re: Hmm
... at least you can understand why I think 11 feet is too big for a pocket computer...
And I just discovered that my right shift key is broken. Time for a new keboard.
2711 publicly visible posts • joined 22 Jun 2009
My Ben Nanonote never leaves my pocket, very portable but the keys lack travel for comfy typing (does fine for a quick note or an on-the-go Quake or Nethack game though). Whenever I carry a bag, I tuck my 9' EEEPC 900 in. The keyboard is just about decent and the display large enough for most on-the-go tasks. I've been trying to replace that with a more current machine but everything is 11' these days, and that's much too big.
Ideally I'd like a cheap, light 7' clamshell machine, passive cooling (no need for a powerhouse anyway, a 800MHz ARM should do just fine), a SSD (16GB would be more than enough), some RAM (1GB would be plenty), SD (2) and USB (3?) slots, and a physically switchable wireless adaptor (no need for n either, b/g will do).
Any of you spotted such a thing?
It could be argued that by leaking the names in the open, it gives the "victims" (and the institutions/companies) a chance to mitigate the consequences. As opposed to what would happen should a black hat get the same info using the same methods.
Hence, it could be argued that "spilling their personal details all over the web" is actually doing them a favor.
(that, of course, relies on the assumption that just notifying the institution of the vuln would not lead to a improvement in security; not a big assumption to make, and one that is backed by ample experience in the past decade).
Devil's advocate icon, obviously.
For security purpose, a computer connected to the internet is a computer that can communicate with a computer connected to the internet (yes, that's a bit of a recursive definition, I know). Even if it is not supposed to be able to talkTCP/IP to the outside world.
The only safe zone there is is an ivory tower. No datalink whatsoever. And then strong physical security.
It was only an example from the top of my head, but I'll play along.
> Are you changing from email/mutt to xsession?
No
> Who would copy a script to my xsession?
To your xsession file. To which you have write access even in console mode. And any program you run has, too, presumably. All it takes is a vuln in a "3rd party" piece of soft allowing to add a line to a text file you have write access to. (of course most distros don't create a ~/.xsession file anymore by default, but I'm quite sure it would be used if it was to be created...).
> While I am at lunch and Mr./Miss. hacker boots my lappy into the run level 1 (ro single)?
No
> We are not talking about this possibility.
indeed
> As it follows from most of compromised systems (including Debian) ssh policy is the weakest link, (not the technology). This again is a different subject.
The weakest link is actually fancy format with accumulation of bolted-on "functionnalities" over the years (yes, pdf, I'm looking at you).
> f you have a link to point to any REAL existing cases ( or thousands of cases) when that had happened, I will agree with you. Remember the 50mln machines infected by ILOVEYOU ?
Real-life example of pwned GNU/Linux boxen? There are plenty. However, you are right, fragmentation of the platform, small luserbase and less idiotic default configs mean that it is harder to bulk-compromise millions of machines with the same snippet of code. Targetted attacks against a particular machine or group of machines are still very feasible, and yes, it could be done via a malicious file sent by email. (note that Windows' security dramatically increased since the days of ILOVEYOU. Still not perfect, but it's now swiss cheese instead of cottage cheese!)
> Note, that I am not asserting that Linux/BSD are so secure, one has to pay zero care to the security.
We do agree then.
> Up-to-date system, strong passwords (no reuses) and so on. However, emailophobia is a paranoia. This is one of many reasons why Windows sucks.
With a bit of knowledge about one's machine, it is perfectly possible to compromise a Debian machine by tricking a user into opening a malicious email attachment. Maybe not as big athreat as for windows users, but still present.
>As far as the spooky thing ito "open dubious" emails is concerned
Open dubious email _attachments_. Mutt doesn not open them by itself, but the smug Mutt user, falsely confident in his system's immunity, on the other hand...
>windbloats systems are known to open/autorun attachments without prior user's permission.
I think you're referring to the old default behaviour of Outlook; I don't use the bloody thing but I think even it was eventually fixed.
>Of course I can stumble upon this attachment :
All it takes is to put a line in your xsession -or something- and copy a small script wherever to open a backdoor and/or launch a keylogger everytime you log in. And then there _are_ ways to escalate priviledges...
>Yes, Mac OS X is much more secure than Windows
Not.
>it's security is weaker than that of free *BSD's or GNU/Linux.
I do think so myself, although, contrarily to what you write, it doesn't mean that GNU/linux systems are intrinsiquely immune, especially not to targetted attacks.
>You runnung how many Debians???
I runnung 3 (this one, which never gets to rest; my main home workstation and my main laptop, both used dayly but switched off at night. Then there are a few old boxen but they rarely get switched on so I don't count them). That's almost half my personnal machines, hence the "most".
> And if I do what would happen? ( in my Debian GNU/Linux while using the mutt email client)?
If you stumble upon the wrong attachment, you'll have your machine pwnd, smartass. See, that's exactly that "arrogant yet ignorant knobface" attitude that makes Mac users a ripe target for black hats right now. It could happen to you, too.
(Disclaimer: I do run Debian on most of my personal machines. Not a fan of Mutt though)
"(note; there are still no know viruses for the Mac in the wild)"
That could be discussed, but what the hell does it have to do with the present case?
"There is no information on how it's contracted"
Let me guess, by installing it on your machine? D'oh.
"Tell us how to avoid it"
Where have you been for the past 20 years? Don't open dubious mail attachments, don't install "plugins" from porn sites, avoid these "season greetings e-card" things, etc... Sheesh.
what about the reddish dessicating radiations? The ones that will slowly turn most of us into flesh-craving zombies?*
http://www.imdb.com/title/tt0087799/
We're all doomed! DOOMED!
*and will turn the remainder of us into sauerkraut-haired, orange-and-green-spandex-clad pop-loving trigger-happy tarts.
Not so. If you read the ruling, they have to block every access to newzbin[2] _when notified by the studios_.
So now it's a matter of who's fastest: newzbin in changing URLs and IPs, or the studios in finding the new ones. My money's on the former, which makes it a dubious victory for the studios. Of course it won't block newzbin2, it will at most mildly inconvenience them, at a great cost for the studios. What it does, however, is set a precedent: you can now block network ressources at the ISP level for copyright reasons. That, I am sure, has Big Music all wet and sploochy.
Yes it is.
written material depicting the sexual abuse of children is illegal in many, many countries. Not to mention that if some of the text included the description of the intention to commit child abuse, not reporting it immediately to the authorities would make them accomplices (or whatever the legal term is).
Images or not images, if they are found in possession of this material they are indeed in the brown'n smelly. Better scrub that hard drive real good kids!
Usenet is a message service. Facebook's wall is a message service. Webforums are message services. etc...
All these message services let you amend or suppress your own messages to your heart's content (even if it's frowned upon sometimes).
As for email, corporate systems let you do that, too.
"... the way every message service ever invented works" is indeed a dirty lie.
In the case of FB, they control the whole process (from the writing to the reading) so recalling sent messages would be a doodle from a technical point of view. Of course allowing a message to be recalled after it's been read poses other problems (such as, messing with the recipient's head) but it's very easy, it's been done before, and the possibility is built in a lot if not most computer-based message services. Not allowing it on FB is Facebook's own political decision, surely with valid reasons; just stop pretending it's a technical requirement inherent to delivering messages.
dropping the + for ""? Great idea. It's not like the "" was already used for something else, such as, erm, searching for a verbatim expression. And it's not like the change doubles the number of keystrokes. Or is very unintuitive. Or all of the above.
On second thought it won't matter terribly much, as carefully-crafted search strings are completely useless these days. No matter what you type, Google returns what some clever algorithm has decided you were looking for, as opposed to what you actually asked for. Certainly useful for 99% of the world 99% of the time, but quite annoying when you actually do know what you are doing.
"is the first study to address the issue of data selection bias, by using nearly all of the available data"
Other than that quite hillarious bit, what was the point of this "meta-study" again? They took the same data as already used by other studies, applied the same analysis methods, and reached the same conclusion. Huzzah. At least they do their part to save Gaya; they should make it clear, it's a major sale argument these days: "made at 100% from post-consumer recycled material".
>Many sharks survive just fine at huge depths where there is insufficient light for any vision, let alone depth of view.
Very few sharks feed in these very deep waters. Besides, those which do are very rarely captured by fishers as this one was. I'd bet three pant buttons and a limp mars bar that this beastie would indeed have needed its eyes.
But I do agree about their other senses being very developped (you mentioned the Lorenzini ampullae, but their pressure and chemical sensors are usually very impressive too). Vision is still usually considered their main "hunting sense" in the 100m - 1m range (obviously not true for the filtrating sharks).
(http://www.shark.ch/Information/Senses/index.html has a very generic, watered-down overview of sharks' sensory organs)
If no judge is involved to define the scope of the tracking, how do you make the difference between
"We thought the robber might be this guy but he was actually 2 miles away from there"
and
"This guy was not the robber after all: he was 2 miles away from there, at or close to the location of Inspector Callahan's house where Ms Callahan was alone at the time. Later that day the innocented suspect inavertently stepped over the safety rail and fell down the highway bridge, in front of a wood log truck. Ms Callahan now sports a black eye, two broken teeth and belt buckle marks on her back but it's completely unrelated."
... but I wonder how hard you'd have to pedal to keep an old DEC Alpha up and running?
In any case, if they are really short on power a macbook is probably not the best choice. To keep the laptop form-factor they could use low-end netbooks and save more than half the power. If leccy is really an issue you can go barebones* and put together a good system, complete with a decent webserver, user accounts to check e-mail, browse the web and do some basic video editing etc, with about the same power needs as an average smartphone. Of course you'd have to give up all these fancy graphics...
*REALLY barebones, not «Our main machine is a MacBook» "barebones".
>Pick your poison; let others pick theirs. That's the only freedom you have
I don't completely disagree with the fist sentence. However, one neat thing with the GPL is that you are sure that you can assess what exactly the "poison" is and does. It ensures that you will always be able to modify the formula to suit your current poison needs, too. Reinventing the wheel over and over is a waste of time, and that's what happens with closed-source software*. The GPL might not be good if your aim is to take over the world, but it does wonders for the propagation of ideas, the general quality of code, and The Progress. 20 years ago you could have argued that open-source is not a sustainable model, it leads to developper starvation, scorbut, the plague, cancer (hey that last one was actually used! Yay!). But these days, it's getting harder: I don't think Red Hat employees are in in danger of starving. Google heard of that "scorbut" thing so they provide the employees with free fresh fruit. In case, you know, they get hungry between the free meals.
More locally, I'm pretty sure that on your dayly commute you meet several "ties" who actually work for small open-source-based companies. Some might drive a BMW, too. The pigs.
*that's assuming said wheel is not covered by an over-reaching, generic patent covering hypothetical use of a reasoning process to begin with, all in the name of protecting the programmers even though they see only a negligible fraction of the money their work generate, much less than what the shareholders get, but let's not talk software patents, my cardiologist expressly forbade it,"CC0066 is not a valid skin complexion" he said, I say bollocks, and ain't that sentence a bit too long to be easily understandable?
Yes it is. Hence, I am right.
--
from faces.elreg import grin as grin
grin( )
I'm sorry, but some things need to be said, dead iconic leader* or not. Letting Java in the sole hands of Sun was bad, and the likes of you dissed Stallman for saying so at the time. Look at what's happening now.
Someone has to stand up for free software. If it wasn't for the like of Stallman, OSS wouldn't exist anymore, which means that, among other things, the web would be a collection of side-by-side closed networks unable to talk to each other. Heck, the very Internet wouldn't exist anymore to begin with.
Your router would only accept the machines running the OS from the same vendor (winmodem anyone?) etc...
He might sound like a prick sometimes, but he is (one of) the reason(s) why the home users still have some degree of freedom/choice when it comes to them computahz.
* I was in Bethesda, MD, USA this week-end. There was an altar, complete with ex-votos and piles of flowers, in front of the Apple Store. I kid you not.
I don't think Ellison plans on stopping with HP. He won't stop before Oracle is the only IT company on the planet. Then he will beat up Chuck Norris and proclam himself sun-god of the universe. Or something.
I wonder how much it costs to build one of these pyramid things nowadays...
If you re-read the post you are answering to, you'll notice that I was talking reputation. What having built nearly half of the Top500 machines tells the world is that you are able to build Big Iron at a price people are willing to pay. And that you can support your customers. What I was saying is that it takes more than building one single benchmark machine to overcome the reputation gap. People look at more than just speed when they spend that kind of money on a system. "Will it perform as advertised, and is it still going to be supported in 6 month?" are also big questions; with IBM you can answer "almost certainly" to both, with Oracle the answers are more "it might if you're lucky".
Well, if you want to go that way, there are a grand 2 SPARCs in the Top500... 45 Powers. And I bet all 45 Powers are IBM's, while none of the SPARCs are Oracle's.
"We didnt build it but we use a similar architecture for our processors" does not sound like terribly good PR.
Of course the proportions might change, Oracle are pretty new in that game; all I am saying is that it will take more than building one benchmark system faster at crunching integers to leave nothing to IBM. And behaving like total dickwads and liars, always ready to stab their partners and customers in the back, is not going to help PR.
"We think [...] run a lot of Java."
Yes they do, but
-for how long? Ellison is doing a fine job at driving people away from Java. Red Hat and Google are not to be taken lightly these days...
-they are also running a LOT of COBOL (probably much more than Java, in terms of lines of code).
"and then there will be nothing left"
There will be the reputation for reliability and dependability. What Oracle has now is the reputation to shaft their customers and business partners at the first opportunity.
Also, IBM "has" currently 212 systems in the top500 (yes, really), Oracle "has" 12.
That's hardly "nothing left" when it comes to making a purchase decision, even if Oracle did in fact manage to build a benchmark system able to blast IBM in integer arithmetics.
> I thoght that Google Groups and all things 2.0 killed Usenet.
As you must know, Surely, Google Groups (as well as Yahoo!Groups etc) do act as a www<->nntp gateway. Hence they maintain NNTP servers, Shurley?
Sureley that is more "use Usenet" than "killed Usenet"?*
> Still, I oppose anything that gives BREIN the oxygen of oxygen
Shurely that grants you a +1?
* God, I'd miss Usa Nette if she ever could die.
--
Never call me Jim again; Shirley, you won't.
> What has killed Usenet long ago for real users is
> 1) The Binaries. Few ISPs will run a NTTP server anymore
Wrong. First, Usenet never died. Where did you get that strange idea from? With the decrease in bandwidth costs and hardware costs, more and more individuals and small not-for-profit groups run their own NNTP server. Then, binaries never hurt Usenet. People who don't have the storage or the bandwidth just don't carry binary groups. The reason why ISPs don't run NNTP servers anymore is because 99.9% of their clients don't care and the ones who do care have other feeds anyway (because ISPs-run NNTP servers were ALL rubbish to begin with). Given the low profit margin in the intertube biz, ISPs cut costs by stopping their half-arsed attempts at Usenet.
> 2) Spam
> Some of us used to use it for real messages. It was 300bps Packet Radio friendly too...
I guess some of you need to learn how to use filters, killfiles etc. Spam is not a problem on Usenet if you properly manage your feeds. Email spam consumes orders of magnitude more bandwidth than Usenet spam, and is much harder to tackle because SMTP networks are a mess compared to the relatively well-organized NNTP network. If spam was deadly, email would die, but Usenet would survive.
> I guess the freetards will get IRC killed next.
You cannot kill IRC without killing the Internet altogether. Unlike Usenet, which is asynchronous and thus relies on NNTP servers' retention time, IRC work in real time; anyone with an internet connection can set an IRC server and happily yack away at whoever wants to listen. You can take down an IRC server, even imprison its operator, all it takes some redirection trickery and someone else with some spare bandwidth and the "users" will hardly notice that anything happened at all.
Of course, being a Reg commentard, you probably knew all that already.
> Usenet effectively died years ago
I beg to differ. I use the good old thing dayly, for work and fun alike (I don't peruse binary groups though).
> However, NSE is talking out of its arse: all it has to do is ban all attachments. Job done.
However, you are talking out of your arse. The concept of attachment doesn't exist on Usenet. All binary content is "encrypted" as text, transmitted as text, and "decrypted" from text at the other end.
The rest of your post is just garbage, so <snip>.
> "Newsgroups: .*alt\.binaries" and not pass those
You won't block all infringing binaries that way. So you'd still have to pay 50000 a day.
Plus you'd filter out a lot of non-infringing content.
And that's even before people start creating binary groups that don't have "binaries" in the name.
Not to mention that raw human-readable text can fall foul of copyright laws, too. So yes, text HAS to go I'm afraid.
> there's little reason to hide the source of files that are perfectly legal to distribute.
What exactly do you mean by that?
ISPs should be subject to the same rule. ANY packet that contains "pirated" bits should be filtered out by the ISP. Just for consistency. And yes, that includes the tune playing in the background while you chat on Skype.
That way we can all enjoy a nice, clean world with no Usenet or Internet whatsoever.
The French were right, Minitel is the way of the future!
Seriously, the amount of sheer stupidity and complete tech illiteracy in "anti-piracy" groups and "anti-piracy" tribunals is staggering. That's supposed to be their -very well-paid- jobs, you'd think they'd at least pretend to have as much knowledge of it as the average 10 years old kid.
Technically there is no difference between a "binary" message and a text one.
Binaries are customarily kept to groups that have "binaries" somewhere in their name, but it's really only a custom to avoid flooding the text groups with garbage ASCII.
It is therefore virtually impossible to filter out binaries. Stop carrying popular binary groups? Other, less conspicuous ones will be created.
Not to mention that posting lyrics and guitar chords would still be infringement. And those would probably go in non-binary groups. At 50 000 a pop, better not carry any group at all...
Although it's hardly new, that's the first thing they teach in "Management 101" (or so I'm told).
For the image-craving anon there are these:
http://news.bbcimg.co.uk/media/images/55735000/jpg/_55735388_55735387.jpg
http://news.bbcimg.co.uk/media/images/55679000/jpg/_55679824_55679823.jpg
That whole .xxx thing is a racket, we already knew that; it is very likely to be completely ignored by the "legitimate" adult industry (if they are not banned from normal TLDs). I bet it will be populated almost exclusively by scam sites and paid-for blocks by companies who don't want to see websites such as oracle.xxx where you could see Ellison gang-banged by the whole of Autonomy's PR department.
No, what is more worrying, even downright scary, is that someone felt the need to explain what RTFM means. On El Reg. The end is nigh!
Apocalyptic icon /de rigueur/