Its not the average thief putting something together like this.... What this has proven is that the reward for getting on the WANTED list on just about every country in the world is somewhat small.
Alternate version - nVidia stuff has been outperforming AMD for decades. Only the latest generation of AMD card is somewhat useful - and it benchmarks well below any nVidia card.
For years, the nVidia driver has had the odd quibble, but has worked fine. AMD's drivers over that same timeframe have been horrible.
Don't whitewash the history of how things rolled out due to the latest 6 months of development work by AMD....
Well, sure, but GNOME is the only officially-supported desktop on RHEL (unless we're supporting KDE these days, I never can keep track
Oh god I wish RH would support a proper KDE5 environment. It would benefit greatly from some more resources to move things along quicker.
I'm active in testing the KDE5 stuff in Fedora (and in #fedora-kde most times) - but having some more hands on it would really make things nicer for all parties.
On RHEL7 and similar, net-tools is no longer installed by default, you should use the 'ip' command from iproute2, see http://lartc.org/howto/lartc.i... . ifconfig and 'route' for Linux have been on the deprecation path for years, before systemd existed.
I think since RHEL6 the Red Hat documentation and training material stopped referring to ifconfig.
But lets not pretend its perfect. NetworkManager used to constantly cause my Xen server to lose its networking. 'systemctl restart NetworkManager' caused it to come back - after hooking up a keyboard and mouse. Systemd's networkd can't bring up ppp connections - it doesn't know what they are - and last time I tried it choked on bridges.
So, you fall back to the good old 'chkconfig network on' and remove everything networkd and NetworkManager related. But now wait-online doesn't work for systemd - so anything that requires the network to be up will cause issues - requiring other hacks to bring back into line.
So yeah, its not perfect, and some stuff is still broken.
For a tech web site, there's a lot of clueless idiocy in reply to things like this.
I work in the field which is using technologies like this on all kinds of things. BLE Beacons are being deployed everywhere - and being used on everything from transport notifications (your bus at stop X is running late!), to wayfinding applications in places like stadiums for non-locals (which can be translated to native languages) and doesn't require GPS coverage and Wifi triangulation isn't accurate enough, to package tracking and presence detection (mobile beacons, static readers). We have interactive displays that activate by putting a product with a tag in it on a 'display case' - and some that even have holographic presentations associated with them.
Merging this technology with web delivery is a massive bonus. It means a consistent interface for many devices. Android already supports BLE push notifications, allowing them in the base chrome technology opens up support to the entire environment - not just gimmick product X.
Forget the "OMG ZEE SPAM! ZEE PRIVACY!" crap, pull your heads out of the sand and use your imagination - because you'll be seeing this stuff everywhere in a few years time - but you probably won't even know you're using it.
I used OmniROM during the KitKat era, and it felt like an extremely solid and fast ROM. I think they were closer to the stock Android even than Cyanogenmod. The only problem with OmniROM has always been a very poor device support. If you have a Nexus phone, then you're set. But it's pretty spotty/poor outside of Nexus devices.
Yup - hence the best thing they could get is more support / contributions / patches.
One of my criteria for buying a phone was that it had CM available -- my latest being the OnePlus X. Every Android phone I've owned has run CM. This is very disappointing.
As per the GP, I've also used a Yubikey for years. Mine is the original one that doesn't support 2UF, but I've been using it for many things - including some of my own applications in OTP mode.
OpenVPN - Username + OTP. SSH - Private Key + OTP from unknown sources (else just key). Admin account on my hosting platform: email + password + OTP (written in perl). Lastpass - Username + Password + OTP.
In the many years since I've had this key (remember, this is one of the first they made), I've had their validation servers go down once. Newer methods available on the newer keys make this problem go away.
I've been seriously thinking of upgrading (4 generations) of key to the latest and greatest, but good old OTP mode does what I need for now. That 2UF sure looks perdy though.....
Congratulations, sitting alone here at home, I actually uttered the words "what the f*ck is this sh*t" out loud when I opened that GitHub link. No mean feat, considering how difficult asterisks are to pronounce.
This. I read through the first two dozen or so posts, then realised how many posts there were and my first thought was "These guys are morons."
It's like the joke: How do you find a vegan? Don't worry, they'll tell you.
As a developer myself, I don't care what your sexual preferences are, who you want to be in life, what your favourite colour is, what your political beliefs are. Its all irrelevant. What I care about is what your diff / patch / pull request does, is it going to break anything, and is it ok to merge.
Trying to make this about anything else is petty bullshit and belongs anywhere but my bug tracker (where I don't care what you do).
One of the features of Windows 10 is to grab updates from other Win10 machines on the same local subnet in P2P mode; the idea on not saturating the WAN link to the ISP with redundant requests. Problem is, I don't think I've ever seen it work. And yes, I only had two Win10 machines on the same network with one already updated. It's network utilization remained at 0% while the other computer was updating. that said even if this function is supposed to work as it is I'm not even sure how differential updating will work in a P2P environment.
I don't think I've ever seen this work either. It would be damn useful - but I've never seen or heard anyone else getting it working either.
No, it COULD NOT 'potentially' do that. Full Google account access IS NOT, and DOES NOT INCLUDE Gmail access. So it CAN NOT access your email, docs, etc, even potentially.
You would do well to read what you are disputing before spouting more garbage. It can, but not in a straight forward way. It is a problem, and needs to be fixed.
I've been holding my breath for a long time for this, and it's pretty disappointing to have to say... This is really not ready for real use -- at least for most non-trivial use.
We're seeing that something is keeping a spinlock going instead of actually waiting - as a process that is waiting for data is using 100% CPU while waiting. Doesn't do the same on Windows. The guys are now refactoring for this release to see if its fixed in this vs Preview 1.
I'm a longtime Linux user and every article I've seen decries Linux's extremely poor power management especially on Laptops.
Can you go into more detail on your setup?
Did you install any custom or non-standard kernels modules?
Any specific config tweaks?
What version of W10?
No special tweaks, or kernel modules - just 'systemctl enable powertop'.
Windows 10 was the ultimate version that was upgraded from the Insider project.
Not only is the RAM usage less (right now, ksysguard is showing 2.2Gb / 7.7Gb RAM used), but the disk activity is less. Performance seems about on par as to loading programs (Chrome / Thunderbird etc). I even get the bonus of being able to use luks for a fully encrypted root partition as well.
Sorry - but I have to argue here... I have a Dell Inspiron 15 laptop - Windows 10 gives me ~5 hours of battery life. Fedora 24 gives me nearly 8. And yes - I have measured.
Don't worry, the banks are working hard to solve this security hole... by telling anyone who will listen that these cards are secure, and sticking their fingers in their ears any time anyone says any different.
Yeah, its that much of a threat that I can't even remember a time in Australia that I owned a credit card that wasn't a tap & pay card.
That's at least 14 years. It hasn't caused an explosion in fraud here.
In fact, now my bank even has an NFC payment option baked into any system that also does Tap & Pay that uses NFC on my Android phone to pay without even having the card. I haven't carried a wallet for nearly 6 months now - all I need is a phone.
This is where I realize you don't know what you're talking about because SSLv3 has been disabled in modern browsers for 2 years now. Have a good day with your uninformed, knee-jerk opinions.
So you're going to tell a guy with a 5 digit slashdot ID that SSLv3 problems don't exist because the browser disabled it?
You realise that unless you disable it *ON THE SERVER* it is still offered, right?
I can get free 1-year certs from StartSSL, so why in the world does anybody even use those?
And I'll keep mentioning StartAPI every time this BS about Lets Encrypt comes out - and point to my implementation of it in perl: https://github.com/CRCinAU/sta...
If Let's Encrypt refuses to grant any certificates longer than 90 days then your credentials are actually NOT as valuable as they would be otherwise.
Really? Is this what we've become? We expect that systems are that insecure that they can't say unhacked for longer than 90 days?
Sorry, but 90 days is just stupid and expecting everyone to just trust this to a script is just silly.
Lets really get to the point of what LE is all about - people who have no idea of security - but it lets them get this green padlock in their browser (even though its probably SSLv3 by default).
Slashdot Mirror
Its not the average thief putting something together like this.... What this has proven is that the reward for getting on the WANTED list on just about every country in the world is somewhat small.
Hopefully if it becomes the norm that people don't make any money from these things, it won't be worth the effort to do....
Alternate version - nVidia stuff has been outperforming AMD for decades. Only the latest generation of AMD card is somewhat useful - and it benchmarks well below any nVidia card.
For years, the nVidia driver has had the odd quibble, but has worked fine. AMD's drivers over that same timeframe have been horrible.
Don't whitewash the history of how things rolled out due to the latest 6 months of development work by AMD....
Well, sure, but GNOME is the only officially-supported desktop on RHEL (unless we're supporting KDE these days, I never can keep track
Oh god I wish RH would support a proper KDE5 environment. It would benefit greatly from some more resources to move things along quicker.
I'm active in testing the KDE5 stuff in Fedora (and in #fedora-kde most times) - but having some more hands on it would really make things nicer for all parties.
On RHEL7 and similar, net-tools is no longer installed by default, you should use the 'ip' command from iproute2, see http://lartc.org/howto/lartc.i... . ifconfig and 'route' for Linux have been on the deprecation path for years, before systemd existed.
I think since RHEL6 the Red Hat documentation and training material stopped referring to ifconfig.
But lets not pretend its perfect. NetworkManager used to constantly cause my Xen server to lose its networking. 'systemctl restart NetworkManager' caused it to come back - after hooking up a keyboard and mouse. Systemd's networkd can't bring up ppp connections - it doesn't know what they are - and last time I tried it choked on bridges.
So, you fall back to the good old 'chkconfig network on' and remove everything networkd and NetworkManager related. But now wait-online doesn't work for systemd - so anything that requires the network to be up will cause issues - requiring other hacks to bring back into line.
So yeah, its not perfect, and some stuff is still broken.
For a tech web site, there's a lot of clueless idiocy in reply to things like this.
I work in the field which is using technologies like this on all kinds of things. BLE Beacons are being deployed everywhere - and being used on everything from transport notifications (your bus at stop X is running late!), to wayfinding applications in places like stadiums for non-locals (which can be translated to native languages) and doesn't require GPS coverage and Wifi triangulation isn't accurate enough, to package tracking and presence detection (mobile beacons, static readers). We have interactive displays that activate by putting a product with a tag in it on a 'display case' - and some that even have holographic presentations associated with them.
Merging this technology with web delivery is a massive bonus. It means a consistent interface for many devices. Android already supports BLE push notifications, allowing them in the base chrome technology opens up support to the entire environment - not just gimmick product X.
Forget the "OMG ZEE SPAM! ZEE PRIVACY!" crap, pull your heads out of the sand and use your imagination - because you'll be seeing this stuff everywhere in a few years time - but you probably won't even know you're using it.
Really? Only a single link to a third party web site and no mention at all of the openelec web site?
This is what passes for front page quality now?
I used OmniROM during the KitKat era, and it felt like an extremely solid and fast ROM. I think they were closer to the stock Android even than Cyanogenmod. The only problem with OmniROM has always been a very poor device support. If you have a Nexus phone, then you're set. But it's pretty spotty/poor outside of Nexus devices.
Yup - hence the best thing they could get is more support / contributions / patches.
One of my criteria for buying a phone was that it had CM available -- my latest being the OnePlus X. Every Android phone I've owned has run CM. This is very disappointing.
Check OmniROM - https://omnirom.org/
It forked from CM quite a while ago - and it'd be swell if the active CM crowd just continued there.....
As per the GP, I've also used a Yubikey for years. Mine is the original one that doesn't support 2UF, but I've been using it for many things - including some of my own applications in OTP mode.
OpenVPN - Username + OTP.
SSH - Private Key + OTP from unknown sources (else just key).
Admin account on my hosting platform: email + password + OTP (written in perl).
Lastpass - Username + Password + OTP.
In the many years since I've had this key (remember, this is one of the first they made), I've had their validation servers go down once. Newer methods available on the newer keys make this problem go away.
I've been seriously thinking of upgrading (4 generations) of key to the latest and greatest, but good old OTP mode does what I need for now. That 2UF sure looks perdy though.....
Congratulations, sitting alone here at home, I actually uttered the words "what the f*ck is this sh*t" out loud when I opened that GitHub link. No mean feat, considering how difficult asterisks are to pronounce.
This. I read through the first two dozen or so posts, then realised how many posts there were and my first thought was "These guys are morons."
It's like the joke: How do you find a vegan? Don't worry, they'll tell you.
As a developer myself, I don't care what your sexual preferences are, who you want to be in life, what your favourite colour is, what your political beliefs are. Its all irrelevant. What I care about is what your diff / patch / pull request does, is it going to break anything, and is it ok to merge.
Trying to make this about anything else is petty bullshit and belongs anywhere but my bug tracker (where I don't care what you do).
One of the features of Windows 10 is to grab updates from other Win10 machines on the same local subnet in P2P mode; the idea on not saturating the WAN link to the ISP with redundant requests. Problem is, I don't think I've ever seen it work. And yes, I only had two Win10 machines on the same network with one already updated. It's network utilization remained at 0% while the other computer was updating. that said even if this function is supposed to work as it is I'm not even sure how differential updating will work in a P2P environment.
I don't think I've ever seen this work either. It would be damn useful - but I've never seen or heard anyone else getting it working either.
the actual reasons are mentioned in the article that you obviously didn't bother to read.
Are you new here?
We did this years ago on GSM / PPP sessions (remember when you connected a laptop via IR and dialed a number to get internet access?).
Set up a VPN server to listen on port 53 UDP somewhere on the internet, then connect to it from your laptop via the phone.
Used to be able to buy a $2 sim card, and pass hundreds of MB per day (which was a lot at the time) with zero restrictions.
You just fail to understand the problem that has nothing to do with ASLR. Please read about virtual machines and memory de-duplication.
... and is exactly why you don't deduplicate RAM when hosting VMs...
If you get caught doing 25km/h over (15.5mph) that's an immediate loss of license.
You also forgot that your car will be impounded for 30 days on the spot and you get a visit to court to get it back.
No, it COULD NOT 'potentially' do that. Full Google account access IS NOT, and DOES NOT INCLUDE Gmail access. So it CAN NOT access your email, docs, etc, even potentially.
You would do well to read what you are disputing before spouting more garbage. It can, but not in a straight forward way. It is a problem, and needs to be fixed.
I've been holding my breath for a long time for this, and it's pretty disappointing to have to say... This is really not ready for real use -- at least for most non-trivial use.
We're seeing that something is keeping a spinlock going instead of actually waiting - as a process that is waiting for data is using 100% CPU while waiting. Doesn't do the same on Windows. The guys are now refactoring for this release to see if its fixed in this vs Preview 1.
On the Gnome 3 front, I'll agree that it's probably easier to just go with MATE desktop if you miss Gnome 2 that much.
The KDE Spin of Fedora is high quality. Not perfect, but certainly usable out of the box.
I'm a longtime Linux user and every article I've seen decries Linux's extremely poor power management especially on Laptops.
Can you go into more detail on your setup?
Did you install any custom or non-standard kernels modules?
Any specific config tweaks?
What version of W10?
No special tweaks, or kernel modules - just 'systemctl enable powertop'.
Windows 10 was the ultimate version that was upgraded from the Insider project.
Not only is the RAM usage less (right now, ksysguard is showing 2.2Gb / 7.7Gb RAM used), but the disk activity is less. Performance seems about on par as to loading programs (Chrome / Thunderbird etc). I even get the bonus of being able to use luks for a fully encrypted root partition as well.
Windows and Linux use about the same amount of power. Linux being less efficient sometimes.
http://www.phoronix.com/scan.p...
Sorry - but I have to argue here... I have a Dell Inspiron 15 laptop - Windows 10 gives me ~5 hours of battery life. Fedora 24 gives me nearly 8. And yes - I have measured.
Don't worry, the banks are working hard to solve this security hole... by telling anyone who will listen that these cards are secure, and sticking their fingers in their ears any time anyone says any different.
Yeah, its that much of a threat that I can't even remember a time in Australia that I owned a credit card that wasn't a tap & pay card.
That's at least 14 years. It hasn't caused an explosion in fraud here.
In fact, now my bank even has an NFC payment option baked into any system that also does Tap & Pay that uses NFC on my Android phone to pay without even having the card. I haven't carried a wallet for nearly 6 months now - all I need is a phone.
This is where I realize you don't know what you're talking about because SSLv3 has been disabled in modern browsers for 2 years now. Have a good day with your uninformed, knee-jerk opinions.
So you're going to tell a guy with a 5 digit slashdot ID that SSLv3 problems don't exist because the browser disabled it?
You realise that unless you disable it *ON THE SERVER* it is still offered, right?
I can get free 1-year certs from StartSSL, so why in the world does anybody even use those?
And I'll keep mentioning StartAPI every time this BS about Lets Encrypt comes out - and point to my implementation of it in perl: https://github.com/CRCinAU/sta...
It takes 90% of the pain out of SSL renewals.
If Let's Encrypt refuses to grant any certificates longer than 90 days then your credentials are actually NOT as valuable as they would be otherwise.
Really? Is this what we've become? We expect that systems are that insecure that they can't say unhacked for longer than 90 days?
Sorry, but 90 days is just stupid and expecting everyone to just trust this to a script is just silly.
Lets really get to the point of what LE is all about - people who have no idea of security - but it lets them get this green padlock in their browser (even though its probably SSLv3 by default).