I suspect the Linux kernel has the same approach: compile, test, debug as needed. Have you read the release notes for each kernel update? Often there are comments about fixing this on ARM, or that, or reverting some change because problems were found, etc.
Posts by Paul Crawford
5667 publicly visible posts • joined 15 Mar 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- Next →
Suse preps for ARM-ageddon: Piles up cans of 64-bit Linux code to feed server world
Large Hadron SMASHER: Boffins BLOW OPEN the PENTAQUARK's secrets
Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it
Re: Open BIOS now needed
You seem to mistake gov & TLAs for simple monolithic organisations with a singular goal. In reality they are complex, contradictory and often plain incompetent.
Some of the gov want back-doors and weaknesses in other people's systems, but most certainly do not want it in their own systems. But outside of the likes of NSA/GCHQ for secret-and-above projects, they all buy off the shelf computers and such p0wnage leaves them as vulnerable to other nations (and criminals) as we are.
Sadly most consumers don't understand and don't care, so they will apply no pressure on Dell, HP, Asus, Gigabit, etc, to offer us coreboot-compatible hardware (or the necessary documentation). My budget is for a couple of machines a year - will they listen?
So maybe having such UEFI malware from this hack out in the field is actually good in the long term as we, and major security vendors, can start asking pointed questions to suppliers about how to secure the BIOS, and how to put in our own more secure versions.
Open BIOS now needed
It is high time that a few big players, such as Gov/Police/etc insisted on a supply of PCs & laptops with an open and documented BIOS system, so that any bugs can be fixed (not saying they will be, mind) and tools developed to allow the safe wipe and re-installation of any potentially compromised BIOS.
One can dream :(
Linux Foundation serves up a tasty dish of BUGS
Re: Help.......
It depends on who you are. Given that 99% or so of malware by simple number is Windows-specific, the odds are pretty low for a drive-by infection. More so if cross-platform stuff like Java and Flash are disabled.
However, if you are part of an organisation that is worth targeting then all bets are off. Most recent surveys have shown the Linux kernel and Windows kernels have similar magnitudes of vulnerabilities, so if someone wants to find a privileged escalation bug for ether then a decent hacker will. Even so, most attacks are started on other programs (web browsers, word processors, PDF readers, etc) which tend to be far buggier than kernels.
Take some time to read GCHQ's advice on securing Ubuntu 14.04 for example, as that looks in to various aspects of security-by-configuration that are not always obvious. The list of guidance can be found here:
https://www.gov.uk/government/collections/end-user-devices-security-guidance
While that is for UK Gov use and so has some assumptions that might not be relevant, most still apply and you should be considering a VPN as well if you travel a lot and have a properly fitted tinfoil hat.
Yes! Windows Phone lives: Microsoft to pump the device Kool-Aid
Police investigate strange case of doughnut-licking pop singer Ariana Grande
Java jockeys join Flash fans in the 0-day exploit club
WHAT ARE the 'WEIRD' SPOTS seen on far-flung PLUTO?
That is a lofty goal, but I think the problem of slowing a probe down to get into orbit around a (relatively) light system is going to be a show-stopper in terms of fuel demands (as you have to get the probe+fuel up there and fast enough in the first place).
An atomic powered ion-engine craft might be possible...
Surviving Hurricane Katrina: A sysadmin's epic DR (as in Didn't Realise) odyssey
Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals
China's STILL holding up the full WD-HGST integration. Why?
Wow, another NSA leak: Network security code appears on GitHub
Black and Latina boffins regularly mistaken for janitors, study finds
On a more serious note, in engineering in particular there is a shortage of women entering the subject to study (e.g. compared to biochemistry, etc), no doubt due to various factors, but that in turn has an impact on the gender bias of typical engineering companies and university staff (who tend to reflect the entry stats some 5-20 years previously).
Tackling the issues around that at school age would be a good start.
Or just giving us engineers all much more pay, THEN we would have more uptake :(
Pluto probe brain OVERLOAD: Titsup New Horizons explained
Better with a watchdog though
Even though it caused an upsetting event here by being a touch too sensitive, it is still much better than Clementine's computer that lacked a watchdog and paid for that blunder in a serious loss of science after it got into trouble and wasted its fuel:
http://www.ganssle.com/watchdogs.htm
A nice beer for the folks looking after the probe
Hacking Team hacked: Spyware source code torrent blurts govt customers
Indeed. Once we step beyond the ethics of what this company does (did?) and those who exposed the data, it will be interesting to see some proper analysis of the techniques used and if they relied on zero-day bugs, or Trojan installs, or maybe even state-instigated installation by suppliers/ISPs, etc.
US Feds investigating Prenda Law, say Pirate Bay co-founders
Don't forget ACS:Law
Best not to forget what happened in the UK. This article covers the background and is essential first reading.
http://arstechnica.com/tech-policy/news/2010/09/amounts-to-blackmail-inside-a-p2p-settlement-letter-factory.ars
Then enjoy this:
http://torrentfreak.com/acslaws-anti-piracy-downfall-sends-hitler-crazy-101004/
Export control laws force student to censor infosec research
North America down to its last ~130,000 IPv4 addresses
UK TV is getting worse as younglings shun the BBC et al, says Ofcom
The CBBC lot has produced some genuinely good programs in recent years, "Horrible Histories" and "Young Dracula" stand out just off the top of my head.
But all else on cable and broadcast has gotten shittier as more adverts are stuffed in, and more channels means less spent per channel on anything worthwhile.
Mastercard facial recog-ware will unlock your money using SELFIES
Ford recalls 433,000 cars: Software bug breaks engine off-switch
Re: If American cars suck, how about this one?
That report about Toyota's software is truly shocking - so many mistakes that are in the "just out of Uni and never worked on something serious" level and a corporate arrogance (or ignorance) that the system fails on so many of the safety guidelines in the automotive industry's own MISRA standards.
German army fights underground Nazi war machine hidden in Kiel pensioner's cellar
Congratulations! You survived the leap secondocalypse
Re: vendor pools
I think the goal of NTP's guidelines is to stop a major supplier hard-coding "generic" pool servers in to their product, as correcting any problems later is a major problem.
So what they are asking is vendors create their own pool (maybe providing their own servers as well, but I don't know if they have to, as they could be aliases of other pool servers) so the hard-coded server addresses are unique to their product(s). That way any problems it can be throttled or blocked, etc, without impacting on anyone else.
As for software projects defaulting to the generic "pool" of NTP servers, I kind of feel they should not - that anyone choosing to install such software should be made to configure it. Of course, when such software is part of an OS or application, you are back to the vendor issue again and it should be pre-configured with the vendor's pool of server names.
Incidentally, in this day and age why are ISPs not providing NTP servers and offering the address via DHCP?
Re: Alternatives
I prefer my own suggestion - make the insertion and removal of a leap second very frequent, say once per week, but arranged so they correct on average for the amount we need.
That way software developers will be forced to test their own damn code and the problems will be found and fixed.
Re: All is not well, though
Interesting. But more disturbing is Lennart Poettering's attitude to all of this.
For a start, WTF is systemd doing controlling the time when ntpd has done so well over the years?
Secondly, his attitude is one of outstanding arrogance that (a) they are defaulting to Google's time servers that are not offered or guaranteed to work in the future, and not abiding by official NTP/UTC time keeping, and (b) he seems not to care that such defaults put in to systemd will most likely got used by others. If your defaults are not world-wide sane, DON'T PUT THEM IN AT ALL!
The Great Windows Server 2003 migration: Where do we go from here?
Re: A very narrow, shallow and poor case for Windows retention
If you follow El Reg and have read other articles by Trevor Pott you would know he simply speaks his mind on what has worked for his business and that may, or may not, be a MS-based solution. He is certainly not a "pathetic shill" as you suggest.
Re: For Dog's sake shut up about w2k3 eol.
You may not care about w2k3, and certainly I don't care as I have not responsibility for w2k3 machines, but there is a lot of businesses out there that are about to get their backside's bitten.
Most of it is down to a lack of forward planning, and some of it is down to changes MS have made. You know, like no new 32-bit server machines supporting 16-bit code, or updated security practices that bork badly written older software (like some of MS' own code from around 2000...)
They have to do something: whether it is crossed fingers and more care in firewalls, or migrating some off the physical w2k3 machine and leaving the troublesome code on a VM, or even totally re-thinking what they do and why. So while it may be tedious to hear repeatedly, it is also with a good reason.
VPNs are so insecure you might as well wear a KICK ME sign
Get READY: Scientists set to make TIME STAND STILL tonight
Re: GPS...
Of course they do - they don't have problems with this by design.
Its only the ground based software that is implemented by folk who (a) don't know what they are doing, and (b) don't test things that cause problems.
Fsck'em - why not have leap seconds +/- every week and occasionally do two in the same direction on consecutive events? That way stuff will be tested and fixed because the code monkeys can't argue "oh it only happens one per 2 years or so".
Killer ChAraCter HOSES almost all versions of Reader, Windows
Pirate captain blasts Google for its 'mystery' Chrome blob
Re: "... Chromium, the open source sister of Chrome ..."
Chromium is the open-source part of the web browser project, and Chrome is Google's version with additional propitiatory stuff built-in (flash, other spyware).
That is what has kicked off the storm, that Google had modified the open source part to download a close-source (and pretty creepy) feature for voice recognition.
So what are you doing about your legacy MS 16-bit applications?
Re: @Ken Hagan
AFIK it has nothing to do with the license, but that MS never attempted to port the ntvdm to 64-bit.
Most likely for the same reason that 64-bit dosemu is different to 32-bit and that is down to the 64-bit mode of the CPU not having the VM86 instruction to make life easier.
However, as you say a VM will do for your remaining 32-bit Windows (provided you don't have hardware dependency).
Re: DOSBox
Yes, DOSbox is also worth a turn but we had hardware I/O demands so it had to be dosemu.
dosemu also ships with a copy of freedos, though you can also use MS-DOS as well. You can configure the time keeping part to either follow the host time (so you get NTP accuracy, subject to the ~55ms tick of DOS time-keeping) or have it decoupled from the host which is handy for testing applications with other dates & times.
I tried it beyond the 2038 point and on 64-bit it is fine. Puts off the date problems for long enough for most readers to be commentarding on St. Peter's book...
If you are unlucky enough to have 16-bit + 32-bit + specific hardware/driver + IE dependency then I really do pity you :(
However, if you have 16-bit DOS style stuff then you might also want to try dosemu for Linux. Beware it also has some oddities in terms of 32-bit versus 64-bit versions, but it might be an easier choice. Also if you depend on special hardware that assumes direct DOS-style access to special hardware (as we do) then this option might be away of avoiding having real DOS or Win95/98 machines any more since dosemu can be run with sudo (root) access and configured to permit specific hardware I/O in dosemu.conf
If all else fails, then identify what is not going to work on 64-bit systems and keep that on a dedicated machine/VM and really go out of your way to protect it from the big bad world by putting it on a separate VLAN, etc, and firewalling it to the hilt. Even if it has to print to a network printer, try to block the printer connection as much as possible as they are often never patched and probably contain vulnerable web servers for configuring them, etc.
Oi, UK.gov, your Verify system looks like a MASS SPY NETWORK
Why is it that women are consistently paid less than men?
'No evidence' Snowden was working for foreign power says ex-NSA boss
Cisco to pour BEELIONS into China
Banking trojan besieges Bundestag … for the second time
Really I have to hand it to the German BOFH when the declared that a complete rebuild is the only (the final?) solution.
Think about it: you get to replace old routers and start with safe/sane settings for the firewalls, etc. You also dump all of the out of support 2k3 servers and XP machines, and give everyone a new desktop.
Personally I would go Linux with a Windows VM for special stuff, partly to reduce the COTS malware risks but also as a lot of that won't run in a VM to avoid analysis, but looking at a more realistic scenario you get to deploy new desktops with known configurations and can have the ACLs set so no user program can 'execute', only those the BOFH has installed in the correct locations.
Along with that you deploy only known, patched, and properly configured applications. Sure, you have to re-import user data, but that can all be scanned first and maybe even make users ask for what they actually *need* to have, further reducing the risk of p0wned stuff.
We salute you!
Chrome, Debian Linux, and the secret binary blob download riddle
Why are there so many Windows Server 2003 stragglers?
Re: Lack of 32-bit Server platform
The real problem is if you have 16-bit Win95/DOS era software as that won't run on 64-bit Windows. OK you may also have driver problems as well for older hardware under 64-bit (remember how crappy 64-bit XP support was?). Sometimes it will run on Linux emulators (Wine, or dosemu, etc) but that is a significant gamble.
Now you might be saying "Who runs 16-bit any more?" without realising there is a lot of small speciality software from that era that works, and changing the software to a newer version is a major PITA for various reasons:
1) New software license costs
2) Maybe no longer compatible with old, special, and very expensive hardware
3) Different file formats so you cant read/write previous data
4) Different work-flow so you have to re-jig lots of scripts and re-train users.
5) All of the above often gets you nothing more than "supported OS" status as it will do exactly the same job as the old one (maybe better, maybe more buggy).
So while using old servers for general stuff is barely excusable, there are some VERY GOOD reasons why it won't happen for many. But as other commentards have pointed out, you should be working on the assumption that ALL systems can be p0wnd (old & new, Windows & Linux) and planning how you detect that and restore to a clean state when it happens, not IF it happens.
Testing Windows 10 on Surface 3: Perfect combo or buggy embuggerance?
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- Next →