Exxploit and patch is a standard practice in malware delivery.
You immediately close the hole which has allowed you to infect the system to ensure that nobody can break in and use your new zombie.
1299 posts • joined 18 Aug 2011
Exxploit and patch is a standard practice in malware delivery.
You immediately close the hole which has allowed you to infect the system to ensure that nobody can break in and use your new zombie.
Most banks and other interesting targets x-ray their email nowdays. There are way too many nutters out there. Ditto for mail in general. A selection of it gets scanned too.
So this does not stand any chances as an attack method against most "interesting" targets. You are more likely to succeed by attaching a Pi to a rat, crow or something else that can get in range.
Yes and no.
1. Every time a proper army has dealt with middle eastern insurgents it squashed them flat within a forthnight.
2. It is not winning, it is holding which is the problem. If a proper army (or openly armed paramilitary police) tries to hold an area by force the tens of people who were easily squashed in the first place become tens of thousands of pissed off cittizens and that is when the army loses.
3. The same is valid for the "home field advantage". There home field advantage and a group of "determined individuals" can beat a regular army only if it is being assisted by the general population. Example - the relative success of the WW2 insurgency against Nazi Germany in Serbia, Southern and Eastern Ukraine, France and Belorussia compared to the complete failure of any attempts to foster unrest in the Baltic states, Western Ukraine, Croatia, Hungary, etc. Determined people tried there too. They just... did not last very long... As one of my Serbian friends used to say: "Of course, the Croatian pensioner next door did help the Serbian partisans in WW2. He provided shelter and hid them. He hid them so well that nobody could find the bodies".
Not necessarily. QNAP is not the only system to deploy a (badly) embedded fat linux distro. IIRC some dlink boxes do it too.There are others.
To add insult to injury the ones that embed a "fatter" distro are the ones where you are likely to find something clueless like using bash in a web ui.
When the shades of night are falling
Comes a fellow ev'ryone knows
It's the old dope peddler
Spreading joy wherever he goes
Every evening you will find him
Around our neighborhood
It's the old dope peddler
Doing well by doing good
He gives the kids free samples
Because he knows full well
That today's young innocent faces
Will be tomorrow's clientele
Tom Leher, "The Old Dope Peddler"
The most common setup for OpenVPN is to use client certificates. I have been using it for ~ 10 years now. Out of those ~ 3-4 years were also to run VPN access for an SMB. I have never ever set it for passwords.
Even if I would have set it for passwords I would have given it a perl or python script to execute so it connects to something useful in terms of passwords f.e. LDAP/AD. In order to connect for that you need appropriate modules, etc and bash does not have them.
This is an interesting authenticated attack vector (if you have stolen certs or passwords). While bash for password verification is rare, you are quite likely to find it in places where openvpn invokes various scripts once connection has been established.
Sarcasm not needed - there are a couple of models of renault which have legendary reliability if serviced correctly:
* Renault 4 - you can still see them running in southern Europe till this day. If serviced correctly it will continue to run.
* Clio MK-1, the 1.4 engine - again, I have owned 3 of those over the years in different countries and one of them is still running till this day after I handed it down to relatives. Not bad for a car which has left the assembly line in 1989.
The trick with the old Renaults is to replace every 10 years (or force-flush every 5) the radiator. It gets clogged up, the engine overheats and then you are thanking Renault reliability on the side of the road. There are a couple of ther (lesser) bits which need attention and which you will not find in Haynes or the Renault service manual. If you regularly take care of these an old small(note the emphasis on small) Renault like Twingo Mk1, Clio Mk1, Renault 4 (to a lesser extent 5), etc will run and run.
Renault has always sucked at two things - large cars (on all counts - all variants of Espace have always been a complete and unmitigated disaster) and electronics. As they have stuffed all their new ones with electronics to the gills it has become a definitive disaster at the roadside.
