74 posts • joined 13 Feb 2010
Re: Had to happen
Hmmm... not sure if joking or just Ballmerizing.....
Had to happen
It had to happen sooner or later. I hope they find the details on this thing and publish them soon, I'd like to see what common components between Linux and Apple's BSD/Mach mashup they're using.
Of course, it could turn out that this thing must be manually installed or that it only runs in user space... in which case it's not a yawner but less unexpected.
And I do suppose the envitable MS vs. the world flame war will erupt in 3.... 2.... 1....
Re: New York to London in less than 1 hour?
Reminds me of the joke that was circulating during WWII:
An American soldier is bragging in an English pub about how great Texas is: "Why in Texas, you can get on a train, ride all day, sleep all night, ride all day, sleep all night, and you're STILL in Texas!" One of the locals gets up, walks over, pats him on the shoulder and says sympathically, "It's all right, we have trains like that in England too."
Cue all the sysadmins....
....who've been complaining for years that no one pays attention to security. Security is not an afterthought, it's something that has to be baked in to every stage of the design process of anything that is expected to survive in a hostile environment, which definitely includes any communications gear.
Funny how back when I was in the service I grumbled about reliance on GPS and I was told I was being paranoid.
As we said when the drone videos we found.... unencrypted streams? WTF? If you can't encrypt it as is, stream a low-res version that can be and bring the raw take back to base.
And before the usual Windows/Linux/BSD flame war starts, can we just note that some are better than others but all are flawed and move on?
Need my armor
I use Chromium for my grad school email since the university has been assimilated by Google anyway-- and it's nice and fast though I dislike the UI-- but until I have NoScript/AdBlock/BetterPrivacy/RequestPolicy on Chromium... they can have my Firefox when they pry my cold, dead, fingers away from it.
Can we avoid the inevitable "You didn't mention Opera!" "Only losers use Opera" flame war and stick to actually figuring out if there's any merit to this study? I mean they didn't test the browsers' Linux versions either (believe it or not there are people who actually run IE on Wine. No, I can't figure it out either unless you're a developer and then a VM would probably be easier) but hey, let's deal with what we have, OK?
Good lord, why not get it from the people who actually wrote it?
Of course if it's Adobe or Java you're still hosed.... but that's why you always take the "custom" option for install, to get rid of the useless fripperies (AVG, oh AVG, why hast thou bloated the everliving crap out of thy software?)
Glad I'm off Windows and can just find the official repo... but not everybody has that option.
.... has performed an illegal operation and will now shut down.
[sound of sirens]
Not so fast...
I'm as big a fan of Linux as anyone out there... and I refuse to have a Windows machine, BUT... this kind of rootkit would work against a Linux machine too, and a good Trojan can still trick the user into installing it.
In this case we should be working together to detect these kind of shenanigan instead of flaming each other.
To use the aviation analogy-- with "cyberwarfare" (I hate the term, but oh well) we're still in 1914: buzzing around, mostly doing recon, and heaving the occasional brick and/or hand grenade.
That being said, if we persist in keeping our fingers in our ears and singing "LALALALALA--I CAN'T HEAR YOU" and continue connection every stinking thing we own to the Internet, we're setting ourselves up for real disaster, and the longer before it happens, the worse it will be. Unfortunately, I am not optimistic. Mention security to otherwise informed and intelligent people, whether in industry or academia, and you get classified with people who believe in mind rays. Not promising if we're going to fix anything....
Agreed. I used to work at a local retail/repair shop where we also built new PCs. In theory, we could put whatever OS we wanted on the system, but if we put anything other that Windows on our new-build machines, we would lose our "discount" and any hope of being able to sell the machines at a competitive price (already difficult since we used quality hardware with solid manufacturer's warranties as opposed to the flimsy crap in the big boys' systems).
So... of course you can disobey MS, but you'll go out of business if you do. Unfortunately, they can say they weren't "forcing" us since, in theory, we could do whatever we wanted. In practice, you obey Redmond or go bankrupt....
Only if you have that option-- which you may or may not be given. From what I've seen, you won't have that option. FSF opposes this form of secure boot because it's not GPL-compatible... I doubt they'd care if it was, since then they could incorporate it into their software.
Yep. And I don't see anything about being able to point local FF installations to an alternate server hosted within the organization-- now that would be nice but, of course, FF doesn't have Group Policy tools for stuff like that. Fortunately *nix orgs can change repo lists, but, as usual, Win users are SOL.
Yes, I know there are third-party tools for FF. If your org lets you use whatever you want, fantastic. Unfortunately a LOT of orgs require a painful approval process (or refuse to approve other software) which makes using them unlikely or flat out impossible.
