* Posts by Destroy All Monsters

11505 posts • joined 3 Jun 2008

NSPCC: Two nonces nailed by cops every day

Destroy All Monsters
Silver badge
WTF?

"This is an alarming study" said Claire Lilley

Because it is so bad?

"The prime minister made a bold move in announcing a host of initiatives to tackle this problem"

Rank activism for pushbutton issues? A bold move? Oh no, this is something else entirely, we swear!

2
0

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

Destroy All Monsters
Silver badge
Devil

Re: A simple temporary fix or am I missing something here?

wodim and cdrdao

setuid root

I love the whiff of dangerous failure in the afternoon.

0
0
Destroy All Monsters
Silver badge
Paris Hilton

Re: *nix

I really hate that "*nix" nonsense. If you mean Unix then say Unix. If you don't then say what you really mean.

But it's an old tradition dating back to the 80s. Because UNIX is the original AT&T stuff(1). See also: Unix-like

Better deal with, dude.

(1) UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd.

7
1
Destroy All Monsters
Silver badge
FAIL

Re: It's not just the system design...

Yep, go deal with your own problems and good riddance.

2
2
Destroy All Monsters
Silver badge
Big Brother

Re: Congratulations on repeating exploits before they can be fixed

You shouldn't be able to edit or replace sudoers unless you're root and edit the file with the correct user.

Should we pass a law against that?

3
0
Destroy All Monsters
Silver badge
Holmes

Re: The real culprit

This all sounds somewhat like the original example given for the Confused Deputy Problem.

Maybe someone can comment about whether SELinux capabilities would be good safety net against such mishaps.

3
0
Destroy All Monsters
Silver badge
Holmes

Re: The real culprit

Is the deliberately holed *nix security model. Once again a SUID/setuid utility strikes.

You are very confused and clearly don't understand where the problem lies: it comes from the fact that an admin program (in this case, the newgrp) changes it behaviour (here, indirectly) based on input from a dubious low-privilege source (here, an environment variable).

This can happen in any system in which the user from time to time needs to have the system perform an operation with privileges that are higher than he has himself.

Which happen to be all of them. Even the bureaucratic ones.

This is also why setuid programs should always scrub their environment before they perform their operation.

21
4

OpenSSH server open to almost unlimited password-guessing bug

Destroy All Monsters
Silver badge
Paris Hilton

Because that's what a VPN actually is?

"Hey Dawg, we heard you like VPNs, so we put a VPN into your VPN so you can tunnel while you tunnel"

7
1

Intelsat to FCC: For the love of satellites, STOP ELON MUSK!

Destroy All Monsters
Silver badge

Hmmm...

"A bag of white fluffy cats and a box full of vials marked "biohazard" for a Mr. Musk?"

"Yes?"

"Please sign here."

3
1

PEAK PLUTO: Stunning mountain ridge snapped by New Horizons craft

Destroy All Monsters
Silver badge
Alien

Re: Cryovulcanism

Yep, GIGANTIC, CHTONIC AND CURIOUSLY GEOMETRIC GEOLOGICAL FORMATIONS CONFUSINGLY SEEN BY THE WANING LIGHT OF A SETTING SUN WHILE WE SPEED BY?

TEKELI-LI, I SAY!

1
0

Security tool bod's hell: People think I wrote code for Hacking Team!

Destroy All Monsters
Silver badge

Re: if they used GPL code in their products...

...only if they are used towards customers. There is no requirement to open-source code used in-house only.

2
0
Destroy All Monsters
Silver badge
Thumb Down

Re: Easy...

I grant this licence under GPL [whatever version], but

FALSE derived from premises. End of line.

7
1
Destroy All Monsters
Silver badge
Holmes

Re: not possible

Downvoted for stating facts? This is El Reg comment section.

by definition

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

There may be a "non-snooping source license" but it WILL NOT be "open".

7
0

The roots go deep: Kill Adobe Flash, kill it everywhere, bod says

Destroy All Monsters
Silver badge

Re: Flash Bang Wallop What a Picture!

allowing a program in a VM to escape to the hypervisor

These may very well not exist because the isolation of the hypervisor is easier to verify, and can possibly be verified formally.

0
0
Destroy All Monsters
Silver badge

Re: Flash Bang Wallop What a Picture!

Because sandboxes don't offer up much protection, especially when it by necessity has to interact with the system.

It depends on the sandbox...

In-program permission verification on legacy system with all the warts < Virtual machine < Another machine < Another universe

But flash should simply be ported to Java.

Then there would be only one problem.

2
0
Destroy All Monsters
Silver badge

Re: The real question is...

