51 posts • joined Saturday 30th August 2008 02:03 GMT
as soon as you lot apologise for Gen Dwyer's https://en.wikipedia.org/wiki/Jallianwala_Bagh_massacre
Don't bring up such old stuff. It was very one-sided in many ways.
@Heyrick, @Happy Ranter, @AC "What am I missing"
AC: your question is "Surely if you can inject a 301 in the response, you can manipulate the rest of the response anyway?"
Sure, but a 301 makes it permanent. Your MITM may be temporary, but you are making a permanent change to the app now.
Happy Ranter: regardless of what their motivations are, the fact is that an *app* (as opposed to a real browser, even on a mobile device) does not have a URL bar, so the minimum protection we normally have when we get a 301 -- the fact that we can *see* the new URL in the bar -- does not exist here.
That is the issue, I think.
@Justin: I'm sure there are lots like me...
...who have refused to touch facebook (and in my case have even forbidden my daughter from having an FB account) because of the "everyone in one bucket" problem.
We don't have to be doing anything bad/criminal/shameful/naughty to want to segregate our social networks. Compromises like "don't invite your mum" or "don't invite colleagues as friends" are signs that you're letting a technology FAIL drive your social network. And making excuses for the failed tech too.
So much for the value you place on this medium I suppose.
(Oh and I have been told that FB does have such a feature but it is such a badly done, hard to use, bolt-on that it may as well not be there. Clearly if an FB fanboi like you did not mention "we have it too" it must be well hidden indeed so whoever told me this was correct!)
I have helped people (on request) to set privacy settings properly on FB and have come away appalled. Last such experience was about 6 months ago.
I now have sent a G+ invite to my daughter (yes the same one who can't have an FB account!), because I looked at the settings and they make sense. She will still have to exercise caution in what she says to whom but that's life. I'll watch what she does for a few weeks but by and large I'm OK with this.
Yes I'll still watch Google's policies closely but I doubt they'll ever do the amazing amount of facepalm statements and actions that Zuckerburg/FB managed to do over the last few months/years. Nor will they, after the Buzz debacle, take this issue lightly either...
mind in the gutter
Domain Internet Groper? Are you sure that's what "dig" stands for?
your redhat comparision fails -- you realised it fails but you did not explain why.
Two words. Copyright assignment.
It's not the decision to sell that caused all this. It's the decision to have mandatory copyright assignment. Which allowed them to change the *client* libraries from LGPL to GPL for instance.
Tell me how that helps FOSS in any way, forcing the MySQL client libraries to be GPL? That was pure greed.
Now it's biting them, and they're running around crying about it...
malware see, malware do
this post just about made my day/week/month.
I've always considered Windows to be the biggest piece of malware floating around, and MS to be of questionable legality in various aspects (and not just the anti-trust stuff), so it's nice to know they're inspiring "the next generation" so to speak...
"fix had not taken"
just run "dig +trace www.tcs.com"
If you're piggy-backing on someone else's DNS, like your ISP or openDNS or the chocolate factory, and you get a different answer than 22.214.171.124, you know what to do.
But actually, if you aren't running your own DNS, and didn't flush your caches as soon as you heard this, you shouldn't even be commenting on the issue.
"still see the bad page" ==> **reporting** on the issue
"fix had not taken" ==> **commenting** on the issue
[Same disclaimer applies as in previous comment]
tcs.com was NOT hacked....
please guys, I expected better from you lot...
[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]
tcs.com was NOT hacked yesterday. What did happen was that the DNS records that supply the IP were reset to some other IP.
Whether that was done by actually hacking netsol or by social engineering a valid change request I do not know.
I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.
I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask, heh heh!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].
In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it "come back" at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.
At this point in time I am still receiving reports of other DNS servers still showing the bad data. Just tell them to purge their DNS caches if you know them, or switch to openDNS. They've got the right stuff, and have had it a lot longer than the chocolate factory's DNS :)
what amazes me...
...is how many sheeple there must be if he got 15,000 petitions.
Anyone who thinks for 2 seconds can see this guy's cries of "oh no the sky is about to fall on our open source heads" are all bull. A few more seconds and you can even guess why he's doing it (hint: if you force Oracle to sell it, who would buy?)
There *may* be damage from Oracle, but it will only be to commercial licensees. Not to open source.
why do we need a leak?
can't we just figure out the new rules from the details of the incident prompting them? I mean, surely no one still believes the TSA actually *thinks* before making rules do they?
I'm just waiting for the first guy to put both components of the bomb in his underwear, or two guys with one part each, and they combine them on board. TSA will have to ask everyone to take off their underwear.
Bruce Schneier, as usual, puts it very well. http://www.schneier.com/blog/archives/2009/12/me_and_the_chri.html says: I've started to call the bizarre new TSA rules "magical thinking": if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist.
Listen up folks: the only reason more terrorism isn't happening is that the **bleeding terrorists are even MORE stupid than the TSA**!
"under the table"
...is the expression used in India for the kind of deal that I *very* srongly suspect has happened here.
The sdcard association has *standardised* on this format for their future cards: http://www.sdcard.org/developers/tech/sdxc. A format that they *know* requires money to be paid even by a consumer (since the terms prohibit a FOSS system from using it). In a day and age when awareness of FOSS has never been higher, so don't tell me they didn't realise this.
I refuse to believe this has happened without MS bribing people at sdcard.org. Either that, or gross incompetence/negligence at sdcard. No other explanation.
I wonder how many...
... of their computers are currently getting hacked by people more competent and less reachable/vulnerable than Gary McKinnon?
It seem unlikely that they've spent any time fixing the *real* problem, nor the people who caused it, from the effort they're making to "shoot the messenger". Which is what this is, if you come right down to it.
ftp vulns can be fixed...
I've long maintained that any admin who uses (or requires the use of) normal ftp for authenticated access of any kind should be taken out and shot [*]
In the two cases of gumblar infection I have seen so far, the infected party's hosting provider had given them plain ftp access to their space.
[*] ok I was half joking there... you dont have to take him out
only way to hide his and his ilk's failure I guess
I seem to recall hearing, over the years, about lots of spyware and rootkits that were undetectable by most AV, including this bozos self-named product. They leeched off the insecurity of Windows for as many years as they could, never once pointing out or attempting to help come up with any real, long term, cure for all of Windows' security ills. Naturally.
Now MS has gotten into that game (took 'em long enough...) these leeches stand to lose most of their blood supply, so they come up with bone-headed schemes like this.
Yes, I know someone said the original article is more of a "what if". So here's mine: what if we banned the use of Windows to access the internet? Seems to me a lot easier to do, and no downsides either.
Killing off leeches like this would be just a bonus, not the main focus...
it *is* windows...
windows was (re-(re-))built from the ground up as a multi-user addon to an inherently single user system. A Linux desktop is going the other way, so there's a lot of security already in there in terms of separation.
@David W ("No need for a trojan if you've got root...") -- clicking on an attachment does not execute anything, and even if desktops become like that (some are, sadly) they won't execute as root.
@Charles9 ("malware that slips through even NoScript") -- can you show me an example of anything that slips through NoScript? I haven't seen one yet
I've stopped wishing MS any ill...
I've stopped wishing MS any ill.
I have now transferred all my ill will to organisations who make deals with MS. There's far more opportunities to gloat that way.
Serve t-mobile right.
The remote management thing is a good point (as of now anyway), but this article was about infected machines staying infected for months on end -- hardly likely in a "managed" environment like that.
On the "home" front, if someone wants to connect to her job, she should have a job-issued laptop/desktop. As a "personal go to guy", I might help with setting up Firefox+Adblock+basic precautions/education as someone up there suggested, but I probably wouldn't install Linux -- I don't mess with someone else's "work" stuff unless it is "work" for me too.
The video webchat thing -- lets just say you threw in "MSN" as bait. I'm not a big user but last time I checked, skype worked fine.
The old "everyone else is using it, so I have to use it too" argument may be genuine in *some* special cases, but in all but one of the dozen+ people I maintain computers for (personally, no cost) a little digging has revealed that there is no *real* need -- it was more a perception.
