Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Apple Yet To Push Patch For "Shellshock" Bug

donaldm Re:Issue with FSF statement... (208 comments)

As per your link to bash , if you look at the "COPYING" part under the "bash-3.3" directory you will see the bash they are using is V3.2 and is under the GPLv2. This is not denigrate Apple's use of a GPLv2 product since it is open source, however it is an older version of bash.

If you look at the later releases of bash version 4.2 is actually under the GPLv3 license. The following is from my Fedora 20 distribution.

> rpm -q --queryformat="%{NAME}\t%{LICENSE}\n" bash-4.2.48-2.fc20.x86_64

bash GPLv3+

The above version of bash has been patched and is available as an update as per 2 days ago.

With Windows you are not just out of luck ayoure _shit_ out of luck since the whole thing is closed source, unless you are a major foreign government. They get the rare privilege of doing their own code reviews.

That is assuming that the so called "major foreign government" has the people who can do a code review and they trust the release is the same one they did the code review on. For all but the most paranoid governments this type of thing really belongs in the "too hard basket" so most choose to believe that the closed source company is all "sweetness and light" and would never screw us over. :)

2 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

donaldm Re:~/.cshrc (208 comments)

Rename /bin/bash to /bin/bash.bak then create a link from /bin/dash to /bin/bash ..

Why on earth do you want to do that? If you are running a Rehat distribution on a production machine that is a great way to get fired unless you have the appropriate change requests filled out and even then you would have to install dash which adds an extra level of complexity.

On Fedora 20 as per two days ago:

> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test

This is with "bash-4.2.48-2.fc20.x86_64" which does not require a reboot, although if you are like me the latest updates did contain a kernel update as well which does require a reboot.

So at least the latest release of Fedora is patched. As is Redhat 4 thorough 7 see here.

2 days ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

donaldm Re:Only the beginning (236 comments)

That is fine for Debian / Ubuntu distributions however for RHEL / Red Hat / CentOS / Fedora Linux the Apache error file location is /var/log/httpd/error_log.

For FreeBSD the Apache error log file location is /var/log/httpd-error.log.

It must be noted that the above are the defaults and can be changed.

4 days ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

donaldm Re: Only the beginning (236 comments)

Unless I'm badly mistaken, the default interactive shell isn't relevant in the "Shellshock" case. If an attacker has a login shell already, they need to find a setuid shell script explicitly using bash in order to gain more privileges.

Correct me if I am wrong, who in their right mind would write a suid script that would give a normal user "root" privileges? I can even go back to the early 1980's and writing a script and setting it suid for root was considered very poor system administration practice.

A quick check in Fedora 20 results in a few suid programs (24 to be precise) however they are not scripts.

4 days ago
top

KDE's UI To Bend Toward Simplicity

donaldm Re:WTF? (184 comments)

Windows got a lock on the desktop because it was next to f***ing impossible not to buy it every time you bought a PC, and the only alternatives were Dos or throwing out all your computers and software to switch to Macs.

Thank you for proving my point, people obviously liked it, for whatever reason, over alternatives like Dos and Mac.

In what way did the original poster prove your point? I suppose the "Microsoft Tax" is fantasy.

It is not a matter whether people liked or disliked Microsoft Windows it is basically all they get when they purchase a new PC. Basically MS Windows IMHO is "good enough" for people who normally don't know there are alternatives and even if they do, most would not know how to install an alternative OS so they put up with the one that came by default. That does not necessarily mean they like it or hate it for that matter since they normally can't or won't compare against other OS's.

As for DOS you have to be kidding. Ok maybe a MAC, but MAC hardware even though it is now Intel architecture is normally more expensive (although not by much) and has a different GUI to a MS Windows GUI, although from what I can gather MAC users actually do prefer their OS over MS Windows although I will admit they are in minority with regard to PC' sales. Smartphones and tablets are a different matter and these areas are were Apple's OS/GUI and Android's Linux OS/GUI) dominate.

about two weeks ago
top

KDE's UI To Bend Toward Simplicity

donaldm Re:WTF? (184 comments)

If you could get Microsoft Office and Adobe CS on Linux, I think you'd see a significant increase in adoption just from that

What you have said is very debatable however Microsoft and Adobe would have to port those products to particular Linux distributions although it is possible to run them under "Wine" or even on a virtual machine with a Microsoft OS. For a business were you are told to run the products you mentioned you would normally have no choice but to run them on a Microsoft OS and in most cases all costs are born by the business.

Key "home use" and people either join the "green parrot and peg-leg brigade", purchase the appropriate license or look for alternatives.which run under Microsoft Windows or natively under a Linux distribution. For the amateur through to the professional "LibreOffice" and "The GIMP" are quite viable alternatives. Of course if the business you work at requires those commercial products and is willing to pay for them then fine.

BTW. I am aware that Adobe's Creative Suite is a collection of software of which one is "Photo Shop" which can be reasonably compared to "The GIMP" (Key the flames), however you would have to look around to get pretty close to it's functionality. if you are interested this site can help.

about two weeks ago
top

Islamic State "Laptop of Doom" Hints At Plots Including Bubonic Plague

donaldm Re:But is it reaslistic? (369 comments)

The problem with biological weapons is that unless you make sure all your so called friends are immunised or leave they are also going to among the casualties. Usually large scale immunisation or exoduses are pretty noticeable especially if that immunisation is for diseases that are really unusual. However terrorists normally don't care for other people other than themselves so if they use biological weapons you can expect casualties on all sides.

about 1 month ago
top

Systems That Can Secretly Track Where Cellphone Users Go Around the Globe

donaldm Re:When Roaming people turn off cell mode (76 comments)

actually, when you buy in bulk TBs are cheap, and mem prices drop, especially when you have 100 GB/s pipes

Disks may be relatively cheap especially in OEM quantities, however when the requirement is for multi petabytes then you cannot think in terms of a collection of single disks even in a RAID array you have to consider a Storage Area Network and the infrastructure to manage, backup and even do a recovery. When you start adding up the costs this does not come cheap.

Yes governments, especially those in first world countries can build up the necessary infrastructure to capture information and it comes out of tax payers pockets, but you only need one whistle-blower and that government has egg on it's face. Of course some governments don't care and are quite happy to build something like this even if it means their people starve.

about a month ago
top

Choose Your Side On the Linux Divide

donaldm Re:My opinion on the matter. (826 comments)

If you want a job doing any type of linux work, you better know RPM. Period.

You don't really have to know the ins and outs of "rpm" but a quick "man rpm" will help immediately and of course the web has a huge amount of examples. You can get by with only a few options however like most commands in Linux/Unix there are some more esoteric options that can be very useful on the odd occasion.

Now I suppose we can start discussing the proposed depreciation of "yum" to "dnf" (default in Fedora 22 which is about a year away). Both have man entries although at the moment (Fedora 20) I only use "yum". I have tried "dnf" and it also works.

about a month ago
top

Choose Your Side On the Linux Divide

donaldm Re:My opinion on the matter. (826 comments)

Everyone I know who uses vi uses ":wq" rather than ":x". Don't know why. I'm an emacs user, so I couldn't even tell you what the command is to save and quit; I just move my fingers and feet in a pattern stored in muscle memory, and things get done.

Well I normally use "ZZ" although I can use :wq or even :wq! if I want to overwrite a read-only file if I own it or am root. Of course there is always the good old :q! when you have stuffed the file so much that you really just want to exit without updating and head down to the pub :-)

about a month ago
top

Choose Your Side On the Linux Divide

donaldm Re:My opinion on the matter. (826 comments)

Mac OS uses launchd, FreeBSD uses init.d, many Linuxes use systemd.

And Solaris uses SMF. This is more than just nuance; each of these systems are different and completely incompatible. It really means that the argument of "It's just Unix" and therefore the same/similar is ignorant or possibly maliciously false to further a political point.

We also should talk about HPUX and AIX which are very much alive and well. Looks around and ducks for cover :-)

about a month ago
top

Choose Your Side On the Linux Divide

donaldm Re:My opinion on the matter. (826 comments)

Of course, but it's still a nice feature until you have figured it out or received a patch that fixes the problem.

If the daemon crashes on execution, then gets restarted, say, 100 times a minute, how is that a nice feature?

I think you as the System Admin would notice this and make sure the service is shut-down for debugging purposes or reported to the appropriate people as a failure in their software. This is no different to what was done over 40 years ago.

about a month ago
top

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

donaldm Re:NT is best (190 comments)

If constant reboots and BSODs are still your impression of Windows, you should give it another try with a more recent version. Things are quite smooth these days, thanks to the NT6 kernel.

Err! Win NT6.0 was Microsoft Windows Vista and we know how everyone loved that. Even with NT6.1 (Microsoft Windows 7) you still could get constant reboots and BSODs (first hand experience). Still NT6.2 (MS Win 8) and NT3 (MS Win 8.1) may me stable to you but that GUI IMHO looks like something designed by a 5 year old.

Over 7 years ago I switched to a Linux distro and have never looked back.

about a month ago
top

Facebook Experimenting With Blu-ray As a Storage Medium

donaldm Re:Why not the "boring" Tape storage? (193 comments)

That's not really how tape systems work. Generally they keep an index online so you can tell the tape system to pop in a specific tape and goto a specific position, longest load times... in real world that i've personally witnessed... 10 mins

You do realise that tape is normally classified as "off-line" backup/storage which normally means that the tapes are taken off-site. If you are talking about a virtual tape machine and your data is still in the cache then recovery could be a few minutes but if the data is not in the cache then you will need to wait till the tapes are brought back on-site and that can take a few hours.

about a month ago
top

Facebook Experimenting With Blu-ray As a Storage Medium

donaldm Re:Why not just use hard drives and then store... (193 comments)

Why is it that you can turn off blue ray drives, but not hard drives?

Last I checked, my hard drives were simple to power on and off on the fly

Companies that have massive storage and computing needs cannot and should not be compared to your home PC. I suggest you look at Storage Area Networks (SAN) and the implementation and costs associated with them. Taking Facebook as an example you cannot just shut-down a SAN even it is used as a "near-line" storage device, so using BD as "near-line storage" devices is actually a very practical and economical solution.

about a month ago
top

Facebook Experimenting With Blu-ray As a Storage Medium

donaldm Re:Why not just use hard drives and then store... (193 comments)

Seldom used data sitting in spinning power draining disks has a continuous power cost.

Seldom accessed HDDs can be spun down, or even completely powered off.

You do realise that HDD's can fail so you would need redundancy (ie. more than one) The same can be said for BD but since they are passive disks you don't have to worry about the electronics. Yes you do need a BD reader/writer to read/wite to the BD disks, but that writer/reader can be replaced if faulty without any loss of data. While you can spin down HDD's this is not a good solution for a variety of reasons, one of which is that the disks (remember "redundancy") may not come up properly.

When people discuss things like this you have to be aware that for large amounts of storage we are not talking about simple SSD's that can be found in any PC configuration, you have to look at storage arrays which are not exactly something you can just casually switch off to conserve power, so it makes much more sense to consider using "near-line" media storage devices such as BD/DVD/CD which don't have any electronics associated with them except for the device reader/writer which consumes much less power then a storage array and can easily be replaced without any chance of data loss.

BTW I am well aware that a faulty disk can be read for it's data however if you actually work out the costs involved and there is no guarantee that you can get back all the data then cheap BD disks are a better solution.

about a month ago
top

Microsoft Lobby Denies the State of Chile Access To Free Software

donaldm Re:Publicly Funded Governments (159 comments)

You are stuck with either GNOME or KDE for RHEL, and most users are going to expect GNOME. We also run into where our users have to emulate the users' environments, which often means GNOME for the GUI. Third, there are a lot of situations where a GUI is required (say, the default installer for a lot of things, like Documentum, Matlab, Oracle, etc). Trying to get people not to use the default GUI is near impossible.

If you use a graphics installer for Redhat you are not really using a window manager like KDE, Gnome or even Xfce. Anyway have many users are using RHEL for the desktop? (although you could). As for installers for Documentum, Matlab, Oracle, etc they are specific to the software application and will run under most window managers. Actually you would normally install software like what you just mentioned via client software which could even be on a Microsoft Widows machine.

As for "trying to get people not to use the default GUI" that is the wrong thing to say since if you are the system admin it is very easy to set up particular users to only use a specific Window Manager using "kickstart" (very useful if you want a consistent configuration across all machines). Of course you could do a manual installation as well but that can get very tedious across hundreds of machines.

about a month ago
top

Microsoft Lobby Denies the State of Chile Access To Free Software

donaldm Re:Publicly Funded Governments (159 comments)

But what about military secrets?
What about ongoing stings of organized crime syndicates, and the undercover police who might threatened?

If you want your documents kept secret there is plenty of encryption software available. The problem you have with any type of secret documentation is not really with the software but the people using the software so to coin an old saying "loose lips sinks ships", and the more eyes on something the more likely it will eventually be leaked.

Anyway what is this got to do with a government or any other organisation using "open" software compared to "closed" software because what you have just said applies equally to both.

Are these exceptions? How many lives is this principle worth?

If(instead) these are valid exceptions, what objective criteria would you use to separate the valid secrets from the invalid?

Basically the creation and handling of any type of information falls under "Company Policy" and again it makes no difference if the underlying software is "open" or "closed" source. At some stage there needs to be some trust because the more you don't trust the people who are handling information the more likely that information will be leaked.

People have been trying to solve the problem you just laid down a simplistic solution to for decades now.

And therein lies the problem. People are human and under certain circumstances can deliberately or accidentally divulge information that otherwise should remain confidential or even top secret to a particular company or even a government.

about a month ago
top

Xbox One Will Play Media from USB Devices, DLNA Servers

donaldm Re:my TV do that, why should I buy a XBOX 360 (112 comments)

I have a no-smart-tv (LG) and it can read any USB drive (including HD)

I think you are not understanding what a USB stick/drive is. Basically The most common USB connectors support USB 1, 2 and now USB 3 and normally have a type A (the most common) and type B (more boxy) connectors see here . What is important to note is what type of file-system is actually on the device.

For USB devices that are 16Gb or less the most common file-system is FAT32, however over 16GB you may find NTFS, exFAT or even FAT32. If you are like me who has a Linux OS on my machines then you may find that I have changed the file-system on my USB device to ext3 or ext4 or any other of Linux file-systems that support journalling (I am aware NTFS supports journalling), of which there are quite a few. I would assume that most modern TV's that have a USB slot can read FAT32 and possibly exFAT or NTFS although less likely, however I would be surprised if that same TV could read other file-systems although many Linux file-systems are patent free.

about a month and a half ago
top

DARPA Wants To Kill the Password

donaldm Re:Passwords died in the 80s (383 comments)

In the 80s we didn't even bother with passwords, okay maybe by the late 80s.

Err no! you are thinking of early PC's and their single tasking equivalents. Passwords to access multitasking computing systems have been around from at least the 1960's. The Unix OS was designed and enhanced with user names and appropriate passwords going back to at least the early 1970's.

Actually even today a good password is quite hard to break even with so called "man in the middle" attacks providing you are using something like ssh and possible one time passwords (I used this type of access back in the mid 1990's) to access machines.

In many ways as long as you have a good remembered password to access your PC you should only have to worry about your PC being compromised by Viruses, Trojans and social engineering attacks. As long as you are aware and know how to recover from an attack (most people don't) then you are pretty safe from mall-wear. Even if you are compromised then you should have some idea on who to contact such as Banks , Web site etc to report and hopefully resolve the issue.

about a month and a half ago

Submissions

top

donaldm donaldm writes  |  more than 7 years ago

donaldm (919619) writes "A few months ago I once said jokingly to some of my colleagues that it won't be long before someone sues Nintendo for patent violation on their Wiimote. Well unfortunately I was right as the following Arstechnica article shows http://arstechnica.com/news.ars/post/20061208-8385 .html

My next crystal ball prediction will be a patent case on accelerometers which are used by Nintendo and Sony in their contollers. I really hope I am wrong but with the sad state of patents (rumble anyone) I won't be surprised."
top

donaldm donaldm writes  |  more than 7 years ago

donaldm (919619) writes "SecurityFocus columnist Mark D. Rasch, J.D looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice. Read the following http://www.securityfocus.com/columnists/423?ref=rs s for the details (two pages).

To quote Mark " Does the Microsoft EULA adequately tell you what will happen if you don't activate the product or if you can't establish that it is genuine? Well, not exactly. It does tell you that some parts of the product won't work — but it also ambiguously says that the product itself won't work. Moreover, it allows Microsoft, through fine print in a generally unread and non negotiable agreement, to create an opportunity for economic extortion. "

Now could be a good time to look at alternative OS's."

Journals

donaldm has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?