Thanks El Reg...
...fir another great interview. Please keep them coming, and I promise that I will turn off my ad blocker while reading them.
181 posts • joined 21 Jun 2007
...fir another great interview. Please keep them coming, and I promise that I will turn off my ad blocker while reading them.
You will need more buzzwords if you want people to take it seriously.
If the US government is good at anything these days, it's generating tools. In fact, tools are the common denominator of the current State of the Union. Some of them can even be described as "Power Tools" and some others as "Multi Tools." A tool can only be "useful" if there is a skilled operator with the will and means to execute it's intended function. After all, a skilled showman can juggle a chainsaw, a hammer, and an axe while never using any of them for their intended purposes.
...the Internet Explorer 4 launch? It wasn't really an update to IE, it was a beta test for Win98 in disguise. A least in the here and now Microsoft is being a little bit more honest about what code isn't ready for mass consumption. Now that I think about it, I don't know a a single personal that I would consider "well qualified" in the IT world that participates in the Windows Insider program. Maybe that is a good thing, maybe it's not.
...it's like to have people admire you so much they will travel 7000km out of their way just to be with you. The last time I booked a flight for a vacation I had the plane and the hotel to myself because the other travellers went 7000km out of their way just to avoid me.
The first LPE I remember is everyone and their dog being able to use the Administrator account as a daily driver. Of course, Microsoft called it a "Feature" and those of us in the trenches felt the pain from it directly or indirectly.
...the times I can't remember. I can't remember them because in the late 1990's through early 2000's after a client's system was hosed by LPE and we have reimaged and restored backups for the ten thousandth system that month we would celebrate the milestone by turning off our pagers and phone then going to the nearest place serving high test jet fuel and calling it "Happy Hour." I can't be sure what happened after that except to say that I usually made it home some how.
It's a bit cliche to say "The more things change..." but I do wish some things wouldn't stay the same.
...they expect it to "...hope to use it to see how it can monitor and contribute to spacemen's well being and group morale." then wouldn't it cheaper and more reliable to send up 5kg of condoms?
..."Ah, fork it!"
Maybe we can call the new branch Covfefe...
So then it would up to the host kernel and only the host kernel for VM's? I suppose that makes some sense. It's just a little surprising that they would have no other optimizations for such a common technology.
As for languages, I sometimes wonder how many CPU cycles Java is spends being Java instead of executing code ;-)
...and asking a bit of advice, I decided to share this.
First the two replies to the message on the OpenBSD mailing list:
This tells us who discovered it (Ben Gras of VUSec) and what they named it (TLBleed).
A Google search for VUSec and four mouse clicks leads to this:
After reading a bit I disabled hyperthreading from the BIOS on my systems. I think that until I know more the folks at OpenBSD are right and it's better to play it safe. I am writing this because I think that security by obscurity is no security at all.
Mostly true, maybe, but I am willing to bet that any mitigation will be multi-part: microcode, kernel and applications. Just like the rest of the Spectre work that has gone on. People will want to know if they have to patch an application that they depend on. Also, the way that code is optimized for SMT may have to change.
I could be wrong, but I don't think OpenBSD would make the change unless they have a damn good reason to. They are a very conservative distro known for tight security. If they are going so far as turning off SMT altogether then my money is on something big and complicated.
...of things we know are optimized for SMT. I'm willing to bet any hypervisor is. That means KVM, VirtualBox, Xen, and VMWare. I am almost positive that gcc would be on the list.
Please add a reply if you know for sure about anything that is optimized for SMT so people can be ready if needs be.
...just ain't what it used to be.
...the kind of thing I would like to see on El Reg. I even read it twice. Once like I normally do, and then once more with the ad blocker turned off. It's a good idea to interview the people behind the projects that drive the modern world. Their work and ideas are used by a billion people every day. Getting to hear what they think is a rare thing unless you can afford to fly all over the world to conventions and meetings.
Please Sir, I want some more.
Thanks, El Reg
Maybe Mr. Larabel over at phoronix.com would be willing to supply the benchmarks. If not the Phoronix Test Suite is a free download licensed under GPLv3 so you could roll your own comparison on your own hardware.
Sadly, Firefox depends on PulseAudio. I know that it can be compiled without support for it but I do not know if there another way to get sound in Firefox without PulseAudio.
...is it Update Season? I can never keep the two straight. If only we had two anthropomorphized cartoon animals here to set me straight.
Either way, it's kind of bitter sweet. We can new packages and lot's and lot's of new features. Then again, the uptime clock gets reset on the reboot.
Good job, Veteran Unix Admins! Keep up the good work!