Wanna make a bet?

2
0
Destroy All Monsters
Silver badge

Ahhhh ... echos of A.K. Dewdney's "Computer Recreations"....

Clark recalls that Animal was such a popular game that eventually every directory in the company system contained a copy. "Furthermore, as employees of the company were transferred to other divisions...they took Animal as well, and thus it spread from machine to machine within the company." The situation would never have become serious had it not been for the fact that all those copies of this otherwise innocuous game began to clog the disk memory. Only when someone devised a more "virulent" version of the game was the situation brought under control. When the new version of Animal was played, it copied itself into other directories not once but twice. Given enough time, it was thought, this program would eventaully overwrite all the old versions of Animal. After a year had passed, a certain date triggered each copy of the new Animal program. "Instead of replicating itself twice whenever it was invoked, it now played one final game, wished the user 'goodbye' and then deleted itself. And thus Animal was purged from the system."

2
0
Destroy All Monsters
Silver badge
Big Brother

Your DailyKos message

I see the same names cropping up again and again in articles condemning it as a bug ridden pile of hurt.

IT'S A VAST RIGHT-WING CONSPIRACY!

FLASH IS ACTUALLY GOOD FOR YOU!! KEEP IT TO WATCH MOVIES!!!!

THE TRUTH SHALL PREVAIL!!!+!

8
4

Windows 10 Edge: Standards kinda suck yet better than Chrome?

Destroy All Monsters
Silver badge

Re: -webkit- prefixes in Edge

Here, everything from war in the Middle East to a slightly uncomfortable bowel movement is viewed as MS's fault and grounds for a move to linux.

AND IT'S TRUE!

0
2

Beaten blokes HATE the women who frag them in online games

Destroy All Monsters
Silver badge
Holmes

Hardcoded behaviour not going away anytime soon!

“We suggest that low-status males increase female-directed hostility to minimise the loss of status as a consequence of hierarchical reconfiguration resulting from the entrance of a woman into the competitive arena”.

Imma putting on my wifebeater.

In other news at 11: women prefer pink and hate symbolic computation.

3
0

Cisco re-orgs marketing to hide the brand, EMPTY YOUR WALLET

Destroy All Monsters
Silver badge
Flame

Will backfire spectacularly

I. for one, get utterly enraged at being forced to buy.

2
0

Robot surgeons kill 144 patients, hurt 1,391, malfunction 8,061 times

Destroy All Monsters
Silver badge
Holmes

This sounds pretty good to me!

And these are not autonomous robots / autodocs. They are remote manipulators.

2
0

SpaceX's blast shock delays world's MOST POWERFUL ROCKET

Destroy All Monsters
Silver badge

Re: SpaceX Management is to blame, not a broken strut.

Hmmmmmmm... did I hear an O-Ring burst?

7
0

Cops baffled by 'canal corpse' that turned out to be COCONUTS

Destroy All Monsters
Silver badge

Re: Hold your horses

Hollywood tells us that "investigating" such things is fraught with deadly danger...

CHOMP!

0
0

Dumb MongoDB admins spew 600 TERABYTES of unauthenticated data

Destroy All Monsters
Silver badge

Re: нет!

Dude, I don't think people who want to run MongoDB would consider PostgreSQL a solution.

> both worlds

What two worlds are those?

2
1
Destroy All Monsters
Silver badge
Paris Hilton

нет!

Most exposed instances run on cloud servers including Digital Ocean, Amazon, Linode, and OVH and do so without authorisation enabled, in what Matherly says is a trend in which cloud instances are more vulnerable than datacenter hosting.

I don't know about the others but at Amazon you have to explicitly punch holes into the Internet-facing packetfilter (which is separate from any packetfilter that may be active on the VM) to let through traffic, and why would anyone do that?

2
0

Microsoft: Hey, you. Done patching Windows this month? WRONG

Destroy All Monsters
Silver badge
Thumb Down

Re: Kernel mode fonts

You have really no idea of what it takes to render complex vector fonts for professional output.

Go crawl back under a rock and cuddle your professional output, idiot.

16
0
Destroy All Monsters
Silver badge
Facepalm

Re: huh?

Try to scroll a complex documents with lots of text in different fonts, antialiasing, kerning, etc., and some complex graphics, and try to render it smoothly while the user scrolls or zooms it...

"But... but ... MUH OPTIMIZATIONS! I can't do it! HERP! DERP!"

