1473 posts • joined 14 Jun 2007
I've entered an El Reg parallel universe ..
I came here to agree with Microsoft, only to find most other commentards do so also!
I remember one place I worked - they insisted the root passwords for the servers were unique, random character, with 4 servers passwords changed a day (with approx 100 servers, each password had a lifespan of more or less 25 days)
If I never needed to get into a server out of hours it was easy - all the support staff had their password sheets in their draw or more likely on their desk.
Not to mention these machines had more holes than Justin Baeber before a firing squad - but no, the PHB were happy because the machines were protected with root passwords such as "Ed3tx6gAUz3Q"
Re: everybody wants a faster Web, but everybody wants to stick with the formats they're using now.
" Running AdblockPlus and NoScript, my web is extremely nice. On the tablet, where such options don't exist - and would really be appreciated - the difference in speed is notable."
I use mitmproxy ( mitmproxy.org ) on my router to let me control the pages my tablet sees.....
I basicslly use it as a server-based 'greasemonkey' - ad block and noscript are doable too.
..... blaming the wrong thing, in their own self-important style.
...reminds me of the idiot who recently claimed BTs DNS servers were down, even though it was a routing issue, posting "I KNOW HOW THE INTERNET WORKS."
Yep, if uninformed comment from unimportant people is your thing, then twitter is for you! (Yes, yes, or all my El Reg posts.... I preempted that one!)
Re: clueless script, excessive CGI, teen nonsense, banal humour, you know the sort
Yep, if the market wasn't there, they wouldn't be made..
No idea why you got all the downvotes...
Re: BBC and YouTube without Flash?
" Whilst I agree with you about get_iplayer the poster was asking about BBC news videos, presumably from their web-pages.Those are flash."
Ah yes, sorry, I misread the post.
But when he said 'view video on YouTube and BBC news', just in case he meant :
(view video on YouTube), and BBC news
view (video on YouTube and BBC news)
(ahhhh, the ambiguous wonders or the English language!) get_iplayer can be used to view or record the live channels too.
Re: BBC and YouTube without Flash?
To legitimately access BBC iplayer without flash, google 'get_iplayer'
To legitimately access it when it appears you are not in the UK when really you are, (e.g. the multinational you work for peers outside the UK) a cheap UK proxy/vpn (or even set one up on your home machine) would work fine, because the actual raw rtmp streams are not regionally restricted, so can be accessed directly (courtesy of your local akamai or limelight CDN) once you know the stream rtmp url. (But why such content can be accessed in California [just tried it and it worked - rtmp server 1ms ping from my server there] is anybodys guess, though I assume it's cache on request at least)
Re: PC's down the swanee?
"Well, to prove I pissed in the toilet and not the garden, I took my oother half into the bathroom, showed her the toilet, and said: 'There's the pee, see?'"
/gets coat too - see you at the taxi rank!
PC's down the swanee?
"Thought PCs were in the toilet?"
Shouldn't that be 'PC sales'?
Re: Nothing wrong with Macs
" Plus, I am a real BSD bigot when it comes to my opinion of Linux."
Me too, but I'm not as wise as you - very sensible to post that sort of comment anonymously around these here parts!
Re: Not everyone works in an office
Um....As he said: " no touching the screen (keyboards are a necessary evil that are cheap enough to be replaced).."
Re: Too Much Clickbait
@Stuart.... ah, sorry, I didn't see that one.
@Chris, the Outbrain headlines seem to be behaving themselves at the moment too!
Re: Too Much Clickbait
I think you are referring to one of the more sleazy ad brokers they use - I agree, they are totally sleazy. I was disappointed when El Reg started using them. I mean, Reg Staffers, have you seen how sensationalist and inaccurate these links are?
Re: Seems she sued them back in 2012 for a million dollars...
Thanks for the reply.
However, I thought this case involved suing both TOR and pinkmeth?
Re: Analogy defect!
Errr, what? So you're saying that TOR was designed to allow people to post naked pics of others anonymously?
Besides, crappy car analogies are a requirement on techie forums!
errrm, when you posted that, there were only 2 other commentards apart from you, and neither of us advocated any such thing
Streisand effect in 3...2...1....
Oh dear. I'm actually very sympathetic to cases like these, and the bastards (assuming her story is true) are evil scum, but....... oh dear :-(
I presume if she was run over by a car, she'd sue Ford?
Re: "If you want to listen to great-sounding music"
But unless you have teenagers, the queue for the bathroom is usually longer at a live show!
"You can make a diode out of a piece of coal and a wire."
I'm sure the 'hipster wearable brigade' will find that bit of information most useful!
What an unusual way to do things...
Um, it seems Facebook did their investigation, and handed the evidence to the police who carried out a successful raid.