And finally, if you really are using Linux at home, the least you can do is stop calling us "fanboys". Most of us -- in real life if not on El Reg ;-) -- are perfectly reasonable people.
A: fail -- the web interface sucks even more, I constantly hear; I'll admit I haven't tried it myself, but in these comments someone said something, and I have my less fortunate colleagues to rely on for my opinions.
B: good point in theory. Oddly, MS-hater though I am, (haven't used Windows at work since 2004, and at home since 2000 or so), I find myself more angry at LN's designers/developers. Probably because my expectations of IBM were much higher than of MS. Plus I have a lot more friends (and former colleagues/bosses) in IBM than in MS, and so maybe I mentally rank it a much smarter company :-) Really, at the risk of repeating myself, LN didn't have "sort by subject line" till about 2004 or so -- now come on that's a deep scar, admit it.
C: irrelevant. I think this is the most important point LN apologists consistently fail to grasp. All we want is email. Don't tell us "oh it can do so much more".
We don't care. We don't care. We don't care.
I know this isn't slashdot so I'll resist using a car analogy :-)
E: helpdesk/incompetent admins? Sure maybe they have their share. Domino doesn't exactly make it easy, I'm told. Mostly because of the same reason -- they're not actually administering an email server, they're administering something "that can do soooo much more" to quote an AC up above somewhere.
F: and you just proved what I said. Although I doubt if you realise what a horrible idea that is. It's not just classical Unix evangelists -- most people realised long ago that you build multiple pieces that work together, not one big monolith that tries to do it all.
new phrase for you: synergestic FAIL :-)
G: see E.
as for your users not complaining, I either take my hat off to you for being a superhuman, or back off in haste because you're a BOFH who'll cut me off if I *do* complain ;-)
@emotional BS (AC, 07:57)
[you'd think *attacking* a corporate thing would need AC, not *defending* it, but I guess you know best...]
> I've never heard such irrational & emotional BS in my life. Sure, the UI of Notes was poor, but that was the only weak area in the whole Notes &
listen, bubba, your "only weak area" happens to be the only one a normal user cares about because it's the only one that makes his life miserable. Until you get that into your head, you'll never get the point of what you blithely call "emotional BS".
> infrastructure, Notes & Domino is sooooo much more than that, but most folk who look at Notes & Domino only see the eMail capability, rather than everything else it is capable of.
See above. Summary: *I* *DONT* *CARE*!!!
You know, I get the feeling you're one of those wannabe BOFH types who either doesn't have any "users" or no obligation to keep them happy. You're definitely *not* a user yourself.
> cognisant of the architectural implications of any decision , rather they focus on the user experience and
ooh yes -- we must never let *users* dictate terms, must we? what would the world come to...
> believe implicitly everything that Microsoft tell them as most of them have only seen a Microsoft environment, then they think that they only have the option of an Outlook client.
**Stop implying that anyone who opposes Notes must prefer MS Outlook** Those are not the only two mail clients out there, and if you don't know that, you shouldn't be out in public without your seeing eye dog.
You want to go head to head, try it with Thunderbird
@AC 12:49 and 13:29 and others
Completely agree. Notes is major, MAJOR (bold red letters) FAIL.
Here's a funny story. I work for a fairly large IT services company, and my brother, working in a somewhat smaller one, wanted me to put his resume through the mill. I casually mentioned the word "Lotus Notes addressbook" in the context of trying to find out *who* to send his resume to (for his skillset and all...)
He sort of jumped back a bit, and said "you guys use Lotus Notes?" "Yes, it's the corporate email client", I said.
A brief pause. Then he says, "er, never mind about the resume; don't send it to anyone..."
I wish I had made that up, but I'm sorry to say it's true!
And they can make the newer versions as pretty as they please, but a POS that acquired "sort by subject line" in 2004 or thereabouts is not my idea of anything remotely clueful. Pigs and lipstick come to mind.
I have an open challenge to anyone in my company: find an arbitrary mail from more than 6 months ago, knowing only a part of the subject line and one of the recepients names. Lotus Notes head to head with Thunderbird + GMailUI. Once you've seen a long message list reduce itself automatically as you type more and more conditions in the search bar, you're hooked.
more items to blacklist for me, because it looks like this new standard is going to be (1) all over the place (2) and no open source way to access the files from
why in the world would a standards body for the SDXC or whatever chips decide to standardise on a file system that is proprietary, in this day and age, I'll never know...
(other than money changing hands or threats, like the OOXML thing, I suppose)
@Michael C Posted Tuesday 11th August 2009 13:45 GMT
doesn't explain why you can't tell people you've been asked for the key, which apparently is also part of RIPA, per John Naismith Posted Tuesday 11th August 2009 16:35 GMT
>> It never ceases to amaze me how the open source people (and Linux people in particular) slag off MS (and quite rightly too!) but then go and copy what MS are doing!
Sorry but Miguel De Icaza does not represent "open source people" any more than Bernie Maddoff represents Wall Street, as far as I am concerned :-)
@Mathew Evans (@shills.microsoft.com?)
>It's been around for over 10 years, and its sitting at < 1 % of desktop / laptops. Every OEM manufacturer who has a go at selling a Linux desktop / laptop pulls the plug quick smart, because they get arm twisted by MS threatening to pull their OS completely from them or jack up the price enormously.
Fixed that for you; and no need to thank me -- I'm just that kind of helpful guy, I'd do it for anyone, even people like you.
very happy to hear this
I am tired of people switching to open source because of the "economic climate". I keep telling them cost is only the third reason to switch to Linux etc., and that security and reliability are the first two reasons.
So this feels good. "Schadenfreude" is too mild to describe what I'm feeling Maybe "gleeful". Even "gloating" :-) I hope this happens in larger enterprises, and I hope it somehow magically doesn't happen when they test in the IT department before pushing it out to 20,000 desktops :-)
And @Henry9: you may well be right but the real problem is the need for AV in the first place. Ask yourself where that came from
@Ponmyword (and others)
re "Offshoring is one thing, abusing the immigration rules is another" and similar sentiments by others
I remember when offshoring itself was considered so bad, so unfair, and all that. You mean to tell me all it took was to diddle with immigration rules a bit and suddenly offshoring ain't bad?
/me ducks and runs :-)
@JC and windows -vs- linux support
Linux needs a wrapper because the hardware manufacturers are still pandering to the sheeple-OS only.
If you have, say, an Intel chip (small company out of Oregon, you may've heard of them) it just works, on most any recent distribution.
With Windows, it works *not* because MS is doing *anything at all*, but because the hardware manufacturer went all out to make sure.
This, my friend, is a direct result of them being a monopoly, though it's at a level where MS can't be blamed for it in court.
I install and configure Linux for friends and family, even people I only have a nodding acquaintance with, no strings attached. That such level of support is needed is not Linux's fault.
However, I also know people who talk like you do, and I am happy they're on Windows. I took the water to the horse['s ass] but I can't make him drink you know.
Back to this issue: regardless of what is or is not Firefox's fault, installing something onto a **competing** product, that changes the behaviour of the competing product (useragent string), **without** the user's permission, is criminal.
They couldn't come up with even a little dialog saying "oh hey I notice you have FF. I can install foobar onto it to make your experience on FF as foobar as on our own IE. Would you like me to?"
And for those who think this was not intentional, let me assure you MS staff are not idiots. That old line about "never attribute to malice that which can be explained by stupidity" doesn't apply to MS.
In this case, it was to make sure .Net and Moonshine work on as many computers as possible.
to the tin-foil-hatters
this is your president speaking. I am more paranoid about google's evil potential than all of you put together.
But (if they do what they said they would) this will be something you can run on *your* own servers.
Ease up on the worrying!
...and a great release it is too (Mandriva Spring 2009)
downloaded it (Mandriva Spring 2009.1 KDE One CD image) from a French mirror the very day it came out, before it went to torrent and/or the mirrors got hammered :-)
To start with, their hybrid ISO is a stroke of genius -- no messing with unetbootin or liveUSBcreator or things like that; just dd the ISO to a USB stick instead of burning to a CD. Done. It may be reflective of my inadequate imagination/brains, but I had never realised it could be this easy.
Installed it in 5 machines within the next 2 days. Very little fiddling -- especially suspend/resume; works out of the box.
KDE 4.2.2's transparency etc features are much more reliable than in 4.0, and I actually *use* them; it's not just a gimmick. Ever transcribed/summarised someone's overly long document into a quick email for the boss? I only need to sort-of see what I'm typing, so having the ODT show through the very high-transparency email compose is pretty cool :-)
Except for a minor problem with installing from behind a corporate proxy (you have to change the download engine to curl or wget; the default aria2 has some issues) which I duly reported, I haven't come across anything significant.
@Call me cynical
never attribute to malice (of ICANN) that which can be adequately explained by incompetence (of Microsoft)...
...combined with the competence (of the vxer).
ICANN is not that smart. ICANN is not that sophisticated. ICANN doesn't have it's technical act so co-ordinated and "together".
"machines"? please be more specific!
Can you at least, of all the IT mags/rags out there, stop calling them "machines"? I own 3, and administer 4 more, and none of them -- even if they are put on the internet as is, will get infected.
Please, pretty please with bells on, call them what they are: "Windows PCs."
And to those who said MS is "doing something", yes they are. By co-opting half of the internet to form a "posse", they made you think it's not their fault. (Why in blazes does a USB stick need autorun, FFS!!!)
@ac 11:08 GMT
don't be a moron.
If you didn't outsource to us, where would we find the money to buy everything from coke/pepsi to GM and Ford cars and funnel profits back to you lot?
[you then promptly turn those over to China, but that's your problem not ours...]
@ Gumby, Mounteney, Beard, etc
@Gumby/Clearcase -- Git is blazingly fast. People who've used CC may be forgiven for thinking it isn't actually doing anything -- it's that fast.
I don't know how easy it is to create a branch in CC, but in git, when you say "git branch new" it essentially creates a 41-byte file. Your branch is created, and once you switch to it all your changes go on that branch. Didn't like it? Switch back to the master branch and delete that one. Or leave it lying around -- a git repo takes far, far less space than most other VCSs (more than an order of magnitude less than SVN anyway), and you never know when you may want to cherry-pick one of those changes you made while "in the zone".
@Mounteney -- renaming a dirty rotten hack? Clearly you have not moved most of the guts of a function from one source file to another one and had "git gui blame" tell you exactly where those lines came from, and what their history was **back in that other file**.
@Beard -- When you fall off a cliff, it's not the fall that kills you; it's the sudden stop at the end. People who think SVN does branching fine miss the point. It's the merging that sucks. You can't have two long lived branches merging at regular intervals without having to remember where your last merge was so you don't re-merge old stuff the next time.
As for "everyone seeing code all the time", that's nonsense. If a dev doesn't want anyone else to see work-in-progress code, he won't check it in -- you can't force that on him by using a centralised VCS. A DVCS just gives him a little sanity and breathing room. I don't know about you but I like to pamper my devs with good tools!
The really useful thing about a DVCS is that it allows small commits -- makes it easier to review, easier to revert **just the bad parts**, easier to debug (git bisect is fantastic -- it basically does a binary search to find the specific commit that caused the bug), and -- best of all -- makes it easy to work offline.
Git stores all the history of all the branches on your local repo, and yet it takes less space than SVN takes for its "one extra copy, just the latest version".
If you try it, you'll be hooked!
how common is this "banning" stuff?
I have to ask: how common is this "banning companies" stuff?
These guys have all sorts of marquee customers all over the place, and I hadn't heard of any other such bans so either (a) all the other organisations are too corrupt to do the same thing, and WB is a shining beacon of integrity (cough cough Wolfowitz cough cough) or (b) WB is the only place where the staff is on the take.
Anyway if anyone knows of other similar bans please post... Maybe they're all over the place and I haven't heard...
