Posts by Justin Pasher

Re: Wrong lightbulbs...

I've had the opposite experience with LEDs.

The two big ideas behind LEDs are that they use less energy and they last longer, so less waste. The energy savings is hard to refute, as they definitely use much less than traditional incandescents (not taking into consideration any manufacturing differences that might require different levels of "energy" to produce them). The lifespan thing... well... I hope you don't have fader switches. For non-fader switches, they seem to have very few problems. However, you put them on a fader, and it seems to dramatically shorten their lifespan.

By my estimate, over the past 3-4 years, we've had at least 5-6 LED bulbs die that are on faders. They don't completely die like traditional bulbs. They start having flickering issues and sometimes will randomly cut off then back on. If you're smart enough, you keep the original box and receipt, and the manufacturer will usually replace them without problems (they typically come with a five year warranty).

The biggest problem with the push to more efficient bulbs was that it was so aggressive. Halogen weren't really any better (and often times a shorter life span), CFLs just plain suck, and LEDs have had a lot of teething issues. Technology STILL hasn't caught up to it (as exhibited by my experience). I remember the earlier days of LEDs where they wouldn't work at ALL on a fader. As they progressed, you then had issues where only certain faders were "compatible" (I think an analog vs digital thing). So in addition to getting new bulbs (which were closer to $7-$10 each at the time), you also needed to replace all of your fader switches.

"You can't really support two competing sewage treatment plants because how are you going to route the waste to the one you choose without a whole separate network of pipes? Likewise with water, electricity, or gas."

In Texas, they deregulated electricity almost 20 years ago. It caused a bunch of competing "providers" to fight each other to give the best rates. The electricity itself is provided by the local TDU (Transmission and Delivery Utility), which is kind of like the government. They charge a very stable base rate, and the providers will usually pass that through plus a few extra cents for kWh to keep their business going. Ultimately, the provider just handles the "paperwork" side of things. If you have any trouble with the electricity, you contact your TDU.

All of this is not available for everyone (such as more rural areas), but it did greatly increase competition for many.

Re: 386DX

Not true. I ran it on an AST brand 386SX/25 with 4 MB of RAM. Yes, I had to shrink the game play window down about half way, but it was still playable (definitely not 30 fps, but playable). I do remember having to reboot with a clean AUTOEXEC.BAT and CONFIG.SYS to free up enough memory to play, though.

Re: There's always something nowadays

Backported indeed.

https://security-tracker.debian.org/tracker/CVE-2018-1000007

Re: FF native sync

The big thing missing from the Firefox native sync capability that I get from Xmarks is profiles. I have a Work profile and a Home profile, and I can select which bookmarks appears in each profile. There are some bookmarks I want to see at home and at work, and there are some that I just want at work or just at home. If I used the same FF sync profile at both locations, they'd always be completely identical.

I originally started out with Delicious and moved over to Xmarks about a year or two ago when the Delicious add-on stopped working properly. The ability to use tags on the bookmarks is a key thing for me, and with the TagSieve add-on plus Xmarks sync, I can get the Delicious functionality back. However, the latest version of the Xmarks plugins doesn't properly sync tags anymore, and the export option from the Xmarks web site doesn't export the bookmarks with the tags either. I had to restore bookmarks from a FF backup and disable the sync to avoid losing all of my tags. I've already reported the bug (and they've confirmed), but who know when it will get fixed.

I've yet to find a good, free option to get the same functionality and integration (even self-hosted would work).

Re: Fines?

"I fully support your right to free speech, so long as you also accept my right to throw sh*t at you..."

Actually, that would probably be considered assault, so not actually a right you are granted.

Re: The answer should be Yes and Yes

"No, no. broadband is cable/coax delivered internet. DSL is phone-based internet. And FiOS is fiber optics."

Now you're just playing a game of semantics. By this statement, you are saying a DSL and FiOS connection should not be called a broadband internet connection. Now I no longer have broadband service, along with millions of others! We need more competition, stat!

Re: PC technology?

