436 posts • joined Friday 2nd March 2007 00:17 GMT
A good roundup...
...but why end with the usual "Linux world more fragmented than ever"?
This perspective panders to the "One True Virtuous Linux" tendencies and has its ultimate expression in Stallman/Gnu and their tiny list of niche distros deemed pure enough to be endorsed.
How about "Linux world more diverse than ever"? I speak as someone who only really got to grips with Linux via Ubuntu and have since moved on because Unity and some other aspects of the distro don't meet my needs. No drama necessary, simply the opportunity to change the tools one uses because one's knowledge and goals have outgrown the old tools.
It may have been inevitable that a figure like Shuttleworth would behave like he is now doing and alienate a section of the Ubuntu community. That's unfortunate but it might also be what is required to maintain Ubuntu as a well supported off the shelf distro for new users and enterprise desktops.
For the rest of us the Linux community (and I think it really is a community in the way that an operation funded by a single wealthy individual cannot be) will provide as circumstances change. I've not yet settled on Gnome 3/KDE or DEB/RPM but I'm confident that the tools are out there to allow me to do what I need to do effectively and reliably.
It would be great to change the world with Linux/FOSS but only the zealots have the luxury of waiting until that time (and inevitably they will never be the people who contribute to it happening). In the meantime lots of people are doing so much cool and useful stuff, let's go play!
Virgin Media Affected
Plenty of time-outs and go-slows with domestic VM cable broadband this afternoon. Naturally VM's status page showed everything was fine and dandy so I must have just imagined it all!
Recognition at last!
Cool, so I now I know I'm an ethically relativistic, rash, impulsive, vengeful troll when I flame Virgin Media.
OR MAYB THEY REELY R A BUNCH OF MONEYGRUBBING BASTARDS WHO TREAT US LIKE CA$H COWS AND DONT GIV A SHIT ABOUT TEH QUALITY OF SERVICE THEY ***FAIL*** TO PROVIDE!!!!!!!!!!!!!!!!!!!11111!!!!!!!!!!!!!!!!!!
And who (or whose close ally in the Middle East) was the likely author of Stuxnet, the purpose of which was industrial/political sabotage?
And whose security agencies and major corporations were cosying up to Aaron "Epic Fail" Barr's HB Gary to buy tools and undisclosed zero-days to spy on labour unions and foreign competitors?
Never mind what the NSA, CIA, etc. have been up to that hasn't made light of day because those in possession of incriminating evidence have been extraordinarily rendered to places where they don't bother pretending that torture is "enhanced interrogation techniques".
No effect on VMs
VMs don't see the physical BIOS and the physical BIOS doesn't start the boot process for VMs, the BIOS for a guest OS is virtualised by the hypervisor. Some virtualisation software like VirtualBox give the option of a virtual UEFI BIOS and it seems likely that they may offer the *option* of a virtualised secure boot. However M$ does not have the whip-hand over companies like Oracle and VMware the way it does over x86 OEMs so it's hard to imagine them upsetting a large chunk of their user base by effectively locking out Linux et al for no tangible benefit.
Even so this is no reason to accept the Beast of Redmond trying yet again to pull a fast one in using its monopoly position to undermine competitors.
Trust me, I'm a copper...
"...we can re-assure those who live and work in London that any activity we undertake is in compliance with legislation and codes of practice" - ah well that's all fine and dandy then. Move along! Nothing to see here!
On the other hand, try telling the above to the family of Jean Charles de Menezes or those of the many others who have died at the hands of Met Plods through incompetence, prejudice or political motivation. I wouldn't trust the Met with a rusty tin opener, especially under the oversight of recent supine Home Secretaries, Tory & Labour.
It seems I have missed a point or two...
...but I wasn't rushing to be negative, simply expressing what seemed logical within the constraints of what I knew. As a result (thanks to your elucidation) I now know a little more and am aware of more things I need to find out about.
If we never question what seems to us to be mistaken in some way for fear of our own misunderstanding being exposed then we limit our means of filling the gaps in our knowledge.
DNSSEC doesn't fix the flawed trust model of the CA system
All you are doing by including certificates in DNSSEC is transferring your trust from one centralised and largely unaccountable group of organisations to a (partially) different group of organisations.
Say it was VeriSign that got hacked instead of Comodo and certificates for paypal.com were stolen, you're pWn3d under the CA system when you think you're logging in to PayPal. So let's get our certificates via DNSSEC and we're safe right? Wrong - because the TLD .com is administered by...well done: VeriSign! You are still pwn3d.
We need to start with a completely different trust model, one where individual users can genuinely decide who to trust to verify the authenticity of sites and can modify who they trust without vast swathes of the internet blinking out. Something like Convergence and its flexible notary system is what we need.
Additionally DNSSEC is something that would be of benefit in its own right without being over-burdened with certificates. Trying to lever this additional functionality into a system that has failed to be implemented for years already can only delay its widespread adoption even longer.
To say that Safeboot is not M$ mandated is technically true but effectively a big fat lie - due to M$'s monopoly position in the desktop OS "market" and consequentially disproportionate influence on OEM & motherboard suppliers.
@Giles "FUD" Jones
Astonishing, Giles! Who knew that 40%+ of worldwide smartphone users love hacking their phone from the CLI and re-coding the apps?? And that less than 5% of smartphone users have the good sense to buy a WinMo phone that "is a tool to do a job"?
You and Mr Ballmer are whistling in the market share wind, becoming a gale as WinMo rises without trace.
Open eyes --> yawn --> nose --> coffee cup --> sniff. 'Nuff sed.
True, but there's no Trust 'ere...
As usual for Trusteer "security bulletins" the only mitigation they suggest is the use of their software. In this case they are fairly subtle about it:
"The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques."
However, even if this is more subtle than their usual "BUY OUR SOFTWAREZ NOW LUSERZ!!!" (directed at the banks with the cost inevitably added to our charges in the long run), it is at best a questionable claim. If one's PC or other device used for on-line banking has been pwned then the use of MITB social engineering techniques is the least of one's worries.
That's a rhetorical question, right?
The only reason we know about this tiny insignificant bunch of mindless haters is that media types have wet dreams about them and punt them to the front page: a symbiotic relationship between two groups of people who share a similarly slender grip on reality.
John: put your handbag away
Let's deal with some myths & facts shall we.
(i) Firefox was a memory-hog until version 7, i.e. until a couple of weeks ago.
Actually John there have been no major changes to Firefox since Mozilla started their rolling release with Firefox 4 in the spring. Some previous versions of Firefox have suffered from memory leaks on both Windows and Linux but that has been much less of a problem since 3.5 - i.e. a long time ago.
(ii) Firefox has tendency to crash.
Well no actually, if you're judicious about the add-ons that you install it's very robust, even on Windows, has been for a very long time.
(iii) McAfee known for more reliable software than Mozilla.
My first instinct is to helplessly fall about laughing at this. McAfee almost ranks with Norton as a producer of "security" software that is only a notch or two above scareware in the way it tries to terrify lay users into unnecessarily forking out their hard-earned for peace of mind.
In fact Firefox plays nice with hundreds of different add-ons, including a pretty cool one called NoScript that helps to protect from malicious scripts and accidental clicks for free - you may have heard of it. So on balance who is likely to blame for this problem between Firefox and McAfee's ScriptScan? It's pretty obvious, unless you have some ***evidence*** to the contrary, John.
However I'd go further: I reckon most people who genuinely take an interest in the security and reliability of PCs, their own or those of others professionally (guilty!), couldn't give a flying fuck if it is Mozilla's fault in some way. To very badly paraphrase Winston Churchill: after the next update Firefox will still be a great browser, but McAfee will still be a steaming pile of donkey pooh for which there are many better alternatives (which don't have any problem at all playing nicely with Firefox).