I'm also wondering why there're no reports of staffers receiving the bribes being fired. Shouldn't that be part of the same exercise?
Is it that difficult to see who's normally the bigger culprit in any bribing episode, and makes the bribing necessary and possible in the first place?
Houston, err Hyderabad, we have a problem
I live in Hyderabad, and I am indirectly affected -- I have close relations and many friends who work for Satyam, though (disclosure) I work for one of their competitors as an (aging) geek.
Today has been a bad day for us, full of anxiety and worry. And fruitless speculation about what tomorrow brings.
But the biggest question I have, is what were PWC doing? Raju says this has been going on for a few years. Have they been sleeping? Can fraud like this be perpetrated without the connivance of the auditors?
I had the same question about the "independent" directors who voted yes last month: I would love the chance to ask any ISB student what he thought of his dean now, who chaired that infamous meeting and voted yes.
Oh and by the way, I don't think even Raju's own mother would believe that "I did not make a rupee/dollar" poppycock. These guys are from the construction business, which -- for most lay people anyway -- ranks as the most corrupt businesses all over India!
@is it just me
yeah, it's just you...
I wouldn't chortle if one person's stupidity killed someone else, of course, but killing the stupid person himself -- good for a belly laugh even. But it has to be a spectacular, premeditated, stupidity, not just carelessness, a fit of rage/emotion, absent-mindedness, bad luck or any other factor beyond the guy's control.
satyam and maytas
@Jonathan Morton: the name Maytas was chosen to be a reversal of Satyam, the original name of the entire group, a long time ago. There have also been articles praising the sons of Satyam chief for going into the traditional family business (real estate/construction; they were in it long before the software thing came along) rather than join their dad in IT.
This has nothing to do with why investors smelt rats on this episode.
The problem is that the family owns 8% of Satyam, but at least 35-36% (some say as much as 80%!!) in the 2 Maytas companies. This means wealth flows out of the shareholders pockets into the Raju family's pockets.
The second issue is that the valuation of 1.6 billion USD was just below the amount of 1.64 billion which was the mandated limit on how much they could spend without shareholder approval (this limit is mandated by the Companies Act or something like that and there's some way to compute that based on your market cap and some other stuff I don't remember and can't be bothered to look up)
The contention here is that the valuation is too close to the limit to be a coincidence.
It also appears they're not saying who did the valuation, which is another issue.
@Indians (AC @18th dec 15:01 GMT)
The US does not have a "family" culture for these things, so this is not a fair comparision. And your broad-brush implication about "Indian companies" is pretty silly -- would you prefer American style, as exemplified by the sort of stuff that's been coming out of the woodwork these past few months?
...or beyond disgusting. The lengths that people in power will go to protect the guilty (and I don't mean the poor befuddled teacher whose life is now probably in shambles!)
Think of the children is all well and good, but why aren't people blaming the real culprit here? [see icon chosen...]
PS: On the plus side, a recent personal experience of mine indicates that even semi-literate people running internet cafe's in India seem to have wised up to the need to use FF instead of IE, so maybe there's hope for this world after all... I mean how difficult can it be for teachers in the so-called "first world" to get the same message?
aiming for FoTW...
...not really, but got your attention, didn't I?
What's up Teddie? You used to be cogent enough to let people tolerate the juvenile language, so what's with this piece? Admit it, you didn't even **attempt** to think through this one. Touch of the flu or something? Weather got you down?
Seriously, this is the most moronic, rambling, fsck-witted article you've written to date.
Try using an Aspire or an Eee, try travelling with it, shoving it in one corner of a smallish overnight bag (protected by clothes and stuff) and lugging it around 3 airports.
Sure I wouldn't run Matlab on it (or video editing, as someone said) but I can do pretty much anything I can't do without for a few days.
I've got nothing against smartphones but they're too small to be usable exclusively on a 3-day business trip. One needs a little more power than that.
If anything, I'd say that the regular laptops will take a beating. For people who don't absolutely live on the road and spend significant time in an office can use a normal desktop when tethered and a netbook when traveling.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Three offers free US roaming, confirms stealth 4G rollout
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED