Forgot your password?

Comment: Ubuntu explicitly favors GnuTLS (Score 1) 231

by daboochmeister (#46407823) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk
Understood about Debian, but the children have wandered. From the Ubuntu wiki:

Using GnuTLS avoids the licensing issues that can arise from employing the more common OpenSSL package. For this reason, certain packages such as OpenLDAP are compiled with support for GnuTLS instead of OpenSSL in recent releases of Ubuntu.

In fact, on one of my Ubuntu 13.10 systems I ran ldd on /usr/bin/* and /bin/*, and found many many binaries that link in GnuTLS.

Comment: Could this be MS's attempt to co-opt Android? (Score 1) 105

by daboochmeister (#46325741) Attached to: Nokia Announces Nokia X Android Smartphone
There's nothing to prevent Microsoft from continuing this effort, and in fact offering this AOSP-based operating system to other OEMs, for their use. They can even sweeten the deal by negotiating in that no fee for (purported) patent violations will be included. That would be an interesting strategy - they could still focus on WP for mid-to-high end devices, while attempting to ride Android's app popularity into the developing markets. And if they added the ability to run Android apps into WP, then there'd be increased incentive for app makers to port their apps into their own walled-garden market. Hmm ...

Comment: This means Nokia CAN'T make a "real" Android phone (Score 1) 105

by daboochmeister (#46325651) Attached to: Nokia Announces Nokia X Android Smartphone
Just an observation, with the introduction of AOSP-based phones that don't license the Google Mobile Services, Nokia is now no longer able to license GMS, e.g., if they wanted to make a Android-trademarked phone. That is, without ceasing production of these devices.

Comment: Your comment would be relevant ... (Score 1) 105

by daboochmeister (#46325525) Attached to: Nokia Announces Nokia X Android Smartphone
... if the linked-to article actually said that anyone paid Google. It doesn't - there's no licensing fee for the Google Mobile Services (GMS), it's all just testing, submitting devices, and coordinating with Google.

This is Google's way of maintaining a more cohesive ecosystem, ensuring that any Android device will have a shot at running any Android app (as well as ensuring enough momentum to fund their [huge] investment in the cloud services involved)..

The real answer is they wanted to support the Microsoft ecosystem, not Google's. Good luck with that - you ain't as big as Amazon, Nokia.

Comment: Hard to believe the same person said this ... (Score 2) 389

by daboochmeister (#46277943) Attached to: Windows 8 Metro: The Good Kind of Market Segmentation?
Buried in the Reddit thread, pwnies says

Use the best tool for the job. My personal setup is Windows for desktops (I think windows handles multiple monitors better than osx does), OSX for laptops (Apple's hardware is just so much better for portables), and linux for servers. I'm currently typing this on my Macbook Air. Definitely agree with you about dev tools on windows though. If you aren't bought into the .net stack, it's a bitch. For any web dev I'd recommend OSX or Linux. I'm a huge vim guy, so using windows and just ssh'ing into my linux boxes works great for me. (here).

He must have multiple personality disorder. That comment makes so much sense ... and yet his actual Reddit post is so absent of logic ...

Comment: Casual and Power use cases on same desktop - easy (Score 2) 389

by daboochmeister (#46277445) Attached to: Windows 8 Metro: The Good Kind of Market Segmentation?
So, the argument is that there's no clean way to accommodate casual user and power user workflows on the same desktop? Wait, tell that to my cairo dock and GNOME Do running on the XFCE desktop that my wife also uses (and believe me, if ever there was a wider chasm between power and casual user within one marriage, it would have likely triggered the implosion of the universe).

I think the reality this totally-free-to-say-what-he-wants MS employee is not mentioning is that MS has company-strategic user-hostile motives for Metro ... namely, to claw their way into a 30% cut on apps. Mark these words - very soon, MS will introduce a way for desktop, non-Metro apps to be distributed via the app store, downloaded from a Metro interface. I wouldn't even be surprised if they offer a way to configure it as "mandatory", the only way to install desktop apps (for the protection of users, natch). Then the underlying purpose for the otherwise-ridiculous inclusion of Metro on Server 2012 will become clear.

Comment: 99% are NOT headless (Score 4, Interesting) 389

by daboochmeister (#46277261) Attached to: Windows 8 Metro: The Good Kind of Market Segmentation?
I don't know what data centers you spend time in, but 99% of the Windows servers I encounter in data centers (maybe more) are explicitly NOT headless. And with the MS certification programs for admins emphasizing the "GUI way" of doing things way too much, there's no reason to expect that to change with Windows Server 2012 adoption.

In fact, if you accept Azure as the best reference profile for Windows servers, I'm not even sure there's a way to get a headless Windows server on Azure (try searching " headless" if you don't believe me).

Comment: Re:Android is already there (Score 1) 189

by daboochmeister (#46231295) Attached to: Microsoft Rumored To Integrate Android Apps
What Desler said ... and also, you should define what you mean by "not 'Android compatible' but 100% Android" ... if the average user heard "100% Android", they would likely assume that the Play Store and all of Google's proprietary apps are on-board; and the Nokia offering is certainly based solely on the AOSP, the open source core of Android, without the Google services. Witness how the average consumer doesn't associate the Kindle Fire with Android, per se. The Nokia (soon to be MicroKia) offering would be of the same ilk. (Unless MS chose to join the Open Handset Alliance, and commit to a true Android phone - uh, yeah, snowball, meety fiery inferno)

Comment: Kiosk PC in tiny coffeehouse at Canada Lake, NY (Score 1) 322

by daboochmeister (#46219873) Attached to: What Are the Weirdest Places You've Spotted Linux?
There's a small convenience store in the middle of Adirondack Park, by Canada Lake, NY, with a tiny coffee bar in a separate room. As recent as 1.5 years ago, the PC (there for residents/campers who don't have net access) was running gOS (here for more info). Was kind of clunky, but it was also a very very old PC (like, 256MB of RAM old).

There were a couple of things obviously wrong with it and I asked if they wanted me to fix it up, but they said no, some guy came by every month or two and did stuff to it.

Comment: What EMET is - and isn't (Score 5, Informative) 66

by daboochmeister (#46142165) Attached to: Pwn2own 2014 Set To Hunt Unicorns
At the risk of introducing information into the discussion ... some of the other respondents have taken oblique cue shots off this info, but to get it out on the table ... EMET is a software package that enforces otherwise existing security protections on programs that may not have them in place. For example, DEP, ASLR, SEHOP (very Windows-specific mitigation), heapspray prevention, and in 4.1 they added certificate pinning, to detect mitm attacks. (looking up acronyms left as an exercise for the reader)

The good news - these mitigations can be applied from outside the apps involved (as of 4.1, no more app recompiling or special-versions needed). The somewhat bad news - there are compatibility issues, and many apps are not compatible with the whole list of protections (see the MS KB article for more info). I also wonder if there are performance impacts from doing so, as opposed to compiling in the mitigations that can be compiled in - but don't quote me on that, I'm not sure

More bad news - it won't work with certain app features, e.g. any code that accesses certain system services at too low a level, so for example DRM-using apps (so many videogames are off the table); and it only intended for desktop apps (so they "do not advise" you use it with system services or server apps).

We tested the 3.0 version, focusing solely on the mitigations that could be imposed from outside the code even in that version - and found that many apps had issues with most, and some with all, of the mitigations (and, a killer for us, it wouldn't work with virtualized apps). Maybe that's improved, not claiming to know.

All in all - it has value if you're deploying legacy apps over which you have no control to a broad array of desktops, and it doesn't break your apps. Frankly, I don't know why the emphasis on IE11 ... I think the only protection that wouldn't already be compiled in is the certificate pinning, but maybe that alone is enough - or it makes it doubly difficult to break out of IE11 if you have the compiled in e.g. ASLR as well as the imposed-sandbox ASLR ... not sure.

To be clear ... it's NOT comparable to mandatory access control - it's more mitigation-specific than that. And also, by way of information, the open source operating systems often enforce the same kinds of mitigations on the apps that they support from their repositories (e.g., the Canonical Ubuntu team compiles every app in their repo with all possible mitigations -- see the Ubuntu security features page for more info). That's one of the big advantages of open source - you don't have to try to impose really-meant-to-be-compiled-in security features from outside.

What hath Bob wrought?