How does the bad guy get the trojan on your system, if not from the repo, you ask? He gets access when someone else who is infected logs into your machine - your sysadmin, your hosting company, a vendor, etc.
Dude, this does not make any sense at all! If person X logs into my machine (which is not infected) and that X is infected with the trojanized daemon. Then the attacker will not be able to find out the X's account password in my machine because the connection was made to my uninfected daemon and not to X's infected daemon. Get it?
Everyone replying here seems to be obsessed in comparing binary vs source and totally miss the point. The point is that Gentoo users do not have the habit of installing binary packages at all, for that reason this trojanized sshd BINARY does not concern us. Wooooooosh!
Unless you're auditing said sources, you're no better off than installing binaries.
You know that Gentoo checks the SHA256 SHA512 and WHIRLPOOL digests of the downloaded sources before compiling right? You also know that the digests stored in Gentoo's repository are signed using a PGP key of the package maintainer, right?
So can you please explain me again why I need to audit such sources? Sure sources can be compromised at upstream's servers and Gentoo maintainers can also make mistakes but this is not what TFA is about.
I'm leaving the Linux world and Intel for a bit for family reasons. I'm aware that "family reasons" is usually management speak for "I think the boss is an asshole" but I'd like to assure everyone that while I frequently think Linus is an asshole (and therefore very good as kernel dictator) I am departing quite genuinely for family reasons
was the family reasons left out from TFA on purpose or what?
--Consort sounds like yet another environment based on GNOME 3/GTK+3, but being based on the deprecated "fallback mode" it will bring a GNOME 2-like experience without the need for 3D hardware acceleration.
Unlike mate, consort will just fork the window manager and panel from Gnome 3's fallback mode and make it behave as metacity and panel from Gnome 2. So as far as it goes (if they do it right), consort will be the Gnome 3 environment with just a different window manager and panel. I'm saying "if they do it right" because, IMHO their fork will only be successful if they make the panel to integrate nicely with the Gnome 3 environment (like using the gnome-online-accounts and evolution-data-server to display your appointments in the panel calendar).
I think consort is necessary, at least I'd use it if done right. I have Gnome 3 installed and I'm using gnome-shell which I actually like; what I don't really like is the UI response time, it really lags a lot! And no, my graphics card is not that bad, it is a mobile Geforce 8400 which runs HL2 just fine. What pisses me off is not the fact that upstream decided to completely change Gnome 3's UI, it is the fact that they decided to make it depend on hardware which is not very well supported on Linux yet. Couldn't they have at least waited until nouveau+mesa supports fast compositing operations? - And no, the official nvidia driver is even worse! So yeah, basically they left everyone in the dark except the people with Intel GPUs..
They definitely strengthen your arms and wrists. At first I couldn't do one for more than a minute. Then eventually I could do one for 8 hours straight on a road trip from Pittsburgh to Virginia Beach to meet my girlfriend back in the day.
The NSD powerball is really effective, I own one and now my hand vibrates faster than my girlfriend's dildo.:P
Joke aside, I do notice a small strengthening of the smaller muscles in my arm. The ball is well worth its price.
Hey, don't get me wrong, the phone just works (TM).
Particles of dust inside the LCD and opening it up periodically is an experience most people do not want to endure
I said I opened it a couple of times... which means.. around two times, not often as you make it sound. The first time was just to inspect the SoC, the second to remove the dust.
and fragile connections
Did you ever seen an LCD flex cable? Yes it is fragile, not just this particular one - specially if you try to pull it using a string (bad idea). So yeah, I broke it and it was my fault. I just wrote the little incident to make people laugh, not to make the phone look bad.
alongside an outdated OS
Yes, the OS is outdated. But do you care explaining me what functionality do latest Android provides that I don't have in gingerbread? I never felt I was missing anything compared to my friends owning higher end models - just a different UI. Gingerbread is actually very stable and fast (I just remember it freezing the UI one time), it allows me to use all Google services. I'm also playing Ingress like some of my friends and I have angry birds installed. The only thing I could not do so far was.. install Chrome, but why would I want Chrome in my phone when the default webkit browser works just fine? (oh and btw, I cannot install it because chrome is compiled for a slightly different instruction set - so, not a gingerbread problem anyway).
