* Posts by Tom Williams

4 posts • joined 30 Dec 2007

Bug exposes eight years of Linux kernel

Tom Williams
Stop

not much of a showstopper

Since I switched to Fedora on my laptop I don't recompile my kernel anymore, and let the distro do it. However, memory prompted me to check out an old hppa server running 2.6.28 and Gentoo; there's an option in there (Security options) to configure how much "low address space to protect from user allocation":

CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR:

This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs.

Apparently there is even a kernel tunable, so nobody needs to recompile/reboot in the short term - just stick in 4096 or whatever your page size is to /proc/sys/vm/mmap_min_addr and you are gaffer taped until you can afford some scheduled downtime to apply both this default and the real fixes to the offending modules.

No idea when this feature was implemented but I'd say at least a year ago - correct me if I'm wrong. I've had it set since I first saw it as I realised the useful purpose it would serve. Obviously I'm not open to much abuse running a PA-RISC box from the Ark, but the principle applies everywhere.

I would hope that any Linux sysadmin worth their salt would have been using this option for some time. In that dreamworld, the impact of this new 'sensational' bug would be small as no local attacker can place code at address 0 to be executed.

Mobile broadband or WiFi? You betcha

Tom Williams
Thumb Up

I heart mobile broadband

I've been using mobile internet for years as I'm constantly moving around - fixed-line ISPs want you to sign long contracts, and I'm never at one address long enough! I made do with GPRS for a loooong time and finally upgraded to HSDPA about a year ago. It is fantastic.

Anywhere I go, on the train, at home, even heading up the motorway (not computing while driving, of course) I can usually get some kind of link, enough to fetch e-mails and the odd web-page. When in a city location, my download speeds are impressive, and I've used VoIP and video 'calling' without problems.

Although the cost of a mobile broadband contract is generally higher than that of a fixed line, the flexibility it offers is priceless. No 'extra' costs either like paying for public hotspot airtime (Openzone etc.).

'I can see dinosaurs from my back porch'

Tom Williams
Stop

Summat to bear in mind

There is a serious omission in the discussion so far.

Everyone harks on about "scientific method proving this" or "creationists proving that". Newsflash: nothing can ever be proven.

Scientific method and the conclusions drawn from its application only ever seek to _disprove_ possible explanations, i.e. to narrow down the possibilities. A mechanism for some observed effect is conceived, and then experiments are run to test that mechanism - not by seeing if the mechanism applies, but by seeing if at any point it fails to explain the observations.

At the end of a round of experimentation, one concludes that either that the mechanism is false because we have shown plausible exceptions to it, or (and here is the important bit) _so far_ we cannot discount it, because our experiments have thus far agreed. Absolute agreement with the mechanism is never postulated, for that would be naive.

Sorry to have to point that out to all you learned people.

Religion and faith and 'creationism' - such that it exists - should be presented in R.E. lessons. Faith is good - scientists have as much faith in the scientific method to explain their world as religious people do in their deity of choice. Only science and the scientific method should be presented in science lessons.

Science gives us a self-consistent window into the workings of the Universe but a good scientist knows that this is just a blinkered view. With time we may widen our perception and discover that what we know now is a) in fact the whole truth or b) just an approximation of it (think classical vs. quantum mechanics) and that has to include omnipotent supradimensionsal beings. It _sounds_ like bollocks, and I personally don't believe in such things, but to discount even those far-fetched explanations is to be inherently unscientific. Truth is stranger than fiction, after all.

If we wish to allow our children to form their own opinions, and grow up as balanced, free thinking individuals, we should teach all human ideas on how we came to be, but never confuse the purpose of the two. Science in science lessons. Religion in RE. Do not mix the two!

Man uses mobe as modem, rings up £27k phone bill

Tom Williams
Linux

All this mobile data

I *need* mobile data, and not for some ego trip. I move around a lot, and there is no way I can be signing up to a new DSL package or similar every 12 months - especially given the general trend in 18, 24 etc. month contracts that seems to be developing to get those 'bargain' packages.

I've used GSM and GPRS data extensively, at one point having to contest £350/mth bills because they starting billing me for HSCSD calls I hadn't made. Up until last month I was making do with tunnelling my Internet connection through port 80 (alright, so you need a sympathetic machine somewhere to achieve this, but it isn't impossible if you have a friend with a regular broadband link) in order to get dialup-like speeds, for the £5/mth 'Unlimited GPRS WAP browsing' offer. Why this scam? the legitimate price plans were extortionate.

Re: sales reps who have no idea, I had the guy on the phone explaining the contracts tell me they were so expensive because of the strain their use puts on the network. I thought packet data was invented to reduce the channel-sapping GSM data calls? He did also tell me that his telco's offers were plainly bad value for money though, so he was honest if not completely informed.

Surely as the technology is improving with UMTS and HSDPA there will be more capacity for the average data user, and they should be encouraging us to use all this expensive kit they've had to purchase and install.

I've just moved up to HSDPA with a CardBus data card, and in the city centre where I live now I regularly get 1.8Mbit/s downlink, great for fetching big e-mails, source code archives and the like. I don't download films and TV shows, I occasionally drag an MP3 or two off a torrent. I get 3GB a month transfers, and told to behave if I go over it. There is no danger of that right now (it is 100MB a day for the 30 day month, which is plenty for normal Internet use.) and I pay £25 a month for the privilege.

This is at the top end of the 3G 'unlimited' packages, but 3 couldn't even set up an account properly for me (and it took a week of phone calls and trips to the shop to ascertain their mistakes) T-Mobile said I failed their credit check (having too many addresses in the last few years perhaps?!) and eventually it was slightly more expensive but dependable Orange who came up trumps having just come up with this actually half-way competitive price plan in the last month or so.

Now the telcos are waking up and starting with these 'unlimited' plans, although their use of these fair usage policies to qualify that word seems to be opening up a can of worms like the guy in the article. I didn't even consider Vodafone when looking for the HSDPA upgrade - perhaps I've dodged a bullet.

Biting the hand that feeds IT © 1998–2019