* Posts by Donn Bly

478 publicly visible posts • joined 10 Jan 2008

Page:

Windows Server Update Services live to patch another day

Donn Bly

Re: Someone from a company selling cloud patching software announces WSUS is outdated...

If they are air-gapped, then someone needs physical access, and if they have physical access then no amount of security patches will make a difference, because, well, because it is Windows. That is why the most up-to-date security patches aren't a priority on those systems, touching them periodically to check logs and hardware health and apply any necessary updates at that time is generally sufficient.

Donn Bly

Re: Someone from a company selling cloud patching software announces WSUS is outdated...

I wouldn't go so far as the "sponsored article" trigger warning, but the rest of your points are valid.

The nice thing about air-gapped systems is that I don't have to worry very much about security updates. Updates on initial deployment, however, can be a pain.

I can't even do a manual install of an update on Windows 11 that was previously downloaded from the update catalog without the machine having a connection to the Internet. Even with Windows 10, I could do an offline install and then run a batch file that would install each of the updates to bring it current, all from a single USB without it requiring a network connection. Many locations I support have minimal Internet connections, and going cloud-based for everything is not always an option.

Windows 11 adds auto-recovery, kills offline setup loophole

Donn Bly

Removing BypassNRO is shortsighted

I support small businesses that are large enough or have software requirements that result in them having an on-premise file server, but for various reasons do NOT use Microsoft 365 or Entra.

Our process for these businesses is to take any hardware purchased or turned in during turnover and start with a fresh repartitioning, format, and operating system load of Win 11 Pro. These steps all take place offline. Then we disable automatic updates and put this known-clean system on a designated VLAN, load OEM drivers, an initial set of pre-downloaded Microsoft updates, and install our RMM application. Then we use the RMM to finish the updates, log system inventory, etc.

It then goes back on the shelf until needed, at which time I join it to the domain. All of the preceding steps take place at a location that is inaccessible to the domain controller, in fact, we often don't even know to which site or domain the machine will eventually be deployed. Of the machines that we DO know, we usually have no idea who the end user will be. It may be a new hire or be used to exchange existing equipment.

At no time during this process is a Microsoft account wanted or needed. If a user is using Microsoft 365, THEN a Microsoft account can be added.

Given these changes, what will be the "Microsoft recommended and supported" method of preparing these machines?

Glitchy taxi tech blew cover on steamy dispatch dalliance

Donn Bly

Re: Hilarious

They used to -- I have a friend who is a certified medical coder who was downsized and can't get a job in the field because it has all been replaced by AI

C++ creator calls for help to defend programming language from 'serious attacks'

Donn Bly

Re: Failure to see

and they will dig out the old specs, and require it to be written in ADA

Donn Bly

Re: Care to bet a fiver?

Seeing as how we still have industries maintaining code in COBOL, I don't see C going away any time soon.

WordPress war latest: Ploy to trademark Hosted WordPress, Managed WordPress derailed

Donn Bly

Prior Use?

As someone who writes WordPress plugins, hosts websites (including some developed in WordPress), and manages WordPress sites hosted elsewhere, I have used the phrases "managed WordPress", "hosted WordPress", and "self-hosted WordPress" many times over the last 10+ years in bother verbal and written communications with my clients when referring to some of the work that I do. I don't claim to be original with them, but just giving examples of how others used the phrases in commerce long before the WordPress Foundation (which neither manages nor hosts websites for others) have been used in commerce.

If Mullenweg was successful in obtaining these trademarks, can you imagine how this would affect the rest of the industry in terms of other products if companies could start just sticking "managed" or "hosting" in front of their product and exclude all others from using the terms?

One third of adults can't delete device data

Donn Bly

Re: Shredder is the answer

My preference is on the side of a hill at 100 yards as I sight in a new rifle. Although as an American I don't NEED an excuse for another rifle, I will take whatever excuse I can muster ;-) The hard drives just get the 3/8" drill bit in the drill press. Quick and easy.

