The March rollup comes with several issues that make it a bit of a risk in itself to deploy (https://support.microsoft.com/en-au/help/4088875/windows-7-update-kb4088875). Of note:
A new Ethernet virtual Network Interface Card (vNIC) that has default settings may replace the previously existing vNIC, causing network issues after you apply this update. Any custom settings on the previous vNIC persist in the registry but are unused.
Static IP address settings are lost after you apply this update.
In both instances the advisory states that "Microsoft is working on a resolution and will provide an update in an upcoming release."
I ditched my Samsung phone because of the horrible software they jammed into Android - bloatware of the first order that ruined it compared to Google's phones.
If their Linux implementations have the same stuff stuck in and are dependant on Samsung support for ongoing updates then count me out.
When I was a kid there were always bees and dragonflies around. Now the only bees you see are the introduced ones (I live in Tasmania - someone solved the pollination problem way illegally importing them and releasing them).
I miss the dragonflies though - as far as your average bug goes they were always the most exciting thing on the wing.
We still seem to have wasps though - they seem to be thriving:-(
From reading the article (yes - I know - and no I'm not new here) it's nasty piece of telephony hardware and more like a router than anything else. I know it's a current meme to thrash IoT as a platform but this is not a case of a programmer taking shortcuts on a feature constrained device, but rather a programmer or designer who is just dumb. This has been a problem long before the IoT ever came around.
The idea behind these devices is that they are a cheaper version of the Raspberry Pi, however they are never available at the listed price. You can get the Zero's - as part of a bundle with a range of marked up peripherals you probably already have, so it's likely to be just another PR stunt.
If you are after a small, embeddable Linux+ARM device I'd recommend you forget the Raspberry Pi and get an Orange Pi Zero. They exist, you can buy them of AliExpress, and they work just fine.
Is the next step the certification of cloud providers by Canonical?
They may be somewhat shy of naming vendors who are bastardising their product and compromising the security, updatability and maintainability of their pre-packaged images, but maybe another approach is for Canonical (and other Linux vendors) to come up with a certification model? That way if you play nice you get to use the logo, and if you lie you can be sued.
That way customers can quickly tell which vendors are more reputable than others.
The business model has been around for years and would help sort out the better vendors from the worse.
If they need the microphone to be on at all times, why do they provide a 'sham' feature that gives their users the impression that the microphone can be turned off ?
If the requirement to be listening permanently is reasonable, then surely their users would understand and accept this as part of using their application?
I don't see how sending explosive devices in the post is lawful. The fact that the manufacturer believes there is a risk of fire is a clear indicator that these are dangerous items.
Worst of all, if one does catch fire in transit, the sender (not Samsung) will be liable for the consequences.
It's really disappointing to see a company like Samsung handle this so badly
The only sensible option is to return it to the point of sale for a refund. Failing that, people should be contacting Samsung so that they (and not the customer) are responsible for the safe packaging and transport of these devices.
On one hand they are fulfilling their duty of care by disclosing this information to the public so they can make an informed decision; and
On the other hand they are protecting their shareholders by suggesting that the devices are safe and people can continue to use them.
It's a sad thing when the profit motive is put ahead of patient safety, however I suspect we will see a lot more of this as the 'Internet of Things' and 'eHealth' agendas collide on the desk of medical professionals who think they are experts but in fact are not.
Welcome to the impending risk of death by technology.
Has anyone seen any lists of the devices that are being compromised?
It would be really handy to know what devices are actually at risk, so that people can tell if they need to take action. It sounds like whatever these devices are, they have somehow been exposed to the Internet (didn't we all disable UPNP years ago).
Maybe all the ISP's should grab a copy of the code and use it for scanning for vulnerable client devices and tell their customers to disconnect them before the ISP does it for them.
It's fair for people to come out and state that installing Linux on these devices is not a common use case, however what people often forget is that there are a number of tools that people use to diagnose PC faults or otherwise maintain their computer that are built on Linux boot media.
For example, Kaspersky make a handy rescue disk that you can burn to CD or install on a USB drive for performing offline scans of computers. If these Lenovo computers have crippled access to their SSD drives (intentionally or otherwise) then these tools won't be able to see the SSD and disinfect the computer.
You also have tools like GPARTED for repartitioning disks, DBAN for erasing disks prior to disposal, and I suspect there are a range of other useful rescue and recovery tools that rely on Linux as well.
By not allowing people to use these tools, it's likely that problems that could otherwise be fixed will only be repairable by doing full system erases and rebuilds, or returning the laptop to Lenovo for repair.
The fact that these computers don't run Linux on a 24x7 basis isn't the issue - its that when you need to boot them of Linux (installer, libe install, or revovery tools) the ability is not there.
I doubt it's a deliberate decision by Lenovo - however it does indicate that whatever design and manufacturing criteria they have for their products is not particularly well thought out, and doesn't speak well for the quality and utility of their other products.
I learned C from the K&R book at home - and loved every bit of it.
Since I started working in IT I've learned whatever language I have needed.
Programming requires a level of aptitude, combined with interest and self motivation. Maybe when Teachers work out how to solve that problem they can move on to teaching computer programming.
I believe however that the increased interest in education (read the greed of educators to chase the latest trends to pull in the cash) will most likely demotivate students best left to themselves rather than bring out the best in them.
I saw an episode of Mystery Diner where the guy in charge mentioned that he used a Stingray to intercept SMS messages between two staff who were suspected of stealing from their employer.
They showed the messages as captured - so either this was faked or private citizens can purchase and use Stingray's for spying on people.
And you are worried about Law Enforcement using them ?
For those of you who did not bother to read the article:
"The flight from Geneva, Switzerland to Heathrow, Europe's busiest hub, is believed to have struck a drone, the London Metropolitan Police said in a statement. The plane landed safely following the incident, which occurred around 12:50 p.m. local time."
"British Airways said its engineers inspected the Airbus Group SE A320 airliner, found no damage, and cleared the plane to continue operating."
So, again we have people getting worked up over drones with no more evidence than we have on the existence of the Loch Ness Monster. Maybe we should get worked up about the dangers of Bird strike and stop people from keeping or flying birds near airports.
Look at the NodeMCU boards - basically an ESP8266 with the I/o broken out, and all the bits and pieces you need to program one up.
They have more than one I/O (you might be thinking of the real cheap version of the ESP8266 that is billed as a serial Wi-Fi adapter). You can pickup a NodeMCU board for under $10, and if you are really smart buy a copy of Neil Kolban's eBook on the ESP8266 - includes helpful hints on getting it up and running with the Arduino IDE.
Much cheaper than getting a Pi Zero and the bits you need (as if you can actually buy a Pi Zero anyway)
Ahmed took an old clock, repackaged it in a different enclosure, got it working and took it to school to show off
Sorry - but the worst label you could put on him is a designer - and having seen the Apple 1 I think he did a better job than Jobs and 'Woz when they were much older so get a grip.
If I cam across someone of his age doing what he did - i'd stop and happily give him some time and encouragement. There's every possibility that he could turn out something fantastic in his future - as long as the US education system does not beat his desire to tinker out of him. You really have to question the intellect and ability of the teachers who escalated this, and the police who thought handcuffs were justified.
Or has the USA reached such a low point that a balloon with the word 'bomb' written on it would spook everyone?
America - the rest of the world is ROTFLMAO over this
There is still a problem with medical devices running Windows XP Embedded.
What's needed is an industry standard on how to partition and isolate these devices, while allowing appropriate inter-system communications to occur. Then at least there is something that people can hold vendors to and drive the level of technical maturity in the right direction. The sad thing is that these companies are locked in the 1990's mindset, and unless there us a blowtorch applied to their feet they will keep on selling equipment to their customers that is technically obsolete.
The key piece of advice is If manufacturers chose to use OTS software in their devices and vulnerabilities in OTS software can affect the safety and effectiveness of their networked devices, they have to act to keep their devices safe and effective.
Locking their devices away behind firewalls is great, but you should also provide copies of the above documentation to the vendor and ask them how they act to "keep their devices safe and effective". Make sure your legal staff are involved in asking the question, and see how quickly their advice changes.
Oh - and if you want bonus points in this - make sure that your purchasing people are across this issue and the question is asked during all procurement exercises, and that the contracts and specifications stipulate that the vendors are accountable for doing so.
The British nuclear program tested weapons at the Montebello Islands off the north-west coast of Western Australia , and at Maralinga in South Australia. They also worked on ICBM development at the Woomera Test Range near the test zone.
Slashdot Mirror
Static IP address settings are lost after you apply this update.
In both instances the advisory states that "Microsoft is working on a resolution and will provide an update in an upcoming release."
Fantastic dream however :-)
If their Linux implementations have the same stuff stuck in and are dependant on Samsung support for ongoing updates then count me out.
I have been shopping around for one of these - now it's just not going to happen. Talk about exploiting your customers :-(
When I was a kid there were always bees and dragonflies around. Now the only bees you see are the introduced ones (I live in Tasmania - someone solved the pollination problem way illegally importing them and releasing them). I miss the dragonflies though - as far as your average bug goes they were always the most exciting thing on the wing. We still seem to have wasps though - they seem to be thriving :-(
All you need to do is buy an Android Phone, an iPhone case, and glue them together. Kickstarter is getting really weird tehse days :-(
From reading the article (yes - I know - and no I'm not new here) it's nasty piece of telephony hardware and more like a router than anything else. I know it's a current meme to thrash IoT as a platform but this is not a case of a programmer taking shortcuts on a feature constrained device, but rather a programmer or designer who is just dumb. This has been a problem long before the IoT ever came around.
If you are after a small, embeddable Linux+ARM device I'd recommend you forget the Raspberry Pi and get an Orange Pi Zero. They exist, you can buy them of AliExpress, and they work just fine.
They may be somewhat shy of naming vendors who are bastardising their product and compromising the security, updatability and maintainability of their pre-packaged images, but maybe another approach is for Canonical (and other Linux vendors) to come up with a certification model? That way if you play nice you get to use the logo, and if you lie you can be sued.
That way customers can quickly tell which vendors are more reputable than others.
The business model has been around for years and would help sort out the better vendors from the worse.
If the requirement to be listening permanently is reasonable, then surely their users would understand and accept this as part of using their application?
Worst of all, if one does catch fire in transit, the sender (not Samsung) will be liable for the consequences.
It's really disappointing to see a company like Samsung handle this so badly
The only sensible option is to return it to the point of sale for a refund. Failing that, people should be contacting Samsung so that they (and not the customer) are responsible for the safe packaging and transport of these devices.
On one hand they are fulfilling their duty of care by disclosing this information to the public so they can make an informed decision; and
On the other hand they are protecting their shareholders by suggesting that the devices are safe and people can continue to use them.
It's a sad thing when the profit motive is put ahead of patient safety, however I suspect we will see a lot more of this as the 'Internet of Things' and 'eHealth' agendas collide on the desk of medical professionals who think they are experts but in fact are not.
Welcome to the impending risk of death by technology.
It would be really handy to know what devices are actually at risk, so that people can tell if they need to take action. It sounds like whatever these devices are, they have somehow been exposed to the Internet (didn't we all disable UPNP years ago).
Maybe all the ISP's should grab a copy of the code and use it for scanning for vulnerable client devices and tell their customers to disconnect them before the ISP does it for them.
For example, Kaspersky make a handy rescue disk that you can burn to CD or install on a USB drive for performing offline scans of computers. If these Lenovo computers have crippled access to their SSD drives (intentionally or otherwise) then these tools won't be able to see the SSD and disinfect the computer.
You also have tools like GPARTED for repartitioning disks, DBAN for erasing disks prior to disposal, and I suspect there are a range of other useful rescue and recovery tools that rely on Linux as well.
By not allowing people to use these tools, it's likely that problems that could otherwise be fixed will only be repairable by doing full system erases and rebuilds, or returning the laptop to Lenovo for repair.
The fact that these computers don't run Linux on a 24x7 basis isn't the issue - its that when you need to boot them of Linux (installer, libe install, or revovery tools) the ability is not there.
I doubt it's a deliberate decision by Lenovo - however it does indicate that whatever design and manufacturing criteria they have for their products is not particularly well thought out, and doesn't speak well for the quality and utility of their other products.
I learned to hate Pascal at university
I learned C from the K&R book at home - and loved every bit of it.
Since I started working in IT I've learned whatever language I have needed.
Programming requires a level of aptitude, combined with interest and self motivation. Maybe when Teachers work out how to solve that problem they can move on to teaching computer programming.
I believe however that the increased interest in education (read the greed of educators to chase the latest trends to pull in the cash) will most likely demotivate students best left to themselves rather than bring out the best in them.
They showed the messages as captured - so either this was faked or private citizens can purchase and use Stingray's for spying on people.
And you are worried about Law Enforcement using them ?
"The flight from Geneva, Switzerland to Heathrow, Europe's busiest hub, is believed to have struck a drone, the London Metropolitan Police said in a statement. The plane landed safely following the incident, which occurred around 12:50 p.m. local time."
"British Airways said its engineers inspected the Airbus Group SE A320 airliner, found no damage, and cleared the plane to continue operating."
So, again we have people getting worked up over drones with no more evidence than we have on the existence of the Loch Ness Monster. Maybe we should get worked up about the dangers of Bird strike and stop people from keeping or flying birds near airports.
Avatar was only slightly better than Waterworld (but probably still in the same league as Ishtar)
Add that to one of the movies to watch after I'm dead
They have more than one I/O (you might be thinking of the real cheap version of the ESP8266 that is billed as a serial Wi-Fi adapter). You can pickup a NodeMCU board for under $10, and if you are really smart buy a copy of Neil Kolban's eBook on the ESP8266 - includes helpful hints on getting it up and running with the Arduino IDE.
Much cheaper than getting a Pi Zero and the bits you need (as if you can actually buy a Pi Zero anyway)
"Note that it is unconfirmed if this backdoor account is reachable on a production device by an otherwise unauthenticated attacker"
Has anyone seen independent evidence that you can SSH into one of these devices with the password "remote_debug_please" ?
Sorry - but the worst label you could put on him is a designer - and having seen the Apple 1 I think he did a better job than Jobs and 'Woz when they were much older so get a grip.
If I cam across someone of his age doing what he did - i'd stop and happily give him some time and encouragement. There's every possibility that he could turn out something fantastic in his future - as long as the US education system does not beat his desire to tinker out of him. You really have to question the intellect and ability of the teachers who escalated this, and the police who thought handcuffs were justified.
Or has the USA reached such a low point that a balloon with the word 'bomb' written on it would spook everyone?
America - the rest of the world is ROTFLMAO over this
What's needed is an industry standard on how to partition and isolate these devices, while allowing appropriate inter-system communications to occur. Then at least there is something that people can hold vendors to and drive the level of technical maturity in the right direction. The sad thing is that these companies are locked in the 1990's mindset, and unless there us a blowtorch applied to their feet they will keep on selling equipment to their customers that is technically obsolete.
The main reason they put it out is that it helps reduce their costs.
If you read the FDA advice at http://www.fda.gov/RegulatoryI... and at http://www.fda.gov/MedicalDevi...
The key piece of advice is If manufacturers chose to use OTS software in their devices and vulnerabilities in OTS software can affect the safety and effectiveness of their networked devices, they have to act to keep their devices safe and effective.
Locking their devices away behind firewalls is great, but you should also provide copies of the above documentation to the vendor and ask them how they act to "keep their devices safe and effective". Make sure your legal staff are involved in asking the question, and see how quickly their advice changes.
Oh - and if you want bonus points in this - make sure that your purchasing people are across this issue and the question is asked during all procurement exercises, and that the contracts and specifications stipulate that the vendors are accountable for doing so.
The British nuclear program tested weapons at the Montebello Islands off the north-west coast of Western Australia , and at Maralinga in South Australia. They also worked on ICBM development at the Woomera Test Range near the test zone.
Sorry - it's the obvious answer :-)