Re: Life's hard choices
Speaking for myself, I don't see anything wrong with millions of Apple users waking up to a zero bank balance... they're used to Apple robbing them blind anyway so this can only be a minor incremental pain.
58 posts • joined 30 Aug 2008
Speaking for myself, I don't see anything wrong with millions of Apple users waking up to a zero bank balance... they're used to Apple robbing them blind anyway so this can only be a minor incremental pain.
(I know you didn't ask me, but still...)
I have a simple strategy that consists of actually reviewing the files that my incremental backup program reports as having changed. (The backup program itself is "borgbackup" -- awesome stuff; look it up. Unix only though).
A modification of this could be to keep a trend of number of files in each top level directory that are changed per day, and if something unusual happens, alert someone.
An even simpler way that often works (for single desktops) is to count how many files changed today, and alert if it is at least 1.5X larger than the maximum number of files changed in the last N days (adjust N to taste). The alert should list the actual files that were changed so someone can quickly determine if there was a problem or "oh yeah those files, we know what all those changes are".
The assumption is that the malware (if any) has not borked my borgbackup software to produce false reports of what it is seeing. I suppose in theory that could happen with a more popular backup tool so YMMV.
I think he meant "as opposed to Lenovo installing it themselves". Probably referring to the so-called "free" apps that come with a laptop which caused some consternation recently (if something affects only Windows, I tend to not remember details).
watch especially 05:19 to 06:52, then 07:45 to 11:30
heck watch the whole thing; Moxie is a very clear, articulate, speaker with a great sense of humour *and* knows his shit
you MUST use windows, and a government proprietary activex control, in order to do any online banking etc.? (I'm sure I heard something like that a few years ago, maybe someone can correct me).
Stopped using FF for all but one or two fussy sites after the Pocket nonsense got in.
Qupzilla -- yeah I know, what a name! -- works great. It also has some serendipitous extras for me. For example, if I have many tabs from the same site, and I want to enable JS on one of them, in FF+NoScript, this touches ALL the tabs and they all start reloading. In Qupzilla it's only that tab.
Now if it could only do that for cookies also, that would be grrrreat!
I hate that POS. I especially hate their attitude to users, and the fact that you can never actually get used to something nice because they're likely to simply take it away next time.
as soon as you lot apologise for Gen Dwyer's https://en.wikipedia.org/wiki/Jallianwala_Bagh_massacre
Don't bring up such old stuff. It was very one-sided in many ways.
AC: your question is "Surely if you can inject a 301 in the response, you can manipulate the rest of the response anyway?"
Sure, but a 301 makes it permanent. Your MITM may be temporary, but you are making a permanent change to the app now.
Happy Ranter: regardless of what their motivations are, the fact is that an *app* (as opposed to a real browser, even on a mobile device) does not have a URL bar, so the minimum protection we normally have when we get a 301 -- the fact that we can *see* the new URL in the bar -- does not exist here.
That is the issue, I think.
...who have refused to touch facebook (and in my case have even forbidden my daughter from having an FB account) because of the "everyone in one bucket" problem.
We don't have to be doing anything bad/criminal/shameful/naughty to want to segregate our social networks. Compromises like "don't invite your mum" or "don't invite colleagues as friends" are signs that you're letting a technology FAIL drive your social network. And making excuses for the failed tech too.
So much for the value you place on this medium I suppose.
(Oh and I have been told that FB does have such a feature but it is such a badly done, hard to use, bolt-on that it may as well not be there. Clearly if an FB fanboi like you did not mention "we have it too" it must be well hidden indeed so whoever told me this was correct!)
I have helped people (on request) to set privacy settings properly on FB and have come away appalled. Last such experience was about 6 months ago.
I now have sent a G+ invite to my daughter (yes the same one who can't have an FB account!), because I looked at the settings and they make sense. She will still have to exercise caution in what she says to whom but that's life. I'll watch what she does for a few weeks but by and large I'm OK with this.
Yes I'll still watch Google's policies closely but I doubt they'll ever do the amazing amount of facepalm statements and actions that Zuckerburg/FB managed to do over the last few months/years. Nor will they, after the Buzz debacle, take this issue lightly either...
Domain Internet Groper? Are you sure that's what "dig" stands for?
your redhat comparision fails -- you realised it fails but you did not explain why.
Two words. Copyright assignment.
It's not the decision to sell that caused all this. It's the decision to have mandatory copyright assignment. Which allowed them to change the *client* libraries from LGPL to GPL for instance.
