* Posts by eulampios

1219 posts • joined 10 Aug 2011

Page:

Microsoft's dodgy new Exchange 2010 update breaks Outlook clients

eulampios
Bronze badge

@ Awil Onmearse

>>"sudo apt-get install update && sudo apt-get upgrade

Job Done."

No it isn't :P

What else is there to be doe? Please, enlighten us.

0
0

Linux software nasty slithers out of online watering holes

eulampios
Bronze badge

@ ElReg!comments!Pierre

>>It changes that you can run it. How, so? I can run tcpdump too:

ls -l /usr/sbin/tcpdump

-rwxr-xr-x 1 root root 962544 May 25 2013 /usr/sbin/tcpdump

Again, what difference would that make? I can pretty much run any executable in /sbin or /usr/sbin

AMOF, most executable in /usr/sbin dir have 755 perms, including the files they link at. I think you and Kasperski people are confused with the fact that some distros exclude sbin dirs from the $PATH variable:

echo $PATH

/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

Hence the filename name of the executable won't be sourced to the shell and you'll get the "not found" error, if the exact path is not supplied.

BTW, the problems arise not from running it or even accessing specific files with insufficient credentials when the kernel sees that the uid != 0, so it wouldn't allow to read the packets. The issue is insufficient capability, not insufficient file permissions.

However: "Reading a saved packet file doesn't require special privileges"

So yes, no problem running /usr/sbin/tcpdump with the "-r" option for any user.

0
0
eulampios
Bronze badge

Re: Maybe it's sudo?

That's the point. Either su, or sudo, or "sudo setcap cap_net_raw+eip' /usr/sbin/tcpdump". What Kasperski "experts" are trying to tell us that you can get a specially crafted binary capable of grabbing network packets when run with a regular privileges. Sounds like a vulnerability when/if were true.

Statically linking libpcap or even using raw sockets won't remove the kernel credentials checking when trying to eavesdrop on the sockets. Granting CAP_NET_RAW capability to the binary is also done by the root -- no luck here as well.

1
1
eulampios
Bronze badge

setcap

I don't know what does the "statically linked" change here. tcpdump can be statically linked as an option. Is it allowing to read the raw and packet sockets and passing the corresponding capabilities checks? No, unless, there is CAP_NET_RAW capability pre-set (with setcap) which by itself requires root privileges.

0
1
eulampios
Bronze badge

Re: So how does it work then ?

>>but use of PCAP requires superuser privileges???

Exactly, it's been the case for some time now. On my machine here:

id -u; /usr/sbin/tcpdump -w $(date +%Y_%h_%d_%M).dump -s 0 -i eth1

1000

tcpdump: eth1: You don't have permission to capture on that device

(socket: Operation not permitted)

tcpdump's man also says:

" Reading packets from a network interface may require that you have special privileges; see the pcap (3PCAP) man page for details. Reading a saved packet file doesn't require special privileges"

The linked article's example shows a screenshot of the process running as root as well.

3
0
eulampios
Bronze badge

Re: Well...

>>Remember that Flash is available for Linux and is required to watch Youtube unless you grab the official Google Chrome.

May I recommend NoScript, FlashBlock, vlc/youtube-dl? Most other flash videos can be sourced via tcpdump /wireshark.

>>Honestly, this is why I have ClamAV's daemon on all my *nix boxes (Linux, OpenBSD and Mac OS X)...

No need for any *antivirus* software, the approach to security that is so prone to both the I- and II-type errors.

0
0

Tough Banana Pi: a Raspberry Pi for colour-blind diehards

eulampios
Bronze badge

Re: Clarification

With any of the available distros, one important fact is that they are all GNU/Linux distros, despite all the ARM SoC mess.

You might find these kernels interesting. The desktop option supports CedarX video decoding. Not sure about Maili/Lima though.

0
0

Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then

eulampios
Bronze badge

@Handy Plough

Are you sure? I think you're mistaken. FYI, gmail is not on the top of the ALL search results when looking for "mail" keyword:

google.com

google.co.uk

google.de

google.ru

As you can see only the German result puts gmail at the top. In the .com and .ru option, you get yahoo and mail.ru,resp., above gmail. So this might indicate that Google do not really put their own products above their competitors, relevance could be their main priority. Interesting, that bing does a similar thing there.

