ha ha... a bluetooth keyboard with a single key labelled "ESC". Would probably cost around $50 and in a few months would be a security vector or something that corrupts all the data
No silly, the USB-C version is only $30. Except, you can't use that whilst charging.....;-P
Why does everyone use such small DNS TTLs? Checking some of the domains (including twitter) that went down, their TTLs are all less than 200...are their networks so dynamic that 1800, 3600, 7200 wouldn't work? Would really minimize the effect of DNS outages...
Perhaps so they can better deal with DoS attacks on their services; if their web server is under DoS attack, they can simply switch to another IP, but with a high TTL, it would take longer for the new IP to take effect.
Problem is the same system could be use to mount a.... [D]DoS attack on services that depend on sub-domains. E.g. if "example.com" has a business where each customer has their own sub-domain, then all a hacker needs to do to deny-service to example.com is make multiple failed DNS requests.
Not that your idea isn't a bad one though... it *may* help Dyn themselves mitigate the attack somewhat by given dodgy looking requests a lower priority. But it doesn't really solve it.
My best idea is actively hunting vulnerable devices and bricking them... but I'm guessing this might not be a popular option!
I do like this idea, not least because it would effectively be a user-upgradable laptop. I know the pi-top exists, but the fact it costs more than a cheap laptop/chrome-book means it's not terribly practical. Plus, it's not the most aesthetically pleasing design ever!
It's likely just part of the product development/cost reduction process... so this is simply the model that replaces the old XBone because it's cheaper to manufacture. It costs more at the moment because they have old stock to clear, but mostly because they want a fatter margin whilst they can get it.
This is a person who according to Ken Clarke, didn't really want to leave the EU any more than Boris did... basically, these type of people say one thing in order that the party will like them, they can get power, but then do something completely different.
The *only* reason website ratings and "think of the children" narratives are being mentioned now is simply to appeal to the people who may select her. And that's all.
The thing that struck me about their point that YouTube enabled people to carry virtually every song ever in their pocket... well I was just thinking, yep, that's fucking amazing. So, what exactly is it that these artists have done that's so worth hindering human advancement?
I think you're absolutely right, and I also agree with Gr8Apes comment about the relatively recent music industry basically being a blip.
They inject code right into the script that already has the execute bit set. It's not uncommon, I've seen it myself.
Looking at this specific example, WP Mobile Detector flaw, I can't see how that would be possible.
Just to recap (mostly for my own benefit to make sure I'm not going mad!), this flaw works by sending a URL to a vulnerable website. The vulnerable website then uses file_get_contents() to read the file... it is assuming the file is local, but actually it's a URL to somewhere else. If the server is configured with allow_url_fopen then file_get_contents() will perform the necessary HTTP GET to retrieve the contents of that file. The file still needs to be written to disk, which in this case is performed by file_put_contents().
None of the above is going to set the execute bit.
This doesn't help anything because the script they inject the code into already has the execute bit set.
Erm... no!
They're not uploading the script using SFTP or anything that might preserve file permissions; they're uploading using an existing, insecure, PHP script on the server. That will only allow for the file content and the file name to be preserved, so unless the PHP script explicitly set the file as executable, then it wouldn't be executable. The problem is, right now, it doesn't need to be executable in order to execute!
I don't think it would be a problem having PHP set it's own execute bit if it wants/needs to. A big problem seems to be with CMS-type sites where a user can upload content where (currently) miscreants can inject script. If the execute bit were required before script could be executed, then that would seem to avoid quite a lot of problems... unless a CMS were to set execute on user uploaded content, which would be dumb!
Why doesn't PHP (and other web scripting languages) require the execute bit on those scripts? Surely this would make is considerably harder to inject a script.
Anyone know the reason for this because I can't be the first person to think this?!
You mean Snow Leopard 10.6.8 v1.1. This can be crashed (as I did covered) by a Wifi AP providing IPv6.
Solution is to disable IPv6 in OS X, which is simple enough albeit you need to disable or move out of range of the AP to do so.
What actually happens is, the machine boots fine, you might be able to start an app or two, but then it'll beach-ball, and nothing will work thereafter; it's not actually frozen, but all disk activity stops and you can't even shutdown.
And that's what I really really really fucking hate about Ubuntu LTS releases... so much stuff is broken, and never actually get's fixed. So I wind up having to faff with PPAs afterwards and then hoping that the next LTS will have things fixed.
I'd not used systemd much until recently. From my perspective, it's no better/worse than before except that now things that used to work don't. I'm sure it'll get sorted eventually, but it kind of has the feel that almost no one fully understands how it works... hence the breakages.
And so, things that are hard for individual's to understand, are often too large in scope. Basically, to me anyway, it smells a bit like X does, i.e. overly complicated and hard to maintain.
But like I say, I've not been exposed to it for very long, and I don't completely hate it... I'm just not seeing the benefits myself.
You're absolutely correct! I've been using Ubuntu since 6.06 and it's been vastly better than Windows for me.
But there are things that are annoying. For me, it's mostly where LTS releases tend to be released with irritating bugs that may never be fixed; instead they'll get fixed in the next version, and as an LTS user, you've either got to get a back port, or a PPA to solve it.
I've not done much testing with 16.04 yet, but this bug is *really* annoying: bug 1521302
And I've a horrible feeling it won't be fixed before release, and so, I won't want to upgrade until it is fixed or there's a work-around.
So yeah - broadly, Ubuntu is great. But... grrrr... annoying stuff too!!!
Slashdot Mirror
Say that 10 times fast.... :)
or say it once backward and... summon the ghost of Steve!!!! (woooOOOOOOOOoooooo)
ha ha ... a bluetooth keyboard with a single key labelled "ESC". Would probably cost around $50 and in a few months would be a security vector or something that corrupts all the data
No silly, the USB-C version is only $30. Except, you can't use that whilst charging..... ;-P
The summary says if you opt for a fix then you'll also get a payout that starts at just over $5K... so I'm guessing that's your best option.
Why does everyone use such small DNS TTLs? Checking some of the domains (including twitter) that went down, their TTLs are all less than 200...are their networks so dynamic that 1800, 3600, 7200 wouldn't work? Would really minimize the effect of DNS outages...
Perhaps so they can better deal with DoS attacks on their services; if their web server is under DoS attack, they can simply switch to another IP, but with a high TTL, it would take longer for the new IP to take effect.
Problem is the same system could be use to mount a.... [D]DoS attack on services that depend on sub-domains. E.g. if "example.com" has a business where each customer has their own sub-domain, then all a hacker needs to do to deny-service to example.com is make multiple failed DNS requests.
Not that your idea isn't a bad one though... it *may* help Dyn themselves mitigate the attack somewhat by given dodgy looking requests a lower priority. But it doesn't really solve it.
My best idea is actively hunting vulnerable devices and bricking them... but I'm guessing this might not be a popular option!
It also has a replaceable battery and an SD card slot.
Obv. not a smart phone replacement, but honestly, it seems like a pretty good phone otherwise.
I do like this idea, not least because it would effectively be a user-upgradable laptop. I know the pi-top exists, but the fact it costs more than a cheap laptop/chrome-book means it's not terribly practical. Plus, it's not the most aesthetically pleasing design ever!
It's likely just part of the product development/cost reduction process... so this is simply the model that replaces the old XBone because it's cheaper to manufacture. It costs more at the moment because they have old stock to clear, but mostly because they want a fatter margin whilst they can get it.
This also works with Chromium on Debian GNU/Linux.
Interesting... since Chromium can be run on a Raspberry Pi, does that mean a Pi can be used for Skype now?
This is a person who according to Ken Clarke, didn't really want to leave the EU any more than Boris did... basically, these type of people say one thing in order that the party will like them, they can get power, but then do something completely different.
The *only* reason website ratings and "think of the children" narratives are being mentioned now is simply to appeal to the people who may select her. And that's all.
It's entirely self-serving.
The thing that struck me about their point that YouTube enabled people to carry virtually every song ever in their pocket... well I was just thinking, yep, that's fucking amazing. So, what exactly is it that these artists have done that's so worth hindering human advancement?
I think you're absolutely right, and I also agree with Gr8Apes comment about the relatively recent music industry basically being a blip.
They inject code right into the script that already has the execute bit set. It's not uncommon, I've seen it myself.
Looking at this specific example, WP Mobile Detector flaw, I can't see how that would be possible.
Just to recap (mostly for my own benefit to make sure I'm not going mad!), this flaw works by sending a URL to a vulnerable website. The vulnerable website then uses file_get_contents() to read the file... it is assuming the file is local, but actually it's a URL to somewhere else. If the server is configured with allow_url_fopen then file_get_contents() will perform the necessary HTTP GET to retrieve the contents of that file. The file still needs to be written to disk, which in this case is performed by file_put_contents().
None of the above is going to set the execute bit.
This doesn't help anything because the script they inject the code into already has the execute bit set.
Erm... no!
They're not uploading the script using SFTP or anything that might preserve file permissions; they're uploading using an existing, insecure, PHP script on the server. That will only allow for the file content and the file name to be preserved, so unless the PHP script explicitly set the file as executable, then it wouldn't be executable. The problem is, right now, it doesn't need to be executable in order to execute!
I don't think it would be a problem having PHP set it's own execute bit if it wants/needs to. A big problem seems to be with CMS-type sites where a user can upload content where (currently) miscreants can inject script. If the execute bit were required before script could be executed, then that would seem to avoid quite a lot of problems... unless a CMS were to set execute on user uploaded content, which would be dumb!
Why doesn't PHP (and other web scripting languages) require the execute bit on those scripts? Surely this would make is considerably harder to inject a script.
Anyone know the reason for this because I can't be the first person to think this?!
Windows 10 is a gift to the Linux world.
Only on Slashdot.
To the rest of the U.S., at least, Windows 10 was a gift to the OS X world.
I wonder if it is OS X or Chrome OS that will gain the most?
You mean Snow Leopard 10.6.8 v1.1. This can be crashed (as I did covered) by a Wifi AP providing IPv6.
Solution is to disable IPv6 in OS X, which is simple enough albeit you need to disable or move out of range of the AP to do so.
What actually happens is, the machine boots fine, you might be able to start an app or two, but then it'll beach-ball, and nothing will work thereafter; it's not actually frozen, but all disk activity stops and you can't even shutdown.
Details here.
I wonder why they left the new A+ running at 700MHz when the Pi Zero runs at 900MHz by default?
As the AC said, it's when pressing F11 again that it fails to restore back to it's original window size.
For me, it's simply having newer versions of things in an LTS release.
Last time I checked, I couldn't use F11 to full-screen Gnome Terminal and then F11 to get it back to it's original size. Advanced feature I know, but I use the terminal a lot!
And that's what I really really really fucking hate about Ubuntu LTS releases... so much stuff is broken, and never actually get's fixed. So I wind up having to faff with PPAs afterwards and then hoping that the next LTS will have things fixed.
I'd not used systemd much until recently. From my perspective, it's no better/worse than before except that now things that used to work don't. I'm sure it'll get sorted eventually, but it kind of has the feel that almost no one fully understands how it works... hence the breakages.
And so, things that are hard for individual's to understand, are often too large in scope. Basically, to me anyway, it smells a bit like X does, i.e. overly complicated and hard to maintain.
But like I say, I've not been exposed to it for very long, and I don't completely hate it... I'm just not seeing the benefits myself.
+1 for "eleven" - did actually lol at that! :D
You're absolutely correct! I've been using Ubuntu since 6.06 and it's been vastly better than Windows for me.
But there are things that are annoying. For me, it's mostly where LTS releases tend to be released with irritating bugs that may never be fixed; instead they'll get fixed in the next version, and as an LTS user, you've either got to get a back port, or a PPA to solve it.
I've not done much testing with 16.04 yet, but this bug is *really* annoying: bug 1521302
And I've a horrible feeling it won't be fixed before release, and so, I won't want to upgrade until it is fixed or there's a work-around.
So yeah - broadly, Ubuntu is great. But... grrrr... annoying stuff too!!!
You say that... but I'm pretty certain there are some home automation routers that are plotting their revenge RIGHT NOW!