@Micky 1 too
Hahahahahahaha! HAHAHAHAHA! AHAHAHAAA!!
I expect you're using Safari on a Mac so you don't need something like NoScript because your software is impregnable...err...wait a minute...
Back to the main topic, this is actually a good news story. All of the smaller players are gaining ground against the leader and no-one is in a monopoly position. This tends to keep them honest so nearly everyone benefits, even IE users, poor innocent saps that they are.
Forgive me if I'm teaching granny to suck eggs...
...but can you not unpack the plugin XPI file and edit the em:maxVersion tag in install.rdf? Of course there may be a more fundamental reason why it doesn't work with FF7 but I would have thought it's worth a try. And naturally this is unlikely to fix the attachment upload problem.
There are bound to be problems with Convergence at the start, as elegant as the idea is it is still a massively ambitious undertaking to turn the net's trust model on its head. Personally I think there is a responsibility on those of us that recognise the problem to actively participate in the solution. That may be just using the plugin, feeding-back issues to the devs and possibly running a notary but every little helps.
Six hundred notes??
Am I missing something? £600 for a middling Core i3 laptop with a paint job + design tweak? I'm struggling to see what one is paying £150-200 for compared to similar slabs from other reputable manufacturers like Asus.
For this price one can get either same spec + ultralight or fancy CPU+GPU or multimedia wizardry like Blu-ray and nice sound.
Shock news: spam bot more influential than twats
It's hardly news that the needy & pointless Web2.0rhea inhabitants are less influential, even by their own measure, than a trivial wedge of code...but it does put a big smile on my face every time it is ably demonstrated publicly!
@Ken: No, the sky is not falling...
...but the current trust model means that we are perpetually at risk of a weak link (like DigiNotar or one of the many Comodo resellers - and by the way DigiNotar was a wholly owned subsidiary of Vasco not Comodo, the Comodo hacks were back in the Spring and beyond) being broken at which point many thousands of end users are likely to get burned in some way.
You may be lucky and simply lose a few hundred notes on a TV that you thought you were buying online. Or you may be unlucky and your government decides they don't like the e-mails you've been sending and arrange a blind date between your genitals and Mr Mains-Cable in a cosy cell somewhere.
And no you're not being stupid, those involved in the CA system are as tight-lipped about the risks as the banks are about card fraud: "Nothing to see here, everything is fine, carry on spending" - because it would hurt their profits if they actually dealt with the problems. On the other side the mainstream media seem blind to this issue: maybe because it's a bit technical or perhaps because they're all iPhone users and they've been told by Saint Jobs that they're safe.
But if you trawl around the geek press and places that focus on security it's all there. El Reg's coverage is pretty good, Heise Online (http://www.h-online.com/) is good and Bruce Schneier's blog (http://www.schneier.com/) is excellent. On this particular topic Moxie Marlinspike's presentation on the CA trust model is a must: http://www.youtube.com/watch?v=Z7Wl2FW2TcA
And here is the problem: security based on the sale of trust that is effectively irrevocable
Have Comodo gone out of business? No because, as Moxie Marlinspike and others have been pointing out, they are too big to be held accountable by any of the other commercial or regulatory (haha) players in the current internet system of trust. And we, the Joe/Joanne Schmoe users of the net do not have any means of keeping them honest.
We really do need to invert the trust model and create a distributed system where we are in control of who we trust and there are no monopoly commercial interests milking the system for their own profit. Let's hope that something like Moxie's Convergence project takes hold so we are no longer beholden to unaccountable CA cartels.
Destroy All Monsters: try reading the article in the link
(i) The world price of helium is artificially deflated by an act of the US Congress *forcing* the sell-off of the USA's strategic reserve of helium by 2015, i.e. flooding the market regardless of demand and price;
(ii) We *cannot* make helium, terrestrial reserves result from the radioactive decay of elements in the earth's crust: we have almost exhausted 4.6 billion years of production in about 100 years;
(iii) Helium is essential for all sorts of things that you probably approve of (if only you took the time to find out): MRI scanners, the LHC, keeping deep sea divers safe, making rocket engines viable, geoscience and solar telescopes.
Oh but yeah...you wanna have cheap helium-filled balloons at your overclocking party, silly me!
Naughtyhorse: Get back to mom's basement...
...and when you get that brain tumour 20 years from now from playing too much CoD on your overclocked processor let's hope that there's still enough helium left for an MRI scanner to save your life.
Collect your Darwin award as you skulk out.
Here's an idea...
...like...you know...turn it back into a laptop again...erm...for free. It's trivial and if you partitioned your hard drive with a separate slice for /home it's even more trivial.
Surely that's one of the main reasons we love Linux and FOSS: we are free to pick and choose the bits we like and don't like and it's pretty straightforward to do so these days. Don't like Unity? Try Fedora. Don't like Gnome 3? Try Mint or Debian or the still excellent Umbongo 10.04 LTS. Don't like all the extra software? Xubuntu or Lupu or...so many to choose from!
Canonical have done good things for Linux but they are not Linux by a long stretch. Pick the bits they do well and spend the rest of your time finding other cool stuff to work with it rather than moaning about it. Linux: ROCK ON! :-)
Unfortunately you are using the logic of the Daily Wail that leads to things like every known substance being declared both a cause of and a cure for cancer.
Actual studies based on what happens in the real world show that bugs & vulnerabilities in OSS are fixed significantly faster than in proprietary code. End of.
And as for your bizarre statement:
"Linux is a hodge podge of competeting ideas that has met some success in certain areas (servers) where this doesn't matter too much"
Yeah, those servers, they don't matter much, no point them being secure and reliable, it's not like they deal with anything important like financial transactions over the internet...hey...wait a minute...
Or a big fat fail for BOTH Apple & Adobe...
Both have been arrogant and treated their users as if they are cannon fodder with which to fight their pathetic corporate squabbles.
Adobe expected its various semi-monopoly apps like Flash and Photoshop to last forever regardless of their willingness to ditch/piss off chunks of their user base on a whim. Likewise Apple will brook no criticism, however constructive, of its products' failings or its arbitrary attitude towards other vendors that its user base find valuable.
A plague on both their houses.
Summed up very nicely,..
...that terrible Prof. Jones dismissing ***OPINION*** voiced against the overwhelming ***SCIENTIFIC EVIDENCE***. It's a bleedin' outrage! Call the Daily Heil now! And so what if most of that opinion masquerading as science if funded vested interests making billions from carbon-based fuels?
And, Andrew, as for your collection of ad hominem quips against Steve Jones and your final hyperbolic nonsense about the possibility that the Tories would be able to close the BBC, you can do so much better.
Let's hope they catch evil mastermind Louise Boat too!
Lucky we have talented public school/oxbridge-educated investigative journalists of the calibre of Anna Botting on the case: http://www.youtube.com/watch?v=DG7IURgryjA&feature=player_embedded - where would we be without Faux News??
Shit...I blinked and M$ took over the world...
Yeah you can just hear all that chatter from Redmond not caring about the tiny minority of developers working on iOS/Android for smartphones and tablets and the tiny minority of developers working on Linux for the cloud and the web. And anyway all this stuff about mobile devices and the cloud will never catch on.
And then you woke up.
Simples: at any one time roughly 12% of the population are twats...
...and therefore at some point there is a very good chance that they will begin to use Twitter.
Not that *THEY* aren't watching you...
@Metavisor: Caution over "free" wi-fi =/= exoneration of Google
Who blamed this problem on public wi-fi? That was a little party going on in your own head alone it seems. The point was simply that free public wi-fi is often completely unsecured.
As an Android user whose network hasn't deigned to put out Gingerbread 2.3.4 for my handset it does concern me that Google has been sloppy with security for earlier incarnations of Android. Us geeks can make a judgement about the risks of connecting to insecure wi-fi (again, that was implicit in my point) whereas most lay Android users will take the view: "Yay! Free wi-fi!"
Do you light up while filling your car with petrol or add RAM to your PC while it's still running?
"Yay! Free wi-fi! Aww! I got pWn3d!" No thanks.
Good article though :-)
...two popes one grail? Sorry. No really: sorry!
...WOW! Nuff sed.
Ian McNee is talking bollocks as usual...
...as pointed out by nearly everyone else, it's the client that's affected...doh!
DHCP server software can be installed on almost any device on a network. When a new client boots it broadcasts to find a DHCP server and it will usually talk to the first one that responds so someone with malicious intent who has access to the network may be able to exploit this. I expect there are methods of network infrastructure security that would mitigate this (Cisco's Port Security perhaps?) but I'm not really qualified to comment on that.
What I do know is that we did "have some fun" diagnosing the appearance of 192.168.x.x addresses on our domain when, unbeknown to us in IT, some numpty plugged an Airport into an office network socket because he wanted to wander around his department with his personally owned Mac using our corporate network wirelessly. By default the device was dishing out DHCP addresses as if it were serving a private network and a number of machines picked them up due to their proximity on the network.
A good point, Michelle, partially
We are still pretty much in the "Wild West" stage of the internet's development and the LOIC script-kiddie 4chan dwellers are going to be around for a while in this environment. Likewise it's no surprise that Anon's street protests against the Scientology cult were much more effective than DDOS and defacements.
However with the emergence of things like WikiLeaks and the subsequent HBGary affair hacktivism is growing up and finding its political feet: whichever side one takes it is impossible to dismiss as the pranks of some sad "mom's basement" dwellers. Personally I beleive that the material revealed by Anonymous with their HBGary hack gave a pretty scary glimpse of state+corporate dirty tricks on-line and the more light shed on that the better.
Traditional campaigning is important but grown-up hacktivism at its best can play a similar role to investigative journalism, not merely on-line civil disobedience and graffiti agit-prop.
Indeed: Statseeker or JFFNMS anyone?
Perhaps the highly paid external "IT experts" from Logica (oh...quelle surprise!) were too busy examining the insides of their eyelids to check their e-mail.
I mean these "expert" private sector consultants wouldn't have installed such a network without the most basic of SNMP monitoring tools. Shirley!
...the old "self-assembled three-dimensional bicontinuous nanoarchitecture consisting of an electrolytically active material sandwiched between rapid ion and electron transport pathways" trick!
I always knew that would work. Honest. I told my mate Derek about that down the pub, you can ask him yourself! Or was that my auto-inflating glow-in-the-dark Bulgarian airbag idea? One or the other...
And next the tsunami of pro-nuclear AGW deniers...
...along the lines of it couldn't happen here because:
(i) we're British
(ii) we don't do proper earthquakes/floods
(iii) I've got a big bucket of sand that I can stick my head in
(iv) <INSERT FAVOURED SPURIOUS BOLLOCKS HERE>
and in any case there's no such thing as anthropogenic global warming so why don't all you limp-wristed lettuce-munching pinko enviro-nazis fuck off back to (what remains of) the Amazonian rain forest seeing as you love plants so much!
Now where was that job offer at the Daily Heil...??
Squad Automatic Toasters
Surely this is a golden opportunity for infantry support and catering functions to be merged saving millions in defence spending.
Simply fit said 1,100 degree barrel with appropriately shaped heatsinks and you could toast waffles, bagels and even do a full-English fry-up whilst suppressing the enemy.
Come on Lewis, it would even be more carbon-neutral!
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Review Best budget Android smartphone there is? Must be the Moto G
- NSFW Confessions of a porn site boss: How the net porn industry flopped
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- OHM MY GOD! Move over graphene, here comes '100% PERFECT' stanene