You got what you paid for, which is fine for you but not many others who want a phone that 'just works.'
Well, my phone 'just works'. If one day it stops doing it, I can buy it again a couple more times before meeting the price of a higher end model.
I own a ZTE v875, which I got for around 80 euros as a carrier exclusive (TMN Smart A7). The phone is really really good for the value, in fact, I would get it again if something happens to it. It has everything what you would expect from a good Android phone. The GPS is even better, I often get more precision from the location services than my friends with higher end phones. The qwerty keyboard is awesome and the main reason why I bought this phone. There is a minor problem though, you need to use a plastic plug in the headphones jack, otherwise sand and dust comes in and stays between the touchscreen and the LCD - annoying. Other than that, the phone is very serviceable, I already opened it a couple of times to clean the sand / dust. In fact, I even managed to accidentally cut 5 of the LCD flex cable vias while trying to unplug it. Fortunately I have steady hands and a good soldering iron:) Other than that, I'm stuck with gingerbread. The internal storage is quite small, however I have root access which allows me to move apps around to circumvent the small internal (permanent) memory. The battery autonomy is ok, with 3G on at all times I always have more than 1 day of battery.... if I dont abuse google maps.
64bit binaries are also larger, meaning that for the same hardware configuration the CPU can cache more 32bit code than 64bit. 64bit binaries also take more RAM, increasing swap times. This is why I'm running a 64bit kernel with most of the userspace being 32bit, the exception are numerical computation tools (numpy and friends) which live in a 64bit chroot. This is my personal laptop, office computers are fully 64bit.
If you want "the best of both worlds", you have the new x32 ABI which gives you 32bit pointers and the extended 64bit CPU register set: http://en.wikipedia.org/wiki/X32_ABI Gentoo is already publishing release candidate stage tarballs for x32, official support should be coming pretty soon..
PS: Parent is also me, I forgot to login.. sorry about that.
Bought one Antec Earthwatts long time ago. The PSU was not much more expensive than the others (good brands) so the savings are obvious. Still, the PSU is very quiet which is the main reason why I bought it.
From the Groklaw article, the documentation for active directory was sold to the Samba project. The Samba project then went about using the documentation as a reference. Microsoft did not want to sell this documentation to the Samba project and were required to do so under court order. So no. They weren't all that willing to help out.
And if Microsoft starts playing "undocumented features" games again to break compatibility, they will find themselves in court again.
ignore mystikkman he is a shill. if you read his latest comments you see he left more then 8 comments just on this story. why would someone care so much about a stupid/. story?
LOL. My comment was modded down thought, a bit harsh..
I come to/. to read about Linux, opensource and related news. I actually enjoy these pseudo-news about Microsoft because they gather funny comments which I also enjoy reading (and participating), sometimes there are very relevant comments in between.
I don't go to a Microsoft-centric website (name one, don't know any) expecting to read good news about Linux or opensource; much less leaving a comment there complaining about that. If you don't like some of the news, I suggest you don't read them - simple as that.
Precisely! Since we are telling stories I would also like to share mine..
My current Gentoo installation was performed around 2004. At the time, I lost around a week with trial-error learning my way how to install the damn thing. Well..it has been 8 years, I changed laptop meanwhile and with successive updates, the same installation persists.. When I first installed it, Gentoo was one of the few Linux distributions supporting the new amd64 architecture. My laptop was an Athlon64 beast that would take all the space of my backpack. Around half the way, I bought a Turion64 X2 laptop; because the system was binary compatible between these two CPUs, I copied the whole system into the new laptop. I changed the compilation flags to use a few extensions that new CPU supported and let the system update (the newly compiled stuff will benefit from the flags) over time.. I did however, perform a fresh Gentoo installation very recently because I decided to turn into x86 (the binaries are smaller, takes less RAM).
Currently, the laptop is certainly old by today's standards but my system has been fast and stable as it has always been, I don't see any reason to upgrade.
Also, IIRC, with Windows it only interrupts the process (cleanly) if you do a reboot as its downloading / applying updates.
