* Posts by Ramazan

808 publicly visible posts • joined 1 Aug 2008

Fat-thumbed dev slashes Samba security

Ramazan
Facepalm

So, they removed the slash/path traversal, but SAMBA can still do simple.create_pipe("foobar.so")? Imbeciles...

You know, loading arbitrary .so or .ko files even from a trusted path is not a good idea. In case you didn't know, grsec recommends to disable loading of additional modules into kernel after initrd/system boot phase is complete. The same is true for unnecessary shared libraries.

EU ministers approve anti-hate speech video rules

Ramazan

30%

"As well as covering hate speech, the rules will impose local-content laws on video services such as Netflix and Amazon Prime Video. The original 20 per cent local content requirement will reportedly be raised to 30 per cent in the new rules."

I don't get what does it mean in practice? Are they enforcing use of "local" language? For, eh, private businesses in their daily operations (not in official documents like tax decl but in daily use)? Or are they requiring the goods to be of "local" origin? Say, if you like to sell bananas in EU, 30% of your bananas must be european? What the fuck? In the former case it's clearly a totalitarian norm (because it's a free market: you don't like what they show, you don't watch it; you can't make them show what you like by force, only by your wallet), in the latter - just nonsense.

Ramazan

Re: One day she could be the target of bullies or revenge porn

Dear LDS, one day you could be shot and killed, but this has nothing to do with "regulations". You just do your best to avoid that, the same does police and anti-terror forces, hopefully, but it's more likely to happen if the police and FBI try to pass the ball to Internet or content providers and go for vacation instead.

Don't gripe if you hand your PC to Geek Squad and they rat you out to the Feds – judge

Ramazan

Re: Frequently overwrite free disk space to remove any fragments

and BTW I don't know of any tools to overwrite the said "free space". More to this, overwriting let's say 1 terabyte of free space would take on order of ten hours or more, so your advice is totally impractical, besides the already mentioned problem of filesystem journal and swap partition. Also, "cleaning" of web caches doesn't do any "shred", it just unlinks.

Whole disk encryption on the contrary is:

1. highly practical

2. widely available

3. its setup is straightforward and user-friendly -- it can be performed in stock Debian installation wizard (wizard, for fucks' sake!) since goddamn AGES!

Ramazan

Re: Frequently overwrite free disk space to remove any fragments

Ain't gonna work though, because some data might stick in a swap file (swap partition) or fs journal or other "caches" you don't know about.

Listen here, guys, you must use "whole disk encryption" where everything (excluding /boot) is encrypted, including swap partition of course. Otherwise there's no guarantee Best Buy et al won't leer at your files.

Ramazan

Re: I have confidential documents on my laptop

You should put confidential documents on an encrypted volume. But the question is, if Best Buy finds out you have encrypted some data and reports this to FBI, will a search warrant be issued?

P.S. use "shred -u" instead of "rm" to remove confidential docs if you can't use encryption. If you can, don't forget to enable the "wipe" option during cryptvol setup. You can do "badblocks -svwtrandom /dev/sda" to wipe the whole HDD before giving your PC to repair shop.

Ramazan

Re: no wonder they would have graphic training details in the files as well.

in this case it would be trivial for the said doctor to prove his innocence by pointing out the source of images. FBI should also be able to tell the difference, so this your argument is invalid here.

Ramazan

Re: was not stumbled across, but discovered after an active search

Most probably they were tipped by something/someone in advance, i.e. they knew beforehand that there might be paedo images on the HDD. Or they "stumbled upon" something in browser history and then decided to search for pics (less likely).

White House sicko sent down for 20 years after sexting underage girls

Ramazan
Facepalm

I believe the 20 year sentence is proportionate as it sends out a clear message

You may tweet this merrily when it doesn't concern you, little birdie, but we'd see how you voice changes when govt makes An Example out of you.

Ramazan

Re: he would prefer it to an angry dad getting hold of him

by an angry dad of the said FBI officer you mean? Yea, that would be gross methinks...

Ramazan

re: That's the kind of sentence you'd see for 2nd degree murder.

Planning to fuck underage girl gets you 20 years in prison...

In Russia, planning to blow up something along the "the more people die the better" lines gets you 11 through 13 years...

