnica = fail (Score 1) 208

by harryjohnston (#48021771) Attached to: Apple Yet To Push Patch For "Shellshock" Bug

You're quite right, I hadn't read the article you were referring to - assumed it was more of the same, to be honest - and so was reading your post out of context. Sorry about that and thanks for the clarification.

As far as I know, though, bash itself (the upstream version) hasn't accepted the comprehensive patch yet? I think that's what the writer meant, not that none of the individual distributions have applied it.

If builders built buildings the way programmers wrote programs, then the first woodpecker to come along would destroy civilization.

Working...