Posts by Tom 38
1575 posts • joined Tuesday 21st July 2009 13:02 GMT
Page:
snafu is now a word
It started as an acronym, and now it is a word. This happens in languages.
DailyMail mode activated
"""
People also use Twitter as a the first place to get information, monitor quickly changing events in real-time, and connect with friends, family and their communities.
"""
Can we get a list of these people, Britain is a bit crowded, we could do with a moron cull.
I mean - imagine the scene. You come up out of the tube station, and the high street is on fire. What to do? I know, check what @PiersMorgan thinks.
Wonder if we'll now see dividends
Jobs really didn't like handing back any of his mountain of cash. I think he actually did have a small mountain of notes to roll around in, they needed the newer offices because the mountain got too big.
Re: Linux is the kernel
"""
Apple's OSX is just a GUI slapped ontop of BSD (a UNIX/LINUX style kernel)
"""
No, really, it is not:
- OSX uses a Mach derived kernel, which shares nothing with BSD. It's userland tools are mainly BSD.
- BSD is not a Linux (never all caps) style kernel.
Most of your post was correct, although you are really complaining that he said 'Linux' instead of 'GNU/Linux' though, which is a bit pedantic - about my sort of level of pedantry :)
The guy you are replying to is completely wrong in everything he says though. This isn't a 4 year old bug which is just now getting fixed, it is a bug which has been fixed within hours of being reported.
The whole situation is conflated by that attention whore Zalewski trying to take credit for discovering this bug. He said there was a bandwidth starvation vulnerability in a related section of code, there wasn't.
There is an memory vulnerability in this code, and because he cannot help himself from self-aggrandizing himself, he toured the sec-lists and news agencies saying that he pointed this vulnerability out 4 years ago. He didn't.
See here for more Zalewski form:
http://www.eweek.com/c/a/Security/Irresponsible-Bug-Disclosure/
Relevance?
Do you think iOS emerged fully formed the day before they released it? Consider perhaps that iOS was in development for years also.
Wait, this article gets the whole thing wrong
Whilst what Michal Zalewski reported is somewhat related to this, the actual DoS is nothing to do with what he reported - it's simply the attack vector to expose the actual bug.
He reports that you can get Apache to dump massive amounts of data to the net from a simple request by requesting the entire file range over and over. His DoS threat was from setting up massive TCP windows, so httpd keeps sending data without waiting for an ack, and then silently dropping the connection. This is a DoS attack that attempts to consume all your bandwidth. There have been no successful attacks reported using this approach.
This exploit works in a completely different way. It repeatedly asks for tiny fragments of the file, as opposed to the entire contents of the same file.
Due to how httpd handles byte range requests, each byte of the response ends up as an entire brigade in the response. This leads to massive memory usage for that request.
Flood httpd with those kinds of requests, and httpd quickly consumes all the memory on the server. It is an entirely different kind of DoS attack.
So, to clarify, the bug reported 4 years ago is not the same as the bug that leads to this DoS attack. They are slightly related in terms of attack vector, but that is it. This is not a bug reported 4 years ago that is only getting fixed now, as the article makes out.
Stop gap fix
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
You can bump the number 5 if your clients actively use a lot of ranges. I'm jumping the gun slightly, they're still voting on the exact wording of the advisory, but that's the top mitigation until 2.2.20 is rolled.
It behaves differently on different OS. It won't totally take down a FreeBSD server, but it will pretty quickly take down a typical Linux server - the OOM killer will just randomly start taking shit out, and once it takes out init, that's the ball game.
Not tested Solaris or OpenBSD yet.
Re: Re: @AC
The original AC - maybe you are the same person - implied that GPL3 was designed to save BSD from being code-raped by Apple. They missed a couple of pertinent points:
1) The reason we work on *BSD is to not restrict the users of our code, regardless of how they want to use it
2) Changes to GPL aren't going to affect how *BSD projects are run or how we manage our code - we aren't going to change to a non permissive license.
"
Excuse those of us that favour copyleft licences for pointing this out, but the zealotry seems to be more evident in the frequently aggressive statements made by permissive licensing advocates who always seem aggrieved that people dared to write Free Software and not give them the opportunity to use it as if they wrote it themselves.