Kill Google AMP before it kills the web

Ramazan

Re: OK, was wondering about this

"Followers click on link, get blocked by newspaper paywall.

...

Followers click on link, see article.

Why is this not a win?"

So basically you've ripped off the paid content and deprived the newspaper of some profit. Why is it not a win?

How about that; the newspaper stops getting mentioned in social media because of the paywall and changes its policy?

Huawei spied, US federal jury finds

Ramazan
WTF?

Re: Have the Chinese invented anything since gunpowder and philosophy?

https://en.wikipedia.org/wiki/List_of_Nobel_laureates_by_country#China

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

Ramazan

Re: Apple hardware does tend to last

I have a working Motorola StarTac and it can't be pwned by malicious web pages, fuck Apple!

MP3 'died' and nobody noticed: Key patents expire on golden oldie tech

Ramazan

Re: I rip all my CDs using FLAC

"just in case I want to reproduce a bit-rotted CD or some such in the future"

Do keep .cue sheets though. Or better yet rip your CDs into .clone images (man 1 wodim/cdrecord, -clone option).

Ramazan

Re: If mp3 is outdated, what should I use instead?

The closest thing to The Next mp3 right now is AAC. But I don't give a damn and keep ripping my CDs to VBR mp3s anywayc.

Ramazan

Re: Heck why not use 256bit and 1Ghz sampling?

Currently it's either/or: either XXXbits at 96/48/44.1KHz or YYYMHz with 1bit:

https://en.wikipedia.org/wiki/Direct_Stream_Digital

"A further extension to the development of DSD is DSD512, with a sample rate of 22.5792 MHz (512 times that of CD), or alternatively 24.576 MHz (512 times 48 kHz)."

There used to be RHCP - Blood Sugar Sex Magik disk's image in DSD128 format IIRC on torrents, you might want to check it out (searching for a player capable of playing this would be fun, they said).

Amazon announces new Echo just as Microsoft's first Cortana-powered clone breaks cover

Ramazan

"every sound you made was overheard, and, except in darkness, every movement scrutinized."

When you install Viber on an Android device, launch it for the first time and are presented with "create new Viber account" dialogue, Viber requests access to camera (you can observe this with Cyanogen mod's PrivacyGuard).

Skype doesn't do this BTW. Skype only requests access to camera when you make a video call or snap a photo for a chat...

You only need 60 bytes to hose Linux's rpcbind

Ramazan

On Debian the "rpcbind" package is required by NFS server[s], NFS client, NIS, BSD automounter, and some other marginal utils. I consider BSD automounter and NIS as marginal too, so the only real problem is NFS (both client and server). Most sysadmins know that NFS is fundamentally insecure so some firewalling or LAN-only exposition is expected to be present though.

Ramazan

Re: Mac

"Secondly OSX has the firewall on by default"

I never saw such a thing as "the firewall on by default" in the Linux world. Well, except for openwrt/dd-wrt "distro"s. For example, Debian installation nowadays is streamlined and simple and user is presented "tasksel" choices like "Debian desktop environment" varieties, "ssh server", "print server" etc but there's no way to enable a firewall in this installation "wizard" ("Debian Installer" is its name BTW). So after this user-friendly installation process is finished the very first thing to do is to setup some firewall rules (mine live in /etc/network/interfaces in the "lo" interface section), and most ordinary users wouldn't know where to start (run apt-get search firewall and see for yourself).

My opinion on the subject is this: if you put an effort into making your Linux distro accessible by ordinary users, then some "firewalling" must be included and turned on by default.

P.S. even on Ubuntu, FFS!

https://help.ubuntu.com/16.04/ubuntu-help/net-firewall-on-off.html

"Ubuntu comes equipped with the Uncomplicated Firewall (ufw) but the firewall is not enabled by default. Because Ubuntu does not have any open network services (except for basic network infrastructure) in the default installation, a firewall is not needed to block incoming attempted malicious connections."

Ramazan

Re: Mac

"Firstly the BSD implementation will be different from Linux"

nope:

http://metadata.ftp-master.debian.org/changelogs/main/r/rpcbind/rpcbind_0.2.1-6+deb8u1_copyright

...

/*-

* Copyright (c) 2000 The NetBSD Foundation, Inc.

* All rights reserved.

*

* This code is derived from software contributed to The NetBSD Foundation

* by Frank van der Linden.

Linux homes for Ubuntu Unity orphans: Minty Cinnamon, GNOME or Ubuntu, mate?

Ramazan

Re: I for myself consider the windows manager problem solved

"just that the dock is a menu in blackbox"

BTW, some packages like "firefox" don't install "menu" files into /usr/share/menu/ directory, so you need to manually add them to /etc/menu/:

?package(local.firefox):needs="X11" \

section="Applications/Network/Web Browsing" \

title="firefox" \

command="/usr/bin/firefox" \

hints="Web browsers" \

icon="/usr/share/icons/hicolor/32x32/apps/firefox-esr.png"

systemd-free Devuan Linux hits RC2

Ramazan

Re: "if", "else", "break" etc translated into your local language?

They used to do it in the USSR, but this practice is now obsolete. So the answer is, "You can do it but eventually no one will use it".

Ramazan

Re: Linux is a wild animal and SystemD is the collar

not even funny

Ramazan

Re: what window manager is recommended

blackbox

Ramazan

Re: Easy answer.

> > "Motor cars have not replaced horses."

> Really?

When had they started to put car's meat into суджук, махан and казы?

Ramazan

Re: It's fascinating that Linux now has the same problem as Windows

"I mean Windows has a rather good kernel team"

Maybe, even most probably it's true, but their kernel isn't so good. It's not even that the kernel itself is no good, it's its Win32 API to userland, especially when compared to POSIX.

Post Unity 8 Ubuntu shock? Relax, Linux has been here before

Ramazan

@thames

"c) more up to date packages and features without running a bleeding edge version,"

It's quite common among Debian users to run /testing or /unstable versions. In the past it used to break X11 vs nvidia drivers or xinput/event or whatever, so you'd get no X at startup 2 or 3 times per year. I'm too old for this kind of fun so I switched to /stable 5 years ago and never missed those "up to date packages and features" ever since.

Gamers red hot with fury over Intel Core i7-7700 temperature spikes

Ramazan

Re: i7?

"Any updates by any OS are cryptographically signed nowdays."

apt-get update + apt-get upgrade don't take several days as windows update does.

CIA tracked leakers with hilariously bad Web beacon trick

Ramazan

this won't work if you use transparent TOR proxying. If you open such an email or msoffice file, CIA will see IP address of a TOR exit node.

Linux kernel security gurus Grsecurity oust freeloaders from castle

Ramazan

Re: what an interesting way for Grsecurity ...

"what an interesting way for Grsecurity ...

... of making themselves obsolete and irrelevant."

I always wondered why grsec hadn't been included in mainstream kernel. Used it in times of 2.4 and 2.6 and it was a pain in the ass to manually apply the patches and recompile the kernel each time, so eventually I've lost interest in grsec when it was still free. It was doomed then already, and paywall just brings closer grsec's death IMO.

systemd-free Devuan Linux hits version 1.0.0

Ramazan

Re: More honest questions

"First, has MATE had the sense to steer clear of SystemD as a dependency?"

Nope. If you want to remove systemd from Debian, you should switch to another desktop environment.

Ramazan

Re: I don't understand the hype

"You CANNOT fully remove SystemD from Debian - that is just a myth"

You actually can. But GNOME, KDE, MATE and Cinnamon will have to be removed too. XFCE and LXDE may be spared by downgrading a pair of packages to oldstable versions.

Farewell Unity, you challenged desktop Linux. Oh well, here's Ubuntu 17.04

Ramazan
Facepalm

Re: Only unity fans really affected

"Surely if someone really prefers a particular desktop, they will grab that tailored distro ( I like KDE so kubuntu)"

You know, in a galaxy far far away, of which noone heard about yet, there does exist a distro named Debian which asks a user to select between GNOME/KDE/XFCE/LXDE/MATE/Cinnamon during installation.

In this galaxy user doesn't have to pick a separate distro for each and every desktop, can you believe it?

Ramazan
Trollface

Re: How times change..

"And now we go back to Gnome"

Go back to GNOME, they said. It will be fun, they said.

Ramazan

Re: Fedora ?

"surely if Ubuntu is moving to GNOME it's going to end up looking more like Debian"

I had the same question. Surely theregister journalists either don't know there is a distro named Debian which Ubuntu is based on, or don't know that GNOME is the default desktop on Debian...

Ramazan

Re: MATE

"MATE is easily my favorite DE after trying Cinnamon, GNOME (3), Budgie, XFCE, KDE, and Unity"

Blackbox+bbkeys+xbindkeys is my favourite DE/WM after trying GNOME 2, (3 and even 1 IIRC), KDE, XFCE, LXDE, MATE, Cinnamon and WindowMaker. I liked off-the-shelf MTP support in Nautilus (to xchg files with Android devices), but it didn't stop me from purging it together with all the other GNOME bloat.

Ramazan
Pint

Re: DLNA client

I can't even imagine what might I need the DLNA support for, but upvoted your post nevertheless just for the "less angst about look and feel" phrase.

Ramazan

Re: Lost: One brown and orange mojo

"users signalling their displeasure in the harshest way possible, by jumping ship to the likes ... (irony of ironies) Debian."

What's wrong with Debian in your opinion?

"Then came the fiasco with sending search queries to Amazon. ... a red line crossed"

I do search queries from Firefox browser where I set up Bing as the default search engine... Do you say that in Ubuntu people run queries from Ubuntu UI/desktop/taskbar/elsewhere? And search engine choice isn't configurable?

The Register's guide to protecting your data when visiting the US

Ramazan

@TheVogon

Reliable software wipeout of e.g. 1TB HDD would take about 12hours IIRC.

Ramazan

@2460 Something

They may also demand you to hand over your private ssh key's passphrase, so you will need to use password auth instead of pubkey one. Moreover, with known_hosts being accessible by third person for some time, you are vulnerable to MITM attack. Having paper printout of known_hosts with you all the time would help.

More tech companies join anti-Trump battle, but why did some pay for his inauguration?

Ramazan
Facepalm

"More tech companies join anti-Trump battle, but why did some pay for his inauguration?"

WTF? These companies oppose one particular executive order, and not Trump in general.

Microsoft foists fake file system for fat Git repos

Ramazan

I clone my repos by git+ssh. If I don't want to store 240GB locally, I just ssh to server and build it there. Or mount the repo via sshfs. There are also alternatives like CodaFS that can cache files locally, so...

If I understand correctly, to effectively operate a GVFS repo you need proprietary MS Team Services (WTF is that?) and open-source GVFS-enabled git client.

"GVFS relies on the GvFlt filter driver, available as a prerelease NuGet package with its own license."

Another proprietary piece of shit?

Microsoft's DRM can expose Windows-on-Tor users' IP address

Ramazan

transparent proxy

If you use transparent TOR proxying, all TCP requests (from DRM modules, Flash plugins, Java, JavaScript and shit) would go via TOR instead. But even transparent TOR proxying won't stop commercial software from running "ipconfig" on your host and sending the result to DRM server, MS, Google, CIA, FBI or NSA. Together with your address book and keyring.

Google launches root certificate authority

Ramazan
Pint

GlobalSign R2 and R4 bought by Google? Thanks for reporting this, I'm going to remove them from browser "trusted" list immediately.

Penguins force-fed root: Cruel security flaw found in systemd v228

Ramazan
Facepalm

"Apply that principle universally instead of just to things you can't be bothered learning"

Apply this principle to things that are forced on you by default, are not necessary (sysvinit is just fine) and come full with root escalation vulnerabilities. Apply this principles to "improvements" that "fix" things that ain't broke.

Ramazan

Re: use sysvinit instead

"it's still fairly straightforward to run the current Debian release using sysvinit instead".

Only if you run the current Debian release without desktop environment. All Debian's "task-desktop" variants, i.e. gnome, kde, lxde, xfce, mate and cinnamon _require_ systemd.

So,

fuck systemd

fuck gnome

fuck kde

fuck lxde

fuck xfce

fuck mate

fuck cinnamon

Ramazan

Re: use sysvinit instead

"Would that removal of systemd work for the latest Ubuntu/Mint too..? Has anyone tried it..?"

Most probably you won't be able to get rid of systemd on desktop machine as all major desktop environments (gnome, kde, lxde, xfce, mate and cinnamon) depend on systemd. At least that's how things are on Debian at the moment. On Ubuntu YMMV. You can switch to minimalistic window manager though (openbox, uwm, twm etc), it definitely would work.