Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Apple Fixes Shellshock In OS X

smash Re:Exploit that only affects Mac and Linux (143 comments)

I like how slashdot are making out that this is more of an apple problem when perhaps 0.0001% of apple users are even running a web server and most of those are using php and not mod_cgi, the dhcp client is not vulnerable, etc.

Yet Linux with dhcp client vulnerable and a whole slew of other system utilities potential vulnerable due to using bash everywhere to glue tools together is given a pass.

bash still isn't fixed properly yet, and until it is, any linux box with a dynamic IP address sis potentially at risk.

6 hours ago
top

Apple Fixes Shellshock In OS X

smash Re:that was fast (143 comments)

No, the OS X dhcp client is not hacked together with shell scripts.

6 hours ago
top

Apple Fixes Shellshock In OS X

smash Re:that was fast (143 comments)

You men the mac servers that don't run mod_cgi?

6 hours ago
top

Apple Fixes Shellshock In OS X

smash Re:that was fast (143 comments)

Apple are likely more concerned with breaking apps that may depend on certain behaviour and actually QA testing their shit before putting it out to 100 million users or so and dealing with the fall out from "it just works" breaking. Linux is an entirely different kettle of fish, where breaking people's shit because you don't like company X or you have an ideology conflict is "acceptable".

6 hours ago
top

Apple Fixes Shellshock In OS X

smash Re: Why isn't this auto-update? (143 comments)

The majority of which do not apply to OS X and only linux, because OS X isn't held together with shell scripts and duct tape.

6 hours ago
top

Apple Fixes Shellshock In OS X

smash Re:Why isn't this auto-update? (143 comments)

ON the contrary.... insufficient QA = potentially a hundred million functionally broken machines, vs. perhaps 5 nerds with compromised mac web servers exposed to the internet from not pushing it out.

6 hours ago
top

Consumer Reports: New iPhones Not As Bendy As Believed

smash Re:30-46% less force is required to deform?! (301 comments)

Sitting on your phone is not. I'm sure many of the electronics I have, like my PSP for example, will break if i sit on them.

2 days ago
top

Consumer Reports: New iPhones Not As Bendy As Believed

smash Re:30-46% less force is required to deform?! (301 comments)

News flash: as the proportion of electronics volume to phone volume go up, the chassis goes down. Eventually, we reach a point where we need to decide how much force is necessary for a phone to withstand. Time will tell whether this force is enough. If the 9 reports of bent phones are to be believed, out of 10 million plus sales (first weekend) that is not so bad.

2 days ago
top

Consumer Reports: New iPhones Not As Bendy As Believed

smash Re:Unscientific. (301 comments)

even if they are under-reporting by 99%, you're still talking ~1000 or so people. Which out of 10 million in the first weekend of sales is not bad.

2 days ago
top

Why You Can't Manufacture Like Apple

smash Re:Apple sells jewelry, plain and simple (408 comments)

Sure. In theory. If we're going to talk reality, i have far less problems with OS X than i do with Linux in the first place.

2 days ago
top

Why You Can't Manufacture Like Apple

smash Re:Apple sells jewelry, plain and simple (408 comments)

Unless you wrote your own compiler from machine code, you are still trusting the people who wrote your compiler. You are also trusting the people who wrote the microcode in your CPU. You are trusting third parties irrespective of whether or not you are running open source, and as demonstrated by the leaked NSA docs, there are bugs available for your hard drive firmware that you will never find.

IN short: you're boned and trusting third parties irrespective of how open your OS is - unless all of your hardware is open, all of the firmware for your hardware is open, and you have personally audited all of it.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Not to praise Apple, but... (208 comments)

Correct. For this to be exploited, bash needs to be spawned by an internet facing service and pass environmental variables into a bash shell. Nothing on OS X does this by default. OS X does not run the open source dhcpd, and is thus not exploitable via dhcpd, and does not run apache unless manually enabled, and manually configured to run mod_cgi. Remote ssh is also not enabled on the mac by default.

Far more vulnerable is Linux which runs dhcpd on any machine with a non-static IP, through which bash is exploitable.

But hey, let's make out that OS X is worse off than Linux in this case.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Bash a bad fit for osx (208 comments)

I suspect the only reason apple currently uses bash as the default shell (it used to be plain sh from memory or csh) is that it makes it friendly to Linux users.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Ars Technica speculates? (208 comments)

The amount of GPL code in OS X userland is exceedingly minimal. Most of it is from FreeBSD.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Issue with FSF statement... (208 comments)

So you are just writing off their contributions to webkit, CUPS, zeroconf, gcd, llvm, etc. Things that other operating systems and applications can and do benefit from?

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Sounds like Apple. (208 comments)

Apple deprecated Java entirely and suggested that you obtain it from Oracle, but thanks for playing.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

smash Re:Stallman would be proud (208 comments)

Well.... not really. All i've had to do is ensure I am not running apache or open ssh on my macs. I'm not. Meanwhile anyone running Linux with dhcpd is vulnerable until they fix bash. On my FreeBSD servers I just uninstalled bash. Job done. This bug was fixed in sh about 30 years ago apparently according to twitter.

3 days ago

Submissions

top

www.google.com blocked by Microsoft Anti-Malware products

smash smash writes  |  more than 2 years ago

smash writes "It would appear that a recent definition update or change to www.google.com has caused the site to be registered as a (false?) positive for Blacole.BW a javascript exploit. So far, it looks like at least Forefront TMG malware inspection, and Microsoft Security Essentials are affected."
Link to Original Source
top

Congress wants to spy on your internet

smash smash writes  |  more than 3 years ago

smash writes "Taking a leaf from Steven Conroy's book, the US congress wants to spy on its citizens internet usage under the premise of going after child pornographers. But of course everyone else's browsing will be under surveillance as well. Won't somebody think of the children?"
Link to Original Source
top

What if the internet was turned off?

smash smash writes  |  more than 3 years ago

" rel="nofollow">smash writes "With recent actions by the government in egypt to turn the internet off in the face of revolution, what would you lose if access to the internet was turned off? With everything moving to IP (voip, video, online banking, e-mail, news delivery, internet radio, etc) just how stranded would you be if it was to all be turned off?"
top

Internet Explorer 9 released

smash smash writes  |  more than 3 years ago

smash writes "Whether you hate IE or not, the good news is that IE9 final is finally out. With newer Microsoft produts (eg, Sharepoint 2010, FOPE, etc.) dropping IE6 support the availability of an IE that is finally at least somewhat standards compliant and with improved performance is surely a good thing."
Link to Original Source
top

internet explorer 9 beta is out

smash smash writes  |  about 4 years ago

" rel="nofollow">smash writes "Internet Explorer 9 beta was just released into the wild, bringing a first real test-drive of vastly improved standards compliance and an accelerated rendering pipeline to those stuck in environments that include software that mandates internet explorer. Whilst its not ever likely to be a slashdot crowd favorite, improved standards compliance can't be a bad thing."
Link to Original Source
top

Australian internet in safe hands

smash smash writes  |  more than 4 years ago

smash writes "Senator Conroy, Australia's minister for communications recently demonstrated his fine understanding of internet service delivery and his powerful command of the english language in a recent communique to the Australian people. Australia LOL'd."
Link to Original Source
top

how to market music, by trent reznor

smash smash writes  |  more than 4 years ago

smash writes "How to Destroy Angels is a new band featuring Trent Reznor of Nine Inch Nails fame. The first EP is available as a free MP3 download, 2 dollar upgrade for downloadable high-def, or free with any other merchandise purchase. Given that the distribution cost for the album is pretty close to free, the pricing seems fair. Is this the future distribution model for entertainment media? How can traditional publishers expect to charge physical media distribution prices for digital downloads, when any artist can set themselves up to distribute via the internet like this?"
Link to Original Source
top

$40k per URL for aussie web filter

smash smash writes  |  about 5 years ago

smash writes "After several years of debate and electioneering, some statistics on the Australian national web filtering effort have been disclosed. Apparently, the typical Aussie web surfer is 70 times more likely to win the national lotto than stumble across a blocked page. Additionally, despite the claim that the main aim of the filter is to block child pornography, only 313 of the 977 total sites blocked is on the basis of child porn. At $40m AU so far in taxpayers funds, the cost so far is around $40,900 per blocked URL. Government efficiency at work..."
Link to Original Source
top

Nine inch Nails ditch label

smash smash writes  |  more than 6 years ago

smash writes "After much public comment on the record industry in general and and his label in particular, barely a week after Radiohead, Trent Reznor has ditched his label and will focus on sales via the net. Read the scoop here. Is this the beginning of the end for the RIAA?"
top

The polling poll poll.

smash smash writes  |  more than 7 years ago

smash writes "Did you tell the truth on the slashdot polling poll?

  • yes
  • no
"

Journals

top

2006

smash smash writes  |  more than 8 years ago Well, time for my bi-annual journal update...

Since last post, I've quit my old job, worked freelance for 6 months, scored a new job, and just about gotten myself out of debt :)

I'm not working on a remote minesite, doing all sorts of geek stuff, ranging from wireless networking, to PABX configuration, to AD administration, to firewalling, to maintaining a large cisco spanning tree ethernet network, etc.

All good fun and a huge learning opportunity.

Looking to actually do some courses at some point in the near future, with a view to actually *learning* stuff i don't yet know, as opposed to just scoring paper certs for stuff I can do in my sleep.

Considering Java app development, as it seems to be fairly multipurpose, and well entrenched.

In my spare time, I've decided to get into club level motorsport - JDM spec Nissan 180sx with around 300hp at the rears, coilovers, sway bars, etc, etc...

And that's pretty much it.

Will try to update this more regularly :)

smash.

top

moving right along...

smash smash writes  |  about 10 years ago Well, time to get another job. Just recently handed in my notice, I've had enough.

Not really much more to add, my last day is next friday. Anyone looking for a unix/networking guy in the Perth, Western Australia area (part time work preferred, starting my own business), please feel free to email me :D

top

IPsec under BSD - update

smash smash writes  |  more than 11 years ago Well, so far so good.

The wireless IPsec link has been working flawlessly - the only problems I have encountered so far have been key lifetimes (they're too far short by default), and a power outage. The link is point to point via a middle hop, and this device is in another companies office.

They had an extended power outage the other day, and comms were lost...

Not too bad - over 3 months uptime without a hiccup :)

I'm still halfway through writing up the documentation - it will be linked here when its finished.

top

IPSec in FreeBSD

smash smash writes  |  more than 11 years ago Well, I've been setting up a wireless link between 2 of our offices at work lately, and I don't trust WEP encryption anymore than I trust Microsoft IIS, so I've been playing with IPSec in tunnel mode under FreeBSD.

Each end of the link is run by a Linksys WAP11 access point, hooked up to a FreeBSD firewall box running IPSec in tunnel mode.

The IPSec documentation is a little confusing on this type of setup, as it goes on about setting up a gif interface to use for tunnelling, however as far as I can see, its not required.

In my situation, instead of setting up a gif interface, I simply ended up using the NIC connected to the wireless bridge in its place - running tcpdump on either end is showing the packets as being ESP encrypted, so as far as I can see it all looks sweet.

Think I'll try putting together some documentation on it and submitting...

top

FreeBSD 5.0

smash smash writes  |  more than 11 years ago Well, I downloaded and installed FreeBSd 5.0 the other day, and it seems that the installer is a little bit screwy - in particular, it failed to newfs my /var slice, and as a result it wasn't mounted, and /var was unpacked under the root.

I rebooted, manually newfs'd and moved /var from the root to it, but I'm guessing some permissions didn't come across properly, as X, and vi complained about access to /var/tmp.

Couldn't be bothered sorting it out, and went back to 4.7 for the time being...

Think I'll wait for 5.0.1 or 5.1 - some of the new features are very enticing (proper threads, devfs, etc), but for the time being, 4.7 works well enough for me :)

Slashdot Login

Need an Account?

Forgot your password?