Feeds

* Posts by Evan Essence

266 posts • joined 20 Dec 2010

Page:

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Evan Essence

Re: Not in 4.3.11, dating from April

Yes, I've just posted to that effect (before seeing your reply here!)

0
0
Evan Essence

Re: Not in 4.3.11, dating from April

Ahahaha! I didn't read the comment immediately above mine before posting! With the correct test, I see I really am vulnerable.

$ env X="() { :;}; echo busted" bash -c "echo stuff"

busted

stuff

1
0
Evan Essence

Not in 4.3.11, dating from April

My Ubuntu system uses bash version 4.3.11(1)-release (says "bash --version"). My executable dates from April 23 (says "ls -l `which bash`).

Yet the test in the article shows my bash (from April) isn't vulnerable to Shell Shock.

The advisory says bash through 4.3 is vulnerable. I'm not entirely clear what "through" means, but evidently some time after 4.3.0, there was a fix released such that 4.3.11 is not vulnerable.

The advisory makes it clear that the recent bug discovery was really made only recently, so I'm very puzzled as to why 4.3.11(1)-release isn't vulnerable.

Was the Shell Shock bug fixed accidentally, somehow, before April 23? Or did someone spot the exposure and quietly patch it over? Who made the fix? Someone at Bash Central, or Debian, or Canonical? Which versions, exactly, after 4.3.0 are not vulnerable?

5
0
Evan Essence

Re: Always been there or new?

Article says it's been present since 4.3.

No, the article says The vulnerability is present in Bash through version 4.3, which is somewhat ambiguous, but means basically up to 4.3. The article also says the bug is 22 years old.

17
0

Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app

Evan Essence

Re: "Khaaaaaan-

I can't get behind that!

0
0
Evan Essence

Re: Not hearing a word against Shatner as a singer....

I bought the album!

0
0

BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled

Evan Essence

Re: Perhaps the BBC might want to come clean about the full extent of the problems?

The News site was unaffected.

1
1
Evan Essence

Re: Perhaps the BBC might want to come clean about the full extent of the problems?

I think the amount of information given out during and after an outage is inversely proportional to the size of the organisation concerned. Expect nothing from the Beeb, even assuming they know, or will know, the reasons themselves, considering there are practically no in-house techies.

3
1

Listen: WORST EVER customer service call – Comcast is 'very embarrassed'

Evan Essence

Re: Amazing patience

The story says he only recorded the last eight minutes or so. There's nothing great about the quality – you can hear from the room echoes the phone was on speaker and the recording was made with a microphone. Giving the rep some rope? Hardly, when the rep repeatedly interrupted him.

7
0
Evan Essence

Re: This is NOT an aberration...it is how these people do business

@BlueGreen - Exactly why I avoid shopping in Holland & Barrett...

3
0
Evan Essence
Pint

Entertaining

Maybe Comcast is embarrassed, but I found it hilarious! At one point, Block asked sarcastically if it was a joke. I thought he was remarkably even-tempered (though we don't know what occurred before he started recording).

4
1
Evan Essence

Re: Just refuse to discuss it

You clearly haven't listened to the recording.

12
1

UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill

Evan Essence

Re: Is their a list ?

There's a list now on the Open Rights Group blog.

I confess I hadn't heard of most of them, but there was no great surprise about the ones I had heard of. David Davis, of course, and – yet again – Caroline Lucas is a national hero.

The only surprise to me was Nadine Dorries, but I suppose she's nothing left to lose, really.

9
0

Super-snoop bid: UK government hits panic button on EU data retention ruling

Evan Essence

Re: Help!

I'd never thought I'd say this but "Help us Nick Clegg, you're our only hope."

Backed up by, god help us, David Davis.

7
0

NHS slammed for MAJOR data blunders as scale of patient info sell-off is revealed

Evan Essence

Re: Technical solution

I think they have a purely financial agenda

That's not true. From http://www.hscic.gov.uk/dles:

The HSCIC is publicly funded and we therefore operate on a cost recovery basis. We do not charge for data itself but do apply charges to cover the costs of processing and delivering our service.
Check out the charges. They're not going to make a profit on this.

0
0
Evan Essence

Technical solution

That the HSCIC actively pursues a technical solution to allow access to data, without the need to release data out of the HSCIC to external organisations.

This. It should be right up at the top of the list of recommendations. Do this, and the other recommendations become less vital, or even irrelevant.

