Posts by Ian McNee

If a tree falls in a forrest...

...that man may or may not be wrong but he certainly cannot spell!

What hardware?

I have a Fedora 16 32-bit VirtualBox VM running Gnome Shell on a 4 year old Linux Core2 host with an equally old ATI card so I'd be surprised if it won't run on much newer hardware. It did take a little tweaking with help from the Fedora forums but it wasn't uberpenguingeek stuff.

Maybe these links will help:

http://www.fedoraforum.org/forum/showthread.php?p=1521005

http://www.fedoraforum.org/forum/showthread.php?t=269151

No effect on VMs

VMs don't see the physical BIOS and the physical BIOS doesn't start the boot process for VMs, the BIOS for a guest OS is virtualised by the hypervisor. Some virtualisation software like VirtualBox give the option of a virtual UEFI BIOS and it seems likely that they may offer the *option* of a virtualised secure boot. However M$ does not have the whip-hand over companies like Oracle and VMware the way it does over x86 OEMs so it's hard to imagine them upsetting a large chunk of their user base by effectively locking out Linux et al for no tangible benefit.

Even so this is no reason to accept the Beast of Redmond trying yet again to pull a fast one in using its monopoly position to undermine competitors.

M$ Sockpuppet?

To say that Safeboot is not M$ mandated is technically true but effectively a big fat lie - due to M$'s monopoly position in the desktop OS "market" and consequentially disproportionate influence on OEM & motherboard suppliers.

@Giles "FUD" Jones

Astonishing, Giles! Who knew that 40%+ of worldwide smartphone users love hacking their phone from the CLI and re-coding the apps?? And that less than 5% of smartphone users have the good sense to buy a WinMo phone that "is a tool to do a job"?

You and Mr Ballmer are whistling in the market share wind, becoming a gale as WinMo rises without trace.

Open eyes --> yawn --> nose --> coffee cup --> sniff. 'Nuff sed.

True, but there's no Trust 'ere...

As usual for Trusteer "security bulletins" the only mitigation they suggest is the use of their software. In this case they are fairly subtle about it:

"The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques."

However, even if this is more subtle than their usual "BUY OUR SOFTWAREZ NOW LUSERZ!!!" (directed at the banks with the cost inevitably added to our charges in the long run), it is at best a questionable claim. If one's PC or other device used for on-line banking has been pwned then the use of MITB social engineering techniques is the least of one's worries.

Trusteer? Nope.

That's a rhetorical question, right?

The only reason we know about this tiny insignificant bunch of mindless haters is that media types have wet dreams about them and punt them to the front page: a symbiotic relationship between two groups of people who share a similarly slender grip on reality.

Third-rate hardware...

If Apple added everything you wanted to the phone you might end up with an Android from HTC, Motorola or (lawyers rub your hands with glee) Samsung

@Micky 1 too

Hahahahahahaha! HAHAHAHAHA! AHAHAHAAA!!

I expect you're using Safari on a Mac so you don't need something like NoScript because your software is impregnable...err...wait a minute...

Back to the main topic, this is actually a good news story. All of the smaller players are gaining ground against the leader and no-one is in a monopoly position. This tends to keep them honest so nearly everyone benefits, even IE users, poor innocent saps that they are.

Forgive me if I'm teaching granny to suck eggs...

...but can you not unpack the plugin XPI file and edit the em:maxVersion tag in install.rdf? Of course there may be a more fundamental reason why it doesn't work with FF7 but I would have thought it's worth a try. And naturally this is unlikely to fix the attachment upload problem.

There are bound to be problems with Convergence at the start, as elegant as the idea is it is still a massively ambitious undertaking to turn the net's trust model on its head. Personally I think there is a responsibility on those of us that recognise the problem to actively participate in the solution. That may be just using the plugin, feeding-back issues to the devs and possibly running a notary but every little helps.

@Ken: No, the sky is not falling...

...but the current trust model means that we are perpetually at risk of a weak link (like DigiNotar or one of the many Comodo resellers - and by the way DigiNotar was a wholly owned subsidiary of Vasco not Comodo, the Comodo hacks were back in the Spring and beyond) being broken at which point many thousands of end users are likely to get burned in some way.

You may be lucky and simply lose a few hundred notes on a TV that you thought you were buying online. Or you may be unlucky and your government decides they don't like the e-mails you've been sending and arrange a blind date between your genitals and Mr Mains-Cable in a cosy cell somewhere.

And no you're not being stupid, those involved in the CA system are as tight-lipped about the risks as the banks are about card fraud: "Nothing to see here, everything is fine, carry on spending" - because it would hurt their profits if they actually dealt with the problems. On the other side the mainstream media seem blind to this issue: maybe because it's a bit technical or perhaps because they're all iPhone users and they've been told by Saint Jobs that they're safe.

But if you trawl around the geek press and places that focus on security it's all there. El Reg's coverage is pretty good, Heise Online (http://www.h-online.com/) is good and Bruce Schneier's blog (http://www.schneier.com/) is excellent. On this particular topic Moxie Marlinspike's presentation on the CA trust model is a must: http://www.youtube.com/watch?v=Z7Wl2FW2TcA

Destroy All Monsters: try reading the article in the link

(i) The world price of helium is artificially deflated by an act of the US Congress *forcing* the sell-off of the USA's strategic reserve of helium by 2015, i.e. flooding the market regardless of demand and price;

(ii) We *cannot* make helium, terrestrial reserves result from the radioactive decay of elements in the earth's crust: we have almost exhausted 4.6 billion years of production in about 100 years;

(iii) Helium is essential for all sorts of things that you probably approve of (if only you took the time to find out): MRI scanners, the LHC, keeping deep sea divers safe, making rocket engines viable, geoscience and solar telescopes.

Oh but yeah...you wanna have cheap helium-filled balloons at your overclocking party, silly me!

Or...

"Your PC ran into a problem that Windows couldn't handle, try installing a non-legacy operating system."

</troll>

Here's an idea...

...like...you know...turn it back into a laptop again...erm...for free. It's trivial and if you partitioned your hard drive with a separate slice for /home it's even more trivial.

Surely that's one of the main reasons we love Linux and FOSS: we are free to pick and choose the bits we like and don't like and it's pretty straightforward to do so these days. Don't like Unity? Try Fedora. Don't like Gnome 3? Try Mint or Debian or the still excellent Umbongo 10.04 LTS. Don't like all the extra software? Xubuntu or Lupu or...so many to choose from!

Canonical have done good things for Linux but they are not Linux by a long stretch. Pick the bits they do well and spend the rest of your time finding other cool stuff to work with it rather than moaning about it. Linux: ROCK ON! :-)

@bazza: E-V-I-D-E-N-C-E

Unfortunately you are using the logic of the Daily Wail that leads to things like every known substance being declared both a cause of and a cure for cancer.

Actual studies based on what happens in the real world show that bugs & vulnerabilities in OSS are fixed significantly faster than in proprietary code. End of.

And as for your bizarre statement:

"Linux is a hodge podge of competeting ideas that has met some success in certain areas (servers) where this doesn't matter too much"

Yeah, those servers, they don't matter much, no point them being secure and reliable, it's not like they deal with anything important like financial transactions over the internet...hey...wait a minute...

Or a big fat fail for BOTH Apple & Adobe...

Both have been arrogant and treated their users as if they are cannon fodder with which to fight their pathetic corporate squabbles.

Adobe expected its various semi-monopoly apps like Flash and Photoshop to last forever regardless of their willingness to ditch/piss off chunks of their user base on a whim. Likewise Apple will brook no criticism, however constructive, of its products' failings or its arbitrary attitude towards other vendors that its user base find valuable.

A plague on both their houses.

Summed up very nicely,..

...that terrible Prof. Jones dismissing ***OPINION*** voiced against the overwhelming ***SCIENTIFIC EVIDENCE***. It's a bleedin' outrage! Call the Daily Heil now! And so what if most of that opinion masquerading as science if funded vested interests making billions from carbon-based fuels?

And, Andrew, as for your collection of ad hominem quips against Steve Jones and your final hyperbolic nonsense about the possibility that the Tories would be able to close the BBC, you can do so much better.

Shit...I blinked and M$ took over the world...

Yeah you can just hear all that chatter from Redmond not caring about the tiny minority of developers working on iOS/Android for smartphones and tablets and the tiny minority of developers working on Linux for the cloud and the web. And anyway all this stuff about mobile devices and the cloud will never catch on.

And then you woke up.

Simples: at any one time roughly 12% of the population are twats...

...and therefore at some point there is a very good chance that they will begin to use Twitter.

Not that *THEY* aren't watching you...

<evil_laughter>

@Metavisor: Caution over "free" wi-fi =/= exoneration of Google

Who blamed this problem on public wi-fi? That was a little party going on in your own head alone it seems. The point was simply that free public wi-fi is often completely unsecured.

As an Android user whose network hasn't deigned to put out Gingerbread 2.3.4 for my handset it does concern me that Google has been sloppy with security for earlier incarnations of Android. Us geeks can make a judgement about the risks of connecting to insecure wi-fi (again, that was implicit in my point) whereas most lay Android users will take the view: "Yay! Free wi-fi!"

More likely...

...two popes one grail? Sorry. No really: sorry!

Ian McNee is talking bollocks as usual...

<humble_pie>

...as pointed out by nearly everyone else, it's the client that's affected...doh!

</humble_pie>

Hey G4Z!!!

Can I have your old HTC Desire then? My old Motorola Dext needs replacing! :-D

I'll even pray for your lost soul when it's owned by Evil Sony Inc...

A good point, Michelle, partially

We are still pretty much in the "Wild West" stage of the internet's development and the LOIC script-kiddie 4chan dwellers are going to be around for a while in this environment. Likewise it's no surprise that Anon's street protests against the Scientology cult were much more effective than DDOS and defacements.

However with the emergence of things like WikiLeaks and the subsequent HBGary affair hacktivism is growing up and finding its political feet: whichever side one takes it is impossible to dismiss as the pranks of some sad "mom's basement" dwellers. Personally I beleive that the material revealed by Anonymous with their HBGary hack gave a pretty scary glimpse of state+corporate dirty tricks on-line and the more light shed on that the better.

Traditional campaigning is important but grown-up hacktivism at its best can play a similar role to investigative journalism, not merely on-line civil disobedience and graffiti agit-prop.

Mmm...yummy Gnome Bars!

And even better dipped in open sauce :-p~

<apologies>

Indeed: Statseeker or JFFNMS anyone?

Perhaps the highly paid external "IT experts" from Logica (oh...quelle surprise!) were too busy examining the insides of their eyelids to check their e-mail.

I mean these "expert" private sector consultants wouldn't have installed such a network without the most basic of SNMP monitoring tools. Shirley!

And next the tsunami of pro-nuclear AGW deniers...

...along the lines of it couldn't happen here because:

(i) we're British

(ii) we don't do proper earthquakes/floods

(iii) I've got a big bucket of sand that I can stick my head in

(iv) <INSERT FAVOURED SPURIOUS BOLLOCKS HERE>

and in any case there's no such thing as anthropogenic global warming so why don't all you limp-wristed lettuce-munching pinko enviro-nazis fuck off back to (what remains of) the Amazonian rain forest seeing as you love plants so much!

Now where was that job offer at the Daily Heil...??