Posts by Paul Crawford

Re: @Robert Carnegie

To provide a slightly more useful answer, and as said it is 'no' because Linux searches your path only, so even if its not in your path but in your directory it won't be run. This is unlike Windows where it will look in your current working directory and with trying various extensions like .exe .com .bat etc.

So if its not in your path you need to use a fully resolvable path such as:

/home/me/sudo (from anywhere)

./sudo (from /home/me or similar as your current working directory)

True, but how many cell phone tower systems use anything but the USA's GPS?

Having the satellites up there is no good if a large proportion of time/frequency/navigation systems use the lowest common denominator.

I tend to use tabs, because Makefiles demand it.

However python demand spaces.

Both are stupid because humans don't care and many editors make it non obvious. Finally there are tools like 'indent' that can fix C/C++ code to whatever format you like. And make it consistently so, which is probably more important than anything else.

Re: "It works with keywords"

While most names have multiple matches, if you know the opponent’s IMEI you probably could achieve that from knowledge of the device's location and traffic.

Re: "WTF is a NAS doing hosting virtual machines?"

Depends on your situation. If you are running some big important system it would be very wise to keep the NAS simply serving files, and any VMs running on dedicated servers.

But if you are a typical home / small business it might be your NAS is lightly used and so why have two machines, at roughly double the cost/power/noise, if you can also run a VM for something you need to access from more than one client?

Re: Unusable

It is not just XP - seems that Firefox is trashing HDD on Linux as well.

Let me guess - developers with SSD who don't test their code on the majority of user's computers? Who don't check IOPS, etc, as part of any performance profile to show on going quality?

Re: Oh bugger!

Well there is the small business about the massive amount of real, hard, tangible science they do as well to consider.

Still, you have a point about no-nothing career politicians managing stuff they don't (or won't) understand.

Re: ?WTF?

Given the piss-poor state of ILOM security in general it might help. But equally it might just be about screwing money out of customers for support contracts as no other update routes are possible,

But equally, what sort of muppet puts server management ports on the internet at large?

Re: Who needs broken algorithms

WhatsApp uses end-to-end encryption, they keys are generated on and stored on the user's devices.

Unless they change their software to hold copies of those keys on their servers (i.e. back-dooring the encryption system) then they CAN'T decrypt the messages passing through. Neither could a disgruntled employee working for them. Neither could a criminal gang or foreign (or own) power who hacked in to their servers. It is the whole point of end-to-end systems.

They can and do provide the metadata on court request, but that is not enough for some who demand a global panoptican.

And your solution is?

Re: Stop me if this sounds familiar...

MS has a history of "supporting" non-x86 CPUs then burning its customers (Alpha, MIPS, PowerPC, Itanium, ARM) so I would be suspicious.

Having said that, this time round the chip should have native x68 support for traditional windows software. Remains to be seen just how compatible that turns out to be, of course...

And handles a lot of sensitive data.

Would be interesting to see a "ratio" metric of breach per 1000 data-using employee-days or whatever to see if they are really any better/worse than other organisations in terms of mistakes made.

Re: @ Dan 55

Can you provide any reference to say that WhatsApp did not have any metadata to share? It seems that they do collect this and have provided it in the past:

https://fossbytes.com/whatsapp-chats-collect-data-metadata/

http://money.cnn.com/2016/04/05/technology/whatsapp-encryption/?iid=EL

Brazilian authorities have demanded WhatsApp hand over IP addresses, customer information, geo-location data and messages related to an ongoing drug trafficking case.

WhatsApp says it has been cooperating, but is not able to provide "the full extent of the information law enforcement is looking for" because of the encryption it had already implemented.

Re: Inevitable - erm no

Much more important for any OS would be making user-writeable areas no-execute (mount option in Linux, ACLs for windows). Won't stop zero-day stuff with privilege escalation from Word or similar, but will stop many email Trojans.

Re: Good ideas, but...

Hmm, I wonder how they ever managed to vet people before they spaffed everything on line?

( ! )

Are you sure of where you are talking from?

Re: hurting pirates

Some pirate simply because the can (or should I say, because they arrrrr!). This makes life fractionally easier for them.

Many pirate because they are pissed off being unable to pay for what they want to view because of where they live. For them this is a breath of sanity and will see many change to being paying customers. Assuming the suppliers don't fuck up and expect you to install silverlight or some other shitty software to access stuff, of course...

Re: Weird.

Well done, over many years you have found 11 examples of Muslims causing atrocities in the USA. Now then, maybe we should talk about the approx 30,000 gun related deaths in the USA every year?

Or, should you choose to define a "mass shooting" as 3 or more victims at one event, the practically daily occurrence of said shootings?

http://www.bbc.co.uk/news/world-us-canada-34996604

Sure you might not like the BBC as a politically neutral news source, but you can check up on the facts and report any that are actually incorrect.

Re: should be child's-play?

Well our out-sourced staff can't do it.

Say, can you find us a child with some computing aptitude?

Re: But...

Sort of hard reset?

My best friend during university said if he ever had a racing hose it would be called "JK bistable" but I'm not sure why. Wonder what the masses would make of that?

Re: Flaky guest account

Well considering the number of things that systemd forced changes upon that were then broken, its a reasonable starting point:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1535840

https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1448924

https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1535854

Re: @LDS

Ah - my mistake then!

I just did not read it that way as I never considered that you would disable V2 / V3 but still plan on using SMB V1.

Re: Lost ?

Biggest risk really is malicious GIT commits using the compromised credentials - they need to be sure the developers check all "their" stuff since the incident until they found out to see that it really was work they did.

Re: We chose not to open the PDF file

Yes...but forgot to put it in the faraday cage.

Oh no, you don't put it in the Faraday cage, that is what your tin-foil hat is for!

You do have one, don't you?

Re: It's worth following the link in the article

I was more surprised to see 1k machines with W2K on them exposed to t'Internet for all and sundry to have a go. Wonder how many will still be working by next week?

Re: the french??

Same problem as all those sites using Google Analytics, putting the 'anal' back in to web site use without your permission.

Re: Naive Question

Programmers doing "stupid stuff" mostly:

- Not following MS' guide lines (e.g. using undocumented APIs, assuming drive letters & folder locations)

- Using the flavour-of-the month framework (e.g. ActiveX for IE6, recently silverlight...)

- Assuming you are running with admin rights (lots of NT/W2K/XP era stuff)

- Assuming the machine won't have firewalls enabled (bit even MS software with XP SP3)

- If hardware is involved, then MS changes to the HAL layer, etc.

All said, simple win32 program from NT era will generally still work perfectly!

Re: Phoenix company solution ...

Create a UK subsidiary

Said company is required to escrow all source code before any more of the mother company's product is allowed to be sold.

1) declare the UK subsidiary which holds the liability for patching bankrupt.

Source code is released under escrow terms for others to fix.

Re: countries with "great" in them?

This provides the answers:

https://www.youtube.com/watch?v=rNu8XDBSn10