1. Renault has barely caught up with Daihatsu from ~ 2000. My old 2003/2004 Sirions (got two of them, one in UK, one abroad) can do a sub-9m turning circle, comply with pedestrian safety (it is the first car to do so and the car that made the Eu tell the manufacturers to stop claiming it is impossible and change the regs), have a bigger boot, hit 0-60 sub-9s and can go onto a dirt track and offroad (the 4x4 one I keep abroad for that exact purpose).
2. Renault has lost the plot in the area which was its core competency amidst European manufacturers - making small cars that do not suck. If you compare Twingo Mk1 to Peugeot 105 the Twingo wins hands down. Other manufacturers (vw Lupo, 90-es Ford Fiasco, etc) do not come even close. Well... no more... It is a rebadge of the Smart engineering disaster now.
There is a difference between you, me and the so called "creative professionals".
If you look at the current crop of "creative professionals", they "create" by lifting something out of Shutterstock or getty. In fact, not even that - steal an image from a social site is the main means nowdays. If this is interfaced to an "search, open & pay/steal" function natively it may find some audience.
In the meantime the dolts like you and me that are still silly enough to take pictures, work with them in raw, etc will contiue to need a local installation.
Ukraine's has pervasive top-to-bottom corruption. This is something that does not change regardless of which gang is in charge - Kutchma, PM*LF, Russian Marionnettes, USA Marionettes - they are all the same as far as "anything and anyone can be bought" is concerned.
This has resulted in most of Eastern European cyber (and conventional) crime (including a lot of the Russian syndicates) relocating their operations there. As recently as 3-5 years ago most of Eu electronic and card fraud ran through Romania and Bulgaria. Found an ATM skimmer on your street cash machine? It was nearly guaranteed to be of made in Balkans (TM). Some of them were technoglogical gems too - remote operation via bluetooth, authentic full fascia to fit on top of a standard NCR so it does not look out of place, etc. Well - not any more - a lot of that has moved to Ukraine. The same is happening with Russia - as more and more of the black market goes legit and needs legit and working banking services, the syndicates try to move to more permissive neighbouring countries. Add to that the remnants (a lot of it is in the USA now) of the traditional mob fostered by decades of special restrictions on minorities access to professional career and education introduced by Stalin (the so called Odessa mob) and you have a very interesting picture.
IMHO, this makes the Eu association idea particularly interesting. Is the Eu ready to associate itself with that and how it will deal with that. I am not sure they are aware of the can of worms they just opened. They cried wolf for 10 years about Bulgaria being run by the mob. Well... Compared to Ukraine, most Bulgarian mobsters are bunch of "Chavdarcheta" (the BG socialist equivalent of a boyscout).
Income study is correct, the conclusions by Mr Worstall are a bit different from what I would have made out of it.
1. The study shows what we have noticed all along - that income rise is slowest in the 60-90 percentile band. That is what used to be called the "white collar" - engineers, qualified labour, professionals. Globalization or not, this continues to be decimated. Some of it is natural - you used to need a tehcnically qualified person for each 20-30 workers. You now need one per thousands (if not tens of thousands). Technology has allowed it and the graph reflects that.
2. Blue collar (or its replacement - the zero contract floater) average income as a statistic when averaged across whole of the world has increased. Again, nothing new here. Globalization has clearly played the part here - if we redo the same graphic for let's say UK it will be different. We will see a _NEGATIVE_ growth in absolute dollars (this is what the national statistics say) growth across 0-97% percentile over the last decade. Moving the stats to wo decades may bring things above 10-20%, but not more. The sub-3% to percentile will however have not 100%, it will have 500%+ rise. This is also what the stats say. If we go to anywhere else in Western Europe it will not be any different either.
Quote: "Open invitation to Fandroids"...
I suspect all of you, consumer reports and the people who are reporting bending it are right.
Consumer reports (and your less scientific test) can be summarized as "you are holding it wrong". It clearly does not bend if:
1. You apply force in the middle
2. If you apply force evenly
3. If you apply force at a right angle to the phone
This does not mean that it does not have a specific structural weekness which allows it to bend if you twist it, apply force to a corner, etc.
It has been a while since I have re-read Sakyo Komatsu, "The Death of a Dragon"...
