Posts by vagabondo

Re: Just "193 Atomic Functions"?

I do not think that they are talking about database transactions here.

From the article:

"All of the operational roles performed within the London Area Control have a unique identifier known as an Atomic Function".

Together with th mention of "signing off" and unused station, I understtod that "active Atomic Functions" was related to the number of ATCs logged in. Other information about operator mis-keying while logging out might point to a poorly programmed log-out sequence that permits the operator to be apparently logged out without releasinf their "Atomic Function" token.

Just my guess.

Re: bbc.co.uk

Chromium + Pepper-flash + AdBlock + Ghostery + ScriptBlock

Works for me with iPlayer and STVplayer, etc.

sour grapes ?

I suspect that this is realy partof Wikileaks PR, just reminding/bringing the wider world's attention to the inherent insecurity of "free" communications services. The story has been widely published, and maybe prodded some non-techies to think about the advisability of secure comms.

Re: Ad networks? On healthcare.gov?

It's not much worsethan the NHS exhorting their patients to use Facebook and Twitter. My current bête noir is the NHS giving my phone number to a telephone sales company on the pretext of outsourcing appointment reminders. I'm afraid that monetization and insecure data harvesting is ingrained in all branches of what should be public service.

301 redirect...

But. That is a server-side "solution". It does not protec the client from a malicious web-site. This "super cookie" problem requires a client-side solution.

If this was a cookie, it should only be readable by the server that set it. However this flag seems to be readable by any contactedserver. This looks like a flaw in either the protocolor its implementation.

Surely the first/routine port of call is to apply the security patches. Version upgrades are primarily to add new features.

This article's failure to understand how security issues are routinely addressed in the OSS world leads me to doubt its usefulness about anything. Is it really about selling W3 Tech's products?

Re: Hang on

But once you have paid and left the store the article is yours It is then up to the supermarket to sort out the problem with the price gun. In this instance the retailer has outsourced pricing to RepricerExpress and the shelf-stacking and checkout to Amazon.. Once the goodsare paid for and despatched, the retailer should be looking at their business model, especially w.r.t. price management.

Why does any algorithm allow the selling price to be less than the purchase price withoiut oversight?

Re: GNU

@Trevor

Just keep reciting "Lennhart is mortal". The universe is eternal (relatively) and resilient. One day both systemd a nd pulse-audio will succumb to "The Unix Way" as proclaimed by those eternal heros -- Ken Thompson and Dennis Ritchie.

Herr Poettering is just Red Hats version of Novell's Miguel de Icaza. Eventually his ideas will also be spewed out and carefully stepped around. Anyway how old is he? He can't survive much longer than me, the future is safe from both of us.

Re: zzzzz, Virtuozzo did this many years ago

... and on Linux FreeVSD preceded Virtuozzo. Container-type technology has been in development since chroot (change root) in pre-BSD Unix in the 1970s, so precedes Solaris, Microsoft, FreeBSD and Linux.

Re: The problem is...

"Ok, critical web server with CGI+bash vulnerability I can understand..."

Can someone please explain a scenario where a production web server would need CGI plus any shell? I just cannot envision the need for a web server to run under an account with a login or shell, or for a CGI program to have to call a shell. If admins need a CLI shell for maintenance then the shell could be made executable only by the "wheel" group or equivalent (maybe "users" on a shared hosting platform, but certainly not mysql, wwwrun, etc.).

Re: Fortune 1000 overlords SHELLSHOCKED into Bash patch batch

"you really don't want to get notified every time one of packages that's installed "

That's not the point. We keep all of our critical systems on stable, long-term tested software versions, except we apply security patches automatically within 24 hours of their release. These are normally backports, and do not push our software to the latest packages. This is a standard feature of serious distributions and is trivial to implement. The risk of a security patch tacking a system down is trivial compared to the potential consequences of leaving a known vulnerability open.

Re: Oh $!#t.

"So we all OSX users are screwed?"

Depends. A security patch may have been applied without upgrading the bash version. I do not use OSX, so do not know how their security patch policy works.

On my systems (openSUSE):

$ env x='() { :;}; echo "vulnerable"' bash -c 'echo "hello"'

-- sorry about the extra line-feeds added by El Reg.

and

$ env x='() { :;}; echo "vulnerable"' bash -c 'echo "hello"'

Re: wtf

"It's also known as a Lorne sausage and it's crap."

If you buy it from places like Iceland, I expect it is crap. But some butchers that make their own get it right. A butcher in Dunoon used to have a really good square sausage reputation -- it had to be ordered in advance (1960s).

Re: Cash vs Principles

Those are very good points. But. Google is big business. Big business does not pay tax, so the effect of tax-offsetting is moot.

The CEO of the Weir Group said on Radio Scotland that a possible reduction in corporation tax post a yes vote would be of no interest, as only 5% of corporations paid basic taxes. He was more interested in the benefits that come from Westminster. He, along with the head of the Wood Group (also trying to persuade us to vote no) seemed more interested in getting hold of fracking licences than any taxation issues.

Re: Congratulations you work in IT.

@Hargrove

I am sure that anyone that has used a web interface to configure their router is sufficiently "expert" to use the same interface to install a firmware upgrade, if one was provided. I do not expect the average user produce their own.

"I'm not sure that Netis is alone in having this vulnerability."

These stories are a regular feature here. They are not confined to the low cost devices either.

Re: So, what are FOSS e-mail client /server options?

Did a US judge not recently rule that MS locating servers in Europe would not protect them from data-mining by US officials without needing a court warrant? This provides difficulties using US owned cloud services for organizations that want to comply with data protection laws, or just wanting some privacy.

There also seems to be a problem with data availability for Office 365 users. See frequent El Reg reports, including another one today.

Re: Arbeitsbeschaffungsmassnahme fur NEETs

No, this "research" is by a marketing company providing material suitable for a press release aimed at technical illiterate "journalists" to punt to the Stephen Fry type of advertisee.

They were relating the subjects on their awareness of electronic media products. No awareness of what was being sold, or the "payment" being extracted was required.

[Instad of a "Think of the Children" we need an "Exploit the Children" icon.]

Re: Doom for US tech companies

@Chemist

"Then if he/she didn't post as AC he/she would be able to put a "Joke" icon!"

But I thought posting as AC was part of the joke! After all it was a response to Trevor's justified rant against the AC MS shill. The problem with AC posts is that we never know how many or who they are.

Re: Irrelevant?

Ditto

(openSUSE 13.1 4GB RAM)

Firefox 30.0

two windows -- 14 + 8 tabs

up 7 days 3hours

780 MiB used

Iron/Chromium 34

one window 5 tabs

up 5 minutes

550 MiB

Chrome 35

Iron/Chromium 34

one window 5 tabs

up 5 minutes

580 MiB

Ghostery and AdBlock(Plus) all round. Firebug and Zotero for FF.

"fair dealing" -- @veti

w.r.t the putative DVD.

So if a sleeve note was added -- "This DVD is OK, but not worht paying for." -- does that make it a criticism/review, and therefore fair use?

.