439 posts • joined 2 Mar 2007
M$ rooting for Linux Security??
Looks like clever stuff, though I can't claim to be competent to judge the real-world significance of this. Presumably this is aimed at Ubuntu servers, are these rootkits responsible for a significant proportion of servers that are compromised?
On another note, interesting to see M$ researchers so concerned about Linux security. I guess they must be twiddling their thumbs because the new versions of Windoze are so secure... *cough*
Upgrade within days of release =/= most technical of the technical
C'mon Gavin - we know you're only a hack but you're a hack on El Reg: engage brain before uttering such nonsense! Anyone who has *worked* in a production environment and is responsible for maintaining the delivery of a service for more then five minutes knows that the last thing you do is download and install the latest version of anything as soon as it's released - except in a *test* environment.
Yes it appears that there are a few issues with Karmic and those that have been burned are those "must have" jockeys whose jaw drops at the paint job rather than kicking the tyres and looking under the hood. The "most technical of the technical" know that when the soft and smelly hits the rotating and blowy on a live system one's time appreciating one's favourite hop-flavoured beverage at the local hostelry can be severely curtailed.
I'm certainly not the most technical but I only moved from 8.04/SuSE 10.1 to 9.04 Desktop & Server a couple of weeks ago. When the dust settles on Krazy Koala in a month or so I might stick it on a test box to see if the tyres squeal and the suspension is improved when I take it for a spin. Or I might be in the pub entirely undisturbed by anxieties about long evenings at the CLI resuscitating X.
Yet another 32GB USB flash memory stick...*zzzzz*
Difficult to get excited about these things any more unless they mark a significant improvement over other things on the market. OK, this device is quite cheap and quite fast but not the sort of thing anyone is going to get excited about.
Anyone supporting end lu$3rZ knows that the main problem presented by the EBKAC brigade is that they have physically damaged the device AND failed to make backup copies of any important data thereon. Common stories being: "I didn't have a spoon to stir my coffee so I thought this would do", "The step ladder was rocking so I put this under one of the legs to fix it so I could safely lick the live light fittings on the ceiling", etc..
How about testing some of the ruggedised USB devices like the Corsair Survivor to destruction?
"Government Has Top Twat"
And that's news how?
However, £64k (presumably more for being Top Twat) for a turd-spurt of ten twats an hour? As Yosser used to say: "I can do dat! Gissa job!"
And in other news...
...the world did not implode as a result of the generalised outage of Web 2-pointless-oh sites. Human beings have been witnessed vectorising atomic vibrations at one another in co-incidental relativistic space-time (i.e. talking).
I *DO* give a flying f*ck...
Cynical old anti-imperialist peacenik git that I am, I can't help being awed by these low-res images of the Apollo landing sites.
Even though it was a waste of money, people-years and resources first time around (and will be an even more scandalous waste if they go again when we face far more pressing problems now) the little kid in me who remembers watching this open-mouthed on a b&w telly when it happened comes to the surface. I can't help acknowledging that it was still an amazing thing to do.
Don't you just hate having mixed emotions about all things US? So much easier when you can shout with every fibre of your being: "YANKEES GO HOME!" :-)
So...it's better with Windows?
This is interesting in light of Saturday's other article on El Reg about the M$/Asus puff-piece/FUD website www.itsbetterwithwindows.com for netbooks (http://www.theregister.co.uk/2009/05/30/its_better_with_windows/).
Netbooks with Linux are one of the IT industry's best efforts at producing secure on-line appliances for Jo/Jill Public to use with relative confidence that they won't be pWn3d. All the more so with so many legit websites compromised in this way. Just a shame to see a decent company like Asus get muscled into M$'s monopolistic attempts to crush all that is Open Source.
Looks like a very nice and reasonably priced bit of kit with an optical drive.
Being a Linux user on desktop, laptop and server I'd say it's likely that a little extra work might need to be done to get everything working, dependent on how standard the hardware is. For example a number of 802.11n wireless adapters are not natively supported within everyone's favourite fluffy distro, Umbongo. It can involve compiling and installing drivers from source supplied by the manufacturer or using an NDIS wrapper.
Having said that, even if a bit of tweaking is involved to get it all working with Umbongo, it will run like the proverbial hot poo off of a shovel compared to Fistula. And do you really want an OS that isn't sure which CPU is still plugged in? *titter*
Bye-line trick missed Lester?
Red-hot Swedish chopper chicks knicks not up to the jub?
Plod is as plod does
No surprises here - whether it's Brazillian carpenters on the tube, G20 protests or dealing with awkard people who provide evidence for the defence, plod will wade in with size 10s, batons and, if they think they can get away with it, semi-automatic weapons.
Just as well we don't have a Home Secretary who wants to give plod even more powers...
What's that? Oh...it's just Paul Barnfather, Andy and Mike Powers chirping out of their butts about what they can't fill a postage stamp with regarding browser security *yawn*
Yes of course this is a stupid little spat between OSS developers, but who the fuck are you lot to judge? Both NoScript and AdBlock have a long record of producing quality (as judged by the community, not some bean counter in Redmond) plug-ins that make a mass-market browser even more superior in comparison to its main (proprietory and standards-busting) competitor. In other words they've actually done something worthwhile for the rest of us. So: STFU.
To the matter in hand...I'm not really interested much in who did what when - nobody's perfect - the fact is that as one of the biggest (and fastest growing) on-line threats is legitimate websites that have been compromised, NoScript is important while AdBlock is just nice (yes I know - ad streams can be poisoned before some pedant points it out - but that's a less significant threat). So let's hope these two patch things up, but if they don't AdBlock is on a loser as it's just not as important as NoScript.
April fool? Ummm...
...nope - but that was my first thought, I mean, "Mastering the Internet"! (Presumably on completion of the project Wacky Jacqui - not to be confused with her husband, Whack-off Dickie - will henceforth be known as the Internet Dominatrix - she's topped you there Ms Bee!)
My next thought was that this was madness, only a government so stupid and arrogant that it would do things like:
(i) lie to justify invading foreign countries;
(ii) propose locking people up without trial for months on end, perhaps for reading something on a DoJ website;
(iii) remove the 10p tax rate for poorer people to pay for their foreign and security extravaganzas;
(iv) spend £30bn on new and just as unusable nuclear weapons;
(v) steal from the public purse to pay for second homes just around the corner from their first home...oh...how silly of me!
So what do we do? I seem to remember that when the "black boxes in ISPs machine rooms" (Echelon?) were first mooted someone came up with an e-mail signature that contained all the trigger words. These ones here parhaps: http://www.theregister.co.uk/2001/05/31/what_are_those_words/
Maybe it's time to revive mass virtual civil disobedience.
Yeah it seems like you've won the IP lottery now, you'll be handing out IP addresses to your family and friends, work colleagues and neighbours, everything in the virtual garden will seem rosy.
Then you'll start getting the e-mails from needy causes, people with a plan to good things if only they had a few IP addresses, and you'll be generous, you're giving a bit back and helping to make the world a better place.
You'll feel so good that you'll barely notice the subtle change in tone of those e-mails, the people around you, even your closest friends: they're becoming greedy for what you've got that they don't have, they simply MUST HAVE more of your address space!
That's when you'll start to find it hard to sleep at night, you'll keep a copy of a hardened linux kernel on a memory stick by your pillow and no matter how many sacks of IP addresses you stash under your bed you still won't feel secure.
Before you know you'll be down to your last ten million trillion addresses and you'll be staring IP oblivion in face...
HTTP Error 404: Not found
...you can do better than simply making a rather rough summary of a Grauniad web article. Last time I looked you were a journalist!
Nice analysis but failure to understand the nature of the beast
Leave aside the merits or otherwise of Windows 7, the fact is that M$ is bound by its very nature to behave this way over a new release. And when I say its nature I do not mean that it is institutionally evil or the spawn of Satan (though I'm also not ruling this possibility out...) - it is a huge multinational capitalist enterprise with a dominant or monopolistic position in several of its markets whose inherent logic is maximising shareholder value.
How else can it do this with a product like Windows 7 other than by spending almost as much time and money on roll-out and marketing as on engineering the product itself? So M$ is not only keen to claim that the latest Windows kicks the competition in the pants but is also a "must have" if you're using an older version of Windows. Witness the way M$ has been dragged kicking and screaming into extending the life of XP time and again (thereby eating into Vista sales) because it does the job well enough for most institutions and individuals and probably better and/or more cheaply than Vista does. M$ wants sales, not customers content (enough) with a seven year old OS.
Compare this with Canonical and Ubuntu. Yes Mr Shuttleworth can be heard around release time singing the praises of Wacky Waterbuffalo but Canonical's shareholders do not benefit directly from increased downloads or even installations of Umbongo. However there's no shareholder value to be had in fewer installations or short-term installations, only in more widespread and long-term use of the OS. Hence like other mainstream Linux distros it stands or falls on quality engineering: stability, security, usability, longevity, scalability and the like.
@Toasted Butt Troll
No-one is suggesting that *only* OSS is used in schools and education, but that it *should be* used. The fact is that the opposite is largely the case at the moment: *only* propietary software is used.
And the point Diana Artemis made (if you had actually bothered to read what she wrote) was that free (as in freedom) software can be examined, modified and improved by students so they learn, as opposed to M$ free (yeah we'll let you download it and use it in strictly defined ways and if you do something we don't like we'll see you in court) software.
As for your point about using software that is most commonly subject to attack, that is a red herring in this case: for students it is more important to learn *why* a bit of software is crap, not just that it *is* crap.
I confess I did not know this - it is truly amazing how language evolves so rapidly (or should that be vapidly) in the world of web-two-point(less)-oh :-)
James. purely on a point of grammatical accuracy...
...I believe that someone who Tweets on Twitter is, in fact, a Twat. And if they Tweet at least once a day they are a Total Twat.
Oh, get over it!
The spokesperson for Amazon clearly stated: "We f****d up", in the absence of any other actual evidence, as opposed to lots of people with too much time on their hands (oo-er!) virtually frothing at the mouth (again...oo-er!) on Web 2.oh-my-god, that's that.
A quick search reveals that it's easy to find Jeanette Winterson's excellent "Oranges are not the only fruit" and a plethora of Robert Mapplethorpe's photographic work. Both of these people have been notorious in their own way for their sexuality and as such a likely target for right-wing/religious homophobes intent on mischief at Amazon.
Move along, nothing to see here. No, really!
Never mind bridges...
...have they tried parking that thing at Sainsbury's? And even if you could find three consecutive spaces you can bet some chav will drive his Nova over your wheel strut!
Nerver mind The Island...
...as any fule kno (who's seen Blade Runner) clones only last for six years at best. And that's if you don't have some psychotic ex-cop running around after you trying either shag you or blow holes in you (or possibly both, it's all very Freudian)
That's my reading of it too - as the researchers say you essentially require admin access to a vulnerable machine to exploit this. However if this payload (in the form of a rootkit) was piggy-backed on some plain vanilla malware it could be very nasty.
The ability to conceal itself no-holds-barred is precisely the point: that after the regular malware is removed and the vulnerability patched the machine is still pWn3d.
Presumably if a fix is possible it will be a BIOS update for mainboards like the Intel DQ35 and, as this board will be the basis of many thousands of OEM machines, it is rather shocking that Intel haven't moved faster to fix it.
But what about mainboards based on the 965/945/915 chipsets? There's still plenty of those around - are they vulnerable too? And third-party chipsets?
Don't these people watch telly??
It's on the Beeb so it must be true: http://www.bbc.co.uk/iplayer/episode/b00h6sbt/What_Darwin_Didnt_Know/
It's a hittopotowhale or perhaps a whaleopotomi, as any fule kno
Stand by for Action!
Let's hope the plucky Spaniards haven't seen Stingray, otherwise they may spot our fish-borne reptilian invasion fleet for what it is!
How about tackling fraud by...
...providing a service that is worth what we pay for it. I've been with VM (and Telewest before them) for a long time and apart from the *advertised* speed of their service things have by and large only got worse.
Yes they finally listened to the torrent (no pun intended) of customer feedback about premium-rate phone support but you're still very lucky if you get to speak to someone who is capable of hearing that there is a problem with the service rather than just taking you through the Fisher-Price script telling you to make sure you're not wearing odd socks or metallic glasses that may interfere with the broadband signal.
And their mail service has been selling itself with the line: "Fed up with puny mailboxes? With Virgin Media you get five 30MB mailboxes" ever since I signed-up with Telewest. Every now and then I get the urge to collect a few old 40GB drives and send them off to VM to upgrade the mail server capacity.
...no browsers running on Linux - too tough? Would have been nice to see at least.
Usual M$ fiddle...
Nice to see that Dell will ship this with Ubuntu as an alternative to Windoze and it will save you a few quid on the base spec (£329 compared to £379) but as usual you get a lower spec machine: not just a smaller HDD but also a slower Atom CPU.
Indeed if you opt for an 80GB HDD (same as the XP model) you'll pay £419! So your Dell Mini 12 with a slower CPU and free OS/software costs more than a Dell Mini 12 with pay-for OS/software. Go figure.
Street-corner bullshitters and shysters more like!
"Labour Standards, norms and rules that govern working conditions and industrial relations are regarded as basic labour rights. As such, they are considered inviolable and universally applicable. They form together with the core Conventions of the Internal Labour Organisation (ILO), an agency of the United Nations, the basis of our corporate responsibility and are manifested in a Social Accountability Code of Conduct. It is a requirement that our factory partners display a copy in a factory area which is freely accessibly to the workforce."
The term "hypocritical to$$ers" comes to mind.
What? No subtitles?
What a shame - perhaps some YouTube wag will add some in the next day or two - can't wait! :-D
OK c'mon Andy...
...where are you hiding all those oil shares? :-)
Silly me! Under the seat of that dual-fuel Hummer you drive: it runs on baby seal oil and high-sulphur coal right? And are those polar bear hide covered seats?
Please no not again...
Andrew, Andrew, Andrew...it saddens me to see you abandon your razor sharp analytical skills and instinct for critical detail among all the chaff when dealing with the matter of athropogenic global warming (AGW).
What does this news amount to? Ex-NASA climate boss says "Ummm...I'm not sure, careful now!" Hardly surprising when even those of us who see that the AGW thesis is almost certainly correct in it's important analyses are happy to accept that Hansen, for whatever reason, is a tad on the zealous side and as a result may on occasion have unnecessarily over-egged the pudding for political effect.
Hansen is not AGW, there is plenty of good science out there that does not rely upon him (even if this alleged taint were *scientifically* significant). Dr Theon is not presenting any new *science* here, just his thoughts about the practices of Hansen. This begs the question: "Why another article/"news" item on this matter?" Surely not another attempt to try to muddy the waters on AGW? Frankly I think this beneath you and El Reg.
So where are we on this ludicrous connection between smoking and lung cancer? What a joke, eh!
Linux used to subsidise Windoze *AGAIN*
I've had my hands on one of these and and as Tony says it's a solid little machine. However Toshiba have pulled the same trick as some other netbook makers and offered a lower spec machine on it's Linux offering and no significant saving. Indeed if you're quick you even get £30 cashback on the Windoze model!
What gives? Surely M$ aren't supplying OEM licenses of XP for virtually nothing because they're running scared of the popularity of Linux on netbooks! Ballmer and co. would never adopt such monopolistic, anti-competetive practices!
Censorship is not the point!
Yes this image is a degrading, exploitative and possibly illegal image.
No IMHO it should not appear on an album cover (indeed an alternative cover was produced at the time for the countries in which the original was banned).
But what was the purpose and effect of the IWFs action on this matter?
Firstly, if you take a look at the statement about this on the IWF's website, you will notice three lengthy paragraphs. The first two paragraphs explain what the IWF is and how it operates. Only in the third and final paragraph does it deal with the issue at hand. This is unusual for news statements, even for the IWF. This is just grandstanding by the IWF: "Look at us - we've blocked a page on Wikipedia!"
Or am I just being cynical? Surely the purpose of the IWF in this respect is to:
(i) prevent the exploitation and abuse of children in the production of these materials;
(ii) prevent casual or accidental access to such materials on the basis that they have a damaging effect on the viewer;
(iii) assist the prosecution of those producing and paying for such materials.
Has the IWF's action in this case promoted any of these three aims? Clearly not (i) - the materials were produced a long time ago. As for (ii) this image has probably become one of the more viewed images of the week via the net in the UK as the block was only to a Wikipedia site and even that could easily be circumvented. And finally (iii): well theoretically anyone with this image now in their browser cache could possibly be prosecuted for possesion of child pornography but are these the people that we would expect the IWF and the police to go after?
This leads me to the conclusion that the IWF were engaging in a bit of cynical self-publicity here. As a predictable and direct result of their actions no children have been protected, more people have viewed an image that could be judged to be illegal and no-one abusing or exploiting children will be prosecuted.
The ISPs have followed like poodles because "child porn is bad" (and yes it is) without stopping to think what was going on here or taking real responsibility for the service that they provide. And, again predictably, the Wikipedia/net neutrality/anti-censorship fundamentalists have thrown their toys out of the pram and had a hissy fit providing all the furore the the IWF wanted.
Sad, sad, sad.
When the IWF starts, for example, nabbing the criminals that traffick, enslave and exploit women (and it goes on in most of the major towns and cities in Britain) I will have some more respect for what they do.
Steve "Ballmer" Rowsell
Hey Steve - just exactly which article were you reading?? Seemed to me to be a fairly neutral bit of reportage with a dash of innocuous commentary.
OK so we read in El Reg earlier this week that Windoze fell below 90% for the first time ever in the "browser by platform" stats but there's really no need to be quite so hypersensitive - M$ will still exist tomorrow even if Reg hacks don't drink its coolaid and kiss its megamonopolistic butt.
Chill dude! :-)
Two jets vs. Average Hurricane
Your average hurricane generates vast amounts of energy, the wind energy alone could be as much as half of the electrical generating capacity of the planet (http://www.aoml.noaa.gov/hrd/tcfaq/D7.html).
Even if this system is in some kind of dynamic equilibrium it seems inconcievable that the energy generated by two supersonic jets could destabilise it to the point that it dissipates. A useful analogy might be a 1000 ton boulder sitting at the top of a hill that would need to rocked by a few degrees to make it roll down the hill and then suggesting that one person (sans lever, bulldozer, explosives, etc.) could achieve this. Total bollocks!
As said above: cod science for a bit of cheap publicity and possibly a night on whatever the local moonshine is in Ohio.
Going forward with out of the box blue skies leveraging of envelope pushing...
"As we move into the next phase of our development, the priority will be to build momentum in the rollout of our strategy."
That would still be the strategy to provide a "service" that no-one wants and is still possibly illegal and even so is never likely to make any money. I'd wish you good luck Mr Ertugrul but neither sarcasm nor blind optimism are my strong suits.
So that's why Windoze and other legacy OSs are so rubbish - because they spend comparatively little developing them? :)
Interblog Two-point-oh Carbon Manolo-Blahnik-Sandalprint Outrage
And another thing: have any of these eco-Twitterers bothered to calculate the extra carbon generated by all the hits and blog whines and sanctimoniously smug e-mails generated by this pointless little escapade? You can bet your organic carrots they haven't! How many minutes it that power station going to have to be turned back on for? And then there's the bloke who has to keep switching it on and off - how does he get there to do that? On his bike? Don't make me laugh! He goes in his 4x4 I bet! Where's your 53 tons of carbon saved now??
Oooh...I'm so mad (no, really...) I could write to the Daliy Mail about it or maybe start a website or a blog. We should get a Farcebollox group together to stop this kind of thing! Careful now! That would show them! That would change things...oh...ahh...what? I've contradicted myself there? Right...ttfn :)
Let me be the first smug git to ask...
