While bsd.mp arrived just in the nick of time as multi-core came on the scene, the architecture strongly resembles Linux 2.2 with one large kernel lock, forcing kernel code to run on only one CPU core at a time.
Linux moved to much finer-grained locks, that allow non-conflicting segments of kernel code to run on several processors at once. While most commercial UNIX has done the same, there is no question that one great big kernel lock is more secure.
OpenBSD is very slowly allowing safe calls out of the kernel lock, and they do value security over performance, so hopefully their userspace will remain very safe.
For those who want to harden Linux, perhaps the 2.2 branch should be revived.
As Cfront was written in C++, it was a challenge to bootstrap on a machine without a C++ compiler/translator. Along with the Cfront C++ sources, a special "half-preprocessed" version of the C code resulting from compiling Cfront with itself was also provided. This C code was to be compiled with the native C compiler, and the resulting executable could then be used to compile the Cfront C++ sources.
These shell scripts mostly set a number of environment variables, then exec a runas.c program that I wrote that knocks the privilege down from root. After privilege is dropped, my runas program calls exec() on the *real* program that I want init to respawn.
This works, but it's a big pile of duct tape and bailing wire. I'm not proud of it.
I can get rid of all of that stuff with systemd, and launch it correctly:
I realize that people don't like the dbus integration, the replacement of su with systemctl shell, and many other complaints. However, this code has been carefully designed, it's reliable, and it gives me the ability to throw away a lot of my ugly glue. Call me heretic, but yes, I like it.
A small (146 healthy adults) double-blind, placebo-controlled study found that a daily supplement containing purified allicin, had dramatic results by reducing the risk of catching a cold by 64%, the symptom duration was reduced by 70% and those in the treatment group were much less likely to develop more than one cold.
Allicin has antiviral activity both in vitro and in vivo. Among the viruses susceptible to allicin are Herpes simplex type 1 and 2, Parainfluenza virus type 3, human Cytomegalovirus, Influenza B, Vaccinia virus, Vesicular stomatitis virus and Human rhinovirus type 2.
Allicin has been found to have numerous antimicrobial properties, and has been studied in relation to both its effects and its biochemical interactions. One potential application is in the treatment of methicillin-resistant Staphylococcus aureus (MRSA), an increasingly prevalent concern in hospitals. A screening of allicin against 30 strains of MRSA found high level of antimicrobial activity, including against strains that are resistant to other chemical agents. Of the strains tested, 88% had minimum inhibitory concentrations for allicin liquids of 16 mg/L, and all strains were inhibited at 32 mg/L. Furthermore, 88% of clinical isolates had minimum bactericidal concentrations of 128 mg/L, and all were killed at 256 mg/L. Of these strains, 82% showed intermediate or full resistance to mupirocin. This same study examined use of an aqueous cream of allicin, and found it somewhat less effective than allicin liquid. At 500 mg/L, however, the cream was still active against all the organisms tested—which compares well with the 20 g/L mupirocin currently used for topical application.
The difference is that you seem to think that the US is "exceptionally" bad and has had an exceptionally evil influence and impact on the world.
While good and evil are subjective terms, there is no doubt that the United States is the most violent nation on earth. When you consider that 90% of the indigenous peoples of the Americas died out as a consequence of European incursion, follow through the million dead of the U.S. civil war, then culminate in Hiroshima and Nagasaki, there is no doubt that we have earned this status.
Perhaps it is necessary to inflict violence on the world, and perhaps not. I would prefer a more congenial nation, but life is rarely about what we want.
The first Android OEM to promise and deliver 5 year support on their devices will likely become the dominant player.
Current Android OEMS are in a race to stab their customers in the back.
Google is winning by far.
I need access to Verizon towers because it is the only signal that I can get at work.
I first signed up with Page Plus Cellular, then moved to Tracfone after the America Movil buyout. I finally upgraded to a 4g device six months ago.
I can't run cyanogenmod because of Verizon's fascist bootloader locking. I do run an alternate touchwiz rom, and I have purged everything from it that mentioned Verizon.
And when Verzion shows up in my Facebook feed, I ask them why they lock their bootloaders and FORCE their users to run exploitable software, reminding them that Cyanogenmod nightlies has fixes, but Verizon doesn't and never will. It's also useful to speculate on a class action lawsuit after their userbase is owned.
Best Buy sells a $60 atom tablet with Windows 8 on cowboom.com. I have a similar next book tablet. This is essentially a stripped down PC. I've been able to boot into the bios, and it would likely run Linux if you were willing to work for it. The CPU is 64-bit capable, but OS is 32-bit as there is only 1gb of ram which is non-expandable. All win32 apps seem to work well. This is surely better than an iOS device.
If Microsoft believes that they have a more compelling product than GRUB that should be adopted by competing operating systems, then they should open-source it.
On a stock, non-rooted phone you can disable MMS to provide some degree of protection from this particular exploit.
Although unconfirmed, there are several stagefright booleans in/system/build.prop on some phones. Setting them to false might provide some additional protection. Root and a reasonable text editor will be required (i.e., busybox vi), and you should be able to recover from a boot loop before attempting this modification.
You might try creating it as a directory first - you're trying to sabotage whatever script is running that restores these files, and the simplest sabotage is the best.
Here is the description of the immutable flag from the chattr man page:
A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
Also try making the file as a directory, and/or installing it as the null device file. On my Android, based on the directory entry for/dev/null, I might install an alias for it as mknod c 1 3/system/app/facebook.apk
...and I hope the class action lawsuits provide a useful object lesson to the Android marketplace about the importance of security patches. The more vendor agony, the better at this point.
Try installing zero-size files of the same name. Set the permissions to 000, and apply the immutable bit (chattr +i). The chattr command is bundled with the SuperSU; it is also included with busybox.
In the ksh, applying the output redirection operator to a file without a preceding command will serve to truncate the target file (i.e.: > facebook.apk).
If you have rooted your device, you can remount/system in read-write mode, and from there you can remove any file in/system/app (thus removing Google Hangouts if it was installed in this location).
Google, the OEMs, and the carriers have formally abdicated any security stewardship for Android (case in point - Towelroot).
If you wish to maintain a secure Android device, you must root it yourself. No one else can or will help you until you root.
Slashdot Mirror
While bsd.mp arrived just in the nick of time as multi-core came on the scene, the architecture strongly resembles Linux 2.2 with one large kernel lock, forcing kernel code to run on only one CPU core at a time.
Linux moved to much finer-grained locks, that allow non-conflicting segments of kernel code to run on several processors at once. While most commercial UNIX has done the same, there is no question that one great big kernel lock is more secure.
OpenBSD is very slowly allowing safe calls out of the kernel lock, and they do value security over performance, so hopefully their userspace will remain very safe.
For those who want to harden Linux, perhaps the 2.2 branch should be revived.
I am going to bet you that the 3B2 was that primary computer architecture for cfront.
However, it does appear that cfront was extremely portable:
I have something like the following inittab fragment that I built on my production servers:
ds:4:respawn:/home/prog/schedule.sh
da:4:respawn:/home/prog/alert.sh
cx:4:respawn:/home/prog/update.sh
cx:4:respawn:/home/prog/audit.sh...
These shell scripts mostly set a number of environment variables, then exec a runas.c program that I wrote that knocks the privilege down from root. After privilege is dropped, my runas program calls exec() on the *real* program that I want init to respawn.
This works, but it's a big pile of duct tape and bailing wire. I'm not proud of it.
I can get rid of all of that stuff with systemd, and launch it correctly:
$ cat /etc/systemd/system/broker.service
[Unit]
Description=broker
#After=network-online.target
Wants=network-online.target
[Service]
#ExecStartPre=
#ExecStopPost=
Environment=ORACLE_SID=mydb ORACLE_HOME=/home/oracle
ExecStart=/opt/pkg/broker
WorkingDirectory=/tmp
Type=simple
KillMode=process
Restart=always
User=nobody
#Group=nobody
[Install]
WantedBy=multi-user.target
I realize that people don't like the dbus integration, the replacement of su with systemctl shell, and many other complaints. However, this code has been carefully designed, it's reliable, and it gives me the ability to throw away a lot of my ugly glue. Call me heretic, but yes, I like it.
Crushed garlic. Eat it raw.
While good and evil are subjective terms, there is no doubt that the United States is the most violent nation on earth. When you consider that 90% of the indigenous peoples of the Americas died out as a consequence of European incursion, follow through the million dead of the U.S. civil war, then culminate in Hiroshima and Nagasaki, there is no doubt that we have earned this status.
Perhaps it is necessary to inflict violence on the world, and perhaps not. I would prefer a more congenial nation, but life is rarely about what we want.
The first Android OEM to promise and deliver 5 year support on their devices will likely become the dominant player. Current Android OEMS are in a race to stab their customers in the back. Google is winning by far.
I need access to Verizon towers because it is the only signal that I can get at work.
I first signed up with Page Plus Cellular, then moved to Tracfone after the America Movil buyout. I finally upgraded to a 4g device six months ago.
I can't run cyanogenmod because of Verizon's fascist bootloader locking. I do run an alternate touchwiz rom, and I have purged everything from it that mentioned Verizon.
And when Verzion shows up in my Facebook feed, I ask them why they lock their bootloaders and FORCE their users to run exploitable software, reminding them that Cyanogenmod nightlies has fixes, but Verizon doesn't and never will. It's also useful to speculate on a class action lawsuit after their userbase is owned.
Best Buy sells a $60 atom tablet with Windows 8 on cowboom.com. I have a similar next book tablet. This is essentially a stripped down PC. I've been able to boot into the bios, and it would likely run Linux if you were willing to work for it. The CPU is 64-bit capable, but OS is 32-bit as there is only 1gb of ram which is non-expandable. All win32 apps seem to work well. This is surely better than an iOS device.
Remove these patches. Disable the "recommended"patches in Windows update. Run another update, and if any of these return, set them to ignore.
KB 3035583 (primary nagware for Windows 10)
KB 2952664
KB 2976978
KB 2990214 (Windows 10 upgrade)
KB 3021917 (Windows Customer Experience Improvement Program)
KB 3022345
KB 3035583
KB 3044374 (Windows 10 upgrade)
KB 3068708 (update for CEIP and telemetry)
KB 3075249 (telemetry)
KB 3080149 (update for CEIP and telemetry)
It does so for a reason. They want you on a support contract, and the more unreasoning fear, the better. Google designed it that way.
KB 3035583 (primary nagware for Windows 10)
KB 2952664
KB 2990214 (Windows 10 upgrade)
KB 3021917 (Windows Customer Experience Improvement Program)
KB 3022345
KB 3044374 (Windows 10 upgrade)
KB 3068708 (update for CEIP and telemetry)
KB 3075249 (telemetry)
KB 3080149 (update for CEIP and telemetry)
What would happen if we put this on the main wiki for Windows 7?
KB 2952664 (telemetry)
KB 2990114 (telemetry)
KB 3021917 (Customer Experience Improvement Program)
KB 3022345 (telemetry)
KB 3035583 (nagware for Windows 10)
KB 3068708 (telemetry)
KB 3075249 (telemetry)
KB 3080149 (CEIP and telemetry)
It appears these updates are usage trackers:
KB 2952664
KB 3022345
This is the core Windows 10 update nagware:
KB 3035583
These updates should be permanently removed and ignored on well-run systems.
What other updates should be removed and banned from Windows 7/8 in the interest of privacy?
If Microsoft believes that they have a more compelling product than GRUB that should be adopted by competing operating systems, then they should open-source it.
...then I encourage you to update and correct RFC 7525:
This is hardly the first time such phenomena has occurred.
KB3033929 would kindly patch, fail, backout, and repeat for any users arrogant enough to overwrite the bootloader for multiple operating systems.
I disabled automatic update, which is a luxury that I would have to forego on the dark day that I upgrade to Windows 10.
That day will be a long time coming.
It looks like Verizon's cheapest service option for Android is the $20 connection fee, plus $30 for the 1GB service.
Tracfone will give you Android on exactly the same towers for $20 for for a 3-month plan, no connection fee.
The Tracfone subsidiaries (PagePlus, StraightTalk, Net10) will also give you Verizon service at several different price points.
You can bring your 4G Verizon phone and avoid a new hardware purchase. If you bring it to Tracfone, you'll get triple the face value of your refills.
You can also get discounts on your refills at PinCheap.
On a stock, non-rooted phone you can disable MMS to provide some degree of protection from this particular exploit.
Although unconfirmed, there are several stagefright booleans in /system/build.prop on some phones. Setting them to false might provide some additional protection. Root and a reasonable text editor will be required (i.e., busybox vi), and you should be able to recover from a boot loop before attempting this modification.
When the critical Samsung keyboard exploit hit the news, I was able to do this (and you were not):
mount -o remount,rw /system /system/app . /system
cd
mv SamsungIME.apk SamsungIME.banished
scp cyanogen:/tmp/LatinIME.apk
cd
mount -o remount,ro
reboot
I have no intention of relinquishing my ability to repair this vendor-inflicted brain damage because of your foolish misconceptions.
You might try creating it as a directory first - you're trying to sabotage whatever script is running that restores these files, and the simplest sabotage is the best.
Here is the description of the immutable flag from the chattr man page:
What is the impact if other media.stagefright* entries are disabled? I see a long list.
Also try making the file as a directory, and/or installing it as the null device file. On my Android, based on the directory entry for /dev/null, I might install an alias for it as mknod c 1 3 /system/app/facebook.apk
...and I hope the class action lawsuits provide a useful object lesson to the Android marketplace about the importance of security patches. The more vendor agony, the better at this point.
Try installing zero-size files of the same name. Set the permissions to 000, and apply the immutable bit (chattr +i). The chattr command is bundled with the SuperSU; it is also included with busybox.
In the ksh, applying the output redirection operator to a file without a preceding command will serve to truncate the target file (i.e.: > facebook.apk).
If you have rooted your device, you can remount /system in read-write mode, and from there you can remove any file in /system/app (thus removing Google Hangouts if it was installed in this location).
Google, the OEMs, and the carriers have formally abdicated any security stewardship for Android (case in point - Towelroot).
If you wish to maintain a secure Android device, you must root it yourself. No one else can or will help you until you root.