I was recently in a situation where I needed to maintain fields in an Excel spreadsheet based on incoming PDFs. The Excel spreadsheet was via Dropbox, contained macros and the free online version of Excel could just about handle it. The dropbox app under Linux also permitted LibreOffice access, I just had to be careful updating when macros came into play. PDFs were more of a problem. Adobe no longer supports the PDF reader for Linux and several of them arrived in a form where Okular (or LibreOffice) simply could not read them. Some of them rendered badly under Okular, some others looked ok but were missing fields. In the end I had to look at the PDFs under Windows to be sure I was seeing what had been written. I looked up PDF readers for Linux a couple of years back, around the time Adobe dropped Linux support and there was no other reader back then which could read everything. This is of course Adobe's fault, they kept on adding bells and whistles to their PDF specs until it was a monster full of security holes. Adobe's fault but that does not help someone in that situation.
I run virtually everything on my Linux machine - just some tax stuff on Windows 7 - but recently came across a flaw in that approach. I have to read PDFs, sent in by a variety of people who produce them in several different ways. My PDF reader of choice - Okular - failed to read many of the PDFs correctly, something I only discovered after pushing them onto a stick and looking them using Acrobat Reader under Win 7. Yes, I'm aware that this problem was created by Adobe. They created a safe document format years ago, unicorns were frolicking in the grass and all was fine. Then they started adding features, some of which were badly thought out and downright dangerous. Open Source Acrobat Reader clones did not necessarily implement these new features, this made them safer in the security sense and people pretty much stopped using the Reader under Linux. Adobe stopped updating it. afaik (and I have looked) there is nothing available for Linux which actually reads PDFs utilising some of the bells and whistles available.
As to malice, that seems highly unlikely, as this issue would have been better hidden. In particular, the attacker would have made sure these "sensors" do not detect it.
I have to point out that the "sensors" were new, so malice is still an option. Of course there were beta versions of Windows Update 1809 before the actual update came out, a true malicious operator would have had time to attempt an update to the driver to at least hide the side-door. fwiw, I'll vote for a screwup.
Well, I was less than entirely convinced by that comment of yours which made it to the story description, in particular because Microsoft had added some security functionality which immediately flagged the problem. The other main commercial OS is Apple and they avoid this kind of problem by providing the hardware themselves. That is not an option for Microsoft. Linux is moving away from non-GPL'd modules, a decision - which like Microsoft's here - is partially mandated by security considerations.
Both Boeing and the FAA are following the same interests in principle: Allowing a safe aircraft to fly. It appears someone screwed up - that aircraft apparently ain't safe. I can think of a similar case, June 3 1998 in a place called Eschede in Germany. Some of the wheels broke up on a train travelling at around 125 mph, part of the train smashed into a bridge which brought the bridge down on the rearmost part of the train. 101 dead and 88 badly injured. It turned out that that particular version of the ICE train had composite wheels, a technique commonly used on trams. This had been tried before - an accident in 1875 had similar causes. A minor accident no dead and no injured, in Austria, 123 years earlier. The lessons had been long forgotten. It turned out that the authority which approved this new version of the ICE was essentially a department of the German Railways. That made sense because they had the expertise. They could not test this either - they did their calculations and decided it would work, but they forgot about metal fatigue. It is not as though the testing authority *wanted* people to die.
I saw an article around a year ago - and I think it was on this site - claiming that the OS Samsung use for TVs was hopelessly insecure, and that whoever had written it simply did not have a clue about security. I believe that OS was Tizen, it was certainly something Samsung wrote themselves. Assuming the article was accurate, Samsung should have had a serious go at fixing it. That costs money. What we see here is something that raises the bar a little and is actually revenue-positive. Win win from Samsung's perspective. It is still an inadequate response on its own, hell - maybe they are trying to plug the holes as well.
It is when the AC trolling inbreds start coming out in force that/. needs to start thinking about banning a/c posts on a story-by-story basis. Any story which meets certain criteria *is* going to be inundated with this kind of trolling, something which is predictable. Of course that just raises the bar a little.
Websites tend to keep statistics on the browsers being used to access them, I'm too busy to look but feel safe in assuming that this particular browser is not exactly dominating those counts.
I do remember one of the creators of C describing that particular decision - and it was a decision - to be their greatest mistake. I loathe that language, along with those which share these deficiencies.
You made that up. This is classic FUD without a shred of proof or even evidence. If you read what the politicians said when calling for Kaspersky to be locked out, it was full of weasel-words like "could" but without anything concrete.
The one case where something from the NSA is known to have landed in Russia was part of a known and documented feature - heuristic analysis of executables which can then (this is optional and can be turned off by the user) be sent back for deeper analysis. The software in question fit the criteria and the worker in question was too stupid to have turned the feature off.
That is a known variation of Chess. It has two names - and I can't be bothered to look them up - one being "Fischer Random". Guess who originally came up with the idea.
Reading the summary is overrated, it states Carlsen won the first two games, then closed out Caruana in Game 3 which implies he didn't win the third game as well. Caruana was desperately trying to keep the match alive and made a mistake which Carlsen jumped on to complete the sweep. Carlsen defended his title in the tie-breaks the last time around as well, that time he finished the last game with an amazing queen sacrifice.
Caruana's strength is his preparation of openings, Carlsen tends to try off-beat openings so he can take opponents out of "the book" and outplay them over the board. Carlsen will even accept slightly inferior variations to that end. Both approaches yielded advantages during the "normal" part of the match but neither player managed to cash in and then Carlsen just went for draws in games 11 and 12. That worked.
I looked at the original published report and only one of the three bar graphs had not been "countryfied" - the one labeled "How many 4G gigabytes €30 buys". The worst ones were: Greece Hungary Canada Malta Cyprus Norway Portugal Japan Belgium United States New Zealand Luxembourg Iceland Turkey After that volumes were already 3 x the US value. Their claim was that lack of real competition was keeping prices high and that the situation was going to deteriorate if a proposed merger came about. The data was from October 2018.
The "sharp and pointy" approach has its own problems. I use cash for low-value transactions and card for the few high-value ones. The border is somewhere over $50.
I helped a friend set up her brand new machine at a time when Windows 8.1 was current. We downloaded Firefox using Internet Explorer and the free 1-Month copy of McAfee started screaming. It was right - we had been directed to a malware-infested version of Firefox. A day or so later she installed a second virus scanner without removing McAfee and the system ended up reverting to a previous snapshot - before all of our installs - because it could not handle that any other way. Sigh.
Back when the fit hit the shan with this issue, I found a reliable resource which stated which phones were vulnerable and which were not. I have a Samsung Galaxy something-or-other and its processor turns out not to be affected. The kernel is from early 2017 and I'm not particularly happy with that but this particular problem is a non-issue for a massive number of users.
The way I remember Mega's demise is that their servers were confiscated semi-legally by the NZ authorities acting on behalf of the US authorities. Has a Mega backup found its way to the big wide world or have the authorities outed themselves as corrupt? My guess is the second option. Where did those servers (ok, their discs) end up?
If there is one U.S. State in the "Contiguous 48" which really does not need Summer/Winter time changes it is Florida, at that distance from the Equator there is not a lot of fluctuation anyway. Have a look at Spain though, Franco was an admirer of Hitler and "moved" Spain to the same timezone as the Nazi Reich - it has remained there ever since. In winter they are one hour away from where they should be, in summer it is two hours. Spaniards have compensated by doing everything an hour or so later than anyone else.
There have been a number of well documented cases where US 3-letter agencies have managed to have exploits inserted into software written by US companies. Some times the point of entry was the top of the company, some times it was done surreptitiously. It is not a reach to expect virus scanners from US companies to turn something of a blind eye to all this. The one which most affected me was RSA, they manufacture devices which display 6-digit numbers for use in passwords for VPN tunnels, the numbers change every minute. The "random seeds" used turned out not to be that random at all. RSA still exists but as a subdivision of - I think - EMC.
All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there. I actually trust Kaspersky to do the job more than I trust a lot of the competition, they have discovered some serious state-sponsored malware in the past. I don't know if Symantec still make virus scanners but when Google, Mozilla et al start initiating the process to "untrust" their certificates, I wouldn't run one of their scanners in a sandbox.
I'm hoping they don't get over-zealous. Where I am staying at the moment is a couple of metres outside the exclusion zone, I have just heard the police ordering people to leave their houses but am assuming they don't mean this particular house.
Speaking strictly for myself, its worthless if it does not stop one particular set of Ads which appear to be hosted by Google - at least I get the "Ad closed by Google" when I "X" the ad. Its the Battleships ad, ubiquitous and intensely annoying. So what does it mean if Google has the only browser which is prepared to natively block Google ads? Are there not antitrust implications there?
Slashdot Mirror
I was recently in a situation where I needed to maintain fields in an Excel spreadsheet based on incoming PDFs.
The Excel spreadsheet was via Dropbox, contained macros and the free online version of Excel could just about handle it. The dropbox app under Linux also permitted LibreOffice access, I just had to be careful updating when macros came into play.
PDFs were more of a problem. Adobe no longer supports the PDF reader for Linux and several of them arrived in a form where Okular (or LibreOffice) simply could not read them. Some of them rendered badly under Okular, some others looked ok but were missing fields. In the end I had to look at the PDFs under Windows to be sure I was seeing what had been written.
I looked up PDF readers for Linux a couple of years back, around the time Adobe dropped Linux support and there was no other reader back then which could read everything. This is of course Adobe's fault, they kept on adding bells and whistles to their PDF specs until it was a monster full of security holes. Adobe's fault but that does not help someone in that situation.
I run virtually everything on my Linux machine - just some tax stuff on Windows 7 - but recently came across a flaw in that approach. I have to read PDFs, sent in by a variety of people who produce them in several different ways. My PDF reader of choice - Okular - failed to read many of the PDFs correctly, something I only discovered after pushing them onto a stick and looking them using Acrobat Reader under Win 7.
Yes, I'm aware that this problem was created by Adobe. They created a safe document format years ago, unicorns were frolicking in the grass and all was fine. Then they started adding features, some of which were badly thought out and downright dangerous. Open Source Acrobat Reader clones did not necessarily implement these new features, this made them safer in the security sense and people pretty much stopped using the Reader under Linux. Adobe stopped updating it. afaik (and I have looked) there is nothing available for Linux which actually reads PDFs utilising some of the bells and whistles available.
As to malice, that seems highly unlikely, as this issue would have been better hidden. In particular, the attacker would have made sure these "sensors" do not detect it.
I have to point out that the "sensors" were new, so malice is still an option. Of course there were beta versions of Windows Update 1809 before the actual update came out, a true malicious operator would have had time to attempt an update to the driver to at least hide the side-door.
fwiw, I'll vote for a screwup.
Well, I was less than entirely convinced by that comment of yours which made it to the story description, in particular because Microsoft had added some security functionality which immediately flagged the problem.
The other main commercial OS is Apple and they avoid this kind of problem by providing the hardware themselves. That is not an option for Microsoft.
Linux is moving away from non-GPL'd modules, a decision - which like Microsoft's here - is partially mandated by security considerations.
Both Boeing and the FAA are following the same interests in principle: Allowing a safe aircraft to fly. It appears someone screwed up - that aircraft apparently ain't safe.
I can think of a similar case, June 3 1998 in a place called Eschede in Germany. Some of the wheels broke up on a train travelling at around 125 mph, part of the train smashed into a bridge which brought the bridge down on the rearmost part of the train. 101 dead and 88 badly injured.
It turned out that that particular version of the ICE train had composite wheels, a technique commonly used on trams. This had been tried before - an accident in 1875 had similar causes. A minor accident no dead and no injured, in Austria, 123 years earlier. The lessons had been long forgotten.
It turned out that the authority which approved this new version of the ICE was essentially a department of the German Railways. That made sense because they had the expertise. They could not test this either - they did their calculations and decided it would work, but they forgot about metal fatigue.
It is not as though the testing authority *wanted* people to die.
I saw an article around a year ago - and I think it was on this site - claiming that the OS Samsung use for TVs was hopelessly insecure, and that whoever had written it simply did not have a clue about security. I believe that OS was Tizen, it was certainly something Samsung wrote themselves.
Assuming the article was accurate, Samsung should have had a serious go at fixing it. That costs money. What we see here is something that raises the bar a little and is actually revenue-positive. Win win from Samsung's perspective.
It is still an inadequate response on its own, hell - maybe they are trying to plug the holes as well.
Posting two stories based on the same original study, 5:20 hours apart. Well done Slashdot.
It is when the AC trolling inbreds start coming out in force that /. needs to start thinking about banning a/c posts on a story-by-story basis. Any story which meets certain criteria *is* going to be inundated with this kind of trolling, something which is predictable.
Of course that just raises the bar a little.
Websites tend to keep statistics on the browsers being used to access them, I'm too busy to look but feel safe in assuming that this particular browser is not exactly dominating those counts.
I do remember one of the creators of C describing that particular decision - and it was a decision - to be their greatest mistake. I loathe that language, along with those which share these deficiencies.
You made that up.
This is classic FUD without a shred of proof or even evidence.
If you read what the politicians said when calling for Kaspersky to be locked out, it was full of weasel-words like "could" but without anything concrete.
The one case where something from the NSA is known to have landed in Russia was part of a known and documented feature - heuristic analysis of executables which can then (this is optional and can be turned off by the user) be sent back for deeper analysis. The software in question fit the criteria and the worker in question was too stupid to have turned the feature off.
That is a known variation of Chess. It has two names - and I can't be bothered to look them up - one being "Fischer Random". Guess who originally came up with the idea.
Reading the summary is overrated, it states Carlsen won the first two games, then closed out Caruana in Game 3 which implies he didn't win the third game as well. Caruana was desperately trying to keep the match alive and made a mistake which Carlsen jumped on to complete the sweep.
Carlsen defended his title in the tie-breaks the last time around as well, that time he finished the last game with an amazing queen sacrifice.
Caruana's strength is his preparation of openings, Carlsen tends to try off-beat openings so he can take opponents out of "the book" and outplay them over the board. Carlsen will even accept slightly inferior variations to that end. Both approaches yielded advantages during the "normal" part of the match but neither player managed to cash in and then Carlsen just went for draws in games 11 and 12. That worked.
I looked at the original published report and only one of the three bar graphs had not been "countryfied" - the one labeled "How many 4G gigabytes €30 buys". The worst ones were:
Greece
Hungary
Canada
Malta
Cyprus
Norway
Portugal
Japan
Belgium
United States
New Zealand
Luxembourg
Iceland
Turkey
After that volumes were already 3 x the US value.
Their claim was that lack of real competition was keeping prices high and that the situation was going to deteriorate if a proposed merger came about. The data was from October 2018.
The "sharp and pointy" approach has its own problems.
I use cash for low-value transactions and card for the few high-value ones. The border is somewhere over $50.
I helped a friend set up her brand new machine at a time when Windows 8.1 was current. We downloaded Firefox using Internet Explorer and the free 1-Month copy of McAfee started screaming. It was right - we had been directed to a malware-infested version of Firefox.
A day or so later she installed a second virus scanner without removing McAfee and the system ended up reverting to a previous snapshot - before all of our installs - because it could not handle that any other way. Sigh.
Back when the fit hit the shan with this issue, I found a reliable resource which stated which phones were vulnerable and which were not. I have a Samsung Galaxy something-or-other and its processor turns out not to be affected. The kernel is from early 2017 and I'm not particularly happy with that but this particular problem is a non-issue for a massive number of users.
Come on - http://www.miketaylor.org.uk/tech/oreilly/truenut.html needs to be encrypted. Think of the children.
(any more cliches?)
The way I remember Mega's demise is that their servers were confiscated semi-legally by the NZ authorities acting on behalf of the US authorities. Has a Mega backup found its way to the big wide world or have the authorities outed themselves as corrupt?
My guess is the second option.
Where did those servers (ok, their discs) end up?
afaik Saudi Arabia still uses that "antiquated, broken" system.
If there is one U.S. State in the "Contiguous 48" which really does not need Summer/Winter time changes it is Florida, at that distance from the Equator there is not a lot of fluctuation anyway.
Have a look at Spain though, Franco was an admirer of Hitler and "moved" Spain to the same timezone as the Nazi Reich - it has remained there ever since. In winter they are one hour away from where they should be, in summer it is two hours. Spaniards have compensated by doing everything an hour or so later than anyone else.
There have been a number of well documented cases where US 3-letter agencies have managed to have exploits inserted into software written by US companies. Some times the point of entry was the top of the company, some times it was done surreptitiously. It is not a reach to expect virus scanners from US companies to turn something of a blind eye to all this.
The one which most affected me was RSA, they manufacture devices which display 6-digit numbers for use in passwords for VPN tunnels, the numbers change every minute. The "random seeds" used turned out not to be that random at all. RSA still exists but as a subdivision of - I think - EMC.
All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there.
I actually trust Kaspersky to do the job more than I trust a lot of the competition, they have discovered some serious state-sponsored malware in the past. I don't know if Symantec still make virus scanners but when Google, Mozilla et al start initiating the process to "untrust" their certificates, I wouldn't run one of their scanners in a sandbox.
I'm hoping they don't get over-zealous.
Where I am staying at the moment is a couple of metres outside the exclusion zone, I have just heard the police ordering people to leave their houses but am assuming they don't mean this particular house.
Speaking strictly for myself, its worthless if it does not stop one particular set of Ads which appear to be hosted by Google - at least I get the "Ad closed by Google" when I "X" the ad. Its the Battleships ad, ubiquitous and intensely annoying.
So what does it mean if Google has the only browser which is prepared to natively block Google ads? Are there not antitrust implications there?