"
I'm mostly aggrieved that people associate open source with GPL and believe that companies reusing BSD works are somehow being naughty or evil. We want re-use, we want everyone to use our code, from individuals to companies who might want to build upon it. Code isn't really open unless you can re-use it.
It's true, lots of us are here because we have extreme dislikes of GPL/FSF. My favourite quote is this from a BSD licensed library's about page (not me!):
memcache(3) is as Open Source as it gets and can be embedded in anything (commercial software, open source, etc). May the GPL and its users rot in hell for their stupidity.
You don't become ubiquitous with a copyleft license, you do with a permissive license. Look at the license choices for cross platform standard libraries:
libpng: permissive
zlib: permissive
libjpeg: permissive
openssl: permissive
They are permissive because they are standards, and they are standards because they are permissive.
@AC
"""
Apple built an empire on top of a mountain of cash using BSD but they didn't even bother to send a thank you card to the BSD community. I wonder how those developers feel seeing their work being heavily monetized while they receive not even the slightest appreciation. Well, GPL was designed specifically to prevent this state of affair.
"""
This is utter tosh. I'm involved with FreeBSD, and I can tell you that Apple contribute a shitload back to BSD. They fund developers, they fund projects, they contribute code back to the project, they produce BSD licensed software and toolchains that are helping to remove our dependence on GPL software.
I particularly like the final line - GPL is going to save all us BSD developers? No thanks, we'll continue using the 2 clause BSD license, you can keep your toxic GPL. The BSD license does exactly what it is supposed to do, and allows for reuse of code, and we're real happy for Apple, Juniper, Citrix, Ironport, Sophos, Panasonic, Sophos, Netasq, Isilon at al to reuse our code.
The GPL puts such a restriction on developers. Take a company like Juniper Networks, who spend a shed load of money developing Junos, which is based on FreeBSD. Junos is completely closed source, which stops competitors using Juniper's code to build their own products.
This is precisely the situation the FSF wants to avoid, that Linux could become the base of a closed source OS. They argue that this would be disastrous, and the company would not push fixes back to the tree unless compelled.
Well, that's not what happens. Certain things clearly are not contributed back, such as Juniper's custom routing stacks, but lots of other things are. They spend a lot of time and money testing things that the project cannot, and contribute lots back. In general, the companies that use FreeBSD like this (and there are lots) only benefit FreeBSD.
A GPL zealot will never see it that way though. To their eyes, Apple and Juniper are just leeches. A typical BSD user just sees it as code reuse, which is the most important thing - consider where we would be if every commercial OS had not reused the Berkeley sockets API (probably not discussing this).
Pedantry ahoy
For the love of dog - its 'ensure'. 'insure' means something completely different.
insure:
Arrange for compensation in the event of damage to or loss of (property), or injury to or the death of (someone), in exchange for regular advance payments to a company
ensure:
Make certain that (something) shall occur or be the case.
Re: Patent on a design
It's called copyright, but - assuming you designed the Porsche 911 - sure.
Posted in ARM vet: The CPU's future is threatened
x86 SoC
They do exist: http://www.vortex86sx.com/
but like you, on the whole I think I'd be happier with an ARM designed SoC.
@AC
Just watch less football.
I have absolutely no use for this
But I really really want it. If it had a nice green HUD, that would just be gravy.
Hasn't anyone seen Deep Impact?!
This is precisely what they will say when one really is going to hit Earth!
@Cameron, I can't decide - the problem with bunkers is they tend to be underground, which could be a problem with a mega-super-tsunami. Anyone up for a week's camping up Ben Nevis?
£199?
I think the original idea was to make some money, so selling at £300 under cost may be a bit of a poor business move. They'll get there when they are truly unshiftable though.
I think the primary problem for these vendors is that Apple now have a good reputation for producing simple to use devices. I'm not saying that other devices are hard to use, just that a user deciding between an ipad and any other tablet will know that the Apple device will work, and be easy to use, which is a boon when deciding to spend £500+ on a toy.
AC is a Merkin?
We don't do freedom of speech the same over here chum. Here are a list of things which are criminal speech in the UK (ie, illegal to express), which override the concept of free speech:
Incitement to riot
Incitement to racial hatred
Incitement to religious hatred
Incitement to terrorism
Dissemination of terrorist publications
Glorifying terrorism
Threatening, abusive or insulting speech or behaviour
Treason, including imaging the death of the monarch*
Sedition
Obscenity
Indecency or corruption of public morals/outraging public decency
Defamation
Prior restraint of the material
Scandalizing the court (eg criticizing a judge)
These cretins attempted to incite a riot. The sentences should be increased from normal, since the country itself was in an aggravated state due to prior rioting.
As to 'ruining these boy's lives', these are two people who on hearing about the riots, thought "I know, lets smash up and steal stuff from my local town" - they've ruined their own lives.
* We may be able to get Big Ears convicted on this one
See, this is where your lack of C++ knowledge lets you down
C++ is strongly typed. The compiler cannot 'choose' a type for you, each rvalue has a specific type, and hence using auto simply eliminates some keyboard action.
The standard case will be for turning something like this:
std::vector<std::map<std::string,std::pair<std::string, std::string>>> the_list;
for (std::vector<std::map<std::string,std::pair<std::string, std::string>>>::const_iterator i = the_list.begin(), e = the_list.end(); i != e; ++i) ;
into something like this:
std::vector<std::map<std::string,std::pair<std::string, std::string>>> the_list;
for (auto& i: the_list) ;
Does that reduce the readability? Really? (Ok, so a list of maps of string -> (string, string) is not a typical data structure, but I've seen far worse in stl-hell)
There can be no chance of implicit type conversion either - in fact, I can think of several times over the years where using an auto type would have prevented some incorrect implicit type conversions.
You may not use C++, but I do on a daily basis, and C++0x is pure win.
PS: Do you not have standard 'hit by bus' policies at your work? All our stuff has to survive a weekend of several fatalities...
20 years is ok, 25 may be pushing it
My Model-M keyboard (born 1986) makes Windows 7 very unhappy. If I attempt to put Windows to sleep, it immediately wakes up again with all 3 keyboard LEDs constantly blinking, and I have to power cycle the keyboard.
Very sad.
You are so right, we should use C for everything
Or maybe assembler?
Look, if you don't use C++, and decided in the early 90s that you would never want to use C++, why comment on the evolution of a language that you have already prejudged?
It's just like the Android fanboy who reads a story about a new iphone, and immediately posts the first comment "zzz, who cares".
Personally, I almost had to go have a 5 finger shuffle when I read that we would now have an 'auto' type, for which the compiler will work out the appropriate type, or a simpler way to iterate through STL collections, or many many of the other fantastic things that C++0x will have available. In fact....
fapfapfap
woohoo!
list<pair<string, string>> words = {
{ "Woo", "hoo" },
{ "About bloody", " time" },
};
for (auto& i : words)
{
cout << i.first << i.second << endl;
}
Oh really?
I thought that Moto had a real bad reputation for releasing devices with firmware that just got abandoned at release version and that it was impossible/extremely hard to run with up to date, bug free firmware. Is it the original Motorola Xoom that still runs with Android 1.6?
Certainly that was the advice that I got when I asked an Android aficionado what to buy: Don't buy Moto, firmware never gets upgraded, don't buy HTC, the loaders are all locked*, Samsung are OK.
* not any more, ISTR
Who down-voted this magnificent Alan Partridge quote?
This country!
I think they had enough of Motorola
From what I've read, Motorola produce the worst Android handsets money can buy. Perhaps Google just got ashamed of this being 'the Android experience' and said 'either sell us your phone business, or you are out of the Android game'.
Look, I know patent bashing is easy and fun
I fully agree that patent trolling is bad. However, patents must provide some sort of protection for the applicant. This particular example is zany and crazy and may not ever even make it as far as a concept piece, but it still requires patent protection so that this novel use of airbags in a phone can be explored. Even if it took 5 years before they had a working prototype, and 10 years to market, the patent should protect their idea from exploitation by someone else.
Requiring every idea to go from concept -> prototype within 3 months or you lose your patent protection is crazy - no company would investigate significant resources into any idea which could not be realized immediately, and net innovation would fall.
Insert title here
Apparently BBM'ing is all the rage amongst the yoof, since it apparently doesn't cost data or voice allowance, so as long as you have 50p credit left on your phone, you can bbm for free as much as you like.
I also like the quote from AC above - Dear RIM, please don't tell on us or innocent people will get hurt. If you're not falling for that, then we've already hacked you and we'll come riot at your home if you do. Oh, and we're still innocent.
@AC
Partly responsible? Were they the refilling the petrol bombs?
There is a particular left wing fallacy that if you do something bad, it's not your fault - you're too stupid/poor/disenfranchised to know any better and were made to do it. The only people responsible for the rioting and looting are the rioters and looters.
There is a way to protest, as demonstrated by Mark Duggan's family. This is not a protest, however much the idiot left want it to be - it is criminal looting.
Stealing TVs and drugs, burning buildings and cars and terrorizing citizens is not a protest, it is thuggery. The left, as led by that moron Ken Livingstone, do not like the current government, nor the austerity conditions that are required after the previous government (which promised an end to boom and bust), and conflate idiots stealing and burning stuff with a political protest.
I can't decide which I dislike more - the twats rioting, or the cunts trying to tie their political flags to it.
I don't believe that
$6bn? And they turned it down?
Crazy. They may be 'first to market' in their sector, but this sort of thing is easily applicable to any network of people, so they must be hugely sensitive to a Facebook or G+ version of this.
Posted in School caned for losing 20K details
Re: plus-
I hope they feed them, let them out for walks etc. Alumni are people too.
Crikey
I make do with 1 tuner. Are there really 4 shows (or 12 if you are capturing the whole multiplex) on Freeview worth watching at a time?
Also, sport is one of the main things I will PVR. Nothing like skipping through half time, or fast forwarding the boring bits.
What a load of bullshit
""
It means ironically, society would now be better off without patents any longer. It would save everyone a lot of money.
""
BS. The world would be a better place if only corporations could rip off any industrial process without paying? The world would be a better place if engineers and inventors had no way of protecting or profiting from their IP?
Patents are unpleasant but they are required to reward innovation and insight. Without them, there is no incentive to be smart, and you end up with nothing. No doubt they need reform, particularly US software patents, but to say we would be better of without patents just paints you as a deluded loon.
I know plenty who paid up front
Avoids paying it out over 2 years of your life. Typically, subsidized iphone contracts are about £20 more per month than equivalent non-subsidized contract, over 2 years thats £480, Add on £69 for the initial cost of the phone on subsidy (subsidies only go so far), and its a wee bit more than the £515 purchase price.
Just saying.
Not pedantry
Just wrong.
The first command line searches all files for the string 'timthumb', your command line finds files that have the 'timthumb' in the filename, ignoring case.
8 percent human?
""Out of Newt's 1.3 million followers only 8 percent (2 percent less than claimed in recent media reports), are identified by our algorithm as humans""
However, 84% were identified as registered Republican voters.
Posted in Googlenet runs on '900,000 servers'
@sabroni
Downvoted for doing bad maths. He failed to account for the energy expended cooling 900k servers.
I'm really angry about this
For the past 2 months, FOTA have been banging on about how they could not even consider F1 not being Free To Air in their major markets, since a lot of their income is derived from advertisers - and advertisers will pay less if it is only shown on subscription channels.
I actually already subscribe to sky sports, so it's not going to affect me that much. However, I can't get 'real' sky in my flat (I only have one sat feed, sky hd requires 4, sky+ requires 2,), so I have Sky player, so I won't be getting these races in HD, nor will I be able to record them, nor pause/rewind, have to turn my computer on and pray silverlight doesn't crash for 2 hours.
The 'revolutionary' features Sky will offer will be similar to BBC - the main feed will be identical, since it will simply be the same 'World Feed' offered to all broadcasters, and we'll have perhaps some more car feeds (again, not for me and my streaming though). I guess this year will be the only season I get a complete HD race archive.
I also don't buy this 'we had to do it or they'd have got the lot' argument. FOTA simply would not accept F1 solely on Sky, so Sky had no chance to whip the rug from under the BBC. More likely is that by allowing Sky this deal, they avoid ITV getting the rights, although even that is tenuous - ITV are more skint than Auntie.
If you live in the UK and never look at the BBC channels, radio or internet sites
You either don't have a TV, are lying, or suck only from the Murdoch teat.
If it's the latter, given you already pay between £240-£720 a year for TV, I think you can afford to pay for that stuff you don't watch.
It is a tax on receiving broadcast TV or radio. If you don't watch broadcast TV, you don't have to pay.
Subsidies
There is a subsidy going on, but it's BBC Worldwide (wholly owned subsidiary of the BBC) monetizing content in order to subsidize the BBC, so that license fee costs do not go up. Just under a quarter of the Beeb's income comes from flogging stuff to foreigners.
I may get downvoted for this, the BBC is a national treasure, much more so than Stephen Fry. It provides a unique voice for Britain in the world, and produces high quality programming, with a requirement to produce educational content, like the excellent natural science programmes produced in the last ten years (Life, Blue Planet, Wild China etc). It must continue to be publicly funded to provide this globally unique situation.
Posted in Ten... in-ear headphones
Pretty poor selection
Look, I know its nice having these manufacturers throwing you a bone with £400 in ear headphones to review, but most people don't live in that world.
Personally I've used Sony 'bass boost' in ear headphones (MDR-ED21LP). You can get them both online (£10-15) or in most electrical stores (£20-30). The sound is crisp and clear, plenty of the afore-mentioned bass boost. No volume control, no mic, doesn't make you sad when the cable frays and you have to replace them (as has happened to many of my Shure owning friends).
I was really hoping for a review that would suggest alternatives to this kind of 'phone.
@Graham Bartlett
Well, he did use his own money, so no-one minds right? Oh, they still do? Oh well.
Posted in Canon crossbreeds mouse with adder
Sinus?
How would you get a nose cavity into a computer mouse?
Oh, you mean sine and cosine..
Re: Status Quo
If you are truly fighting the Status Quo, my top tip would be to take out Francis Rossi first, he's the dangerous one. Rick Parfitt looks scary, but he's a pussy cat really.
Stop calling me Shirley
I've never played with any truly big iron, but every single UNIX like server I've ever used has never required a password to boot up.
If you are at the console, you can reset the machine by interrupting power or the reset button, and getting a single user root shell is trivial:
* 'boot -s' at boot prompt for most BSD variants
* append 'single' to the kernel line in GRUB
* 'linux single' at the LILO boot prompt
* 'b -s' from the Solaris boot prompt
* 'boot -fl s' from Tru64 boot prompt
None of these will require a password to boot into single user mode. The point is, if you can access the machine or the machine's console, you already have full access to it.
On the tube?
One of the few pleasant things about going on the tube is that you don't have to listen to Charmaine's idiotic conversations with her matey. Of course, if they don't add sound proofing to the trains, no-one will be able to hear them anyway.
Re: well..
You have misunderstood the issue. The issue is that a bug in the NAS's handling of the appletalk protocol that Lion uses causes the NAS to crash. The bug is clearly on the NAS, even if the bug is only exposed once exposed to Lion client.
Appletalk support is provided by the netatalk package, which on this NAS is netatalk 2.1.x, which supports AFP 3.2. Lion uses AFP 3.3, which netatalk 2.1.x gets wrong and crashes.
Delayed or postponed
A 'delayed event' refers to a scheduled event happening an unknown amount of time in the future.
A 'postponed event' refers to a scheduled event that has been rescheduled to happen at a precise time in the future.
Eg, 'The flight was delayed for 4 hours, before they gave up and postponed it until 9am tomorrow'.
Ergo if LulzSec had postponed the release, they would have announced when it was rescheduled to be released.
Of course, you can also have 'indefinitely postponed', which would be a delay.
I <3 English
Posted in Apple ups Mac Mini spec, lowers price
Re: Media PC
A media PC that can't play blu rays or DVDs.
Disingenuous
OS X Snow Leopard -> OS X Lion is analogous to Windows Vista -> Windows 7, which cost me a damn sight more than £21.
Security updates on both Windows and OS X are free of charge, it is the major/minor revision bumps you pay for, on both OS. IE 10.6 -> 10.7 costs, 10.6.1 -> 10.6.8 does not.
The Sky tax
You seem to have forgotten that Sky have to pay an obscene amount of money to get those rights - £1.3bn over 3 years. This has to be recouped from advertising and sub fees, of which a large part are paid for by pubs wishing to show live footy.
Judging from my high street, most pubs seem to want to do this to increase footfall, so bitching about the costs seems unnecessary - there is no universal human right to watch football in pubs, pubs can choose to show it or not show it - it is no more extortion than a pub in London having to pay high rent.
<body>
Well, certainly the Lib Dems. You can normally rely on the Tories to not over legislate, it makes it harder to make money.
Get any lefties in for any long period of time, and they tend to start thinking they can legislate the perfect society, qv 97-2010, 74-79, etc.