...will this compromise a Linux machine? Thought not :)
"Give me your tired, your poor, your huddled masses yearning to breathe free...
...and I'll lock them up for you. Now if they've got a few bob that's another matter...might even chuck in a peerage if they're photogenic and agree to vote New Labour (tm)"
Jacqui "Clink" Smith
Oohhhh....so that's her name!
Sandy Crack! So cute, I think I'm in love....oops...now where are those screen wipes...??
I bow to the superior knowledge of those who point out that this has been done before and that it is small beer, however there is something that is truly wonderful about this device: it's a new mobile gizmo that the Web two-point-oh-pians won't want to or be able to hype because it's a competent bit of engineering that fulfils a useful if mundane role. Twitter that! :p~
Pierre explained this rather well and was very amusing at the same time, but perhaps his style was a little too subtle for a legacy OS luser like yourself.
(1) OS code is imperfect (like any bit of code, with the possible exception of Doom 3 - peace be upon it - which is a g(l)ory unto itself, amen) and that goes for MegaloCorp monopoly-capitalist M$ OS code as much as for free-range organic fairtrade hand-woven FOSS OS code like Ubuntu.
(2) When these imperfections are discovered they need to be fixed.
(3) Getting the fix once the new code is deemed stable is better than waiting until a particular day each month deemed astrologically most profitable by said MegaloCorp M$.
(4) Kiss my penguin's butt :p~
M$ 100% Windoze Update server uptime...
...and the patches only come once a month. If M$ deem the bug/vulnerability worthy of a fix. Maybe.
The points are well made about Ubuntu update servers being mirrored all around the world, but we also get updates much more promptly and much more frequently, we don't have to work on a system that remains vulnerable until "Patch Tuesday".
All your RAM are belong to us!!
Geez...gotta hate these patent-squatting losers who chuck their lawyers out of the pram when everyone says to them: "Actually we don't want to buy your products because they suck!"
Not just games
As an everyday Linux lu$3r, wannabe Linux geek and casual PC gamer it's quite obvious that gaming under Linux is not the most important factor for Linux to breakthrough in the consumer market. Gaming is a minority of the consumer market and is actually quite well catered for under Linux these days (Ubuntu auto-installing nVidia and ATI drivers, Wine+Cedega allowing many Windoze games to be played, more native Linux versions becoming available, etc.).
To overcome the massive inertia of Windoze (installed base, ready availability of tech support, third party hardware support, etc.) Linux would have to do everything better than Windoze, every time, right out of the box, i.e. a very tall order. What most people want is their printer to work, to sync their phone, dabble with their music and photos, surf their favourite social networking sites, etc.. While most of these work as well under Linux without much geekery (though not printing), and while almost everything is a whole lot better under Linux once tweaked by a nerd, that's not good enough for Joe Schmo and Plain Jane to consider changing yet. Perhaps more to the point it's not enough for the big consumer box shifters to risk plonking Linux on their boxes so that it arrives in front of Joe's & Jane's faces in PC TurdWorld.
That said it's good to see that the likes of the Gnome Foundation, Novell, Canonical, etc. are taking this as a serious problem that needs some serious work to address rather than going crying to mom that that bully Steve Ballmer won't let them play with his football.
Deploy the Twat-O-Tron!
I read about this in the Daily Mail! everyone knows This country is overflowing with illegal immigrants, even the local chippy is run by poles. They are interfering in our lives again. A wise man once said riot in the streets.
[UnionJackForever] Uk, United Kingdom
This is clearly another sign that the Cylons are preparing their attack on humanity: Roper, and before him Sclavos, discovered that the Cylons are in control of everything that secures the internet. Therefore they had to be disposed of. They now have the means to control the whole human race: (i) online shopping (all females); (ii) net pR0n (all males). It's all in the tea leaves, just stop using the evil monstrosity that are tea bags!
Incidentally amanfromMars has known about this all along but is he our Dalek Caan or Gaius Baltar...
- iPad? More like iFAD: Now we know why Apple ran off to IBM
- Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
- +Analysis Microsoft: We're building ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Black Hat anti-Tor talk smashed by lawyers' wrecking ball