732 posts • joined 30 Jan 2010
Re: And I thought that I would never see a bit of bash scripting on a mainstream site
But really, if this "allows remote code execution" is only applicable if you have open web services that spawn bash to serve remote requests, most desktop systems are unaffected
Oh boy no! This is what the fuss is about. Bash is used in *lots* of places in a *nix system and is exploitable in numerous ways because of it. There's a proof of concept here for attacking clients via DHCP.
Re: Lot of ignorance from the IBM crowd here
trying to trash talk and spread negative rumours of the SPARC M7 cpu. For instance, say that the M7 memory protection new functionality is nothing more than an ordinary MMU. Well, if you read the released information, instead of speculate, you would see why it is not an ordinary MMU:
The second link has no mention of memory protection that I can see. It just talks about the hardware decompression.
The first link has this to say:
On the Java front, the Sparc M7 has new memory protection features and virtual address masking that will make Java garbage collection easier and more deterministic, according to Fowler. [snip]
The S4 core, for instance, has special instructions to ensure application data integrity, which is done in real-time and which safeguards against invalid or stale memory references and buffer overruns for both Solaris running C and C++ applications and the Oracle database.
Which says bugger all more than the El Reg article.
I'm not trying to bash (pardon the topical pun) Oracle or you, MadMike. I'm genuinely interested in what Oracle (claim to) have done to improve security.
the licence fee is only 150 BEELION dollars
Or one new yacht for poor, hard up Larry...
Larry appears to have made a song 'n' dance about memory protection being baked into the silicon.
But hasn't memory protection been around for years in CPUs with MMUs? What's different between the features a standard MMU has and Larry's new toy?
Isn't the output totally predictable, if you know the hash function and the input data
You'd hope so, otherwise the output would be random, and comparing two hashes to see if their input was the same is pointless.
Re: Do they not have the capacity or capability...
I believe the cloud providers give you resilience by having servers spread across regions & data centres - which are supposed to be isolated from one another in every way possible.
I'd have thought Dihydrogen Monoxide would sound even scarier.
When are they going to fix the killing of battery life they introduced with iOS 8.0?
...as to who to side with on this one. I want to hate them both.
Re: Very interesting
Or at least a way for us to tell if our SSDs have supercapacitors onboard.
Re: Will the German government be sensible?
@Ross & @Steve Todd
The EULA CANNOT remove rights and legal obligations under criminal law
In the UK, a contract cannot override any law. But I believe in America this isn't the case. A quick google shows this page www.law.cornell.edu/wex/contract
"[The contract] may override many of the rules otherwise established by state law."
Re: why use a proprietary one when the are free open standards available
Er, but isn't FLAC free and open source? Or have I missed something?
Repeat after me:
"Never trust input"
It's a sad state of affairs when a company quickly fixing a security hole (and thanking the person who discovered it) makes the headlines.
Re: Not a fan of Ellison.
I would take it a step further, and say any kind of leader (not just CEO) needs to have passion and vision for what they're doing.
I feel the mobile market has become like the PC market. The money is made by the software companies (Microsoft/Google) and the hardware companies are in a suicidal race to the bottom for cost, hoping wafer-thin margins will mean something if they sell enough of them.
Re: Pedant alert
It's a pity we have lost genuinely useful words like "disinterested"
I've just found mine hiding down the back of the sofa. I'm going to take a lot more interest in my disinterest.
Re: Pedant alert
It seems this is a case of the English language changing before our very eyes:
Ars goes into a bit more depth on this very topic:
I think it's needed someone independent of the banks & mobile operators to focus their thoughts. They were too interested in protecting their own turf rather than providing a service that the person on the street wanted.
Apple (for better or worse) have the muscle to say to the banks & operators: This is how it's going to be done. (And the operators seem to have lost)
All we can hope for now, is that the specs for this are opened up and other people can implement it.
Re: Nintendo Wii mania
This is standard Apple operating practice, restrict initial supply and announce delays due to unexpected high demand.
The problem is, no-one has any hard facts to prove or disprove this theory. I tried a quick Google, and I ended up with facts from "people familiar...", which isn't a sound foundation for any hypothesis.
