* Posts by sedregj

164 publicly visible posts • joined 29 Oct 2023

Page:

Linus Torvalds offers to build guitar effects pedal for kernel developer

sedregj Bronze badge
Gimp

Re: Aion FX are they really tracing ?

"Big Muff"

... Fnarr!

Azure networking snafu enters day 2, some services still limping

sedregj Bronze badge
Windows

Re: Snafu...

They even manage the rather banal: "significant signs of recovery".

It's always nice to see significant signs of something in a binary system:

Is the service working or not working?

Yes ... ish ... or rather no but significantly nearly yes!

Just when you thought terminal emulators couldn't get any better, Ghostty ships

sedregj Bronze badge
Devil

Re: Interesting . . .

I too will probably stick with Konsole. I clicked on the .deb to download it from Github and Discover kicked in and asked me if I wanted to install it and then start it. I am rocking Kubuntu at the moment.

The only reason I wont be sticking with Goshty is because it will not automatically update along with everything else, on an Ubuntu box. I have to worry about things like PCI DSS and Cyber Essentials Plus and co. I could integrate it myself eventually and that would be fine but I already have a few other projects that I do that for.

Ghostly is very pretty and very fast. I ran a very quick check:

# time tree /var

1559 directories, 25835 files

real 0m0.165s

user 0m0.088s

sys 0m0.076s

konsole gives similar results too. For a laugh I wont even bother trying to run dir in a Windows cmd.exe box. Windows does have a decent new terminal thingie but not for servers (wtf?)

Fining Big Tech isn't working. Make them give away illegally trained LLMs as public domain

sedregj Bronze badge
Windows

Garbage in, garbage out

"have, and still are, scraping the internet and media to train their models"

Multiple LLMs have been trained on basically the whole internet and they still hallucinate and talk bollocks. GPT5 is late and will be worryingly crap too.

This is not the AI you are looking for and never will be, no matter how many billions of squids you spend on GPUs and power stations.

It's all tulips.

systemd begrudgingly drops a safety net while a challenger appears, GNU Shepherd 1.0

sedregj Bronze badge
Linux

Re: 42% less unix philosophy

"Eleven seconds"

What does dmesg imply your boot time from OS start really is?

I replaced OpenRC on my Gentoo boxes with systemd. I used to love the flexibility of a symlink or two and conf.d/net. Back in the day, I had quite a funky set up on my laptop which used a sort of multi link ppp through my and my wife's mobiles to get to the internet if they came within range and wifi was not available.

Roy Marples (Uberlord) was a lovely chap (RIP).

I get to write units that will work badly but consistently badly on all nearly all Linux distros these days.

sedregj Bronze badge
Gimp

Re: 42% less unix philosophy

"It's a complete and absolute nightmare."

Your use case is not the usual ones and I don't recall Miguel Van S's initscripts guaranteeing anything either. OpenRC and initscripts? Nope (maybe with some twiddling). Daemontools - lol!. Upstart - yes ... lol. I've seen a lot of inits. *BSD too (I won't bore the audience).

Synchronous boot is basically dump everything and run everything from rc.local or autoexec.bat and config.sys. That is not what my laptop or desktop or servers needs.

However, I do know but have not played much with it, that systemd units do have a very rich set of dependency semantics - if there are bugs then report them politely. I have found the systemd mob pretty decent to talk to and responsive.

You do have a valid use case (obviously) but is is not the usual one. Systemd is really well documented and I do know that if you find behaviour that deviates from the docs they will either fix the docs or the code! There are quite a few tools provided too to profile what happens during boot, including things that will spit out unit orderings and timings and flame graphs and the rest. Their docs are vast and wide ranging and well worth reading.

At least one of the devs (some German bloke) hangs out on Masto and is quite approachable.

Doctor Who theme added to national sound archive to honor innovation, longevity

sedregj Bronze badge
Mushroom

Re: Ron knew more than he was telling

"that we learnt Time Lord's have two hearts"

You probably avoided the books, judging from your comment.

We'll need a proper Who nerd to determine whether the books informed the telly or vice versa 8)

Linux 6.12 is the new long term supported kernel

sedregj Bronze badge
Gimp

Re: Anyhow, a good reason to use Ubuntu Server.

You can avoid snap and you can remove it.

"RHEL based distros might have their faults but so far I can build my servers" - RHEL costs a subscription and the rest are plain weird. I gave up on RH 20+ years ago, when Mandrake rocked up. I do nurse a few "appliances" that insist on RH derivatives. Centos went west and Rocky rocked up ...

Most of my VMs running Ubuntu are minimal installs from around 16.04 and ungraded to the next LTS every few years. I recently had to run up Apache Guacamole on a rather wobbly RH estate and that was quite an eye opener. Guacamole is pretty conservative - Tomcat9 and Java11 for now (1.6 will move on a bit). The beastie I was given wanted to install TC4 - it's lucky I'm 53 y/o and still remember that version.

To be fair, its not really RH's fault but more the attitude of those that use it and abuse it in creative ways.

How often do you turn off SELinux?

Google Gemini 2.0 Flash comes out with real-time conversation, image analysis

sedregj Bronze badge
Gimp

GIGO

These things are all jolly clever but unfortunately the training data is rather variable in quality. You cannot conjure intelligence out of thin air, algorithmically.

I've been on the end of an "agent" on the phone to an organisation (FedEx). It repeatedly told me to use their web site ... which was broken at the point I needed to work and was why I resorted to the phone. Very little "I" there, for whatever that thing cost them. To be fair, it avoids having to pay people to follow scripts. To be unfair, it appears to be part of an attitude of: "fuck the customer, they pay anyway".

I managed to glean some email addresses via some searches and a polite email to them all got someone to call me and get the issue sorted - Yay Brexit: Customs (VAT n Duty) like its 1980 again!

Microsoft hijacks keyboard shortcut to bring Copilot to your attention

sedregj Bronze badge
Linux

Re: All I want to know

"Is how to keep Copilot disabled."

When I hit Ctrl-Space I get a little Search box appear at the top of my screen. I can map that shortcut to anything I like too.

China launches AI that writes politically correct docs for bureaucrats

sedregj Bronze badge

Pooh

Bear.

Marmalade does not cure Covid 19 but it's jolly tasty and assists a Spanish town's economy.

How much more Chinese do you need?

I'd love to know what an AI makes of the above - answers on a postcard please to the usual address!

Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

sedregj Bronze badge
Windows

Re: Update week

I run a small IT company.

We worry about 1000's of PCs. Don't forget switches, routers, RACs and basically everything that boots something.

Don't complain unless you can fix it in some way. It is the way of things. For me, I'm gradually removing Microsoft., where I can.

Canada commits $1.4B to sovereign compute infrastructure as it joins the AI arms race

sedregj Bronze badge
Gimp

Re: Preserving the flying squirrel, moose, and McKenzie brothers, hey

Twat

Huawei handed 2,596,148,429,267,413,
814,265,248,164,610,048 IPv6 addresses

sedregj Bronze badge

Re: Good for Huawei

SPX is the router part of IPX/SPX. It is a 32 bit number.

An IPX/SPX "internet" is 32 bit subnets each of which is a 48 bit subnet.

An IPv4 internet is 32 bit in its entirety.

For each IPv4 address you can map a SPX network and hang an entire 48 bit address space off it.

sedregj Bronze badge
Windows

Re: Good for Huawei

Absolutely. IPX/SPX makes far better use of a frame and was available decades ago.

OK so your MAC address is your network address but surely sacrificing a little privacy is worth it? I'm surprised the PRC haven't tried to bring it in ...

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

sedregj Bronze badge
Windows

Re: Chinese are born entrepreneurs, unfortunately

Wot?

You might as well start with: "Unaccustomed as I am ..." or "Some of my best mates are Chinese" or similar bollocks.

FreeBSD 14.2 wants to woo Docker fans, but still struggles with Wi-Fi

sedregj Bronze badge
Windows

Re: 'Upgrades are so safe they're almost boring'

Chill mate. *BSD is important.

I'm not sure that a weird firmware shennanigans journey involving IoT gear is worth worrying about. Document what happened and move on. That's the enterprise way and you might not be too surprised how often Windows sysadmins have to do that too.

It took me a good month or so to get a couple of HP laptops to upgrade their BIOSs when running Linux, yet my desktop (HPE) does it via Discovery without prompting.

IT is hard. Its not personal - all OS's, platforms, etc are a bit wank and will fail to inspire at some point but it is the mark of the consultant as to how they respond to adversity. Do you whine on el Reg or do you dive into the rabbit hole for a few hours?

Broadcom makes U-turn on plan to serve top 2,000 VMware customers itself

sedregj Bronze badge
Windows

Re: unhappy partners?

"I wonder how many “partners”, ... are now diversifying into competitive product sets"

Little ex-partner here. I'm run off my feet migrating VMware to Proxmox. The bigger customers will take a while yet but the smaller ones are an easy job.

Linux Qemu based virty is very decent these days. Its rather nice having the hosts back under your control and not how VMware think they should be - for your own good, obviously.

I've been a VMware consultant for over 20 odd years.

Fuck 'em!

Broadcom loses another big VMware customer: UK fintech cloud Beeks Group, and most of its 20,000 VMs

sedregj Bronze badge
Gimp

Look at the other numbers. 20,000 VMs on 3,000 hosts, 20 DCs. That needs a lot of vCentres and all the other bollocks.

Mostly all the other bollocks and there is a lot of it when you do E+ with knobs on. Add in Tanzu if containers are your thing and you need even more. SDN and a funky firewall? lol, more controllers and more stuff.

No, Broadcom did not just end VMware's flagship VCDX certification program

sedregj Bronze badge
Gimp

Re: Clearly "Not with the Program"

"will be as relevant as a Novell Netware CNA."

Phew, luckily I have a CNE (for NW 4-6).

First-ever UEFI bootkit for Linux in the works, experts say

sedregj Bronze badge
Linux

Re: What took them so long?

I have a HP laptop (on my lap) and a HP desktop at work. Both run Kubuntu. The work deskie is able to patch its BIOS automatically as part of the usual updates system (Discovery with local knowledge and knobs on).

The laptop has been a bit of a pain. I have finally got it to work by copying the updates to my EFI partition in a particular layout and using "BIOS recovery" which basically seems to be designed to work regardless of the state of the BIOS.

Secure Boot is enabled on both and I even run ESET on them, just like my Windows aficionado colleagues. That gets me through the Cyber Essentials Plus bollocks. Long gone are the days when a Lilo boot loader signified what really turned out to be ... security through obscurity!

The wife's lappie is the same model as mine but she rocks Arch. Actually she uses it to connect to the internet, which is what she calls Facebook and email. I look after it and I will soon be signing the kernel and modules and switching it to Secure Boot (with mucho care).

My other computer is a Commodore 64, with a USB interface and some odd ideas about memory handling!

Google must face £7B UK class action over search engine dominance

sedregj Bronze badge
Childcatcher

Re: Ads?

"I give it the finger"

I doubt you made its eyes water.

I suggest you keep your eyes on the road and ignore distractions.

A year after Broadcom took control of VMware, it's in the box seat

sedregj Bronze badge
Coffee/keyboard

Re: What a shame

"It's a shame to move from a leading tech to second-rate stuff"

Are you sure we are talking about the same VMware?

vCentre SSL certs are only just about something you don't have to fix biennially any more. Who can forget the laugh of making the wrong choice between ESX and ESXi and having to migrate? The vSphere client being a pile of steaming shite and finally becoming quick and reliable and then being replaced with ... the Flash thing. Then the current effort was written from the ground up. A current vCentre is a monstrous beast.

I could go on at some length after being an ex fan for 25 odd years.

sedregj Bronze badge
Gimp

Re: Supported Hypervisors

Cisco barely support UC at all.

For many of my customers, the fact that Veeam supports nearly everything, including Proxmox is the assurance they need that their data is safe. It may seem a bit odd that a backup product guides their thinking but, hey: that's "enterprise".

If your phones are still a sort of grey colour and look as though they were designed by Tonka then it might be time to move on, usually to something even more awful. Why on earth would you wand crystal clear voice when you can have crap quality in glorious technicolour, and rubbish Teams integration with horrific latency, that everyone accepts as the new normal. Grumble etc

sedregj Bronze badge
Windows

Re: What a shame

I finished moving a three node VMware cluster with iSCSI SAN to Proxmox recently. Loads of single ESXis moved across already.

If you have slots, slap in a wodge of SSDs and do Ceph. We have a spare box to kick off the process. Your cluster should be n+1 so blat one of the ESXis and add it to the spare to make a two node Proxmox and Ceph cluster. Be very careful! Migrate some VMs over until you can release another ESXi, continue until you have a n+2 cluster. Now very carefully remove the spare node and get on with life.

The SAN can be used for backups or binned for being a gas guzzler 8)

Single boxes: Get your spare migration box. Mount the VMware volumes on it and migrate the VMs, fiddle with VirtIO and so on. Then wipe the VMware box and make a two node Proxmox cluster. You can live migrate the VMs back to the first box. You get "Storage vMotion" for free with Proxmox \o/

Fuck VMware and Broadcom after being a fan for about 25 years.

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

sedregj Bronze badge
Windows

Important? You decide.

"Thus the likelihood of existence of a vulnerable application is low."

"Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time."

No.

Will passkeys ever replace passwords? Can they?

sedregj Bronze badge
Childcatcher

Implementation

"My last concern about passkeys is that the implementation seems to have failed the “make it easy for users” test, which in my view is the whole point of passkeys."

When it becomes complicated, you will lose customers.

I speak as the owner of an IT company and son of parents with complex IT needs and a wife who is a highly sophisticated social media user. Each class of user needs a suitable approach.

Mum and Dad: Prone to writing things down in random places and forgetting where. I got both of them to buy an old school address book for just IT related passwords (I know there will be mission creep but the books are the source). The books are locked away and quite hidden but still accessible also, each password is slightly hidden according to a really simple code - steganography really. However, I have managed to get them to use separate and complicated passwords for each site.

Wife: I maintain a Keepass database for both of us. I'm gradually migrating the boss over to random passwords. We've been married for 18 years and I expect to finish this job within about five more years.

It's all very well inventing cunning and fancy schemes but I suspect the kiddies that develop the next cool thingie are basically children with little to no experience of the real world. This is not something you nerd harder over. You have to look at the actual use cases, do a proper security review and create a solution that is appropriate. One that balances good practice with what is practicable.

Mozilla's Firefox browser turns 20. Does it still matter?

sedregj Bronze badge

I went back to FF a couple of years ago after a 15 year dalliance with Chrome and that because they got on my tits and FF had improved somewhat.

That position you just applied for might be a 'ghost job' that'll never be filled

sedregj Bronze badge
Windows

Re: Tle Law is A Ass

"[1] Warwick University is not in Warwick. Bloody snobs."

Bournemouth Uni (Dorset) has a site in Yeovil (Somerset). Seale Hayne (Newton Abbot) is part of Plymouth Uni - both are in Devon, so the same county but not exactly next door. I'm sure I could find similar examples up north.

Obviously, poor little Glasgee uni can only manage, say, this: https://www.gla.ac.uk/explore/campuses/dumfries/ - "Set in 85 acres of historic parkland" - gosh those posh southerners have it made!

Since when did we actually ever name things logically in these isles? Show me a Newton or Newcastle that is less than 1000 years old - and that's just in England.

I do have an uncle from Paisley who taught CD&T for some years at a school in Glasgow, back in the 1970s. He once had to disarm a lad wielding a chisel, who was off his tits on something and need to stab someone for no reason and other jolly japes. Warwick and Coventry also have some pretty shady parts - it's not all Shakespeare and thatched pensioners.

However you spin it: Glasgow to England mids is a bit of a flog at a pinch. If the deadline for the ghost job is tomorrow at unreasonable time then no need to get upset - at least you didn't make the trip. I suspect they actually did you a favour by deliberately being "unreasonable".

Black screens still plague Windows 10 Azure Virtual Desktop users

sedregj Bronze badge
Gimp

"This issue is caused by a deadlock in the interactions between the Azure Active Directory (AAD) broker and the underlying AppX deployment service (AppxSvc) and Background tasks infrastructure service."

Blah blah blah, we can't be arsed with actual testing of stuff and have forgotten how networks work.

This is a terminal services thingie with AD (LDAP n DNS n that) and a proxy or two to fiddle the network comms. It's not rocket science. This is all just network plumbing and they still can't stop fucking it up. The ultimate irony is that the really complicated stuff is the app/desktop that is presented.

Richard Branson to take balloon ride to edge of space

sedregj Bronze badge
Mushroom

Re: How much helium will we need

Why muck about with He when H is "lighter" and jolly explosive?

Elon Musk's X isn't important enough to feel the full force of EU regulation

sedregj Bronze badge

Re: Erm

"a cat with a sandwich strapped to its back"

That's a perpetual motion machine.

Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts plot

sedregj Bronze badge
Gimp

You can use a CNAME and another DNS domain, just for ACME.

You don't have to give admin rights. Implement RFC 2136

Trump campaign arms up with 'unhackable' phones after Iranian intrusion

sedregj Bronze badge
Windows

Re: I call bullshit

It (might) runs on a device they made themselves based on the recently released and rather attractively priced Longsoon "Sniplizard" CPU. So cheap it almost looks subsidized.

You can tell the code is secure: they've removed all the ##TODO comments ... Yay \o/

BOFH: Boss's quest for AI-generated program ends where it should've begun

sedregj Bronze badge
Childcatcher

Re: NS>AI

"as being so easy to operate, even a child could do it"

Cats used to operate the VCR.

Eric Schmidt: Build more AI datacenters, we aren't going to 'hit climate goals anyway'

sedregj Bronze badge
Childcatcher

Schmidt

The daft old fucker has really lost the plot.

Yay, burn baby burn those kWH on phantasms.

If Dell's Qualcomm-powered Copilot+ PC is typical of the genre, other PCs are toast

sedregj Bronze badge
Childcatcher

Re: Function keys on a touch bar?

Beware of the leopard

Brits hate how big tech handles their data, but can't be bothered to do much about it

sedregj Bronze badge
Childcatcher

Re: Compulive cookie clearer

@PST - how on earth did you end up with first, second, third?

Perhaps a PiHole might work for you. https://pi-hole.net/

AT&T claims VMware by Broadcom offered it a 1,050 percent price rise

sedregj Bronze badge
Holmes

Re: No sympathy

VoIP - lol, try doing video analysis. I wrote a wiki page for Zoneminder on doing GPU pass through. It's tools for the job mate.

A three+ node modern Proxmox hyperconverged cluster will run rather a lot of concurrent voice calls. You can run in containers instead of VMs to get very close to the CPUs and RAM. You get Open vSwitch and all the toys in the box, which VMware classify as "get your wallet out".

On VMware you will want to set the low latency option for your VMs which means they can't vMotion or be paused and other limitations. If you want containers, you need Tanzu and that needs Enterprise Plus licensing, which is eyewateringly expensive. You also need a vCentre and other stuff which consumes resources, takes ages to start up, needs ages to patch and is basically a pain to care for.

I've been a VMware afficionado for over 25 years and we are migrating our VMware customers to Proxmox as fast as is practicable.

Mind you, nowadays people are so conditioned with Teams and co's rubbish latency that they will put up with over 1 sec of latency without blinking. Back in the day that was satellite relay times for a call from the UK to AU

CrowdStrike's Blue Screen blunder: Could eBPF have saved the day?

sedregj Bronze badge
Windows

Re: Just no.

"We don't give ads away for free."

Quite right, that's a form of corporate suicide for any dog eared rag 8)

Public Wi-Fi operator investigating cyberattack at UK's busiest train stations

sedregj Bronze badge
Childcatcher

"This is the best reason I know to use a VPN."

(I also keep a local DNS server or two handy, just in case I can't use a VPN. Mind you its pretty easy to fiddle with proxies over unlikely protocols to get out of a hole.)

I think you are absolutely correct - obviate the risk by tunneling out. However, your tunnel should go to a safe place. That safe place for me is home and not an external provider. That may not be the case for others.

Internet "safety" is quite a complex issue. I think you are following current good practice. Crack on 8)

Cheers

Jon

sedregj Bronze badge
Childcatcher

"I get that non-password-protected wifi can have its contents seen by anybody nearby; it's effectively sending everything in plaintext."

No it isn't, and some of the responses to your comment are a bit mad.

Wifi passwords are for authentication to the network itself and not some sort of encryption mechanism. No password requirement simply means that anyone may use the wifi. You don't have to enter a password (pay) to enter the M5, M4, M1, M25 etc but you do have to pay to use the M6 toll section. In both cases you get to use the road but you have to "authenticate" to the M6 toll (with dosh). The roads experience are largely the same.

Many public wifi setups will isolate each client from each other. To test that, try a broadcast ping or an nmap ping scan.

Now you have comms then it is up to you to secure what you do with it - not the provider: they might like to harvest an email address to spam and perhaps watch your DNS look ups etc. It's up to you to decide how much information to leak. You might not care. Your comms with most web sites are secured by TLS these days and that is end to end encryption. The provider will still see the traffic flows but not the content.

If you really want to go dark then you will need a VPN back to a trusted place. That means back home. You will need to host your own VPN solution - OpenVPN/IPSEC/Wireguard. Now you are only leaking information to your ISP ...

Cheers

Jon

Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims

sedregj Bronze badge

"In July, security shop Zscaler revealed that a Fortune 50 company had paid a $75 million ransom"

Why did a Zscaler customer pay out $75M? Or were they a customer afterwards?

Majority of Redis users considering alternatives after less permissive licensing move

sedregj Bronze badge
Linux

Failure to understand: Open Source

"He said the decision was designed to prevent AWS and Google charging for Redis in their database services without paying for it."

That's not why open source exists and demonstrates a complete lack of imagination. GPL would have sorted this problem out but instead they went for the trendy BSD jobbie that is beloved of Apple and co.

The GPL requires you "give back" in return for the free stuff. If you improve it, your improvements are required to be shared. Its all a bit communistic but it does work rather well. The Linux kernel is a GPL licensed project and who can deny how effective that has been?

My company makes quite a lot of dosh out of supporting open source software. We always try to give back with knowledge (we are not programmers). We try to engage with wikis and the like for all the projects we use.

We take and try to give. That's what open source is all about.

Microsoft cash to help reignite Three Mile Island atomic plant

sedregj Bronze badge
Mushroom

This will be fascinating to watch

This is quite serious stuff and we are not seeing DevOps fiddling with a nuclear power plant as some commentards imply.

Nuclear engineering requires nuclear engineers. They do not program anything with Powershell and other frippary. Constellation Energy are the contractors and MS is just a customer.

Chinese spies spent months inside aerospace engineering firm's network via legacy IT

sedregj Bronze badge
Childcatcher

Monitoring

"The server wasn't compatible with the organization's security monitoring tools"

So you start off with a port scan from the outside and then inside. Nessus is a couple of grand per year on prem or you hire an outfit to do it for you. Other scanners are available. It can use ssh and will work with ksh. AIX has a syslog daemon which can send to a central collector. It has SNMP (Security Not My Problem) so there's that!

Microsoft's Copilot 'Wave 2' is a tsunami of unanswered questions

sedregj Bronze badge
Gimp

Re: Plagiarism

Try not to choke on your crayons

OpenAI's latest o1 model family tries to emulate 'reasoning' – tho might overthink things a bit

sedregj Bronze badge
Gimp

"That's a pleasingly detailed and correct response." and also bollocks:

"The cafeteria had 23 apples. If they used 20 to make lunch and bought 6 more, how many apples do they have?"

x=23. x+6 = 29.

Making lunch has nothing to do with anything unless you decide it does. There was nothing that implies the cafe "lost" some apples due to lunch related shenanigans.

FFS, sharpen up!

Major ISP bungles settings, causing Microsoft 365, Azure outage

sedregj Bronze badge
Windows

Re: DNS

DNS, NTP and BGP are the four protocols of the apocalypse.

Research suggests more than half of VMware customers are looking to move

sedregj Bronze badge
Childcatcher

Re: Options

"I'm sure there's some edge-case features in VMware that Proxmox/Nutanix/Red Hat aren't providing"

There really isn't and I remember when ESX booted on RedHat before ESXi was *cough" invented.

Page: