This is expected behavior when trying to write to page 0 ... from userspace. The way I understood this vuln, the NULL pointer makes it way down to kernelspace calls, and there is where the writing occurs.
3067 posts • joined 12 Oct 2007
I'm still miffed that Spaniards were so stupid as to let the PP win the past general election. That's like Germans re-voting the Nazi Party back in.
Re: No wonder we are running out of IPv4 addresses
Every single device connected to the net should have its own publicly routeable IP address. NAT was a hackjob implemented to alleviate the IPv4 address shortage ... but instead, network engineers saw that as "extra security" and took that at face value.
Of course, NAT "security" is bollocks, and this hack proves it if the devices are connected to a NATted network. The faster we migrate to NATless IPv6, the faster we get all the security theater mentality away from IP addresses.
Re: Where is the real Outlook substitute?
Zimbra don't seem quite there for my needs yet, though looks interesting for those that have an open-minded IT crowd.
Zimbra has ... served us well. The payware version even d0es calendar syncing IIRC.
Actually, they were far better on "doing a secure smartphone OS" business, even though Symbian was the one that actually did their flagship OS. It was the iToys becoming popular that sent most smartphone OSes off the rails.
Nokia smartphones were able to last more than 24 hours on a single charge. That's an impossible feat with "modern" smartphones...
Re: It's the devil's work
The guy responsible for said axing is no longer CEO at Nokia. I'm guessing this is going to be less of an issue these days; in fact, Nokia might actually embrace Sailfish this time 'round.
The main reason we're all sticking to RHEL 6.x is systemd. You can say it, El Reg. It's no secret.
>China has a number of ambitions train projects in the pipeline, including a 270mph maglev from Shanghai airport to the city
"In the pipeline"? That Maglev has been up and running for over 10 years!
And it isn't even Chinese tech, it's German tech. Of course, the Chinese in all their pirating glory "invented" some knockoff tech that was suspiciously similar to Transrapid's one. Searching for "Zhui Feng" will spit out "pirated from German tech" as its first hits.
Re: The Chinese and Russians are going to build it??
"That is just the way of doing business for them in Mexico, for anybody. I would have been surprised if they did not."
Nah, for what I've read, China has far worse corruption problems than Mexico. As bad as some corruption scandals may be, contracts actually have legal binding and deals don't require becoming spunk-brothers with contractors.
Re: The Chinese and Russians are going to build it??
Yeah, same reason why we're wary of the Chinese HSR project in Mexico. Even more so when it was discovered that the company had bribed the Mexican President's wife.
Man, I'd love to know what ISP lets you download 2+ TB of data. Comcast limits me to around 250 GB/month before they start to complain.
Any other ISP, I'd think. Especially ISPs outside the US.
Re: Drip feed?
Well, my current uptime is 6 hours 27 seconds and according to OSX's Activity Monitor, I've already written 8GBs. And that's w/o counting hibernation er.... "safe sleep" which might write up to 16GB every time my Mac "sleeps".
So no TB/day worries, but I might actually hit 1TB/mo at this rate.
Playing games does not write at all (maybe swap, but that's an indicator of an under-RAM system more than a drive problem).
Only if you're playing shit social games.
Every single game ever saves something to disk. Especially the newer "Call of Halo" genre games that insist in autosaving after every action.
And high HDD/SSD write amounts are credible. My monthly disk write stats may be near the 1TB mark if you were to base 'em on my current uptime (6 hours, 7.51 GB written). I got to agree with Trevor_Pott here, especially as my coworker has already killed an SSD, it lasted him ~14 months.
Re: "I expect Microsoft to kill Lumia, possibly as soon as mid-2016"
A fitting end for the thing that killed Nokia's smartphone platform.
Merge QNX and its userland with Microsoft's phone OS and its user land?
No please, no. That's kinda like buying a Picasso and then letting our 4 year old paint all over it, then let your cat use it as a kitty litterbox.
I hope Nokia shareholders give a vote of thanks to Elop for getting them $$$Bs for something that is now judged to be worthless.
Not quite so much, it is actually thanks to Elop that something is now worthless. Even if Nokia had stayed on Symbian, they would still be better than the "MS phone division" these days. Everyone know WinPhone was dead since it was announced.
SLAAC and fixed IP
Solaris 10 allows you to add a "token" to your IPv6 config, which will be used during SLAAC. So you set up:
ifconfig e1000p0 inet6 token ::b00b:babe:cafe/64
and you'll get that addy even if you are using SLAAC. :)
I had already noticed this on Sunday. I found out that www.facebook.com was resolving to:
IPv6 "vanity IPs" are fun. I've seen at least :b00b:babe:cafe, the ever present :dead:beef, :b00b:cafe among other funny spellings.
I'm probably going to set up :b00b:135 in the near future...
Re: Anytime there's an awesome video of people doing crazy stuff
In America, kids play Call of Duty to fight fictional wars. In Putin Russia, kids go out to street to fight street brawl wars!