Re: $50 low-end smartphone already has that...
Why has it taken Apple so long to add this in?
The handset manufacturers could add it in fairly easily. But for it to work with your existing mobile number, the mobile networks need to get on board and support it, otherwise you'll have two phone numbers: A GSM number and a WiFi number.
Is it just for use when you have access to an 802.11 network but no cellular (which seems like an unusual situation)
I assure you, where I work, mobile coverage is "poor", yet we have fantastic WiFi. WiFI calling would be ideal for us.
Re: Hope you enjoy it as much as I do
O2 has TuGo. Unfortunately, it's not available for corporate customers.
Well, not this corporate customer anyway :-(
You're confusing creation and duplication.
Creation of a piece of intellectual property (Software, music, art, literature, etc) can take a long time (Many years by multiple people in some cases)
Reproduction can be just as simple as hitting "copy" in a file manager.
Re: Poor eyesight
Blind musicians don't have the paper option. It doesn't seem to impede them. I wonder, do they learn completely by ear from recordings, or do they need the help of a sighted teacher to learn a new work?
I can't speak for all blind musicians, but I know one blind musician. She has to buy braille versions of sheet music. It has to be specially typeset. I don't think it's just a case of loading in a Sibelius file and sending it to the braille printer. She then memorises from the braille version.
Copying & Printing
I can understand the court ruling against the copying of the electronic version to USB stick. But printing is a bit more interesting. In the UK, you can legally photocopy a small amount of a book for private study. So printing a small amount of a scanned version should be no different.
Re: Why? oh Why?
Aren't HP taknig the Auditors to Courst as well?
"HP says it is planning to bring separate lawsuits against [...] the UK arm of Deloitte & Touche, which audited Autonomy for the acquisition.."
Post patch patch
Having to reboot is one pain in the ASCII. Having Windows tell you more patches are available after just installing the latest patches is even more of a pain in the rear.
I just build a Win2K12 server the other day. How many patch/reboot cycles did I have to go through before it was fully patched? Three or four if I remember correctly. (I believe a re-install of Win2K8 requires even more) How many reboots to patch to current levels after installing Linux or MacOS? One (usually)
Re: web client sucks
Totally agree. Not always using a Windows desktop, I had high hopes when they announced the new web interface to vCentre. Then I got to try it... My desktop machine isn't exactly ancient, and the vCentre server itself isn't slow either, so what did they do to make the interface so darn slow? I sometimes resort back to the Windows client via RDP (despite the dire warnings) just to get a sane level of performance.
Epic fail by VMware.
The update is Google's latest encroachment into the territory of online password management dominated by LastPass and 1Password, who could well feel threatened as Chrome builds in functionality they once offered as third-party value adds.
Browses have offered some kind of form fill/password manager for years, and password managers still sell, so I don't see Google's changes as any threat to them.
Personally, I prefer a standalone password manager as they are genuinely cross-browser and cross-platform. (Oh, and in this particular case, not Google. "Don't be evil", my arse...)
Adults Vs Children
This isn't as easy as people think.
When I was at school, a group of us went on a skiing trip. Most of us sixth form boys were bigger than the teachers. (No, it wasn't because we were fat, lazy, lard-arses, either) Plus there were more sixth formers than teachers.
But according to the rules, we were classed as children and the teachers as adults. I imagine that made the plane's weight calculations interesting...
Not in America
On the rare occasions I use a web browser without AdBlock plus, I often see adverts for a hosting company proudly saying they aren't in the US. I can only see this growing: "We have nothing in America. No servers and no offices."
Of course, all it will mean is that the American government will have to just rely on the NSA for more of it's dirty work :-(
And how many of these copyright extensions benefit the creators rather than some undying corporate entity?
I have friends who are musicians or artists. They rely on copyright for their living. These are the people that I want copyright to protect. The corporates just use their muscle to screw as much money as possible out of everyone. This shouldn't be surprising - it's what companies exist to do: Make money.
Again, though, it's complicated. Corporates often take risks with new artists, and so want some reward for their risk taking. It's when corporates get lazy and would rather earn money from old work, rather than invest in new work that things get bad.
Re: WHEN I AM PRIME MINISTER...
GCHQ (the NSA, et al) have two broad functions. Firstly, to devise ways to protect the interests of their home nation. The (secret) invention of public key cryptography at GCHQ, and the NSA involvement to improve DES. These are good things and should carry on - especially if they make this stuff more public.
Their second function is keeping an eye on ne'er-do-wells. Again, this is all good stuff.
The problems arise when the spooks assume *everyone* is a ne'er-do-well, or when they interfere with the things that are supposed to be secure and actually make them less secure (so their snooping on everyone is made easier)
If GCHQ & the NSA are anything like any standard business (which they're probably not) these broad policy decision are made by senior managers trying to empire build and protect their own jobs/departments/budgets and not by the grafters at the bottom of the pile. It's these senior people who we need to get shot of.
Re: I would like to thank NASA...
They only thought the rover would last 90 days, so I suspect flash endurance wasn't a really a consideration.
But look at it like this: That flash card has been working in a challenging environment for 10 years. If my server SSDs survive that long here on planet Earth, I'll be more than happy.
Clarify existing rules
Maybe the PCI should clarify their existing rules. They are quite vague and subject to interpretation. Some people may say that's deliberate, but I couldn't possibly comment.
The El Reg sub-head writer is on form this week. Although I do detect a bias towards a certain popular music song
Re: Virtual question
With VMware, it's not hard to detect: Just look at the BIOS vendor string. It mentions VMWare quite prominently. You can also look for VMware only drivers (e.g. VXNet). Another option, is to try the I/O interface that VMware tools uses to communicate with the VMWare hypervisor.
I suspect you can use similar tricks with other hypervisors.
Out the b*****ds
You're right, you shouldn't have to endure that kind of abuse. Salesmen in company outfit should be publicly shamed.
I didn't think this type of behaviour still existed.
Reading between the lines
My reading of the press release is that the rocket put the satellites into the orbit it was told to. However someone told the rocket the wrong obit.
So the crux of his argument is that Facebook transferred his data outside the EU. Surely for this to work, he has to show firstly that he had a reasonable expectation the data would be stored/processed in the EU, and then secondly, that the data was transferred outside the EU without his permission?
When I first heard about this story, I was siding with the photographer. Then I read a bit more about the story (e.g. The Torygraph), and realised that the photographer had NO input whatsoever into the set up.
The monkey stole the camera from him and took random pictures.
If the photographer had trained/encouraged the monkey to use the camera, then that would be different. But in this case, the photographer did nothing and got a lucky shot or two. (The Torygraph article says the monkey took hundres of pictures)
What's the market?
I think MS need to decide what market they are going after with their Surface products. Are they going after the tablet market (in which case, why does it need a keyboard or pen?) Or are they going after the laptop market (Why have a detachable keyboard)? Or somewhere in between (Ultrabook)?
It feels like MS are throwing different versions out to the market to see what will stick.
Ming-Chi Kuo's is assuming that Apple have only recently started work on the iWatch. It could be (and has been rumoured for years) that Apple have been working on an iWatch for a while. In which case, one problem they could have been working on is how to produce it.
Not the first time
This isn't the first time that a (security) patch from Microsoft (or anyone else) has caused serious problems.
Follow the money...
When will users of Facebook, Twitter, LinkedIn, Google, etc. learn? They are NOT the customer of these companies. They are assets to be used and sold. These companies want as much out of you as possible so they can sell more targeted (i.e. more expensive) adverts.
The real customers are the advertisers: The people with the money.
Once users start paying for their accounts, *then* they (might) have a reason to complain about their information being sold to all and sundry. But as Facebook proudly states on their home page "Free and always will be." the chances of that are close to zero.
- Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
- EU to accuse Ireland of giving Apple an overly peachy tax deal – report
- Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
- It's official: EU chiefs WILL probe Apple's Irish tax deal
- ARMs head Moonshot bodies: HP pops Applied Micro, TI chips into carts