I agree the situation would be completely hopeless if practically the whole company consisted of low-grade fakers unable to even understand how this "Operating System" that they are supposed to own even works. Well thought-out optimizations and proper architecture would be right out and it everybody would think it be a good idea to shit all over everything and do insecure stuff where it shouldn't be done.

As I suppose this is not the case at MS, some other factor must have been very important.

5
0
Destroy All Monsters
Silver badge
Paris Hilton

Re: Adobe crapware again?

Just take the time to look at how font rendering works, and how a graphic card works, and maybe you'll understand why. And you'll also learn why most Linux desktops and windows managers are pure crap.

Troll or 15-year old who has just discovered fanboism?

22
0

Dwarfworld PLUTO may not have a real DOG on it - but it does have a TAIL

Destroy All Monsters
Silver badge
Trollface

Re: I wonder .....

We're Jews out in space

We're zooming along

protecting the Hebrew race

We're Jews out in space

If trouble appears

we put it right back in its place

When goyim attack us

We give 'em a smack

we'll slap them right back in the face

We're Jews out in space

We're zooming along

protecting the Hebrew race

0
0

The Ruskies are coming for you, NSA director tells City bankers

Destroy All Monsters
Silver badge
Holmes

Ah ahahaha!

So it is a race against time for COMRADERIE and GLORY for the Russians as "Wall Street" and "The City" could messily implode at any moment, with problems ranging from shitty software written by overpaid web developers, dangerous feedback loops everywhere, addiction to free money injections directly from the printing press, valuations with no relation to the economic fundamentals and debt abysses never seen before.

and about this....

And that gets to the real truth about the Wall Street bubblies which were flowing last Friday. Morgan Stanley’s chief equity strategist, like the rest of the sell-side stock peddlers, has it exactly upside down; and the proof of the pudding in this instance lies is in Morgan Stanley’s own “New Tech” index of 16 high flyers of the present era.

This charmed circle includes Google, Amazon, Baidu, Facebook, Saleforce.com, Netflix, Pandora, Tesla, LinkedIn, ServiceNow, Splunk, Workday, Ylep, Priceline, QLIK Technologies and Yandex. Taken altogether, their market cap clocked in at $1.3 trillion on Friday. That compares to just $21 billion of LTM net income for the entire index combined.

The talking heads, of course, would urge not to be troubled. After all, what’s a 61X trailing PE among today’s leading tech growth companies?

As it happens, quite a bit. When you take GOOG’s middle-aged profits machine out of the mix, you get something altogether more frisky. Namely, a collective market cap of $840 billion for the other 15 names in the Morgan Stanley index and LTM net income of exactly $6.0 billion.

As we said at the top—-let’s see. That’s a PE multiple of 140X. That’s February 2000 all over again.

Take cover. The Wall Street bubblies are back!

I reckon the Russians will lose.

0
0

Russian billionaire: GET me the ALIENS ON THE PHONE. Do it NOW

Destroy All Monsters
Silver badge
Alien

The odds of finding signal are about on the level of finding intelligent commentary on YouTube.

But then again, the result of Alien Google, the Self-Driving Ad-Slinging Galacto-AI, or even the Galactic Lads from Lagos might ready to talk, who knows.

Time to re-read either "His Master's Voice" (Stanislaw Lem), "Missile Gap" (Charles Stross), "Contact" (Carl Sagan), also "Hinterlands" (William Gibson).

1
0

Ashley Madison hack: Site for people who can't be trusted can't be trusted

Destroy All Monsters
Silver badge
Windows

Yeah, from 1933 .... when Hitler was no more repellent than any other machist leader (like Hillary Clinton for example), Roosevelt admired and tried to learn from Mussolini (hence, the "New Deal" - command econonomy, hurrah!) and Stalin was big everywhere crazies hoped for the proletarian revolution....

13
3
Destroy All Monsters
Silver badge
Gimp

"including users' sexual fantasies"

Luckily it's not religious/political/management fantasies, or there would be trouble.

0
0

North Korea's Red Star Linux inserts sneaky serial content tracker

Destroy All Monsters
Silver badge

Re: Downside

The "general firing" was apparently not confirmed.

involuntarily supporting some dictatorship

Better than voluntarily supporting some dictatorship, or enabling ISIS for "regime change", hmmmmm?

1
1
Destroy All Monsters
Silver badge

Re: "When analysing the OS ..."

More likely the kernel is considered as tainted by the closed source module.

1
0
Destroy All Monsters
Silver badge
Paris Hilton

"opprc" = "oppress PRC"?

4
0

Microsoft attaches Xbox stream bait to Windows 10 hook

Destroy All Monsters
Silver badge
Trollface

Re: Who will upgrade to ... RAISE THE CONFEDERATE FLAG!

reinforcing each others hatred

Casting doubt on Windows 10 is now RACISM?

Yes, I am expecting Articles Of Major Disapproval on liberal websites soon. Then we will probably be grouped together with libertarians for wage slavery or something.

0
1
Destroy All Monsters
Silver badge
Alien

Microsoft's usual difficulty of keeping business and consumer segments apart.

...firmly in the "consumer segment", then, this Operating System resides?

Interest not kindled, it is.

19
4

Microsoft to spoofed Skype users: Change your account passwords NOW

Destroy All Monsters
Silver badge
Facepalm

Those tweets...

They make me lock and load my trusty blunderbuss.

4
0

Facebook's React Native is exciting devs. Or is it, really?

Destroy All Monsters
Silver badge
Mushroom

Re: "Winning the web is the whole darn world.”

Well, at least I now have heard about the MEAN stack: MongoDB, Express.js, AngularJS and Node.js. The mind boggles. What the fuck is that shit and how is it of any use to anybody?

Converting to the MEAN stack gives your development team a number of benefits, the three most significant being a single language from top to bottom, flexibility in deployment platform, and enhanced speed in data retrieval.

More like barely able coders falling over themselves, unable to get any meaningful work done while the applications blow up left and right.

2
0
Destroy All Monsters
Silver badge

Re: Off topic comment here

Unless the crash comes, which won't be long.

1
0

Happy NukeDay to you! 70 years in the shadow of the bomb post-Trinity

Destroy All Monsters
Silver badge

Re: No mention of the neutron bomb?

Putin destabilising and trying to establish puppet governments

The worst thing is that this is not even the case.

Meanwhile, Kiev's chocolate king oligarch has nazi troopers and tourist islamists trying to cause serious trouble. Europe still has a few yearsdecades of fun times ahead.

0
0
Destroy All Monsters
Silver badge

"Hmmm... this software has bugs"

0
0
Destroy All Monsters
Silver badge
Mushroom

Re: What worries me...

Are they still in their silos, rotting? Are any missing and if so, where did they go?

Really, it's a mess...

Who are the nuclear scofflaws

Given all the frothing by hawkish U.S. Senators about Iran’s possible development of nuclear weapons, one might think that Iran was violating the nuclear Non-Proliferation Treaty (NPT).

But it’s not. The NPT, signed by 190 nations and in effect since 1970, is a treaty in which the non-nuclear nations agreed to forgo developing nuclear weapons and the nuclear nations agreed to divest themselves of their nuclear weapons. It also granted nations the right to develop peaceful nuclear power. The current negotiations in which Iran is engaged with other nations are merely designed to guarantee that Iran, which signed the NPT, does not cross the line from developing nuclear power to developing nuclear weapons.

Nine nations, however, have flouted the NPT by either developing nuclear weapons since the treaty went into effect or failing to honor the commitment to disarm. These nine scofflaws and their nuclear arsenals are Russia (7,500 nuclear warheads), the United States (7,100 nuclear warheads), France (300 nuclear warheads), China (250 nuclear warheads), Britain (215 nuclear warheads), Pakistan (100-120 nuclear warheads), India (90-110 nuclear warheads), Israel (80 nuclear warheads), and North Korea (10 nuclear warheads).

Nor are the nuclear powers likely to be in compliance with the NPT any time soon. The Indian and Pakistani governments are engaged in a rapid nuclear weapons buildup, while the British government is contemplating the development of a new, more advanced nuclear weapons system. Although, in recent decades, the US and Russian governments did reduce their nuclear arsenals substantially, that process has come to a halt in recent years, as relations have soured between the two nations. Indeed, both countries are currently engaged in a new, extremely dangerous nuclear arms race. The US government has committed itself to spending $1 trillion to “modernize” its nuclear facilities and build new nuclear weapons. For its part, the Russian government is investing heavily in the upgrading of its nuclear warheads and the development of new delivery systems, such as nuclear missiles and nuclear submarines.

1
0

Intel TOCK BLOCK: 10nm Cannonlake delayed to 2017, bonus 14nm Kaby Lake to '16

Destroy All Monsters
Silver badge

JIT compiler

More like an interpreter.

Warren Abstract Machine in hardware when?

0
0
Destroy All Monsters
Silver badge

Is it even economically feasible to reach 7nm?

0
0

Hackers invade systems holding medical files on 4.5 million Cali patients

Destroy All Monsters
Silver badge

Re: Calling California "Cali" ...

Yeah, but calling it "Socialist Republic of California" is just too long.

2
1

Forums