And (if you're running Windows) unless you've imaged the drive or have the original restore disks, have fun tracking down goofy drivers for the hardware... used to fix computers at the retail level for a living and I hated seeing busted laptops-- the customer NEVER had the restore disks or a backup and some of those websites seem to have been organized by 1) taking all data for the site, printing it out 2) placing the pages in a ring binder with the rings open, 3) throwing the binder down a flight of stairs and (profit?) using the ensuing mess as their site map.
Thank you for a great post! I couldn't agree more... when I did lock down a Win2k3/XP nextwork (and got the results to prove it worked) I was constantly battling not simply the classic PHB/secretarial types but people who should have known better-- someone actually had the gall to email me that, as a network admin, he should be exempt from proxy restrictions (mostly social networking/streaming media blocks) and other measures because he and his cronies were the "heart and soul" of the organization... yeah right.
Of course, if you're going to lock down a network, you'd better be ready to run, not walk, to make sure your people do have what they need to do their jobs. And if you use bad passwords or don't restrict access to sensitive information, no OS in the world can save you or protect you.
As far as the Win/*nix debate is concerned-- yes, Windows can be locked down to a reasonably secure level, but it takes a LOT of work and you'll have to be ready to tweak some apps (usually just adjusting permissions on Program Files folders) or they won't work. *nix, on the other hand, is generally much easier to lock down, and very few applications will break, which suggests it's more secure out of the box, and much more amenable to lock down.
Still not convinced? Take two VMs, put Vista or Win7 (with UAC fully enabled) on one and Ubuntu (deliberately choosing one of the least secure *nix variants) and do similar stuff-- how often does the UAC come up vis-a-vis the sudo dialogue on Ubuntu? Yep. Windows is indeed poorly designed and requires far too much user access to sensitive areas of the system.
Hopefuly they'll be as open and honest as apache was when they had their problems; those articles were a very interesting read.
...the nice thing about a helicopter is that (provided the pilot is properly trained) you can make a safe autorotational landing in a VERY small space and from a low altitude. For your typical light utility helicopter, a decent parking lot will do if there's a clear approach.
Of course in a built up area wire and such are a huge issue but that applies to fixed wing too...
...are on my no pick up list. (Did I mention I flew SAR back in the day?)
Actually this bird is probably not much more complex than other twin-rotor designs; CERTAINLY it has fewer moving parts than the Osprey (which according to my sources can neither glide NOR autorotate, leving the poor SOBs inside flying a Frigidaire if they have a dual engine failure).
Read up on conventional eggbeaters/coax helicopters, then read up on ABC and this project... they look the same but this works differently. Most coax birds (like the Kamovs) use the superimposed rotors to create a much more compact layout thanks to the rotors being smaller and no requirement for a tail rotor-- all very handy if you're putting your helicopter inside a bitty little hangar on a ship. These designs have conventional flapping blades without the refinements that let this bird go so much faster.
That will be nice.....
...if you can write your own patches/fixes. Unfortunately when MS drops support you're going to be left in the lurch. :( Personally, I wish the gov't would actually do something useful and pass a simple law: if you've charged people for your software you must either 1) support it OR 2) open-source it so legacy users can continue to maintain their systems. If keeping their code secret is so important, they should continue patching it, end of story.
Since that's not going to happen, I'm encouraging all my friends who are running XP to at least give Linux Mint a spin before shelling out for a pricey Win7 box... It's not like they're losing money if they don't like it.
You CAN find Reader MSI installers--not easy (unless you sign up with them) and you have to be VERY careful about your source, but it is doable (if still a huge pain).
Even if it was a number or years (or decades) we're still looking at en extremely brief period. In addition, I've seen that some paleontologists don't think that it was JUST the meteor-- the impact was more the cherry on a cake that had been building for some time. According to these guys, the Deccan supervolcano (erupted sometime between 60 and 68 MYA so right in period) and the establishment of a land bridge between what would become Europe and North America (allowing the spread of new diseases and invasive species) had already severely stressed the overall ecosystem in a kind of "perfect storm" scenario. If there was already a dieback in effect in the time leading up to the impact, that can explain the lack of fossils (in addition to the reasons listed above).
Come on... everybody knows how to spot "little people:"
1) Watch your cows/sheep
2) If one or more suddenly rise about six inches and take off at high speed (maybe backwards) with moving their legs, you have an infestation
Nuke the site from orbit...
...it's the only way to be sure.
DoD wipe the whole drive and reinstall from clean media-- and hope you've got a good data backup.
But but but but
That was inconvenient! You had to open your case and set a jumper to flash the BIOS! The horror! The horror! Yep, convenience strikes again.
You should care
I use (and love) Mint as well but we do CANNOT be complacent. In the first place, while Linux is head and shoulders above Windows and/or OSX, it is not perfect nor unassailable--and tools that exist to attack Linux servers can be used to attack Linux desktops.
