The Future :-(
74 posts • joined 19 Oct 2008
As I like to say the Chinese don't understand open source/free software because it's communism and they just don't get it :-).
Please install and use this on all systems. Use it instead of "private browsing" mode.
I'm installing new computers for my family in the UK over Christmas. I'll be putting the link to the new browser prominently in the "programs" bar.
SONOS reads and indexes the music on my NAS. They're announced Amazon Echo integration for next year, so I'm eagerly waiting for that.
Being able to stagger, barely conscious, into the kitchen in the morning and croak "Alexa, play KQED" is *very* useful :-).
The problem with most of these music playing devices (mentioning no names) is that they really, *really* want you to stream your music from the cloud. Bugger that - I have a 24TB NAS with everything I want on it. Don't need to waste bandwidth on cloud streaming thanks very much.
Nope - free as in FSF (GPL etc. etc.). I'm not keen on *any* products using closed, proprietary protocols.
The echo has a 'stop listening' button you can press, after which it stops listening for the wake-word. I guess you either trust Amazon on that or not. Personally I do trust that ( but I also know how to run Wireshark to make sure it's not shipping anything off to the cloud when I've pressed it :-).
People are screwed, control- wise, as soon as they use closed proprietary products and protocols IMHO. Thats why I use Thunderbird with enigmail (gpg plugin) and set it to complain every time I have to send unencrypted mail.
As you can imagine, it complains a lot.
Free software products are the only way for people to regain control from corporations. Use and report bugs in them whenever you can !
Blimey ! You are Charlie Brooker and I claim my five pounds..
Disclosure - I'm a Google employee, but I have no experience with Google Home (haven't even seen a demo :-). I do have an Amazon Echo and bought one for my brother in the UK (which required some shenanigans to get the time zone right :-).
Always-on voice interfaces are game changers. I absolutely *love* the Echo, and will be interested to compare it with Google Home. For a geek like myself, it's like having the Star Trek computer in your house. For the cynics, it's like living in an episode of "Black Mirror" :-). Now the voice interfaces are getting good enough to converse you find that it is a completely natural way of making requests - something that the voice assistants on the phone never managed to do for me.
Personally I think the most successful device will be the one that makes an open platform for third-party developers to interface with easily. Watching how the other people in my house use the Echo is very illuminating. Make no mistake - these things are the PC / phone / tablet replacement for the non-geek person.
Now, where's my jetpack, hoverboard and flying car ? :-).
Add a spelling and grammar filter. Any posts that have bad Grammer or incorrect spelling are automatically rejected - *without telling the poster exactly what the error was* !
That way only people who know how to write coherently can comment. Maybe 'El Reg can do the same to this comment section.
There, problem solved ! Plus it would eliminate 99% of my posts, so that's a bonus..
Best comment on Brexit:
“If you’ve got money, you vote in,” she said, with a bracing certainty. “If you haven’t got money, you vote out.”
The people who voted Brexit don't care about you and your IT jobs. They voted to *punish* you for not sharing the wealth. I can't blame them. Doesn't really matter if it's your fault or not.
Trading Places quote from Eddie Murphy:
"the best way to hurt rich people is by turning them into poor people."
Looks like that's happening. To everyone.
At Sao Paulo Zoo:
It's rare I get a chance to bring this interview (from 2010) up, but this seems the perfect article :-).
When you connect from Mac finder/Windows \\IP-addr\name do you know if it's connecting using WebDAV or SMB ? Enquiring minds want to know...
(and if it is SMB, I might have to ping my friend at SanDisk to see if we can help make it work better and go faster :-). Sounds like a great product !
〉Want to do a raid on that well known felon Mr Winston Kadogo?
Ah, someone else who remembers "Not the Nine o'clock news" :-).
Few of us left these days...
Fantastic article from Alexander Bokovoy on
how this thing was found and fixed !
Best comment I've seen on Infosec "reporting". From Alexander Bokovoy:
"Overall reaction is exactly by throwing content out and concentrating on the messenger. To give you a level of incredible misunderstanding what the content is, here is a quote from 'threatpost.com', a site that is associated with Kaspersky Lab:
"As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services."
The end of the second sentence is all you need to know about infosec news reporting."
The "sniffing the traffic" bit isn't required. Just get the client to connect to you and bobs-yer-uncle ! :-).
You must be on the same network as the client connecting to the AD-DC, but you don't need to be able to sniff any traffic, just be able to spoof the client to connect to you instead of the correct DC.
It's the first protocol-level bug in DCE RPC I'm aware of, and Metze did an amazing job both finding it, working out the implications and creating the required fixes for this. Also many other engineers put in long
Not gonna comment on the "badlock" website, only that it wasn't a Samba Team activity.
> > "Sure no company would ever let her near the levers of power again?"
> You'd be surprised.
> Really, you would.
Yep. Once you reach the CXX level there are never any consequences for your actions. Google the ex-CEO of SGI who became a VP at Microsoft, then back to CEO here in the valley for a good example.
What people don't realize about the HBO "Silicon Valley" TV show is that they have to *tone down* the antics of the VC's and company management. No one would believe the truth here..
Nope - I have a lot of users who haven't forgotten that Samba4 == AD-DC. I fix bugs for them every day :-).
Nothing of what you posted addressed what I said in any way. I am pointing to direct copying of Linux kernel source code under GPLv2 into zfs-on-linux because the code inside the kernel was restricted to GPL-only modules and the ZFS developers wanted to use it. I know little about the NVidia drivers but I very much doubt their developers have been careless enough to do the same sort of thing.
Don't conflate the two issues. The zfs on Linux code is clearly not clean, and I'm amazed Canonical have tried to ignore these problems to sell to commercial customers. If I were a Canonical cloud customer I'd be calling them right now asking them what they hell they thought they were doing putting my business and my customers at legal risk.
Disclosure, I'm on the Board of Directors of Software Freedom Conservancy (SFC).
shows that the ZFS-on-Linux developers copied GPLv2 code from the Linux kernel into their zfs on linux source tree in order to avoid having to use an EXPORT_SYMBOL_GPL function that they needed.
The haven't been careful, or clean in developing this. Details like this *matter*.
Everyone wants ZFS inside Linux. Doing a dirty, careless hack-job that plays fast and loose with the licenses isn't the right way to do this.
Conservancy is doing Canonical a favour by pointing out the folly in what they are doing here (IMHO of course).
> especially because Samba implementation of SMB is not so performant
Utter bollocks. Prove it you anonymous troll. Samba can saturate 10GigE for both read and write, plus we're currently testing multi-channel SMB3 TCP for multiple NIC concurrent performance goodness. I hate 'nony-coward drive-by slagging off like this.
"Edit: wow Samba is an even bigger POS than I realized."
Easy to say - hard to write secure code. If you want to do the things that Samba needs to do on a computer system, you have to have the privileges needed to do so. That means root.
You do realize we continuously test with Coverity static analysis, Codenomicon protocol fuzzers, and work with Linux vendor security Teams to issue CERT alerts when vulnerabilities are found ? I'd hold up Samba security practices as best-in-class against any vendor, Open Source or proprietary.
(From a post I made to email@example.com):
Hmmm. Doesn't look real as far as I can see
(the article is full of hyperbole).
It's got lots of phrases like:
"So, if we have an access to the key.."
"if we’re able to steal those tickets and somehow
insert them into our own system"
"It’s just an account in domain controller
database, so your obviously need access to DC or it’s data."
So looks like a "if we can break the security
then we've broken the security" article :-).
Forgot to address the comment about "Maybe they should have spent their efforts in making it scale better.."
I don't think you have any idea about how much effort we put into making Samba scale, to the point of counting instructions using cachgrind and modifying core algorithms to improve scalability. We have one Samba Team member (Volker) who does this to the point of obsessiveness. I love him for it :-).
Haven't you heard, the pendulum has swung back again, and being in user-space is the new, new hotness - again (see the other recent article on IP-in-userspace performance improvements :-).
for details. Apple are religious zealots about patenting software. Nothing we can do about that. All other vendors had no problems with it.
Here is the link for donations. Thanks !
No I haven't forgotten about the FSF. The FSF hasn't enforced the GPL on their copyrighted material for many years. Last time they did that was when Bradley Kuhn (who now works at Conservancy) worked there. Since he left they haven't done enforcement (are you seeing a pattern here ?).
Thanks for highlighting this (disclosure, I'm on the Conservancy Board of Directors).
Conservancy is the only organization doing GPL compliance work in the USA. Not only that, they do it in a reasonable and non-confrontational way:
But lots of corporations really don't like GPL compliance, to the extent of putting financial and political pressure on Conservancy for doing it at all. If we developers want the license enforced, we'll have to donate and fund it ourselves. Please help !
It takes care of all this for you.. Seriously, it's very nice for C code. Makes something as complex as Samba even possible.
You can be a murderous paedophile and the police and security services will move heaven and earth to protect you and keep you in parliament (especially if you have royal friends).
But publish "secret" information that embarrasses them and their rage and vindictiveness knows no bounds, as poor Julian will eventually find out.
As "terrorists and extortionists."
Utter shits, who find zero day exploits and refuse to disclose them to the creators of the software but sell them to others instead.
I can't be bothered to download their crap, can anyone tell me if they have contracts that explicitly prohibit licensees from disclosing the vulnerabilities to the actual authors of the software ? Other similar companies (let's hope you get hacked too, you disgraceful bastards) have such clauses. I remember knowing about a vulnerability because of one of these companies, but being unable to fix it for a while because of these contracts. We eventually figured it out.
As a Free Software author myself, this makes my blood boil.
AC wrote: "once that happens you will be stacking shelves..."
Hahahahaha ! Consequences for their actions ? Clearly you must live in a different silicon valley than I do.
Lookup "Rick Belluzzo" for the perfect example of a Silicon Valley CEO. They make the banksters look honest :-).
Sir Percy Browne: "Sometimes Mr. Fiennes, I think you'll only be content when you have the population of Great Britain under permanent, twenty-four hour surveillance. Would you be happy then ?"
Fiennes: "Happy, sir ? Satisfied."
I *loved* those guys... Sig11 I think it was.
"Information wants to be wiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiide" :-).
Haha. I know why they want to have 'the right to modify your files' :-).
Given a 'jpg backend with 'infinite' storage, it is relatively trivial for an experienced storage engineer (i.e. I've thought of it :-) to write code (Samba VFS or FUSE maybe) to split any incoming file into a set of JPG formatted backend files, and re-combine them on read. Layered filesystems - they're a wonderful thing ! :-).
Offering 'infinite' picture storage means simply 'infinite' storage of any kind.
If they transform the incoming data, then it's harder to build a generic storage backend out of the thing (although probably not impossible with clever enough error-correction code :-).
No, that's tridge :-). Andrew Tridgell wrote both rsync and Samba. I just wrote Samba (we're co-authors on that).
It's an easy mistake to make, him being Australian and me being from Sheffield and all. Most people think we sound and look *exactly* alike (except for the old accent thing and the fact I'm probably 100lbs heavier :-).
Err. Yeah, that's me. Not sure what your comment is trying to say though :-).
In the words of Popeye the sailor, "I Yam What I Yam".
If you want to donate to help Conservancy:
There's a $50k challenge match at the moment, plus donations are tax deductible (in the USA at least). Full disclosure - I'm on the Board of Directors of the Conservancy.
Unfortunately the NSA/GCHQ *ARE* the real bad guys.
If by "there ARE real bad guys out there" you're referring to people like the Islamists and the IRA, as Steve Bell famously pointed out, they're bad guys wearing clown shoes. Getting hurt by them is like a car accident, you're just unlucky.
No, NSA/GCHQ are *much* *much* worse. As good 'ol King Henry VIII says in "A Man For All Seasons" : they are "a deadly canker in the body politic". They are an infection in the very ideals of our Democracy, and there's no way back from that.
Yeah, I was gonna mention this too.
If you mentally convert the 'magic' SEATEC ASTRONOMY box to a method be quickly breaking DES, then just about everything else in this movie makes sense :-).
Even down to James Earl Jones saying "We're the US Government, we don't do that kind of thing" to the request for "peace on Earth and goodwill to all men" :-).
The dirty secret of Register Copyright articles is that they never mention the "limited time" aspect of copyright.
Remember that ? The idea that eventually published works will go into the public domain.
Let's see how many works went into the public domain in the USA at the end of 2014 shall we ?
Oh that's right. Nothing. Nada. Zilch..
Whilst this continues to be the case, the copyright contract is null and void and neither side feels any qualms about violating it. I say this as someone who makes their living via copyrights on software too.
What a shitty situation for all concerned.
"Decoding a BER (or worse, PER) datastream from scratch is a mugs game; that's what libraries and tools are for."
Oh, so that's your answer. The details are hard - let someone else do it...
I'm one of the people who have to do it from scratch. ASN.1 utterly *sucks* I'm afraid. Far too complex for its own good. Type tagging is a bad idea. The software needs to understand the marshalling/unmarshalling format, so type tagging is irrelevant IMHO. You either completely understand the stream format, or you have no business trying to parse it (that way lies security holes for sure).
I'm old :-). ONC/RPC xdr format is nice, simple, and has already had its share of security holes so it's now pretty well understood. Give me an xdr stream any day...
I take it you've never written or debugged an ASN.1 stack.
That thing is a f&%king nightmare. DO NOT USE ASN.1 for new protocols please, unless you are having a competition to see how many CVE's you can get for your software ("look Ma, we beat LDAP... !" :-).
The USA and UK showed the way. Spy on everyone, everywhere, anytime with no restrictions. Any wonder you're starting to see the balkanization of the Internet. This will get a lot worse, in a lot more places I expect.
"So the theory for higher-fidelity playback of stored music through the Sonos system is to get a FLAC copy of the music, convert it to ALAC, import that into iTunes, re-set the Sonos music index, and then play the music."
WHAT ? Why are you messing about with all these steps. To play flac:
1). Rip the CD to flac format onto your NAS drive.
2). Re-index the SONOS music library.
3). Play the flac file on the SONOS from your NAS drive.
That's what I do...
Oh, wait a minute. iTunes and Apple - there's your problem mate. FLAC is a *Free Software* created format. That's like garlic to a vampire for Mac's :-).