1435 posts • joined 14 Jun 2007
Re: Poor Bug Fixing
What is the 2nd law?
Is that the one that says all complex programs evolve to the point where they can read mail?
Re: Of Google software and battery drain
I find that Googles own Android apps are the worst offenders.
Only today I had to kill G+ because it was sucking CPU and I/O. Maps was also running - I've used neither in months.
Android is my tablet OS of choice, but I'd be pretty pissed off at it if I didn't have the ability to keep it under control.
Re: Probably, but not necessarily ...
" The route the traffic takes it not a factor and here is why. It is Verizon that has stated the congestion is not in the Verizon network, but the companies that Netflix uses. If the link that is congested is from Level-3 to Verizon, then the congestion is right at the front door on Verizon itself which is why Level-3 has stated that they are willing to hook a few more cables up. "
No. As I said, not necessarily.
It is established that the main route for Netflix to Verizon is via level3.
They may, however have a link via (say) Hurricane Electric which happens to be the route used by the ISP the VPN runs under.
If this link isn't saturated, and the VPNs ISPs link to Netflix isn't saturated, then he will get the faster speeds as he will no longer be using the Level3 link. (netflix -> vpn -> Hurricane Electric -> Verizon) without it meaning that Verizon is specifically throttling Netflix.
If he names his VPN provider and/or provides traceroutes, it will be clear. If his VPN also goes via the same Level3 route, then, yes, throttling is being intentionally done. If not, we simply can't be sure based on the evidence so far provided.
Probably, but not necessarily ...
Not defending Verizon, who should not be dragging their feet over this issue, but this VPN situation could occur 'accidentally' if the guys VPN goes via another route not usually congested with Netflix traffic.
Just checked his blog. He basically said this himself:
My hypothesis here was that by connecting to a VPN, my traffic might end up getting routed through uncongested tubes. Basically, if Verizon is not upgrading the tubes that go to Netflix, maybe I can connect to a different location (via VPN) first where Verizon will have good performance and there will be no congestion between location 2 and and Netflix.
.... but then later seems to forget that this could be incidental rather than intentional throttling.
Re: Tired admin
I was once followed for about 2 weeks by someone who downvoted all my posts, however innocent they were.
And 'Matt Bryant' seems to have had a few downvoting groupies for quite some time!
As for this case, well, it wasn't me, but maybe someone didn't like your implied assumption they'd be running Ubuntu? Or that your post dealt with OS related stuff, (thus implying - *gasp* - that Linux has some issues, whilst clearly this is a dumb app/admin issue)
" Maybe after this the penguin lovers will stop looking so bloody smug with their "my OS is virus-proof" arguments."
Obvious troll etc.
But just in case, unlike you, I assume the penguin lovers know the difference between the OS and its applications - the latter which may have bugs or be configured incorrectly.
Here's a clue: This malware needs to be downloaded to a server and be executed. We aren't talking about fooling the OS into running it - no, it has to be run by a user (I.e. a process which could be a dæmon - not necessarily a human user)
I'm sure that if a user executed 'del/s \*.*' in a dos prompt on a windows machine, not even the most fanatical Linux fanboi would blame windows for those files being deleted.
The real issue
The real issue here is the stupid applications that have bugs that allow arbitrary files to be uploaded and executed in the first place - and morons who type 'chmod 777' on files/directories that they install.
Furthermore, attacks like these can be mitigated with common sense by *using* standard features of a Unix operating system:
- NEVER have a dæmon run under the same user as that which owns the code files.
- Don't enable cron facilities for a dæmon that doesn't need them (or again, run cronjobs via a different user than the one the dæmon runs as)
- Never blindly run 'chmod 777' on anything [ this particular piece of malware attempts to write to the file /etc/rc.local - *anyone* who runs a machine where that would work should be forced to listen to Justin Bieber non-stop for a week ]
- Consider running unaudited dæmons in a jailed subsystem (or at least a chroot) - and if your system supports it, use sandboxing/process-restrictions to disable any functions that will never be legitimately needed)
" So happy to see stereotypes about 'computer geeks' are still going strong. Because generalisations about large groups of people are always correct."
Spoken like a true fat, spotty, nerdy twat in his faded t-shirt that smells like a sweaty pillow!
Re: Fraudulent fishermen
Re: the Greek alternative
Haha, nice catch!
"When is an 'Ε' not an 'E' ? :-)
Microsoft to the rescue!
I presume Microsoft is now going to attempt to take control of AWS now?
After all, they aren't just running DNS services, but the actual malware!
What more evidence does an idiot judge need to hand the keys over to a private company that
thinks it's the World police has no mandate for law enforcement whatsoever?
If that's the case, she should run for Parliament.
I'd vote for her!
You must be fun at parties!
I've entered an El Reg parallel universe ..
