A lot of open source code is just thrown out there with the hope of enough random people reviewing it: "with enough eyeballs, all bugs are shallow". The testing protocol you are thinking of is instead called professional code audits. That's what OpenBSD does, and it's what Microsoft puts a lot of money into. It's basically paying for the eyeballs, to ensure that those eyeballs actually exist and are possessed by competent people.
On some message board there was also a Japanese guy hacking some system DLLs to make software that supported only Windows XP to work under Windows 2000.
Yep. And some people spend so much time opposing religions and calling themselves atheists, that atheism essentially becomes their new religion-like thing.
But what you can't argue is that evidence exists that there is no such thing as a god.
That would cover every subject that does not exist. The burden is in proving something, not in disproving. In other words, by default we will just assume that nothing exists, then we go out and find out about things, and then collect evidence that such thing exists.
That is somewhat a problem, I agree. Please make this QR code display friendly, such as "Your operating system kernel has crashed. For advanced users, a QR code containing additional information is provided below. By taking a photograph of it, you can help the developers to solve the problem. [QR code picture] Press any key to restart." Maybe include the Tux logo there to show that this is about Linux.
Wayland should improve the situation too, as we can settle with a proper graphics more earlier at the boot. The current situation of flashing back and forth a framebuffer console and some kind of clunky boot animation is terrible. And god forbid if there is some spurious messages shown as "kvm: disabled by bios" which will only confuse the newbie to think that something is wrong.
That would be so tricky that it's probably not feasible for the attacker. Basically you would have to both have a vulnerability in the QR code processing code in the phone and, a compromised Linux kernel in your PC which injects malicious data into the dump.
How about a slight modification of a classic: Just change the background color of the display. Even 1 byte RGB gives you 256 messages. (I guess lighting would affect this.)
Even if we could accurately capture the precise background color value of the display, how could only one byte give enough information for anything useful?
There isn't, and that is quite common actually. However the QR code could encode more information and, with some nifty algorithms, can be automatically interpreted from a photograph to kernel crash information files.
I'm not so sure about that.:) At least at some point the PARISC architecture has printed an ASCII cow, complete with a speech bubble that says "Your System ate a SPARC! Gah!".
Open source software, always giving the professional appearance...
Plain text files aren't necessarily possible as the crash means everything is suspect and any writing to the disk a) might fail or b) might cause data loss by corrupting the filesystem
Yes, I am stupid. What are you going to do about it? At least I was brave enough to ask the question. All you were able to do, was to write that insulting and upsetting comment.
I have been lately doing some reading about the networking abstraction layers and I do not see why TCP and IP could not have been created as single layer. Comments?
The big stack of the OSI model sometimes makes me cringe also in general and I wonder if we are just wasting bandwidth with the various encapsulated headers.
Apparently by entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account.
That's interesting. Let's speculate a bit about the bug.
Do you have any theories how the login part of the Xbox One software was programmed which caused it to behave like that?
By the way I recently discovered that Daz's Windows Loader does not support GPT partitioning scheme. Just something to keep in mind if you plan on doing a pirated Win7 install to yourself or your relatives: don't do an UEFI install if you want to use Daz's.
Slashdot Mirror
Is there no testing protocol for security issues?
A lot of open source code is just thrown out there with the hope of enough random people reviewing it: "with enough eyeballs, all bugs are shallow". The testing protocol you are thinking of is instead called professional code audits. That's what OpenBSD does, and it's what Microsoft puts a lot of money into. It's basically paying for the eyeballs, to ensure that those eyeballs actually exist and are possessed by competent people.
Yeah, and meanwhile we're still waiting for Richard Stallman to answer questions we asked February 26th.
The questions for Theo de Raadt from 2014-03-05 have not seen any answers either. :(
4,294,967K should be enough for anybody.
4 GB is actually 4 * 1024 * 1024 = 4,194,304 kB.
On some message board there was also a Japanese guy hacking some system DLLs to make software that supported only Windows XP to work under Windows 2000.
Windows XP is trash software anyway. I have never used it at home apart from some quick test setups.
Windows XP is a worsened version of the excellent Windows 2000.
Windows 8 is a worsened version of the excellent Windows 7.
Just sayin'.
Yep. And some people spend so much time opposing religions and calling themselves atheists, that atheism essentially becomes their new religion-like thing.
But what you can't argue is that evidence exists that there is no such thing as a god.
That would cover every subject that does not exist. The burden is in proving something, not in disproving. In other words, by default we will just assume that nothing exists, then we go out and find out about things, and then collect evidence that such thing exists.
That is somewhat a problem, I agree. Please make this QR code display friendly, such as "Your operating system kernel has crashed. For advanced users, a QR code containing additional information is provided below. By taking a photograph of it, you can help the developers to solve the problem. [QR code picture] Press any key to restart." Maybe include the Tux logo there to show that this is about Linux.
Wayland should improve the situation too, as we can settle with a proper graphics more earlier at the boot. The current situation of flashing back and forth a framebuffer console and some kind of clunky boot animation is terrible. And god forbid if there is some spurious messages shown as "kvm: disabled by bios" which will only confuse the newbie to think that something is wrong.
Yeah. Make it smooth, I say.
That would be so tricky that it's probably not feasible for the attacker. Basically you would have to both have a vulnerability in the QR code processing code in the phone and, a compromised Linux kernel in your PC which injects malicious data into the dump.
But yes, you raise an interesting point.
How about a slight modification of a classic: Just change the background color of the display. Even 1 byte RGB gives you 256 messages. (I guess lighting would affect this.)
Even if we could accurately capture the precise background color value of the display, how could only one byte give enough information for anything useful?
There isn't, and that is quite common actually. However the QR code could encode more information and, with some nifty algorithms, can be automatically interpreted from a photograph to kernel crash information files.
I'm not so sure about that. :) At least at some point the PARISC architecture has printed an ASCII cow, complete with a speech bubble that says "Your System ate a SPARC! Gah!".
Open source software, always giving the professional appearance...
Plain text files aren't necessarily possible as the crash means everything is suspect and any writing to the disk a) might fail or b) might cause data loss by corrupting the filesystem
How does Windows do it then?
Yes, I am stupid. What are you going to do about it? At least I was brave enough to ask the question. All you were able to do, was to write that insulting and upsetting comment.
I have been lately doing some reading about the networking abstraction layers and I do not see why TCP and IP could not have been created as single layer. Comments?
The big stack of the OSI model sometimes makes me cringe also in general and I wonder if we are just wasting bandwidth with the various encapsulated headers.
Apparently by entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account.
That's interesting. Let's speculate a bit about the bug.
Do you have any theories how the login part of the Xbox One software was programmed which caused it to behave like that?
At least they did the right thing and rewarded the kid about the discovery, instead of suing the father for "tampering with their security".
I sometimes run Linux and sometimes run Windows. Why? Because it's nice for my OS to piss me off in different ways instead of always the same ways. :-)
Very well said. I have thought the same thing often.
By the way I recently discovered that Daz's Windows Loader does not support GPT partitioning scheme. Just something to keep in mind if you plan on doing a pirated Win7 install to yourself or your relatives: don't do an UEFI install if you want to use Daz's.
Ok, it's likely a bug then. Chromium normally consumes only some hundred megabytes even with a big bunch of tabs open.
How much is the memory consumption of the Chromium process tree when the machine starts swapping heavily?
Sounds more like a CPU than RAM limitation. 2GB of RAM can contain 100 tabs without problems.
And the much larger filesystem cache residing in RAM would take the precedence anyway...
I think most P4 machines do have SATA interfaces.
"cp -a" is even better than "cp -R".