All "clearly identifiable", "anonymised" or "pseudonymised" data should be held strictly on HSCIC premises and equipment, and only processed at arm's length, with incoming queries and outgoing reports strictly vetted by the HSCIC.

All truly aggregate data can be openly published, in accordance with the government's welcome commitment to open data.

There's a prevailing tacit assumption held by many bureaucrats and politicians, which should be challenged, that the only way to handle data is to pass it around on USB sticks, or DVD discs, or something, and process it with Excel. It's this kind of ignorance that leads to unencrypted laptops full of sensitive data being left on trains.

4
0

Still using e-mail? Marketers say you're part of DARK SOCIAL

Evan Essence

Re: For added irony, on the story's page

I have ABP turned off for El Reg so I can help pay my way.

I just had a look at The Reg with ads on to see what it's like. Yep, full of blinking and animated, in other words distracting ads. Sorry, the ads stay blocked for me.

9
0

Scientists warn of FOUR-FOOT sea level rise from GLACIER melt

Evan Essence

Re: "Scientists warn of four-foot sea level rise as West Antarctic glaciers melt"

Maybe people, like, stuck their fingers in their ears the first time?

6
6

Privacy bods win court battle: UK HMRC must 'reconsider' silence over FinSpy spyware probe

Evan Essence

Re: Ha ha ha

Ha ha ha, indeed.

There's still time to sign the 38 Degrees petition before it's handed in to HMRC tomorrow. Over 250,000 signatures!

1
0

NHS patient data storm: Govt lords SLAP DOWN privacy protections

Evan Essence

Wired

Data's not being sold

The article you reference says:

Who can access the data?

Information from your Care.data record will be made available to organisations within the NHS (such as commissioning bodies) but also outside of the NHS, potentially (subject to approval) to pharmaceutical companies, health charities, universities, hospital trusts, think-tanks and other private companies.

So it can be sold.

3
0
Evan Essence

Re: Please share my medical details, far and wide.

So for me, If I'm mangled in an accident, I want any hospital in the Country to be able pull up my records and see this. I also want my record out there being used in any studies that may help to find medications that bypass my condition.

care.data and the Summary Care Record (SCR) are two entirely separate projects.

Your first sentence quoted refers to the SCR; the second to care.data.

3
0
Evan Essence

Re: Talking to Patients

See also medConfidential, as mentioned in the article.

0
0

UK.gov data sell-off row: HMRC denies claims it'll flog YOUR private info

Evan Essence

Data Sharing is not Open Data

@open_paul

The similarly-named, but independent, Open Data Institute makes the point:

One of the disturbing trends that we’ve noticed over the past year is the government justifying data sharing as if it is part of satisfying wider open data policy.

Data sharing is not open data.

Maybe you should have "reached out" to them. Or to the also similarly-named, also independent, Open Rights Group.

1
0
Evan Essence

Re: Daily Mail?

@pepper -

I wonder if he's made any edits on Wikipedia?

1
0
Evan Essence

Re: Ahem

That makes it all right, does it?

2
0
Evan Essence

Petition

I suppose it's just a coincidence they've made this announcement when there are currently over 170,000 signatures on the 38 Degrees petition calling on HMRC not to sell off our tax details. Hmm?

6
0

Up to 500 GP practices to test plans to share patient data

Evan Essence

Fume cupboard?

Fume cupboard, my arse. The only correct approach is total remote control: researchers submit queries, which are examined and scrutinised and vetted, and then receive the results of these queries, after they've been similarly vetted.

select * from PatientData

would be right out.

2
0
Evan Essence

Re: 500 - How many!!!

And the "trial" will proceed at the same time as the "consultation".

5
0

BBC hacks – tweet the crap out of the news, cries tech-dazzled Trust

Evan Essence

Re: Disappointed by the BBC recently

"Are you affected by the return of the dimpled pint glass? Write and tell us."

3
0
Evan Essence

Re: How to make news popular?

Have you seen the BBC News page recently? I can't believe you have. Most of the space is "Features", "Magazine", "Most Popular", and other dumbed-down stuff. What's "Most Popular" right now? The Return of the Dimpled Pint Glass.

One good thing - they block people in the UK from looking at bbc.com, because that's even more dumbed down.

2
1

DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6

Evan Essence

Re: is this what.....

Co-existence is kinda tricky...

I'm running on a dual-stack machine right now – all modern machines are. I can talk to IPv6 hosts, and equally talk to IPv4 hosts (such as The Register).

3
0
Evan Essence

Re: Networking's answer to Windows Vista

If it's non-routable IPv6 addresses you want, you want unique local addresses.

3
0
Evan Essence
WTF?

IPv6 Forum

What's up with the IPv6 Forum site? Many of the pictures are squashed down or squeezed in and the home page is tediously long. And was there supposed to be a link there to the UK IPv6 Council?

0
0

Think-tank to infosec: You're doing it wrong

Evan Essence

Re: "I can feel it coming in the air tonight"

... outsourcing...

1
0

WTF happened to Pac-Man?

Evan Essence

Bonobo playing Pac-Man

https://www.youtube.com/watch?v=IaMFRV9_EXw

The bonobo is called Kanzi.

2
0

OpenSSL bug hunt: Find NEXT Heartbleed, earn $$$ – if enough people donate cash

Evan Essence

Re: Too good to be true...

Ouch indeed, if true, but the Campaign Description says (also quoted in the article):

100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation. Bugcrowd will administer the bounty at it's [sic] own expense.

0
0

Snowden-inspired crypto-email service Lavaboom launches

Evan Essence

Re: Their web page is already snooping...

Another way: Ghostery.

Edit: I see it's already been mentioned, but here's a handy link.

0
0

Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month

Evan Essence
Flame

Tragedy of the Commons

Yet offering even this limited free service has been an increasingly heavy burden for Dyn, Hitchcock wrote, in no small part because abuse of its free service by spammers, botnets, and other miscreants often leads to retaliations that also affect its paying customers.

So the tragedy of the commons continues, relentlessly. If there's some small part of the Internet to be exploited by scumbags, bottom feeders and fucktards, fuck it over they will.

4
0

FCC doubles 5GHz spectrum in prep for one-gigabit Wi-Fi

Evan Essence

Re: I'm not sure what to make of that analogy.

Peanut butter and Marmite is the way to go.

0
1

New IPCC report: 8 ways climate change will throw world INTO PERIL

Evan Essence

Let's do nothing and see where we are in 1,000 years' time.

16
0

Middle England's allotments become metric battlefield

Evan Essence

Re: Get a life...

Wow, you're not wrong.

13:00: Experts say currents in the area are generally moving in a north-easterly direction, at about 24 knots a day, but different objects can drift at different speeds, according to the Washington Post.

http://www.bbc.co.uk/news/world-asia-26704101

0
0
Evan Essence

Who are these clods?

I started school in the 1950s and I was never taught about poles – inches, feet, yards and miles were all we needed. Who are these people, so attached to this mediæval unit? Get with the plan, people, and use units everyone understands. That means square metres.

4
2

ROBO-SNOWDEN: Iraq, the internet – two places the US govt invaded that weren't a threat

Evan Essence

It had wheels, which you can see in the photo. They were remote controlled by Snowden. OK?

1
0
Evan Essence

Re: Stay tuned...

@ JahBless - The report about MYSTIC was from the Washington Post, not directly from Snowden.

1
0

NSA spies recorded an entire COUNTRY'S phone calls for a MONTH: Report

Evan Essence

I'm sure James Clapper will explain everything, then we can all quit worrying.

0
0

Web inventor Berners-Lee: I so did NOT see this cat vid thing coming

Evan Essence

Re: A few notes.

And he didn't only put the technical bits together. He sold the idea to management and got people to actually use his invention.

2
0

Slash tuition fees for STEM students, biz boss body begs UK.gov

Evan Essence
FAIL

Meh

There's been a perennial so-called "skills shortage" for the last 50 years. And the CBI have done... what? since they were formed in 1965?

0
0

BT's IPv6 EXPIRED security certificate left to rot on its website

Evan Essence
WTF?

They got their IPv6 site working then?

Last time I looked, a couple of years ago, accessing www.bt.com over IPv6 it just hung.

1
0

Ill communication delays NHS England's GP data grab for six months

Evan Essence

Re: Why does anything identifiable need to leave the GP?

@James Turner - I don't doubt what you say is true, but I haven't seen this explanation before, least of all on any NHS/HSCIC Web page, and I've been reading quite a few recently.

They'll have to get a lot more open and honest before they're getting my data.

0
0
Evan Essence

Re-education.

0
0

Page: