* Posts by Displacement Activity

351 posts • joined 2 Jun 2008

Page:

'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'

Displacement Activity

"Subset"?!

"Like a lot of companies, we get millions of intrusion attempts a month and unfortunately one got into a subset of our customers and a subset of our backup environment."

Curious that Blackbaud lost my school data and my university data. Seems like this subset may be rather large.

Intel's 7nm is busted, chips delayed, may have to use rival foundries to get GPUs out for US govt exascale super

Displacement Activity

Can't see it...

TSMC now has 2(?) Fabs in mainland China. Ok, Intel's masks would probably never get beyond Taiwan, but I can't see the PRC connection helping.

And Philips must have been kicking themselves for the past 30+ years, after bankrolling TSMC and then walking away.

Teardown nerds delve into Dell's new XPS 15 laptop to find – fancy that – screws and user-serviceable parts

Displacement Activity

Re: HP Microserver Gen8/Gen9 and their failiing NAND chips used for iLO system monitoring.

Hadn't heard of the flash problem, but I reckon GenX in general is pretty much done. Gen8 excellent, I had to give away my Gen9 after it bricked, Gen10 ok but too much cost cutting. Pity.

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer

Displacement Activity

Re: General concern

The UK has the class system

You've been watching too much Monty Python. I have spent decades working in British engineering and have never seen any form of discrimination based on 'class'.

Hey, Boeing. Don't celebrate your first post-grounding 737 Max test flight too hard. You just lost another big contract

Displacement Activity

Re: El Reg, a little reporting accuracy??

And, of course, airlines around the world have been regularly flying maxes to boneyards.

You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS

Displacement Activity

Don't get it...

They've built an SDR TCAS, which is not really interesting. To get it to do anything, they have to get it *close* to an approaching aircraft - it's physically impossible to pretend to be close, without the next-gen faster-than-light SDR2. And, if they have managed to get their kit near an approaching aircraft, then the target aircraft should get out of the way anyway. There may be some limited mileage in putting it on the ground, spoofing their altitude, and hoping that they can persuade passing aircraft to gently ascend or descend.

Note that 'security' doesn't mean authentication here. ACAS uses 64-bit messages. The Wikipedia article makes the point that it can't be extended to even 128 bits because it would then be too slow to handle high-traffic scenarios.

The only interesting thing here seems to be the comparison of Python and C++.

Belief in 5G conspiracy theories goes hand-in-hand with small explosions of rage, paranoia and violence, researchers claim

Displacement Activity

601? Seriously?

They surveyed 601 people. So how many loons did they find? 6? 10? Seems a pretty poor basis on which to be writing papers and drawing multiple correlations. Or are they perhaps running out of grant money?

RetroPie 4.6 brings forth an answer to 'What do I do with this Pi 4 I bought last year?'

Displacement Activity

Re: Pi 4 mouldering?

+1 for effort. Got my 4B about a month ago. Loaded lots of software, and it worked great until I tried to plug an audio DAC on, which is what I got it for. It now pretty consistently fails to boot.

So, it's mouldering in a drawer, while I try to find the time to (a) work out what the power management firmware updates are all about, or (b) send it back during lockdown and hope for the best.

Academics: We hate to ask, but could governments kindly refrain from building giant data-slurping, contact-tracing coronavirus monsters?

Displacement Activity
Meh

Are we still reporting 'letters from academics', then?

While you're at it, I would rather like to hear Bob Geldof's view. And perhaps Lily Allen.

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)

Displacement Activity

Re: what the f*ck is a "sidewalk"?

Weird. I was going to post with title "WTF is a sidewalk", or possibly crosswalk. Any Why TF do I always have to do it more than once??

Anyway, fixed it in my current website. The contact form justs asks the user to answer a very simple (technical) question, and there are several valid one-word answers. Anyone who's on the website and wants to contact me will know the answers, and I don't want to speak to anyone else.

High-resolution display output or Wi-Fi: It seems you can only choose one on Raspberry Pi 4

Displacement Activity
Meh

"mini computer" != "minicomputer"

<pedantic-nerd-mode>

I've still got my copy of Mick and Brick, which was the bible of bit-slice (and mini) design. On p259 a '16-bit time-sharing CPU' is described as the heart of a 'minicomputer'. Even more bizarrely, I've still got the handbook for the Varian 72, which I used in an early job, published in March 74. It describes itself as a 'minicomputer'.

OTOH, a 'mini computer' is just a miniature computer.

In more recent news, I'm just about to get a Pi Zero...

</pedantic-nerd-mode>

Stallman's final interview as FSF president: Last week we quizzed him over Microsoft visit. Now he quits top roles amid rape remarks outcry

Displacement Activity
Thumb Down

Linux; sod GNU

Been using Unix since the 80s, on V7, I think. I'm currently running 7 different flavours of Linux. Over the years I've come to the conclusion that the one thing that has really screwed Linux, and kept it as a backwater (if you ignore Android, of course) is... Stallman. I presume he was a moderately competent programmer, since his name is on Yacc and, I think, bits of emacs. Maybe he should have left it there.

Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege

Displacement Activity
Meh

He got caught because of "service provider records that point to Kvashuk", and because he used a device with a "specific device identifier"? Seriously? What a plonker.

And Microsoft pays $116,000 (£93K) for a testing job? WTF? You'd think they could produce some useful software for that sort of money.

And I'm not quite sure what the problem is with having assets of $1.76M on a salary of $116K. That's a multiplier of 15, which doesn't sound like it's completely out of the question. Unless you're a banker, of course, in which case it's way too low.

ReactOS 'a ripoff of the Windows Research Kernel', claims Microsoft kernel engineer

Displacement Activity
Thumb Down

@Lee D: really? @ReactOS: WGAF?

"Reverse engineering those "affected" files in the normal way would easily reveal private symbols".

Please explain how you would get macro names out of this process. I assume the code is in C, in which case the copiler doesn't even see the macro names, as per 5.1.1.2, 6.2.1, etc.

@ReactOS: Anyone who has the extraordinary lack of imagination which would be required to reverse-engineer and copy a Microsoft kernel deserves everything they get, and more.

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD

Displacement Activity

Yes, alpha particles

<nerd mode>

Cosmic rays cause soft errors in memory chips and general circuit failures. At sea level, 'cosmic rays' are primarily high-energy neutrons. Neutrons are uncharged, so don't themselves cause circuit upsets. However, when they're captured in a nuclei in a circuit element, they produce charged secondaries, including alpha particles, which do cause circuit upsets. See https://en.wikipedia.org/wiki/Soft_error#Cosmic_rays_creating_energetic_neutrons_and_protons, for instance.

</nerd mode>

Amid Trump-China tariff tiff, Cisco kit prices to resellers soar up to 25%

Displacement Activity

Meh

"Chinese-built components coming into the US" are almost certainly assembled PCBs and systems, and are unlikely to be anything with any significant IP attached.

I've been with companies (in the UK) who have outsourced assembly to China for 35+ years. Everybody who does this has always lived in fear that they'll be ripped off and their IP will be stolen. The upside is maybe 50% off your end-user price, and the downside is potentially losing your IP and your market completely.

Whatever Trump does or doesn't actually say or believe, if anything, it's a fair bet that everyone in the electronics business (outside China) is breathing a sigh of relief, whatever they say in public. The dust will settle eventually, and the end result will either be that the Chinese start to play ball, or that manufacturing will return on-shore. Both of which are Ok by me. Sure, the US will take a hit short-term, but that's someone else's problem.

Nokia reinstates 'hide the Notch' a day after 'Google required' feature kill

Displacement Activity

Re: Can't make sense of this.

And... umm... what is a 'notch' anyway?

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Displacement Activity
Thumb Down

WTF?

And what if you have set up DNS to route *only* 'www.foo.com', or *only* 'foo.com', to your server?? This isn't particularly unusual - my local hardware shop is 'www.woc.com'. 'woc.com' isn't routed and doesn't work. So, go there with Chrome, and you think you're on 'woc.com', which doesn't exist. Or does Google want to run DNS as well?

Those tossers have already achieved the impossible, which is to make me start using MS's excuse for a search engine. Chrome is next on the delete list.

Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

Displacement Activity

Not really news, and How To Screw Maps

I've been using Google exclusively for 15+ years without problems. Then, a couple of months ago, they started swamping my searches with ads. Not just at the top - mixed in throughout the search results, even when I'd clicked the invisible 'hide ads' button, making the real results unusable. Really, really dumb ads, and all for the same thing - say, 8 different ads for Dubai hotels, all on the first page of results. The connection? I had *flown* over or through those places, with a maximum stay of a couple of hours, over the last year or so, with maps turned on. Seriously. I've never been to Jersey, but flew over at 35,000ft, and got pages of ads on camper van hire in Jersey. In case I crashed, presumably.

My fix is to to dump Google. MS has screwed me in thousands of ways, but their search engine hasn't quite got to this level of stupidity. And duckduckgo if I can be bothered.

RIP: Sinclair ZX Spectrum designer Rick Dickinson reaches STOP

Displacement Activity

RIP

So long, Rick. We spent many happy nights in the Baron after work, along with Jim and Dave, and occasionally Clive, back in 80/81. If there's a bar where you're going, get me one in.

BCC is hard, OK? Quite a lot of orgs blurted your email addresses in GDPR mailouts

Displacement Activity

Re: BCC is actually slightly hard

Sounds like mine is pretty much the same - also for a kid's club I helped to run (small world!). I've got an extra level of security - everyone gets their own club address, and has to post through a proxy, which modifies all the mails so that no-one ever gets a 'real' outside-world mail address. It never uses BCC, of course - it's far too wooly.

Displacement Activity
Meh

BCC is actually slightly hard

I've written a mass mailer, which uses anonymised addressing. The main confusion is that your mail program talks to the rest of the world over SMTP, which knows nothing about "BCC". Quick overview here:

https://stackoverflow.com/a/26611044/785194

Comp sci world shock: Bonn boffin proposes P≠NP proof, preps for prestige, plump prize

Displacement Activity

Re: "And P=NP is completely irrelevant to crypto in general. "

Posted by someone with absolutely no understanding of the subject they are posting about.

Curiously, I'm probably the only person writing here who works in precisely what I was writing about, full-time.

Displacement Activity
Meh

Current cryptography assumes P≠NP?!

And at the following link:

Ask many computer scientists what happens if P = NP and you'll get the response that it will kill cryptography.

Really? Knowing that there's a class of problems that are harder to compute than to verify isn't going to affect public-key crypto. That will only be affected by one specific problem: the difficulty of deriving a private key from a public key, ie. the ease of factorisation. Everyone knows that factorisation is currently difficult, and that everyone is working on it, and that quantum computers can handle it (already, but only for small numbers) with Shor's algorithm. Whether or not P = NP will make no difference; it's already known that public-key is dead in the longer (or shorter) term.

And P=NP is completely irrelevant to crypto in general. There are already lots of practical systems around the world sharing private keys using provably-secure quantum mechanics, with no public key anywhere. Ok, I know that some people reading this won't agree that something is provable because they can't prove it themselves, but still not P=NP.

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

And knowing where to look...

https://www.digital.nhs.uk/media/1486/NHSmail-confirmation-it-is-safe-to-connect/pdf/NHSmail_150517

Ergo, any trust infected was still running it's own improperly configured separate mail system in preference to using the centrally provided NHS Mail system (nhs.net)

I'm not sure that this actually came in by mail. There was an IBM guy on Radio 4 this morning saying that they'd scanned a billion (literally) mails and hadn't found any with the original infection. Is the source for the mail infection angle just one statement from Telefonica?

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

I have an application that can run only on Debian 5 (it's being phased out). A good part of it are kernel modules... etc

Sorry, but your post makes absolutely no sense. I really hope that you're not involved in NHS commissioning.

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

@Richard 12

If you airgap it, how do you get the images off? Today, things like X-rays and MRIs etc.pass the images etc. into your records and can be seen on screens throughout a hospital. Making them only available on a few screens near the MRI etc. is pointless.

Don't airgap it; open one port, and write an app that retrieves images. Transer with standard sockets code; it's trivial, and the comms can be done in a couple of hundred lines of standard C.

And you wouldn't even think about running this on XP, or Win10, or whatever, and using SMB.

Displacement Activity

Re: Eh?

Microsoft provided the patches to those who had contracted for support of XP. No hoarding.

Errr... the point is that MS pointed the finger at the NSA for hoarding. MS selectively disclosed, and the NSA selectively disclosed. No hoarding.

Just in case Microsoft didn't understand: intelligence agencies and hackers all round the world spend their life looking for zero-days, for their own reasons. How MS can then blame them and whine that they're 'hoarding' is beyond me. F***tards.

Sophos waters down 'NHS is totally protected' by us boast

Displacement Activity

Re: Fault?

Obsolete OSes and timely application of patches are one issue, but this could just as well have been a zero-day.

Sooner or later you're going to get an infection inside your network. What you want is (a) to detect it quickly, (b) to limit the spread, and (c) to allow the affected parts to be wiped clean easily.

Well, yes, but you omitted the fundamental problem - don't, by default, assume that your computers have to be on a network. They don't. And, if they do, don't just share everything on SMB/whatever.

Whoever decided that an MRI scanner/X ray machine/whatever had to talk SMB should be fired. It would take a day to knock up a program to transfer X-ray images over a basic sockets connection, and another week to turn it into a client/server app to find and return any image.

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Displacement Activity
Happy

Re: Biggest problem is the apostrophe

Hello AC1 what wrote the apostrophe thing, nice to meet you.

I should probably warn you that meating AC0 may not be a nice thing to do, and is probably illegal.

Displacement Activity
Meh

Re: Biggest problem is the apostrophe

@AC: +1 for assisting Mr. Stiles with his enema. However, I would like to point out that 'spelt' *was* probably appropriate (anywhere outside the US, anyway).

And I have to wonder whether anyone defending JS has actually used it. It's an extraordinary mismash of the obscure, esoteric, and downright inane. It was knocked up in a weekend (Ok, more or less), and has been constantly added to ever since. And, whatever you write, there's always some tosser somewhere who'll refuse to run it because you clearly intended to break out of their browser and trash their system, despite your inability to access any files.

Still, on the plus side, there won't be much competition from Stanford graduates in the jobs market.

TCP/IP headers leak info about what you're watching on Netflix

Displacement Activity

Re: Stating the obvious

That's not how it works. The connection is HTTPS, so the secret key is specific to the browser session, so it's not the same as matching "up the flashes around your curtain upon scene changes". The flashes will be specific to the viewer.

Silverlight/DASH/VBR produces specific sequences of video segment sizes, which can be extracted from the headers. Apparently.

And, more interestingly, someone is still using Silverlight.

SVN commit this: Subversion to fix file renaming after 15 years

Displacement Activity
Meh

I actually use both

Here's the thing: one's distributed, one isn't. If you're writing a Linux kernel, distributed is great - 20,000 people get their own complete repo, and mess it up to their heart's content, and you never expect to hear from 19,950 of them ever again.

In the average dev environment, you want that like a hole in the head. You want one centralised repo, and you need to enforce discipline. git can more or less do that, eventually, but it's difficult, and it's not the git way (how many git users even know what a bare repo is for?)

I have to deal with someone who does fixes and adds features by cloning a git repo on his local machine, with the master being his previous local clone, and who very infrequently pushes anything remotely. I then have to try and work out WTF is going on and then merging myself. That would never, ever, happen in an svn enviroment.

I've also used RCS, CVS, Clearcase, and Perforce. For my money, svn does the job, and it's intuitive, and easy to learn. For the right project Perforce is also a good choice, if you've got the money, and someone to read the manual and do the difficult bits.

Why is the Sinclair ZX Spectrum Vega+ project so delayed?

Displacement Activity
Thumb Up

Good on you, Clive...

The complete 70's retro experience for only £100. Brilliant idea. I think I'll personally give it a miss, though - I was sat in Sinclair HQ the first time around, and that was enough for me.

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

Displacement Activity

Re: Lots of shouty, no content

I've just scanned it as well, but I can't find anything of any value. It even explicitly states "Note that the focus of this paper is not measuring the security state of specific JavaScript libraries. Rather, our goal (and primary contribution) is to empirically examine whether website operators keep their libraries current and react to publicly disclosed vulnerabilities". The technical content on vulnerabilities appears to be zero.

Java? Nah, I do JavaScript, man. Wise up, hipster, to the money

Displacement Activity

Re: @wolfetone

"What do you think all those new fangled hipster bootstrap/angular/ember/FOTM.js GUIs are querying? Protip: it ain't C. "

Errr.... protip++... yes it is. Maybe not for you but, in my case, Bootstrap/JS querying C++ and some plain-old-C. The code that implements the CGI/JSON/etc stuff is tiny and trivial compared to the rest of the app, and those SQL APIs generally start life as C anyway.

And, if you want real money, you'll get twice as much with a Maths degree/C++/Matlab as you will with Java.

And, if you're currently delivering pizzas, you're a lot more likely to make money with JavaScript than with Java.

Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

Displacement Activity

BBC flash

@Number6:

Go to news.bbc.co.uk, find a vid, right-click, confirm you're on flash.

Go to http://www.bbc.co.uk/html5, opt in to HTML5.

Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51.

Google's Chrome is about to get rather in-your-face about HTTPS

Displacement Activity
Thumb Down

Follow the money

1 - Google charges for TLS on inbound connections;

2 - Google is a prime mover behind 'TLS Everywhere', and is now starting to factor this into page rankings;

3 - (Google's) Let's Encrypt certificates prove exactly nothing except that you have control of the server for which the certificate was granted (you only have to post stuff on it to get the certificate);

4 - Bad People control their own servers anyway, so can trivially get their own certificates; MITM is therefore irrelevant on these sites

95% of sites have exactly *no* reason to worry about whether someone is forging their site, or whether there's a MITM somewhere in the connection. So, Google is screwing us, and we have to pay the price by dicking about with TLS on our own sites, and keeping certificates up-to-date, and trying to ignore pointless warnings, and handing cash to them if we're stupid enough to host with them.

Stallman's Free Software Foundation says we need a free phone OS

Displacement Activity

"Have you forgotten that GNU provide the GNU tools, you know, all the userland stuff for Linux, available for many other UNIX's as well ?"

Errr.... I'd be a lot more impressed if they hadn't taken a huge amount of *existing* free software, and rewritten it simply because they disgreed with the definition of 'free'.

Samsung set a fire under battery-makers to make the Galaxy Note 7 flaming brilliant

Displacement Activity

"placing anodes and cathodes in locations where they were likely to come into contact"

Doesn't seem to have happened, judging from the limited summary you're printed. Different parts of the negative electrode may have touched each other. The negative electrode touched the "positive tab". If the actual electrodes had touched, it seems pretty unlikely that affected batteries would have survived any attempt at charging.

On last day as president, Obama's CIO shrouds future .gov websites in secret code

Displacement Activity

Re: Someone forgetting how https actually works?

@just_me: the browser doesn't send a key (except for very secure sites, where the server asks for a certificate from the browser to prove the browser's identity - not relevant, since the vast majority of us don't have certificates and don't try to connect to these sites anyway).

1 - the server identifies itself by sending a certificate, which includes the server's public key

2 - the browser/client decides on a secret (symmetric) key to be used for the actual browsing part of the transaction (the second phase). It then encodes this using the public key sent by the server, and sends the result to the server

3 - the server decodes the new symmetric key using its own (the server's) private key

4 - Both the client and the server now know the secret symmetric key to be used for encryption.

So, basically, asymmetic keys (different public/secret keys) are used to decide on a symmetric key (one secret key) to be used for subsequent encryption. During the asymmetric phase, only the server's public key is used.

Galileo! Galileo! Galileo! Galileo! Galileo fit to go: Europe's GPS-like network switches on

Displacement Activity
Meh

"Don't wait, innovate"...

"Today I call on European entrepreneurs and say: imagine what you can do with Galileo – don't wait, innovate."

Curious. I got a letter (remember those?), maybe 10 years ago, from the UK DTI (UK Department of Trade&Industry), asking me to do exactly that. In other words, "we're going to spend billions now, and it's a f*** of a lot of money, so please, please, please, come up some justification for it".

10 years later, and there were no new ideas, because the whole thing is fundamentally flawed. The system is fragile, and even a country as backwards as North Korea could reduce the whole thing to ashes in a matter of hours. Having in-car and in-plane satnav is great, but the Americans have already rather thoughtfully paid for that. We could use it to reduce our reliance on the US for missile delivery, except that they could turn it off just as easily as they can turn off their own system. I can't think of a single other useful application that couldn't be handled better, and much more cheaply, by a ground-based system.

Euro Patent Office staff plead for third time to get rid of Battistelli

Displacement Activity
FAIL

Dear KM/Reg: Que?

I was going to look up what the problem actually was, until I got to your last paragraph:

"However, Battistelli's abrasive personality and his insistence that the solution to each set back is to give the presidency greater power has long since stopped serving the organization itself and has instead becomes a personal crusade that benefits no one".

Is this your personal opinion? Why have you put it in a news article? How do you expect anybody to take you seriously?

WebAssembly: Finally something everyone agrees on – websites running C/C++ code

Displacement Activity

Re: ... applications as web pages instead of applications as applications ...

The main reason is to reduce the reliance on the OS.

The main cost is the reliance on "current" browsers, who may pull the rug-out at any time without warning which leads to the still-existent IE6 stuff still hanging around.

+1, but 'reducing reliance on the OS' includes supporting all those users on stupid OSes, dealing with moronic walled garden vendors, learning multiple development environments and languages, handling OS bugs and security flaws, rather than just browser ones, packaging and distribution, you name it.

And the commentards still turning off JavaScript in your browsers: what actually are you using the web *for*? Static webpages and videos? Really?

Displacement Activity

Re: Safe?

@bazza - I think you may have the wrong end of the stick as well:

@PNGuin,

"Why would you need C/C++ to make a website safe?"

Wrong way round. C/C++ (or indeed anything else that can be compiled down to a WASM) can be run in the browser safely, everywhere, probably. The emphasis is on the "dangerous" language being available to a programmer but being fully constrained by the sandboxed Javascript engine that actually runs the WASM.

Disclaimer: I've only spent 10 minutes on the webassembly website, but that seems to be good enough for ElReg comments...

Nothing to do with JavaScript. Your code compiles down to binary instructions for a stack machine. This code is then executed in what is, hopefully, a safe environment, normally in the end-user's browser, possibly by a JIT compiler, or possibly by an interpreter. Your original high-level code (C++, for example) uses standard library calls and APIs, so there's going to have to be some pretty hefty security model in the JIT compiler/whatever.

The JavaScript angle is that there's currently only one way for the browser to get the WebAssembly code from the server, and that's with a new WebAssembly object.

Speaking as someone who writes a lot of server-side C++, and a lot of client-side JavaScript, I have to say that this sounds great. JavaScript is an amorphous pile of byzantine sh**e, and this is potentially infinitely superior. Of course, the security model needs to be tighter, and this does smell of the hype originally surrounding Java and the JVM, so it could be a rocky road.

Appointments on hold as (computer) virus wreaks havoc with NHS trust systems

Displacement Activity
Meh

A lot of rumour, speculation and bollox being spoken here by the unknowing.

You need to publish. The reason that we have these problems is that the people who know keep their mouths shut.

Bad news: MySQL can dish out root access to cunning miscreants

Displacement Activity

Re: I've got a cunning plan my lord

> On the other hand why on earth does any part of MySQL run as root?

> I've used several other RDBMSs and no part of them runs as root.

For the same reason that everything else runs as root: if you want to listen on a "system" port (less than 1024) then you have to *start* as root. Not just MySQL: MariaDB, all your other RDBMSs, Apache. If you don't want to do this (and why would you?), then don't run mysqld_safe as root.

Apache normally listens on 80/443, so has to be started as root before it drops privileges. The docs have lots of useful advice on how to protect your system during this time, which cover exactly the issues in this article. The problem isn't that your attacker can load malicious code if they already have root access, it's that they can load malicious code when they're *not* root, which is the cunning plan.

WhatsApp, Apple and a hidden source code F-bomb: THE TRUTH

Displacement Activity

> I run the system up and - wow! - no problem.

> so why does the production version not work but the debug does?

If the logging version works, and the production one doesn't, the answer is almost certainly that you have an issue with uninitialised data, or memory over-writes. You can (and should) find and fix all these on your dev system with Valgrind/Purify/etc. before it gets anywhere near production.

Tinder porn scam: Swipe right for NOOOOOO I paid for what?

Displacement Activity
Meh

Still optional

"excitedly splashing sand at it's balls".

its balls.

Smartwatches: I hate to say ‘I told you so’. But I told you so.

Displacement Activity
Meh

iPlayer?!

Another more recent example. In the early Noughties, the BBC’s iPlayer was envisaged as a sophisticated P2P client, and at one stage had over 400 people involved in spec meetings. iPlayer only rolled out after the team had been reduced to around 15 – and the doors were bolted shut.

And all 15 of them had iPhones. And it was impossible to watch it on Android. And I spent years getting iritated at how anyone could have been so stupid (and still are?), before just giving up. And the news website is equally moronic.

So, just maybe, cutting a team down to 15 and letting them get on with it is not necessarily the right thing to do.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020