This happens when gmail is the most popular mail service on the planet. So are saying that Google should intentionally underrate their products below their own products promoting their competitors'?

0
0
eulampios
Bronze badge

Re: (un)fair advantage

>>As to buying a PC, a PC with Windows generally costs 50€ - 100€ more than one with only FreeDOS installed over here.

With the same specks? Lucky you, we don't have it here in America. The question of MS Windows Tax is not only about the monopoly of Microsoft it's about the collusion between independent companies. Since, why would you bundle the products of HP and MS, two separate entities? Let MS buy HP or the other way around, or otherwise make unbundling possible (like it was done by an Italian court recently).

>>Should Google be giving its products prominence over others, just because they belong to Google?

In your original post it was more of pushing ads vs relevant information, since you complained about 2 first pages full of eshop links when searching for a phone issue (the situation I I had never experienced myself).

0
1
eulampios
Bronze badge

(un)fair advantage

>>It isn't about buying and it isn't that you can't change search engines...

What this choice or lack thereof is about then?

>>here isn't much choice at all, the others, as I said above, have been next to useless until recently.

Which choice are you talking about now? Is it no choice because it doesn't exist on this planet no-choice, or a user has no-choice because he/she is not presented/informed about one?

>>The problem is similar to the problem with Microsoft.

In my opinion, it's not.

>>...because of that situation, they could use their sway to push other products on you at a disadvantage to the competition.

It is COMPETITION, if you can push the products along with results when somewhat better search algorithm is used. It is fine. If Google ever had an analog to the Vista fiasco, they would have been sunk into oblivion by now. Not true for MS, they have locked so many customers in, "collaborated" with so many universities, schools that even after having fallen so low they still continue to prosper. The cost of using Google search is not bundled with any other cost (with no way to get a refund for it by the EULA, like with the Windows Tax). This again greatly differentiates the two cases.

Yeah, INHMO, I am using LMDE (Linux Mint Debian Edition) here, it's better than Windows in almost every single aspect there. Windows is still preinstalled and imposed on me and other users for our own cost. Just received a call for help from an acquaintance, her recent Windows 8 brand new laptop "got a virus", or simply being very slow. AMOF, her 10-year old breaking apart hardware-wise laptop is still working okay since I installed XFCE Ubuntu on it, 3 years now.

So, point me at the similarities sways that Google and Microsoft implement again?

>>Browser Ballot was a good idea in 1999, by the time it was implemented in 2005, there was already competition and by 2010 it was no longer really needed - yet it still persists today, even though it is pretty irrelevant.

It was anything, but not the best idea. Like giving a speeding ticket to a serial killer.

1
2
eulampios
Bronze badge

Re: which Google are you using, big_D

>>sometimes I'll get good results, then for a couple of months

I can't recall a similar experience you describe. I would hate 2 first pages of ads as well. It's weird though, I am allergic to ads, especially, the obtrusive, idiotic type and I am still okay with Google, a company having their main source of income in ads. They must somehow be doing it in a pretty UNobtrusive and quieter than others for me way. Say, gmail vs yahoomail in their webmail form. Yahoo used to be so bad, I couldn't stand it for a couple minutes, while when I need to get out of Mutt or GNUS, my main email clients, and use webmail on gmail, I can tolerate all their ads!

1
1
eulampios
Bronze badge

(un)fair advantage

>>It is like the sanctions against Microsoft, why weren't they also made against Apple and Linux? Because they didn't have over 90% market share.

Fair and unfair. Here's the difference. A search engine is not imposed on a user. One can EASILY change it to his/her liking. Neither Google nor MS Tax is involved at this point.

Compare it with you buying a desktop or a laptop with 90% + of preinstalled MS Windows having the license cost already included and bundled with the price of the PC. No easy disentanglement of this bundle exists out there, neither MS nor a PC manuf. would reimburse you for the unwanted software.

5
1
eulampios
Bronze badge

which Google are you using, big_D

>>the first 2 pages are usually links to eshops and price comparison sites!

Are you talking about the first 2 resulted links or the the first 2 pages of results?

If it's the latter, we must be using very different google engines.

