wlug May 2017

wlug@list.waikato.ac.nz

9 participants
32 discussions

by Lawrence D'Oliveiro

I helped an elderly friend set up his new PC yesterday. His previous machine, over a decade old, was running Windows XP. I had set up an Ubuntu dual-boot a few years back, and he liked playing the games. But then the Linux boot stopped working--there was a message to the effect “hd0 out of disk”, which sounded like a GRUB problem (“hd0” being a GRUB disk name, not a Linux disk name). I booted up SystemRescueCD, and found that disk space was ample. I did an fsck on the Linux volume, and found no filesystem problems. I ran a badblocks scan, and it reported several bad sectors, though oddly they only seemed to be in the Windows partition (if I interpreted the numbers correctly). Naturally I searched online, but the hits I found for that error message didn’t seem very helpful. Reinstalling GRUB didn’t help, so I concluded there were likely other hardware problems, so time for a new machine. He got an entry-level dual-core AMD box from PBTech--their own house build, in a CoolerMaster case--for well under a grand. Nothing fancy, but good enough for his needs--mainly Web browsing, e-mail, a little bit of word processing, and those games. The PBTech box came without an OS. He could have got Windows 10 for it, but considering he would be facing a learning curve coming from XP regardless, I suggested going 100% Linux for all his daily needs, to see if that would work. He could always spend the $160-odd extra on Windows later if need be. So I set it up with Linux Mint, since that seems to be everybody’s favourite :). He was already using Firefox on Windows, so moving all his Web bookmarks across was easy. The Mint install put an icon for Thunderbird on the desktop by default, so I decided to try that for e-mail. Getting his address book across from Outlook Express was fairly straightforward, once I figured out how to map the exported CSV field names correctly. The mail messages were slightly more fiddly, but I found this extension <https://addons.mozilla.org/en-US/thunderbird/addon/importexporttools/> which directly loads Microsoft’s .dbx files, and that seemed to work OK. Then he wanted to play CDs. When we put in an audio CD, it came up with options to run Banshee (media player) or Brasero (disc burner). The Banshee media player wouldn’t play the CD directly, it insisted on ripping it to the hard drive first. This was not really what he wanted. I had a look round, and found KsCD, which will indeed play audio CDs without trying to rip them to audio files first. As far as I know, this is the only GUI Linux app that can do so. So, day 1 ended on a reasonably successful note. He was already noticing how much faster the new machine was. So we’ll see how it goes from here...

4 years

US Supreme Court Victory for the Right to Tinker in Printer Cartridge Case

by Ian Stewart

"The [US] Supreme Court struck a blow today for your right to own the things you buy, reversing a lower court decision that had given patent owners the power to sue customers who paid in full for a patented item but then used it in a way the patent owner didn't care for. Together with Public Knowledge and R Street, EFF filed an amicus brief at the Supreme Court. We explained that the ability of patent owners to sell products into the stream of commerce while also writing a wishlist of anti-competitive restrictions, would be a disastrous expansion of patent law, hindering competition, innovation, and your freedom to tinker with and repair your own stuff. The Supreme Court agreed, explaining that when a patent owner "chooses to sell an item, that product is no longer within the limits of the monopoly and instead becomes the private individual property of the purchaser, with the rights and benefits that come along with ownership." The Court emphasized that, by default, people have every right to make, sell, and use things. The limited monopoly that the government bestows upon a patent owner is a deviation from the norm of free market competition and ownership of personal property, and is subject to important limits in order to protect the public interest. The Court explained that people who buy things are allowed to use and resell them without being sued under patent and copyright law, and explained that this freedom is necessary for commerce to function. The next logical step will be for courts to recognize that people who buy digital goods are owners of those goods, not mere licensees, and can resell and tinker with their digital goods to the same extent as purchasers of tangible property." See the Electronic Frontier Foundation (EFF) article for more details... https://www.eff.org/deeplinks/2017/05/supreme-court-victory-right-tinker-pr… [https://www.eff.org/files/issues/patents-2.png]<https://www.eff.org/deeplinks/2017/05/supreme-court-victory-right-tinker-pr…> Supreme Court Victory for the Right to Tinker in Printer Cartridge Case<https://www.eff.org/deeplinks/2017/05/supreme-court-victory-right-tinker-pr…> www.eff.org The Supreme Court struck a blow today [PDF] for yo Maybe the 11 remaining TPP countries will ensure that their agreement endorses this ruling ? cheers, Ian

4 years, 4 months

Car Emissions Cheating: How It’s Done

by Lawrence D'Oliveiro

Researchers have been digging through car firmware from Volkswagen and Audi to get to the bottom of the emissions-testing scandal that broke a couple of years ago. Turns out the code was written by Bosch, and important information in the form of “function sheets” (documentation for what the firmware does) was not (officially) forthcoming from that company. But unofficial sources can be found on online forums frequented by vehicle-modding enthusiasts. <https://arstechnica.com/cars/2017/05/volkswagen-bosch-fiat-diesel-emissions…>

4 years, 4 months

Creative Commons Staff Members Release New Free eBook

by Peter Reutemann

'Creative Commons staff-members Sarah Hinchliff Pearson and Paul Stacey have now published Made With Creative Commons, the awaited book they successfully funded on Kickstarter in 2015. "Made With Creative Commons is a book about sharing," explains the book's description. "It is about sharing textbooks, music, data, art, and more. People, organizations, and businesses all over the world are sharing their work using Creative Commons licenses because they want to encourage the public to reuse their works, to copy them, to modify them... But if they are giving their work away to the public for free, how do they make money? "This is the question this book sets out to answer. There are 24 in-depth examples of different ways to sustain what you do when you share your work. And there are lessons, about how to make money but also about what sharing really looks like -- why we do it and what it can bring to the economy and the world. Full of practical advice and inspiring stories, Made with Creative Commons is a book that will show you what it really means to share." There's free versions in PDF, ePub, and MOBI formats for downloading from the Creative Commons site, and there's also an edit-able version on Google Docs. A small Danish non-profit publisher named Ctrl+Alt+Delete Books is also publishing print copies of the book under a Creative Commons license "to ensure easy sharing," and is making the book available on Amazon or through the publisher's own web site.' -- source: https://news.slashdot.org/story/17/05/28/0130259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 4 months

Timers In systemd

by Lawrence D'Oliveiro

Was referred to this page <https://wiki.gentoo.org/wiki/Systemd> about enabling systemd as the init system in Gentoo. The section on “Timer services” I found particularly useful, as applicable to other distros running systemd: instead of a conventional crontab, you create .timer entries, and corresponding .service descriptions for them to invoke, in your ~/.local/share/systemd/user area. One advantage of this I can see is one less set of user files kept in /var. In fact, do this in conjunction with maildir format for user mail, and you no longer need to have any user files in /var. (That I can think of, anyway...)

4 years, 5 months

Popularity Contests

by Lawrence D'Oliveiro

In the middle of another Phoronix flame war, someone posted links to a couple of interesting pages. What’s your favourite desktop environment? According to this <https://opensource.com/life/15/7/poll-preferred-desktop-environment>, GNOME is number one, with KDE not far behind. One-third of respondents use something else. Arch Linux offers some stats <https://www.archlinux.de/?page=FunStatistics> on popularity of desktop environments and other software among its users. Here GNOME and KDE add up to only about 50%. By the way, it’s clear from the numbers for browsers and text editors in the latter that lots of people use more than one.

4 years, 5 months

UK Government May Push Anti-Encryption Laws After Election

by Lawrence D'Oliveiro

Not too surprising to discover that some parties in the UK might be using the Manchester attack as a pretext to push through laws to ban secure encryption <https://www.theregister.co.uk/2017/05/25/uk_to_push_antiencryption_laws_aft…>. As if such a ban would have helped uncover a perpetrator who, by all accounts, had already been reported to the authorities multiple times...

4 years, 5 months

A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

by Peter Reutemann

'Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges depending on the vulnerable platform. "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba maintainers wrote in an advisory published Wednesday. They urged anyone using a vulnerable version to install a patch as soon as possible.' -- source: https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 5 months

Windows switch to Git almost complete: 8, 500 commits and 1, 760 builds each day

by Peter Reutemann

'Back in February, Microsoft made the surprising announcement that the Windows development team was going to move to using the open source Git version control system for Windows development. A little over three months after that first revelation, and about 90 percent of the Windows engineering team has made the switch.' -- source: https://arstechnica.com/information-technology/2017/05/90-of-windows-devs-n… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 5 months

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

by Peter Reutemann

'Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle 'attack vector' as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. "By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim's machine, whether it is a PC, a smart TV, or a mobile device," they write.' -- source: https://it.slashdot.org/story/17/05/24/1329211 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

4 years, 5 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug May 2017