Installing the wine package on ubuntu automatically sets mmap_min_addr to 0. The default install will have it set higher

Interesting. (See /etc/sysctl.d/wine.sysctl.conf for some comments).

Solution, remove wine.

Hardly a solution if one needs to use Wine, though, is it? Probably just a good idea to wait for a patched kernel, I should think.

But the bug is not exploitable on ubuntu, because they set vm.mmap_min_addr > 0 by default.

That doesn't seem to be generally true.

Ubuntu Hardy 8.04 LTS, 2.6.24-25-generic: vm.mmap_min_addr = 65536; Ubuntu Jaunty 9.04, 2.6.28-16-generic: vm.mmap_min_addr = 0. So, by the above logic, Ubuntu Jaunty is vulnerable, although Hardy is safe.

Also seems like vm.mmap_min_addr = 0 for all the Debian boxes I can get my hands on...

(All my comments above relate to the stock/packaged kernels for the distribution)

I don't understand why those with PVRs still watch the ads. I've found that, with the sole exception of the ad-free (but paid-for, of course) BBC channels, the ad breaks are _way_ too long; this is mostly the reason I use a PVR. To skip through the ads.

In addition, the Treat The Audience As If They Have An Attention Span Of Less Than A Minute approach, showing you highlights of what you're going to see soon, then actually showing you it, then showing you a re-cap of what you've just seen; that just encourages more skipping from me, really.

[...] if they show the person really is from war-torn Elbonia [...]

Everyone knows the Elbonian civil war ended years ago.

That's because you shouldn't be using OpenOffice for academic writing. It's ok, but it's painful if you have to say.. typeset equations.

You should be using LaTeX.

LaTeX is ideal in two situations:

• Large, structured documents (such as a thesis or long report);
• Documents including equations.

It's worth pointing out that many academic publications fit neither of the above.

Also remember that most journals/publishers will strip the formatting from your document and re-format/re-typeset it themselves, regardless of the format in which it was submitted. For this reason, most journal submitters are asked to submit minimally-formatted text, with tables/figures provided separately. You can do this equally well in a number of applications (MS Word, OpenOffice Writer, others etc.). I expect even plain text would be OK in this context, since "convert to plain text" might well be the first step the journal takes when they decide to publish your manuscript.

Perhaps it's really OpenBSD, but just has a WinXP theme?!?

There is no such thing as "British English". There is either English, or any other variant of - American English, Australian English etc.

Well, I tend to agree actually; except that in the context of the discussion of variants, saying "British English" rather than solely "English" shows that you *mean* British English, and not instead a collection of all English variants.

American English or British English?

Ha! I'm from the UK, so I use - of course - British English. However, occasionally there is a need to compromise. When I wrote colordiff I decided to use US-style 'color' in the project name (since colorgcc, colormake and other utilities already existed and I felt that made more sense) but to use UK-style 'colour' in all the documentation.

Yes, almost certainly. You need to understand English to develop in programming languages where the syntax and reserved words are in English.

Next question?

Do you not say anything in email that you wouldn't want the entire world to know, btw, in case your ISP publishes your email? Or not say anything to anyone at all, in case they might tell the newspapers?

Absolutely, you should certainly be aware of the fact that your ISP might 'publish' your email, perhaps by providing it to Certain Authorities. If this bothers you, use encryption, use it properly and be sure you trust your correspondents to do the same.

If you are so scared of trusting anyone such that you treat telling one person equivalent to telling everyone, you must either be a very secretive person, or you don't mind the whole world knowing about anything you do.

That's not what I said. I didn't say I was scared of trusting anyone. I implied that I don't trust Facebook not to either (a) make the information 'public' or (b) be forced to provide the information to Certain Authorities. Their recent fuss with their terms of service doesn't help install confidence in them.

I believe that treating "uploading content to Facebook" as "publishing to all" is a perfectly reasonable (and not necessarily paranoid) approach to take, in these circumstances.

Why don't you post your credit card numbers on Slashdot? After all, your credit company *might* do that, so it's naive to think there's any difference, right?

That's a ludicrous stretching of the argument. I trust my credit card company not to do that. Credit card companies are, generally speaking, good at keeping information secure. And it would not be in their interest to do as you suggest.

Facebook, on the other hand, have no such incentive to keep information on the site private.

Content on Facebook (and any other social networking site with privacy controls) isn't for public consumption - it's for consumption by those whom you've marked as friends.

I can't work out whether you're being serious, being naive or being a troll.

The act of posting anything to sites such as Facebook should be made on the assumption that it *might* become public. Assuming otherwise is just naive. If I post stuff, I only *expect* my friends to see it, but I tailor what I write on the assumption that it is completely public.

Not '+1 Informative', this should be '+1 Misleading'. Disabling javascript is *not* sufficient to protect you against this exploit.