gpg signing makes much more sense to me than block chain. The message to sign should be the result of the previous messages + your new message. If you sign all that, then you're effectively getting the same value, but you don't really need to 'invest' in anything as the tools are well established.
This sounds a lot like an internal job, more than external attack. Why risk getting logged on the way in, unless you are a disgruntled employee or competitor. Most likely an employee with unfavorable bonus.
It will have access to a slightly different customer demographic than your typical Radio Shack on a strip mall somewhere that doesn't have the students and professors from a top-tier university, the employees and families of ARM inc. and a dozen other tech companies passing by on their way back from the bookshop - is what I'm saying.
People can add it to the tourist trail between the alma mater of Newton and Hawking and the pub where Clive Sinclair and Chris Curry had a punch-up.
That type of person is well aware of how to use the internet to buy electronics online.
This type of shop is more appropriate for younger audiences.
Interesting, quite a list of mail addresses for a private domain. It's worth doing the domain verification to see what's leaked, then you can go round those services and update your unique email address with them and then/dev/null the rest. This is one of those happy moments where setting up a private mail server comes in handy, despite what others may think, I find it has been worth the time to setup.
Open source software can be "trusted" to a fair extent. At least then, experts can look at the code and see what it's doing.
This is what irritates me about the software world. Open source is often reviewed to a much higher extent than closed. And people wonder why windows/ie is buggy and riddled with CVE.
Of course there are still risks. Open source software can still have bugs. Malicious code can be obfuscated.
Do you have examples? Are the projects still around? I'm surprised if code that terrible was merged.
Compiled binaries might be different from the source. Hosted services based on FOSS can still be used by the host for malicious purposes. And I don't think it can count as "open source" in situations like Android phones, where you have to run the OEM's version that has unknown alterations, and you can't just wipe it and install your own version. Still, any real hope for trusting our hardware and software would be for us to have control of it and know what it's doing.
I don't think you can really. Maybe the best you can hope for is not to have an IP route to the internet for all your devices. I don't know how well malware copes with gateway proxies, presumably it needs to call home at some point to talk to command and control. With a VPN that uses openvpn you could still use iptables to force deny traffic to the default route unless it has come from a given uid. This should prevent packets escaping into the tunnel unless you've done your own sanity checks on the traffic first.
I do this, via qmail's -default. When a company sells me out or looses their database (linkedin, multiple times) I can easily change at source and echo # >.qmail-linkedin.
For reading mail, that's done via mutt, since that does a great job of hiding junk content, if there's no text/plain or the HTML is the body, chances are a spam source sent it. Won't be read. If it looks legit via the subject then I'll go to the effort of viewing with lynx.
For the first part, most vendors (gmail, etc) will allow SMTP and IMAP, so mutt can still attach. I think they allow + addressing, also. Not sure if you can filter out based on the + extension, more than likely you could.
Is it that slow? pypy seems pretty quick to me. Do programs start up that frequently these days outside of util scripts? Even then you can follow xargs lead and do more per execution.
Does that go for JavaScript? What about bytecode? Doesn't a computer reverse enginer every time it executes? Would reading punch cards count as reverse engineering too? Genuinely curious.
Unlike all the other posts here, I find GIMP is a reasonably good piece of photo editing software. If you think that it suffers in some way, how about buying the developers a cup of coffee perhaps, or send a patch over for merger?
Complaining about the naming of the software does not cut the mustard. The fact the developers don't spend time pandering to SJW is a good thing, get your mind of out of the gutter.
Although people stealing things is a heck of a problem, glitter is an environmental pollutant. I don't know how much in comparison to waste caused by duplicate online orders, but even so, is there something better than glitter that could be used here?
Yes. Similar story here. How did this become news though, it's not new, it's not even that special, or interesting. A large number of/. readers would know this already, those that don't will not need to think much about it, it is pretty simple and is there as a feature for the operators to be able to read or get some more insight into what the customer is thinking about when they're raising a live chat ticket.
ss deprecated 'netstat', though that is a Windows thing too.
'strace' on windows would be handy.
One of the things that makes Windows such a dead and forgotten OS is the lack of basic tools in the default install. It's a real PITA to get tcpdump or even telnet on a Windows machine. Linux is light years ahead in this respect. Given the lack of ease in operationally supporting Windows it's no surprise that no dev person wants to go near it.
How confused would this website be if that happened? Would we finally declare it the year of Linux on the desktop, or would we gnash our teeth about Microsoft being in the end stage of the "embrace, extend, extinguish" strategy?
I think linux has done EEE to MS. You now have WSL, there's a better console now, powershell is on Linux, it even has a solitaire clone. I mean the Windows clone is good, but its not as good as the Linux one.
Slashdot Mirror
Didn't theFukushima and Chernobyl robots give up this information quite quickly?
gpg signing makes much more sense to me than block chain. The message to sign should be the result of the previous messages + your new message. If you sign all that, then you're effectively getting the same value, but you don't really need to 'invest' in anything as the tools are well established.
The username is legit
This sounds a lot like an internal job, more than external attack. Why risk getting logged on the way in, unless you are a disgruntled employee or competitor. Most likely an employee with unfavorable bonus.
It's not slow, it's got lots of viruses to handle at once.
It will have access to a slightly different customer demographic than your typical Radio Shack on a strip mall somewhere that doesn't have the students and professors from a top-tier university, the employees and families of ARM inc. and a dozen other tech companies passing by on their way back from the bookshop - is what I'm saying.
People can add it to the tourist trail between the alma mater of Newton and Hawking and the pub where Clive Sinclair and Chris Curry had a punch-up.
That type of person is well aware of how to use the internet to buy electronics online.
This type of shop is more appropriate for younger audiences.
Interesting, quite a list of mail addresses for a private domain. It's worth doing the domain verification to see what's leaked, then you can go round those services and update your unique email address with them and then /dev/null the rest. This is one of those happy moments where setting up a private mail server comes in handy, despite what others may think, I find it has been worth the time to setup.
Open source software can be "trusted" to a fair extent. At least then, experts can look at the code and see what it's doing.
This is what irritates me about the software world. Open source is often reviewed to a much higher extent than closed. And people wonder why windows/ie is buggy and riddled with CVE.
Of course there are still risks. Open source software can still have bugs. Malicious code can be obfuscated.
Do you have examples? Are the projects still around? I'm surprised if code that terrible was merged.
Compiled binaries might be different from the source. Hosted services based on FOSS can still be used by the host for malicious purposes. And I don't think it can count as "open source" in situations like Android phones, where you have to run the OEM's version that has unknown alterations, and you can't just wipe it and install your own version.
Still, any real hope for trusting our hardware and software would be for us to have control of it and know what it's doing.
I don't think you can really. Maybe the best you can hope for is not to have an IP route to the internet for all your devices. I don't know how well malware copes with gateway proxies, presumably it needs to call home at some point to talk to command and control. With a VPN that uses openvpn you could still use iptables to force deny traffic to the default route unless it has come from a given uid. This should prevent packets escaping into the tunnel unless you've done your own sanity checks on the traffic first.
Sometimes it's an internal compromise and a disgruntled employee takes the user database.
I do this, via qmail's -default. When a company sells me out or looses their database (linkedin, multiple times) I can easily change at source and echo # > .qmail-linkedin.
For reading mail, that's done via mutt, since that does a great job of hiding junk content, if there's no text/plain or the HTML is the body, chances are a spam source sent it. Won't be read. If it looks legit via the subject then I'll go to the effort of viewing with lynx.
For the first part, most vendors (gmail, etc) will allow SMTP and IMAP, so mutt can still attach. I think they allow + addressing, also. Not sure if you can filter out based on the + extension, more than likely you could.
Is it that slow? pypy seems pretty quick to me. Do programs start up that frequently these days outside of util scripts? Even then you can follow xargs lead and do more per execution.
Does that go for JavaScript? What about bytecode? Doesn't a computer reverse enginer every time it executes? Would reading punch cards count as reverse engineering too? Genuinely curious.
Unlike all the other posts here, I find GIMP is a reasonably good piece of photo editing software. If you think that it suffers in some way, how about buying the developers a cup of coffee perhaps, or send a patch over for merger?
Complaining about the naming of the software does not cut the mustard. The fact the developers don't spend time pandering to SJW is a good thing, get your mind of out of the gutter.
Although people stealing things is a heck of a problem, glitter is an environmental pollutant. I don't know how much in comparison to waste caused by duplicate online orders, but even so, is there something better than glitter that could be used here?
Been ctrl-alt-f2'ing to another user to browse for a while. Nothing new in multiuser os, just a lot less of an issue in one.
I rather like MySQL for certain projects, but unfortunately Oracle owns that now too.
MariaDB no good for you?
This guy manages, so can you https://www.youtube.com/watch?...!
What's stopping you doing that on a touring road push bike? Would be a lot more fun.
Yes. Similar story here. How did this become news though, it's not new, it's not even that special, or interesting. A large number of /. readers would know this already, those that don't will not need to think much about it, it is pretty simple and is there as a feature for the operators to be able to read or get some more insight into what the customer is thinking about when they're raising a live chat ticket.
Remember not to trust the cloud: have backups because your stuff might be lost.
Are you sure? I thought the onedrive EULA made the content MS's property, so if it's lost, it wasn't yours to loose..
Isn't that what WSL gave Windows folk?
> netstat
ss deprecated 'netstat', though that is a Windows thing too.
'strace' on windows would be handy.
One of the things that makes Windows such a dead and forgotten OS is the lack of basic tools in the default install. It's a real PITA to get tcpdump or even telnet on a Windows machine. Linux is light years ahead in this respect. Given the lack of ease in operationally supporting Windows it's no surprise that no dev person wants to go near it.
Learn these words.
I don't see how EEE[1] applies here, though I don't know how it applies since unless it is GPL'd it'll never find its way into core distros.
1: fun fact, it's roughly the 20th anniversary of the Halloween documents.
> ProcMon will show you file access attempts to find a DLL
systemtap and dtrace not good enough for you?
How confused would this website be if that happened? Would we finally declare it the year of Linux on the desktop, or would we gnash our teeth about Microsoft being in the end stage of the "embrace, extend, extinguish" strategy?
I think linux has done EEE to MS. You now have WSL, there's a better console now, powershell is on Linux, it even has a solitaire clone. I mean the Windows clone is good, but its not as good as the Linux one.