Tell me how that helps FOSS in any way, forcing the MySQL client libraries to be GPL? That was pure greed.
Now it's biting them, and they're running around crying about it...
this post just about made my day/week/month.
I've always considered Windows to be the biggest piece of malware floating around, and MS to be of questionable legality in various aspects (and not just the anti-trust stuff), so it's nice to know they're inspiring "the next generation" so to speak...
just run "dig +trace www.tcs.com"
If you're piggy-backing on someone else's DNS, like your ISP or openDNS or the chocolate factory, and you get a different answer than 220.127.116.11, you know what to do.
But actually, if you aren't running your own DNS, and didn't flush your caches as soon as you heard this, you shouldn't even be commenting on the issue.
"still see the bad page" ==> **reporting** on the issue
"fix had not taken" ==> **commenting** on the issue
[Same disclaimer applies as in previous comment]
please guys, I expected better from you lot...
[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]
tcs.com was NOT hacked yesterday. What did happen was that the DNS records that supply the IP were reset to some other IP.
Whether that was done by actually hacking netsol or by social engineering a valid change request I do not know.
I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.
I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask, heh heh!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].
In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it "come back" at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.
At this point in time I am still receiving reports of other DNS servers still showing the bad data. Just tell them to purge their DNS caches if you know them, or switch to openDNS. They've got the right stuff, and have had it a lot longer than the chocolate factory's DNS :)
...is how many sheeple there must be if he got 15,000 petitions.
Anyone who thinks for 2 seconds can see this guy's cries of "oh no the sky is about to fall on our open source heads" are all bull. A few more seconds and you can even guess why he's doing it (hint: if you force Oracle to sell it, who would buy?)
There *may* be damage from Oracle, but it will only be to commercial licensees. Not to open source.
can't we just figure out the new rules from the details of the incident prompting them? I mean, surely no one still believes the TSA actually *thinks* before making rules do they?
I'm just waiting for the first guy to put both components of the bomb in his underwear, or two guys with one part each, and they combine them on board. TSA will have to ask everyone to take off their underwear.
Bruce Schneier, as usual, puts it very well. http://www.schneier.com/blog/archives/2009/12/me_and_the_chri.html says: I've started to call the bizarre new TSA rules "magical thinking": if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist.
Listen up folks: the only reason more terrorism isn't happening is that the **bleeding terrorists are even MORE stupid than the TSA**!
...is the expression used in India for the kind of deal that I *very* srongly suspect has happened here.
The sdcard association has *standardised* on this format for their future cards: http://www.sdcard.org/developers/tech/sdxc. A format that they *know* requires money to be paid even by a consumer (since the terms prohibit a FOSS system from using it). In a day and age when awareness of FOSS has never been higher, so don't tell me they didn't realise this.
I refuse to believe this has happened without MS bribing people at sdcard.org. Either that, or gross incompetence/negligence at sdcard. No other explanation.
... of their computers are currently getting hacked by people more competent and less reachable/vulnerable than Gary McKinnon?
It seem unlikely that they've spent any time fixing the *real* problem, nor the people who caused it, from the effort they're making to "shoot the messenger". Which is what this is, if you come right down to it.
nice pun, if intentional... :)
I've long maintained that any admin who uses (or requires the use of) normal ftp for authenticated access of any kind should be taken out and shot [*]
In the two cases of gumblar infection I have seen so far, the infected party's hosting provider had given them plain ftp access to their space.
[*] ok I was half joking there... you dont have to take him out
I seem to recall hearing, over the years, about lots of spyware and rootkits that were undetectable by most AV, including this bozos self-named product. They leeched off the insecurity of Windows for as many years as they could, never once pointing out or attempting to help come up with any real, long term, cure for all of Windows' security ills. Naturally.
Now MS has gotten into that game (took 'em long enough...) these leeches stand to lose most of their blood supply, so they come up with bone-headed schemes like this.
Yes, I know someone said the original article is more of a "what if". So here's mine: what if we banned the use of Windows to access the internet? Seems to me a lot easier to do, and no downsides either.
Killing off leeches like this would be just a bonus, not the main focus...
windows was (re-(re-))built from the ground up as a multi-user addon to an inherently single user system. A Linux desktop is going the other way, so there's a lot of security already in there in terms of separation.
@David W ("No need for a trojan if you've got root...") -- clicking on an attachment does not execute anything, and even if desktops become like that (some are, sadly) they won't execute as root.
@Charles9 ("malware that slips through even NoScript") -- can you show me an example of anything that slips through NoScript? I haven't seen one yet
I've stopped wishing MS any ill.
I have now transferred all my ill will to organisations who make deals with MS. There's far more opportunities to gloat that way.
Serve t-mobile right.
The remote management thing is a good point (as of now anyway), but this article was about infected machines staying infected for months on end -- hardly likely in a "managed" environment like that.
On the "home" front, if someone wants to connect to her job, she should have a job-issued laptop/desktop. As a "personal go to guy", I might help with setting up Firefox+Adblock+basic precautions/education as someone up there suggested, but I probably wouldn't install Linux -- I don't mess with someone else's "work" stuff unless it is "work" for me too.
The video webchat thing -- lets just say you threw in "MSN" as bait. I'm not a big user but last time I checked, skype worked fine.
The old "everyone else is using it, so I have to use it too" argument may be genuine in *some* special cases, but in all but one of the dozen+ people I maintain computers for (personally, no cost) a little digging has revealed that there is no *real* need -- it was more a perception.
And finally, if you really are using Linux at home, the least you can do is stop calling us "fanboys". Most of us -- in real life if not on El Reg ;-) -- are perfectly reasonable people.
A: fail -- the web interface sucks even more, I constantly hear; I'll admit I haven't tried it myself, but in these comments someone said something, and I have my less fortunate colleagues to rely on for my opinions.
B: good point in theory. Oddly, MS-hater though I am, (haven't used Windows at work since 2004, and at home since 2000 or so), I find myself more angry at LN's designers/developers. Probably because my expectations of IBM were much higher than of MS. Plus I have a lot more friends (and former colleagues/bosses) in IBM than in MS, and so maybe I mentally rank it a much smarter company :-) Really, at the risk of repeating myself, LN didn't have "sort by subject line" till about 2004 or so -- now come on that's a deep scar, admit it.
C: irrelevant. I think this is the most important point LN apologists consistently fail to grasp. All we want is email. Don't tell us "oh it can do so much more".
We don't care. We don't care. We don't care.
I know this isn't slashdot so I'll resist using a car analogy :-)
E: helpdesk/incompetent admins? Sure maybe they have their share. Domino doesn't exactly make it easy, I'm told. Mostly because of the same reason -- they're not actually administering an email server, they're administering something "that can do soooo much more" to quote an AC up above somewhere.
F: and you just proved what I said. Although I doubt if you realise what a horrible idea that is. It's not just classical Unix evangelists -- most people realised long ago that you build multiple pieces that work together, not one big monolith that tries to do it all.
new phrase for you: synergestic FAIL :-)
G: see E.
as for your users not complaining, I either take my hat off to you for being a superhuman, or back off in haste because you're a BOFH who'll cut me off if I *do* complain ;-)
[you'd think *attacking* a corporate thing would need AC, not *defending* it, but I guess you know best...]
> I've never heard such irrational & emotional BS in my life. Sure, the UI of Notes was poor, but that was the only weak area in the whole Notes &
listen, bubba, your "only weak area" happens to be the only one a normal user cares about because it's the only one that makes his life miserable. Until you get that into your head, you'll never get the point of what you blithely call "emotional BS".
> infrastructure, Notes & Domino is sooooo much more than that, but most folk who look at Notes & Domino only see the eMail capability, rather than everything else it is capable of.
See above. Summary: *I* *DONT* *CARE*!!!
You know, I get the feeling you're one of those wannabe BOFH types who either doesn't have any "users" or no obligation to keep them happy. You're definitely *not* a user yourself.
> cognisant of the architectural implications of any decision , rather they focus on the user experience and
ooh yes -- we must never let *users* dictate terms, must we? what would the world come to...
> believe implicitly everything that Microsoft tell them as most of them have only seen a Microsoft environment, then they think that they only have the option of an Outlook client.
**Stop implying that anyone who opposes Notes must prefer MS Outlook** Those are not the only two mail clients out there, and if you don't know that, you shouldn't be out in public without your seeing eye dog.
You want to go head to head, try it with Thunderbird
Completely agree. Notes is major, MAJOR (bold red letters) FAIL.
Here's a funny story. I work for a fairly large IT services company, and my brother, working in a somewhat smaller one, wanted me to put his resume through the mill. I casually mentioned the word "Lotus Notes addressbook" in the context of trying to find out *who* to send his resume to (for his skillset and all...)
He sort of jumped back a bit, and said "you guys use Lotus Notes?" "Yes, it's the corporate email client", I said.
