Posts by Justin Pasher

Re: WSA or ASW?

It's a little awkward reading altogether, but it makes more sense to read it like

Windows "Subsystem for Android"

as opposed to

"Windows Subsystem" for Android

As others have pointed out, they did the same for Windows "Subsystem for Linux"

Re: Devuan

"Having looked at many of these shell scripts, one thing I would never describe them as is "simple". A systemd unit file, OTOH, is something I worked out how to do simply by looking at one at changing 2 lines."

I've been dealing with programming for over 25 years, so I will give it to you that "simple" is a very subjective term. By simple, I'm referring more to the idea that I can add a few echo statements or run the script in debug mode to trace what's going on. systemd is a black box. It will fail to start processes, yet report that everything is fine. You are then stuck trying to trace what's happening on your own. To use your engine analogy, it can be like trying to diagnose a modern engine that's giving error codes without an OBD reader.

"So you're taking a system, trying to remove certain parts of it and replace them with other parts under a different system, and then complaining it's complicated?"

My big rub with systemd is the NIH syndrome it suffers from. Tools already exist for a lot of functionality that systemd just tries to duplicate. Sometimes it (thinks it) adds a few useful things, but other times there's no reason for it to exist. Many of these tools are supposed to be optional (i.e. "extra"), so removing them should not affect any functionality. That's why I don't equate it to making the system more complicated. However, systemd often blurs the line between modular and dependent components.

"As someone who tries not to look at the engine unless it stops working..."

Based on that, I'm assuming you are more of a desktop user. In general, I wouldn't say Debian is geared toward desktop users, although I used it in a desktop setting. It's shines more n server environments, and people that run servers typically do look a lot more at the engine.

Re: Debian ships sysv init, it's not enabled by default

While I haven't had a chance to look at Bullseye yet, given that it just came out, I assume that the normal Debian installer still doesn't give a choice of the initial init system and forces systemd. However, since they are now saying they have better support for sysvinit (yay!), I imagine the same steps I've been following since Jessie will apply.

After initial boot:

apt-get install sysvinit-core

reboot

apt-get purge systemd

Create /etc/apt/preferences.d/systemd-blacklist to keep systemd init away:

Package: systemd-sysv

Pin: release o=Debian

Pin-Priority: -1

Re: Wrong lightbulbs...

I've had the opposite experience with LEDs.

The two big ideas behind LEDs are that they use less energy and they last longer, so less waste. The energy savings is hard to refute, as they definitely use much less than traditional incandescents (not taking into consideration any manufacturing differences that might require different levels of "energy" to produce them). The lifespan thing... well... I hope you don't have fader switches. For non-fader switches, they seem to have very few problems. However, you put them on a fader, and it seems to dramatically shorten their lifespan.

By my estimate, over the past 3-4 years, we've had at least 5-6 LED bulbs die that are on faders. They don't completely die like traditional bulbs. They start having flickering issues and sometimes will randomly cut off then back on. If you're smart enough, you keep the original box and receipt, and the manufacturer will usually replace them without problems (they typically come with a five year warranty).

The biggest problem with the push to more efficient bulbs was that it was so aggressive. Halogen weren't really any better (and often times a shorter life span), CFLs just plain suck, and LEDs have had a lot of teething issues. Technology STILL hasn't caught up to it (as exhibited by my experience). I remember the earlier days of LEDs where they wouldn't work at ALL on a fader. As they progressed, you then had issues where only certain faders were "compatible" (I think an analog vs digital thing). So in addition to getting new bulbs (which were closer to $7-$10 each at the time), you also needed to replace all of your fader switches.

"You can't really support two competing sewage treatment plants because how are you going to route the waste to the one you choose without a whole separate network of pipes? Likewise with water, electricity, or gas."

In Texas, they deregulated electricity almost 20 years ago. It caused a bunch of competing "providers" to fight each other to give the best rates. The electricity itself is provided by the local TDU (Transmission and Delivery Utility), which is kind of like the government. They charge a very stable base rate, and the providers will usually pass that through plus a few extra cents for kWh to keep their business going. Ultimately, the provider just handles the "paperwork" side of things. If you have any trouble with the electricity, you contact your TDU.

All of this is not available for everyone (such as more rural areas), but it did greatly increase competition for many.

Re: 386DX

Not true. I ran it on an AST brand 386SX/25 with 4 MB of RAM. Yes, I had to shrink the game play window down about half way, but it was still playable (definitely not 30 fps, but playable). I do remember having to reboot with a clean AUTOEXEC.BAT and CONFIG.SYS to free up enough memory to play, though.

Re: There's always something nowadays

Backported indeed.

https://security-tracker.debian.org/tracker/CVE-2018-1000007

Re: FF native sync

The big thing missing from the Firefox native sync capability that I get from Xmarks is profiles. I have a Work profile and a Home profile, and I can select which bookmarks appears in each profile. There are some bookmarks I want to see at home and at work, and there are some that I just want at work or just at home. If I used the same FF sync profile at both locations, they'd always be completely identical.

I originally started out with Delicious and moved over to Xmarks about a year or two ago when the Delicious add-on stopped working properly. The ability to use tags on the bookmarks is a key thing for me, and with the TagSieve add-on plus Xmarks sync, I can get the Delicious functionality back. However, the latest version of the Xmarks plugins doesn't properly sync tags anymore, and the export option from the Xmarks web site doesn't export the bookmarks with the tags either. I had to restore bookmarks from a FF backup and disable the sync to avoid losing all of my tags. I've already reported the bug (and they've confirmed), but who know when it will get fixed.

I've yet to find a good, free option to get the same functionality and integration (even self-hosted would work).

Re: Fines?

"I fully support your right to free speech, so long as you also accept my right to throw sh*t at you..."

Actually, that would probably be considered assault, so not actually a right you are granted.

Re: The answer should be Yes and Yes

"No, no. broadband is cable/coax delivered internet. DSL is phone-based internet. And FiOS is fiber optics."

Now you're just playing a game of semantics. By this statement, you are saying a DSL and FiOS connection should not be called a broadband internet connection. Now I no longer have broadband service, along with millions of others! We need more competition, stat!

Re: PC technology?

That's what I see in my mind. A redesign of the original housing with a RPi inside. Done.

You've got HDMI, four USB, and it runs an emulator. The original Atari 2600 hardware is so old, computers from 20 years ago could emulate the games at full speed with no problem.

Re: libsystemd0

Are you sure that matters?

I haven't had a chance to test an upgrade yet, but all of my machines are set up using SysV (package sysvinit-core). They also all have libsystemd0 already installed. I know the key package to avoid in Debian Jessie was systemd-sysv. Perhaps it changed in Stretch? I'm hoping not.

Re: 64-bit

I think it's just more of a terminology semantics issue. I'm sure he just means 64-bit systems running on hardware utilizing the x86-based instruction set (versus ARM, MIPS, etc). Sure "amd64" or "x86_64" would be more correct, but I think most would understand what he means.

Re: Mutant daisies

I guess you forgot the Joke Alert icon...

http://www.snopes.com/nuclear-mutant-daisies/

Re: Awww.... come on !

"The whole point is that Google are showing that it's entirely possible to bring updates out, consistently, and frequently."

I don't quite see why people miss the big reason why non-Google phones have a longer delivery cycle. Have you ever used a Google phone versus another manufacturer like Samsung? If you have, you'd notice the obvious difference. Samsung has put a lot of work into making their interface consistent across all of their devices via the TouchWiz interface. If you compare the S4 through the S7, you'll notice that all of them operate very similarly (interface-wise). Google simply takes what they've created as stock and slaps it on the phone. When a new release comes out, they can easily deploy it because everything in the release is basically exactly what goes on the phone. Samsung has to update, tweak, and compatibility test all of the customizations they have made to integrate them into the new release. If Samsung ran stock, I'm sure major updates would be released a lot faster. If you look at the security point releases for the S7, Samsung actually keeps pace quite well.

You also have the issue with carrier tie-in. It's why the Samsung on AT&T can receive the update on a different timeline than the exact same Samsung on Verizon. Each carrier will want their own control over how things are built to make sure their own cruft gets included.

@AC

From my reading of the articles (and my own testing), the issue at hand is that many default SSH daemon configurations for IoT devices leave TCP forwarding enabled by default (AllowTcpForwarding). This basically means "open proxy for people that can authenticate".

Once a user authenticates (be it via password or public keys), even if they don't have a valid shell defined for their account, they can still do port forwarding. Since many IoT devices are going to be using default username/password combinations, if someone can access the SSH daemon on that device, they can use it has a proxy. If they don't have the credentials or the public key (when using key based authentication), they can't do anything, even if AllowTcpForwarding is enabled.

Moral of the story: don't allow unprotected SSH to an IoT device (or really any device) and make sure it's not using default or common credentials for access. Also, if you don't need it, turn AllowTcpForwarding off.

Re: @Phil W

To me, it looks like Yelp wants to have its cake and eat it to. They argue that they are immune because they do not control the content of the site, yet they are pursuing someone with a bad review to get a commitment to buying advertising ... to alter the content on the site.

Not quite racketeering, since I'm sure they don't try to sell advertising just to people with low review scores. Sounds a lot more like just simple (possibly indirect) blackmail.

Re: Dumb idea IMO..

The one-IP-address-per-site thing is very rarely an issue nowadays. Just use shared IP addresses and SNI. Unless you're trying to support IE on Windows XP, you'll rarely find a case where anything remotely modern doesn't support it.

@Chika

I don't think it works that way (at least for W2K16 Standard). According to the FAQ:

and

It means even if you have a single Windows guest VM that is only assigned one processor with one core, you still have to fully license the physical server it's running on. That's how the current Windows 2012 license works (but since it's processor based, it's more straightforward).

Re: Storing CC security verification codes

Per PCI DSS section 3.2.2:

Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not-present transactions) after authorization.

This goes all the way back to PCI DSS 1.2 (2008). But hey, we like to treat them more like "guidelines" than rules.

Re: bsd and systemd

I have bsdutils installed on a Debian Jessie system running sysvinit. The package depends on libsystemd0, not the full systemd init system. In fact, running sysvinit is officially support in Debian Jessie. You just have to do some work yourself.

https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#systemd-upgrade-default-init-system

Whether this will still be the case when Debian Stretch becomes stable next year is anybody's guess.

@CommodorePet: Re: Guess I'm a lucky one

The little bit I've used WMC, it's not that it's bad, it's just not as good as MythTV. The scheduling capabilities of MythTV completely blow other DVRs out of the water. Recording specific titles, time slots, previously recorded detection, automatic commercial flagging, etc. Then you have the Power Search feature where you can build an SQL query to choose the programs to record.

Since Microsoft has officially discontinued WMC on Windows 10 (and thus will stop supporting it on Windows 7 when its support ends in 2020), the options are getting scarce. Silicon Dust (makes of the HDHR) are working on HDHomeRune DVR as an alternative to WMC, but they've been working on it for almost a year and it still lacks a lot of features (and doesn't support "Copy Once" channels yet). It looks promising, but who knows when it will be finished, and I still won't be able to stream to my MythTV box.

@wolfetone Re: Is SSLv2 still supported in OpenSSL?

Actually it depends. The Debian binaries removed the SSLv2 protocol from OpenSSL back in 1.0.0c-2 (i.e. post-squeeze, pre-wheezy).

https://www.debian.org/security/2016/dsa-3500

Re: wrong problem to be solving.

Just grab the specific version you want directly from the "FTP" site.

http://ftp.mozilla.org/pub/firefox/releases/

Re: Unsurprising. This is *monitors* after all

@toughluck: Everything sounded great until you said "If you're using a HDMI 1.4 compliant cable". There's no such thing as an "HDMI 1.4 compliant cable". That's a marketing thing (just like contrast ratio). There are only four types of HDMI cables.

Standard

Standard with Ethernet

High Speed

High Speed with Ethernet

HDMI 1.4 is a software specification, not a hardware specification. A cable knows nothing about software, because, well, it's hardware. It's like saying an ethernet cable is "IPv6 compliant"