Not sure how I can be doing it wrong. I only boot Windows to play a few games, but when I do I instantaneously stop feeling like playing games due to the endless waiting due to the updates. Didn't know I could interrupt the updates, the updating screen seemed pretty clear to NOT shutdown/reboot the computer. Though I would I want to reboot? Wouldn't that postpone the update process into the upcoming boot?
As I remember, doing so on Linux tends to mess things up. (dont you have to run dpkg-clean or some such after interrupting the apt process?)
No idea, I don't use Debian. But if you are updating from the terminal, you can always ctrl+Z and pause the process... In Gentoo though, things are installed into a alternate disk image which is merged in one shot into the real system if the installation succeeded.
but cant bother to have Linux for my desktop. Time is money.
Are you kidding? Tell that to my windows 7 installation that spends more than 20 minutes in endless updates and reboots, every single time I turn it on.
Not only that but if you think on it, Valve can actually create a dedicated gaming platform using Linux (with dedicated hardware or not). Steam on Linux might just be the entry point for it.
When I'm driving through the rockies, sometimes I just cannot get a phone/data signal, so having maps available offline is very valuable
Totally agree! By the way, the maps application for Android also supports offline maps, I installed it as a plugin but I believe now it has been made the default?
Well.. does it really matter? If the energy comes from a renewable energy source, IMHO the whole point here is that you can use fuel produced from air (including CO2) instead of fuel from sources which take millions of years to produce it. Granted that, as other slashdotters pointed out, if you burn the fuel you will release the CO2 again. But then again, if you actually wanted to pump the CO2 out from the atmosphere, you would use a device which absorbs and stores the CO2 underground. Such devices already exist and are called.. trees.
Slashdot Mirror
How does the bad guy get the trojan on your system, if not from the repo, you ask? He gets access when someone else who is infected logs into your machine - your sysadmin, your hosting company, a vendor, etc.
Dude, this does not make any sense at all!
If person X logs into my machine (which is not infected) and that X is infected with the trojanized daemon. Then the attacker will not be able to find out the X's account password in my machine because the connection was made to my uninfected daemon and not to X's infected daemon. Get it?
Everyone replying here seems to be obsessed in comparing binary vs source and totally miss the point. The point is that
Gentoo users do not have the habit of installing binary packages at all, for that reason this trojanized sshd BINARY does not concern us.
Wooooooosh!
Unless you're auditing said sources, you're no better off than installing binaries.
You know that Gentoo checks the SHA256 SHA512 and WHIRLPOOL digests of the downloaded sources before compiling right? You also know that the digests stored in Gentoo's repository are signed using a PGP key of the package maintainer, right?
So can you please explain me again why I need to audit such sources? Sure sources can be compromised at upstream's servers and Gentoo maintainers can also make mistakes but this is not what TFA is about.
I only install from sources you insensitive clod!
yes it is, it is written all over his g+ post:
I'm leaving the Linux world and Intel for a bit for family reasons. I'm aware that "family reasons" is usually management speak for "I think the boss is an asshole" but I'd like to assure everyone that while I frequently think Linus is an asshole (and therefore very good as kernel dictator) I am departing quite genuinely for family reasons
was the family reasons left out from TFA on purpose or what?
Just a nitpick,
--Consort sounds like yet another environment based on GNOME 3/GTK+3, but being based on the deprecated "fallback mode" it will bring a GNOME 2-like experience without the need for 3D hardware acceleration.
Unlike mate, consort will just fork the window manager and panel from Gnome 3's fallback mode and make it behave as metacity and panel from Gnome 2. So as far as it goes (if they do it right), consort will be the Gnome 3 environment with just a different window manager and panel. I'm saying "if they do it right" because, IMHO their fork will only be successful if they make the panel to integrate nicely with the Gnome 3 environment (like using the gnome-online-accounts and evolution-data-server to display your appointments in the panel calendar).
I think consort is necessary, at least I'd use it if done right. I have Gnome 3 installed and I'm using gnome-shell which I actually like; what I don't really like is the UI response time, it really lags a lot! And no, my graphics card is not that bad, it is a mobile Geforce 8400 which runs HL2 just fine. What pisses me off is not the fact that upstream decided to completely change Gnome 3's UI, it is the fact that they decided to make it depend on hardware which is not very well supported on Linux yet. Couldn't they have at least waited until nouveau+mesa supports fast compositing operations? - And no, the official nvidia driver is even worse!
So yeah, basically they left everyone in the dark except the people with Intel GPUs..
They definitely strengthen your arms and wrists. At first I couldn't do one for more than a minute. Then eventually I could do one for 8 hours straight on a road trip from Pittsburgh to Virginia Beach to meet my girlfriend back in the day.
The NSD powerball is really effective, I own one and now my hand vibrates faster than my girlfriend's dildo. :P
Joke aside, I do notice a small strengthening of the smaller muscles in my arm. The ball is well worth its price.
That one uses a right angle, while this one uses a pointed angle. That's wholly different!
pointy is definitely better: http://www.youtube.com/watch?v=RtahqXjFcxU
I completely failed to mention I own the referred phone for more than 1 year!
Hey, don't get me wrong, the phone just works (TM).
Particles of dust inside the LCD and opening it up periodically is an experience most people do not want to endure
I said I opened it a couple of times... which means.. around two times, not often as you make it sound. The first time was just to inspect the SoC, the second to remove the dust.
and fragile connections
Did you ever seen an LCD flex cable? Yes it is fragile, not just this particular one - specially if you try to pull it using a string (bad idea). So yeah, I broke it and it was my fault. I just wrote the little incident to make people laugh, not to make the phone look bad.
alongside an outdated OS
Yes, the OS is outdated. But do you care explaining me what functionality do latest Android provides that I don't have in gingerbread? I never felt I was missing anything compared to my friends owning higher end models - just a different UI. Gingerbread is actually very stable and fast (I just remember it freezing the UI one time), it allows me to use all Google services. I'm also playing Ingress like some of my friends and I have angry birds installed. The only thing I could not do so far was .. install Chrome, but why would I want Chrome in my phone when the default webkit browser works just fine? (oh and btw, I cannot install it because chrome is compiled for a slightly different instruction set - so, not a gingerbread problem anyway).
You got what you paid for, which is fine for you but not many others who want a phone that 'just works.'
Well, my phone 'just works'. If one day it stops doing it, I can buy it again a couple more times before meeting the price of a higher end model.
I own a ZTE v875, which I got for around 80 euros as a carrier exclusive (TMN Smart A7). The phone is really really good for the value, in fact, I would get it again if something happens to it. It has everything what you would expect from a good Android phone. The GPS is even better, I often get more precision from the location services than my friends with higher end phones. The qwerty keyboard is awesome and the main reason why I bought this phone. There is a minor problem though, you need to use a plastic plug in the headphones jack, otherwise sand and dust comes in and stays between the touchscreen and the LCD - annoying. Other than that, the phone is very serviceable, I already opened it a couple of times to clean the sand / dust. In fact, I even managed to accidentally cut 5 of the LCD flex cable vias while trying to unplug it. Fortunately I have steady hands and a good soldering iron :)
Other than that, I'm stuck with gingerbread. The internal storage is quite small, however I have root access which allows me to move apps around to circumvent the small internal (permanent) memory. The battery autonomy is ok, with 3G on at all times I always have more than 1 day of battery.... if I dont abuse google maps.
64bit binaries are also larger, meaning that for the same hardware configuration the CPU can cache more 32bit code than 64bit. 64bit binaries also take more RAM, increasing swap times.
This is why I'm running a 64bit kernel with most of the userspace being 32bit, the exception are numerical computation tools (numpy and friends) which live in a 64bit chroot. This is my personal laptop, office computers are fully 64bit.
If you want "the best of both worlds", you have the new x32 ABI which gives you 32bit pointers and the extended 64bit CPU register set:
http://en.wikipedia.org/wiki/X32_ABI
Gentoo is already publishing release candidate stage tarballs for x32, official support should be coming pretty soon..
PS: Parent is also me, I forgot to login.. sorry about that.
Bought one Antec Earthwatts long time ago. The PSU was not much more expensive than the others (good brands) so the savings are obvious. Still, the PSU is very quiet which is the main reason why I bought it.
hot chick with big boobs hard penetration from behind over sofa and happy ending
From the Groklaw article, the documentation for active directory was sold to the Samba project. The Samba project then went about using the documentation as a reference. Microsoft did not want to sell this documentation to the Samba project and were required to do so under court order. So no. They weren't all that willing to help out.
And if Microsoft starts playing "undocumented features" games again to break compatibility, they will find themselves in court again.
Please mod parent up.
ignore mystikkman he is a shill. if you read his latest comments you see he left more then 8 comments just on this story. why would someone care so much about a stupid /. story?
LOL. My comment was modded down thought, a bit harsh..
I come to /. to read about Linux, opensource and related news. I actually enjoy these pseudo-news about Microsoft because they gather funny comments which I also enjoy reading (and participating), sometimes there are very relevant comments in between.
I don't go to a Microsoft-centric website (name one, don't know any) expecting to read good news about Linux or opensource; much less leaving a comment there complaining about that. If you don't like some of the news, I suggest you don't read them - simple as that.
Precisely! Since we are telling stories I would also like to share mine..
My current Gentoo installation was performed around 2004. At the time, I lost around a week with trial-error learning my way how to install the damn thing. Well..it has been 8 years, I changed laptop meanwhile and with successive updates, the same installation persists.. When I first installed it, Gentoo was one of the few Linux distributions supporting the new amd64 architecture. My laptop was an Athlon64 beast that would take all the space of my backpack. Around half the way, I bought a Turion64 X2 laptop; because the system was binary compatible between these two CPUs, I copied the whole system into the new laptop. I changed the compilation flags to use a few extensions that new CPU supported and let the system update (the newly compiled stuff will benefit from the flags) over time.. I did however, perform a fresh Gentoo installation very recently because I decided to turn into x86 (the binaries are smaller, takes less RAM).
Currently, the laptop is certainly old by today's standards but my system has been fast and stable as it has always been, I don't see any reason to upgrade.
Endless reboots=youre doing it wrong.
Also, IIRC, with Windows it only interrupts the process (cleanly) if you do a reboot as its downloading / applying updates.
Not sure how I can be doing it wrong. I only boot Windows to play a few games, but when I do I instantaneously stop feeling like playing games due to the endless waiting due to the updates. Didn't know I could interrupt the updates, the updating screen seemed pretty clear to NOT shutdown/reboot the computer. Though I would I want to reboot? Wouldn't that postpone the update process into the upcoming boot?
As I remember, doing so on Linux tends to mess things up. (dont you have to run dpkg-clean or some such after interrupting the apt process?)
No idea, I don't use Debian. But if you are updating from the terminal, you can always ctrl+Z and pause the process...
In Gentoo though, things are installed into a alternate disk image which is merged in one shot into the real system if the installation succeeded.
but cant bother to have Linux for my desktop. Time is money.
Are you kidding? Tell that to my windows 7 installation that spends more than 20 minutes in endless updates and reboots, every single time I turn it on.
meanwhile somewhere in redmoon, a chair flies through the air.
If this is indeed true, then in my opinion it only reflects the desperate situation Microsoft is in..
I repeat what I said before in another post:
Not only that but if you think on it, Valve can actually create a dedicated gaming platform using Linux (with dedicated hardware or not). Steam on Linux might just be the entry point for it.
http://slashdot.org/comments.pl?sid=2896153&cid=40218485
I wonder why people only now started wondering about it..
When I'm driving through the rockies, sometimes I just cannot get a phone/data signal, so having maps available offline is very valuable
Totally agree! By the way, the maps application for Android also supports offline maps, I installed it as a plugin but I believe now it has been made the default?
Well.. does it really matter? If the energy comes from a renewable energy source, IMHO the whole point here is that you can use fuel produced from air (including CO2) instead of fuel from sources which take millions of years to produce it. Granted that, as other slashdotters pointed out, if you burn the fuel you will release the CO2 again. But then again, if you actually wanted to pump the CO2 out from the atmosphere, you would use a device which absorbs and stores the CO2 underground. Such devices already exist and are called .. trees.