The VirtualBox Kernel Driver Is Tainted Crap? -
Linux kernel developers have marked Oracle’s VirtualBox Linux kernel driver as “tainted crap” due to the overwhelming number of problems this module has caused.
When the “vboxdrv” driver for the Linux kernel is loaded, after a patch by Red Hat’s Dave Jones, it will mark the kernel as tainted crap. Even though this VirtualBox driver is open-source (it’s under the GPL), the quality of the driver is quite poor and continues to cause issues for many users. In particular, kernel developers have become frustrated that this virtualization driver is causing random memory corruption. Specifically cited is “corrupt linked lists, corrupt page tables, and just plain ‘weird’ crashes.”
The code comment for the patch mentions, “vbox is garbage.” The VirtualBox kernel driver is needed for providing some features to guests on this Sun/Oracle virtualization platform. While the VirtualBox kernel driver is open-source, it doesn’t live within the mainline kernel tree and is distributed separately with the VirtualBox software package.
Marking this driver as “crap” puts it in the same boat as the staging drivers and select other modules that are of less quality than the fully-supported in-tree modules. With this tainting, some bug reporting tools will not report these VirtualBox problems or handle any bug reports in a different manner.
It’s not hard to find Linux users having a troublesome VirtualBox experience. I for one was briefly a VirtualBox user with an Ubuntu guest from a Mac OS X host last year on a production machine, but then switched to VMware and the experience has been tremendously better than the buggy Sun/Oracle software often causing lock-ups and other problems. In the forums are many more VirtualBox stories. In addition to being more stable, another benefit of VMware is their virtual graphics driver for 2D/3D guest acceleration is superior, which utilizes Mesa’s Gallium3D.
The discussion about this VirtualBox tainting can be found from this kernel mailing list thread.
Source:[Phoronix] The VirtualBox Kernel Driver Is Tainted Crap
Note: O dear, o dear, and I am using VB, hahaha. Waiting for it to crash now … as if I was expecting “forever” from any software, or hardware for that matter, heh. But what I do recommend is to NOT install the Guest Additions. Not only does it weaken security, they also give the guest access to the host’s (built-in) microphone. Many notebooks have a built-in microphone. So either don’t install Guest Additions, or hack the internal microphone.
Dans une start-up à Berlin, j’ai découvert le cynisme absolu | Rue89 Eco -
A future we definitely do not want to be a part of …
Moxie Marlinspike >> Blog >> A Saudi Arabia Telecom's Surveillance Pitch -
I was interested to know more about what they were up to, so I wrote back and asked. After a week of correspondence, I learned that they are organizing a program to intercept mobile application data, with specific interest in monitoring:
- Mobile Twitter
Moxie Marlinspike » Blog » A Saudi Arabia Telecom’s Surveillance Pitch
one thing you’ll notice about the most militant leftism in Greece is that it is generationally marked. the most consistent, militant, radical leftists are from my father’s generation. they are all middle aged union workers and some small business owners who also participated in the Polytechnic uprising against the CIA-backed dicatorship in the 70s.
most of the recently graduated or soon-to-be college students are looking for ways out of Greece, have not shown a pronounced interest in fighting back against the IMF, and have taken to migration (more than 100,000 reports now say).
it is a sad prospect to think that these tired parents and (some) grandparents are the ones on the front lines swallowing tear gas and enduring police torture and brutality, the ones showing the most solidarity with immigrants and migrant workers, the ones who will raise the red flags and form human chain-linked fences to protest in front of parliament
while the students and youth generally are seeking ways to escape.
this dialectical reversal is surely characteristic of the pressures neoliberalism as neocolonialism forces onto peripheral [nation]states
this is likewise a crisis of culture and identity, of having to come to terms with the lie that is Europe, and the lack of time or space to decide. you’re either with us ‘Greeks as Greeks’, the internal others of Europe, our working class, or you abandon us to be left to dry by Merkel and Lagarde. the country has become a country of nostalgic, or maybe melancholic, militant lefists, versus confused and increasingly nationalistic old people who are afraid that if they stop voting for the neoliberal regime, their pensions and every last strand of stability will be confiscated once and for all
it’s really a sad, frustrating, story - especially if you know the history of European imperialism in Greece.
Social Media Surveillance OK’d by DHS ‘Privacy Office’
A section of the US Department of Homeland Security known as the “Privacy Office” recently approved a DHS initiative designed to monitor social media sites for “emerging threats,” according a new report by the Center for Investigative Reporting — a move that will add to fears that the US government may be ‘friending’ and ‘following’ an increasing number of citizens for surveillance purposes.
Congress created the Privacy Office in 2003 to monitor DHS initiatives and databases to ensure citizens’ rights are protected.
However, social media monitoring, an increasingly common practice used by Homeland Security and other US departments, has now been given the official stamp of approval.
“As Americans turn to social media sites like Twitter and Facebook to communicate with one another, intelligence officials are looking for ways to harness that ocean of data and convert it into actionable information,” CIR reports.
For example, in 2010, The Electronic Frontier Foundation discovered that federal Immigration Services investigators were “friending” people on Facebook who were applying to become citizens in order to monitor their lives and “snoop for marriage details.” Such activities are now acceptable forms of surveillance according to the Privacy Office.
The Homeland Security Department is currently on Twitter under the handle @DHSNOCMMC1 in a bid to conduct vast hashtag and keyword searches in hopes mining potential “threats.”
“Program employees… hunt for dozens of keywords in the social media landscape using relatively simple and widely available tools like TweetDeck. For that reason, it’s unclear how words like ‘burn,’ ‘cocaine’ or ‘collapse’ can be analyzed effectively enough to reveal truly useful information among the hundreds of millions of tweets that course across the Web every day,” G.W. Schulz of CIR writes.
The Department of Homeland Security is not alone in these projects. According to CIR reporting, the FBI is now developing a tool to “alert agents of developing threats on social media, scrape historical data from the Web that can be searched later and display messages coming from a defined geographical area.”
The Department of Defense is exploring how to “forecast dynamic group behavior in social media” in a bid to “simultaneously scan more than 1,000 groups, more than 100,000 postings per day and more than 1 million people.”
An entire industry has developed to satisfy these surveillance fantasies, soon to be reality, as a growing number of private tech firms are now marketing tools that are “capable of automatically analyzing vast segments of the Internet and make simple keyword searches elementary by comparison,” and pitching them to US departments and law enforcement agencies.
Given the recent approval by the Privacy Office, “there are no assurances that down the road, homeland security officials won’t seek much more sophisticated tools that can automatically mine the [entire] Web for what they determine to be a threat or use secret tactics that alarm privacy rights advocates.”
Man Convicted of #Hacking Despite Not Hacking | #Anonymous #OpAngel -
Culminating a two-week trial in which no hacking in the traditional sense occurred, a California man was convicted Wednesday under the same hacking statute internet sensation Aaron Swartz was accused of before he committed suicide in January.
Defendant David Nosal was convicted by a San Francisco federal jury on all six charges ranging from theft of trade secrets to hacking, despite him never breaking into a computer. Nosal remains free pending sentencing later this year, when he faces a potential lengthy prison term.
Nosal, a middle-aged man wearing a dark suit, sat stone faced as a clerk read “guilty” on all counts. Jurors deliberated for little more than two days.
After U.S. District Judge Edward Chen dismissed the 12-member jury, Nosal’s defense team demanded a hearing to urge the judge to set aside the verdict. A hearing was set for later this year.
“We think, legally, these counts can’t stand,” Steven Gruel, a Nosal lawyer, said outside the courtroom. Prosecutors declined comment.
Nosal’s prosecution was a novel application of the Computer Fraud and Abuse Act, the same statue Swartz was accused of violating when he allegedly breached security controls of an MIT database and downloaded millions of JSTOR academic articles. After Swartz’s death, the case set off calls across the nation to reform the 1984 hacking law and perhaps even reduce the 5-year terms each violation carries.
But unlike Swartz, Nosal never was accused of traditional hacking. Among other things, what the jury concluded was that he coaxed, sometimes through monetary payments, his former colleagues at Los Angeles-based executive search firm Korn/Ferry International to access the firm’s proprietary database and provide him with trade secrets to help him build a competing firm. Those associates cooperated with the government and were not charged.
The Computer Fraud and Abuse Act was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.
The act makes it a federal offense if one “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Prison penalties are up to 5 years per violation.
Nosal’s case has had a lengthy history, with two trips to the San Francisco-based 9th U.S. Circuit Court of Appeals. A third trip is likely and perhaps the Supreme Court might weigh in to set boundaries around how far the government may go in prosecuting so-called hacking.
The 9th U.S. Circuit Court of Appeals, ruling in Nosal’s case for a second time last year, decided that employees may not be prosecuted under the anti-hacking statute for simply violating their employer’s computer use policy. The appeals court had tossed several charges against Nosal stemming from when he was a still a Korn/Ferry employee, in which he was accused of using his work credentials in 2005 to access his employer’s database to help build a competing business for himself.
To be sure, the government indeed levies charges under the anti-hacking statute targeting traditional hackers. Two California men, for example, were sentenced between two and four years Monday in an extortion scheme stemming from the hacking of e-mail accounts of professional poker players.
But clearly, you don’t have to be a hacker to be charged as one.
An online social media editor for the Reuters news agency, for example, was indicted last month for allegedly helping members of Anonymous hack another media organization’s network.
Matthew Keys, the now-fired 26-year-old deputy social media editor for Reuters in New York, allegedly provided log-in credentials for a server owned by the Tribune Company, his former employer. He encouraged members of Anonymous to use the credentials to “go fuck some shit up,” according to prosecutors.