That's what I see in my mind. A redesign of the original housing with a RPi inside. Done.

You've got HDMI, four USB, and it runs an emulator. The original Atari 2600 hardware is so old, computers from 20 years ago could emulate the games at full speed with no problem.

Re: libsystemd0

Are you sure that matters?

I haven't had a chance to test an upgrade yet, but all of my machines are set up using SysV (package sysvinit-core). They also all have libsystemd0 already installed. I know the key package to avoid in Debian Jessie was systemd-sysv. Perhaps it changed in Stretch? I'm hoping not.

Re: 64-bit

I think it's just more of a terminology semantics issue. I'm sure he just means 64-bit systems running on hardware utilizing the x86-based instruction set (versus ARM, MIPS, etc). Sure "amd64" or "x86_64" would be more correct, but I think most would understand what he means.

Re: Mutant daisies

I guess you forgot the Joke Alert icon...

http://www.snopes.com/nuclear-mutant-daisies/

Re: Awww.... come on !

"The whole point is that Google are showing that it's entirely possible to bring updates out, consistently, and frequently."

I don't quite see why people miss the big reason why non-Google phones have a longer delivery cycle. Have you ever used a Google phone versus another manufacturer like Samsung? If you have, you'd notice the obvious difference. Samsung has put a lot of work into making their interface consistent across all of their devices via the TouchWiz interface. If you compare the S4 through the S7, you'll notice that all of them operate very similarly (interface-wise). Google simply takes what they've created as stock and slaps it on the phone. When a new release comes out, they can easily deploy it because everything in the release is basically exactly what goes on the phone. Samsung has to update, tweak, and compatibility test all of the customizations they have made to integrate them into the new release. If Samsung ran stock, I'm sure major updates would be released a lot faster. If you look at the security point releases for the S7, Samsung actually keeps pace quite well.

You also have the issue with carrier tie-in. It's why the Samsung on AT&T can receive the update on a different timeline than the exact same Samsung on Verizon. Each carrier will want their own control over how things are built to make sure their own cruft gets included.

@AC

From my reading of the articles (and my own testing), the issue at hand is that many default SSH daemon configurations for IoT devices leave TCP forwarding enabled by default (AllowTcpForwarding). This basically means "open proxy for people that can authenticate".

Once a user authenticates (be it via password or public keys), even if they don't have a valid shell defined for their account, they can still do port forwarding. Since many IoT devices are going to be using default username/password combinations, if someone can access the SSH daemon on that device, they can use it has a proxy. If they don't have the credentials or the public key (when using key based authentication), they can't do anything, even if AllowTcpForwarding is enabled.

Moral of the story: don't allow unprotected SSH to an IoT device (or really any device) and make sure it's not using default or common credentials for access. Also, if you don't need it, turn AllowTcpForwarding off.

Re: @Phil W

To me, it looks like Yelp wants to have its cake and eat it to. They argue that they are immune because they do not control the content of the site, yet they are pursuing someone with a bad review to get a commitment to buying advertising ... to alter the content on the site.

Not quite racketeering, since I'm sure they don't try to sell advertising just to people with low review scores. Sounds a lot more like just simple (possibly indirect) blackmail.

Re: Dumb idea IMO..

The one-IP-address-per-site thing is very rarely an issue nowadays. Just use shared IP addresses and SNI. Unless you're trying to support IE on Windows XP, you'll rarely find a case where anything remotely modern doesn't support it.

@Chika

I don't think it works that way (at least for W2K16 Standard). According to the FAQ:

and

It means even if you have a single Windows guest VM that is only assigned one processor with one core, you still have to fully license the physical server it's running on. That's how the current Windows 2012 license works (but since it's processor based, it's more straightforward).

Re: Storing CC security verification codes

Per PCI DSS section 3.2.2:

Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not-present transactions) after authorization.

This goes all the way back to PCI DSS 1.2 (2008). But hey, we like to treat them more like "guidelines" than rules.

Re: bsd and systemd

I have bsdutils installed on a Debian Jessie system running sysvinit. The package depends on libsystemd0, not the full systemd init system. In fact, running sysvinit is officially support in Debian Jessie. You just have to do some work yourself.

https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#systemd-upgrade-default-init-system

Whether this will still be the case when Debian Stretch becomes stable next year is anybody's guess.

@CommodorePet: Re: Guess I'm a lucky one

The little bit I've used WMC, it's not that it's bad, it's just not as good as MythTV. The scheduling capabilities of MythTV completely blow other DVRs out of the water. Recording specific titles, time slots, previously recorded detection, automatic commercial flagging, etc. Then you have the Power Search feature where you can build an SQL query to choose the programs to record.

Since Microsoft has officially discontinued WMC on Windows 10 (and thus will stop supporting it on Windows 7 when its support ends in 2020), the options are getting scarce. Silicon Dust (makes of the HDHR) are working on HDHomeRune DVR as an alternative to WMC, but they've been working on it for almost a year and it still lacks a lot of features (and doesn't support "Copy Once" channels yet). It looks promising, but who knows when it will be finished, and I still won't be able to stream to my MythTV box.

@wolfetone Re: Is SSLv2 still supported in OpenSSL?

Actually it depends. The Debian binaries removed the SSLv2 protocol from OpenSSL back in 1.0.0c-2 (i.e. post-squeeze, pre-wheezy).

https://www.debian.org/security/2016/dsa-3500

Re: wrong problem to be solving.

Just grab the specific version you want directly from the "FTP" site.

http://ftp.mozilla.org/pub/firefox/releases/

Re: Unsurprising. This is *monitors* after all

@toughluck: Everything sounded great until you said "If you're using a HDMI 1.4 compliant cable". There's no such thing as an "HDMI 1.4 compliant cable". That's a marketing thing (just like contrast ratio). There are only four types of HDMI cables.

Standard

Standard with Ethernet

High Speed

High Speed with Ethernet

HDMI 1.4 is a software specification, not a hardware specification. A cable knows nothing about software, because, well, it's hardware. It's like saying an ethernet cable is "IPv6 compliant"

Re: Wot no SPF?

If that's what the domain owner has declared, then yes. It is. That's what ownership means.

So when user B doesn't get user A's email because user B has configured a forwarder and the email is rejected due to a violation of user A's SPF record, it's user B's fault?

Well, you have some strange ideas about SPF and make that claim. I use it, and would not. Perhaps you might like to wonder if there is more than just mere correlation to that...

I HAVE been using SPF for a long time now, mainly because of "hey, it's one more thing you can try to make email deliverability work better". The fact that I say it's a joke doesn't mean I say no one should use it. It means don't put much faith behind it.

And the fact that you use it and would not make the claim that it is an ineffective anti-forgery system does not make the opposite true. Please do share anything that was not true about my anti-forgery statement.

Re: The War on Customers (was: Unlimited doesn't mean unlimited then...)

Can I get an explanation for why these two things are actually separate to the point where one demands metering and the other not? Except for, you know, "marketing segmentation we want to impose" kind of reasons?

Seems pretty obvious to me. It's a lot easier to suck up a huge amount of bandwidth by tethering a laptop to a cell phone's data connection than being restricted to the capabilities of the phone/installed apps. Then there's also the fact that you could use tethering to set up a mobile hot spot for others that do not have unlimited data, thus "reselling" your unlimited data plan to others for free. Now you have people that are not paying T-Mobile a dime but potentially using a lot of their bandwidth.

If the problem was REALLY wide spread (which it's not), you have the situation where T-Mobile thinks "we have X million customers, so we need Y infrastructure", when in reality they would have X million customers + however many mobile hot spot users are tethering for free.

You do realize that something called libel still exists, even in the days of the internet, and it's illegal, right? Whether this will constitute that is up to the courts.

Re: No legal use...

"You could route VOIP through your VPN/Firewall so that your calls from home are coming from work."

And if your work uses a traditional PBX without VoIP support? Maybe the UK is different, but VoIP is far from universal in the US for businesses.