LEDE
hostapd in LEDE has been patched in the master branch. This does mean you'll have to build it yourself until the snapshot builds catch up. Yet one more reason, were it needed, to eschew devices which rely on vendor patches.
1257 publicly visible posts • joined 21 Oct 2007
hostapd in LEDE has been patched in the master branch. This does mean you'll have to build it yourself until the snapshot builds catch up. Yet one more reason, were it needed, to eschew devices which rely on vendor patches.
Allow me to clear this up:
What is happening is due to the hype surrounding the planned British exit from the EU. Both sides are equally to blame, the Remainers for foretelling years of doom and the Brexiteers for swaggering about as if the continent doesn't matter.
This is, in reality, two groups of powerful people arguing about who gets which cut of the swag. The losers, whatever happens, will be us. Every. Single. Time. Supporting one or the other is a bit like turkeys voting for Christmas.
Despite the icon, it's not exactly rocket science.
...how sad, never mind. This is the first step towards a default policy of "sod off" to people (I use the term loosely) who want to know every last detail of your life. As I've said before, bricks and mortar shops get the local telephone exchange's post code, they all get my defunct and unconnected landline and web biscuits disappear every time I hit the little X at the top right.
It was starting to get to the stage where they wanted your inside leg measurement to buy a sodding bag of Wotsits. Now, if we can just educate people to stop the human version of trackers (that bloke with the slack jaw grunting from behind the till) adding your details to every damned database in Christendom we'll be well on the way to having these cretins beaten. Okay, it not nearly so bad in that he doesn't follow you around the other shops - probably because he'd get a totally non-virtual smack in the mouth for doing so - and then adds your other purchases to his little electronic list but it's bad enough.
"Can I take your post code, sir?"
"What for? I'll take them with me. I don't want them delivering and I don't need a warranty on a packet of screws." -- recent visit to Screwfix
Expression of wild-eyed, maniacal insanity, responding to every query with "What was that, Mr Flibble? Two hours W-O-O? Yes, that will teach him for being a bread basket" and filling the spaces with mumbled rants. They don't even have to be coherent, just make sure they sound ominous.
Worked for me for years, headphones optional. It's all spare cycles anyway.
@zarvus: You realise, of course, that my point was not that Russia is all sweetness and light but that we have skeletons in our closets and rampant hypocrisy enough of our own as well, yes? Which do you prefer, an organisation which is open about its desire to oppress or one which does the same authoritarian shit but wraps it up in a veneer of "for your own good"?
Before you start banging on about democracy, take a look at how much choice you *really* have in those elections you're so fond of. Even the candidates are pre-selected before you even get to know there's an election happening, not to mention the actual core of "free western democracy" is beyond the electorate's reach in reality - the career civil servants, who are the reason the policies never seem to change between administrations, regardless of what the manifestos promise.
So, tovarisch, do you still feel like taking the piss or can you admit that no system is perfect?
Probably not applicable to greasy spoons, or whatever the equivalent Greek purveyor of e-coli is, but the majority of this free WiFi is simply another method of tracking. Since it's free, you have no expectation of level of service so if they fling an ad or two you're not going to ask for your money back.
Of course, we all have a VPN service to connect to, don't we? RSN with AES doesn't really matter when you have an encrypted pipe to the Internet, does it? And we'd never accept their DNS as canonical, would we? Think again. They're collecting MACs, linking them with customer data and they have a globally unique ID for you from one hotel stay, regardless of the pipe to the Internet. The AP has to be able to see your dirty MAC, Mr Columbo. You may as well have an LED sign, in 16M glorious colours, advertising your presence to every smug-faced marketer on the planet until your next device upgrade when the MAC changes again.
As always, follow the money.
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting cybercrime. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(x) Legitimate uses would be affected
(x) Requires immediate total cooperation from everybody at once
(x) Many users cannot afford to lose business or alienate potential employers
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Lack of centrally controlling authority
(x) VPNs and proxy servers
(x) Asshats
(x) Jurisdictional problems
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Extreme stupidity on the part of users
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(x) Blacklists suck
(x) Whitelists suck
(x) Countermeasures should not involve sabotage of public networks
(x) Why should we have to trust you?
(x) Feel-good measures do nothing to solve the problem
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Okay, I had to extend "spam" to "cybercrime" but the underlying message is the same.
I have some DVRs (one Tivo, two Humax) which record locally but as far as I can tell are not visible (at least to Shields Up) to the Internet.
Be very careful with that assumption. You're probably okay with your Tivo and Humax DVRs but most of these cheap CCTV DVR/NVR/IPCs, which is what we're discussing here as it was these which were targeted by Mirai, have a "cloud" feature built into the binary that processes the stream(s). Even if you disable the thing in the config, it'll still ping out to let the mothership know it's alive¹, which is why I said one of the mitigations was to block outgoing packets on MAC. Anything that can tunnel out through NAT/uPnP/firewall can tunnel back in again. ShieldsUp! won't detect stateful connections, only blatantly open ports.
¹Yes, I did verify this on the Hi3518E based cameras and a cheap, shonky Owsoo NVR, watching the resolver logs and sniffing the packets as they hit the brick wall of my router. Since most of this bilge is based on HiSilicon chippery, a safe course would be to err on the side of caution.
This is one time you really can't level that charge against the consumers. Many of the shonky PoS have hard-coded passwords in their root ROMfs and you simply can't change it without unsquashing the filesystem, messing with crypt, recreating the bin and buggering about with arcane flash commands in u-boot - and that assumes you can get a bootloader prompt in the first place, not to mention knowing the flash layout.
IP cameras based on the ever-so-popular Hi3518E chipset had this right up to the January 2016 firmware release. Worse, the default password was the same across multiple manufacturers. The only solution was to block forwarding at the gateway with MAC filtering or stick them on their own isolated segment.
If you want a decent IP camera, a Pi Zero W with the Picam NoIR, a switchable IR cut filter, a ring of IR LEDs and a decent wide angle lens works nicely. If you need a NVR, use a Pi III with ZoneMinder. All of this shonky rubbish needs to die in a fire.
Please stop shoving "Android" into a pigeon-hole. There's Android™ and then there's Android. Even if you don't feel like building it yourself, there is a plethora of options other than stock GoOgle-age. For my device, the Wileyfox Storm (I know, big mistake but I've beaten it into submission), there's Lineage nee CyanogenMod, Dirty Unicorns, AOSP Extended, VertexOS and many others. For a mainstream device such as the Moto <letter> handsets, there's more choice than you can shake a soggy stick at.
For Joe Public, yes, iOS offers advantages. For us lot on t' Reg, custom built Android beats seven shades of excrement out of Apple's walled garden.
Sites that have advertising need to have a basic understanding that if I go to their site for any reason it's probably not the best idea to obscure 95% of my view with a random "STAY INFORMED" or other junk pop-up when I land.
The other one that really pisses me off is the pop-over "Sign up to our mailing list!" Yes, just what I need, more irrelevant crap in my inbox. I'm interested in this content now and I'm reading it on my schedule. Thirty minutes down the line I'll be looking at/doing something else. I do not want every single mundane task or research session turning into a life-long obsession, thank you.
As for special deals on whatever they're selling, I probably already have one, which is why I'm there in the first place - and that really didn't turn out well or I'd not be looking for updates or a digital bat with which to beat it to death. Foscam, I'm looking at you. Thankfully, that was someone else's bad decision...
Well all I can see was the fear UKIP induced in some in the Conservative leadership to the point they were sh**ting themselves they would lose MP's and/or power.
Am I the only one who thinks UKip should be the British Air BnB? UKip on the sofa, UKip in the hall and I'll kip in me bed. Breakfast is whatever isn't growing green hair in the 'fridge.
This whole process has FA to do with UK voters and everything to do with keeping the Conservative Party united. 1 nation. 1 people. 1 Leader. 1 vision (as Freddy Mercury might have sang).
Magic (kinda)...
If we don't destroy ourselves with our tribalism, in a century or so this will be looked back upon with much hilarity as the concept of "Nation" is explored in history lessons. It seems to me that the vast majority of the rhetoric from both camps is an awful lot of prick waving and not much substance. The reality, then, would appear to be that they're two sides to the same coin: A lot of people using power for personal gain arguing over how to divide up the spoils.
So, business as usual, then.
It actually makes more sense to pin further up the chain. For example, if I pin to Thawte's intermediate, it's a clear, unequivocal message that I use Thawte (I don't, and other CAs are available) and a certificate issued by, say, Wosign (fat chance) is going to be malicious.
That way you can revoke, regenerate and reconfigure at whim as long as your trust chain remains unbroken.
Aye, but you don't want the new key in there yet if managed-keys is going to work its magic. Right now the new key is in the prepublication state, i.e. published but signed with the old KSK and not being used to sign the ZSK(s). You have until 11th September (a significant date I can only assume was chosen to make it extremely easy to remember) to get your managed-keys stanza into your config.
After this date, I suspect you'll have to manually intervene with the new key because the new ZSK won't have been published and signed, as far as your named is concerned, for the required 30 days but using managed-keys will future-proof the setup.
Trivially simple. Ditch your old static trusted-key stanza for "." and add:
managed-keys {
"." initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
};
Do it now before the rollover window closes. You need 30 days of old ZSK signed new ZSK (read that carefully, the new ZSK is pre-published signed by the old one) for this to work.
I must confess I scrabbled around in my /etc/bind before finding I'd done it in 2013 :-)
Can you throw it at your annoying mate who is spouting some crap about immigrants and telling you there's such a thing as "Britishness" without a single hard fact to back up his assertions, pick it up, store it and then find it in a drawer seven years later, not only with enough charge to power up to prove it's worth charging but also fully functional?
If the answer to any of the above is "no" then it's not a bloody Nokia. And don't get me started on fixed batteries. I still have devices that use BL-5Cs long after the handsets that created the format have gone from the market.
Vaping is a drug delivery system.
Oh noes! Ban teaspoons before someone mixes their next fix on one!
Just like the language you used there, it all depends on what you load it with. Banning the legitimate use because someone may use it illegitimately simply kills all legitimate use. This is what we've been trying to get Ms Rudd and Ms May to understand about cryptography - you won't stop the scrotes using it, you'll just remove all of the positive benefits.
Even if you are not a vaper or a smoker, you should be furious - collectively we are all on the hook for the resulting costs.
It's not all bad news, of course. Keeping people smoking lowers the number who manage to reach the ever moving retirement age. Less people retiring, less of that lovely pension pot The City™ have invested in more consumer-rogering you have to claw back or find from the social security budget.
Actual smoking is still a net gain. From the top of my head, 2011-12 tobacco taxes gathered £12bn. Tobacco use cost the NHS £5bn - and most of that is not the cost of the compounds used in the interest of patients, more the compound interest on the money used to access the patents...
He's a security researcher. How else is he supposed to make a living? Begging?
In answer, though, yes I did read it. I don't necessarily believe it or ascribe the same motivations to it that you obviously do but then I have this a{rse|ss]hole thing I do called "thinking for myself" which is probably the next big thing to have "The War on" added to it. What we'll probably never see is The War on Wars on Things, which is a shame as it falls so prettily from the tongue...
I'm wondering how relevant is the fact that this comes from the Googleplex. Very is my guess. As far as I can tell, Linus sees the checker halting the machine with a BUG() where a WARN_ON and continue would be more appropriate. That trips my tinfoil hat into thinking Google prefer the machine to stop rather than allowing a potential root vector (Android, given that they've expressed a recent interest in taking back control of their OS) whereas Linus wants bug reports and meaningful information which require the machine to still be in a somewhat accessible state rather than limiting the user's access to her own bloody hardware.
In this instance, Linus is bang on the money.
Well, there's also the ESP8266 in all its guises and the STM32, which runs at 72MHz, is far less fragile, runs on 3V3 and doesn't crap itself after a heavy debug session yet costs around £2 for the F103 "blue pill" modules.
The ESP has 802.11n built in and massive community support. Both can be integrated into the friendly Arduino IDE. Intel's stuff was barely relevant anywhere.
Don't get me wrong, the Atmel based boards are great for starting out, they're just rather light on RAM and flash - the STM32 has 20k and 64k (officially, but most blue pills have 128k flash) to the Mega328's 2k and 32k, so much so that you often find yourself running out of dynamic memory on the pro mini and nano, not to mention just two interrupts. Both the SoCs I mention have the ability to attach an interrupt to most of their GPIOs.
I'll still get a beer in, though.
How can you discuss policy with a minister whose only means of expression is to scream at you "Eeeeeeeeeeeee-oooooooo buh-doyngg buh-doyngg eeeeee-AAAAAAHHH!" before promptly hanging himself?
Absolute bloody genius. I'm assuming, since he does the gain adjustment bit, that he's a v.92 modem?
The letter says that if that information [TV viewing, phone, Internet records] should "fall into the hands of an owner with an appetite for political leverage, the temptations and opportunities for misuse become very great indeed".
And they wonder why so much opposition to the government having "opportunities to misuse" very large datasets of public activity. Appetite for political leverage? By definition, that includes every person ever elected to government and every civil servant with a pulse.
systemd
with faint praise
Jesus tittyfucking¹ Christ, it's like someone was playing buzzword bingo and just spewed the winning card onto the web server. They do try their best to make mundane, soul-destroying, humdrum crap sound really exciting - usually by making up new words.
The bottom line is still "give us your cash and we'll give you a permanent headache" though.
¹ Sorry, I don't usually pepper my posts with the f-word if I can help it but I'm afraid, having tried to read that mush, I needed an expletive commensurate with the crimes against humanity committed on that blog.
Quite possibly, patrickstar. I don't, though. I usually blame the user, since it's ultimately the user's responsibility not to click unknown links, open unexpected attachments and generally act like a bellend. Granted, there are times when it's the admin's fault and there are times when it really is Microsoft's fault, given that most of the services are embedded into the OS. That said, it's still the admin's job to disable any that aren't needed.
Ultimately, whose fault it is matters less than having the right information to mitigate holes. Playing the blame game only gets in the way, which brings us back to my original point.
Saying embedded systems and systems with "sysadmins" who don't patch is somehow a Linux problem is akin to saying that it's Ford's fault so many of their cars break down due to people using crap oil from supermarkets.
What this actually is is a money problem. "We've done the R&D, we have a product, flog it. Updates? WGAF? We've got their money."
One more reason I run LEDE. I'm not relying on anyone else for my security.
...white, middle-aged, heterosexual male, I have never read such a load of alt-right tosh as this petition in my life. However, given the dearth of supporters, it does give me some hope that humanity is becoming more accepting of diversity as a positive step towards truly being civilised.
I wrote in April last year
For the avoidance of doubt, "free" is simply a have now, pay later with your privacy deal. It's worth remembering, when June rolls along, that we didn't even have a right to the expectation of privacy before the HRA 1998. Ms May&co wants to repeal that[1] but even that would be a pointless gesture until the shadow of the ECtHR is removed. Be careful with that vote, folks. You may have someone's eye in.
OTOH, I can't help wondering if Call-me-Dave's special exception on closer political integration renders that a moot point.
[1] George Carlin once said a right isn't a right if someone can take it away. It's just a temporary privilege.
I'm getting too bloody good at this prediction lark, unfortunately.
I'd start with consumer routers, personally. Once your edge gateway is secure it can police everything else. Forget shiny boxes and wireless range, make the damned things fit for purpose first. Step one: make forwarding packets either way to ports 137-139 and 445 blackhole routes by default. Not reject or ICMP unreachable, blackhole. While it's wondering where its packet has gone, it's leaving someone else alone.
And can we please stop enabling uPNP out of the box? It makes setting up C&C links trivial for any slightly clueful villain.
I can see your point, tiggity, and I'll be the first to admit that the current resource usage on this planet is unsustainable but the figures don't add up. Either all the lights go out and we go back to the most popular car being An Ox or someone has to come up with a fully-arsed solution which will probably involve nuclear, wind power, hydroelectric, hydrogen and proper integrated management of those generating sources (nuke for baseload, hydro/wind for in-fill, surplus wind at off-peak times used to pump back up the hydro and electrolyse sea water into H2, which may then be used for transport and the resultant pure water harvested back at the filling station so every vehicle becomes a mobile desalination plant as a side effect) rather than just dumping it onto the grid. Yes, that will probably mean renationalisation of the power generating facilities, if for no other reason than to put them all on the same page in the hymn book.
There's also the urea fuel cell. Wind and piss are two things this country is never short of.