I have had some basic sensors at my mom's house for 4 (or 5) years - bluetooth scan to see if her phone is around and on (she refuses to use a "smart" phone wants a simple clamshell), CCTV, etc.
The problem is that there is a very high rate of false positives and bitrot. If you do not tend to it regularly you will find another glazed china mouse collecting dust right in front of the motion sensor or the cctv camera exactly when you need them to work.
In any case, the setup misses the most reliable indicator that your fav pensioner is all right. Tracking that is trivial. All you need is LIRC with the correct files for her remote controls. If a 70 years old has not touched the TV for more than 3 hours, that usually means trouble.
Not just that - GSM has a top speed at which an object can move towards or from tower. While 3G does not have the equivalent of the timing advance it cannot alter the power fast enough. LTE in theory can, but you have to do some interesting stuff which the a regular phone is incapable of (not all of US plane broadband is satellite, some is LTE with specialized receivers now).
So with the exemption of a short period after takeoff and before landing (when the airlines are likely to prohibit calls anyway) you cannot use the phone anyway. So anyone yapping on the phone will be yapping via the onboard femtocell and will be paying "ferry" roaming fees for that in the 1-3Eu per minute range.
It has taken 10 years and lots of lobbying to get there (first test of ip.access 2G BTS on a plane was circa 2003). In fact we finally got there only because the 1Eu per minute has become a great temptation for operators. It is lots of money when you compare it to the backdrop of mandated roaming tariffs.
Even perl has a resemblance of the applicable security features you need for CGI. In fact, it is probably better on that front than PHP.
Bash has none. It does not belong in a CGI end of story. Any idiot sticking bash in a CGI is frankly asking for it and they are most likely exploitable via 20 other different ways besides Shell Shock.
So... How does a Blue Basket of Death look like... Oh.. sorry... probably like a slam dunk with a chair...
Eyes are on code, but elsewhere.
Shell of any form is executed as standard by various Unix processes only if you invoke system(). That is the first think to check for during audits and it has been audited out and replaced by various safe pipe and fork+exec tachinques in 99.9% of the software.
Further to this, bash has been identified as too complex to audit properly by the debian project (and from there by Ubuntu) long ago and it was one of the decisions on why it is not the default root shell and is strictly prohibited for use in any shell scripts which are part of the core system. In addition to that everyone and their dog cleanses environment like there is no tomorrow because of previous bugs dynamic loaders, locale, etc.
So frankly, this is blown out of proportion. Sure, some CGIs written by an idiot without a clue somewhere will be vulnerable. However if they are vulnerable to this, they will be vulnerable to a gazillion of other things.
4 packets of grapes (cheap ones), 4 packets of oranges (cheap ones), 12 cucumbers, 6 packets of tomatoes (cheap ones are unedible in the UK), 4 melons, a box or two of cheap strawberries, and other fruit and veg. That is 70+ quid using the cheapest ones. Two brats that do not eat chocolate and two adults which end up eating the same stuff as that's what is in the house will go through that in 3-4 days. Add to that meat (not the expensive one either, definitely not prime cut beef) and you are looking at 160+ 2 times a week.
People seriously have no idea what an expense is a healthy kid which eats fruit and does not eat chocolate, candy and junk. They should try feeding one for a month.
Pizza is expensive my a***.
Try having two healthy, no-fat-anywhere - only muscle, borderline hyperactive kids which are not interested in chocolate, live on fruit, vegetables and steak and do 3-4 sports each (f.e. my older one does basketball, fencing and waterpolo). If you live in the UK or norhtern Europe, you will cringe every time you pay the bill at the shopping till in a supermarket. You will also want to take Jamie (the celebrity healthy eating cook) and bash his head into the table every time you see him or every time you see your credit card bill.
There is a vicious feedback look here at work:
1. Junk food is relatively cheap per amount of calories it provides. A healthy shopping bill is 4-6 times higher than junk food (at least in the UK).
2. Obesity goes hand to hand with stress and depression. You do not expect depressed people to climb up the ladder and try to get a better salary. They are usually too depressed for that.