You are right, I would love a button that enabled me to edit your posts.
America is Great Again! You can go home now!
Please forgive my extreme amplification of Bob's posting style. I was just trying to make a point, perhaps it didn't work.
As far as my views on windows go: I hate it with a passion. For over 25 years I have been a passionate user and supporter of FLOSS. However I try not to let my idealism get in the way of actually being able to do things and using the best tools for the job.
Sadly, sometimes that means I have to use things like Windows, Java, systemd based distros, gasoline engines, dish-washing detergent, and a whole legion of other first world problems. Happily, I get things done every now and then.
Anyway I gave you an up vote because I didn't think your comment was bad enough to deserve the down votes.
Why not use the tools that come with the silver badge next to your name? Things like bold, italics, and underlining can add just as much emphasis in the same places and make your posts easier to read at the same time. You have earned the privileges and no one will think less of you for using them.
On the other hand, by insisting on using caps to accomplish your goals you are coming across like a guy that thinks the volume of the message makes it a better argument. People will discount what you have to say because of it. Or worse, just ignore you.
IF only THAT were PRACTICAL. I would LOVE to DUMP windows FOR linux BUT there ARE some THINGS that ARE not POSSIBLE yet IN linux.
Bob, have you tried vacuuming out your keyboard? The constant toggling of caps lock is driving us nuts. Otherwise I'm going have to take up a collection to get you a new keyboard.
...Win10 Pro and above have natively supported being an NFS4 client. It just works, once you enable it. In fact, if your NFS server is exporting a volume formatted with ntfs-3g it works for storing backups. With the right export options you can even store a Win10 system image. Imagine it: Win10 accessing a mapped network drive like a *nix client and treating it like a native MS server share.
Now, I know there has to be a down side to it. I just don't know what it is yet. What I do know is that I don't need SMB on my network anymore. Thank RNGesus for that!
...but wouldn't it be better if they worked out a system that actually had some hope of restoring the trust of their user base and the governments of the world at large? In my opinion they will refuse to do anything meaningful as long they do not have a financial motivation to do so. They will just make lists of lists provided to them by actors that they are not going investigate in a substantial way as long as the money comes in. Action is needed in the form of regulation with agressive monetary penalties if things are really going to change.
And even with all of his imperfections and contradictions the best ideas that he put down on paper are still shaping our world today. Thanks to the combination of ideas from the Declaration of Independence and the Constitutional Congress Committee on Style we have:
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness."
"We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America."
Singularly either one is bigger than any one person and their flaws. Taken together we have a vehicle of government that gives us all a chance live in a better world than our parents and grandparents. That is if we can stop taking so many steps back on the road to a more perfect union.
Yes, Jefferson was fully a man of his times. Just as we all are. We cannot escape our biases but we can try to overcome them and hopefully inspire others to overcome their own. Just like we kept the best ideas of Thomas Jefferson's and Gouverneur Morris's generation we have, in the spirit of those very same ideas, been working to rid ourselves of their worst ideas. And hopefully our own bad ideas as well.
In closing, I would ask that next time you wish to imply how our aspirations to fulfill to the worthy ideals of our society are in vain because the authors of the ideas were all too human, don't.
...how many lawyers will find this verdict "appealing"?
The answer is...
...it depends on how much money can be spent arguing over what should be common sense.
If any public figure does not separate their private lives and actions from the public then they forfeit the right to act as a private individual. An open democracy is they only way to avoid the tyranny that drove Thomas Jefferson's pen on so many occasions. A lot of money that could be used to fight true injustice must now be spent to take this case to the Supreme Court. All because one man in a powerful position can't tell the difference between "It is right" and "I want it to be right."
Did they swear to spread the FUD, the whole FUD, and nothing but the FUD? It seems that way to me.
...Pie (or is it Pai?) in the sky of 5G in five to ten years, I'm willing to bet that the same forces at play in the current market will wall it off and make it a play ground for the $999/mo target market while the rest of munch on 10GB cake at 10Mbps.
...but it might set you down the path to finding an answer.
Well, think of it like this:
Every modern CPU that suffers from these vulnerabilities has literally billions of transistors. Your higher end CPUs (and GPUs) have more transistors per chip than there will be people on the Earth tomorrow or twenty years from now. It's amazing that we don't have more of these flaws to deal with and that they are not worse. Perhaps there will be more that come to light soon, or in the next decade. What matters is that we find the flaws and learn how to fix them. It's a case of not being able to make progress until we fail and learn from our mistakes.
...runs NoScript and is glad that they do?
...in the US. I live in the Chicago area and I my ISP doesn't support it. My cable modem has the ability built in to it's firmware and everything on my home network supports it but given that this is the USA we have bigger issues to worry about than breaking the internet. Don't worry though, we will get around to it someday soon. Breaking the internet that is, not implementing IPv6 on a national scale.
...down voting is supposed to stop people from posting illogical nonsense without thinking it through first?
...that Fox News is in the entertainment business. They can say what ever they want if they think someone will find it entertaining. They have no obligation to be honest or to have a social conscious. Ed Murrow spins in his grave at relativistic speeds every time they broadcast. Of course they are attacking video games. Video games are their competition.
*This post is for enlightenment purposes only. El Reg doesn't give a crap about my opinions and would ban me from Teh Interwebs for life if they read this. If I ran for Public Orifice I would be shot for too much of the truthiness. That bit about Ed Murrow spinning at relativistic speeds is most likely not true, but someone should check just in case.
I keep coming back to it. There are always new and shiny tools in the other distros. At times less frustration as well. I keep returning to Gentoo though. The main reason is control. Gentoo gives me a lot, just not always the way the I want it.
If it weren't for things like internal politics and package maintainers going AWOL, or the seasonal breaking of a package that my system depends on forcing me to change how I do things until next season, or the "I filed a bug report and someone wrote a patch to fix it so it'll only take 60 days to get it into Portage"...Well, if you have used it, you know what I mean.
Control though. That is a wonderful thing. Don't want CUPS on your system? Then edit /portage/make.conf and add USE="-cups". You need just one package to use CUPS? Then create /etc/portage/package.use/foobar.conf and add "foo/bar cups". I do love me some control.
...but I don't think they will ever disappear entirely. There are too many good Ideas that haven't been coded yet and not enough people having them in the bigger distros. They are weighed down by they momentum and their corporate cash cows. Evolution is not kind however, and I think money is needed for any project to stay alive until it reaches a critical mass.
Speaking of evolution, I have been been wondering lately what "The Next Linux" will look like. Will it be a fork of a major distro with a few jaw dropping changes? Will it be a small distro with right ideas and the right timing? Will it be another open source *nix that most users and developers have been ignoring in favor of Linux? I think it may be the latter but it could be a mix of all three. A Franken-Distro that gets it rights could change the world.
...In Randall P. Monroe stands for Prophet:
...where you say one world over and over and over and over again until it becomes meaningless to brain and it is reduced to nothing more than a series of sounds awaiting a new definition?
This is beautiful and brilliant. The Schrödinger Equation can be used to describe the evolution of gravitational system on a very, very large scale.
I just wanted to add that any unused account on your system should be expired so that no one and nothing can use it to log in to your computer. In linux and MacOS account expiration is controlled by /etc/shadow. Try man shadow. If you are running linux also read the man page for usermod. On MacOS, I am told that usermod doesn't exist and you need to use a tool called dscl instead.
One can only hope that part of the fix Apple has put into place was expiring the root account. If not you can do it manually and maybe avoid the next episode of "open mouth, insert root" from Apple.
"Ubuntu & derivatives. No password but root logins disabled. You're supposed to use sudo and re-enter your own password so if you're in sudoers and someone gets your password they've got root. Wonderful. I don't often use Ubuntu these days."
Is it that it has no password or that the password hash is set to an invalid value? It could be the former but I thought it was the latter.
Why not just edit /etc/shadow and expire the root account from there? Sudo will still work and no system processes will fall over, but nobody and nothing will be able to log in as root until the the expiration field is reset in /etc/shadow.
...write a witty comment here but they already know what I was going to say.
OK, so the details of the attack have been released. It turns out they ARE attacking one part of the connection: The handshake. Will we ever see wifi networks with fool proof encryption?
Well, based on the votes my other posts received that would be a waste of time because fools are still self evident. So go on and down vote this post too. You know you want to. It's natural. It's what I deserve for predicting the outcome based on what I read about their previous work. Yes, I admit it: I used my brain before posting. So go ahead, create a second account so you can down vote twice.
Encrypt everything. That is very sound advice for the most part. For wifi: how about encrypting the encryption handshake? But then we would need to encrypt the handshake of the handshake for the encryption handshake. And then the...
You see where this is going.
I say let's go with more than one form of security. Something like ssh RSA keys and 2FA for wifi anyone? I would like that...I think.
As long as the download is secured with https or VPN that data should still be encrypted. Breaking that kind encryption on the fly should still be non-trivial. So I think in this case the best you could do is spy after the fact with captured data, not inject "corrected" packets. I am far more worried about Windows leaking weakly hashed passwords to an attacker that has broken into a wifi network.
Biting the hand that feeds IT © 1998–2018