Anyone at Microsoft could tell you that the proper way of handling things is to convince a judge that you are the world police, and assume the power to personally confiscate anything you think may be tangentially linked, even if it's not owned or run by the criminals, creating huge collateral damage for millions of innocent people in the process.
"MICROSOFT! FUCK YEAH!"
" You still have to trust the Root DNS certs, but they've demonstrated themselves pretty responsibly up to this point"
Indeed. Far better than the current mishmash of companies doing it purely for profit.
"Deleting" files doesn't physically delete the data?
Wow. Who amongst us techies would have known that?
Re: How to sort out DNS problems properly
Or just use google?!
Re: How to sort out DNS problems properly
Finally! Someone mentions using a locally installed DNS server rather than simply changing to google etc.
(Though doesn't windows cache DNS records internally these days? - unix system's don't [though individual programs could in theory]- you should point entries to a local nameserver or a standalone caching daemon)
However, why go through all that testing for local DNS servers etc. to use, when you can simply configure a standalone DNS server that is seeded with the root servers?
This is basically how your ISPs nameservers are generally setup (after all, what forwarders do you expect the forwarders to use? :-) )
If you run it on a system that isn't powered off frequently, then it will end up caching where the popular records are stored, so it can contact them direct for maximum efficiency.
You are then no longer relying on forwarders (which is also more secure, as what happens if the forwarder currently being used is compromised?)
The only static config you need then is that of the root servers, which is readily available and rarely changes. And even if an entry does change, running a nameserver in this mode means that the very moment your DNS starts up and successfully contacts a root server, it will automatically be updated with the current root-zone list. (Though most nameservers don't actually update their local on-disk copy of this information)
If you follow this route, or indeed the route you mention, as you won't be using the server to serve your own domains to the internet, I'd recommend 'unbound' over 'bind'. It's available for unix/mac/windows etc. and is more lightweight and easier to setup (especially for DNSSEC)
To save money, the ASA could be replaced by quite a simple program:
In meta(ish) code:
....If complaint received:
......sleep for a few weeks
......output "Warn the company that the ads mustn't appear again in their current form."
Re: dot and slash
" I was, in fact, under the impression that no backtracking to argument mode was how most commands interpreted their arguments."
Indeed. That is quite nasty.
remember you can use '--' to end arguments with most commands these days, but I still agree with you there!
Re: You've made be rant now..
"I think your early points are great, but you lost me starting at...
"Indeed, there are many who argue that kernels should not allow files to exist which start with a '-', or contain spaces, newlines, tabs, various binary characters etc..."
My view is that if I'm the sysadmin for a multiuser system, it's *my* prerogative to prevent silly filenames creation by the users. It should *not* be a kernel default; but a filesystem mount option to reject open/creat/mknod/ link/symlink/rename operations where the target filename contains characters from \001 to \037 would be entirely appropriate and save lots of user confusion when they create such problem files by accident. This is fine for UTF-8 encoding and EUC coding."
Hiya. Sorry for the delay in replying.
I told you I was on a rant, so I'll probably backtrack a bit :-)
I agree with you (I think!)
Some argue it should be a kernel default (DWheeler in the article I linked too, for example) - but I don't. Besides, that horse has bolted already, and any new restriction would undoubtably cause problems.
But I probably didn't show that I also agree that such restrictions should be possible, and easily configurable by the sysadmin if he/she thinks it's appropriate. - Just as you describe above.
"...And if my users want to store data against arbitrary binary keys using 'special' C programs to make 'special' filenames, I'll tell them: Don't use a filename as the key, because it's a half-arsed hack. Instead, here you go, sqlite3 or gdbm or bdb, take your pick, they *do this stuff for you*. Oh, by the way, you can *even* use data containing '/' and ASCII NUL as a key. Whoa!!!!"
Backtrack time..... Yes, I agree and like to think I'd behave the same way!
The point I was trying to make was that it doesn't need to be a kernel based restriction - not that such a restriction shouldn't be possible.
But then I ranted off in some utopian way about the freedom of the programmer to be able to do what he/she wants without OS restriction that isn't necessary for the OS to work - but I didn't provide any practical real-world example.
I've never used such weird characters, and can't see any situation where I would recommend it - I was just trying to say that an arbitary restriction shouldn't be a place just to protect some programmers from writing prograns with parsing bugs, or indeed programmers silly enough to use stupid characters in the first place.
"The traditional "woo, anything goes except '/' and \0!" boast is making a virtue out of what likely started as laziness on the part of the kernel programmers. Laziness which probably made perfect sense for the times and the Bell CSRG's use cases. These days, adding an extra "check character code is greater than 32" to the kernel path parsing is not such a burden. It will branch predict correctly almost all the time."
So now it should be in the kernel? :-)
More backtracking from me... Fair enough, and you are right.. If such sane restrictions were in place from the beginning, I'd be cool with that.
TL; DR - I guess what I'm getting at is that this is how it is. It works. It can cause problems, but programmers should know this, and act accordingly. It's not something that needs to be 'fixed' at an OS level to stop the sky falling in. And ultimitely a blanket restriction would just be an added restriction that isn't actually necessary.
A lot of the power (and problems) in UNIX comes from it's rawness, and whilst any effort to make it easier and less exposed should be applauded, whilst I was in rant mode I was concerned with enforced 'dumbing down' - as it seems car analogies are usually used at thjs point, I'd say that you wouldn't force an experienced driver to drive an automatic car, just because some people can't drice manual (stick-shift) - even though in some situations said driver may even decide an automatic is his most suitable choice.
"UNIX got some things really right, but some of what the early designers chose not to care about has turned out later to cause problems for scaling and security. What made sense for the use cases and developer resources of a CS research lab in the early '70s is not necessarily appropriate now. Robust filesystems with synchronousness guarantees, race-free file syscalls and other niceties all came about because people recognised the need to take UNIX beyond what Ken and Dennis first envisaged. No slight to the inventors, just progress."
Yes. Situations have changed, and the other stuff you mention above I agree with, but whilst tightened restrictions on filenames would probably make some programs more robust, without these restrictions the filesystem itself is no less robust if the programmer knows what he/she is doing.
I think I more or less agree with you, I just didn't explain well why I thought 'unnecesaary' restrictions shouldn't be enforced in the kernel, but as you say, under the control of the sysadmin.
I hope I've explained myself more clearly, and didn't backtrack too much, but thank-you for reigning me in!
P.S. I've just written this using the 'w3m' console browser under an xterm session, because VI (or any other text editor) is far better for writing long replies than some slow click-and-type 'notepad-style' gui.... How I wish my current GUI browser setup allowed me to use an external editor like with the Firefox 'ItsAllText!' extension...
El Reg is one of the few sites you can actually use a non-GUI browser on these days...... The last of a dieing breed...
You've made be rant now..
Firstly, I'm not one of those who will blindly defend UNIX, and downvote anyone who dares criticise it (even if they have a valid point) but I'm sorry, this is absolute bollocks.
"Since this bug originates from a design problem it will be very interesting on how operating system vendors address this problem. It is something you cannot fix with a simple patch. The way on how the system interacts with files has to be completely redesigned," SEC Consult writes.
Seriously, what is their agenda? As others have pointed out, this has been known by any half-compitent UNIX user for ages. There is no OS level bug to fix.
No UNIX system needs to be completely redesigned (and if it was a real problem, it would only be the SHELL and it's globbing that would need to be 'fixed' - this has bugger all to do with the way the 'system' (kernel, compiled executables etc.) work)
As has already been mentioned here, any fault solely lies within buggy crappy programs ("buggy crappy programs holding hands" *cough* /coat) and they can be fixed without needing to make any changes to the UNIX kernel, userland, or even the bloody shell.
TO BE FAIR.....
It can be argued that the fact the way globbing works makes it easy for incompetent shell programs to screw up is at best unfortunate.
Indeed, there are many who argue that kernels should not allow files to exist which start with a '-', or contain spaces, newlines, tabs, various binary characters etc...
But, all competent UNIX programmers know that filenames can contain *ANY* value from the 256 in a byte, apart from ascii '/' and NUL, and therefore code appropriately.
This flexability may be a curse to some, but it can be useful to proper programmers (after all, why should a program written in C be restricted from storing files with 'special' characters just because some badly written shell scripts can't cope? -- especially as spne of these systems will be storing files that NEVER need to be accessed from the shell)
Yes, this has been known for years. Just like sql-injection, and other problems, you simply need programers who know what they are doing, without forcing syntax restrictions on them to appese the stupid.
There is a very well written website that describes these issues (and it itself has been around for years):
well worth a read, but to be blunt, anyone who is surprised at what it says shouldn't be bloody programming shell scripts to be consumed anywhere other than their home computer in the first place.
I'm a moron
How long have I been posting here?
I've only just 'discovered' the 'my topics' link.. Well, it's been there as long as I can remember, but I guess I've never tried it - just assuming it listed topics I'd opened on the 'user forums' - I never realised it tracked all article-forums I've posted to too..
You know, it's been a bugger all these years trying to make sure I don't miss any comments under an article I've commented on......
I agree about power-cycling, but then it depends on how deep 'standby' mode is.
Many white goods power just about everything off but the wake up circuit meaning that that big old transformer keeps humming away, providing no more benefit to the on/off cycling (except, of course for the transformer unit itself!)