A brief pause. Then he says, "er, never mind about the resume; don't send it to anyone..."
I wish I had made that up, but I'm sorry to say it's true!
And they can make the newer versions as pretty as they please, but a POS that acquired "sort by subject line" in 2004 or thereabouts is not my idea of anything remotely clueful. Pigs and lipstick come to mind.
I have an open challenge to anyone in my company: find an arbitrary mail from more than 6 months ago, knowing only a part of the subject line and one of the recepients names. Lotus Notes head to head with Thunderbird + GMailUI. Once you've seen a long message list reduce itself automatically as you type more and more conditions in the search bar, you're hooked.
more items to blacklist for me, because it looks like this new standard is going to be (1) all over the place (2) and no open source way to access the files from
why in the world would a standards body for the SDXC or whatever chips decide to standardise on a file system that is proprietary, in this day and age, I'll never know...
(other than money changing hands or threats, like the OOXML thing, I suppose)
doesn't explain why you can't tell people you've been asked for the key, which apparently is also part of RIPA, per John Naismith Posted Tuesday 11th August 2009 16:35 GMT
>> It never ceases to amaze me how the open source people (and Linux people in particular) slag off MS (and quite rightly too!) but then go and copy what MS are doing!
Sorry but Miguel De Icaza does not represent "open source people" any more than Bernie Maddoff represents Wall Street, as far as I am concerned :-)
>It's been around for over 10 years, and its sitting at < 1 % of desktop / laptops. Every OEM manufacturer who has a go at selling a Linux desktop / laptop pulls the plug quick smart, because they get arm twisted by MS threatening to pull their OS completely from them or jack up the price enormously.
Fixed that for you; and no need to thank me -- I'm just that kind of helpful guy, I'd do it for anyone, even people like you.
I am tired of people switching to open source because of the "economic climate". I keep telling them cost is only the third reason to switch to Linux etc., and that security and reliability are the first two reasons.
So this feels good. "Schadenfreude" is too mild to describe what I'm feeling Maybe "gleeful". Even "gloating" :-) I hope this happens in larger enterprises, and I hope it somehow magically doesn't happen when they test in the IT department before pushing it out to 20,000 desktops :-)
And @Henry9: you may well be right but the real problem is the need for AV in the first place. Ask yourself where that came from
re "Offshoring is one thing, abusing the immigration rules is another" and similar sentiments by others
I remember when offshoring itself was considered so bad, so unfair, and all that. You mean to tell me all it took was to diddle with immigration rules a bit and suddenly offshoring ain't bad?
/me ducks and runs :-)
Linux needs a wrapper because the hardware manufacturers are still pandering to the sheeple-OS only.
If you have, say, an Intel chip (small company out of Oregon, you may've heard of them) it just works, on most any recent distribution.
With Windows, it works *not* because MS is doing *anything at all*, but because the hardware manufacturer went all out to make sure.
This, my friend, is a direct result of them being a monopoly, though it's at a level where MS can't be blamed for it in court.
I install and configure Linux for friends and family, even people I only have a nodding acquaintance with, no strings attached. That such level of support is needed is not Linux's fault.
However, I also know people who talk like you do, and I am happy they're on Windows. I took the water to the horse['s ass] but I can't make him drink you know.
Back to this issue: regardless of what is or is not Firefox's fault, installing something onto a **competing** product, that changes the behaviour of the competing product (useragent string), **without** the user's permission, is criminal.
They couldn't come up with even a little dialog saying "oh hey I notice you have FF. I can install foobar onto it to make your experience on FF as foobar as on our own IE. Would you like me to?"
And for those who think this was not intentional, let me assure you MS staff are not idiots. That old line about "never attribute to malice that which can be explained by stupidity" doesn't apply to MS.
In this case, it was to make sure .Net and Moonshine work on as many computers as possible.
this is your president speaking. I am more paranoid about google's evil potential than all of you put together.
But (if they do what they said they would) this will be something you can run on *your* own servers.
Ease up on the worrying!
is "secure". They found a close-enough-in-some-sense word (Trusted) but they dared not say "secure".
...the service is more valuable than your data.
i.e., or most of us, cloud == cloud cuckoo land
downloaded it (Mandriva Spring 2009.1 KDE One CD image) from a French mirror the very day it came out, before it went to torrent and/or the mirrors got hammered :-)
To start with, their hybrid ISO is a stroke of genius -- no messing with unetbootin or liveUSBcreator or things like that; just dd the ISO to a USB stick instead of burning to a CD. Done. It may be reflective of my inadequate imagination/brains, but I had never realised it could be this easy.
