KDE Is Broken In Debian Unstable
by Lawrence D'Oliveiro
Looks like KDE is in the middle of a major transition in Debian
Unstable at the moment. Yesterday I did an update on my backup machine,
and found that I had no window manager after logging into the GUI.
This morning I did another update, and was presented with a new “flat”
look after a GUI login. Checking my package versions, I believe I have
some parts of KDE 5, but not all (yet).
I might do another update this evening. Luckily my backup machine can
still fulfil most of its functions without a GUI...
4 years, 9 months
950 million Android phones can be hijacked by malicious text messages
by Peter Reutemann
'Almost all Android mobile devices available today are susceptible to
hacks that can execute malicious code when they are sent a malformed
text message or the user is lured to a malicious website, a security
researcher reported Monday.
The vulnerability affects about 950 million Android phones and
tablets, according to Joshua Drake, vice president of platform
research and exploitation at security firm Zimperium. It resides in
"Stagefright," an Android code library that processes several widely
used media formats. The most serious exploit scenario is the use of a
specially modified text message using the multimedia message (MMS)
format. All an attacker needs is the phone number of the vulnerable
Android phone. From there, the malicious message will surreptitiously
execute malicious code on the vulnerable device with no action
required by the end user and no indication that anything is amiss.'
-- source: http://arstechnica.com/security/2015/07/950-million-android-phones-can-be...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
4 years, 10 months
SSH -> getting the originating IP of a client using RDP
by Eric Light
Hey all
This is a total edge case, but I thought it may be interesting to some.
We have thin clients, which RDP to a Windows Terminal Server, through which
users SSH (using PuTTY) into our Linux server. This isn't flexible (for
good reasons which I won't go into here). However, to talk properly to our
new EFTPOS units, we need to know the IP of the thin client. Of course,
through SSH you only get the IP of the client, which is the Terminal Server.
Here's how I fixed it:
1) Add the following line to /etc/ssh/sshd_config, and restarted ssh:
* AcceptEnv CLIENTNAME*
2) Added the following to the Windows login script:
* REG ADD HKCU\Software\SimonTatham\PuTTY\Sessions\DG\ /v Environment /d
"CLIENTNAME="%CLIENTNAME% /f*
3) Result:
* ~ $ env | grep CLIENTNAME CLIENTNAME=eric-lmde*
>From there, we can do what we needed with the EFTPOS!
Eric
--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
4 years, 10 months
Troubleshooting Over The Phone
by Lawrence D'Oliveiro
I just helped someone unbork their Ubuntu system over the phone. It was
reporting “disk full”, without being more specific than that. I got him
to open up a terminal window, and use the “df” and “du” commands to
narrow down the directory that was filling up the disk. Sometimes /tmp
gets filled up with stuff, but in this case it was
/var/lib/apt/lists/partial/.
I have had an instance of high disk usage on that directory myself, a
while back. I think it’s where apt keeps partially-downloaded repo index
files, though I’m not sure why—is it to retry downloading the rest? But
when the problem hits, it just seems to fill up with failed downloads.
So I carefully led him up to executing the command “sudo
rm /var/lib/apt/lists/partial/*”, and that cleared the problem.
The main thing I was careful with was spelling out the commands
phonetically, and getting him to read them back to me.
But imagine having to do this with a GUI, over the phone. I don’t think
I would even try...
4 years, 10 months
Why Debian Returned To FFmpeg
by Lawrence D'Oliveiro
<http://lwn.net/Articles/650816/>
What impresses me about this is, even though the Debian package
maintainer is also a libav developer, he
“...in the end, could not bring himself to say that he was sure
libav was the better choice.”
With regard to the commit statistics, it seems like much of the
activity in FFmpeg commits is wholesale copying of code from libav. But
so what? If sticking with FFmpeg gives you the best of both worlds, why
bother separately including packages for libav at all?
4 years, 10 months
On Being Pro-GPL
by Peter Reutemann
'Christopher Allan Webber, recently returned from OSCON, shares his
thoughts on the GPL and why he dislikes people pitting one type of
software license against another. He says, "I am not only
pro-copyleft, I am also pro-permissive licensing. The difference
between these is tactics: the first tactic is towards guaranteeing
user freedom, the second tactic is toward pushing adoption. I am
generally pro-freedom, but sometimes pushing adoption is important,
especially if you're pushing standards and the like. But let's step
back for a moment. One thing that's true is that over the last many
years we've seen an explosion of free and open source software... at
the same time that computers have become more locked down than ever
before! How can this be?
And notice... the rise of the arguments for permissive/lax licensing
have grown simultaneously with this trend. ...The fastest way to
develop software which locks down users for maximum monetary
extraction is to use free software as a base. And this is where the
anti-copyleft argument comes in, because copyleft may effectively
force an entity to give back at this stage... and they might not want
to. ... Copyleft's strings say, 'you can use my stuff, as long as you
give back what you make from it.' But the proprietary differentiation
strategy's strings say, 'I will use your stuff, and then add terms
which forbid you to ever share or modify the things I build on top of
it.' Don't be fooled: both attach strings. But which strings are
worse?"'
-- source: http://news.slashdot.org/story/15/07/21/2256243
Personally, I'm a pro-GPL person. Simply because I don't like software
getting locked down and nothing flowing back to the community.
Especially, when open source is so community centred.
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
4 years, 10 months