That being said, if we do pay attention to the threat and encourage the community to improve security, there's no reason we can't stay out of the realm of low-hanging fruit or even (gasp) produce a reasonably secure operating system.
Easier than poking around in the registry--especially for people who, like a lot of my friends, don't know a hex from a USB mouse.
"Okay open file thatapp.conf"
"Find the line that says ThatSetting"
"Wait... no... no... Oh I see it."
"Change 'No' to 'Yes' and save the file"
"OK... done. Wait, that's it? That was easy!"
"Yep. That's why I made you buy me the beer first."
That would work if Windows made any sense
Unfortunately Windows is constantly changing itself and tools that do that kind of thing tend to overwhelm you with false positives (and that's a shame). Maybe if it just looked at the MBR....
So has any good come of all this?
I can't wait until we get some good post-LulzSec studies to see if all this publicity has resulted in more attention to security...
Before you make any assumptions....
...realize that some of us aren't allowed to use the tools we would like. I'd elaborate further but why expose myself to another barrage of mistaken assumptions and abusive language?
And this is why I'm not surprised
Exactly--no Group Policy plugins make Firefox (unfortunately IMO) unsuitable for enterprise use if your enterprise uses a Windows environment (and let's face it--as much as most of us would like to change that, the desktop will be mostly Windows for the foreseeable future). As an admin, I need to make sure the users aren't misbehaving or getting pwned (the proxy is awesome, and I use other tools, but locking down the browser is an important line of defense) AND I need to be able to push updates without disturbing the users... Given that they've never bothered to put out tools for this, it comes as no surprise that enterprise support is not a priority at Mozilla.
Just goes to show--they must be offering good support or people wouldn't be renewing. Open Source can and is generating profits.
Real reform needed
For software patents, require source code--remember that hardware patents required full blueprints precisely so that everyone could know it wasn't BS and so that once it expired anyone could make it.
As far as this bill is concerned, if P. Leahy likes it it's probably a bad idea :(
Agreed--worrying and a tough call.
This just highlights the need for the conversation about security to get out of the geek community and hit the mainstream. On the one hand, I am extremely concerned about any government or private agency reaching into anybody's computer without their informed consent (Google, I'm looking in your direction), but on the other hand these bots (and other malware) are endangering innocent users and the very Internet we all depend on. What is even more unfortunate is that nine times out of ten discussing anything like this with an ordinary user gets you a shrug and a "meh." So... at what point does ignorance cease to be an excuse? And, as has been asked above, at where exactly is the line between dodgy and flat-out malware? These are NOT easy questions and drawing the line in the wrong place could have catastrophic consequences: too slack and the web gets overwhelmed by the bad guys, too tight and we have Big Brother (if we don't already--if the governments of the world were less clueless we'd already be boned). We must broaden this conversation if we're going to get anything resembling a workable solution.
Your right in principle... but the legal system IS an issue
What we're seeing is old-school (i.e. pre-1776 and Adam Smith) mercantilist thinking-- competition as a zero-sum game. This is the thinking that cost England its American colonies by trying to restrict trade in the name of keeping the resources on the other side of the Pond to itself. If a significant number of enterprises adopted this model, everyone would benefit as there would be a Darwinian process where the good bits multiply and the bad bits die. Who knows, you might even see enterprises agreeing to save money on software infrastructure by working together so they can get on with selling oil/cars/toothbrushes/whatever. Then competition would happen on the basis of who has the better product not on who has the least buggy code.
Unfortunately, as long as the patent system remains broken (ironically, the US patent system was originally designed to promote innovation rather than stifle it) and as investors abuse due diligence lawsuits there will be legitimate fears that will prevent open sourcing of code.
Sound like an idealist pipe dream? So was free trade in 1776.
You're right but good luck in front of the judge....
Wings for emergencies?
Not sure about the lifting body part... I realize the Shuttle never used the cross-range capabilities, but, in addition to the military applications, wouldn't it give more possibilities for landing sites in case either something bad happened while in an inconvenient part of the mission or if you had freak bad conditions at the normal sites?
Lewis is back!!
Thank you for taking Lewis off the decaf! It's been a long time since we've had him in full Apocalyptic mode and I, for one, can't get enough! Don't get me wrong, I enjoy all of his articles, but seeing him unleash his full powers rocks.
Oh and I hand wash my dishes (within 48 hours or so...) so nyah nyah nyah!
As noted above, they support first responders as part of their defensive role... and a serious terrorist strike is exactly where this gear could make all the difference... and let's face it this sounds really, really cool.
This is not the same
Radio comms are OK for command and control--but this system (if it works) makes them far more effective... compare:
"Where are you, Jim?"
"Not sure...upstairs... wait third bedroom"
"Ummm Two rooms behind."
"Crap. Bob, turn left and go to the third bedroom"
"Crap somebody find Jim!"
WITH NEW GEAR:
"Bob you're two rooms behind Jim, go left--no your other left-- good pass two doors."
"Jim, your heart rate is up--you OK?"
"Jim get out now!"
"Bill, Jim is in trouble and he's three rooms down from you..." etc etc
Just knowing where your people are takes away a LOT of the fog of war (or smoke of fire)
I must agree with Tomas
Where the effin' heck are their offsite (or at least offline) backups (I know, I know, huge files tons of data blah blah blah... still...).
Of course, maybe, just maybe, you the customer should have a backup of what you upload??
So, friends, do you STILL want to outsource your enterprise? How is that hopey-cloudy thing working out, eh?
"Notarized documentation??" You mean like a stamp on my monitor? Sure... right next to my blonde secretary's whiteout!
See private property posts above....
Yeah, I know, none of us read the fine print on our tickets (oops am I showing my age regarding paper tickets?)... but these planes are private property. That means that (as long as they're not asking for anything illegal) the owners of the plane can set whatever rules they like--and can remove you if you refuse to comply (preferably while the plane is on the ground). It's like the bars having the sign that says "We reserve the right to refuse service for any reason whatsoever--punk!" Maybe the saggy pants brigade should pool their own money and found their own airline where they can hobble about to their heart's content (speaking of which... how's that naked airline doing?)
I'm not a scientist either, but a complete wild guess: as trees lose their leaves and smaller plants die in the (Northern hemisphere) fall each year, less CO2 is absorbed? Might be interesting to check if there's a smaller spike (given less land area) when fall hits the Southern hemisphere....
Not so simple
The Wall Street firms are so interlaced with the government (even before the bailout, which has just made things worse) that it's more a case of cronyism than capitalism.... again, follow the money in both directions--bailouts for stupid (partially government-induced--see the CRA and Dodds) behavior AND campaign cash. :(
Subsidies and such are a way of gaining leverage and control--NOT the same as getting out of the way and letting private enterprise get on with it.
Follow the money--and the lobby
These guys have a big fight ahead. NASA never wanted to let anybody in on their cushy monopoly on space activity; it took serious leaning on NASA and the FAA from the Bush administration to even let these guys (and people like Virgin Galactic) get off the ground... and now that we have a pro-government anti-enterprise administration in place there's a very good chance the screws are going to be tightened once again. NASA did great things in its time (and still does occasionally-look at the Mars rovers) but they need to go back to what they originally were for: cutting edge technology and research, not lofting satellites and/or people into low earth orbit--there's money to be made there if the private sector is unleashed. Unfortunately doing so will threaten their bloated administration and the streams of taxpayer dollars.....
Thank God we didn't have this level of control in the 20s and 30s or we'd still be arguing over whether our fabric-covered biplanes (though with carbon-fiber ribs) meet safety regulation #75635453 sponsored by Senator Bob from the state with the biggest sailcloth industry.......
Of course they do....
and we've all heard about it because it's been so successful....
"Hey this is really safe!"
"But then people will be inconvenienced and won't be able to run old applications...."
"Oh. Disable it then."
A fiat currency (virtual or paper; as if there's a difference these days) relies on people believing that it's worth something--so sure, the more people believe, the more stable it will be, and it takes a Soros-sized manipulation to screw around with it as an individual. However, there is still the problem that fiat currencies rely on faith alone... which is why currencies that have been successful in the long term are backed with gold or (less stably) silver--if you get antsy you can (at least in theory) march into the back, plunk down that piece of paper, and get a chunk of precious metal you can take home. The funny thing is that when people know they can do this, they rarely actually do it, but the currency is much more stable. Unfortunately, after World War II the influence of Keynesian economics tempted governments to move away from backed currencies to fiat currencies so they, being the government, could print more money whenever they wanted to buy the votes of the indolent, ignorant, and unproductive, and we are now paying the price, both with the Euro and the dollar.
Before everyone downvotes me, a couple of points: 1) I am aware that both the gold/silver standards and the move away from them are more complicated than what I've just stated--to the point where technically we're not quite at fiat currencies--but the basic principle holds true. 2) I realize that backed currencies are NOT immune from manipulation--just look at the Byzantine devaluations; but at least it takes a government to do it... you don't have Soros moments when your currency represents something real, and government manipulations are very clear to all... much more difficult to pull Fed type smoke and mirrors
OPSEC is OPSEC
Like it or not, there ARE people out to get uniformed personnel. In addition, while the little bit of information you hand out may be insignificant, when taken in context with all the insignificant bits of information everyone else is letting slip, the bad guys can get a surprisingly complete picture they shouldn't have....
And that doesn't even get into the issue of systems getting infected by dodgy social networking games...
Silence is golden.
I wanna dance with an assault rifle! And bandoleers! Please?
Paris cuz she knows the value of cool accessories.