Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

Comment: Re:Still needs another vulnerability (Score 4, Insightful) 82

by benjymouse (#49813553) Attached to: Macs Vulnerable To Userland Injected EFI Rootkits

So to summarize: as a user, you can sometimes write to EFI memory.

That's currently all there is to it. There's no rootkit, there's no malware, etc. Just this space where you can hide and survive an OS wipe and reinstall.

Yes - it is a vulnerability for which there is no exploit published (yet).

This vulnerability is serious, as it allows an attacker to permanently infect the Mac *firmware* and gain control each time the Mac is booted - even if you nuke and reinstall OS X.

You may try to dismiss this as "still needs another vulnerability". Another vulnerability or even a social engineering attack, evil maid attack will all suffice. This one can be used to take permanent, undetected residence on successfully exploited macs.

That's bad in my book

Comment: Re:Great Recession part II? (Score 2) 742

by benjymouse (#49766807) Attached to: Greece Is Running Out of Money, Cannot Make June IMF Repayment

I am nervous as this feels like early 2008 all over again.

Don't be. In 2008 there was a real risk that banks would fall like dominoes. When talk started about a possible Greek default in the first round, the same concern was there: That a lot of European banks had so deep loans to Greece that a Greek default would cause the banks to start toppling and cause a widespread crisis in Europe.

This time, the other European states (notably Germany), ECB and IMF have largely taken over the "bad debt" from the banks. Which means that Central banks, ECB and IMF will have to write off some loans if Greece defaults, but banks and the financial system is largely insulated.

Last time, Greece used the threat of throwing Europe into a deep financial crisis as negotiation leverage. This time, that threat has been neutralized and that is why you see other European leaders standing more firm on Greece owning up to their situation.

Talk about WWII reparations is NOT owning up to the problems that created this crisis in the first place. Greece were about to be exposed as insolvent before entering the Euro. But getting into the Euro meant cheaper loans and could postpone the point where they ran out of money. So Greece at the time lied and cheated their way into the Euro: They "mistakenly" left out the state obligations for pensions as obligations (should have counted as long-term debt). They got in and got access to cheaper loans. But they did not mend the broken system, and here we are.

Greece must own up.

Comment: Re:There is something to it, people are missing (Score 5, Insightful) 742

by benjymouse (#49766765) Attached to: Greece Is Running Out of Money, Cannot Make June IMF Repayment

And that was new loans AT INSANE RATES.
Last time I've checked check dept per citizen numbers, Greek was roughly on the level of Germany.
But interest rates they are paying (and that mostly to German banks), oh my goodness:

Interest rates reflect the lenders perceived risk of not being able to retrieve the loan on time or at all.German citizens are vastly more productive than Greek citizens.

If I were to lend 10.000 euros to someone, I'd have a better chance of having that loan paid in full from a German citizen living and working in Germany than from a Greek citizen living and working in Greece. That does not mean that I would not lend to Greece, but it means that I would take a higher interest rate to compensate for the risk.

It is not a diabolic German plan to put Greece down. It's just economics.

Comment: Re:Looks interesting but I am wary... (Score 2) 265

by benjymouse (#49639817) Attached to: Microsoft Releases PowerShell DSC For Linux

So this is just a sys-admin tool. Not a general purpose scripting language.

It is a general purpose scripting language.

An object-oriented general purpose scripting language with a number of features that makes system administration easier.

One example is DSC. It is a scripting language that can use the DSC *platform* to make sure that target systems are all configured the same way, albeit each with different parameters.

Another example is workflows. Wake me up when bash or python can start a script that can survive system restarts and pick up and continue from where it was when the system restarted, complete with state, variables etc.

Comment: Re:Looks interesting but I am wary... (Score 1, Insightful) 265

by benjymouse (#49638111) Attached to: Microsoft Releases PowerShell DSC For Linux

But if I am going to learn something new, what advantages this powershell has that python does not? Cygwin + bash is cross platform enough for me to switch between ssh windows in linux boxes and my windows desktop.

Desired State Configuration (DSC) that FTFA was about, is definitely one such thing that PowerShell has that python has not. DSC is a *declarative* description of the configuration you want for a target system. You should think more in line of Chef or Puppet than Python. PowerShell DSC for Linux actually *uses* Python.

The idea is that you use PowerShell to define a data structure (much like a Ruby hash) that describes the configuration of the node. DSC will itself resolve dependencies. If you require a feature DSC will ensure that the feature is installed - much like a package manager - but it actually interacts with the package manager. What package managers do not do is to configure the products once they are installed. This could be connection strings, IP addresses, user accounts.

PowerShell DSC for Linux has "resources" for file system, user accounts, text file content, package managers (Yum, Apt, Zypper), scripts, daemons, ssh keys and more. You use those resources to describe how you want a system to look - like a Chef recipe. The resource description can be parameterized (it is just a PowerShell function and can take parameters like PS functions) so that the same resource description can be used for multiple targets with slightly different values.

Once applied, DSC will ensure that the target is set up so that it matches the target. From there on it can also report on drift (e.g. more users created, files deleted/changed etc) and can warn about it and automatically bring the node back to the desired state (undoing the drift).

Comment: Re:PowerShell is yucky yucky yucky! (Score 1) 265

by benjymouse (#49637907) Attached to: Microsoft Releases PowerShell DSC For Linux

Wordy is the key issue, look at your average unix app generally all the flags can use a short - or a long -- for the same function.

How about if the unix app allowed only the long form option names - but allowed them to be abbreviated as long as the abbreviation was unambigous? (That's what powershell does)

PS forget that 30+ years of unix shell to near perfection and rolled their own verbose and obtuse creation

That why we still code in assembler and don't use those modern touch screens. Oh wait... (lalalalalalalal! -- fingers in ears, eyes firmly closed)

Comment: Re:I'll bite (Score 1) 265

by benjymouse (#49637809) Attached to: Microsoft Releases PowerShell DSC For Linux

They will not get bash to work well under windows. The problem is the brain-dead and overcomplicated NTFS permission system. There is no way to get that handled without just as over-complicated and brain-dead "special" tools.

Yes, there is no concept of SUID/setuid on Windows. So there's no sudo "happy go lucky".

Comment: Re:I'll bite (Score 1, Informative) 265

by benjymouse (#49637797) Attached to: Microsoft Releases PowerShell DSC For Linux

1. What is awkward with string parsing? Is this shell aimed at _incompetent_ people?

No, PowerShell is aimed at admins who want *robust* scripts - both the ad-hoc ones they whip up as well as the ones they choose to save. String parsing is extremely brittle, and most bash shell scipters do it the insecure and brittle way because it is easier.

String parsing is often thrown off if presented with unusual characters in file names, if executed in locales where dates and numbers are both generated and parsed different, etc.

2. And that works how on Linux?

OMI is available on Linux. Read the FTFA

3. An IDE in a Shell? Is the syntax so bad that you need an IDE? Or is this another effect of being aimed at incompetents?

You're the incompetent one. There's is no "IDE in a shell". The ISE *is* the shell - much like if you did bash scripting from emacs. The difference is that the ISE will provide you with intellisense (automatic suggestions), help, syntax highlighting, snippets, multiple script panels, integrated source-level debugging (complete with breakpoints, variable inspection etc) and even a command "builder".

4. Aehm, know any mainstream modern shell that does _not_ have excellent documentation?

Most *nix shells have good documentation. PowerShell has good documentation as well. All of the cmdlets have syntax descriptions (automatically generated from metadata), description and multiple examples. In PowerShell even user-defined functions, cmdlets and script files can have the same level of documentation. Comment based help (look it up) makes it super easy to document scripts and functions. And the auto-generated syntax diagrams and parameter descriptions also work for your own script files.

5. Seriously? I found the command syntax exceptionally awkward and badly thought out. I am back to a cygwin console for most things.

PowerShells command syntax is extremely consistent. Cmdlets are *always* of the verb-noun form, and there are only about 40 or so standard "approved" verbs. Parsing of the command parameters is the responsibility of the *shell* not of the commands like in *nix shells. Hence, all commands follow the same convention with no strange outliers like e.g. dd. Parameter names are always "long" - but can be abbreviated as long as the abbreviation is unambigous.

+ - PowerShell DSC for Linux is Available

Submitted by jones_supa
jones_supa writes: Microsoft is announcing that PowerShell Desired State Configuration (DSC) for Linux is available for download in form of RPM and DEB packages. DSC is a new management platform that provides a set of PowerShell extensions that you can use to declaratively specify how you want your software environment to be configured. You can now use the DSC platform to manage the configuration of both Windows and Linux workloads with the PowerShell interface. Microsoft says that bringing DSC to Linux is another step in the company's "broader commitment to common management of heterogeneous assets in your datacenter or the public cloud".

+ - PowerShell DSC for Linux is now available->

Submitted by benjymouse
benjymouse writes: You can now use the Desired State Configuration (DSC) platform to manage the configuration of both Windows and Linux workloads with a familiar PowerShell interface. DSC is in the same space as Chef and Puppet (and others); but unlike those, Microsofts attempts to build a platform/infrastructure based on industry standards like OMI to allow DSC to configure and control both Windows, Linux and other OSes as well as network equipment like switches etc.
Link to Original Source

Comment: Re:bad statistics (Score 4, Interesting) 240

by benjymouse (#49605581) Attached to: Chrome Passes 25% Market Share, IE and Firefox Slip

Why is it that when I look at wikipedia , they show all the various counters more or less in agreement, except netapplications which vastly overcounts IE and undercounts Chrome, android and safari?

Maybe because Net Applications is the only counter that tries to correct for known skewed sampling. Net Applications uses CIA internet usage data (how much of the population in each country has access to the Internet) to estimate absolute numbers for each country based on the measures distribution and the "Internet" population number. Net Applications is perfectly honest and upfront about this.

The other counters just report whatever stats has been collected. They also are perfectly honest and upfront about this.

Both correcting and not correcting may leave errors. Be your own judge.

But there's a perfectly good explanation as to *why* the numbers seem not to agree: They do not even claim to illustrate the same thing. Net Applications tries to create a number for "true" global distribution (and risk errors), the others do not even claim to compute such a number. In theory you could take the numbers from, say statcounter, by country and extrapolate the absolute number per country, sum them up by browser and calculate a number similar to net app. Could be interesting to see.

Also, be aware that there is also great popential for skewed demographics between the counters, not to mention the fact that Net Applications tries to measure unique visitors (discarding repeat visitors within a month) while most of the others just report page impressions. If for instance users of Chrome are more active on the 'net than users of IE, chrome would have a bigger share of page impressions than they would of unique visitors. There is no "right" in this: It all depends on the question you ask: If the Q is "which browser is the most popular?" you would look at unique visitors. If the Q is "which browser is used the most?" you would look at page impressions.

Why is it that of all the various counters netapplications is the one most often quoted, even though they appear to be using a bad methodology.

Maybe because they use the *least bad* methodology. The others do not even *pretend* to estimate global usage. They may report what *they* see of usage globally, but none of them claim to know how many users there are in each contry.

Comment: Re:How did he even get that job? (Score 1) 164

Climbing Everest is stupid, irresponsible, dangerous, pointless task for people with severe mental problems like constantly needing approval from others or pathological levels of arrogance or constantly feeling inadequate. So I have to wonder how he even got that job at Google with the personality of an Everest climber.

He was privacy director at Google. Hello? Being away climbing mountains 11 months a year was a core qualification.

Things are not as simple as they seems at first. - Edward Thorp

Working...