Re: Why don't the EU
Well of course, after all screwing your opponents via secretive contracts gives us all a much better deal, eh?
2872 posts • joined 15 Mar 2007
Well of course, after all screwing your opponents via secretive contracts gives us all a much better deal, eh?
Removing execute permissions for the /home partition, /tmp, etc, where users can write to helps a lot, but not as you say for a particularly determined user and/or program. For the really gullible Linux user you can also deny them a command shell so they can be tempted to type in crap.
However, for more serious blocking of tricks like you mention you can use tools like apparmor to deny execution of bash, python, etc, in user-writeable areas to further piss off malware authors.
Incidentally Windows supports no-execute as a ACL setting, you can do the same to block execution in all user-writeable areas stop a lot of Trojans from being able to run even if the user is dumb enough to try some random download. Of course, you end up with complaints of other crap they need also being broken...
"masterfully sarcastic" I think, just forgot the joke icon
Yes, after all Nokia did really well when "helped" by an ex-MS employee to choose a non-European OS.
Or some printer with a web server and/or wifi access point that is still on even when on Ethernet.
When did you last see any patching for any of your printers?
Welcome to the cloud, where you get little or no control of what happens to your data!
It can happen to any hosted service, either the hosting company screws up and deletes your stuff, or the service decided to close because they are bored or losing money. In short, if the ownership or future availability really matters to you then you set up your own (hosted if your ISP can't offer the bandwidth you need at a price you can afford), and keep your own mirror/backup in any case.
"Except, of course, for the 88%+* desktop market share Windows users, who have no idea what we're talking about"
Fixed it for you. When looking at anyone who would use (or even know about) command line actions, its probably closer to 50%.
Still, some additional "WTF?" options that allow (or not) such problems. Others recommend that most users don't get shell access, or the ability to execute programs in areas they have write access to:
While "dd" stands for "destroy data" as we all know...
More precisely, deleting stuff need write-access to the holding directory. Unless you are root, that user, or the user has allowed you via "group" membership & write permission (or $DIETY forbid, "other") then you can't do it.
Backups? Snapshot file system? I know its glib to ask, and we have all done dumb things in the past, but for a hosing business you like to assume there was *some* disaster recovery plan!
I always thought RCA stood for "rubber conservation association" from how thin their records became.
1) Buy the vinyl record
2) Torrent the FLAC equivalent
3) Profit! (one hopes step 1 is actually paying musicians)
Why no mention of the built-in cattle prod?
Thanks for posting that link
True, but is this not yet another lesson in what it means to put your
balls in another’s vice valuable data in a cloud service?
Rum, sodomy, and the lash?
Damn, need two icons!
"Those two vendors have a product that performs roughly the same, but vendor E knows how to tune vendor N's product so that it is 50% slower."
Don't public benchmarks serve to stop this sort of knobbling? OK they don't address the real-world if your problem is not similar to the test, but they ate least have an open set of tests that each vendor can submit their own tuning to get the best from it.
Irrespective of MS' business reasons for doing this, it is good they are as few others have the resources or influence in the US to consider this.
I'm not American, nor do I live in the USA, but what happens in this case will be looked at world-wide and hopefully make other governments and their people think more carefully about what is reasonable to demand in the digital world.
"So the NSA
admitted they couldn't crack couldn't be arsed to look at something pointless, but others could"
Fixed that for you...
That is due to the fsking thing needing more than 2GB of memory!
Cyberdickwaving is always a good enough reason!
Really though, Sweden should think of this as successful penetration testing for free.
Indeed, but maybe this new AI thing would be better then all of those "friends" who turn out to be morons when it comes the re-posting shit on Facebook?
My new friend ->
Indeed, my first thought was "link budget?"
You beat me to the question of sensor acquisition time.
My own concern is how long would such a system continue work given the presence of various contaminants in the air, lichen, bird crap, etc.
"I hear it murders wives and gets caught"
Neither of which are good traits in a file system developer...
AFIK Oracle was the major contributor to BTRFS for Linux, but that stopped when it bought Sun and inherited ZFS in the process.
Interesting point though, is the effort of brining BTRFS to match ZFS bigger or smaller than finding a way round the license terms?
Odd really. A lot of folk accept, and Linux distros offer, closed-source drivers for video and similar. Not a GPL violation it seems.
Where as ZFS is open-source and you can also modify it, hence in terms of the overall goals of GPL, a much better fit. But not compatible because? Because?
I'm guessing its something to do with linking in the kernel rather than loading a driver, but it seems a little odd and almost one of those religious-wars type of reasons (you know Catholic/Protestant, Sunni/Shia, little-end/big-end, etc)
Silver opportunity, surely?
[Yes, really aluminium, but you know the colour most commonly associated with uniform-spectrum metallic reflections]
Depending on the time-scale w.r.t. pr0n then "de-pubified" is probably most accurate.
My proposed solution to both the "lawful examination" request and the "dead relatives' phone" problem is to make the key readable by physical means: by desoldering a chip, grinding off its top and scanning the silicon with an electron microscope to read the bits back.
That way its not usable remotely, quickly, or cheaply. Just like old-school investigations that time & cost would focus its use to cases that really matter, and would not be viable for mass surveillance, fishing extraditions, etc.
Have an up-vote for that alone!
Yes, when I read "...Cloud App Security is to cover off the data loss danger..." I immediately thought "physician heal thyself".
No problems, after all in this post-x86 world there is always the Itanium.
Surely you encrypt before storing it remotely?
Certainly things like reliability and backups are dependent on the service they make/buy, but again, if possible it would be better to duplicate on two providers so if one goes TITSUP and/or hikes the price too much, you keep the other and migrate to a new "2nd copy" for the next contract negotiation round.
Do they actually need to build out the cloud infrastructure?
What about putting an abstraction layer on other cloud services so they can use whoever is cheaper and/or actually working at any given time? After all, the key selling point is supposed to be "computing/storage" as a commodity, just like power or the ISP networking, and its the data that is precious and needs protection (encryption + backing up) and management?
Indeed, that is an irritation for many.
However, more penitent is the fact there often never is "no clear, easily marketable, crying need in mass-market consumer electronics" because world+dog would have filled it. What Apple did that made it such a money-spinner was either:
1) Make something that already was well known, like a "PC", but make it suck less than others that were available at the time (i.e. Windows, with all its AV needs and infestations that were the home user's experience).
2) Imagine something a little different that no one in the tech world thought would sell big-time. Such as the iPad that partly dealt with (1) but was too simple for most technical designers to see the big use for it.
The watch is not such a game-changer. Maybe a TV/PC home entertainment centre convergence that "just worked" and did not have shitty on-screen controls, partly-supported features that get pulled a year or two one, and inconstancies from TV, to streaming, to music, to recording/time-shift, etc, would allow them to mark it up and thus get the big profits they know and love? Who knows...
The alternative, that of not having intrusive ads with sound or video, or grabbing focus, etc, has never occurred to them?
Really, they get what they deserve for that. True, they do deserve some finical support for publishing, but not by throwing crap (and potential infection vectors) all over my screen.
1) Macros were a stupid idea, at least, the idea they could do anything in any way to overwrite or run an executable program, script, etc.
Really, while getting your machine shafted by a cryptovirus sucks donkey balls big-time, what were your plans for the day your HDD/SSD dies, machine is stolen, or PSU goes on a last bender and takes out several disks in your RAID set?
Can I sail on Boat69?
It was a mean thing to say.
OK, my deviations are far from standard...
He is a politician, probably both.
But not on w2k or XP, so I don't feel bad about keeping all my legacy Windows software going for ever more on that.
Security? Well, they ain't on the Internet or used for web/email access...
What, you mean to say administering a *NIX system over an SSH command terminal is new?
Or maybe using ssh -X to allow running an X-windows program’s GUI on your local machine tunnelled over a secured link is also "recent"?
I was pleasantly surprised a couple of weeks ago when I tried attaching a USB to RS232 converter to my laptop and all I had to do to make my serial code work we tell it to open /dev/ttyUSB0 instead of /dev/ttyS0. My decade-old code is hard coded for ttyS0 or S1, so I created a symbolic link of that name to the USB device as a temporary work-around until I fix that in a more elegant way. I believe it was using the FTDI chip, but don't know who made the overall converter, and laptop is running Ubuntu 14.04
Back to Andrew's article: sure Windows 10 has a poor reputation but its not just the user interface. That may not be great, but as others have pointed out, its the creepy nature of the telemetry and forced updates that really make me advise against it to anyone who will listen. A shame really as lower down the Windows kernel, etc, has useful improvements.
For Windows-only software that I need (e.g. some CAD stuff) I used VMs and don't have to worry about the "hardware" changing and Windows complaining of activation, etc.
Indeed, can you imagine the first court case when a suitably clued-up litigant gets the judge's approval for a full and public audit of the banks systems. You know, including those banks still on XP and IE6 because they have internal stuff that demands it?
And the same for Government offices who request you pay on-line to them, will they want to be held to the same standard of public auditing?
You can be damn sure the banks have considered the cost of liability and the cost of mitigating it (and loss of business if folk just stop using on-line payments, etc) and have come to the conclusion the current arrangement is the least-worst option.
It is also very difficult to assess. Did they find out something useful and apply it, or pay for a "mechanical Turk" to do the work they just submitted?
And as others have pointed out, without a basic grasp of roughly what to expect the solution to be, how can you filter the 99.9% of crap found by Google and sanity-check the data in/out the produced it?
Use a POP client like Thunderbird, they don't seem to have problems with passwords for that. It also allows a "unified folders" view which is handy when your
spam messages come from several accounts.
Odd thing is, they only do the for the webmail interface. I have a yahoo account for spammy stuff and access it via POP, no problems with changing geographic log-ins, etc, for years now.
Same password as the web interface. Same security problems of a password being stolen or brute-forced. Go figure...
Lets face it, most of said SMB equipment would be a strong and resilient as a wet paper bag if you expose the network to world+dog, samba patch or not.
I'm guessing this is more of a risk in small businesses if a malicious actor can get a machine attached (or p0wn one via email, etc). Nobody should have a network share visiable to world+dog and big organisations/companies will have network switches set up to reject unknown machines being attached internally. I hope?
CCTV, APRN, etc. Do you think anyone going to blow themselves up cares about detection *after* the event?
As you seem to have not noticed, the blew up the airport *outside* of the security checks where folk were waiting. How far back do you want those checks? Its turtles all the way down...