Here's a few examples: compare

google's wifi+problem+on+incredible

vs.

bing's wifi+problem+on+incredible

Both queries brought almost no ads for me: AMOF, Bing got one and Google did none. BTW, I use Firefox+ NoScript with google.com being allowed and bing.com being disallowed by default. On ff both queries are almost instantaneous. Interesting to note also, that when I use a text browser without js, like w3m, bing is busy with uploading a lot of cookies and takes a few seconds to finish, while google fetches as fast as it does on ff.

2
5

Frisky patent WAR: Samsung seeks to BLOCK Nvidia graphics chips from US market

eulampios
Bronze badge

Who would've thunk, nVidia?

"...all who draw the sword will die by the sword"

0
0
eulampios
Bronze badge

@ inappropriate AC

Sorry but you are mistaken, this article is talking about nVidia as a copycat, so you must be barking up the wrong tree.

3
4

Bada-Bing! Mozilla flips Firefox to YAHOO! for search

eulampios
Bronze badge

Re: Time to duck and cover?

duckduckgo requires javascript to fetch the search queries while google doesn't. Why would that be?

0
0

Azure TITSUP caused by INFINITE LOOP

eulampios
Bronze badge

@Gis Bun

you're misinformed:

Heartbleed affected some applications used on MS Windows as well, GNU/Bash is a cross-platform software too.

No, the problems are completely fixed. Comparing Microsoft with all the *nix systems would be very unfair and incorrect, since MS ship only a tiny portion of what the latter provides.

Please learn more about the topic before making an incorrect statement.

4
1

Patch NOW! Microsoft slings emergency bug fix at Windows admins

eulampios
Bronze badge
FAIL

Re: MS, please help me understand

>>Just installed yesterday security fixes for file, libgcrypt11 and nss in Debian... the problem is not in Windows only, it looks...

Equating every vulnerability with every other vulnerability is a fair play, I am sure.

As well as comparing the complete plethora of all possible software of various sources, an 50+ gig behemoth Debian pan-distribution with a very thin number of isolated software pieces MS barely manages ...

However, we can take that, perhaps though it's just the time to get a Debian Tax instituted instead of the good ol' MS Tax you have to still pay nowadays?

1
0

Behold the Lumia 535 NOTkia: Microsoft wipes Nokia brand from mobes

eulampios
Bronze badge

@Bleu on DLLs innovation

>>except their few genuine innovations, DirectX, DLLs, object linking and embedding

Although you might be using incorrect punctuation and colons are intended somewhere, I'd appreciate if you could share with everyone what exactly innovative was there about the DLLs, object linking and embedding. As for the Dynamic Linking, it's been first implemented even before Unix, since Multics, if I remember correctly.

1
0

Firefox decade: Microsoft's IE humbled by a dogged upstart. Native next?

eulampios
Bronze badge

Re: top -p `pidof firefox`

amof, I also tried opening ten tabs of different el reg articles. That consumed about 1% total.

0
0
eulampios
Bronze badge

top -p `pidof firefox`

I was monitoring the memory usage of firefox on one of my LMDE boxes (2004 P4 Dell E510) after I read Vic's comment. My version of Firefox is always up-to-date. I can confirm that firefox seems to release memory just fine after tabs are closed. In my case ff was using around 17% (45 m) for a dozen tabs. It would release around 1% for every closed tab.

I remember having a memory leak issue 3-4 years ago, however it's been fixed almost immediately when I got aware of it.

It never crashes on me. I have NoScript enabled with variable policies and use vlc or mplayer to watch youtube and other videos.

0
0
eulampios
Bronze badge

@a non-believer AC

>>4.4.4 on an old HTC? Don't believe you.

HTC don't have to do with my ROM, directly. Look for AOSP, CyanogenMod et al

"The official HTC" version for this phone here ends at 2.3.4

Unlock the bootloader, unleash your phone to flash a ROM and version of your choice. It's not some kind of restricted iOS, RIM, WP, you got a choice, you know

5
0
eulampios
Bronze badge

@dellusional AC

>>Well if you are running Linux, you are used to patching and compiling your own kernels, as well as spending hours on a command line fixing dodgy software.

