366 posts • joined 18 Feb 2008
"The reason this was fixed is because someone could look at the source, see that it was broken and fix it"
Last I heard it was supposed to be the same person that introduced the bug that found it, so no, in this specific case, open source gained no advantage.
Re: In concerns me that this is the case
This is a problem with remote diagnosis.
Once an attacker has run a program with admin credentials, the system is theirs. They can alter any part of the OS. They can alter task manager so their processes don't appear on it, they can alter the filesystem libraries so their files don't appear, etc. etc.
If people had been there in person, they could boot up from an external disk and maybe see more of what's going on. But in nearly every case, they should be saying "yup, you done got hacked" and advising a complete reformat anyway. It's just too easy for something to be missed, which then acts as a source of re-infection.
Not adding up
Domain registration doesn't involve records for email or website. I suspect not only is your domain registered with them but they're also doing your DNS hosting, at a minimum. £100 a year may or may not be a reasonable price, but it's in the ballpark
Re: DNS - check, NTP - check, what's next?
It's already being used. I know someone who got a snooty email from a university, saying their IDS had caught him using an "SNMP scanner" - turned out their printers were involved in DDoS'ing him. He did a packet capture and a VERY high number of switches, routers, wifi access points etc. were attacking him, presumably because they were using the default community names
One reason is that the court's line of argument looks pretty solid. The FCC has different powers depending on if something is a "common carrier" or a "telecommunications service" and the issue was they were trying to have their cake and eat it. So the court had good reason to say that the rules, as written, weren't legally enforceable.
I didn't even know it was done by a female architect until this article...
Nope - the first was previously reported (allegedly). The second two were not, and it's because of the second two that the "bounty" was issued.
The original statement does at least mention that all 3 vulns have now been fixed.
It's worth mentioning that every single feature that the article says is an announced "steamOS" feature is actually an announced feature of the steam CLIENT, whether running on Windows, Mac, self-installed on a pre-existing Linux box, or bundled with steamOS.
So no, I don't fear Valve games becoming steamOS only - and even if they did, the non-valve games outnumber them by a factor of 300 or so
People who want it to be GPL2-compatible want it because then it can be included in the Linux kernel.
HR and management are unlikely to be hourly paid.
I used to be a burger flipper at McDonalds; electronic clocking systems are a GODSEND. Given the choice between having to tell the management any time my actual hours worked deviated from my schedule (and hoping they remembered to action the changes) or being paid by the minute by an automated system, I'd choose the second.
And, in fact, it looks like they already have a (crap) clocking system. This is just a more convenient version.
Re: Fscking ridiculous
parody is a defence against trademark claims IE your parody is allowed to be recognisable as the company it's parodying (otherwise there's no point).
It isn't a defence against copyright infringement (though for novels this is no hardship)
Re: Quite right, too
"Well, suitably backed up to a different location that'll be fine, otherwise you're unprotected against 50% of data risks."
...and 100% of "accidentally hitting the delete key" risks
RAID is nice; backups are vital
It's not perfect
I've had MSE miss a virus on a friend's PC before - thankfully a "let this program have firewall access?" prompt came up, alerting him.
We submitted the file to one of these online sites, and only 2 of the virus scanners caught it, so I'm not claiming MSE to be amazingly shit either, but that it can miss things is undeniable
Re: Can't remember the last time VoD worked properly on Virgin Mediocre
No conspiracy I'm afraid.
This issue is affecting LINX only. Speedtest decides what server to use by checking the pings. Thus, when this issue is happening, speedtest will test against servers VM doesn't go over LINX to, because the pings are lower.
Some more information:
(not sure if the two issues are related or not)
Re: Microsoft understands...
"forced obsolescence through incompatibility"
rerversi from windows 1.0 still works on win7 32-bit (64-bit windows can emulate only 32-bit apps)
to be fair to orlowski, he wants to re-purpose the word to mean "those who demand things for nothing" rather than "open-source enthusiast"
Are you honestly saying that the FIRST THING someone should do if they find factual errors in a wikipedia article criticizing them is to sue?
Re: Quite agree...
I love Edinburgh council's site
On the main page, on the "popular pages" links, it has council tax, school openings, swimming pools, bin collection, road gritting, libraries etc. etc. Never had a problem using it, which still comes as a mild surprise each time...
by contrast, I can make windows 7 bluescreen really easily.
All I have to do is push the overclock past sensible levels... :P
VM also having LINX congestion issues unrelated
the LINX packetloss issues are/were because an undersea cable had been cut. This meant traffic that otherwise would have been using it was shoved onto LINX, causing congestion.
Um, have you actually read this?
I can't help feeling you haven't actually read the article.
Microsoft are explicitly saying that OEMs won't get the shiny sticker unless both the orthodox way (no bootloader signing) and the new way (add your bootloader's keys to the firmware) of installing other operating systems are supported. What they are insisting on is that machines shipping win8 do things the new way by default.
If it's the whole idea of signed bootloaders you're objecting to, the UEFI forum published that spec in April 2011, and no one complained either before or after.
In terms of lockdown, the ARM stuff is much more restrictive (apart from the fact that MS only has a couple of percent market share so isn't a monopoly in any way)
Linux will work just fine on new stuff as well
...just that, IF YOU BUY A COMPUTER WITH WIN8 ON IT, you'll have to turn off the signed bootloader thingy.
Talking about messing with the keys is a red herring; if you want to do signed linux, you were always going to have to install your own keys, and even if the UEFI spec doesn't specify how this is to be done, it ain't Microsoft's job.
They key points is that MS have said that to get their shiny sticker on OEM PCs, they not only have to ship with a way to turn off these security features, but they have to be customisable. This will, in fact, make key-signed linux MORE likely than it would have been last week.
As to the ARM stuff, in the abstract this is annoying. But in reality, I can't see the presence or absence of the ability to load linux onto win8 phones and tablets affecting me one way or the other.
depends on the license
Not sure what the relevant bits are licensed under, but it's possible you can only use the source if you release any derivative works (like a compat layer) under the same license, And if you do _THAT_, then, assuming tight integration, you'd have to release iOS under that license as well.
MS isn't stupid
"MS will pressurise manufacturers NOT to allow the feature to be turned off"
That would leak in about half a second, and trigger a new round of EU _AND_ US antitrust penalties. They don't want that.
All this means is that CORPORATE MANUFACTURERS will include such the "disable secure boot" toggle - they'd be stupid not to. That says nothing about the rest of the market, especially the pre-assembled end of it (I suspect consumer retail motherboards to be likely to support disabling it; OEM ones, _maybe_ not)
missing the point somewhat
for new metro-style C++ apps, it seems like compiling for ARM will be as easy as clicking a checkbox (though I'll believe that when I see it, and of course deliberately writing things that are limited to one processor is trivial)
so if you're still at the "choosing what to develop for" stage, you should be able to target both
we have a winner...
...why do you think they don't want steamworks games? because you can't re-sell them, because once it's tied into your steam account it can't be extracted (to be fair to steam, I can't think of a way to transfer games to other accounts that isn't doomed to end in squillions of stupid-phished-users' games being used to scam people)
Yes and no
In most cases, all the T&Cs do is make explicit that because you've uploaded a picture to their site, it's going to be made available on the internet to anyone with the URL. Some sites, however, opted for the cheap lawyers, and the T&Cs reflect that.
twitter do now do their own image hosting, but the chances are the images were hosted elsewhere and merely linked via twitter
or maybe not
a) throttling isn't "on a whim", but more importantly
b) on the lowest service VM offer, while being throttled, there's MORE than enough bandwidth for gaming. whatever is going on, it's not due to lack of bandwidth
fool and his money
while being throttled there's more than enough bandwidth for gaming. what's far more likely is that there was some sort of issue with your connection; going to 50 meg involves changing from DOCSIS 2 to DOCSIS 3, and an engineer visit. Chances are whatever they did resolved your issue.
and let's not have any crap about "using what you're paying for"... you're on a consumer broadband connection. You're paying for a contended service -> you are getting what you paid for, unless you're paying at least 3 figures a month
This "native" malarky is basically MS banging the drum about the graphics acceleration - AGAIN AND AGAIN AND AGAIN which, given that HTML5 is looking to replace at least some of the kinds of thing people used to do with flash (and could have done, but didn't, with silverlight) may actually, at some point in the future, be worth mentioning.
RIght now, the only real-world difference I notice is that IE is better at displaying 30,000 by 30,000 pixel images than opera.
can't be done
the assertion of existence of a deity isn't falsifiable - it can't be tested. This is the reason why it's not a question for science
not wrong but...
you're not wrong, but the default experience is still critically important. All new users, and I suspect even a very large proportion of existing users who upgrade, will judge ubuntu on what it chooses to present to them, and why shouldn't they?
This doesn't affect me so much since my main experience of ubuntu is via ssh terminal ;)
Your history is wrong
ie6 was released in 2001. Firefox wasn't released until 2004. The issue was not the state of IE6, the issue was that a new version of IE wasn't released until 5 years later.
uh... am I missing something here?
what happens if you just turn off cleartype? does it turn it off for the OS but keep it on for IE9?
true but not the whole story
that is indeed part of why people use command-line, (a similar phenomenon on windows is "registry hacks" instead of just checking the checkbox in options), but part of it is when you are wanting to walk someone through something, it's easier to tell them to copy&paste from the command line than it is to say "bring up this menu, then that menu..." ad infinitum. Windows server MSDN articles do the same thing; to enable a lot of functionality they'll tell you to type something into an elevated command prompt rather than click on the "install server role" option or similar
"Redmond, you see, has a certain aversion to open source software"
in this case, not true. It's nothing to do with not liking open source and everything to do with the possible patent-infringing nature of WebM. Many industry experts are fairly sure WebM may be violating some patents, but there's been no court cases as yet - mainly because it's suspected that any potential litigators are going to wait until someone with a lot of money comes along first (like, say, microsoft). GOOGLE WILL NOT GUARENTEE THAT WEBM IS FREE FROM PATENTS therefore the responsibility is with the implementor. So if MS distributed WebM, they would be sued, not google.
Missing the point
While some probably _ARE_ selling above their capacity, home broadband is and always has been a contended service, a tradition going back to the days of dial-up where they owned less modems than they had customers, meaning it was possible for you to call the number and get an engaged tone.
As soon as even 2 people are using something, traffic management can be useful, for latency reasons even if not for bandwidth reasons. e.g. on a line that can get 100 meg throughput, someone bittorrenting at 50 meg can knacker someone's voice comms which only uses 1 meg, even though there's spare capacity, simply because the voice comms is more sensitive to late or missing packets.
no and yes
the bottlenecks with cable are a lot more local. So VM don't have an overall capacity problem - mine never dips below max - but they _DO_ have a problem in your area.
i also got the previous router (this isn't the superhub) that was a VM-braned netgear firmware. From a throughput capacity, the firmware was ok, but it was woefully under-featured (couldn't do static routing, couldn't do nat for LAN clients)
a quick dd-wrt sorted that
this new superhub seems to be causing issues. If they ever get around to implementing bridge mode, it might be ok
"Decent photo management software should be able to handle tags at the very least"
hell, even the MS live photo gallery thingamabob does this!
SATA issue shouldn't affect it
it's only the 4 slower SATA ports that are affected, and only after sustained heavy use. In a laptop, things should be plugged into the primary 2 SATA ports.
He's right (also, you're wrong)
"Are you claiming that www.support.me is a kosher LogMeIn site?"
Connecting to www.support.me|184.108.40.206|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://secure.logmeinrescue.com/Customer/Code.aspx [following]
Yes it is.
"Then LogMeIn are complicit in these scams. Why hasn't anyone sued them?"
No they're not.
The whole point of LogMeIn is that you go to the site, enter a code, and the person the code belongs to can then remotely control your computer, for tech support purposes. If you're daft enough to let a complete stranger remotely control your computer, how is that their fault? It's just a tool - if someone tells you to throw a hammer at your computer, you can't sue the guys who sold you the hammer.
"being evaluated" is a code-phrase meaning "the boss covets the shiny". It doesn't mean it's going to be used seriously, it just means someone wanted to play with a new toy while the company picked up the bill.
No, because then it could be argued that you're trying to get around the tax laws. If a company "sold" you a new car, or a new computer for that matter, for one dollar, they it's pretty obvious that it's tax evasion.
In this situation, not so much, but you still have to sell them for "fair market value", based on what similar computers are going for.
Why patches are monthly
See the other discussion thread about testing. By releasing once a month, an IT department can sit down once a month, discuss what patches apply to them, test them, and release them. If patches are drip-fed as and when, the admin overhead involved in properly testing updates before applying is such that many companies don't apply them at all.
2-4 meg WOULD be a better thing to aim for
I know someone who gets sub-1-meg speeds he's so far from the exchange, and someone else who only gets dial-up.
while it's nice to get faster internet, imo we should concentrate on getting a decent minimum before we spend money improving the speeds of those who already have decent broadband
shouldn't need catch-up
"Okay, when it came out Security Essentials had a lot of catching up to do "
shouldn't have. Certainly when it first came out, the virus definition files were identical to those of its big-brother product Forefront. (which is the domain-controlled, central-reporting, costs-you-money version)
it's also both inconspicuous, AND doesn't have a "please ignore and run the virus anyway" option on its pop-up
for anyone saying "just don't get infected", remember you can get infected from flash. Before someone mentions noscript, remember there have been cross-side scripting exploits on youtube before. Just because you browse legit websites only doesn't mean you're safe, that's like saying uprotected sex is safe as long as you stick to "nice girls"
fining the person who lost the data...
...results in some poor schmuck who doesn't know any better getting in trouble, while the manager who didn't implement proper procedures in the first place gets off scot free.
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON