Feeds

* Posts by Stuart Longland

1041 posts • joined 11 Jan 2008

Page:

FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers

Stuart Longland
Silver badge

Re: BCC?

Or… it was a mailing list address in the To or CC field, and someone left the barn door open…

1
0

Sign off my IT project or I’ll PHONE your MUM

Stuart Longland
Silver badge

Re: Re-read the klingon software development guide

Is this some sort of leaked Q-A document from Microsoft? Sounds awfully like what happened with Windows ME.

1
0

Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really

Stuart Longland
Silver badge

Re: Windows 10 is Old News

14? Is that all?

0
0
Stuart Longland
Silver badge

Re: It worked for Red Dwarf

They're not the only ones in the entertainment industry to skip a number.

The Traveling Wilburys did it: Volume 1 was followed by Volume 3.

0
0
Stuart Longland
Silver badge

Me, hooked up to Microsoft Windows-based life-support?

Over My Dead Body.

54
0

Will.i.am gets CUFFED as he announces his new wristjob, the PULS

Stuart Longland
Silver badge

Re: Bling bling

About time Flava Flav got into the wearable tech market. I can see it now...

The flavWatch redifines the concept of the watch, as it is suspended from the users neck.

Actually, that could be practical. It doesn't have to fit in a pocket so the screen can be larger. The battery can also be larger, so better battery life. Since it is hanging around your neck, it's in convenient range for answering calls or checking messages.

2
0

Disaster roster: OMG, are YOU SAFE? I dunno. Check Facebook

Stuart Longland
Silver badge

Re: Ads?

"We notice you're stuck, buried in a collapsed apartment block! How's your life insurance? Here's some policies to consider while you're here!"

1
0

Twitter, Cloudflare kill SSL 3.0 ... and here's how YOU CAN TOO

Stuart Longland
Silver badge

Re: immhavingapacheamidoingitrite?

I found according to Qualy's SSL checker that if I disabled TLS 1.0 a whole stack of common browsers were marked as "failed", such as the browser in Android 4.0 (which would include my phone).

So it might be wise to allow TLS 1.0 and 1.1 as well for now, unless you only care about your own access (in which case, use whatever you like because you control the infrastructure).

1
0

Crims zapped mobes, slabs we collared for evidence, wail cops

Stuart Longland
Silver badge

Re: [SECURE DEVICE: SOLVED]

Yes, except some networks are phasing out 2G… Telstra being one of them.

0
0
Stuart Longland
Silver badge

Re: 1) remove battery (or turn the device off until you can get it to the lab)

0) Install app that does an automatic wipe of the device when it next starts up if the user doesn't authorise the device's shutdown/network disconnect.

1) remove battery (or turn the device off until you can get it to the lab)

2) profit!

Next problem!

Indeed.

5
3

Chatting to Al Qaeda? Try not to do that – Ex spy chief defends post-Snowden NSA

Stuart Longland
Silver badge

Re: Sounds just like...

I thought he mentioned the arse end…

2
0

Aussie builds contactless card cloner app, shops at Woolies with fake card

Stuart Longland
Silver badge

Re: A Sting no doubt!

Now I've got Roxanne stuck in my head…

Probably appropriate since we (collectively) are going to get shafted by this one way or the other.

0
0

LTE's backers vow to KILL OFF WI-FI and BLUETOOTH

Stuart Longland
Silver badge

Bluetooth, really?

If I understand LTE correctly, in order to connect to an LTE network, the device in question needs some authorisation to use that network, in most cases this is the presence of a SIM card with the credentials needed.

Does this mean if I want a hands-free headset, that the headset needs its own SIM card to take a call from my phone?

4
0

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

Stuart Longland
Silver badge

Re: Wrong direction of trust...

"You appear to be adding a second mouse, is this really true? Think carefully my friend before answering..."

Let's see you click the Yes button after you accidentally unplug the wrong USB cable to your combo keyboard/mouse then have to plug it back in again.

Reminds me back in 2003 of someone doing a Windows XP install onto a machine with no floppy drive, SATA disks (which were a new thing then) and USB HID keyboard/mouse.

Setup unwittingly unloaded the USB drivers, then prompted with a dialogue box asking if we trusted the unsigned SATA drivers. A dialogue box we couldn't answer because we had no working keyboard or mouse at the time.

0
0
Stuart Longland
Silver badge

'Plug and pray' is indeed very old but it's nothing to do with the current context. It was about how USB drivers were very hit and miss for a long time, needing installing for each individual port, being very OS specific etc.

Actually, it predates USB… we were talking about Plug-and-Pray back in the days of ISAPnP. (Not PCI, ISA.)

4
0

Windows 10: One for the suits, right Microsoft? Or so one THOUGHT

Stuart Longland
Silver badge

Re: Oh, please...

So you're saying that: because you don't want it, we shouldn't have it?

0
0
Stuart Longland
Silver badge

Re: Proper clipboard support

You know you can show the extensions again with a few mouse clicks? Its the first thing I do after installing Windows.

Indeed, and you can disable the ShellShock backdoor in Linux by replacing the 'bash' binary, which is just a few clicks.

The fact that it's the DEFAULT must be irrelevant to you.

5
1
Stuart Longland
Silver badge

Windows X: It's the cross we bear…

5
1
Stuart Longland
Silver badge

Re: Proper clipboard support

That Windows Explorer "feature" has been with us nearly 20 years now.

2
0
Stuart Longland
Silver badge

Microsoft, you surprise me

A couple of useful features, and you didn't decide to follow Apple and call it Windows X. You seem to like copying everything else they do.

I'll bet the Command prompt still lacks the sort of terminal sequences that VT220 supersets like xterm and rxvt have had for decades though and probably looks at me funny when I run ./configure && make && make install. But small steps, we at least have copy and paste working more naturally.

Virtual desktops? Welcome to 1990. You might've gone somewhere had you released something like this in 2004.

I think we call this, Windows 10 Years Too Late.

8
3

Bash bug flung against NAS boxes

Stuart Longland
Silver badge

Re: QNAP again?

Mmmm, won't stop the Microsoft crowd from sCOFFing though.

3
3

TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'

Stuart Longland
Silver badge

Re: Conflicted

Of course, telling this to teenagers is like waving a red rag in front of a bull…

16
1

SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches

Stuart Longland
Silver badge

Re: nas and modems @Stuart Longland

Indeed, it'll be more substantial than that of a router, because it probably has Samba for Windows File Sharing, some media streaming tools, web/FTP server, etc…

This does not necessarily mean that bash is being used. You'll need filesystem access to actually know for sure, just looking at the size of the firmware blob isn't going to tell you.

0
0
Stuart Longland
Silver badge

Re: nas and modems

How does this affect the 1001 NAS, media server, TV's and modems around that run a version of Linux

Like This.

Very few of those devices actually have the OS-image storage for a full-blown GNU/Linux distribution. Most are a cut-down Linux OS based around Busybox, which according to that test I did, isn't vulnerable.

Even a NAS, which may have big HDDs installed, won't be using those HDDs for the OS, it'll have a small flash chip somewhere with a minimal OS on it.

0
1
Stuart Longland
Silver badge

Re: Meanwhile, on a web server that was already patched twice

Indeed, I suppose it's people who think such patches should make those crack-attempts invisible. Or those who maybe wish their commercial software supplier was as swift delivering fixes.

I find it rather telling that this apparently 20+-year old bug has only just started being exploited within the last week.

I've certainly seen a few attempts myself now.

2
0

CURSE YOU, 'streaming' music services! I want a bloody CD

Stuart Longland
Silver badge

Re: Streaming

My only reason for sampling stuff at 48kHz instead of 44.1kHz is that most of my sound devices today are natively 48kHz and don't do other rates, so rely on software up-sampling for 44.1kHz.

So I leave it at 48kHz when recording it (usually from vinyl) and leave it at that.

Gone are the days when sound-cards would re-sync their clocks to just about any sample rate you wanted. (Had great fun trying to write an ALSA-SOC driver to make a TI TLV320AIC3204 do that though a couple of years back.)

1
0
Stuart Longland
Silver badge

Re: I still buy CDs

Actually, sometimes having to get off my arse to flip the record over is a good thing. It ensures I move around every 20 minutes.

1
0
Stuart Longland
Silver badge

You feel old?

None of my music was downloaded or streamed.

One song was live-recorded off FM radio (yes, very naughty of me… but whenever I've been in a record shop I have a quick squiz to see if there's an album that has it), the rest have been ripped from a mixture of CDs and LPs which I personally own.

I'm not about to start downloading or streaming now, my current arrangement works fine thank-you.

5
1

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Stuart Longland
Silver badge

Re: another huge hype

The media does seem to have amplified the issue somewhat, but then again, that's what they're there for, to amplify the news that others raise. And bad news sells! This centuries-old fact is not news.

What I observe with HeartBleed and ShellShock was the idea of "branding" a bug, which seems to have resonated with the media outlets.

Even more so than the bug where Debian's patching caused OpenSSL to generate weak keys. That bug was particularly nasty, but generated a lot less press than these two have.

With it, I've noted a lot of misinformation out there, claims of all kinds of embedded devices/Android being vulnerable (see my tests with busybox above) and claims that it's a Linux or Unix-only problem (Windows can run bash, e.g. using Cygwin or Interix).

So in the open-source world we've now had a few high-profile security holes pop up. As you point out, some of them have been around a long time. HeartBleed was nasty as it revealed bits of RAM accessible to the web server which amongst other things would include the SSL private key.

ShellShock doesn't give you that (as the private key should be owned by root and unreadable by anyone else) but it does allow you to execute arbitrary commands, which is nasty in its own right, as it only takes a privilege escalation bug to gain access to such information.

The good news with ShellShock is that it's only a limited set of environment variables that get passed to CGI scripts, and so it's not that difficult to mitigate against if you have a CGI script that executes some command line application (e.g. gitweb executing the "git" command). Not difficult to do a few checks of %ENV, pluck out the bits you want then set the offensive ones to `undef` before shelling out.

The other factor is that bash is never linked to applications, it is a stand-alone binary executable, replacing it will not cause ABI breakage like replacing OpenSSL can, and it typically does not come bundled with applications either as a dynamic library or statically linked. That makes containment and clean-up a lot easier.

1
0
Stuart Longland
Silver badge

Re: We are not out of the woods yet

And the patches are out:

25 Sep 2014; Lars Wendler <polynomial-c@gentoo.org> +bash-3.1_p18-r1.ebuild,

+bash-3.2_p52-r1.ebuild, +bash-4.0_p39-r1.ebuild, +bash-4.1_p12-r1.ebuild,

+bash-4.2_p48-r1.ebuild, +bash-4.3_p25-r1.ebuild,

+files/bash-eol-pushback.patch:

Another security bump for CVE-2014-7169 (bug #523592).

At least in Gentoo, and yes I've just re-patched, again. Still, amusing to see these "exploits" showing up in web server logs and have no effect.

0
0
Stuart Longland
Silver badge

Unless your router is a full-fledged Linux box with GNU Bash installed (unlikely), you should be safe. Most don't have the storage for a full-blown Linux distribution, thus rely on the more compact Busybox shell:

RC=0 stuartl@rikishi ~ $ env X="() { :;} ; echo busted" busybox sh -c "echo completed"

completed

Not vulnerable, at least my version isn't.

1
0
Stuart Longland
Silver badge

Re: well i am off

Sure, I'm rubbish at golf but I'll join you. My outside-world facing boxes are patched.

0
0
Stuart Longland
Silver badge

Re: Can you hear that sound?

I'll have my server patched in a minute… anything I have the source code to, no problem. It's all the commercialised crap that's a problem.

-----

make[1]: Leaving directory `/tmp/portage/app-shells/bash-4.2_p48/work/bash-4.2/po'

>>> Completed installing bash-4.2_p48 into /tmp/portage/app-shells/bash-4.2_p48/image/

strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version

bin/bash

ecompressdir: bzip2 -9 /usr/share/man

ecompressdir: bzip2 -9 /usr/share/info

ecompressdir: bzip2 -9 /usr/share/doc

>>> Done.

>>> Installing (1 of 3) app-shells/bash-4.2_p48

>>> Setting SELinux security labels

-----

Told you so. :-)

19
7

Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights

Stuart Longland
Silver badge

Re: Here We Go Again.

In other words, if the authorities can't beat the "terrorists", they should join them?

10
2

'Windows 9' LEAK: Microsoft's playing catchup with Linux

Stuart Longland
Silver badge

Not quite. X works over a network almost transparently.

RDP isn't quite the same experience.

0
0
Stuart Longland
Silver badge

Re: Wow so much copying Microsoft..

I seem to recall FVWM2 existing a little bit before Windows Chicago (to use the name it had back then) and featuring a task bar and start menu.

Then again, maybe I recall incorrectly. Someone like to clear this up?

0
0
Stuart Longland
Silver badge

Re: at least half a decade??@Roland

On another note... (and this isn't aimed at your comment) I find it ludicrous when people (here and other forums) whine about low resolution display (1366x768) on new 15" laptops when I often see middle-aged users cranking the display resolutions "to bigger setting" in their FHD 20+" displays - meaning 1366x768 or even lower...

And for those of us who don't have crummy eyesight and want to fit a decent amount on our displays?

I chose my laptop (Panasonic Toughbook CF-53) on a number of criteria. Amongst the things I chose it for was for legacy device support (PCMCIA, RS-232), a large number of USB ports (2x USB2, 2x USB3), modern niceties like HDMI and well-supported hardware components (Intel graphics, Intel WIFI).

Sadly, one area I did have to compromise on was the display. I wasn't after "Retina Display" level resolution, but 1600×1000 would work okay. Or better yet, 1600x1200 (you know; 4:3). That'd give good-enough resolution, and I could make the fonts big enough to make text nice and clear. More to the point, it'd match what external monitors do.

Right now if I hook a projector up, and want to have the same thing on my screen as the projector, I have to sacrifice horizontal resolution and set both to 1024×768 or put up with things being off-the-edge of my laptop screen to compensate.

0
0
Stuart Longland
Silver badge

They were… Not sure about 10.4, but certainly 10.5.

As for Linux, it's been a feature of the window manager you use. FVWM has had virtual desktops for years, I remember them back in the late 90's.

It's nice to see Microsoft has finally acknowledged the usefulness of a feature that users of other platforms have enjoyed for decades.

14
0

Le whoops! Microsoft France boss blows lid off 'Windows 9' event

Stuart Longland
Silver badge

Re: Hang on there sailor...

Isn't alt.humor.puns an OS X plist file?

You wish

0
0
Stuart Longland
Silver badge

A way to create certain disunity surely…

0
0
Stuart Longland
Silver badge

Seeing someone else repeating that makes me smile. The name really has stuck, not sure whether others had a similar idea before I posted it here (and on alt.humor.puns).

I think Microsoft will have difficulty shaking it off if they do decide to brand it as "Windows 9".

5
1
Stuart Longland
Silver badge

Re: Stop! Take a breath...

Indeed… Windows 2000 was decent for its time. Modern enough to support features like true plug-and-play, USB, etc… but still reasonably solid, and fast on modest hardware compared with other Windows releases.

I used to run the release candidate quite happily on a Pentium 133MHz with 64MB RAM, and it used to run that smoother than it ran Windows 95.

Windows XP just felt bloated by comparison, even on hardware supposedly "designed" for it. My old laptop I used at uni, a P4 1.7GHz with 2GB RAM, ran much better on Windows 2000 than it ever did under its native Windows XP. (And it ran Linux better again.)

13
0

'In... 15 feet... you will be HIT BY A TRAIN' Google patents the SPLAT-NAV

Stuart Longland
Silver badge

Re: but Windows Phone ...

And the masses thinking they were free of that sodding paperclip choose C.

2
0

Home Depot ignored staff warnings of security fail laundry list

Stuart Longland
Silver badge

Executives reportedly told pleading staff that "we sell hammers".

Yes, the very hammers you will now be bludgeoned with by irate customers and security staff.