Installed it in 5 machines within the next 2 days. Very little fiddling -- especially suspend/resume; works out of the box.
KDE 4.2.2's transparency etc features are much more reliable than in 4.0, and I actually *use* them; it's not just a gimmick. Ever transcribed/summarised someone's overly long document into a quick email for the boss? I only need to sort-of see what I'm typing, so having the ODT show through the very high-transparency email compose is pretty cool :-)
Except for a minor problem with installing from behind a corporate proxy (you have to change the download engine to curl or wget; the default aria2 has some issues) which I duly reported, I haven't come across anything significant.
"Microsofties are patrolling all the tech sites..."?
You have an extra "pa" in that there verb :)
especially when there's no indication that YOU have done the same yet...
Pakistan rubbishes charges of state-sponsored terrorism.
Nothing to see here, move along...
> the windows boxes at work
I'd rather it hit all home machines first. Less impact on the economy, more real benefit.
never attribute to malice (of ICANN) that which can be adequately explained by incompetence (of Microsoft)...
...combined with the competence (of the vxer).
ICANN is not that smart. ICANN is not that sophisticated. ICANN doesn't have it's technical act so co-ordinated and "together".
...no one caught this?
Don't you guys get guavas in the "first world"? Perhaps not...
Can you at least, of all the IT mags/rags out there, stop calling them "machines"? I own 3, and administer 4 more, and none of them -- even if they are put on the internet as is, will get infected.
Please, pretty please with bells on, call them what they are: "Windows PCs."
And to those who said MS is "doing something", yes they are. By co-opting half of the internet to form a "posse", they made you think it's not their fault. (Why in blazes does a USB stick need autorun, FFS!!!)
don't be a moron.
If you didn't outsource to us, where would we find the money to buy everything from coke/pepsi to GM and Ford cars and funnel profits back to you lot?
[you then promptly turn those over to China, but that's your problem not ours...]
...also, for those wondering what's the big deal, here's a great comment from somewhere in the trenches:
@Gumby/Clearcase -- Git is blazingly fast. People who've used CC may be forgiven for thinking it isn't actually doing anything -- it's that fast.
I don't know how easy it is to create a branch in CC, but in git, when you say "git branch new" it essentially creates a 41-byte file. Your branch is created, and once you switch to it all your changes go on that branch. Didn't like it? Switch back to the master branch and delete that one. Or leave it lying around -- a git repo takes far, far less space than most other VCSs (more than an order of magnitude less than SVN anyway), and you never know when you may want to cherry-pick one of those changes you made while "in the zone".
@Mounteney -- renaming a dirty rotten hack? Clearly you have not moved most of the guts of a function from one source file to another one and had "git gui blame" tell you exactly where those lines came from, and what their history was **back in that other file**.
@Beard -- When you fall off a cliff, it's not the fall that kills you; it's the sudden stop at the end. People who think SVN does branching fine miss the point. It's the merging that sucks. You can't have two long lived branches merging at regular intervals without having to remember where your last merge was so you don't re-merge old stuff the next time.
As for "everyone seeing code all the time", that's nonsense. If a dev doesn't want anyone else to see work-in-progress code, he won't check it in -- you can't force that on him by using a centralised VCS. A DVCS just gives him a little sanity and breathing room. I don't know about you but I like to pamper my devs with good tools!
The really useful thing about a DVCS is that it allows small commits -- makes it easier to review, easier to revert **just the bad parts**, easier to debug (git bisect is fantastic -- it basically does a binary search to find the specific commit that caused the bug), and -- best of all -- makes it easy to work offline.
Git stores all the history of all the branches on your local repo, and yet it takes less space than SVN takes for its "one extra copy, just the latest version".
If you try it, you'll be hooked!
I have to ask: how common is this "banning companies" stuff?
These guys have all sorts of marquee customers all over the place, and I hadn't heard of any other such bans so either (a) all the other organisations are too corrupt to do the same thing, and WB is a shining beacon of integrity (cough cough Wolfowitz cough cough) or (b) WB is the only place where the staff is on the take.
Anyway if anyone knows of other similar bans please post... Maybe they're all over the place and I haven't heard...
I'm also wondering why there're no reports of staffers receiving the bribes being fired. Shouldn't that be part of the same exercise?
Is it that difficult to see who's normally the bigger culprit in any bribing episode, and makes the bribing necessary and possible in the first place?