Re: Aion FX are they really tracing ?
"Big Muff"
... Fnarr!
164 publicly visible posts • joined 29 Oct 2023
I too will probably stick with Konsole. I clicked on the .deb to download it from Github and Discover kicked in and asked me if I wanted to install it and then start it. I am rocking Kubuntu at the moment.
The only reason I wont be sticking with Goshty is because it will not automatically update along with everything else, on an Ubuntu box. I have to worry about things like PCI DSS and Cyber Essentials Plus and co. I could integrate it myself eventually and that would be fine but I already have a few other projects that I do that for.
Ghostly is very pretty and very fast. I ran a very quick check:
# time tree /var
1559 directories, 25835 files
real 0m0.165s
user 0m0.088s
sys 0m0.076s
konsole gives similar results too. For a laugh I wont even bother trying to run dir in a Windows cmd.exe box. Windows does have a decent new terminal thingie but not for servers (wtf?)
"have, and still are, scraping the internet and media to train their models"
Multiple LLMs have been trained on basically the whole internet and they still hallucinate and talk bollocks. GPT5 is late and will be worryingly crap too.
This is not the AI you are looking for and never will be, no matter how many billions of squids you spend on GPUs and power stations.
It's all tulips.
"Eleven seconds"
What does dmesg imply your boot time from OS start really is?
I replaced OpenRC on my Gentoo boxes with systemd. I used to love the flexibility of a symlink or two and conf.d/net. Back in the day, I had quite a funky set up on my laptop which used a sort of multi link ppp through my and my wife's mobiles to get to the internet if they came within range and wifi was not available.
Roy Marples (Uberlord) was a lovely chap (RIP).
I get to write units that will work badly but consistently badly on all nearly all Linux distros these days.
"It's a complete and absolute nightmare."
Your use case is not the usual ones and I don't recall Miguel Van S's initscripts guaranteeing anything either. OpenRC and initscripts? Nope (maybe with some twiddling). Daemontools - lol!. Upstart - yes ... lol. I've seen a lot of inits. *BSD too (I won't bore the audience).
Synchronous boot is basically dump everything and run everything from rc.local or autoexec.bat and config.sys. That is not what my laptop or desktop or servers needs.
However, I do know but have not played much with it, that systemd units do have a very rich set of dependency semantics - if there are bugs then report them politely. I have found the systemd mob pretty decent to talk to and responsive.
You do have a valid use case (obviously) but is is not the usual one. Systemd is really well documented and I do know that if you find behaviour that deviates from the docs they will either fix the docs or the code! There are quite a few tools provided too to profile what happens during boot, including things that will spit out unit orderings and timings and flame graphs and the rest. Their docs are vast and wide ranging and well worth reading.
At least one of the devs (some German bloke) hangs out on Masto and is quite approachable.
You can avoid snap and you can remove it.
"RHEL based distros might have their faults but so far I can build my servers" - RHEL costs a subscription and the rest are plain weird. I gave up on RH 20+ years ago, when Mandrake rocked up. I do nurse a few "appliances" that insist on RH derivatives. Centos went west and Rocky rocked up ...
Most of my VMs running Ubuntu are minimal installs from around 16.04 and ungraded to the next LTS every few years. I recently had to run up Apache Guacamole on a rather wobbly RH estate and that was quite an eye opener. Guacamole is pretty conservative - Tomcat9 and Java11 for now (1.6 will move on a bit). The beastie I was given wanted to install TC4 - it's lucky I'm 53 y/o and still remember that version.
To be fair, its not really RH's fault but more the attitude of those that use it and abuse it in creative ways.
How often do you turn off SELinux?
These things are all jolly clever but unfortunately the training data is rather variable in quality. You cannot conjure intelligence out of thin air, algorithmically.
I've been on the end of an "agent" on the phone to an organisation (FedEx). It repeatedly told me to use their web site ... which was broken at the point I needed to work and was why I resorted to the phone. Very little "I" there, for whatever that thing cost them. To be fair, it avoids having to pay people to follow scripts. To be unfair, it appears to be part of an attitude of: "fuck the customer, they pay anyway".
I managed to glean some email addresses via some searches and a polite email to them all got someone to call me and get the issue sorted - Yay Brexit: Customs (VAT n Duty) like its 1980 again!
Chill mate. *BSD is important.
I'm not sure that a weird firmware shennanigans journey involving IoT gear is worth worrying about. Document what happened and move on. That's the enterprise way and you might not be too surprised how often Windows sysadmins have to do that too.
It took me a good month or so to get a couple of HP laptops to upgrade their BIOSs when running Linux, yet my desktop (HPE) does it via Discovery without prompting.
IT is hard. Its not personal - all OS's, platforms, etc are a bit wank and will fail to inspire at some point but it is the mark of the consultant as to how they respond to adversity. Do you whine on el Reg or do you dive into the rabbit hole for a few hours?
"I wonder how many “partners”, ... are now diversifying into competitive product sets"
Little ex-partner here. I'm run off my feet migrating VMware to Proxmox. The bigger customers will take a while yet but the smaller ones are an easy job.
Linux Qemu based virty is very decent these days. Its rather nice having the hosts back under your control and not how VMware think they should be - for your own good, obviously.
I've been a VMware consultant for over 20 odd years.
Fuck 'em!
Look at the other numbers. 20,000 VMs on 3,000 hosts, 20 DCs. That needs a lot of vCentres and all the other bollocks.
Mostly all the other bollocks and there is a lot of it when you do E+ with knobs on. Add in Tanzu if containers are your thing and you need even more. SDN and a funky firewall? lol, more controllers and more stuff.
I have a HP laptop (on my lap) and a HP desktop at work. Both run Kubuntu. The work deskie is able to patch its BIOS automatically as part of the usual updates system (Discovery with local knowledge and knobs on).
The laptop has been a bit of a pain. I have finally got it to work by copying the updates to my EFI partition in a particular layout and using "BIOS recovery" which basically seems to be designed to work regardless of the state of the BIOS.
Secure Boot is enabled on both and I even run ESET on them, just like my Windows aficionado colleagues. That gets me through the Cyber Essentials Plus bollocks. Long gone are the days when a Lilo boot loader signified what really turned out to be ... security through obscurity!
The wife's lappie is the same model as mine but she rocks Arch. Actually she uses it to connect to the internet, which is what she calls Facebook and email. I look after it and I will soon be signing the kernel and modules and switching it to Secure Boot (with mucho care).
My other computer is a Commodore 64, with a USB interface and some odd ideas about memory handling!
"It's a shame to move from a leading tech to second-rate stuff"
Are you sure we are talking about the same VMware?
vCentre SSL certs are only just about something you don't have to fix biennially any more. Who can forget the laugh of making the wrong choice between ESX and ESXi and having to migrate? The vSphere client being a pile of steaming shite and finally becoming quick and reliable and then being replaced with ... the Flash thing. Then the current effort was written from the ground up. A current vCentre is a monstrous beast.
I could go on at some length after being an ex fan for 25 odd years.
Cisco barely support UC at all.
For many of my customers, the fact that Veeam supports nearly everything, including Proxmox is the assurance they need that their data is safe. It may seem a bit odd that a backup product guides their thinking but, hey: that's "enterprise".
If your phones are still a sort of grey colour and look as though they were designed by Tonka then it might be time to move on, usually to something even more awful. Why on earth would you wand crystal clear voice when you can have crap quality in glorious technicolour, and rubbish Teams integration with horrific latency, that everyone accepts as the new normal. Grumble etc
I finished moving a three node VMware cluster with iSCSI SAN to Proxmox recently. Loads of single ESXis moved across already.
If you have slots, slap in a wodge of SSDs and do Ceph. We have a spare box to kick off the process. Your cluster should be n+1 so blat one of the ESXis and add it to the spare to make a two node Proxmox and Ceph cluster. Be very careful! Migrate some VMs over until you can release another ESXi, continue until you have a n+2 cluster. Now very carefully remove the spare node and get on with life.
The SAN can be used for backups or binned for being a gas guzzler 8)
Single boxes: Get your spare migration box. Mount the VMware volumes on it and migrate the VMs, fiddle with VirtIO and so on. Then wipe the VMware box and make a two node Proxmox cluster. You can live migrate the VMs back to the first box. You get "Storage vMotion" for free with Proxmox \o/
Fuck VMware and Broadcom after being a fan for about 25 years.
"My last concern about passkeys is that the implementation seems to have failed the “make it easy for users” test, which in my view is the whole point of passkeys."
When it becomes complicated, you will lose customers.
I speak as the owner of an IT company and son of parents with complex IT needs and a wife who is a highly sophisticated social media user. Each class of user needs a suitable approach.
Mum and Dad: Prone to writing things down in random places and forgetting where. I got both of them to buy an old school address book for just IT related passwords (I know there will be mission creep but the books are the source). The books are locked away and quite hidden but still accessible also, each password is slightly hidden according to a really simple code - steganography really. However, I have managed to get them to use separate and complicated passwords for each site.
Wife: I maintain a Keepass database for both of us. I'm gradually migrating the boss over to random passwords. We've been married for 18 years and I expect to finish this job within about five more years.
It's all very well inventing cunning and fancy schemes but I suspect the kiddies that develop the next cool thingie are basically children with little to no experience of the real world. This is not something you nerd harder over. You have to look at the actual use cases, do a proper security review and create a solution that is appropriate. One that balances good practice with what is practicable.
"[1] Warwick University is not in Warwick. Bloody snobs."
Bournemouth Uni (Dorset) has a site in Yeovil (Somerset). Seale Hayne (Newton Abbot) is part of Plymouth Uni - both are in Devon, so the same county but not exactly next door. I'm sure I could find similar examples up north.
Obviously, poor little Glasgee uni can only manage, say, this: https://www.gla.ac.uk/explore/campuses/dumfries/ - "Set in 85 acres of historic parkland" - gosh those posh southerners have it made!
Since when did we actually ever name things logically in these isles? Show me a Newton or Newcastle that is less than 1000 years old - and that's just in England.
I do have an uncle from Paisley who taught CD&T for some years at a school in Glasgow, back in the 1970s. He once had to disarm a lad wielding a chisel, who was off his tits on something and need to stab someone for no reason and other jolly japes. Warwick and Coventry also have some pretty shady parts - it's not all Shakespeare and thatched pensioners.
However you spin it: Glasgow to England mids is a bit of a flog at a pinch. If the deadline for the ghost job is tomorrow at unreasonable time then no need to get upset - at least you didn't make the trip. I suspect they actually did you a favour by deliberately being "unreasonable".
"This issue is caused by a deadlock in the interactions between the Azure Active Directory (AAD) broker and the underlying AppX deployment service (AppxSvc) and Background tasks infrastructure service."
Blah blah blah, we can't be arsed with actual testing of stuff and have forgotten how networks work.
This is a terminal services thingie with AD (LDAP n DNS n that) and a proxy or two to fiddle the network comms. It's not rocket science. This is all just network plumbing and they still can't stop fucking it up. The ultimate irony is that the really complicated stuff is the app/desktop that is presented.
VoIP - lol, try doing video analysis. I wrote a wiki page for Zoneminder on doing GPU pass through. It's tools for the job mate.
A three+ node modern Proxmox hyperconverged cluster will run rather a lot of concurrent voice calls. You can run in containers instead of VMs to get very close to the CPUs and RAM. You get Open vSwitch and all the toys in the box, which VMware classify as "get your wallet out".
On VMware you will want to set the low latency option for your VMs which means they can't vMotion or be paused and other limitations. If you want containers, you need Tanzu and that needs Enterprise Plus licensing, which is eyewateringly expensive. You also need a vCentre and other stuff which consumes resources, takes ages to start up, needs ages to patch and is basically a pain to care for.
I've been a VMware afficionado for over 25 years and we are migrating our VMware customers to Proxmox as fast as is practicable.
Mind you, nowadays people are so conditioned with Teams and co's rubbish latency that they will put up with over 1 sec of latency without blinking. Back in the day that was satellite relay times for a call from the UK to AU
"This is the best reason I know to use a VPN."
(I also keep a local DNS server or two handy, just in case I can't use a VPN. Mind you its pretty easy to fiddle with proxies over unlikely protocols to get out of a hole.)
I think you are absolutely correct - obviate the risk by tunneling out. However, your tunnel should go to a safe place. That safe place for me is home and not an external provider. That may not be the case for others.
Internet "safety" is quite a complex issue. I think you are following current good practice. Crack on 8)
Cheers
Jon
"I get that non-password-protected wifi can have its contents seen by anybody nearby; it's effectively sending everything in plaintext."
No it isn't, and some of the responses to your comment are a bit mad.
Wifi passwords are for authentication to the network itself and not some sort of encryption mechanism. No password requirement simply means that anyone may use the wifi. You don't have to enter a password (pay) to enter the M5, M4, M1, M25 etc but you do have to pay to use the M6 toll section. In both cases you get to use the road but you have to "authenticate" to the M6 toll (with dosh). The roads experience are largely the same.
Many public wifi setups will isolate each client from each other. To test that, try a broadcast ping or an nmap ping scan.
Now you have comms then it is up to you to secure what you do with it - not the provider: they might like to harvest an email address to spam and perhaps watch your DNS look ups etc. It's up to you to decide how much information to leak. You might not care. Your comms with most web sites are secured by TLS these days and that is end to end encryption. The provider will still see the traffic flows but not the content.
If you really want to go dark then you will need a VPN back to a trusted place. That means back home. You will need to host your own VPN solution - OpenVPN/IPSEC/Wireguard. Now you are only leaking information to your ISP ...
Cheers
Jon
"He said the decision was designed to prevent AWS and Google charging for Redis in their database services without paying for it."
That's not why open source exists and demonstrates a complete lack of imagination. GPL would have sorted this problem out but instead they went for the trendy BSD jobbie that is beloved of Apple and co.
The GPL requires you "give back" in return for the free stuff. If you improve it, your improvements are required to be shared. Its all a bit communistic but it does work rather well. The Linux kernel is a GPL licensed project and who can deny how effective that has been?
My company makes quite a lot of dosh out of supporting open source software. We always try to give back with knowledge (we are not programmers). We try to engage with wikis and the like for all the projects we use.
We take and try to give. That's what open source is all about.
This is quite serious stuff and we are not seeing DevOps fiddling with a nuclear power plant as some commentards imply.
Nuclear engineering requires nuclear engineers. They do not program anything with Powershell and other frippary. Constellation Energy are the contractors and MS is just a customer.
"The server wasn't compatible with the organization's security monitoring tools"
So you start off with a port scan from the outside and then inside. Nessus is a couple of grand per year on prem or you hire an outfit to do it for you. Other scanners are available. It can use ssh and will work with ksh. AIX has a syslog daemon which can send to a central collector. It has SNMP (Security Not My Problem) so there's that!
"That's a pleasingly detailed and correct response." and also bollocks:
"The cafeteria had 23 apples. If they used 20 to make lunch and bought 6 more, how many apples do they have?"
x=23. x+6 = 29.
Making lunch has nothing to do with anything unless you decide it does. There was nothing that implies the cafe "lost" some apples due to lunch related shenanigans.
FFS, sharpen up!