8
0

Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype

Stuart Longland
Silver badge

Re: headphones

Why? Are you deaf?

Personally I look at that, and think how front-heavy the thing must be. Most of the electronics is in that ski-mask bit. Not to mention, you're either got it on blocking your vision, or got it off completely. So if you need to quickly look at something, tough.

I would've thought perhaps a design more like a hard hat, with (perhaps beefier) headphones and having the mask part flip up would be a little more balanced on the head.

0
0

Oh God the RUBBER on my SHAFT has gone wrong and is STICKING to things

Stuart Longland
Silver badge

Cheap rubber

Why is it that the most expensive kit is afflicted with the stuff?

Yaesu have this problem on their flagship (or maybe previous flagship, I think they've got a new one) hand-held radio, the VX-8. There's a rubberised knob on the top that operates the menu and controls the volume. Many people are finding that after six months, this knob is turning into putty.

Not good on a radio that costs >AU$500.

2
0

DARPA-backed jetpack prototype built to make soldiers run faster

Stuart Longland
Silver badge

Re: Or...

You could just buy them a nice bicycle and not need fuel.

Not sure that'd work well in combat. This would probably be made as part of the backpack, and so all they have to do is turn it on. They don't have to run to the bike, jump on, and start pedalling.

Plus, the amount of gear they carry, I think the bike would soon start to fall to bits.

This bike goes through a pannier rack every 2000 km or so with a load of approximately 10kg. I had to replace the original wheels (pictured) with newer ones designed for downhill mountain-bike racing as I started popping rear wheel spokes at an alarming rate. Ohh, and I've managed to strip the thread in the bolt-holes for the pannier rack: I've had to make modifications and customised brackets to fit everything.

My take-off times are not stellar: I accelerate like a heavily laden semi-trailer.

Admittedly the military should be able to do better than the made-in-Taiwan stuff that I can get my hands on and a soldier should be a good bit fitter than I am, but I have my doubts about bicycles in this scenario.

2
1

Heavy VPN users are probably pirates, says BBC

Stuart Longland
Silver badge

Re: ... education programs to stop Australians pirating

I guess they like preaching to the choir.

"Ever had a video that wasn't quite right?" Yeah sure, the pirated one that lacked all the crappy promos and anti-piracy nonsense that no one cares about.

0
0

It's a pain in the ASCII, so what can be done to make patching easier?

Stuart Longland
Silver badge

As another post pointed out (with the relevan Raymond Chen explanation), it was a design decision to forbid open files to be replaced in Windows because the risks were bigger than benefits (Windows and it applications usually heavily relies on shared libraries)

Actually, the problem is a concern over ABI changes breaking message passing between threads. This post references this Technet article which explains the problem quite clearly.

The problem is exacerbated by the fact that DLLs in Windows do not carry any version information in the file name (for historical reasons: DOS only supported 8-character file names), so a library is likely to get called something like "foo.dll" and an update would simply replace that file.

On a Unix-like system, it'd be called "libfoo.so.2", where the .2 is the ABI version number of libfoo. Thus allowing multiple parallel instances of the library. The application requests whichever version it was linked against, and so it's possible to have different applications linked against different versions.

Handling message passing ABIs is the developer's problem and in my observation, isn't a "problem" that occurs all that often.

1
0

spɹɐʍʞɔɐB writing is spammers' new mail filter avoidance trick

Stuart Longland
Silver badge

How long did it take the Editor to write that title?

RC=0 stuartl@vk4msl-mb ~ $ hexdump \

-e '8/1 "%02x ""|"" "' \

-e '8/1 "%_p" "\n"' \

/tmp/title.txt

73 70 c9 b9 c9 90 ca 8d| sp......

ca 9e c9 94 c9 90 42 20| ......B

77 72 69 74 69 6e 67 20| writing

69 73 20 73 70 61 6d 6d| is spamm

65 72 73 27 20 6e 65 77| ers' new

20 6d 61 69 6c 20 66 69| mail fi

6c 74 65 72 20 61 76 6f| lter avo

69 64 61 6e 63 65 20 74| idance t

72 69 63 6b 0a | rick.

Very cute.

0
1

Page: