Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Bash To Require Further Patching, As More Shellshock Holes Found

markus_baertschi Re:There are no "remote" exploits for bash (322 comments)

After some reflection I suspect that there never was a 'pure' /bin/sh on Linux. It may have been bash all along.

Most commercial Unixes come with a dedicated /bin/bash and the korn shell. One could install bash, but this would be a 3rd party tool and not affect system().

Markus

yesterday
top

Bash To Require Further Patching, As More Shellshock Holes Found

markus_baertschi Re:There are no "remote" exploits for bash (322 comments)

Maybe.

But this decision was probably made before ash or zsh were around. Probably after enough bugs were found in (probably unmaintained) /bin/sh that using the special posix sh mode of bash made lots of sense.

Markus

yesterday
top

Bash To Require Further Patching, As More Shellshock Holes Found

markus_baertschi Re:There are no "remote" exploits for bash (322 comments)

Bash has network connectivity on plenty of servers because it is used to execute cgi-script by the webserver (and other network services).

Here the definition of the system() function call often used to run external commands:

system() executes a command specified in command by calling /bin/sh -c command

/bin/sh is linked to /bin/bash and vulnerable. Executing external commands through system(), and therefore bash, is by far the easiest method, so it is widely used. It is sufficient to trick the server or daemon.

Here a proof of concept where a dhcp server tricks a dhcp client into running an arbitrary command. https://www.trustedsec.com/sep...

Markus

yesterday
top

San Francisco Bans Parking Spot Auctioning App

markus_baertschi Enforceable ? (404 comments)

The company is based in Italy and does not target San Francisco specifically. I don't think San Francisco has standing to sue them.

about 3 months ago
top

The Supreme Court Doesn't Understand Software

markus_baertschi Re:Data compression is data processing (263 comments)

> Data compression on the other hand is a different domain.

Why ?
Data compression has been used since a long time, think about stenography or shorthand, for example. This is a manual data compression system, no computer required. Many algorithms are only practical on a computer, but they still are mathematical algorithms.

about 3 months ago
top

A Different Kind of Linux Smartphone: Samsung To Sell Tizen-Based Model Z

markus_baertschi Re:I cooled off on Samsung... (105 comments)

I had a SGS2 and have a SGS4 now. They are fine phones. I want a replaceable battery and a SD card slot. This reduces the field for me a lot.

For my wife I bought a Moto G and I suspect I will replace my SGS4 with a phone in the same class, once it needs to be replaced. Phones are rapidly approaching the phase where most middle class phones are good enough. Two years ago a high-end device was necessary for a good experience, these days this is no longer true.

Life will become tougher for phone manufacturers.

about 4 months ago
top

Joining Lavabit Et Al, Groklaw Shuts Down Because of NSA Dragnet

markus_baertschi Re:Where will this end? (986 comments)

And I feel Groklaw is wimping out just now.

about a year ago
top

BT Begins Customer Tests of Carrier Grade NAT

markus_baertschi Re:No choice (338 comments)

>The carrier has the choice to implement ipv6. Run ipv6 natively, and tunnel ipv4 traffic.

I don't think this will solve the problem. In the end, even if tunneling, some applications expect to see an IP per end-user. So the carrier still has to expose a dedicated IPv4 address per customer to the internet.

about a year ago
top

BT Begins Customer Tests of Carrier Grade NAT

markus_baertschi Re:No choice (338 comments)

>Oh they can get more IPv4 addresses if they want. They are simply not willing to pay the asking price for them.

No. He will have to pass the additional cost of the IP addresses to its customers. And those customers are not ready to pay the price. They prefer a cheaper, but crappier service, otherwise the'll upgrade or switch to another more expensive carrier with real IP addresses.

about a year ago
top

BT Begins Customer Tests of Carrier Grade NAT

markus_baertschi No choice (338 comments)

The carrier has probably no choice. He can no longer get IPv4 addresses for new customers, so either he refuses customers or uses NAT to map multiple customers on the same IP.

On the other hand, the average Joe customer will not see the difference. He can surf as before and all his apps will work as before. Some apps (mostly p2p stuff) will suffer, but most internet user don't use those.

If you as customer do need a 'real' IP, then there always is the option to get a more expensive option.

about a year ago
top

Facebook "Trusted Contacts" Lets You Pester Friends To Recover Account Access

markus_baertschi Re:Security (114 comments)

I agree, I find this an excellent password recovery scheme. It does not protect against a bad choice in friends, but there are no technical protections possible against that. But for password recovery it is very good and quite safe against abuse by anonymous internet hackers.

about a year ago
top

Ask Slashdot: How To Track a Skype Account Hijacker?

markus_baertschi Re:What about the IP (152 comments)

Your Bank/Credit card company has no 24h service number for such this ?

Time to change credit card company.

about a year and a half ago
top

The Human Brain Project Receives Up To $1.34 Billion

markus_baertschi Re:Can they do a mouse? (181 comments)

They are actually working with rats at this time. The first couple of years that compiled a database of rat-neurons in detail: Form and function. They do test the simulation extensively: Connecting electrodes to the synapses to check out what combination of input signals cause what output signals. After wards they look at one of the brains building blocks: The neuronal column: You assemble 10'000 neurons and do the same again: Feed it input and verify the output. If the simulation and the real thing gives the same result, then your simulation is ok, otherwise you go and tweak it until you get the same results.

I don't know how they go about Human brains, I'm sure they can not easily compare the simulation with the real thing. There are no volunteers to give op a bit of brain to feed the experiments :-).

They also are the main user of a BlueGene supercomputer at EPFL to run the simulations.

We'll see where they get over time. Henry Markram, the project leader is excellent, so I'm confident.

Markus

about a year and a half ago
top

Google+ Chief Grounded From Twitter By Larry Page

markus_baertschi Re:This isn't about social networking (135 comments)

Very much so.

I would expect the head of Google+ using mainly Google+ for his social networking needs, not the network of a competitor. He should not even need to be told that explicitly.

about 2 years ago
top

Swiss Spy Agency: Counter-Terrorism Secrets Stolen

markus_baertschi Re:So... (88 comments)

I'm afraid to admit that it looks very much like it

about 2 years ago
top

Swiss Spy Agency: Counter-Terrorism Secrets Stolen

markus_baertschi Secret service was lucky (88 comments)

This event dates from late September. As far as I know he was caught, before he could sell anything.

But, the Swiss Secret Service was lucky: The guy was caught because his bank became suspicious when he wanted to set up bank accounts to receive the future price for the loot.

The guy essentially walked out of the place with disk drives full of data. As he was the IT maintenance guy, he could pull this off without anybody getting suspicious. If your IT guy replaces 'broken' disk drives, everything is ok, other employees thought. As Switzerland is small, that department was small too, so there was a lack of resources.

Markus

about 2 years ago
top

Ask Slashdot: How To Make a DVD-Rental Store More Relevant?

markus_baertschi Re:Stop renting DVD's (547 comments)

I agree, DVD renting as business is on the way out. in the not-too-far future there will be too few customers to keep him in business.

If he wants to stay in retail he has to start selling/renting things customer want to buy/rent in a brick and mortar store.

about 2 years ago
top

Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?

markus_baertschi Desired outcome (440 comments)

You don't say what your desired outcome is.

If this was my data I would proceed as this:

  • Data chunks (like web site backups) you want to keep together: weed out / move to their new permanent destination
  • Create a file database with CRC data (see comment by Spazmania)
  • Write a script to eliminate duplicate data using the file database. I would go through the files I have in the new system and delete their duplicates elsewhere.
  • Manually clean up / move to new destination for all remaining files.

There will be a lot of manual cleanup, I think.

about 2 years ago
top

Ask Slashdot: What's the Best Place To Relocate?

markus_baertschi Switzerland (999 comments)

The Swiss economy is still doing fine, finding work is not a problem. Salaries are good too, compared to Europe. The downside is that prices (especially housing near the economic centers) are high too. Quality of life is good too.

For an European, getting a work and residency permit is a formality so you'll have no problems there. You can get by in English initially and pick the local language up later (French / German / Italian, depending where you go).

more than 2 years ago

Submissions

markus_baertschi hasn't submitted any stories.

Journals

markus_baertschi has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?