Apple called on to ditch AI headline summaries after BBC debacle

Donn Bly
Coat

Not an AI Problem

This isn't an AI problem. Editors in news media have been creating "click-bait" headlines for shock value since long before the days of the Internet. How often have you picked up a newspaper or read an article from a mainstream news source where the headline contradicted the article that followed it? The only thing here is that computers are doing it faster, putting hard-working editors out of work.

The Automattic vs WP Engine WordPress wars are getting really annoying

Donn Bly
Devil

Where have we seen this before?

The new conspiracy theory is that Matt Mullenweg may have become possessed by the ghost of Roger McAfee.

Dark web crypto laundering kingpin sentenced to 12.5 years in prison

Donn Bly

Re: Open

Thieves, miscreants, and EVERYONE ELSE gets their loots mixed -- just like at your local bank.

If I deposit $1000 from selling a bike, and you later withdraw $500 to hit the casino, and some of the bills you withdrew came from my deposit, did the money you withdrew come from the sale of my bike or from the paycheck you deposited last week?

If you have made five $1000 deposits via check over the last month, and then later withdraw $100, which of the five deposits did that $100 come from? None of them? All of them? Since they were check deposits, the serial numbers of the $100 you withdrew would have absolutely no correlation to the source of the funds.

Mixing is a fact of life. Yes, it happens when criminals launder money -- but it also happens in legitimate transactions every day. So yes, it is the same.

Donn Bly

Re: Open

It has been known for years that 90% of all US $20 bank notes were contaminated with measurable cocaine residue. A study published in Forensic Science found that 92% of $1 notes were contaminated. These are the small bills in your pocket, in the tills of every bank and cash register in the nation, not the $100 bills used in bulk to fund the large illegal transactions. We are talking about two completely different things.

Donn Bly

Re: Open

You could say the same thing about your paycheck, as a portion of that money may have been used for a murder for hire at some point.

If you have a $20 bill in your pocket, there is a 90% chance that banknote is contaminated with cocaine from the drug trade.

If you have any currency, physical or virtual, then you have a mark on your back.

WordPress's Automattic openly tracks websites bailing from rival WP Engine

Donn Bly

"WP Engine can and always has been able to access the WordPress software and plugins available on WordPress.org, as can anyone."

That is a very interesting claim, considering that this started with Automattic BLOCKING access. Everyone who has been following this fiasco knows that they are lying through their teeth. Not that they had a lot of credibility left, but they certainly lowered it even more.

WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly

Donn Bly

Forked?

When it comes to the ACF plugin, I don't think that "forked" is the right word to describe what they are doing. They made a copy, renamed it, and are apparently pushing the renamed version out to existing websites without the website owner's explicit consent under the guise of a "security fix" on an issue that has already been patched. To me it looks more like a Hijacking.

Donn Bly

Yes, but just because Mullenweg says that WP Engine doesn't contribute doesn't make it true. If WP Engine didn't contribute to the community, then we wouldn't be talking about how WP Engine isn't going to be allowed to continue to sponsor community events such as WordCamp, how their employees and developers are no longer going to be allowed to participate in events or contribute code, or how a WordPress plugin developed and maintained by WP Engine is being forked by Automattic and renamed. Those are all contributions to the WordPress community, they just aren't direct contributions to Mullenweg's bank account.

Arm reportedly warns Qualcomm it will cancel its licenses

Donn Bly

Re: Licence

The problem I see is that if existing licenses aren't transferrable, then anybody who has such a license and has developed products or intellectual property with it cannot put any kind of a value on that IP or product design, as it would go away in any sale or merger.

The second problem is that if ARM is trying to build a business model on non-transferrable licenses, then they really can't consider those licenses to have recurring revenue because all a licensee has to do to terminate is sell themselves to themselves.

California cops cuff suspect in deadly drone-assisted drug deal

Donn Bly

The reason criminals typically do not obey such laws is NOT because it makes them hard to catch, it is because they are CRIMINALS and don't care about following the law.

The drone being registered does not make it easier for law enforcement to follow it.

Yes, your network is down – you annoyed us so much we crashed it

Donn Bly

Re: Other ways of attracting attention

There are ways to send SMS without revealing the number, but the recipient cannot reply to such a message. I used to get harassing text messages that were sent via an API that my cellular provider maintained and the messages all came through with a number of all zeros.

But to get a reply I can use an Email to SMS gateway, and if the recipient replies I get their reply back as an email message.

Latest in WordPress war: Automattic says it wanted 8% cut of WP Engine revenue

Donn Bly

"The software should be freely available to anyone to use for any purpose, and without permission."

Those aren't my words, those are the words of the WordPress Foundation, one of their stated goals when Matt Mullenweg helped create it in 2009. The idea behind the foundation was that no one person or company should be able to control the direction or future of WordPress or any other project supported by the foundation. A year later he transferred the WordPress trademarks to the foundation. Now over a decade later and after receiving hundreds of thousands of hours of donated labor from community members that were integral to making the project a success, he apparently wants to walk that back.

There are a LOT of companies that have based their business model on producing products and services that run on top, under, or alongside WordPress. Good or bad, it is the most popular website framework with more than 40% of all websites on the Internet using it. Quite a few of those companies have "WP" in their company or product names, as it is not a trademarked term.

I'm wondering if "WP Beginner" is going to be the next company in Automattic's crosshairs -- or is he only going to go after the companies that compete with his hosting company?

It seems that Automattic is now offering WP Engine customers free migration services to migrate their websites to Mullenweg's hosting company. This entire dispute couldn't be about Automattic just trying to increase market share, could it? Sure is looking that way.

Donn Bly

I wonder if those servers are being run for and by Automattic, or if they are run for and by the WordPress Foundation. If they are Automattic's then there is no issue with them blocking access, but if those servers are being run for the foundation, even if Automattic donates the hosting, then I see huge red flags with Automattic cutting off access to the customers of their competitors. Because that is what they did, they didn't just cut off WP Engine, they cut off every company that uses WP Engine for hosting even if those companies don't use WP Engine's management services.

Donn Bly

Automattic is trying to frame this as some sort of trademark dispute, but we should note that the WordPress foundation owns the rights to the WordPress trademark, not Automattic. The WordPress Foundation has licensed the trademark to Automattic, but the trademark does not extend to the letters "WP". Neither the foundation nor Automattic have exclusive rights to "WP". That is why "WP Engine" or any other business name that contains those letters is not a trademark violation, whether related to WordPress or not.

But 8% of the GROSS TURNOVER? That is more than the net profit of many hosting companies. WP Engine is a hosting company, and they have built their business around hosting open-source applications, particularly WordPress, but Apache and Linux certainly make a bigger contribution to their bottom line in terms of dollars per line of code. Yet while WP Engine makes money from hosting WordPress websites, Automattic somehow feels that they are entitled to all of their profit from all lines of business?

This is nothing more than Automattic trying to weaponize open source to take out a competitor.

Will they try to take 8% of GoDaddy's profit next? Are they going to start demanding a percentage of all sales from WooCommerce sites like the credit card companies do?

And that term sheet -- they want to prevent someone from forking open source software? They want someone to agree to terms and conditions for branding for seven years when they haven't even defined what those future conditions would be? Nobody in their right mind would sign any sort of contract like that, and Automattic knows it. Mullenweg could be a poster child for "negotiating in bad faith".

WordPress.org denies service to WP Engine, potentially putting sites at risk

Donn Bly

Full disclosure - I am a developer who has developed WordPress plugins and themes for my clients to extend functionality to their unique needs. I don't use WP Engine (or Wordpress.com) for hosting.

This isn't about WP Engine being a leach, this is about WP Engine being competition for Automatic's Wordpress.com hosting

WP Engine doesn't really make money directly from WordPress per se - they make their money from people who use WordPress and pay WP Engine to host and help them with their WordPress sites. They are a great ambassador for WordPress, and contribute to WordPress by driving customers to WordPress and theme and plugin developers who have built businesses around WordPress, but Matt Mullenweg doesn't see it that way and in his short-sightedness he is trying to weaponize the open source to which thousands of others have contributed.

What this really means is that every plugin developer will need to set up mirrors and create alternate means for distribution, because we can no longer trust WordPress to have the best interests of the community. It isn't a big deal for me since I already have that infrastructure in place for updates to the plugins that I developed, but it will be for others.

But it also creates a business opportunity from anybody who wants to write a plugin to independently monitor the versions of other plugins and then proxy the updates. If I wasn't already over-committed on other projects, I might do that myself.

VMware reportedly probed by Japanese anti-monopoly cops

Donn Bly

Their statement that sales of the bundles have exceeded expectations can be seen as an admission that they didn't expect to actually sell any

Admins using Windows Server Update Services up in arms as Microsoft deprecates feature

Donn Bly

Re: I wonder how many people are migrating....

They might be sour, but he isn't wrong

Donn Bly
Coat

Re: Not a surprise

ok, I'll bite... I think that they wlll make a touch screen a requirement, and you have to slide the screen up with a multi-touch gesture and then tap a button in the middle of the screen.

I know, I shouldn't give them ideas, but that's about as accurate as any other prediction

Former Autonomy CFO banned from chartered accounting group until 2038

Donn Bly

Charging £450K for investigation

I get why they expelled him. Private organizations can expel members who they feel violate their codes of conduct. But to bill Hussain £450K for an investigation that he did not likely request smacks of the type of fraud (inflated numbers) of which he was accused and convicted. If anything, it makes me wonder if Hussain's actions were more of the norm than the exception, and his only crime in their eyes was being caught.

Microsoft punches back at Delta Air Lines and its legal threats

Donn Bly

Since Linux systems have also been borked by Falcon updates, that is more of a sideways step than a step forward.

On one Prime Day, Amazon warehouse workers endured '45% injury rate'

Donn Bly

Re: How?

It is simple, they don't. If they truly averaged 45 percent of all workers injured per day, they wouldn't have any workers in a week.

Microsoft ad subsidiary Xandr accused of violating GDPR

Donn Bly

Loophole?

It looks like the data brokers are trying to establish a loophole, all they have to do is make sure that some of the information is inaccurate and they can't be held accountable. Being able to identify data as belonging to a single user, and being able to prove that you are that single user, are two different things. If the user is unemployed, and the uuid that they are requesting to have removed is marked as a student or being employed, then the mismatch would "prove" that they AREN'T that particular user and thus wouldn't have the right to have that data removed - even if everything else matched.

I really do miss the days of untargeted advertising. When a web ad was a just digital billboard and it didn't matter which eyeballs saw it, and no data was collected other than the number of impressions on the page.

But I do have to shake my head, because we have one side of governments that want to eliminate anonymity and track every action on the web back to a specific user (for the children, for course), while the other side of the same governments simultaneously want all traffic to be anonymous. Of course, these are the same government that want "secure" encryption with a back door. In the mean time, I will just do my part to continue to feed bogus information to the algorithms so that the data brokers really DON'T know who I am.

VMware giving away Workstation Pro, Fusion Pro free for personal use

Donn Bly

Not sure what making it free does for us. I have already paid for it, but cannot download it to put it on my new laptop. In fact, I can't get to ANY of my entitlements. Even created a support case the first of the week and provided them with copies of the contract numbers and everything, but now when I try to log in to see the status of the case I just get an "error, please try again later".

Senator Warren slams Intuit's 'junk fees' as America's Tax Day rolls around again

Donn Bly

The government creates the rules, we just play by them

Intuit is a predatory company, and I am not going to defend them per se. But EVERY tax return can be filed for free if you want to fill out and file the forms yourself, and $133 is much less than what a CPA would charge if they prepared the return. Someone has to pay for the knowledge and training that a tax preparer has if they want to use that preparer to file their taxes, and Warren complaining that companies charge for the service is a non-starter.

Charging after the fact while claiming to be free is a different issue, and some C-level execs seeing the inside of a prison cell for fraud is a reasonable expectation.

However the government created the US tax code, so it is the responsibility of the government to fix it so that there is no need for private enterprise to step in and fill the void. It is legislators like Elizabeth Warren who are the ones responsible for overseeing that. Intuit can charge because Warren and her ilk haven't done THEIR job, and then are blaming free enterprise for filling the void that they left. If legislators would do their job instead of passing the blame this would be a non-issue.

