Recent Posts

4051

Living Room / Re: What are your favorite movies?

« Last post by 40hz on February 13, 2013, 07:04 AM »

If anyone really wants to have a giggle, maybe start a new thread and I can whip up a few phrases. It's a pity that the engine is discontinued with no plans of future developement though!

-TaoPhoenix (February 13, 2013, 06:17 AM)

There are several open source TTS projects you might want to look at if you're in the mood to play with  that and maybe make the effort a little more future-proof.

e:Speak and Festival come most readily to mind. But there are plenty more to explore if you do a search. More are listed here.
 

4052

Living Room / Re: What are your favorite movies?

« Last post by 40hz on February 13, 2013, 05:29 AM »

I didn't even know that Old Boy was released outside Korea.

It's perhaps one of the more disturbed movies out there. Deeply disturbed...

-Renegade (February 13, 2013, 05:05 AM)

+1!

That bit of movie strangeness left my brain agitated for a day or two after I saw it. Very disturbing movie. It outdid the cult classic Videodrome for leaving you in a weird state of mind afterwards.

4053

Living Room / Re: What are your favorite movies?

« Last post by 40hz on February 12, 2013, 08:29 PM »

Here's a baker's dozen. Some of my 'not-too-weird' favorites, in no particular order:

   

   

   

   



That should keep you busy.

4054

Living Room / Re: Website under attack ... help needed

« Last post by 40hz on February 11, 2013, 09:43 PM »

The more significant challenge will be establishing whether it's just the website that's been hacked - or if the entire server has been compromised. If the Linux server is virtual (or not too heavily customized) I'd probably be more inclined to just load up a clean server image (or at least a 'known clean' webstack) after I got to the bottom of the problem with the website(s).

That's the real problem with getting hacked. It's often difficult or impossible to accurately determine exactly where and how far in they got.

4055

Living Room / Re: Rapid Information Overlay Technology (Riot) - Tracks Users from SNSes

« Last post by 40hz on February 11, 2013, 09:29 PM »

A lady I have a great deal of respect for handles the issue of personal privacy an interesting way.

Her advice? "Whenever asked, lie. Lie about everything."

4056

Living Room / Re: The Rant Thread!

« Last post by 40hz on February 11, 2013, 09:12 PM »

^The problem is, being a good "tax guy" (or lady) is a full time job. Those real tax professionals I know spend 5 months killing themselves getting their client's returns in on time, and the rest of the year staying on top of byzantine regulations and tax code changes.

It's not an easy or glamorous career. And it doesn't pay very well until you finally get established enough that you can afford to hire qualified (or motivated and trainable) help.

Once you go beyond a "simple" return the rules can get tricky very quickly. And if you have the type of financial situation that requires a complex return, well...unless you've done tax planning throughout the year, you're pretty much sunk come filing time.  And that type of year-round planning is something only a real tax pro can help you with. And that level of expertise isn't found on a program CD.

If you're doing a basic 1040, something like TurboTax works just fine provided you're organized, work carefully through the "interview" screens, and take your time. What gets produced from that will be no different than what you'd get having a quickee tax prep service do it for you. It's pretty much the same software that gets used anyway.

Beyond that, you'll want a real tax pro if: you just bought a home, run a business, inherited or won a significant amount of money, had major medical expenses or insurance losses, have an investment portfolio - or actually expect to retire someday.

And FWIW, most of the real tax professionals won't be found in a location that keeps shifting back and forth between several of your local strip malls.

 

4057

Living Room / Re: Ever had a question you wanted to ask Bill Gates?

« Last post by 40hz on February 11, 2013, 08:49 PM »

No.  

-40hz (February 11, 2013, 07:51 PM)

 

-wraith808 (February 11, 2013, 08:20 PM)

I actually wasn't trying to be funny that time.

AFAIC anything Mr. Gates has to say (that was actually worth listening to) has already been said for the most part.

But that may be because I've spent a good deal of my adult life (and career) listening to Mr. Bill pontificate - and watching him call most of the shots. And I like to think I understand him pretty well by now.

Truth is, lately I'm significantly less interested in what my generation has to say; and much more interested in what the older and the younger generations are thinking about.
 

4058

Living Room / Re: Ever had a question you wanted to ask Bill Gates?

« Last post by 40hz on February 11, 2013, 07:51 PM »

No. 

4059

Living Room / Re: Website under attack ... help needed

« Last post by 40hz on February 11, 2013, 05:14 PM »

replace the index file with a blank index file and see if it still redirects.

-wraith808 (February 11, 2013, 04:48 PM)

+1. Check index.php to see if they've loaded a script in there that's generating urls. I've seen it done that way before. Unfortunately, that's only one of several ways to do this sort of hack.

There's a page on StackOverflow that discusses a similar hack. Look here. Some good suggestions for how to proceed and where to look.

You really need to take your site offline - actually remove the files from the server and identify what type of hack this is.

First though I would suggest turning off javascript in your browser and visiting your page - do you still get redirected?

If not - then the problem is either:

a) a javascript file has been added to your site - or an existing javascript file has been edited. Examine all the .js files loading in the page.

b) an sql injection has added javascript directly into your articles (perhaps each and every article

Assuming you ARE redirected while is javascript turned off - then you are looking at either: a) an edited .htaccess file redirecting you elsewhere b) an edited (or 'included') php file setting headers and taking you elsewhere.

<more>

Luck.

4060

Living Room / Re: The Rant Thread!

« Last post by 40hz on February 11, 2013, 03:55 PM »

I once took a tax prep course from H&R. I was appalled once they started their recruiting efforts about halfway through on about four of of us who were the students most quickly "getting it" (We all had degrees in either accounting or finance - so us catching on quicker than others was no surprise.)

They kept emphasizing how you had to be "quick" and churn out returns as quickly as possible to maximize volume. And they also repeatedly did the big pitch for all the additional money you could make by pushing H&R's other services and investment opportunities to your "clients." Something we gathered you were also required to do.

All of us told them to forget it.

Tax prep services shouldn't operate using a fast-food restaurant business model. At least not in my opinion. And I find blatant "upselling" to be one of the most obnoxious business practices out there. Especially when it's being directed at people who lack sufficient background to even understand what they're being sold half the time.

But that's me I guess.

FWIW I haven't listened to, touched, bought, or even looked at anything from H&R Block since that experience.

4061

General Software Discussion / A cautionary fairy-tale. Sort of... (Humor)

« Last post by 40hz on February 11, 2013, 01:01 PM »

A Nightmare on Linux Avenue
By Chris Hall

Let’s say it finally happens and the big OEMs get tired of dealing with Microsoft and decide to make Windows only one choice of several on new computers. Not a world like we have now, where the likes of Dell halfheartedly offer half baked and broken installs of Ubuntu, installs that need serious tweaking before they’ll work. Not that world, but a pretend world of Linux being offered across all models, with a choice between two or three distros. You know, OEMs giving Linux exactly the same treatment as they give Windows today.

Sounds like Tux heaven does it not? Don’t be in too big a hurry to celebrate.


Say this day has arrived. You wake-up in the morning and go to check your email, only to discover your computer won’t boot. Right away you know it’s the motherboard, because it’s been showing signs of dying for about a year but you haven’t been able to afford do anything about it. Not to worry, though. Not only have you been making regular backups on an external hard drive, so your data is safe, you also saw an advert just the day before on a sale in progress at the Big Bytes store on Huddle Palace brand Linux boxes.

So you eat a bowl of genetically modified corn flakes and head for the store, where you walk past a small display of Windows computers that are being ignored and gathering dust, much to your inner pleasure. In a much larger, cleaner and brighter area, set-off by a gigantic cut-out of Tux holding a clearly branded Huddle Palace laptop with the words “I run Linux!” on the screen, you are immediately approached by a salesman who asks if you’d be interested in buying an extended service contract.

The timing of the question seems somewhat strange, prompting you to ask, “On what? I haven’t bought anything yet.”

The salesman, a boy really, is unfazed. “Well, what are you looking for?”
.
.
.

Read the rest here.

A little over the top in a few spots. But the picture it paints could soon become all too real if some of the direction Ubuntu seems to want to go in ever gains traction with a 'big box' store or mega-retailer.

4062

General Software Discussion / Samsung UEFI/Bricking Bug Update - It's not just Linux

« Last post by 40hz on February 11, 2013, 08:08 AM »

From H-Open comes this update on the Samsung laptop bricking issue with some Linux distros. (Article can be found here.)

Samsung UEFI bug: Notebook bricked from Windows

Linux developer Matthew Garrett, who does a lot of research into UEFI topics, writes in a blog post that by storing a large amount of data in UEFI variables, he managed to disrupt a Samsung notebook running Windows to such a degree that it subsequently refused to start. In his post, the developer also points to some sample code of the Windows program that he executed at administrator level to disable the notebook. The developer had previously speculated that some Samsung notebooks with UEFI firmware may be rendered inoperative under Windows in the same way that they were when starting Linux under certain circumstances. The experiment to confirm this was successful.

UEFI variables enable operating systems to deposit data for the firmware that will still be available after a reboot. Microsoft's Windows 8 Hardware Certification Requirements stipulate that at least 64KB of storage must be available for this purpose. When a crash occurs in certain configurations, the Linux kernel uses this storage to deposit information that allows the cause of the crash to be investigated later; Linux places about 10KB of data in a UEFI variable for such a "crash dump". According to Garrett's analysis, this is the actual reason why some Linux distributions destroy Samsung notebooks. The samsung-laptop driver that was previously considered to be the main cause of the disruptions only contributes to the problem through the way it works on UEFI systems: it causes the crash which results in a crash dump being written. How large an amount of data is required to cause firmware malfunction remains unknown; Garrett says that he generated 36 one-kilobyte variables in the tests that resulted in a notebook being disabled under Windows.

The developer concludes that the problem is caused by a firmware flaw. "Writing UEFI variables is expressly permitted by the specification, and there should never be a situation in which an OS can fill the variable store in such a way that the firmware refuses to boot the system", says Garrett. He notes that similar bugs were seen in Intel's reference code for UEFI firmware a year ago, but adds that these bugs have all been fixed. Garrett has renewed his recommendation not to use Windows in UEFI mode on the affected devices. In a subsequent tweet, the developer pointed out that not even removing the CMOS buffer battery brought the device back to life.

Developer Matt Garret's blog post explaining how he did it can be found
here.

------------------------

Note: Looks like fellow DoCoer f0dder pegged it earlier in this post:

40hz: wrt. the bricking, shouldn't you blame Samsung? Or blame the linux kernel driver developer? I can fry my BIOS/UEFI by flashing it with garbage, who should I blame for that? :-).

Nailed it, I'd say!

4063

Living Room / Re: The Free Videos Thread

« Last post by 40hz on February 11, 2013, 12:29 AM »

I'd hope that she's more like her early character than her later character.

-Renegade (February 10, 2013, 11:08 PM)

She is.

And that goes for the rest of the cast. The first season was the quite good. (Putting Joanne Kelly in a LBD with done up hair in the "Duped" episode was positively inspired IMHO.) The second season less so.



After that, however, it began thrashing around, although Jaime Murray's 'real' H.G. Wells character went a long way towards saving the third season. (And lets forget about the Eureka crossover/computer game episode which was painfully embarrassing to watch.) Unfortunately, they've also done a lot to make the characters less and less likable as the series continues. Probably in the mistaken hopes it will inject some additional 'depth' into the plots. Or plot as the case may be. Because there really is only one plot: "Snag it. Bag it. Tag it."

In a way I expected this. W13 is basically a one trick pony. It was only a matter of time before the blush started to wear off.

Oh well...

4064

Living Room / Re: The Free Videos Thread

« Last post by 40hz on February 10, 2013, 11:00 PM »

Have you seen the TV show Eureka? She's in that as a peppy genius scientist, and she just nails it.

-Renegade (February 10, 2013, 10:38 PM)

I saw a few episodes with her in them. It was a great character. I even liked the dorky miniskirt/sweater combos she wore:



Oh bloody! She wears glasses in real life too? Ok...she's got me.



My GF is in hysterics right now: "What is it with you and girls with glasses?"

I suggested she put hers on and find out.  

----------------------------------

Add Allison Scagliotti of Warehouse 13 to your list. I've seen her in a few interviews. She's great too.

4065

Living Room / Re: The Free Videos Thread

« Last post by 40hz on February 10, 2013, 10:24 PM »

@Ren - finally got a chance to sit and watch all six installments of Dragon Age.  

Enjoyed it quite a bit. And Alicia Day's character is flat out adorable. Not surprising in that I've been given to understand (courtesy of friends who do the Comic-Con thing) that Ms. Day is equally endearing in real life.  Apparently she's the girl you'd like to bring home to meet yo' momma...when yo' momma isn't home as the old blues song goes.

4066

General Software Discussion / Re: It's official - Linux Foundation Secure Boot System Released

« Last post by 40hz on February 10, 2013, 08:15 PM »

they'd probably end up with antitrust lawsuits if they tried to pull that stunt,

-f0dder (February 10, 2013, 05:24 PM)

Maybe in the EU, but probably not in the US. At least not as easily. Because GNU/Linux is, of itself, not a business or commercial product. So if Windows is unfairly "competing" with Tux, what exactly is it competing against? Something that's free and can be acquired by anybody just for the asking? And in most cases at no out of pocket? What competitor's business is being harmed?

What business is being hurt? Some PC vendor that wants to put Linux on their machines? Why not Windows? That's a commercial product that this same vendor can get from Microsoft under the same terms any other PC vendor can. Sure there will be breaks for volume purchases - but there's nothing illegal about that. Discounts are an accepted part of business as long as they're not offered as a form of favoritism.

And requiring some specific UEFI setting in order to load or run Windows is no different really than requiring a certain level of CPU, graphics subsystem, or RAM complement to run something. Or needing .NET or a similar runtime like JRE.

As long as UEFI can be disabled (with all that implies) - and the hardware supplier controls how and if it can be done - Microsoft has 'plausible deniabilty.' And that would force a plaintiff to argue something was an "effective" monopolistic behavior or practice as opposed to an actual one. That's extremely hard to prove. Especially in a legal system like the US has where the "letter of the law' generally prevails even when it's pushed to logical extremes. Because, in the US, anything not specifically prohibited by law is generally deemed to be 'legal' by default. With us, unless you've been told you can't - you can.

So I don't see there's anything here that a US antitrust complaint can be directly based on. It would require extrapolation. And that's a tough sell.
 

4067

Living Room / Re: Are you good at reading flow charts?

« Last post by 40hz on February 10, 2013, 03:39 PM »

 
 

4068

Announce Your Software/Service/Product / Re: Fast Text File Search Tool and Browser [Freeware]

« Last post by 40hz on February 10, 2013, 03:24 PM »

Thank you! Looks very nice. Will give it a tryout this week. 

4069

Living Room / Re: Adobe Flash Player - Update/Fix emergency security patch for 2013-02-08

« Last post by 40hz on February 10, 2013, 03:21 PM »

I am becoming heartily sick and tired of Adobe and their blasted Flash utility.

-IainB (February 09, 2013, 04:17 PM)

Me too; and tired of the constant treadmill of "updates," and assorted sites whining if you don't have the very latest installed.

-rjbull (February 10, 2013, 02:47 PM)

+1 and add Java to that list too.

4070

General Software Discussion / Re: It's official - Linux Foundation Secure Boot System Released

« Last post by 40hz on February 10, 2013, 03:12 PM »

@Josh - Microsoft is not doing anything to make Linux "progress" forward. There's been serious discussion in the Linux world to go beyond BIOS for some years now. And several initiatives have been proposed, the best of which was coreboot. Coreboot can do what UEFI/SecureBoot does. And it's been around longer.

The big difference is that coreboot is a true open standard whereas UEFI is not. UEFI's board is composed of nine of the the most closed-system oriented businesses out there. And, with the exception of Apple (who is also on the board) all are exceedingly Windows friendly. There is NO open software representation anywhere on the board. A curious omission when you consider the huge number of servers running Linux - as well as the slow but steady growth of Linux desktops in municipal government circles.

The other problem is, because of its size, Microsoft and Microsoft signed keys are currently the only viable way of dealing with SecureBoot for the vast majority of PC users. And while the key signing process is supposed to be fair and open to all, Microsoft has introduced several unnecessary hoops you'll need to go through to get one if you don't use Microsoft software.

There's a write up here about why RedHat compromised and went along with what was required to obtain a Microsoft signed key.

In the wake of criticism and the potential for legal actions, Microsoft has since "clarified" (as in backed off on some of the hints and insinuations)  of what was causing concern in the above article. I'll leave it to others to argue about whether that partial "clarification" was - or wasn't - in response to some of the pushback being felt.

But that is of no consequence to the rest of the article which explains why, from an average end-user experience perspective, most OS creators will be virtually forced to go along and do it Microsoft's way.

And considering what the Linux Foundation recently went through to get theirs, it doesn't seem like Microsoft is about to back down any on that score.

Microsoft's official role in UEFI is that it sits on the board. But if you're asking what Microsoft's functional role is - they're the 800-pound gorilla in the room that's currently calling most of the shots.

4071

Living Room / Re: Java - Critical Patch Released

« Last post by 40hz on February 10, 2013, 02:36 PM »

40hz, have you used JavaRa?  It sounds useful, but I'd like to know that it won't create problems (e.g., wrong removals from the Registry).  I'd feel more comfortable installing and using it if I knew that you and/or other DC folks had some good experiences with it.  Perhaps I should change my username from cyberdiva to Nervous Nelly    

-cyberdiva (February 10, 2013, 09:24 AM)

@CD- Nope. Maybe Smart Lady but certainly not Nervous Nelly.

And yes, I use it. I don't recommend anything I don't have direct experience with. If I've only read or heard about something - and I'm passing it on as an FYI - I'll always say so.  

The new version of JavaRa uses a database and an updater to stay on top of what Oracle gets up to with new Java releases. I haven't had any problems using it either on my own systems or those of my clients.

But it's mostly a convenience tool. You could always just uninstall any old versions of the JRE through Windows' own add/remove programs control panel - and then download and install the newest version from Oracle.

Where JavaRa really does sing, however, is when the JRE balks at being uninstalled. Or if fails to uninstall cleanly - as some versions occasionally do on some machines. JavaRa has the option to scrub out all things JRE,  leaving you with a clean slate to put a fresh copy on.

It's like what's been said about tennis racquets - you don't often need one... but when you do, there's really no direct substitute.

Although now that Krishean has been kind enough to share that script I guess that isn't the case any more.

-----
@ Krishean - thx for sharing that. Looks useful. And an interesting script to read through too.

4072

Living Room / Re: proofreading on pc

« Last post by 40hz on February 10, 2013, 02:09 PM »

is it possible? what do I need?

-kalos (February 10, 2013, 11:11 AM)

A tablet PC and a program that does that.

I don't know of any program that does.

You used to be able to do things like that in PalmOS thanks to Graffiti. I don't know it's ever been ported elsewhere.

4073

General Software Discussion / Re: It's official - Linux Foundation Secure Boot System Released

« Last post by 40hz on February 10, 2013, 01:58 PM »

On the GNU/Linux side, secure boot will introduce confusion, and a set of two very bad choices. Choice A: secure boot is good technology from a security standpoint, but if I want to use GNU/Linux without being dependent on a Microsoft-signed key, I have to disable it.

-40hz (February 10, 2013, 09:49 AM)

...or enroll your own key in the firmware.

-f0dder (February 10, 2013, 10:35 AM)

@f0dder - Sure. But lets forget for a moment that the vast majority of PC users must easily know as much about computer systems and programming as you do.   Lets think for a minute about the the tiny minority who just know enough to boot the thing and use it...(kidding!)

See what I'm saying? I'm still confused about some of this and I'm not exactly an amateur when it comes to either Linux or Windows. And you would probably blow my doors off on most of this when it comes to the real hardcore tech - yet even you still have questions.

No big deal? We can work around it? Yeah. We can - and probably will - so all's well and fine.

But that's us.

Microsoft and all the other participants in the "fence in the platform" crowd don't care about us. They're targeting the millions with their new vision. They don't need to worry about the likes of us because we can only use what they make. And if they get to make things the way they want, there will no longer be a platform you can truly make your own.

In many respects it will become much like the old phone systems. One legal provider. One type of service. One manufacturer. With the customer free to do anything they want - provided it's sanctioned by and purchased from those who have been authorized to provide it.

And once that happens, innovation will die because they'll use paranoia and ignorance to have governments outlaw anything that deviates from their model. All in the name of "security," "anti-terrorism" and "legal use."

It used to be a criminal offense in the US to plug any device into the phone system that wasn't manufactured by the phone system. And the US phone system remained a study in archaic 30s technology until that ban was lifted. In very short order we got touch tone dialing, a huge number of telephone styles with all sorts of features, lower costs, direct long distance service, and all the rest when 'Ma Bell' no longer had a stranglehold on US telecommunications.
 
But that never would have happened if the Bell System continued to be allowed to hold back technology and innovation in order to milk as much revenue as possible out of what they already had. You see it today with data caps on bandwidth. A few entrenched suppliers with monopolies continue to prop up an old revenue model that makes no sense with what we have today.

I once heard a phone company person admit that it probably cost his company more to monitor telephone use and bill for it than it would for them to just charge everybody a flat monthly fee per demarc point and allow unlimited use.

When I asked him why they didn't, he said it was because the government would prefer that they didn't. Apparently my government relies very heavily on the surveillance and monitoring possibilities that a detailed phone bill can provide. And in the USA, they don't need a warrant to look at one.

So there are bigger factors at play behind some of this direction the new PC design is going in... And it's not mere paranoia or "FUD swallowing" should you start noticing it...
 

4074

General Software Discussion / Re: It's official - Linux Foundation Secure Boot System Released

« Last post by 40hz on February 10, 2013, 09:49 AM »

So, why not just shim-secureboot the legacy OS? (Or "real-secureboot" it after installing the right keys in your firmware)? You can leave SB enabled, and boot both whatever-restricted Windows as well as whatever other OS you've installed keys for? Sure, it's more work than now, but it's doable.

As long as Microsoft sticks to the things they've promised, and outlined in their current Windows certification documents. And that ___is___ a big if, IMHO - and I don't take that for granted.

-f0dder (February 10, 2013, 01:07 AM)

Understood. And me neither btw.

But what I am more concerned about is that this so called non-Microsoft non-Windows initiative is about as open as that other famous "open" standard (Java) that somehow never really was because Sun (and now Oracle) insisted on always keeping a very tight rein on it.

To my mind, if some bit of technology is truly "open" as advertised, then you don't have a situation where some animals on the farm are more equal than others like they were in George Orwell's story. But that's exactly what UEFI/SecureBoot is shaping up to be. You have two big players, a few small-time semi-players (who are mostly toadies and hangers-on looking to gain a marketing advantage) - with everybody else in the world being seen as "little people."

***

There's a very interesting analysis over on the BeginLinux blog that looks at UEFI and some of its implications in light of it being embraced to the exclusion of Coreboot - an open standard that provides the advantages of UEFI- but without the cruft - and more importantly, without enthroning Microsoft Corporation as its de facto gatekeeper.

I frequent the Reddit Linux page at reddit.com/r/linux, and I monitor what people have to say about the Free Software Foundation’s campaign against secure boot. The most common complaints that I see are as follows:

    

• Secure boot can be turned off on x86 machines, so why is it a problem?
• Why does the FSF complain about secure boot’s lockdown of ARM Windows RT devices when Apple and many Android phones do the exact same thing?

Both are very valid criticisms, so let me address them both. x86 PCs still maintain somewhere around 90% of the  global PC market share. In contrast, Apple holds a miniscule share of the desktop PC market. If Apple decides to lock users of Apple computers out from controlling the computer’s firmware, the consumer has a lot of choices outside of Apple. Similarly, some Android phones come with locked bootloaders, but there are a lot of Android phones and tablets that  have boot loaders that can be easily unlocked. In fact, any Nexus-branded Android device has an unlockable boot loader, by Google’s mandate. So again, the Android consumer has choices.

On the GNU/Linux side, secure boot will introduce confusion, and a set of two very bad choices. Choice A: secure boot is good technology from a security standpoint, but if I want to use GNU/Linux without being dependent on a Microsoft-signed key, I have to disable it. More on this later. Choice B: I can enable secure boot to get the security benefits, but I will have to depend on a key signed by Microsoft, and they can choose to disable that key at any time. If I make this choice, who is REALLY in control of my PC?

Now back to choice A. Think about who the biggest users of Windows 8 will be be from a revenue standpoint: probably businesses. Businesses usually want to run the most secure option, so they will probably choose to enable secure boot by default. This scenario discourages them from running GNU/Linux, Windows 7 or earlier, or any alternative operating system. I think that this is the whole point. Secure boot pushes the user in the direction of a Windows 8 choice. This is an abuse of market position, and it is anti-competitive. It is also clearly wrong.

The fact that secure boot can be turned off is not a valid counter argument. It demotes the GNU/Linux user to an inferior status: either they have to settle for a crippled system where innate security capabilities of that system are disabled, or they are left in a position of dependency on a Microsoft key. Either scenario is sub-optimal. Right now, Linux has an incredibly good reputation for security. Here is the reputation that Linux will end up getting: “Linux is the operating system that you have to turn off security to install.” This is not an accurate statement, but this is how memes start: non-technical people talking about technical topics. “Turn off secure boot” becomes “turn off security”. “Linux is secure” becomes “Linux is insecure”. Certainty becomes uncertainty. The confidence of being able to install whatever you want to gives way to confusion. This confusion can only be fully resolved by sticking to one dominant vendor [4].

If security was really the primary concern when the need to replace BIOS was being investigated, then coreboot was available, it was free, and it was open source. Why in the world would anyone have thought that UEFI/secure boot was a better solution? I’d like you to please give this question more thought AFTER you read Table 1 below.
.
.
.

Read the rest of the article here.

Those not familiar with Coreboot who wish to learn more about it (or bootloaders in general) can check out this uber-geek video presentation which goes into it in depth. Wikipedia also has a decent summary article on it here.

ABSTRACT

Coreboot, formerly known as LinuxBIOS, was originally started in 1999 to complement LOBOS [2] (Linux OS Boots OS) as part of an effort to move away from inscrutible and inflexible proprietary BIOS firmware used in clusters at high-security government research labs. However, coreboot took on a life of its own and quickly overcame many obstacles thanks to the help of a friendly and knowledgable open source community. This talk will give an overview of coreboot, what it is capable of, what it is incapable of, and what makes it different from the traditional PC BIOS and EFI. We'll focus on developments in version 3 which cleans up the development model substantially, has much improved ACPI and SMI support, usage of the Linux kernel build system to build coreboot, new ways to boot locally and over a network, do some demos, and more!

This project is still active despite being widely unknown to most Linux desktop users. Hopefully, with the advent of UEFI/SecureBoot, it will gain significantly more exposure and presence in the coming year.
 

4075

Living Room / Re: Java - Critical Patch Released

« Last post by 40hz on February 10, 2013, 09:17 AM »

Thanks for this alert.
I took the opportunity to expunge all the Java-related crud (there was a lot of it) that I had accumulated on my laptop, and install the latest release and runtime environment in a relatively clean fashion. I hope I don't regret doing that, but then I reckoned (rightly or wrongly) that all that old Java stuff could have been a potential risk if I had left it in situ.

-IainB (February 10, 2013, 03:21 AM)

You reckoned correctly.  

Per Oracle on their Why should I uninstall older versions of Java from my system? page

The latest version of Java is always the recommended version as it contains feature updates, vulnerability fixes and performance improvements to previous versions. You can confirm that you have the latest version by visiting the Java Verification page.

Over time, you may have installed multiple versions of Java to run available Java content. In the past, each Java update was installed in a separate directory on your system. However, Java updates are now installed in a single directory.

Should I uninstall older versions of Java?

We highly recommend users uninstall all older versions of Java from your system.
Keeping old and unsupported versions of Java on your system presents a serious security risk.
Uninstalling older versions of Java from your system ensures that Java applications will run with the most up-to-date security and performance improvements on your system.

You can always use a nice little free utility by SingularLabs called JavaRa to help you maintain Java Runtime on your system. Recommended!

JavaRa

JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE). Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE. This can assist in repairing or removing Java when other methods fail.