440 posts • joined 1 Aug 2008
(openSUSE 13.1 4GB RAM)
two windows -- 14 + 8 tabs
up 7 days 3hours
780 MiB used
one window 5 tabs
up 5 minutes
one window 5 tabs
up 5 minutes
Ghostery and AdBlock(Plus) all round. Firebug and Zotero for FF.
"fair dealing" -- @veti
w.r.t the putative DVD.
So if a sleeve note was added -- "This DVD is OK, but not worht paying for." -- does that make it a criticism/review, and therefore fair use?
Re: Quick way to check for infection -- @Stoneshop
Thanks for the correction.
print ("I must wake up before posting. I must not post rubbish!") x 100
Re: Quick way to check for infection
A traditional *nix server will have the locate utility. So:
:~> locate humans.txt
What century are these guys in?
"In the *nix world, autoupdate technologies aren't widely used,"
Maybe 30 years ago ( BSD, tapes, and 64kb Internet access), or even Linux 20 years ago. However a quick look at some old Linux admin manuals shows that by 2001 SuSE shipped with on-line-update as standard. The defaults were to run weekly and apply security patches. I cannot believe that most other *nix systems did not have their equivalents.
In that time the only update relate problems that I can recall were a Postfix configuration backed up and replaced with an updated default (spotted and fixed within the hour), and a few occasions where users had "cut and pasted" dodgy PHP that stopped working after an update.
It's really not hard to keep a Linux server tolerably secure. With any decent distribution that is the default, and it does not have a significant cost. You have to decide to do something (stupid) to introduce a meaningful insecurity.
I do not know much about the US system, but. I thought that patents were supposed to be written such that any competent practitioner could reproduce the invention. If patents were written clearly, without legalese obfuscation, then it would be harder to get a patent on general principles rather than genuine inventions, and any legal proceedings could be simpler, shorter, and less of a lawyers' gravy-train.
Why don't the patent examiners just throw patents back to be redrafted if the are unintelligible to any competent engineer. And if the patent offices grant rubbish patents (because they have been privatised, and are paid to grant patents with examination as a cost to be avoided), then judges should apply the tests for a patent's competence before allowing any related action to proceed further.
WinXP does/did. You had to enable "Remote Access/support" from the menu, and do the equivalent of adding the user to the "remote login" group. Has it been dropped? I don't have any MS products, and it's been a while since i needed to access one.
Re: What's new?
What's wrong with "rdesktop", with or without a GUI?
Re: Wow, if only there was a way to find out the answers to above questions
> Type ...
or alternatively you could have saved that brain cell a little, and just clicked on the link in the article. The word "here" in the fourth paragraph links to that very same page.
Re: lack of word-processing/office skills
You have to read the original linked article in the Independent. Apparently the BBC has a form to request permission for undercover reporting. It seems that the Panorama team needed this for their Tower Hamlets story. Instead of creating a new document using an "undercover-application.template", the "MRF-undercover-application.document" was copied from the MRF folder to the TowerHamlets folder, modified and sold saved as "TowerHamlets-undercover-application.document". A junior member of the Panorama team copied the TowerHamlets folder (containing the "MRF-undercover-application.document") to a USB stck and gave it to the Mayor of Tower Hamlets.
So apart from displaying poor security and Data Protection capability, there is also a lack of competency in using basic office software.
lack of word-processing/office skills
All the money that has been wasted on teaching "ICT" in this country and it is still the norm to copy and modify documents rather than use templates, style sheets, etc. The use of a template for the application form would have meant that there was minimal chance of needlessly copying unnecessary data.
If this is available to the "goodies"
then it is almost definitely available to the baddies. If the local cops have access to the average citizens mobile communications, I would be surprised if Big Crime was not monitoring state prosecutors, investigators, and other criminal organizations. Or is there already a defence against RCS, and its real use is to spy on the average citizen and politician?
Re: Prosecute the cops
"the fullest extent possible"
The devil is in the detail.
Could this be a case for a new breed of secret courts? Instead of keeping the accused and defence out, only the defence would have access to the evidence, charges, etc. The prosecution would be denied access in the interests of national, security, efficiency, respecting the needs of the establishment, etc.
Re: I'm more impressed...
Without a "telephone dial" how do you expect the data-entry operators to get their work done?
Fry is a Comedian
That's his job. Pontificating ad absurdum in order to create a snigger is what he does. We should expect no more and no less.
The horse-carriage or dray is biologically governed to a maximum speed of about 20 km/hour. Would the auto-automobile be similary restricted?
I suppose the annual vehicle test could be extended to include a "driving test" on a rolling road with simulated traffic, pedestrians, weather, etc. Would these vehicles be rated and restricted to classifications of road conditions (snow, ice. fog, motorway, etc.), load and speed? Presumably instead of a driving licence, some sort of an operators licence would be required.
Politicians as amateur educationalists
often aren't very successful meddlers.
Giving everyone a general understanding of what programming is, and how stuff works is a good thing. Much like expecting everyone to leave school capable of basic communication in two or three native languages would be desirable. But imagining that everyone could/should be competent beyond reading and writing simple scripts is as fanciful as expecting everyone to be able to produce good literature and poetry in several natural languages, or to be a competent surgeon.
Adam Smith had the right idea; we specialize in what we are good at. That way we get to be efficient/economical, and by swapping/trading the fruits of our labours life is easier for us all.
Re: List of software affected would be useful
This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client.
This is GPL, so (9unlike the Apache licensed openSSL TLS) it cannot be hidden inside a closed-source package. You would have to be using a Free browser, mail client etc. that uses libgnutls to be vulnerable. Your system's package manager tools should be able to tell you if the GNU tls library is loaded, what version, and what other software depends on it.
We manage a fleet of openSuSE servers and desktops. None of the servers has this library. Many of the desktops (openSuSE/KDE) do have libgnutls as a requirement of the library as a ffmpeg decoder package (from the third party Packman repositories) dependency, but I cannot determine whether the certificate verification function is ever called.
making the same mistakes
All programmers make these (i.e. programming) mistakes, irrespective of who they are working for. The difference is that Free software producers publish there code for inspection and correction. The proprietary software producers keep their mistakes hidden, and reserve the capability of correcting them; mostly the fixes only follow exploitation.
So if I was looking for 25 items, or concerned about future availability, I would probably order from your competitor who was showing 300 available for immediate despatch. I would probably be prepared to pay a small premium for the convenience of a single order.
Re: I used Chromium rather than Chrome
@Lost all faith
I think you meant SRware Iron. I just now installed from the rpm, copied ~/.config/google-chrome to ~/.config/chromium and everything worked, extensions and all settings. It's brilliant thanks for the heads up.
A partnership with Adobe
to implement one company's proprietary DRM is what is being objected to. There is not a call to ban Adobe from producing a plug-n/extension.
There are Adobe and Gnash swf plug-ins for Firefox, that do not require Mozilla to partner with Adobe. Why should this be different?
Re: I can see where the FSF is coming from
"Mozilla are going about resolving a difficult situation as best they can."
The problem I see is the level of collaboration with the not-to-be-trusted Adobe. Mozilla will be accepting some of the responsibility for implementing an intrinsically broken DRM schema. Hopefully the FSF and others will help sway Mozilla away from too close a relationship with the proprietary battalions. I also fear that this alliance strengthens the pro-DRM position within W3C etc.
I would be happier if Mozilla stopped at creating a good sandbox. Preferably this would be a container for all non-OSS extensions/plug-ins.
Those that want to use their system for entertainment, rather than work-only, could add the Adobe and other malware from a non-OSS repository, or download from untrustworthy sources. That would remove the implication of endorsement, and indicate "at your own risk", similar to the present situation with Adobe Flash and Reader.
Re: The proper way to handle DRM
" ... and Chrome had noscript/flashblock ..."
There is AdBlock, Ghostery, and NotScripts for Chrome. And it is not difficult to remove Google, Bing, Yahoo etc. from the search engines, and replace them with DuckDuckGo, StartPage/Ixquick, what-have-you. Of course that still leaves the big problem of closed source -- how far can you trust Google?
Re: Good on him...
" rubrics cube solvers"
I think those would be better tackled by Deep Thought (HGTTG) than the humble Beeb Micro.
register of interests?
It would be really useful if authors of this sort of article made the effort to include any possible conflicts of interest among the proponents.
Re: "pseudonymised data"
> Like "annonymised" but not really.
No, like not at all anonymised, but we hope you will mistake it for anonymised. I.e. please don't look too closely.
Re: Please share my medical details, far and wide.
> So for me, If I'm mangled in an accident
This has absolutely nothing to do with accessing your medical records for medical purposes. Almost everyone is OK with that. This is about giving your personal data to commercial organizations so that they can use it to sell you stuff, or refuse you health/life insurance, etc.
apples - oranges ?
Are you comparing the cost of a licences to use Microsoft software with the price of Red Hat support? Or have you factored in the cost of equivalent technical incident responses?
The real weak link
with e-mail is the refusal of major commercial smtp players to strictly implement the RFCs and best practice. If everyone configured their DNS records (A and PTR), HELO respnses, etc correctly and rejected rather than bouncing (to fraudulent From:/Reply to:), then it would be trivial to block botnets without getting grief for rejecting messages from Messagelabs/Symantec, Gmail/Postini, Microsoft/Hotmail, Schlund/1&1, and all those numpties that place a default/LAN configured MS Exchange server on the Internet.
The reason for the connivance of major players is probably that there is money to be made in spam filters.
And just what rôle does the BIOS code have once the boot loader is running?
PGP/GPG encrypted mail
The problem with this is that it takes two to tango. Unless you can persuade your correspondent to send (a link to) their public key and provide a fingerprint, it doesn't work.
My experience over the last 15 years has been that other parties (including RBS and Pinsent Masons) absolutely insist on sending sensitive documents via unencrypted email. Most senior managers just laugh at requests to enable secure mail because "if it mattered why doesn't anyone else do it?"
Re: Apparently storing data outside the US doesn't help either
El Reg reported this story earlier and with better comments:
Diligent organisations would be leery of exposing their or their clients data to US hosting or "the cloud". But I doubt that has as much to do with the Snowden reports apart from a general awareness of the leakiness of "big data". Of course Snowden and Manning demonstrate the leakiness of data that has mass access.
Uncontrolled access to large amalgamated personal datasets by NHS, Police, Local Government, Parking company, etc. staff represent a more difficult problem for the populus to worry about.
Re: Around the UK
I was recently asked to take part in a NHS/University research program. Their idea of anonymised meant removing my name and address, but including the full postcode and date of birth. Data does not have to be very big to de-anonymise that.
Lets have a test run
HMRC could publish (to the public) the tax records of senior HMRC and Cabinet Office staff and politicians. They should use the same anonymyzing algorithm that they are propose for our data. If they think that there is nothing to worry about why not give us a real world demo?
personal data leaks
Every time a BBC presenter encourages/extols the use of "social media" by its listeners/viewers, there should be an accompanying data health warning. The Beeb is constantly "advertising" Google, Twitter, Facebook, etc. alongside reports of identity fraud, cyber-bullying, and so forth. Its like promoting "sports drinks" alongside healthy living and obesity/diabetes warning programmes.
" integration with Office 365"
There's always a downside!
[with The GNU Bible in the pocket]
Re: No power users would use Ubuntu
But "power users" are newbie incompetents, who only think that they know stuff. The shiny, shiny new kids' distro-for-dummies was made especially to appeal to the ex-softie "power users".
Re: "The judge's reasoning is based on an efficiency argument"
It would be even more efficient to dispense with evidence and the hassle of trials altogether. Why not use the DMCA reasoning, and just allow licenced organisations to decide on guilt and punishment. "Justice" Licences could be bid for and sold in much the same way as radio bandwidth.
Resolution is the major problem, not magnification. You can get round the latter by using multiple lenses, but thed 4e latter is a show stopper if you are thinking of most medical microbiology and histopathology. The stated 4µm resolution would be useful for identifying plankton, plant fungal pathogens,mites and insects, but not cellular abnormalities. The bigger problem for field medical microscopy probably is not the microscope, but the preparation and staining of thin sections and smears.
Although serious, this particular bug was only in the OpenSSL repository for a little over a year. So for appliances, such as managed routers only those designed in that time will be vulnerable. And how many of them will have port 443 open to the world. If vulnerable routers have been distributed by e.g. ISPs, they should know their customers, and be able to issue upgrade notices.
Few heavyweight servers will be affected as they tend to use long-term stable versions of crucial software. Machines that are kept at cutting edge or actively managed will have received security patches within a day or two of the disclosure/announcement.
There may be problems with some Android based phones if the vendors choose not to push updates.
We need some perspective here.
Re: Not the programmers fault!!
> Too many companies roll out software without dry runs and offline testing.
Could this be related to the CIO's recent departure?
Re: I am paying for OpenSSL, via my Red Hat subscription
And your Red Hat Enterprise Linux is not affected by this vulnerability.
If by Novell you meant Attachmate/SUSE, well the SLES and SLED distributions are also unaffected. Unless you have a Motorola phone, you have not paid Google for phone software. Your complaint should be directed to your phone supplier.
With FOSS you have the choice. Accept it for no charge "as is" and take responsibility for yourself, or purchase support/management and expect your supplier to act responsibly.
Re: Information requested
It's so cheap with the hourly rate that you just sign up an try it -- if you make a mistake you have only lost pennies, and can destroy your instance and start again. It is quite clear how yo spin up and get an initial login. After that it depends on the image/distribution that you select.
I recently started using DigitalOcean. I couldn't discover which distributions were available until after signing up. (Ubunto, Fedora, Centos and Arch). Then you use the selected distro's own wiki and forums etc. for help and documentation. I normally administer openSuSE, and chose a minimal Arch. It took less than two hours to add a user, configure sshd, perform a system update, and add/delete packages and personal scripts to suit, then have a nameserver in production.
I did not find the DIgitalOcean community forums very useful, although the company documentation was clear and helpful. To try something out it is quick and cheap to fire up an new temporary machine to experiment with - that is what I did to find out how to update the kernel, and fine tune the netw configuration for a faster start-up to remote login time. I had never used Arch Linux, with its unique package management and configuration tools before.
Re: Ego wins out over common sense.
I worry about the future of VirtualBox.
Re: my 2 cents
"the kernel needs to protect itself from this kind of idiocy"
As has been explained elsewhere in these comments, there is no problem with the kernel. It worked just fine. It was systemd (before it eventually fixed this bug) that got itself into an infinite loop and failed to complete the system startup. Spewing out endless garbage to the kernel log was more of a symptom than the cause of the failure.
We used to use the Unix sysv init. This(sort of) loads a shell, mounts the root filesystem then uses a bunch of scripts to start the initial processes in the right order. The idea of systmd is that once it is running, you can just start and stop processes at will. Systemd is supposed to sort out process dependencies -- e.g. making sure that the network is up before starting ntpd or sshd. The strong promotion of systemd by Red Hat employees has meant that important/vital sub-systems, such as udev, have been rewritten to accomadate systemd. This has made it increasingly more onerous for distributions not to switch fron init to systemd. Either systemmmd will mature, and get developer tools and a workflow, such that it can be maintained without screwing other projects, or it will cause so much pain that it has to be replaced. In any case I hope something structurally less arcane can be introduced that fulfils the auto process dependency advantage of systemd.
- DINO-SLAYER asteroid SAUR-O-CIDE was terrible bad luck, say boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it