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

Donn Bly

Rapid7 published the disclosure to hurt JetBrains and the users of their software. THAT action, by all definitions, is malicious. Also, as far as I am concerned, the guy who publishes your address on Craigslist with the note "come and get it while the owner is out of town, the key to the garage is in the lockbox, and the combination of the lockbox is "8675329" is just as culpable as the criminal that steals your stuff -- and that is basically what Rapid7 did.

Australian techie jailed for accessing museum's accounting system and buying himself stuff

Donn Bly

Have I Been Pwned

Given the number of data breaches over the years, anybody who does NOT have a listing on "Have I Been Pwned" probably lacks sufficient experience for anything much more than an entry-level or low-level position. And since LinkedIn was compromised in 2012, that means that many (most) people with 12+ years of industry experience (pick any industry) will be on the list since Circa 2012 companies would mandate LinkedIn profiles even though the employees didn't want or use them.

I am surprised that the percentage of people with listings wasn't higher.

The end of classic Outlook for Windows is coming. Are you ready?

Donn Bly

Re: Re:2FA

Exactly. He said that the SMS 2FA is regarded as insecure and that should be more to blame than IMAP. SMP 2FA is insecure because of things such as SIM cloning, which was admitted to have occurred in this case. Reading comprehension is a two-way street

Donn Bly

Re: I need classic outlook

And just how do you intend to archive IMAP into a local folder, which is really a PST file and the new outlook has no PST support?

Broadcom boss Hock Tan acknowledges 'some unease' among VMware community

Donn Bly

Yes, and it says a lot when Microsoft is the lesser of two evils

HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies

Donn Bly

Re: You can embed viruses into cartridges

Buy a laser, and your print quality will be even better and your cost per page much less. THAT is the most reliable and best value.

What's the golden age of online services? Well, now doesn't suck

Donn Bly

Re: 2:254/86.1

1:236/7.0 - It has been years since I have even thought of my FidoNet days.

'Return to Office' declared dead

Donn Bly

Re: A sizeable chuck of my income comes from rent of the building that my company rents from me.

I didn't write the rules, I just have to play by them.

Besides, My company is not the only tenant. Why should my company, which does IT work, own the building and be a landlord to some other company? Plus, if I sell off the IT company and retire, I still have the buildings and the rental income from them - as I have more than one commercial building. Those buildings are my retirement fund, and to still generate passive income from them means that I don't need to draw as much from other investments when I retire.

Donn Bly

Re: There it is

Of course they do. A sizeable chuck of my income comes from rent of the building that my company rents from me. It is a very good way to structure the income (active vs passive) and if I wasn't paying myself then I would just have to be paying someone else.

That said, I work from home too, only going in to get the mail and do the small part of maintenance to the server room that can't be done remotely.

BOFH: Adventures in overenthusiastic automation

Donn Bly

Re: Robots

Our mail robot (circa early 1980's) followed a chemical trail in the carpet. We also used removable carpet squares. So to show displeasure with management, swapping the tile that had the "stop" signal from in front of the department secretary's desk and putting it just past the boss's door so that it would stop and block him in had been known to happen a time or two. For the more ambitious, swapping a line of carpet tiles so that it followed a route into someone's cubical and stop had also been known to happen.

Watermarking AI images to fight misinfo and deepfakes may be pretty pointless

Donn Bly

Re: A stupid idea

Sure, you an cryptographically sign a watermark. All that would mean is that you could establish that the image was watermarked by a specific entity, at a specific time and place. Like an SSL Certificate, you would rely on the authority and reputation of the signer. But there isn't just one entity that would be doing the signing, or even dozens. Because of the proliferation of technology you have MILLIONS of potential generators, thus millions of potential signers. Relying on a cryptographically signed watermark would be like relying on a self-signed certificate - it would prove that it is watermarked but would NOT prove whether the source was legitimate, or whether the source was AI generated.

if you can inject a detectable watermark, then I can build something that would detect it. If I can detect it, then I can make subtle changes to the source to corrupt, obscure, or entirely remove that watermark to the point where it is not detectable. That completely negates the idea that an image without a watermark wasn't generated by AI. Even a visible watermark like you would have on the comp images from any stock photography outlet can be obscured so that you don't know the source of the image. Invisible watermarks are even easier.

Conversely, I can take an existing image and watermark it. As mentioned above, you have millions of potential generators and signers. My camera doesn't watermark the images, so the existence of a watermark or lack thereof on an image I publish does not in any way change the underlying fact as to whether or not my original photo was created by me. A watermark just attests to the claim of whomever is signing it.

Lost your luggage? That's nothing – we just lost your whole flight!

Donn Bly

Re: This one command you must not enter

Reminds me of the time when I was trying to explain the difference between mapped and physical drives, and how some things didn't work quite the same, to a client who thought that he knew more than the Novell consultant (me) he hired. So I typed "format f: /y" and pressed enter to demonstrate the point and he nearly had a heart attack. Nearly 30 years later, he is still a client.

If you like to play along with the illusion of privacy, smart devices are a dumb idea

Donn Bly

Android Location Permission

From my understanding of the permission structure, access to Bluetooth and WiFi under Andriod version 8 thru 11 and is lumped into the location permission - something that was changed under Android 12 and later. Of course it should never have been put there in the first place, but that isn't the fault of the app developer. For these researchers to state that they have "no idea" why an app that has to use Bluetooth or WiFi to search for devices might request or require location permissions shows a lack of understanding profound enough that it undermines the credibility of the rest of their research.

Bombshell biography: Fearing nuclear war, Musk blocked Starlink to stymie Ukraine attack on Russia

Donn Bly

I am still trying to figure out how a starlink signal would even REACH a submersible drone traveling underwater. It isn't as though 11 or 40 GHz have much penetration in water.

Beware the techie who takes things literally

Donn Bly

Re: RS232 and DOS

But it couldn't handle the FIFO buffer of the 16550 UART unless you used a FOSSIL driver, and if you used a FOSSIL driver you could use BASIC, or Pascal, or C, or whatever you wanted.... Ah the amount of things that we went through in the old days - back then I ran a FidoNet Node, and I still shudder on how much I spent on hardware.

Tesla to disable 'self-driving' feature that allowed vehicles to roll past stop signs at junctions

Donn Bly
Joke

Re: Not a "bug"

This kind of "feature" is when you use machine learning to analyze the actions of human drivers and emulate them. If they want to make the car behave more like a human driver, then it is going to mimic the bad behaviors as well as the good.

I am waiting for the "feature" when the car starts telling off any police officer that pulls it over that "I pay your salary with my taxes"

In a first, FTC extracts millions of dollars from online store accused of blocking bad reviews on its website

Donn Bly

Re: Settle

People and companies do it (settle without admitting liability) all of the time because it often costs more to prove that you are in the right than it is to defend yourself against the accusation.

Have you ever had a traffic ticket and entered into a ticket deferment program, even though you felt that you weren't guilty? I know that I have, because if you use the ticket deferment program you don't end up with points against your license AND you don't have to take days off of work, hire a lawyer, etc. It is cheaper to pay the ticket than it is to defend yourself against it.

On the civil side, you see it all of the time in copyright and trademark infringement cases. In employment law or consumer liability, it is often cheaper just to pay them to go away than it is to pay lawyers to fight it - because you have to pay your own legal fees even if you win.

I have been on the receiving side of this kind of thing too, where their lawyer walks in and asks "what will it take to make this go away, he has $50K in E & O insurance." I told my lawyer to take the money and walk away, because I was made whole even if they didn't admit that they did wrong.

4 Million sounds like a lot of money, but a lot of it depends on how much insurance they have.

Electrocution? All part of the service, sir!

Donn Bly

Re: "The power lead approached the PC..."

From my research for a client, there is at least ONE country that has BOTH 120 and 240 and uses different plugs to differentiate.

It surprises me that it isn't more common, as having both 120 and 240 in the same room is quite common in about every residential kitchen and most laundry rooms in the USA and Canada. However, while we have both voltages the plugs for each are significantly different in design and not likely to be confused -- other than the NEMA 6-15 but that plug/outlet style is not common at all outside of industrial applications and I have NEVER seen one in a residence or office setting.

Page: