Posts by vagabondo

Re: Non-obviousness

I do not know much about the US system, but. I thought that patents were supposed to be written such that any competent practitioner could reproduce the invention. If patents were written clearly, without legalese obfuscation, then it would be harder to get a patent on general principles rather than genuine inventions, and any legal proceedings could be simpler, shorter, and less of a lawyers' gravy-train.

Why don't the patent examiners just throw patents back to be redrafted if the are unintelligible to any competent engineer. And if the patent offices grant rubbish patents (because they have been privatised, and are paid to grant patents with examination as a cost to be avoided), then judges should apply the tests for a patent's competence before allowing any related action to proceed further.

Re: rdesktop

WinXP does/did. You had to enable "Remote Access/support" from the menu, and do the equivalent of adding the user to the "remote login" group. Has it been dropped? I don't have any MS products, and it's been a while since i needed to access one.

Re: lack of word-processing/office skills

@smudge

You have to read the original linked article in the Independent. Apparently the BBC has a form to request permission for undercover reporting. It seems that the Panorama team needed this for their Tower Hamlets story. Instead of creating a new document using an "undercover-application.template", the "MRF-undercover-application.document" was copied from the MRF folder to the TowerHamlets folder, modified and sold saved as "TowerHamlets-undercover-application.document". A junior member of the Panorama team copied the TowerHamlets folder (containing the "MRF-undercover-application.document") to a USB stck and gave it to the Mayor of Tower Hamlets.

So apart from displaying poor security and Data Protection capability, there is also a lack of competency in using basic office software.

Re: I'm more impressed...

Without a "telephone dial" how do you expect the data-entry operators to get their work done?

http://engineering-intelligence.net/images/bob-800x647.jpeg

http://historycompu.blogspot.co.uk/2009/02/first-computers-pascals-calculator.html

horsepower

The horse-carriage or dray is biologically governed to a maximum speed of about 20 km/hour. Would the auto-automobile be similary restricted?

I suppose the annual vehicle test could be extended to include a "driving test" on a rolling road with simulated traffic, pedestrians, weather, etc. Would these vehicles be rated and restricted to classifications of road conditions (snow, ice. fog, motorway, etc.), load and speed? Presumably instead of a driving licence, some sort of an operators licence would be required.

Re: Podcast in detail about the current vulnerability

http://thecloudevangelist.com/ 10 minutes mp3.

Deserving a downvote for the "bit.ly" link obfuscation and MITM spying; not for the "evagelist" typo.

Re: List of software affected would be useful

from http://gnutls.org/security.html

This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client.

This is GPL, so (9unlike the Apache licensed openSSL TLS) it cannot be hidden inside a closed-source package. You would have to be using a Free browser, mail client etc. that uses libgnutls to be vulnerable. Your system's package manager tools should be able to tell you if the GNU tls library is loaded, what version, and what other software depends on it.

We manage a fleet of openSuSE servers and desktops. None of the servers has this library. Many of the desktops (openSuSE/KDE) do have libgnutls as a requirement of the library as a ffmpeg decoder package (from the third party Packman repositories) dependency, but I cannot determine whether the certificate verification function is ever called.

stock level

So if I was looking for 25 items, or concerned about future availability, I would probably order from your competitor who was showing 300 available for immediate despatch. I would probably be prepared to pay a small premium for the convenience of a single order.

Re: I used Chromium rather than Chrome

@Lost all faith

I think you meant SRware Iron. I just now installed from the rpm, copied ~/.config/google-chrome to ~/.config/chromium and everything worked, extensions and all settings. It's brilliant thanks for the heads up.

https://www.srware.net/en/software_srware_iron.php

Re: "pseudonymised data"

> Like "annonymised" but not really.

No, like not at all anonymised, but we hope you will mistake it for anonymised. I.e. please don't look too closely.

apples - oranges ?

Are you comparing the cost of a licences to use Microsoft software with the price of Red Hat support? Or have you factored in the cost of equivalent technical incident responses?

Re: NSA

And just what rôle does the BIOS code have once the boot loader is running?

Re: Apparently storing data outside the US doesn't help either

El Reg reported this story earlier and with better comments:

http://www.theregister.co.uk/2014/04/28/us_judge_digital_search_warrants_apply_everywhere/

Re: Around the UK

I was recently asked to take part in a NHS/University research program. Their idea of anonymised meant removing my name and address, but including the full postcode and date of birth. Data does not have to be very big to de-anonymise that.

Re: No power users would use Ubuntu

But "power users" are newbie incompetents, who only think that they know stuff. The shiny, shiny new kids' distro-for-dummies was made especially to appeal to the ex-softie "power users".

resolution

Resolution is the major problem, not magnification. You can get round the latter by using multiple lenses, but thed 4e latter is a show stopper if you are thinking of most medical microbiology and histopathology. The stated 4µm resolution would be useful for identifying plankton, plant fungal pathogens,mites and insects, but not cellular abnormalities. The bigger problem for field medical microscopy probably is not the microscope, but the preparation and staining of thin sections and smears.

Re: Not the programmers fault!!

> Too many companies roll out software without dry runs and offline testing.

Could this be related to the CIO's recent departure?

Re: I am paying for OpenSSL, via my Red Hat subscription

And your Red Hat Enterprise Linux is not affected by this vulnerability.

If by Novell you meant Attachmate/SUSE, well the SLES and SLED distributions are also unaffected. Unless you have a Motorola phone, you have not paid Google for phone software. Your complaint should be directed to your phone supplier.

With FOSS you have the choice. Accept it for no charge "as is" and take responsibility for yourself, or purchase support/management and expect your supplier to act responsibly.

Re: Information requested

It's so cheap with the hourly rate that you just sign up an try it -- if you make a mistake you have only lost pennies, and can destroy your instance and start again. It is quite clear how yo spin up and get an initial login. After that it depends on the image/distribution that you select.

I recently started using DigitalOcean. I couldn't discover which distributions were available until after signing up. (Ubunto, Fedora, Centos and Arch). Then you use the selected distro's own wiki and forums etc. for help and documentation. I normally administer openSuSE, and chose a minimal Arch. It took less than two hours to add a user, configure sshd, perform a system update, and add/delete packages and personal scripts to suit, then have a nameserver in production.

I did not find the DIgitalOcean community forums very useful, although the company documentation was clear and helpful. To try something out it is quick and cheap to fire up an new temporary machine to experiment with - that is what I did to find out how to update the kernel, and fine tune the netw configuration for a faster start-up to remote login time. I had never used Arch Linux, with its unique package management and configuration tools before.

Re: Ego wins out over common sense.

I worry about the future of VirtualBox.

Re: my 2 cents

@Tom 13

"the kernel needs to protect itself from this kind of idiocy"

As has been explained elsewhere in these comments, there is no problem with the kernel. It worked just fine. It was systemd (before it eventually fixed this bug) that got itself into an infinite loop and failed to complete the system startup. Spewing out endless garbage to the kernel log was more of a symptom than the cause of the failure.

We used to use the Unix sysv init. This(sort of) loads a shell, mounts the root filesystem then uses a bunch of scripts to start the initial processes in the right order. The idea of systmd is that once it is running, you can just start and stop processes at will. Systemd is supposed to sort out process dependencies -- e.g. making sure that the network is up before starting ntpd or sshd. The strong promotion of systemd by Red Hat employees has meant that important/vital sub-systems, such as udev, have been rewritten to accomadate systemd. This has made it increasingly more onerous for distributions not to switch fron init to systemd. Either systemmmd will mature, and get developer tools and a workflow, such that it can be maintained without screwing other projects, or it will cause so much pain that it has to be replaced. In any case I hope something structurally less arcane can be introduced that fulfils the auto process dependency advantage of systemd.

Re: A tad fishy...

Try a search for "optimaxruinedmylife" or (at least with DDG) even "optimaxruinedmylife.co.uk" and see what happens.

Re: In the UK Credit reference agencies have special privleges

@Jonte Monkey

Once they have your data they have it. Their business is acquiring, cross-referncing and selling personal data. For their purposes it does not have to be accurate, only good enough to sell; much like Google and the other data marketing companies.

They are also in the bulk and junk email business that is used by a significant number of UK retailers. If you are a customer of one of their customers they have that data as well. Plus anything they can glean from DVLA, insurance companies, etc. And as a US company they don't have to worry too much about data protection legislation.

If they are making money out of our data, we should have free access, and the ablility to correct and annotate it. We should also be informed of each occasion our information is accessed/transferred to a third party. That would cut down on fraud and misuse.