In America, kids play GTA to do dangerous driving stunts. In Putin Russia, everyone drives like that in real life!
In America, kids play Assassin's Creed. In Putin Russia, they do parkour themselves while using selfie sticks to record themselves!
Maybe Russians just need more videogames.
Re: Nokia was dead anyway
no-one will like me for saying this but Nokia (phone division) was already dead before MS got involved. It was already a business case of a giant missing the boat and failing badly (aka Kodak).
Nope. They were actually rebounding upwards, and Symbian Belle was getting rave reviews ... up until the Elopocalypse. MS's strategy for borging Nokia instead killed the only strong non-Apple, non-Android smartphone competitor. Sure, by the time MS bought the phone division it was pretty much dead weight, but that was because of MS's mingling in the first place.
The smell of RIAA
... is all over this proposal. They were unable to get SOPA/PIPA/ACTA passed, so of course they're trying to sneak this crap into ICANN.
Any real criminal activity would result in the proxy domain registrar being subpoenaed. This is an obvious attempt to circumvent the law, with the MAFIAA forcing registrars to engage in mass-doxxing. A boon for copyright trolls like the long-gone ACS:Law, but even more for those big-ass internet trolling groups.
The worst thing that might happen if this gets approved would be activists getting "doxxed", and probably killed. This is really, really BAD.
Re: It's a damn pity...
...that no one sells/supports a proper desktop Linux distro that is designed for PC users instead of geeks.
Pretty much most of the mainstream distros are actually geared towards PC users, and even pass the grandma test. They have been like this for quite some time, 6 years, maybe longer. Of course, thanks to Gnome 3 there's a Windows 8-ish moment in some graphical interfaces, but the thing is: they're pretty much useable out of the box. Ubuntu even works with WiFi out of the box, as does Fedora.
The only real stopper is the lack of MS Office, and even that is mostly because of MS's stranglehold on the word processing and spreadsheet areas.
Re: Advantage over rdp session?
Judging by the screen shot the main advantage over running an rdp session into my Windows desktop is the way individual applications can be 'piped' into a graphical session. Am I right?
Terminal Services licenses are extremely expensive. Thus not-RDP stuff will end up being cheaper than RDP.
I did like RDP, but it's not quite there compared to XDMCP or other "remote desktop" stuff. Hell, UNIX had "remote desktop" at least a decade before Windows had RDP!
Switch SCE to AUX!
Also, that hardware survived lightning striking twice. I wish I had hardware survive one lightning bolt!
They say there are no atheists in a foxhole: I'll bet there are about as many Musk fanboiz on the space station
Well, it is after all the first failed launch ... out of 19. The Russian garbage used by competitors has a higher failure rate, which means that the ISS crew are probably still rooting for SpaceX's engines.
Re: What a shame
Russia and SpaceX are both unreliable sources to supply ISS.
The ULA is using RD-180 engines for their launches ... that's the stuff used for non-COTS launches. SpaceX has had only 1 launch failure out of 19 ... so I'd actually think SpaceX is actually the one with better odds.
There's another very relevant update: they've finally fixed the EFI bug where EFI flash can be overwritten after waking up from sleep, as the areas that should be write-protected are flipped back to read/write when sleeping, but not turned back to read-only upon waking. Whoops!
Apple currently still has, on its app store, an app expressly stating that it is intended to be used to "bypass your school filter", etc. It's as simple as installing it, and you get full, free, VPN access to the outside world that's almost undetectable.
If your school system can't stop VPNs, you're doing it wrong. Pretty much any corporate network I've had to plug into has blocked pretty much all VPN connection methods. Some proxies are even smart enough to detect "SSL" connections that have been transferring far more data than what a regular HTTPS request would require and cut off those connections.
Yeah, the Chinese have weird superstitions. It does make me wonder why the hell would a language have one of its numbers sound like "death", it just causes stupid stuff like this. Chinese buildings skip pretty much any floor with a 4 in it.
So we skeptics were right
Once FB got on board, they were going to find a way to ruin it.
Icahn smell something strange
Is this a real activist investor, or is it an "activist" of the kinds of Carl Icahn?
Re: The Lee family should tell them to .....
You are wrong. They are useful way of holding parasitic or egomaniac managers (and controlling families) to account.
Thing is, "activist" investor these days is just the politically correct moniker for what used to be called a "corporate raider". Think Carl Icahn. So we're actually wary about this "investor"...
So they're naming their next OS X release after a DuckTales character that's 400 years old, and obsessed with gold?
Re: Freaking lasers*
Drone firmware should be aware of no-fly zones. IIRC they pushed an update to avoid drones being able to fly over the White House after that recent White House landing incident.
Re: Rogue? Nethack?
It is pitch black. You are likely to be eaten by a grue.
Re: re: way more impact then Doom @stucs201
Yes, Doom was one of the first games to allow user generated content, and its successor, Quake, was all the rage for allowing TCP/IP play for free, and for the "mod" community that formed around it. Stuff from the Doom/Quake era is very relevant, as there's at least one game directly descended from that: Team Fortress 2.
Re: No Space Invaders !?!
Oh so very agreed. Space Invaders is as much of an icon as Pac-Man.
They are saying Pokemon had a lack of impact on culture? It had way more impact then Doom
Um... nope. Pokemon is currently known more because there are still Pokemon games being cranked out, while Doom has mostly kept to a specific generation of gamers (though that might change now that id is cranking out a new DOOM). The squeaky kids playing "Call of Halo" games weren't even born when DOOM came out, of course they don't know about it, but will know about Pokemon because again, there are still Pokemon games being released.
And it still wouldn't make it as there are far more popular games still on the waiting list, like Sonic, Space Invaders, even Zelda. Sure, I'd expect other games as Lemmings, but maybe those weren't that known as I think they were.
Re: Being picky... @wolfetone
So, mechanically, there is something in the gearbox designed to stop that.
Yes there is. It's fitted in quite a few cars that have 5 gears, and have Reverse in the same "lane" as 5th. The mechanical thingy actually seems to engage when you move the stick towards 5th; I've tested this on a 2001 Tsuru (Mk. 3 Sentra for the rest of the world) while stopped. I have no idea if it is possible to do it intentionally, like going from 2nd to Reverse though, and I'm not about to test it either.
Re: Microsoft is the malware cesspit (@ AC)
Stealing. You keep using that word. I don't think it means what you think it means.
Hint: There's a reason why theft and copyright infringement are treated as separate offenses in most jurisdictions.
Re: PGP is not security
A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.
It can be hidden right now, with current tech, but both the sending and receiving MTAs have to support TLS.
Sender sends his email via SMTP to his outbound SMTP server. He does so via TLS.
Sending SMTP server initiates connection to receiving SMTP server, via TLS.
Send email over secure channel.
Receiving person check inbox via IMAP, using TLS.
The thing is, this will probably leak information in the sense that you will see a something sent to sending smtp, then a something of similar size being sent to the destination, so you can still infer who is getting the email even if you can't read the metadata.
The recycling center says that the woman was "cleaning up" her late husband's stuff, which means she just grabbed everything and dumped it. Because she probably thought it was just annoying stuff taking up space, better used for cat furniture or something.
Maybe this will make housewives reassess what might be garbage, or actually highly valuable stuff.
People are setting up their crypto with the default options, which include the EXPORT crap from decades ago. Which is why everyone is asking why they're still enabled by default. Interestingly, some SSL/TLS products have a "FIPS Compliant" switch; if you enable it, EXPORT ciphers are disabled to comply with FIPS, so that's an option as well.
Security by Ludditeness
Now that's a new one. By keeping your population in the Stone Age, the only reason to carry a USB stick is to smuggle either malware or contraband.
I'm... not sure I'd like to live somewhere like that at all.
Re: Take a good look
Illegal drugs lead to Mexico's cartel system. A legalised system doesn't - quite the opposite; it leads to pots (haha) of money for the state.
This. Is. So. Very. True.
Most former Mexican presidents have ended up arguing that legalization is very much needed to curb the cartel violence in Mexico. And it is probably the only way we're going to see the cartels go down. Unfortunately, the solution would require both Mexico and the US to legalize drugs.
Re: Anonymous network developed by the US government compromised.
Less surprised these days. Would've been surprised if this had been discovered before the Snowden affair and the Silk Road and Freedom Hosting shutdown. And even then, I was still wary on blindly trusting that hidden services are going to be 100% untraceable...
Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'
This is got to be fun. It serves as proof that being a zealot on fundamentalist religious views just makes you stupid.
You'd expect the FBI to not let their domains lapse at all. Seems they didn't.
I'm also amused that it seems they seemed to have just put a CNAME on those domains.
Re: "Can you survive without support?"
It's about being able to actually get some help from Microsoft when it all goes pear-shaped.
Support is a good thing to have ... when it is actually good support. In my experience:
- IBM Support: Send Business Partner to fix. If it requires more people, IBM sends 'em.
- Sun Support: Send BP to fix. If issue not solved after X time, send local Sun engineer. If it still hasn't been fixed, fly in someone from Silicon Valley that will fix it.
- Microsoft Support: Get sent to some Indian dude who will ask for logs and stuff, then answer 5 days later "don't know what happened!"
Want support? Go UNIX. Or Linux. Or even BSD and have your IT department fix stuff up by themselves!
Doom scared the willies out of me playing late at night in a dark room.
A Demon, in Command Center's dark maze, with a Rocket Launcher!!!!
That pretty much sums up the first time Doom actually scared me. I had selected the rocket launcher, was navigating through a maze in E1M4 when I started hearing growling noises behind me. I turn and find a Demon right in front of me. I panicked and shot the thing. At point blank range. With a freaking Rocket Launcher. Fortunately, I survived that with 11% Health. It also didn't help that the next level after that was the horribly dark Phobos Lab.