I came here to agree with Microsoft, only to find most other commentards do so also!
I remember one place I worked - they insisted the root passwords for the servers were unique, random character, with 4 servers passwords changed a day (with approx 100 servers, each password had a lifespan of more or less 25 days)
If I never needed to get into a server out of hours it was easy - all the support staff had their password sheets in their draw or more likely on their desk.
Not to mention these machines had more holes than Justin Baeber before a firing squad - but no, the PHB were happy because the machines were protected with root passwords such as "Ed3tx6gAUz3Q"
Re: everybody wants a faster Web, but everybody wants to stick with the formats they're using now.
" Running AdblockPlus and NoScript, my web is extremely nice. On the tablet, where such options don't exist - and would really be appreciated - the difference in speed is notable."
I use mitmproxy ( mitmproxy.org ) on my router to let me control the pages my tablet sees.....
I basicslly use it as a server-based 'greasemonkey' - ad block and noscript are doable too.
..... blaming the wrong thing, in their own self-important style.
...reminds me of the idiot who recently claimed BTs DNS servers were down, even though it was a routing issue, posting "I KNOW HOW THE INTERNET WORKS."
Yep, if uninformed comment from unimportant people is your thing, then twitter is for you! (Yes, yes, or all my El Reg posts.... I preempted that one!)
Re: clueless script, excessive CGI, teen nonsense, banal humour, you know the sort
Yep, if the market wasn't there, they wouldn't be made..
No idea why you got all the downvotes...
Re: BBC and YouTube without Flash?
" Whilst I agree with you about get_iplayer the poster was asking about BBC news videos, presumably from their web-pages.Those are flash."
Ah yes, sorry, I misread the post.
But when he said 'view video on YouTube and BBC news', just in case he meant :
(view video on YouTube), and BBC news
view (video on YouTube and BBC news)
(ahhhh, the ambiguous wonders or the English language!) get_iplayer can be used to view or record the live channels too.
Re: BBC and YouTube without Flash?
To legitimately access BBC iplayer without flash, google 'get_iplayer'
To legitimately access it when it appears you are not in the UK when really you are, (e.g. the multinational you work for peers outside the UK) a cheap UK proxy/vpn (or even set one up on your home machine) would work fine, because the actual raw rtmp streams are not regionally restricted, so can be accessed directly (courtesy of your local akamai or limelight CDN) once you know the stream rtmp url. (But why such content can be accessed in California [just tried it and it worked - rtmp server 1ms ping from my server there] is anybodys guess, though I assume it's cache on request at least)
Re: PC's down the swanee?
"Well, to prove I pissed in the toilet and not the garden, I took my oother half into the bathroom, showed her the toilet, and said: 'There's the pee, see?'"
/gets coat too - see you at the taxi rank!
PC's down the swanee?
"Thought PCs were in the toilet?"
Shouldn't that be 'PC sales'?
Re: Nothing wrong with Macs
" Plus, I am a real BSD bigot when it comes to my opinion of Linux."
Me too, but I'm not as wise as you - very sensible to post that sort of comment anonymously around these here parts!
Re: Not everyone works in an office
Um....As he said: " no touching the screen (keyboards are a necessary evil that are cheap enough to be replaced).."
Re: Too Much Clickbait
@Stuart.... ah, sorry, I didn't see that one.
@Chris, the Outbrain headlines seem to be behaving themselves at the moment too!
Re: Too Much Clickbait
I think you are referring to one of the more sleazy ad brokers they use - I agree, they are totally sleazy. I was disappointed when El Reg started using them. I mean, Reg Staffers, have you seen how sensationalist and inaccurate these links are?
Re: Seems she sued them back in 2012 for a million dollars...
Thanks for the reply.
However, I thought this case involved suing both TOR and pinkmeth?
Re: Analogy defect!
Errr, what? So you're saying that TOR was designed to allow people to post naked pics of others anonymously?
Besides, crappy car analogies are a requirement on techie forums!
errrm, when you posted that, there were only 2 other commentards apart from you, and neither of us advocated any such thing
Streisand effect in 3...2...1....
Oh dear. I'm actually very sympathetic to cases like these, and the bastards (assuming her story is true) are evil scum, but....... oh dear :-(
I presume if she was run over by a car, she'd sue Ford?
Re: "If you want to listen to great-sounding music"
But unless you have teenagers, the queue for the bathroom is usually longer at a live show!
"You can make a diode out of a piece of coal and a wire."
I'm sure the 'hipster wearable brigade' will find that bit of information most useful!
What an unusual way to do things...
Um, it seems Facebook did their investigation, and handed the evidence to the police who carried out a successful raid.
Anyone at Microsoft could tell you that the proper way of handling things is to convince a judge that you are the world police, and assume the power to personally confiscate anything you think may be tangentially linked, even if it's not owned or run by the criminals, creating huge collateral damage for millions of innocent people in the process.
"MICROSOFT! FUCK YEAH!"
" You still have to trust the Root DNS certs, but they've demonstrated themselves pretty responsibly up to this point"
Indeed. Far better than the current mishmash of companies doing it purely for profit.
"Deleting" files doesn't physically delete the data?
Wow. Who amongst us techies would have known that?
Re: How to sort out DNS problems properly
Or just use google?!
Re: How to sort out DNS problems properly
Finally! Someone mentions using a locally installed DNS server rather than simply changing to google etc.
(Though doesn't windows cache DNS records internally these days? - unix system's don't [though individual programs could in theory]- you should point entries to a local nameserver or a standalone caching daemon)
However, why go through all that testing for local DNS servers etc. to use, when you can simply configure a standalone DNS server that is seeded with the root servers?
This is basically how your ISPs nameservers are generally setup (after all, what forwarders do you expect the forwarders to use? :-) )
If you run it on a system that isn't powered off frequently, then it will end up caching where the popular records are stored, so it can contact them direct for maximum efficiency.
You are then no longer relying on forwarders (which is also more secure, as what happens if the forwarder currently being used is compromised?)
The only static config you need then is that of the root servers, which is readily available and rarely changes. And even if an entry does change, running a nameserver in this mode means that the very moment your DNS starts up and successfully contacts a root server, it will automatically be updated with the current root-zone list. (Though most nameservers don't actually update their local on-disk copy of this information)
If you follow this route, or indeed the route you mention, as you won't be using the server to serve your own domains to the internet, I'd recommend 'unbound' over 'bind'. It's available for unix/mac/windows etc. and is more lightweight and easier to setup (especially for DNSSEC)
To save money, the ASA could be replaced by quite a simple program:
In meta(ish) code:
....If complaint received:
......sleep for a few weeks
......output "Warn the company that the ads mustn't appear again in their current form."
Re: dot and slash
" I was, in fact, under the impression that no backtracking to argument mode was how most commands interpreted their arguments."
Indeed. That is quite nasty.
remember you can use '--' to end arguments with most commands these days, but I still agree with you there!
Re: You've made be rant now..
"I think your early points are great, but you lost me starting at...
"Indeed, there are many who argue that kernels should not allow files to exist which start with a '-', or contain spaces, newlines, tabs, various binary characters etc..."
My view is that if I'm the sysadmin for a multiuser system, it's *my* prerogative to prevent silly filenames creation by the users. It should *not* be a kernel default; but a filesystem mount option to reject open/creat/mknod/ link/symlink/rename operations where the target filename contains characters from \001 to \037 would be entirely appropriate and save lots of user confusion when they create such problem files by accident. This is fine for UTF-8 encoding and EUC coding."
Hiya. Sorry for the delay in replying.
I told you I was on a rant, so I'll probably backtrack a bit :-)
I agree with you (I think!)
Some argue it should be a kernel default (DWheeler in the article I linked too, for example) - but I don't. Besides, that horse has bolted already, and any new restriction would undoubtably cause problems.
But I probably didn't show that I also agree that such restrictions should be possible, and easily configurable by the sysadmin if he/she thinks it's appropriate. - Just as you describe above.
"...And if my users want to store data against arbitrary binary keys using 'special' C programs to make 'special' filenames, I'll tell them: Don't use a filename as the key, because it's a half-arsed hack. Instead, here you go, sqlite3 or gdbm or bdb, take your pick, they *do this stuff for you*. Oh, by the way, you can *even* use data containing '/' and ASCII NUL as a key. Whoa!!!!"
Backtrack time..... Yes, I agree and like to think I'd behave the same way!
The point I was trying to make was that it doesn't need to be a kernel based restriction - not that such a restriction shouldn't be possible.
But then I ranted off in some utopian way about the freedom of the programmer to be able to do what he/she wants without OS restriction that isn't necessary for the OS to work - but I didn't provide any practical real-world example.
I've never used such weird characters, and can't see any situation where I would recommend it - I was just trying to say that an arbitary restriction shouldn't be a place just to protect some programmers from writing prograns with parsing bugs, or indeed programmers silly enough to use stupid characters in the first place.
"The traditional "woo, anything goes except '/' and \0!" boast is making a virtue out of what likely started as laziness on the part of the kernel programmers. Laziness which probably made perfect sense for the times and the Bell CSRG's use cases. These days, adding an extra "check character code is greater than 32" to the kernel path parsing is not such a burden. It will branch predict correctly almost all the time."
So now it should be in the kernel? :-)
More backtracking from me... Fair enough, and you are right.. If such sane restrictions were in place from the beginning, I'd be cool with that.
TL; DR - I guess what I'm getting at is that this is how it is. It works. It can cause problems, but programmers should know this, and act accordingly. It's not something that needs to be 'fixed' at an OS level to stop the sky falling in. And ultimitely a blanket restriction would just be an added restriction that isn't actually necessary.
A lot of the power (and problems) in UNIX comes from it's rawness, and whilst any effort to make it easier and less exposed should be applauded, whilst I was in rant mode I was concerned with enforced 'dumbing down' - as it seems car analogies are usually used at thjs point, I'd say that you wouldn't force an experienced driver to drive an automatic car, just because some people can't drice manual (stick-shift) - even though in some situations said driver may even decide an automatic is his most suitable choice.
"UNIX got some things really right, but some of what the early designers chose not to care about has turned out later to cause problems for scaling and security. What made sense for the use cases and developer resources of a CS research lab in the early '70s is not necessarily appropriate now. Robust filesystems with synchronousness guarantees, race-free file syscalls and other niceties all came about because people recognised the need to take UNIX beyond what Ken and Dennis first envisaged. No slight to the inventors, just progress."
Yes. Situations have changed, and the other stuff you mention above I agree with, but whilst tightened restrictions on filenames would probably make some programs more robust, without these restrictions the filesystem itself is no less robust if the programmer knows what he/she is doing.
I think I more or less agree with you, I just didn't explain well why I thought 'unnecesaary' restrictions shouldn't be enforced in the kernel, but as you say, under the control of the sysadmin.
I hope I've explained myself more clearly, and didn't backtrack too much, but thank-you for reigning me in!
P.S. I've just written this using the 'w3m' console browser under an xterm session, because VI (or any other text editor) is far better for writing long replies than some slow click-and-type 'notepad-style' gui.... How I wish my current GUI browser setup allowed me to use an external editor like with the Firefox 'ItsAllText!' extension...
El Reg is one of the few sites you can actually use a non-GUI browser on these days...... The last of a dieing breed...
I'm a moron
How long have I been posting here?
I've only just 'discovered' the 'my topics' link.. Well, it's been there as long as I can remember, but I guess I've never tried it - just assuming it listed topics I'd opened on the 'user forums' - I never realised it tracked all article-forums I've posted to too..
You know, it's been a bugger all these years trying to make sure I don't miss any comments under an article I've commented on......
I agree about power-cycling, but then it depends on how deep 'standby' mode is.
Many white goods power just about everything off but the wake up circuit meaning that that big old transformer keeps humming away, providing no more benefit to the on/off cycling (except, of course for the transformer unit itself!)
Re: It comes down to power supply efficiency
Nigel 11, it doesn't matter that you aren't an electronic engineer in this case - your 'common sense' is sufficient (I did electronic engineering at university and can assure you many of my fellow students wouldn't have had this idea)
But yeah, I've basically advocated EXACTLY as you describe (maybe we should go into business together!) - yup, basically use a battery (or maybe capacitor if appropriate) to run 'standby' mode, ensuring the power supply is off entirely, and as you say, only power it up if the unit is 'switched on' or the battery needs charging, with the hardwired override button for those times the battery is dead - just like you describe!
Seems obvious to me!
my guilty what?
Indeed. I'd expect that summing up not from the prosecution, but from the defence as a way to demonstrate the futility of the case.
But, it seems Matt Bryant was the judge ;-)
Re: Which crypto?
Remember how in WWII, allied soldiers were still sent on missions it was KNOWN they'd fail because the allies didn't want the Germans to suspect they'd cracked Enigma....
"For the prosecution, Neil Pallister concluded that:
Effectively, the crown's case is, the only appropriate inference to draw from the defendant's refusal to disclose the password to allow access to the computer is it would have revealed activity of the type mentioned in the messaging, namely hacking of police, Serious Organised Crime Agency and university websites."
Re: The irony...
"As I understand it, it's to defeat a bot net created through use of Trojans.
Are you suggesting that allowing a user the ability to install software which communicates over the internet is a bug?"
Hah! not at all, and if this is soley due to users intentionally installing software, I withdraw my comment.
However, how many of these are 'advertised' as programs that require specific installing as such, and how much are exe's mascarading as PDFs etc.?
How many grant themselves the right to auto-start without the users knowledge?
How do you reconcile this suggestion with other hate-cries about Internet Explorer since it would inevitably mean that you literally could not install any other browser (or mail client or utility).
But that was never my suggestion.... Getting dangerously close to a strawman argument here!
Ha ha, I got my mum a tablet too (she was always using the excuse that she was scared she'd break a big computer)
If she can't get something to work (whatever it is), she calls me and says that her 'google is down'
Then there was the time she proudly told me she'd changed the curtains... It took a bit of puzzled questioning to discover she meant the wallpaper!
Re: possibility that El Reg is too?
El Reg has made the great firewall of China blocklist!
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market