Feeds

* Posts by vagabondo

438 posts • joined 1 Aug 2008

Page:

Manic malware Mayhem spreads through Linux, FreeBSD web servers

vagabondo
Bronze badge
Facepalm

Re: Quick way to check for infection -- @Stoneshop

Thanks for the correction.

print ("I must wake up before posting. I must not post rubbish!") x 100

0
0
vagabondo
Bronze badge

Re: Quick way to check for infection

A traditional *nix server will have the locate utility. So:

:~> locate humans.txt

will suffice.

0
2
vagabondo
Bronze badge
Unhappy

What century are these guys in?

"In the *nix world, autoupdate technologies aren't widely used,"

Maybe 30 years ago ( BSD, tapes, and 64kb Internet access), or even Linux 20 years ago. However a quick look at some old Linux admin manuals shows that by 2001 SuSE shipped with on-line-update as standard. The defaults were to run weekly and apply security patches. I cannot believe that most other *nix systems did not have their equivalents.

In that time the only update relate problems that I can recall were a Postfix configuration backed up and replaced with an updated default (spotted and fixed within the hour), and a few occasions where users had "cut and pasted" dodgy PHP that stopped working after an update.

It's really not hard to keep a Linux server tolerably secure. With any decent distribution that is the default, and it does not have a significant cost. You have to decide to do something (stupid) to introduce a meaningful insecurity.

14
1

Forget the mobile patent wars – these web giants have patented your DATA CENTER

vagabondo
Bronze badge

Re: Non-obviousness

I do not know much about the US system, but. I thought that patents were supposed to be written such that any competent practitioner could reproduce the invention. If patents were written clearly, without legalese obfuscation, then it would be harder to get a patent on general principles rather than genuine inventions, and any legal proceedings could be simpler, shorter, and less of a lawyers' gravy-train.

Why don't the patent examiners just throw patents back to be redrafted if the are unintelligible to any competent engineer. And if the patent offices grant rubbish patents (because they have been privatised, and are paid to grant patents with examination as a cost to be avoided), then judges should apply the tests for a patent's competence before allowing any related action to proceed further.

3
0

Chrome Remote Desktop adds Linux to supported OS list

vagabondo
Bronze badge

Re: rdesktop

WinXP does/did. You had to enable "Remote Access/support" from the menu, and do the equivalent of adding the user to the "remote login" group. Has it been dropped? I don't have any MS products, and it's been a while since i needed to access one.

0
0
vagabondo
Bronze badge

Re: What's new?

What's wrong with "rdesktop", with or without a GUI?

0
1
vagabondo
Bronze badge
Facepalm

Re: Wow, if only there was a way to find out the answers to above questions

> Type ...

or alternatively you could have saved that brain cell a little, and just clicked on the link in the article. The word "here" in the fourth paragraph links to that very same page.

1
0

ICO probes BBC after secret British army unit's info LEAKED

vagabondo
Bronze badge

Re: lack of word-processing/office skills

@smudge

You have to read the original linked article in the Independent. Apparently the BBC has a form to request permission for undercover reporting. It seems that the Panorama team needed this for their Tower Hamlets story. Instead of creating a new document using an "undercover-application.template", the "MRF-undercover-application.document" was copied from the MRF folder to the TowerHamlets folder, modified and sold saved as "TowerHamlets-undercover-application.document". A junior member of the Panorama team copied the TowerHamlets folder (containing the "MRF-undercover-application.document") to a USB stck and gave it to the Mayor of Tower Hamlets.

So apart from displaying poor security and Data Protection capability, there is also a lack of competency in using basic office software.

3
0
vagabondo
Bronze badge
Facepalm

lack of word-processing/office skills

All the money that has been wasted on teaching "ICT" in this country and it is still the norm to copy and modify documents rather than use templates, style sheets, etc. The use of a template for the application form would have meant that there was minimal chance of needlessly copying unnecessary data.

0
0

EXPOSED: Massive mobile malware network used by cops globally

vagabondo
Bronze badge
Big Brother

If this is available to the "goodies"

then it is almost definitely available to the baddies. If the local cops have access to the average citizens mobile communications, I would be surprised if Big Crime was not monitoring state prosecutors, investigators, and other criminal organizations. Or is there already a defence against RCS, and its real use is to spy on the average citizen and politician?

2
0
vagabondo
Bronze badge
Black Helicopters

Re: Prosecute the cops

"the fullest extent possible"

The devil is in the detail.

Could this be a case for a new breed of secret courts? Instead of keeping the accused and defence out, only the defence would have access to the evidence, charges, etc. The prosecution would be denied access in the interests of national, security, efficiency, respecting the needs of the establishment, etc.

1
0

Chap builds rotary dial mobile phone

vagabondo
Bronze badge

Re: I'm more impressed...

Without a "telephone dial" how do you expect the data-entry operators to get their work done?

http://engineering-intelligence.net/images/bob-800x647.jpeg

http://historycompu.blogspot.co.uk/2009/02/first-computers-pascals-calculator.html

1
0
vagabondo
Bronze badge

Re: Where the video?

At the top of the article there is a link:

Click to view video

0
0

Stephen Fry MADNESS: 'New domain names GENERATE NEW IP NUMBERS'

vagabondo
Bronze badge
Headmaster

Fry is a Comedian

That's his job. Pontificating ad absurdum in order to create a snigger is what he does. We should expect no more and no less.

1
0

UK govt 'tearing up road laws' for Google's self-driving cars: THE TRUTH

vagabondo
Bronze badge

horsepower

The horse-carriage or dray is biologically governed to a maximum speed of about 20 km/hour. Would the auto-automobile be similary restricted?

I suppose the annual vehicle test could be extended to include a "driving test" on a rolling road with simulated traffic, pedestrians, weather, etc. Would these vehicles be rated and restricted to classifications of road conditions (snow, ice. fog, motorway, etc.), load and speed? Presumably instead of a driving licence, some sort of an operators licence would be required.

0
0

Everyone can and should learn to code? RUBBISH, says Torvalds

vagabondo
Bronze badge

Politicians as amateur educationalists

often aren't very successful meddlers.

Giving everyone a general understanding of what programming is, and how stuff works is a good thing. Much like expecting everyone to leave school capable of basic communication in two or three native languages would be desirable. But imagining that everyone could/should be competent beyond reading and writing simple scripts is as fanciful as expecting everyone to be able to produce good literature and poetry in several natural languages, or to be a competent surgeon.

Adam Smith had the right idea; we specialize in what we are good at. That way we get to be efficient/economical, and by swapping/trading the fruits of our labours life is easier for us all.

9
0

Patch NOW: Six new bugs found in OpenSSL – including spying hole

vagabondo
Bronze badge

Re: Podcast in detail about the current vulnerability

http://thecloudevangelist.com/ 10 minutes mp3.

Deserving a downvote for the "bit.ly" link obfuscation and MITM spying; not for the "evagelist" typo.

0
0

Linux users at risk as ANOTHER critical GnuTLS bug found

vagabondo
Bronze badge

Re: List of software affected would be useful

from http://gnutls.org/security.html

This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client.

This is GPL, so (9unlike the Apache licensed openSSL TLS) it cannot be hidden inside a closed-source package. You would have to be using a Free browser, mail client etc. that uses libgnutls to be vulnerable. Your system's package manager tools should be able to tell you if the GNU tls library is loaded, what version, and what other software depends on it.

We manage a fleet of openSuSE servers and desktops. None of the servers has this library. Many of the desktops (openSuSE/KDE) do have libgnutls as a requirement of the library as a ffmpeg decoder package (from the third party Packman repositories) dependency, but I cannot determine whether the certificate verification function is ever called.

3
0
vagabondo
Bronze badge

making the same mistakes

All programmers make these (i.e. programming) mistakes, irrespective of who they are working for. The difference is that Free software producers publish there code for inspection and correction. The proprietary software producers keep their mistakes hidden, and reserve the capability of correcting them; mostly the fixes only follow exploitation.

6
3

Achtung! Use maths to smash the German tank problem – and your rival

vagabondo
Bronze badge

stock level

So if I was looking for 25 items, or concerned about future availability, I would probably order from your competitor who was showing 300 available for immediate despatch. I would probably be prepared to pay a small premium for the convenience of a single order.

2
0

FSF slams Mozilla for 'shocking' Firefox DRM ankle-grab

vagabondo
Bronze badge

Re: I used Chromium rather than Chrome

@Lost all faith

I think you meant SRware Iron. I just now installed from the rpm, copied ~/.config/google-chrome to ~/.config/chromium and everything worked, extensions and all settings. It's brilliant thanks for the heads up.

https://www.srware.net/en/software_srware_iron.php

1
0
vagabondo
Bronze badge
Facepalm

A partnership with Adobe

to implement one company's proprietary DRM is what is being objected to. There is not a call to ban Adobe from producing a plug-n/extension.

There are Adobe and Gnash swf plug-ins for Firefox, that do not require Mozilla to partner with Adobe. Why should this be different?

3
0
vagabondo
Bronze badge

Re: I can see where the FSF is coming from

"Mozilla are going about resolving a difficult situation as best they can."

The problem I see is the level of collaboration with the not-to-be-trusted Adobe. Mozilla will be accepting some of the responsibility for implementing an intrinsically broken DRM schema. Hopefully the FSF and others will help sway Mozilla away from too close a relationship with the proprietary battalions. I also fear that this alliance strengthens the pro-DRM position within W3C etc.

I would be happier if Mozilla stopped at creating a good sandbox. Preferably this would be a container for all non-OSS extensions/plug-ins.

Those that want to use their system for entertainment, rather than work-only, could add the Adobe and other malware from a non-OSS repository, or download from untrustworthy sources. That would remove the implication of endorsement, and indicate "at your own risk", similar to the present situation with Adobe Flash and Reader.

4
2
vagabondo
Bronze badge

Re: The proper way to handle DRM

" ... and Chrome had noscript/flashblock ..."

There is AdBlock, Ghostery, and NotScripts for Chrome. And it is not difficult to remove Google, Bing, Yahoo etc. from the search engines, and replace them with DuckDuckGo, StartPage/Ixquick, what-have-you. Of course that still leaves the big problem of closed source -- how far can you trust Google?

2
3

Chap rebuilds BBC Micro in JavaScript

vagabondo
Bronze badge
Boffin

Re: Good on him...

" rubrics cube solvers"

I think those would be better tackled by Deep Thought (HGTTG) than the humble Beeb Micro.

1
0

Britain'll look like rural Albania without fracking – House of Lords report

vagabondo
Bronze badge

register of interests?

It would be really useful if authors of this sort of article made the effort to include any possible conflicts of interest among the proponents.

2
1

NHS patient data storm: Govt lords SLAP DOWN privacy protections

vagabondo
Bronze badge

Re: "pseudonymised data"

> Like "annonymised" but not really.

No, like not at all anonymised, but we hope you will mistake it for anonymised. I.e. please don't look too closely.

4
0
vagabondo
Bronze badge
WTF?

Re: Please share my medical details, far and wide.

> So for me, If I'm mangled in an accident

This has absolutely nothing to do with accessing your medical records for medical purposes. Almost everyone is OK with that. This is about giving your personal data to commercial organizations so that they can use it to sell you stuff, or refuse you health/life insurance, etc.

4
0

Licensed to BILL: How much should you cough for software licences?

vagabondo
Bronze badge

apples - oranges ?

Are you comparing the cost of a licences to use Microsoft software with the price of Red Hat support? Or have you factored in the cost of equivalent technical incident responses?

3
0

Boffins pen 'Guide to better spamming'

vagabondo
Bronze badge
Flame

The real weak link

with e-mail is the refusal of major commercial smtp players to strictly implement the RFCs and best practice. If everyone configured their DNS records (A and PTR), HELO respnses, etc correctly and rejected rather than bouncing (to fraudulent From:/Reply to:), then it would be trivial to block botnets without getting grief for rejecting messages from Messagelabs/Symantec, Gmail/Postini, Microsoft/Hotmail, Schlund/1&1, and all those numpties that place a default/LAN configured MS Exchange server on the Internet.

The reason for the connivance of major players is probably that there is money to be made in spam filters.

0
2

New secure OS will put Tails between NSA's legs

vagabondo
Bronze badge

Re: NSA

And just what rôle does the BIOS code have once the boot loader is running?

2
0
vagabondo
Bronze badge
Unhappy

PGP/GPG encrypted mail

The problem with this is that it takes two to tango. Unless you can persuade your correspondent to send (a link to) their public key and provide a fingerprint, it doesn't work.

My experience over the last 15 years has been that other parties (including RBS and Pinsent Masons) absolutely insist on sending sensitive documents via unencrypted email. Most senior managers just laugh at requests to enable secure mail because "if it mattered why doesn't anyone else do it?"

15
1

Security guru: You can't blame EDWARD SNOWDEN for making US clouds LOOK leaky

vagabondo
Bronze badge

Re: Apparently storing data outside the US doesn't help either

El Reg reported this story earlier and with better comments:

http://www.theregister.co.uk/2014/04/28/us_judge_digital_search_warrants_apply_everywhere/

5
0
vagabondo
Bronze badge

Diligent organisations would be leery of exposing their or their clients data to US hosting or "the cloud". But I doubt that has as much to do with the Snowden reports apart from a general awareness of the leakiness of "big data". Of course Snowden and Manning demonstrate the leakiness of data that has mass access.

Uncontrolled access to large amalgamated personal datasets by NHS, Police, Local Government, Parking company, etc. staff represent a more difficult problem for the populus to worry about.

5
0

Up to 500 GP practices to test plans to share patient data

vagabondo
Bronze badge

Re: Around the UK

I was recently asked to take part in a NHS/University research program. Their idea of anonymised meant removing my name and address, but including the full postcode and date of birth. Data does not have to be very big to de-anonymise that.

5
0

UK.gov data sell-off row: HMRC denies claims it'll flog YOUR private info

vagabondo
Bronze badge
Holmes

Lets have a test run

@Mike Bell

HMRC could publish (to the public) the tax records of senior HMRC and Cabinet Office staff and politicians. They should use the same anonymyzing algorithm that they are propose for our data. If they think that there is nothing to worry about why not give us a real world demo?

16
0

BBC hacks – tweet the crap out of the news, cries tech-dazzled Trust

vagabondo
Bronze badge

personal data leaks

Every time a BBC presenter encourages/extols the use of "social media" by its listeners/viewers, there should be an accompanying data health warning. The Beeb is constantly "advertising" Google, Twitter, Facebook, etc. alongside reports of identity fraud, cyber-bullying, and so forth. Its like promoting "sports drinks" alongside healthy living and obesity/diabetes warning programmes.

8
0

Microsoft puffs up OneDrive, now with 1TB per head for biz users

vagabondo
Bronze badge
Coat

" integration with Office 365"

There's always a downside!

[with The GNU Bible in the pocket]

4
9

Top tip, power users – upgrading Ubuntu may knacker your Linux PC

vagabondo
Bronze badge

Re: No power users would use Ubuntu

But "power users" are newbie incompetents, who only think that they know stuff. The shiny, shiny new kids' distro-for-dummies was made especially to appeal to the ex-softie "power users".

4
0

US judge: Our digital search warrants apply ANYWHERE

vagabondo
Bronze badge
Coat

Re: "The judge's reasoning is based on an efficiency argument"

It would be even more efficient to dispense with evidence and the hassle of trials altogether. Why not use the DMCA reasoning, and just allow licenced organisations to decide on guilt and punishment. "Justice" Licences could be bid for and sold in much the same way as radio bandwidth.

17
0

Polymer droplets turn smartmobes into microscopes

vagabondo
Bronze badge

resolution

Resolution is the major problem, not magnification. You can get round the latter by using multiple lenses, but thed 4e latter is a show stopper if you are thinking of most medical microbiology and histopathology. The stated 4µm resolution would be useful for identifying plankton, plant fungal pathogens,mites and insects, but not cellular abnormalities. The bigger problem for field medical microscopy probably is not the microscope, but the preparation and staining of thin sections and smears.

3
1

Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia

vagabondo
Bronze badge

scaremongering

Although serious, this particular bug was only in the OpenSSL repository for a little over a year. So for appliances, such as managed routers only those designed in that time will be vulnerable. And how many of them will have port 443 open to the world. If vulnerable routers have been distributed by e.g. ISPs, they should know their customers, and be able to issue upgrade notices.

Few heavyweight servers will be affected as they tend to use long-term stable versions of crucial software. Machines that are kept at cutting edge or actively managed will have received security patches within a day or two of the disclosure/announcement.

There may be problems with some Android based phones if the vendors choose not to push updates.

We need some perspective here.

4
0

Did a date calculation bug just cost hard-up Co-op Bank £110m?

vagabondo
Bronze badge

Re: Not the programmers fault!!

> Too many companies roll out software without dry runs and offline testing.

Could this be related to the CIO's recent departure?

1
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

vagabondo
Bronze badge

Re: I am paying for OpenSSL, via my Red Hat subscription

And your Red Hat Enterprise Linux is not affected by this vulnerability.

If by Novell you meant Attachmate/SUSE, well the SLES and SLED distributions are also unaffected. Unless you have a Motorola phone, you have not paid Google for phone software. Your complaint should be directed to your phone supplier.

With FOSS you have the choice. Accept it for no charge "as is" and take responsibility for yourself, or purchase support/management and expect your supplier to act responsibly.

3
0
vagabondo
Bronze badge

Re: This explains it

Down vote for using an obfuscated link. Why would anyone want to click on a link without knowing where it would lead to?

Perhaps you meant:

http://xkcd.com/1354

Or perhaps not -- I am not following your link.

10
0

Linode raises Hourly Billing flag against Digital Ocean pirates

vagabondo
Bronze badge

Re: Information requested

It's so cheap with the hourly rate that you just sign up an try it -- if you make a mistake you have only lost pennies, and can destroy your instance and start again. It is quite clear how yo spin up and get an initial login. After that it depends on the image/distribution that you select.

I recently started using DigitalOcean. I couldn't discover which distributions were available until after signing up. (Ubunto, Fedora, Centos and Arch). Then you use the selected distro's own wiki and forums etc. for help and documentation. I normally administer openSuSE, and chose a minimal Arch. It took less than two hours to add a user, configure sshd, perform a system update, and add/delete packages and personal scripts to suit, then have a nameserver in production.

I did not find the DIgitalOcean community forums very useful, although the company documentation was clear and helpful. To try something out it is quick and cheap to fire up an new temporary machine to experiment with - that is what I did to find out how to update the kernel, and fine tune the netw configuration for a faster start-up to remote login time. I had never used Arch Linux, with its unique package management and configuration tools before.

0
0

Oracle smacks JD Edwards help site with cease and desist order

vagabondo
Bronze badge

Re: Ego wins out over common sense.

I worry about the future of VirtualBox.

2
0

Torvalds rails at Linux developer: 'I'm f*cking tired of your code'

vagabondo
Bronze badge

Re: my 2 cents

@Tom 13

"the kernel needs to protect itself from this kind of idiocy"

As has been explained elsewhere in these comments, there is no problem with the kernel. It worked just fine. It was systemd (before it eventually fixed this bug) that got itself into an infinite loop and failed to complete the system startup. Spewing out endless garbage to the kernel log was more of a symptom than the cause of the failure.

We used to use the Unix sysv init. This(sort of) loads a shell, mounts the root filesystem then uses a bunch of scripts to start the initial processes in the right order. The idea of systmd is that once it is running, you can just start and stop processes at will. Systemd is supposed to sort out process dependencies -- e.g. making sure that the network is up before starting ntpd or sshd. The strong promotion of systemd by Red Hat employees has meant that important/vital sub-systems, such as udev, have been rewritten to accomadate systemd. This has made it increasingly more onerous for distributions not to switch fron init to systemd. Either systemmmd will mature, and get developer tools and a workflow, such that it can be maintained without screwing other projects, or it will cause so much pain that it has to be replaced. In any case I hope something structurally less arcane can be introduced that fulfils the auto process dependency advantage of systemd.

2
0
vagabondo
Bronze badge

Re: where I can get a manual for English.

The usual reference for British English is Fowler's -- Dictionary of Modern English Usage.

I believe that in the US they prefer The Chicago Style Guide.

1
0

Nominet bins Optical Express' appeal against 'It ruined my life' website

vagabondo
Bronze badge

Re: A tad fishy...

Try a search for "optimaxruinedmylife" or (at least with DDG) even "optimaxruinedmylife.co.uk" and see what happens.

1
0

Page: