For quite a while now, I’ve been annoyed by the system notification
volume going to 100% on my Debian systems, regardless of my attempts to
set it to a lower level. For example, when I open the KDE System
Settings app, change something, then try to close the window, the sound
that accompanies the save/discard/cancel alert is always startlingly
loud.
I think I have finally found a fix: in your /etc/pulse/daemon.conf,
put in a line saying
flat-volumes = no
(You should find an existing comment “; flat-volumes = yes” that
indicates the default.)
You can make this new setting take effect in the current session
immediately without having to logout or reboot, by executing the
following as the currently-logged-in user:
pulseaudio -k
(This kills and restarts the PulseAudio daemon for your user session.)
There are several discussions of the pros and cons of this issue online,
going back some years. For example, here
<https://bugzilla.redhat.com/show_bug.cgi?id=1265267>. Also a mention
about the “flat-volumes” setting in the ever-reliable Arch Linux Wiki
here <https://wiki.archlinux.org/index.php/PulseAudio>.
Seems the Wi-Fi Alliance is having yet another crack at coming up with
a really secure protocol, this time to be called WPA3
<http://www.theregister.co.uk/2018/01/09/wi_fi_wpa3/>.
Does anybody care? Remember that on the Internet, security is
implemented between the endpoints, the protocols are designed not to
care that everything in-between might be pawed through by
eavesdroppers, or even active attackers trying to inject fake data.
Windows Notepad has never been able to handle any newline convention
other than the old DOS/Windows/CP/M one (CR-LF). Now, after
so many decades, Microsoft has finally decided to give it “universal
newline” capability, so it can handle lines ending in LF-only
(Unix/Linux) and CR-only (old MacOS)
<http://www.theregister.co.uk/2018/05/08/windows_notepad_unix_macos_line_end…>.
Gee, I wonder how many lines of code that took...
Seems like the Aussie government has disregarded
<https://www.theregister.co.uk/2018/11/28/australia_to_build_a_pirateproof_f…>
<https://www.techdirt.com/articles/20181127/13425541113/australian-parliamen…>
most of the objections to its plan to impose more draconian copyright
restrictions on Internet usage. Rightsholders will be able to get
injunctions against sites whose “primary effect” (no longer just
“primary purpose”) is to facilitate copyright infringement, and they
will also have “adaptive injunctions”, meaning they can reinterpret an
existing court order as circumstances change, instead of having to go
back to court to get a new order.
You’d think a statement like
“The Government has zero tolerance for online piracy. It is
theft...”
should be an instant disqualification from making any kind of
statement about copyright law...
'More than 45,000 Internet routers have been compromised by a newly
discovered campaign that's designed to open networks to attacks by
EternalBlue, the potent exploit that was developed by, and then stolen
from, the National Security Agency and leaked to the Internet at
large, researchers say. From a report:
The new attack exploits routers with vulnerable implementations of
Universal Plug and Play to force connected devices to open ports 139
and 445, content delivery network Akamai said in a blog post. As a
result, almost 2 million computers, phones, and other network devices
connected to the routers are reachable to the Internet on those ports.
While Internet scans don't reveal precisely what happens to the
connected devices once they're exposed, Akamai said the ports --which
are instrumental for the spread of EternalBlue and its Linux cousin
EternalRed -- provide a strong hint of the attackers' intentions.
The attacks are a new instance of a mass exploit the same researchers
documented in April. They called it UPnProxy because it exploits
Universal Plug and Play -- often abbreviated as UPnP -- to turn
vulnerable routers into proxies that disguise the origins of spam,
DDoSes, and botnets.'
-- source: https://tech.slashdot.org/story/18/11/29/1849254
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
Audio company Sennheiser has just issued a fix
<https://arstechnica.com/information-technology/2018/11/sennheiser-discloses…>
for a really nasty vulnerability where their software for Windows and
Mac would install a special fake browser certificate that the machine
would continue to trust thereafter, even after the software was removed.
Unfortunately, because the installation also included the private key
for that certificate (which is never supposed to be distributed), it
could then be exploited by arbitrary third parties to trick such
machines into trusting random sites.
<https://www.theregister.co.uk/2018/11/28/microsoft_windows_10_server_2016_p…>:
... Microsoft's support team [said] initially that the behaviour was
by design and introduced in Windows Server 2016. Interestingly, it
only occurs when folders are deleted (or cut and pasted) using File
Explorer. Using the command line makes things behave as one would
expect. It also only occurred when using a local path. Deleting
using a UNC path was fine.
'You may have heard you should look for the padlock symbol at the top
of a website before entering your password or credit card information
into an online form. It's well-meaning advice, but new data shows it
isn't enough to keep your sensitive information secure. From a report:
Recent data from anti-phishing company PhishLabs shows that 49 percent
of all phishing sites in the third quarter of 2018 bore the padlock
security icon next to the phishing site domain name as displayed in a
browser address bar. That's up from 25 percent just one year ago, and
from 35 percent in the second quarter of 2018. This alarming shift is
notable because a majority of Internet users have taken the age-old
"look for the lock" advice to heart, and still associate the lock icon
with legitimate sites. A PhishLabs survey conducted last year found
more than 80% of respondents believed the green lock indicated a
website was either legitimate and/or safe. In reality, the https://
part of the address (also called "Secure Sockets Layer" or SSL) merely
signifies the data being transmitted back and forth between your
browser and the site is encrypted and can't be read by third parties.
The presence of the padlock does not mean the site is legitimate, nor
is it any proof the site has been security-hardened against intrusion
from hackers.'
-- source: https://it.slashdot.org/story/18/11/27/1521240
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Friday Greg Kroah-Hartman released stable point releases of Linux
kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic
maintenance updates, the 4.19.4 and 4.14.83 releases are significant
because they also reverted the performance-killing Spectre patches
(involving "Single Thread Indirect Branch Predictors", or STIBP) that
had been back-ported from Linux 4.20, according to Phoronix:
There is improved STIBP code on the way for Linux 4.20 that by default
just applies STIBP to SECCOMP threads and processes requesting it via
prctl() but otherwise is off by default (that behavior can also be
changed via kernel parameters). Once that code is ready to go for
Linux 4.20, we may see it then back-ported to these stable trees.
Aside from reverting STIBP, these point releases just have various
fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139.
Last Sunday Linus Torvalds complained that the performance impact of
the STIPB code "was clearly way more expensive than people were told,"
according to ZDNet:
"When performance goes down by 50 percent on some loads, people need
to start asking themselves whether it was worth it. It's apparently
better to just disable SMT entirely, which is what security-conscious
people do anyway," wrote Torvalds. "So why do that STIBP slow-down by
default when the people who *really* care already disabled SMT?"'
-- source: https://linux.slashdot.org/story/18/11/24/2320228
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/