3. As you go more depressed and do the KungFu Panda routine of "I eat when I am upset", you go more obese, get less money and so on. More junk food, more depression, less money, more junk food.
So unless you can find someone to inspire you and do a "Panda you can eat now, haver a dumpling", you are only going to continue down the slippery slope.
Quote:Quite why Russia has its sights set on the Moon,
1. It is a perfect place for a slingshot. Throwing bloody big rocks too. So what was that about the sanctions once again.
2. If they are not there, the Chinese will be - read their Moon and near space exploration plan.
3. Going to mars still looks like a one-way ticket whose benefits are solely scientific. Compared to that a moon base may have some ROI.
If this shows up in the UK for Xmas the daughter may get my old Xperia Arc as a hand me down and I may switch to this.
If Sygic, Kindle and a few other Android apps I use run on it, they will definitely have me as a customer. It has the perfect size screen for a SatNav too (no, I am not out of my mind - my phone holder is mounted on my A-pillar which as in most modern car is thick enough to accommodate a 7 in tablet without obstructing the driver's view any more than it already is).
Athlon XP runs Wheezy just fine as long as you do not try to enable PAE and its dear friedn the 3_LEVEL_PAGETABLES. You need to either rebuild the kernel or use the "486" image even if this means that you will sacrifice some RAM in the process. Rebuilding is better as you can come up with a set of options which allow you to use that amount of RAM without sacrificing 99% of the performance.
Otherwise the GP is right - Windows 8 for the first time in 2 decades requires less resources, not more. This is one of the reasons why the channel hated it as it did not actually force an upgrade cycle.
This is for jobs which require continuous proximity authentication. If you are in one of those, then handcufs on your wrists while doing your work will not be out of the ordinary (same as retina authentication to a device which has a gun connected to it to blow your brains out if it fails).
Yeah, the sign recognition is a german gimmick - used to be a popular option on the higher end Mercs. There it makes sense as there is no speed limit unless stated. UK - not so much.
And who needs a reminder of what gear they are in?
Standard nag nowdays I am afraid. You are driving in 4th while I think you should be driving in 5th to be greener.
For some cars it is a necessity by the way. I drove a VW Polo Blue Slumber (anyone calling it motion is out of his mind) two weeks ago and it was equally gutless and incapable of accelerating in any gear from 3rd to 5th. The engine sound was pretty much the same too. So funnily enough I found the nag useful (at times).
Recurring story. Their channel management sucks rocks sidewize through a thin straw.
Every time I have looked at buying something Samsung that is not a phone, finding someone who stocks it has been rather difficult.
Software - I seriously tried to buy OpenMail for a company a while back after they tooked over it from HP (and before they made a dogs breakfast of it).
Components - SSDs are stocked only by a handful of suppliers, hard disks when they made them were also available only from people I'd rather not shop at (Dabs).
Laptops and PCs - with the exemption of Chromebooks Samsung lappies in UK were almost impossible to buy.
Quote: “cities with gigabit connections reported 1.1 per cent higher per-capita GDP than their slower counterparts”.
Cause, meet effect, effect meet cause, allow me to introduce you to each other.
The more likely explanation is that nobody will put the investment into a GPON service into a neighborhood with a low GDP in the first place.
Liquid metal will not help you as far as the overall design direction is concerned. You can thank sir Johny for that.
Apple has been expanding the screen to the very edge and there is absolutely no space left to crumple or deform if the phone is dropped and hits on-edge. In addition to that, the wonderful metal "ring" around the phone edge as in all iPhones from 4 onwards immediately transfers all the shock from the impact onto the glass. As a result an impact on-edge after falling from 1m onto concrete without a case is nearly guaranteed to shatter the glass. So are most recent phones due to the "fashion" to make them all glass. Compared to that a more "classic" phone which has space for buttons on the bottom and a plastic section on top for the camera, etc is considerably more shock resistant.
Things are only going to get worse from here - judging by the latest patent filings they intend to wrap the screen around the edges. That has "guaranteed fracture" written all over it with or without sapphire.
Frankly, I am not impressed. My obsolete (by today's hardware standards) Arc has survived 10s of drops like that including quite a few without a case. Its screen is still intact 3 years after I bought it despite all the drops. Compared to this it will pass for "bombproof".
Otherwise I agree with you, while the phones are advertised as beatiful svelte objects of desire, by the time they are in our pocket they have grown chubby, rounded and look nothing like the ads.
It is the reality - unless you get the JCB phone, you either have to get a case or your new gadget will be broken by the end of the week.
Engineering will still report to Larry.
So, the death by a thousand Hurds of any R&D in Oracle is postponed for the duration.
Assuming the same tech you can find in any chemistry lab the answer is:
1. Yes it can stir porridge.
2. In theory, you can measure the current required to rotate (or switch magnetic field orientation) on the anchor under the plate. It can be used as a proxy for viscosity so you can indeed sound an alarm that the porridge needs more water (if the stirrer has stopped moving or needs a lot of energy to move).
Magnetic stirrers have been a cornerstone of any chemical or biological lab for the last 40 years (if not more). They are as old as I remember and the sole thing preventing their use in most kitchens is that the pans are made of steel.
Any aluminium or glass pan can be happily stirred this way so excuse me while I yawn and remember my university days...
Just grab any Sci Fi video from last 20 years (Stargate Atlantis comes to mind) and there will be at least one guy controlling a boat (OK, granted a space one) with a tablet.
Granting a patent to this one is frankly... nuts... Which cave did the examiner live in?
Considering who issues the report I will take it with a pinch of salt :)
The T34 and T34/85 numbers include the numbers for the post-war production runs, license runs to other countries (North Korea, Warsaw pact), etc all the way until production was terminated ~ 1953.
While the Soviet army had a core of IS2s by end of war and some IS3s produced thereafter, etc there was an enormous pile of T34s and T34/85s produced for the role of cannon fodder in a semi-conventional WW3. That number skews the stats quite a bit.
I get on average (after passing a fairly comprehensive antispam filter set) 1-2 emails a day that look like they originate from a fully legitimate UK company. They are extremely well done. No grammar errors, professionally drafted letters, content looks 100% legit. The only give-away is uninteligible one-off domain name under co.uk.
I have not noticed any spears in them - they so far do not have attachment and I never visit any of the links advertised, but I would not be surprised if some of them are spearfish too.
Probably Bosch. I have had quite a bit of fun disassembling the hinges on a Bosch dishwasher half a year ago (it is necessary if you need to replace the door gasket). The washing machine hinges by Bosh (who also OEMs for Siemens) are even more bomb-proof. I am not surprised that you can tow the dishwasher using those.
So frankly, if Samsung's hinges could be damaged by an exec (unless that exec was capable of saying "I'll be back" with an Austrian accent), they are utter crap. No thanks, that is never entering my house.
Going back to a proper washing machine (Bosh). Bosh washing machines are practically indestructible as long as you change the brushes in time. It takes ~ 5 years of hard use to wear down the original ones to the point where they damage the motor. Most third party replacements last 3 years or thereabouts. By the way - the machine will indicate that the brushes are so worn down that they are shorting (error code 24 if memory serves me right).
Do not understand me wrong - I am a great Ian M Banks fan. However, in most of his books the war is a backdrop for the actual character development. It rarely takes the front stage.
The Uplift series and specifically StarTide Rising... that is probably the best description of Space war on the grandest scale. I cannot think of anything that gets anywhere near that.
The last thing you want on a navigation map is irrelevant or distracting detail. Key landmarks you can use for navigation are fine, making 90% of what you see irrelevant to the task at hand (get from point A to point B) is a disaster in the making.
Quote: "Indeed, but the market for potential employees will be a lot smaller in that case"
Sorry, I call BS.
There are plenty of places outside London which have larger local population than what you can hire if you are based in Central London or one of London satellite towns (once you take into account the fact that you have to jack up salaries so people can commute). MK (which grew on the back of Unisys UK operation so if you sneeze you end up sneezing on someone who can do enterprise buses and COBOL), Cambridge (anything you want - you can find someone to do it - virtualization, mobile, telecoms, etc), Guildford (mobile, embedded, etc). If you go further away from London there are significant local IT populations in a few other places too. Slough is in that category too, but for a different reason - it is in a good location to hoover up anything and everything spare as resource in the M4 corridor. Most people who work there would rather work in Newbury, Reading or somewhere else, but as they say in some countries: "When there ain't any fish, the crayfish is a fish".
So if you base your business there, you can get _MORE_ qualified candidates than you will get if you base it in Shoreditch because you get all people who are willing to commute + significant local population. The sole reason for Shoreditch are tax breaks and subsidies related to inner town redevelopment, so whatever Amazon "creates" as job tax income, we probably (as the taxpayers) have to hand back as various tax break backhanders.
I bought the car and I did not like the air freshner because I am allergic to the crappy brand used by the vendor is a better analogy.
Car engine is something which takes a considerble effort (a man day or so usually) to replace. It takes no effort to replace an OS (unless you have deliberately sabotage the process which MSFT has been known to do).
They're not all ugly.
Indeed. Along with an old Porche and a "Phantomas" issue Citroen (forgot the exact model - first on the right). All are lovely cars and a demonstration of how what used to be art degenerated over the years. Not surprising - they were built in the days when the overall design was done by engineers not artists sticking a shell on a piece of engineering. As a result you got either utilitarian hideously fugly wagons (with some bells and whistles added as an afterthought) or true pieces of engineering as art (like the original Porche or the E-series).
The hideous ones are all long scrapped and recycled. The really beautiful "hits" of this approach look better than anything coming off the factory line today.
The googly Motos had a single selling point for me - you could maintain them for ages after that with Cyanogen (besides their own software updates).
Cyanogen is hit and miss (9 was excellent 10-10.1 so so, 10.2 unmitigated disaster, 11 excellent again). However, when it hits - f.e. with 11 (4.4 kitkat) on my Sony Xperia Arc, it provides your phone with years of life after the manufacturer has stopped supporting it.
This was the norm with Googly Moto - they are all on Cyanogen. The norm with Lenovo is the opposite - no support. So the moment they switch to the next model you can kiss your updated goodbye and congratulate yourself with another paperweight.
Qualcom which is the ultimate example of a "house of lawyers" with a small engineering detachment is being nailed on IPR. How quaint...
Why was Samsung singled out?
Samsung makes Exynos and the Mali GPU. So its excuse "that is a suppliers'" problem was beyond disingenious. They are definitely not "using the chips like everyone else".
You are mostly correct, just do not see why you are singling out Putin here. As in most civil war conflicts there is no right here - all are on the wrong side.
If you think that some of the characters on the Ukrainian side are any different, I suggest you revisit your statement when the conflict ends and they turn their newly acquired weapons and training onto the local minorities. After all not all of Odessa has emigrated to New York and Tel Aviv. There is some left for them to practice on and remember my word - practice they will. Same as they did in WW2.
Pogrom is a favourite past-time around that part of the world (in fact that is where the word comes from in the first place).
I have a VIA Eden X2 U4200 @ 1.0+ GHz (Dual Core 64 bit) courtesy of an HP thin client which has been modd-ed to install Debian on it.
It was originally bought for comleteness (so I can test some virtualization software on Intel, AMD and Via). It passed tests with reasonable results - more or less the performance expected from a dual core laptop 64 bit CPU at 1GHz. It has been relegated as a desktop for my daughter ever since and is doing that duty without any problem including running most of the kids flash games, iplayer, etc. It is always running a media center auto-logged in as an alternative user and that one is working fine too. I have not tried it for true HD, upscaling of DVD res to 1080p is without trouble.
It is not a spead daemon, but it is not slow by any means. In fact it is somewhere around the middle of the pack. It is faster than older E series APUs, faster than older Atom, not as fast as recent A series laptop/thin client APUs.
So I would not be so dismissive - with all the cloud going back to micro-server land (as exemplified by the recent NEC announcement) they will have their niche.