Re: It comes down to power supply efficiency
Nigel 11, it doesn't matter that you aren't an electronic engineer in this case - your 'common sense' is sufficient (I did electronic engineering at university and can assure you many of my fellow students wouldn't have had this idea)
But yeah, I've basically advocated EXACTLY as you describe (maybe we should go into business together!) - yup, basically use a battery (or maybe capacitor if appropriate) to run 'standby' mode, ensuring the power supply is off entirely, and as you say, only power it up if the unit is 'switched on' or the battery needs charging, with the hardwired override button for those times the battery is dead - just like you describe!
Seems obvious to me!
my guilty what?
Indeed. I'd expect that summing up not from the prosecution, but from the defence as a way to demonstrate the futility of the case.
But, it seems Matt Bryant was the judge ;-)
Re: Which crypto?
Remember how in WWII, allied soldiers were still sent on missions it was KNOWN they'd fail because the allies didn't want the Germans to suspect they'd cracked Enigma....
"For the prosecution, Neil Pallister concluded that:
Effectively, the crown's case is, the only appropriate inference to draw from the defendant's refusal to disclose the password to allow access to the computer is it would have revealed activity of the type mentioned in the messaging, namely hacking of police, Serious Organised Crime Agency and university websites."
Re: The irony...
"As I understand it, it's to defeat a bot net created through use of Trojans.
Are you suggesting that allowing a user the ability to install software which communicates over the internet is a bug?"
Hah! not at all, and if this is soley due to users intentionally installing software, I withdraw my comment.
However, how many of these are 'advertised' as programs that require specific installing as such, and how much are exe's mascarading as PDFs etc.?
How many grant themselves the right to auto-start without the users knowledge?
How do you reconcile this suggestion with other hate-cries about Internet Explorer since it would inevitably mean that you literally could not install any other browser (or mail client or utility).
But that was never my suggestion.... Getting dangerously close to a strawman argument here!
Ha ha, I got my mum a tablet too (she was always using the excuse that she was scared she'd break a big computer)
If she can't get something to work (whatever it is), she calls me and says that her 'google is down'
Then there was the time she proudly told me she'd changed the curtains... It took a bit of puzzled questioning to discover she meant the wallpaper!
Re: possibility that El Reg is too?
El Reg has made the great firewall of China blocklist!
Re: "Uni-directional oxygen free copper speaker cables"...
"..were the most ridiculous things a friend of mine bought.
He said he could tell the difference if he plugged them in the wrong way round.
Everybody else just kept quiet, in full respect of his madness."
Are you seriously implying that none of you ever reversed the cables when he was out of the room?
I'm surprised that people people believed that adding a delayed copy of a wave to the original wouldn't screw things up when the wwaveform varies... But then, I come from an electrical/electronic/engineering background, not a snake-oil one.
" it becomes immediately obvious how bad DAB, MiniDisc and MP3 are and that the only lossy codec that has any merit is AAC (at an adequate bit rate). "
This isn't a loaded question - legitimately curious - where does OGG vorbis stand here?
Hi, maybe the analogy is a bit crappy. I was trying to think in terms of a personal case without using a lawyer. I.E. just me trying to claim for damages to my car, and being referred to as an ambulance chaser in the process.... Yes, I know, insurance companies do this part - as I said, crappy analogy!
Now, this case is complete bollocks, and I agree entirely with your opinion on them.
I hate the scum sucking parasites who behave this way, but then, I'm not saying this in a court where a verdict has yet to be reached.
As such, (and IANAL) I still believe this is a fair decission.
I hate these scum-bastards as much as the next guy, but surely this is a reasonable request as this sort of language is prejudicial - they've not been found guilty yet!
I'm sure if you legitimately took someone to court for rear-ending you, you wouldn't feel it fair if the defence kept referring to you as the litigious ambulance chasing con-man
"Presumed innocent until proved guilty"
I vaguely remember it...
Re: The cover for the game...
good catch, Jai!
Re: Looks more like...
It just looks to me like a generic blonde stereotype, not like anyone in particular
Re: If I was a Facebook engineer...
I totally agree with you!
Re: The trick is....
"Then when a potential employer wants to see your Facebook page, let them."
"Then when a potential employer wants to see parts of your Facebook page you haven't made public to anyone, walk."
Re: Dr U Mour Why this will not hurt M$.
Noooooo! I've just upvoted Matt again! :-)
I fear he's right though - MS will bask in the glory of being seen to be policing the internet - however misguided this may seem to us lot.
And yeah, mega-corp won't give a crap about any outage that doesn't affect them
"NO money, I am afraid but you certainly get my upvote !"
(but I prefer money! )
- Vid Google opens Inbox – email for people too thick to handle email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook