Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

unrtst Re:"could be worse than Heartbleed" (317 comments)

# run under mod_perl

print "Content-Type: text/plain\n\n";

system("/usr/bin/xzgrep error /var/log/my.log");

Can you see how this prefectly secure quick CGI to find errors in your log file would result in a system compromise?

Yes, this is a very bad bug with many possible vectors of attack; No, that is not good code nor coding practice.

Why in the world would you have a mod_perl script that is calling a system command just to grep through some text?!!?
Regardless, in the realm of the potential for there to be some justifiable reason to call system(), the example should then be:
system('/usr/bin/xzgrep', 'error', '/var/log/my.log');
in which case, the shell is not executed.

5 days ago

Ask Slashdot: How To Keep Students' Passwords Secure?

unrtst Re:password manager (191 comments)

Hmm, I strongly dislike the idea of sitting in a public place and typing my "salt password" visibly into a prompt (especially if it litters the bash history), and then also getting the resulting login password in clear text.

No sure if the parent does the following, but your extra requirements are easy to get around.

* not in bash history? just put a space before the command (if you didn't know that already, you're welcome... it's so much easier than "rm .bash_history && ln -s /dev/null .bash_history" :-)

* result in the clear? Just use your clipboard: echo -n | md5sum | sha1sum | cut -c1-16 | xclip ... then just [SHIFT]+[INSERT] to paste it into the password field. You can also change the xclip selection by adding "-selection c" and then you can use [CTRL]+v to paste it.

* don't want to see yourself type it? enter "stty -echo" first, and be very careful typing the whole command. ... or make a small script to do it for you:
if [ "x$LENGTH" = "x" ]; then LENGTH=16; fi
echo -n "basepw: "
stty -echo
read PW
stty echo
echo -n "site: "
read SITE
echo "$PW:$SITE" | md5sum | sha1sum | cut -c1-$LENGTH | xclip

about a week ago

Outlining Thin Linux

unrtst Re:min install (221 comments)

Gentoo? Not really unless you setup a build server for yourself separately, ...

From the summary:

When you're rolling out a few hundred Linux VMs locally, in the cloud, or both,

If you're managing a few hundred VM's, you should have the infrastructure in place to support them. There's loads of ways to do that, but if you're using Gentoo, that will include a build server (or cluster).

Similar if you're doing very small installs, they are often trimmed down and prepared from a full install so you can tweak the compressed filesystems and all that stuff.

You are right though - there's no need for some new distro split. The only thing I can see motivating this that is arguably legit is systemd. That's not going to be a server vs other or embedded vs other war though, it's going to be (if it happens at all) a systemd versus other-init-systems battle.

about a week ago

Do Specs Matter Anymore For the Average Smartphone User?

unrtst Re:IP68 the only thing I'm waiting for in a phone (252 comments)

IP68 would be good, though the SGS5 IP67 is decent... why aren't (almost) all phones doing that?

With the size of the phones, I'd like to see MSATA support on some select models, but I also think Ubuntu's dream of a phone that is also your desktop is something viable (feels inevitable to me, but I won't be surprised if it never happens because of some other advancement).

about a week ago

Fork of Systemd Leads To Lightweight Uselessd

unrtst Re:kill -1 (469 comments)

Meh. It's just a slightly-faster reboot that's only usable when you don't need to change the kernel.

If you rephrase that slightly, it makes a very different case:
It's just a slightly-faster reboot that's especially useful when you must ensure the kernel doesn't change (ex. unknown illo/grub state).

There are a handful of other times it's useful. My personal favorite is as a self destruct (secure delete almost all files and free space, then issue kill -1), though there are much better ways of doing that.

about two weeks ago

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

unrtst Re:Dial up can still access gmail (334 comments)

I'd make this one really simple. Use an auto-updating Linux (like Mint), then setup a menu with few choices. Nothing Windows, and if you send a Mac, be sure it can be supported in their locale.

Updates, IMO, will be one of the biggest issues. I ran into this with a local (almost/soon-to-be) relative who was stuck on dial up. I just didn't do anything about their VERY slow computer until I got them onto something with some more speed (they were on dial up aol!!!). How in the world do you update/fix windows XP if someone is on dialup? I'm sure it's possible - I downloaded CD's back when I was on 33.6 - but I don't have weeks to spend doing that. I'm not sure exactly what the answer to that should be.

With that in mind, and with the stories of many virus infections and poor support from their friends, I'd probably try some sort of VM arrangement. Maybe something like:

* boot to something minimal and hardened (vmware ESX, linux + kvm, whatever you're most comfortable with really)
* set it up to automatically boot the VM, so that's really (almost) all they see
* VM install should have multiple disks
* disk1: OS, fully updated before you send it there, and take a snapshot
* disk2: data, copy there stuff here or plug in an external drive of theirs or whatever

If something goes really wrong, just go back to the snapshot.

Consider putting another VM on there that can do offline virus scan of those other disks (maybe clamav), and possibly integrity checks.

Could also put another on there that does a call home to you (dialup, wait for connection, ssh somewhere and setup a tunnel - go over 443 or 80 for a better chance of it working, and maybe use dyndns for the hostname).

Others above recommended gmail. Some other provider should be chosen if at all possible. I like gmail, and am also a fan of, but pick whatever you want. Pick one that can pull mail from other providers, offers OK amounts of storage, imap (and/or pop3, but imap would be preferable so the data stays on the server and you can wipe their machine easier), and virus and spam protection should be decent too. Having webmail available would also be good, because then you can jump into their mail and clean it up if needed :-)

For remote access, forget about proxying commands through email. That's a bit crazy.
Just setup ssh on it and have it run on a variety of ports (22, 80, 443, 65000, whatever), and bookmark something like "" for them to go to and tell you their IP.
If you MUST have some other proxied command method, there are some for various IM clients, and there's stuff like logmein. It's trivial to have pidgin run stuff in the shell via a plugin, for example. At least this could be part of something they don't use every day.

about two weeks ago

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

unrtst Re:Dial up can still access gmail (334 comments)

Or use Gmail with an email client and IMAP.

Might work, but doesn't solve any of this guy's problems.

It doesn't solve *ALL* his problems, but it goes a long way to solving several parts of it:

* that can receive messages no larger than 1MB nor hold more than 15MB
* They are computer-illiterate, click on everything they receive, and take delight on sending their information to any Nigerian prince that contacts them, "just in case this one is true"

The former - they'll have more space.
The latter - gmail has, IMO, one of the best spam filters. I imagine it also does well with viruses, but I've never really worried about them (not on windows; don't execute attachments; keep my system more-or-less up to date).

about two weeks ago

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

unrtst Re:Is this technically impossible - no. (191 comments)

I agree with you, and I thought i was saying the same thing :-)

about two weeks ago

Torvalds: No Opinion On Systemd

unrtst Re:Simple set of pipelined utilties! (385 comments)

If that was ever an expectation of Stallman's for operating system installations that heavily depended on GNU, then should have been in v1 of the GPL. Doing otherwise, and pulling this only after Linux had started to acquire some notoriety of its own makes him look just as bad as people who sit on patents until some really big company start to use it without knowing about the patent, and start enforcing it only then.

If it was ever an expectation of yours for operating systems that utilized a Linux kernel to not be called anything but Linux, then it should have been made clear in the license for the first version of Linux.

The person who first called it GNU/Linux in this thread didn't do so as a correction to you calling it Linux (regardless of whether or not that is warranted), yet you are on some rant to say that calling it "GNU/Linux" is wrong. WHY!?! There is more GNU in your average distro than there is Linux kernel, as you even pointed out.

What about Debian, Ubuntu, Slackware, Gentoo, Redhat, etc? Are they also just as bad as the submarine patent trolls you refer to?

about two weeks ago

Apple Edits iPhone 6's Protruding Camera Out of Official Photos

unrtst Re:Parallax. (425 comments)

And with the obvious FOV on those images, it's obvious you couldn't get close enough to hide it without pretty much having the edge directly against the camera lens. You'd have better luck trying fro further away to minimize its detail.

Wrong. It's very easy to hide it. I just did so with my Samsung Galaxy S4, whose camera protrudes about the same amount, but does so in the middle of the phone. And I did that with a crappy point and shoot... just get up close and position it correctly. If you're looking with your eyes, you will have to close one, and you'll have to be able to focus on things very close (I can't focus on stuff that close to my face, but my camera can).

FWIW, I'm not claiming they didn't simply photoshop the images, but it's certainly possible to take side pics that don't show the 1mm protrusion on the opposite side of the phone.

about two weeks ago

Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?

unrtst Re:Ya, but... (392 comments)

*I* just want to code -- let others with liberal arts degrees be management.

Ugh, and that's the resulting problem. People who can't hack it with the actual labor but seem to try hard get promoted to management where they fulfill The Gervais Principle [].

This isn't just an IT problem. This happens in various ways in most companies after they reach a certain size. My dad was an equiptment operator (backhoe, grounds keeper, etc) for the state, and his bosses were nearly retarded, but no one that actually knew how to do the job wanted that middle management spot. I've heard the same story from almost everyone I know, except those that /are/ the middle management. There are exceptions to the rule, but those folks usually lead very stressful lives, struggle a lot, and put in way too many hours.

about two weeks ago

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

unrtst Re:Is this technically impossible - no. (191 comments)

Assuming the messages are encrypted on Apples servers at all, they would likely be encrypted with a random key, and a copy of that key would then get encrypted with your password, and another copy encrypted with something support can use (ie. apple owned), so that changing your primary password does not change the underlying key, but just changes the encryption on the copy. There may be multiple layers in there, and public key/private key stuff, etc, but that's one simple description of how, for example, you can send an S/MIME encrypted email to multiple recipients (primary message is encrypted once; its key is encrypted by the public key of each recipient and attached to the email; their private key can decrypt the key and read the message).

That said, my gut doubts there's much encryption going on. This quote:

such messages and calls are not held in an "identifiable form."

... I've heard similar from many C-line (ceo/cto/etc) calls and RFC's (ex. discussing PCI-DSS or SSN security). It generally means there's just an extra hop between foreign keys. I mean, it's obvious that the messages are identifiable from some perspective (your phone), so the breadcrumbs are there somewhere. Things that get downloaded or are real time (SMS and calls)... maybe they remove the lookup and leave the original data? There's still some ID on them.

about two weeks ago

Top EU Court: Libraries Can Digitize Books Without Publishers' Permission

unrtst Re:Fair Use (102 comments)

I agree that sharing a copy of a book in a library is fair use. But simultaneous sharing among multiple readers is not fair use. A library can stock multiple copies of a popular book and share them among thousands of users. But one reader per copy at a time. Otherwise your 'good trade off for society as a whole' becomes out and out appropriation. I agree that libraries would be great places if every book you wanted were always 'in the stacks', but you're not talking about a small loss of revenue any more.

We're all damned lucky that the concept of libraries was established WAY before copyright (~1200BCE). I highly doubt the idea would be tolerated with so many people viewing copyright as something so sacred as you make it out to be. What does fair use have to do with this anyway? This is a pretty nice read:

I believe libraries should be able to carry any and all digital copies of books and provide them in unlimited fashion to those at the library. I do not believe that would affect revenue in any noticable way. I'm quite confident an opinion poll asking how many people would go to the library and read books on a physical work station screen if all digital books were there... that would turn out to show very little additional participation relative to book sales volumes, but a not insignificant increase to library visits (they're already pretty low).

Directly relating paper books one-to-one with a digital copy is silly - it's simply not the same thing. At the same time, I'm drawing a very arbitrary line in saying people should have to go to the library. Perhaps they should be allowed to let people take home digital copies using the one-to-one physical copy restriction or a separate digital copy license? I'm not sure where the line should be past the library, but I don't see any reason to restrict it within the library.

about three weeks ago

Egypt's Oldest Pyramid Is Being Destroyed By Its Own Restoration Team

unrtst Re:The biggest risk to the pyramids is Islam (246 comments)

Everybody knows what the Pyramids are. The fact that you had to explain who Jonah was tells me the Pyramids are somewhat more iconic.

Jonah's tomb refers to a specific tomb. "Pyramids" accounts for all pyramids, which people obviously know what they are in general. However, if one were to refer to the Pyramid of Khafre (aka Chephren), they're *probably* have to explain which one that was (it's the 2nd largest of the Pyramids of Giza near the Sphinx).

That said, I agree that it's probably not as iconic. I don't know about others out there, but I had never heard of the tomb of Jonah (plus it's unlikely that it was his final resting place). Searching for "Tomb of Jonah" or "Nebi Yunus" returns stuff that looks no where near as iconic as the great pyramids (IMO at least).

about a month ago

Banks Report Credit Card Breach At Home Depot

unrtst Re:Instead of naming stores (132 comments)

In the slashdot summary, how about naming the actual vendors?

about a month ago

Tox, a Skype Replacement Built On 'Privacy First'

unrtst Re: Back door (174 comments)

Wish I had mod points for ya (or that you had logged in)

about a month ago

Researchers Say Neanderthals Created Cave Art

unrtst Re:Lesson (91 comments)

Agreed. I have no idea why they think this is even art, and the article shows no justification for it.
It's some gouges carved into rock on a shelf-ish thing (just a flat area where some tools were found). They say it would have taken at least 54 strokes with their tools to create one line, and there's only a handful of lines, and they say this was not where they cut animal hides. From that, they say it must have been art.
I'm not archaeologist, but my first guess would be that someone was bored, and I think that's a MUCH more likely explanation, but there's no way I'd assume I know what the motivation was 30,000 years ago (and "art" is all about motivation).

about a month ago

How Red Hat Can Recapture Developer Interest

unrtst Re:Mission Critical ... Red Hat... LOL.. (232 comments)

Another thing to consider is debugging. As a developer, you want to debug on a system that's as close as possible to the machine where the bug occurred. Obviously it's easier to be sure that your environment is the same as your server's (and that you're seeing the same problem the server saw) if the two run the same distro.

Two words: virtual machine

Even if you were to run the same OS and version on your primary desktop as your server has, you're still VERY likely to end up installing stuff that the server does not have (ex. maybe you want to use eclipse and the latest JDK for it, or you need a newer version of python for some VCS tool you use). In any case, you are better off running the code on a vm that is very similar to production.

about a month ago



unrtst has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?