Everyone in my family, quite a few friends/acquaintances run GNU/Linux. It's only me that is occasionally building custom kernels, just for fun. All is rather boring and automated. Linux and Unix people are a pretty lazy lot, everything must be simple, logical and automated. Over-complex, illogical, mouse-clicking tasks are not for us, it's for the Windows geeky brethren :)

>> So you repeated browser crashes (once a day for FF is not uncommon) probably go unnoticed.

It could've not, when ff crashes it opens a window asking to restart its session. On my many LMDE and Debian systems of mine, I can't really recall any crashes for the past couple years.

17
2
eulampios
Bronze badge

Firefox is the most stable on Android

for me at least right now, when teamed up with NoScript (beta).

It's the ancient HTC Incredible with a 4.4.4 ROM here: the old set of drivers embedded in the 2.6.38.8 kernel, as opposed to 3* that people usually get with KitKat.

It's even more stable and smooth than the "native" browser app.

3
1

Microsoft warns of super-sized Patch Tuesday next week

eulampios
Bronze badge

incorrect terminology: patch or simply update (upgrade)?

Why would you call this patch a "supersized"? How much would a user have to eventually download?

Apart from the configuration files, 'patch' in this situation (and when applied to MS Windows in general) is quite a misnomer, since it apps don't receive a patch in the source code by applying the diffs and then get (re)built all anew, it's rather an update when the affected binaries get replaced on the system. Unless MS came up with some super-innovative, theoretical unlikely binary patching technique...

0
1
eulampios
Bronze badge

the thirteenth OS

>>I have worked with an least 12 different OSs and I can't think of one that's as good as Microsoft in the respect of regular..

Why do you need so many different OSes in the marketing department?

>>With Microsoft you don't get situations like the BASH mess that took no less than 4 goes to release a secure fix!

What's "Bash mess" would be MS' bliss (didn't rhyme unfortunately) Even when MS patch BEFORE it's out in the wild, they still get something like conficker with tens of millions of compromised servers. Speaks volumes about their perfect patching credentials. Shellshock got a correct patch within a week anyways, BTW.

>>Yes they occasionally have a bug in a patch - but its not like the OSS mess where they chuck..

Such bug might render a system unbootable without any straightforward fix, while the "OSS mess" gives an opportunity to boot to the last stable kernel in a similar situation. Remember those 12 (hundred) OSes you used to deal with?

5
2

Microsoft: How to run Internet Explorer 11 on ANDROID, iOS, OS X

eulampios
Bronze badge

Re: "you can expect RemoteIE to hang or crash randomly."

Me too here. FF runs for days if not months on all of my computers that run variants of Debian, LMDE. Stable as rock, need to kill it from time time when update is available. Noscript is great help here.

AMOF, on my old HTC Incredible running customized KitKat ROM ff with overfilled /data/data partition and apps can only be installed on sdcard from adb, firefox+noscript is pretty stable and smooth. Noscript is in beta here.

0
0

I am POLICE SERGEANT L. TORVALDS! Stop or I'll SHOOT

eulampios
Bronze badge
Trollface

Re: Writing in Code

>>It was slightly less fun than reading the man page for EMACS

man Emacs? Much more fun to run 'info emacs' or read it within the Emacs session invoking C-h r or C-h i . It's quite entertaining, seriously

2
1

Samsung says teaming up with mobe-maker Microsoft could violate antitrust law

eulampios
Bronze badge

Re: Isn't that a bit risky?

Not really as this doesn't have to do with patent validity, but a licencing agreement between Samsung and MS which they're trying to find a dubious loophole to get out of.

I said, that if Samsung's argument is heard by the court, HTC, LG and a bunch of other companies wearing the same shoes would take the opportunity using it as well.

"dubious loophole" You do sound like a Microsoft lawyer. I think I asked it before... What are all the loopholes MS' lawyers exercise? 100% Trustworthy, absolutely legal, obviously fair and clearly certain?

>>If you think this is to do with patent validity you haven't understood the details at all.

Validity of the patents is read between the lines, a sagacious MS lawyer would sure see that. Because, why would Samsung try changing the rules of the game now? Yes, and the force of the precedent for other phone manufacturers along with the possible unpleasant repercussions it entails for MS, it did slip your clairvoyant eye, I see.

1
2
eulampios
Bronze badge

h4rmony comes to the rescue

Please reread my post. It was talking about the fact that the local for MS court for Western District of WA in Seattle has been pretty favorable for MS.

To all of anti-Samsung rant I can find you twice as much of anti-Microsoft rant. Does i4i XML implementation patent with $300 million in damages sound familiar to you, for example? Microsoft are not dwarf of a compared to Samsung, the only difference that MS business is or used to be mostly software that they sell. In the 90s and 00s it was a business of burning and selling as many numbers CDs as their burning machine can handle. At the same time Samsung was manufacturing some real stuff...

>>Samsung rip off other people's work routinely.

Microsoft as any other software company have ripped and still are ripping off works of others incomparably more than Samsung have ever been able to. Quite hypocritically, e.g., MS claim as invention in the inane, overgeneralized "Method and System for Providing Internet Shortcut Icons on the Desktop" while the really innovative, valuable, nontrivial ideas of Internet, tcp/ip, html/xhtml, Operating Systems, Desktop were ripped off from the work of others.

1
1
eulampios
Bronze badge

>>Remember, Samsung is a multiply convicted cartel operator and IP infringer (we can exclude Apple in the list for to save trolling) with a habit of bleeding competitors dry in court.

The fact that both Microsoft and Apple are likewise multiply convicted monopolistic cartels and IP infringers on a much larger scale, capable to abuse the corrupted patent system and courts with their ridiculous, inane patents -- should also not be conveniently forgotten, whatever is suggested by their respected fans.

1
3
eulampios
Bronze badge

Re: @DougS, cont'd

Now the real risk could be for Microsoft's own house of cards, since if Samsung ends up victorious here it would create a bad legal precedent for MS. A chain reaction from HTC, LG Huawei and a bunch of others will follow to dissipate the rest of MS vaporware.

2
0
eulampios
Bronze badge
Happy

Re: Whilst I admire Sammy's engineering skills and am not any kind of "anti-fanboi" .........

Whilst I applaud your non-standard logic suggesting Sammy to not bother breaking the antitrust law since they have been found doing it before, I'd not expect Samsung to share your enthusiasm though. Moreover, in the same manner, why not look forward to Microsoft's third time teasing the EU antitrust watchdog with the lack of alternative browsers choice on Windows?

1
0
eulampios
Bronze badge

@DougS

>>You don't really think that all 200+ patents Microsoft is asserting against Android are vapor, do you?

It's not me we're talking about, but Sammy, their lawyers and IP people.

If you would like to hear my opinion, they are indeed vapour. They became known thanks to the Chinese government not to Microsoft for a reason. Most of those 310 ones are extremely ridiculous. The favorite of mine besides the long filename pearl are these: #163 "Method and System for Providing Internet Shortcut Icons on the Desktop" , #156 "Distribution of Software in a Computer Network Environment", #154 "System and method for installing an application on a portable computer". As you can see this smells of prior art and/or obvious general blabbering, like crazy. Especially, the latter two. #156 filed in 94, US 6138153 A (not being mentioned to belong to MS) and US 6360364 B1 talk about so banal, boring, general shapeless things that a reader has a high risk of dislocating their jaws due to uncontrolled yawning.

It is even more ironic that a software repository/store and a universal software package system for MS Windows are either still not implemented yet or just recently arrived to a Desktop.

When B&N challenged this vapour in court, MS didn't come crushing upon them with all their lawyers' power, but muffled and muted them with quite some lucrative incentives and struck a deal instead.

>>Samsung is playing a dangerous game..

So is MS, making believe quite a few people in the emperor's clothes when he is really naked.

>>.. especially now that Nokia's patent stash would be part of the deal.

As was corrected above, Nokia is licensing those patents to MS as a part of the deal. Totally different from owning them, like what have happened with the case of Google-Moto.

>>Besides, as is proven over and over again, what we think about the validity of a patent doesn't matter, it is what the patent offices and the courts think about them.

Cannot agree more on that. That's why we get a pretty weird situation, that the real know-how communication engineering patents of Motorola, Nokia, Samsung et al are often over-bidden and over-beaten by obvious, overgeneralized vaporware or prior art patents from Microsoft and Apple.

3
2
eulampios
Bronze badge

nice move, Samsung

Since this is the Southern District for NY not the usual local for MS Western District for WA court, Samsung might have more chances. The latter court has proven to be so friendly to MS in the past...

1
2
eulampios
Bronze badge

Re: Isn't that a bit risky?

>>.. if the license is considered null and void it means Samsung's been using these various patents without a license, and this could lead to penalties.

Perhaps, Samsung are now confident to prove in court that those are vapour and get them invalidated if Microsoft try challenging them.

4
1

Shellshock over SMTP attacks mean you can now ignore your email

eulampios
Bronze badge

to dissipate all speculations and hearsay on the Mutt email client

Just to put all the wild guesswork of others at rest on how Mutt works.

1) A Unix shell is not a requirement for Mutt to work properly.

2) Mutt doesn't use any shell to communicate with the sendmail, its substitute or any other SMTP agent

3) Mutt does NOT use the user's shell (from /etc/passwd ) to do anything internally, unless it is launched in a given shell, in which case, it would be used externally as with any other utility or command launched in the shell.

4) According to the source code in the init.c file Mutt uses the standard getenv() function provided by the stdlib.h to evaluate the environment variables for the "$" or "${...} " constructs in the set directives (when supplied in the init muttrc file, -e option or the ":" command inside of mutt).

5. The standard system() function or /bin/sh is used to interpret the back-tick shell constructs, it is NOT the user's shell. If unknown the USER, HOME and MAIL variables can be evaluated through /bin/sh as well, as follows from the init.c source file

0
0
eulampios
Bronze badge

getenv() instead of shell, @Lee D

No, Lee D, it turns out that Mutt doesn't set its variables by using the shell, unless you put your strings in the back-tick construct ``, where you specifically ask it to, that it's the system shell /bin/sh or system(), not the user's shell as was suggested above. The standard system getenv() function is used instead, just look in the init.c file of the Mutt source. There are two places to get PWD, USER and HOME dir where it could consult sh though to know the default locations of many things, like muttrc, Mail etc

Another great point about open source that it needs very little back engineering to establish things, just look inside the code :)

0
0
eulampios
Bronze badge

Re: Mutt gets so close that I decided to check

>>I was surprised to find mutt was using bash. I expected it to use the 'system' function which calls /bin/sh which (on Debian systems) is a link to dash, not bash. It probably found bash in the SHELL environment variable, which defaults to bash on most Linux distributions.

Again, why are you convinced it uses /bin/bash? Because, it said so when you used ${SHELL} or $SHELL in the set var="" directive? Well, that just what the env says, indeed I got the following going on my system:

dash -c 'echo $SHELL';ksh -c 'echo $SHELL'

/bin/bash

/bin/bash

So, both dash and ksh "disguise" themselves as /bin/bash.

Anyways, as I mentioned earlier when mutt expects you to use shell it will indeed use /bin/sh, dash in case of Debian-based systems.

Moreover, I got this

perl -e 'system("echo \${SHELL\%\%sh}")'

/bin/ba

As you would expect from dash or ash, yes and the good ol' bash :)

When I put "set alias_file=${SHELL%%sh}/.mutt/aliases1" I get the error :

line 13: /.mutt/aliases1: No such file or directory

So, mutt doesn't seem to use even the system() or sh to evaluate and expand the variables.

0
0
eulampios
Bronze badge

are you sure mutt needs

>>..then getting the user's shell (probably bash) to interpret the result

Not in my case at least. My shell, according to /etc/passwd is /bin/bash, however, mutt uses /bin/dash (or /bin/sh on my LMDE system) in the "set whatever=`blah-bla-blah`" constructs. It is only used for the set directives. Neither it uses or needs a shell to glue sendmail and addresses together, unless you specify them out of the command you launch mutt (that would be the current shell to do that job then, BTW) Moreover, Mutt might only use env, no shell at all to interpret the system environment.

Also, I don't have set sendmail in my muttrc file, it uses /usr/sbin/sendmail from postfix.

In the set directive /bin/sh evaluates the environment variables or can launch commands in the usual `` way, but this is exactly what it is meant to be. In no way you can set the system or user environment variables from or in mutt, BTW.

Also, the fact that any kind pf shell is used to evaluate env variables contradicts the fact that neither mutt(-patched) nor postfix claim shells or system utilities as their dependencies. Mutt just expects that the best way to consult about the env variables on a Unix-based system is via /usr/bin/env.

According to Michael Elkin's own manual:

"UNIX environments can be accessed like the way it is done in shells like sh and bash: Prepend the name of the environment by a ``$''. For example,

set record=+sent_on_$HOSTNAME"

0
0
eulampios
Bronze badge

what mutt doesn't do

>>pulling in full bash shells to set environment variables

It's evaluating, not setting the environment variables, which are local. It won't need any shell to set it's own mutt's variable, more so, it would not interpreter anything beyond /etc/profile ~/.profile or whatever is the shell profile is in use. On my Debian system it's dash, BTW.

If you'd need to use env variables at all why reinventing the wheel... I mean the shell all the time?

0
0

NOT OK GOOGLE: Android images can conceal code

eulampios
Bronze badge

Re: I think it's very clever of Google..

..to fragment the Android market place.. it's finger pointing all around, but nobody ever really picks up the blame.... this behaviour encouraged Putin to snatch Crimea...

How did you figure this all out? My tin foil hat is off for your very intricate yet so logical train of thought. And where is your own tin foil hat, dear AC? Where's the tin foil icon, El Reg?

0
0
eulampios
Bronze badge

the ancient HTC Inc running Kit Kat 4.4.4 here

Running evervolv AOSP 4.4.4 on the old HTC Inc, it's been pretty stable and smooth, except for a few video driver related nuisances and the fact that the /system partition is soldered to be ridiculous 250 MB, the datadata partition is not too big either, 150 MB. Despite all that and thanks to the community it's fun to use.

0
0
eulampios
Bronze badge

Re: Could this be sent over email?

Even if you allow side-loading a package manager would still ask you your permission to install and let you examine the permissions of the app etc.

0
0
eulampios
Bronze badge

Re: Could this be sent over email?

You must be talking about MS Windows which operates by extensions , not file permissions plus file headers/utilities, both user and the system can be tricked by the former.

What this vulnerability allows to do is that one can "hide" a piece of code inside the apk already. It says in the linked paper that one can insert "another apk" inside the given one hidden in an image. That hidden apk can be installed later. It is unclear what the authors mean by "another apk", since every Android Application Package gets installed under unique uid and guid (permissions). The vuln. is not a privilege escalation type as well. So it's just a concealing code type then.

0
0

Origins of SEXUAL INTERCOURSE fished out of SCOTTISH LAKE

eulampios
Bronze badge
Joke

"What's in a name?"

Did the dubbing of the species Microbrachius dicki happen after or before it was determined that it was a member of the "group of placoderms that developed bony L-shaped genital limbs called claspers"? The first word of the name indicates that its small hands were quite handy, what about the second one?

0
0

Bad news, fandroids: He who controls the IPC tool, controls the DROID

eulampios
Bronze badge

Re: How many, @SuccessCase

What the previous commenter said about the "ubiquitous" Android malware was :

>> Strangely, I don't know a single person that's ever had a problem, and I suspect everyone else is the same...

My question would be: did you or any of the lot now reading or commenting here has ever seen, known or heard about an Android malware victim? Again, personally, not from El Reg, Zdnet or Fox News. The latter media, btw, never found a single specimen either (other than the virtual people existing somewhere out of our sight).

Why am I asking? Because, apparently, any Windows user I have ever known had some sort of a Windows malware in the past or not so past experience. This very experience has a huge problem extrapolating onto the current press on Android malware, since it doesn't match with the local reality.

>>Heartbleed and then Shellshock have shown complacency is a grave error.

Although, I'd agree that complacency is a grave error, Shellshock ? More details please on the "complacency repercussions" and how detrimental this vulnerability was. I mean, do you know if anyone got busted through the dhclient-script when connecting to a wicked wifi router? For a contrast, when the Loveletter hit the world in circa 2000, a lot of people around me got that back then..

6
2

Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'

eulampios
Bronze badge

@LDS

>>But using system() or its equivalents is a quick and lazy way to perform that..

Dirty and lazy -correct. Still not really a problem if you have system() in your CGI.pm script, for example. The problem is though when you accept any input without disarming it while passing it to the system() operator or a certain pipe could have been dangerous with the shell shock vulnerability . However, taking an uncontrolled input is madness already whatever the language it is, using any shell in cgi raises all this stupidity to the second power.

0
0

Page:

Forums