Posts by John Klos

They're missing the real reason so many SonicWalls are unpatched

One thing SonicWall is known for (besides horrible devices, insane defaults and employees that don't know anything about networking) is that EVERYTHING costs money. If you're not paying for constant support for your devices, you don't get updates. Even if you do pay, you don't always get updates if your equipment is "too old", even when the hardware is literally the exact same guts as the "new" device - you're told you must buy the new device.

SonicWall is a bad, scammy company. Anyone who runs in to issues with their SonicWall devices should be encouraged to get better devices.

"but... but... but... it's almost free!" "Nah, we're good."

Damn, this is telling. Consider the fact that the costs would obviously be much, much less than what any other non-Microsoft owned company would pay.

It makes me think of when Google cloud "showed off" their cloud's prowess by calculating 100 trillion digits of π using their "high performance" cloud offerings. They, conveniently, never mentioned price once. I roughly calculated that I could buy all the hardware I'd need (high end Epyc hardware, 1/2 petabyte of storage), pay for an expensive hotel for three months, run the calculations, pay myself handsomely, then keep the hardware when I'm done, and it'd still have been significantly cheaper than if a customer had to pay Google for what they ran.

If Linkedin can't use Azure at steeply discounted / possibly free pricing, then what does that say to anyone else considering using Azure?

Cloudflare want us to trust them, but...

They want to recentralize the Internet around them.

They want to host and say they don't host, so they don't have to handle abuse, by redefining the word, "host".

They want to host known spammers and scammers because "free speech".

They want people all over the world to send their DNS queries to them via DoH.

They want to marginalize most of the non-western world by having CAPTCHAs on every web site.

And so on.

They try to distract from their nefarious activities using tons of seemingly positive things, like cheerful participation on Hacker News and by offering free services (which do little more than begin the process of addiction and dependency).

I'm glad they're this dumb that they have outage after outage that show how the Internet is worse for using Cloudflare, because if they worked perfectly, many people would never know.

That's criminal

WTAF? The driver takes off, finds a cat in the back, and just ejects it in some random spot? That driver should be criminally charged.

The fact that we humans treat animals as property and not as things that have a right to exist and not suffer says something about our value system, and it's not good at all.

Not necessarily willing participation

Notice the phrasing: "SIGINT enabled CPU". This doesn't necessarily mean that Cavium directly participated. It could just as easily be explained by Cavium implementing something incorrectly, or implementing the wrong thing (Dual_EC_DRBG), and the NSA had confirmed that anything using those built-in CPU features is exploitable by them.

They only care if they stand to lose money

I created a new email account when I stayed at an MGM-owned hotel. I started getting spam at that email address, including some that had personal information that only could've come from MGM's room booking servers. I tried contacting them about it. Did they care? No. Did they send inane copied-and-pasted paragraphs of irrelevant distractions such as suggesting things that show their ignorance and such as how to remove malware? Yes.

Did I report them to my state's Attorney General's office for not disclosing a breach? You bet I did.

They want to help people move from an old, solid and established language to a something that'll likely get stuck on specific version of a JVM that can't be updated any more five years from now and will require a dedicated machine for fear of toppling the whole fragile edifice... so they can get more hands on the code.

That seems like lighting the house on fire to get rid of the rodents.

Do people actually think things through?

I can't imagine a meeting where people who work at a motherboard company discuss doing something this dumb, then decide it's a good idea and plan to do it, then a team of programmers get tasked to write the code, all the while not a single person points out how ridiculously insecure this whole thing will be.

Are people really that dumb? Spiteful? Evil? I really don't know any more!

This isn't surprising

For ages they've benefitted by people not making any sort of distinction, and therefore assuming Intel. For instance, since the late '80s, any book or course teaching assembly language never specified the architecture, because OF COURSE it was x86.

An example is that "x64" isn't a real thing - the "x" is supposed to mean it's a placeholder, and there are no 80164 / 80264 / 80364 / 80464, et cetera, processors. But if Microsoft / Intel can make most people who see "64 bit" in relation to a processor assume it's referring to amd64 / x86_64, then that'll make them happy.

Intel knows ARM is a serious, real threat, so if they can co-opt the word "processor", they will. They want people to be confused when they hear "ARM processor".

Raspberry Pi-sized?

How is this Raspberry Pi-sized? I've never seen a Pi that's this large, unless one considers some of the motherboards that take multiple Pi Compute modules.

Also, no Pi requires an 80 watt power supply. It's not in the league of a Raspberry Pi at all.

It's all $$$

The "campaign to have the company deny service to the forum" certainly wasn't why Cloudflare stopped hosting Kiwi Farms, or at least not directly. They stopped because of how many people in tech decided that Cloudflare's inaction was unacceptable and decided it wasn't a good look to be a Cloudflare customer. The campaign helped make more people aware, though.

The number of people and companies switching to other services probably scared the poop out of CEO Matthew Prince and and VP Alissa Starzak. That's the reason why Cloudflare dropped Kiwi Farms.

Now Cloudflare acts like they're the victims, using words like "censorship" to get people riled up. Really, they should stop pretending that free speech includes illegal stuff, and that "illegal" is only defined as that activity which is so bad that a jury must be convened and an indictment filed. Anything less than that, according to Cloudflare, should be not only allowed, but protected (and made in to profit, of course).

Bad shell!

Ending up with a root shell that doesn't have proper line editing and/or has a path that doesn't include /usr/pkg/ is unexpected and certainly undesired, and it should definitely be fixed.

The model is broken

Web developers and end users typically don't know much about security. They add plugins without having any way to know how to compare long term maintenance with short term convenience.

As a systems administrator who hosts quite a number of Wordpress instances, I have to say it's a HUGE problem that plugins can't easily be disabled from the perspective of the server without taking the chance of breaking the whole site. This is rather stupid and makes any long-term Wordpress site on the Internet very problematic.

What really needs to happen is that sites need to be able to run even if a plugin is removed / disabled / deleted, and systems administrators need to be able to do this when bad plugins are being exploited. This is because we can't expect web developers and end users to know to log in and disable them themselves.

Because this isn't the case, I've somewhat often had to disable (chmod 0) plugin files that cause a site to stop working, then let the client figure it out. Emailing them to tell them to fix it ASAP doesn't work (although I do this all the time, anyway), because security is an abstract thing they don't understand until it's already too late. So I email them, then break their web sites, then let them scramble to fix it.

It's really, really stupid, and in my mind it's yet another example of how Wordpress wants to coerce everyone to move to wordpress.com because almost all other installations will either break or become insecure if unmaintained.

Poor Intel can't get it right

When I see stories like this about Intel, I can't help but think of this fortune(6):

The United States is like the guy at the party who gives cocaine to everybody and still nobody likes him.

-- Jim Samuels

Except, of course, Intel instead of the United States.

Paulin's "Stay open" == make money off of abuse?

OVH is a veritable cesspool. They calculatingly intermix legitimate clients with spammers, scanners and spammers, and they ignore abuse complaints. They know exactly what they're doing.

Paulin wants "open" because he doesn't want Google and Amazon to have a monopoly on hosting scammers.

Intel is trying too hard

To paraphrase Jim Samuels (fortune), Intel is like the guy at the party who gives cocaine to everybody and still nobody likes him.

They have their one hit wonder, the x86, and they've shown time and time again that even after throwing money at everything, they're really not innovators. They're scared now because their cash cow has become sickly because of neglect, so we see stuff like this.

Now we've got targeted caller ID spoofing

I've been telling people about this for years - once our address books are out in the open, then we're going to start seeing robocalls with spoofed caller ID which uses the numbers of people we know and expect to hear from.

The shitstorm has already begun.

Those who do not understand Unix are condemned to reinvent it, poorly.

Proprietary OSes and software should not be used for anything that may need to run for more than a handful of years.

I call bull

A magnetic field wouldn't affect memory. It would, though, affect any writes going to any spinning rust disks, which is quite a different thing.

* its

Err... We like to code poorly...

"We want to make lots of bad assumptions, and running code on more than one version of one architecture is HARD! Look at Adobe - they took years to make all their software 64 bit. That. Yep."

No tweets about mainframes

"See, we don't understand portability, so we're just going to go with what it says on the side of the box. And because we've been buying Windows and Linux kit, the sides of the boxes say Windows and Linux," Ron van Kemenade said. "They don't say Mainframe."

He followed up by saying mainframes aren't in the mainstream, even though "main" is right in the name. "They're not keeping up with buzzwords. When was the last time you read a tweet or a Facebook post about mainframes? We need computers that are buzzword compliant. We need computers that are part of the zeitgeist, not relics of another time. Plus, these old mainframes have had so few problems, we just know that something is going to go wrong in a big way soon. It has to. That's how computers work."

.xyz are worthless

Because .xyz domains are cheap / almost free / free, tons of spammers have set up thousands of domains expressly for spamming. All the mail servers I administer don't and won't accept email from any email server which uses .xyz, .science or .top TLDs in their hostnames because of this.

When a company is in a mad rush to get as much money as possible like this, bad things happen. I doubt .xyz will ever be considered a legitimate and respected TLD.

Did the work for you...

http://www.klos.com/~john/scsidrive.jpg

You're welcome.

All the world runs Windows...

...and is happy to install crappy Java, it seems.

The review mentions an Android app but doesn't say clearly whether there is or isn't an iOS app. Also, aren't we (meaning systems administrators) abundantly aware of the insecurities of Java?

While it's been ages since I've bought Dell hardware, I would like to know if new systems are configurable using NON-Windows, NON-proprietary Java.

Obvious, indeed!

Just using BSD's command line factor, within a second (on a VAX, nonetheless) one already gets two factors:

factor 143319364394905942617148968085785991039146683740268996579566827015580969124702493833109074343879894586653465192222251909074832038151585448034731101690454685781999248641772509287801359980318348021809541131200479989220793925941518568143721972993251823166164933334796625008174851430377966394594186901123322297453

143319364394905942617148968085785991039146683740268996579566827015580969124702493833109074343879894586653465192222251909074832038151585448034731101690454685781999248641772509287801359980318348021809541131200479989220793925941518568143721972993251823166164933334796625008174851430377966394594186901123322297453: 271 13597

Nobody should ever take something like this on faith, unless the source is well known and in direct contact via secure communications. Even if you don't know how to set up the software to factor larger numbers, some sanity checking really isn't hard. It took me longer to copy and paste than the actual test took.

Quality of older hardware

The quality of Digital hardware is best. I have several VAXstations running 24/7 which have had no problems aside from the occasional dead battery backed clock.

Sun hardware, though, has been disappointing. Older SPARCstations have died over time, an Ultra 5 had to give its life to make parts for an Ultra 10... The hardware was good, but not great.

SGI falls in the same category. The old Indy systems look nice, but they've become flakier and flakier and probably need to have their capacitors replaced.

Old m68k Macs are good, but definitely need recapping. Second generation (PCI) PowerPC Macs are excellent - I have one that has been running non-stop as a full time server for more than a decade.

Amigas are also pretty hardy, also needing little more than replacement capacitors or a better power supply. My personal Amiga 1200 which is running as a server (http://lilith.ziaspace.com/) celebrated its 20th birthday last year :)

Don't people ever write portable code?

It seems that even almighty Google can't write any clean code. If they could, 32 bit versus 64 bit would never be an issue. It'd be an extra tiny bit of compile time, and that's it.

We can have entire operating systems (NetBSD) that can be compiled on any architecture, for any architecture, with every single piece of the OS compiling and running just fine on a plethora of CPUs, but Google can't manage to find the energy to keep their code correct enough to compile for 32 bit x86. It's a sad world we live in...

CloudFlare is in a sticky spot

I had been angry with CloudFlare because I had gotten a number of replies from them when complaining about phishing sites that they don't provide hosting services. After explaining that (1) I am not obligated to use their web form to report abuse, and (2) hosting a domain's DNS is, in fact, providing hosting services, they did finally start taking action.

When it comes to blatant phishing sites, like ones trying to pretend to be Bank of America, or which open a window telling you that your computer is infected so you should call this phone number and won't let you close the window, the action is clear - no discussion or investigation needs to happen, since anyone with a reasonable ability to think can see that these sites are clearly intended to defraud.

When it comes to a web site which says, "ISIS is good! We love ISIS!", you can't really do much about that. If it said, "Help support ISIS! Send money to ...", that's a little more cut and dry. Things in between, well, are sticky.

You can't have freedom of speech and at the same time claim to want to subvert it in order to protect it. You can, though, outlaw material support. There's a difference between the two.

You people are d*cks...

Maybe, just maybe I should know better than to be drinking something while reading these. Now my laptop has beer all over it. I blame you.

This reads like a sales pitch

While it's true that saving power and using newer hardware are generally good things, virtualization for the sake of virtualization misses the point. It attempts to move the risk of hardware failure across more cheap, replaceable machines in lieu of caring about having and maintaining good hardware. Kids these days don't remember the days when we bought good hardware that could literally run for decades without problems (VAXen, for instance, just don't seem to die on their own), but there are definitely situations where fewer reliable systems are much more appropriate than a boatload of cheap x86 machines. While I don't disagree with this article generally, moving to modern can, and often has, lead to a dead end.

Many Windows-centric IT staff have moved from legacy Unix and VMS systems to Windows. Now where are they? They have an OS which can't be reinstalled without licensing issues, applications which must be installed from their original installation media and can't be encapsulated, configurations who's hardware have to stay precisely the same else the house of cards will come tumbling down. This is often actually WORSE than how things were with the legacy systems, and this article is a good answer for those dead-end Windows "solutions". But not learning a lesson from doing it incorrectly is almost worse than doing it incorrectly in the first place. Virtualizing Windows to deal with some of these issues belies the point that we (meaning IT people) shouldn't be heading down these dead ends in the first place.

Wow... That's actually much faster than doing a 1 bit Mandelbrot set on a Sinclair ZX81:

https://www.ziaspace.com/~john/mandelbrot.jpg

12 actual and 12 virtual cores

BTW - it's not 12 actual and 24 virtual cores - it's 12 of each.

Reminds me of a quote about VMS...

One of the questions that comes up all the time is: How enthusiastic is our support for UNIX?

Unix was written on our machines and for our machines many years ago. Today, much of UNIX being done is done on our machines. Ten percent of our VAXs are going for UNIX use. UNIX is a simple language, easy to understand, easy to get started with. It's great for students, great for somewhat casual users, and it's great for interchanging programs between different machines. And so, because of its popularity in these markets, we support it. We have good UNIX on VAX and good UNIX on PDP-11s.

It is our belief, however, that serious professional users will run out of things they can do with UNIX. They'll want a real system and will end up doing VMS when they get to be serious about programming.

With UNIX, if you're looking for something, you can easily and quickly check that small manual and find out that it's not there. With VMS, no matter what you look for -- it's literally a five-foot shelf of documentation -- if you look long enough it's there. That's the difference -- the beauty of UNIX is it's simple; and the beauty of VMS is that it's all there.

-- Ken Olsen, President of DEC, 1984

Different people have different needs. I'd be fine with a GNU/Linux tablet so long as it had a real shell I could run on the underlying hardware and working X11 support. For the most part, though, it'd be a glorified Unix terminal. But I know better - people working on GNU/Linux for end users forget about the real system and primarily care about trying to make something with feature parity to Windows and OS X / iOS. If that's what people are offering, my iPad works just fine, thanks.

Come on - TheReg should know better

"ICANN hackers sniff..." Granted, the correct use of "cracker" isn't going to happen. I get that. But can you PLEASE choose phrasing which isn't confusing? Obviously you're talking about hackers (sic) who have hacked (sic) ICANN, not hackers who are part of ICANN, which is implied.

Thanks!

Play a really big Game of Life

It'd be interesting to set up a VM which, in 35 minutes, does some useful stuff but also automatically signs up for another free VM or two depending on some arbitrary rules, launches it / them, then transfers the current VM's content to the new VM(s).

It probably contains an entire OS install...

If this flash drive can install Lion on systems that don't already have Snow Kitty, then it'd be worth it - after all, it'd be just $10 more than the price of buying Snow Leopard and Lion.

Someone needs to get one to see if that's the case...

No real content...

They're basically saying that because IPv6 addresses are public, all of the insecure machines which count on being behind NAT and so on will be insecure. This implies that NAT is normal and that the behavior of NAT is what should be expected, but this isn't the case - NAT is an exception, and public, accessible IPs are real life. Thanks, Microsoft!

Telling people that IPv6 is insecure is assuming that we should all cater to the lowest common denominator - the insecurity of Windows - instead of having higher standards which would include assuming that any machine could be on a public IP at any time.

What does 64 bit anything have to do with this?

"Apparently you'll need 64-bit Windows or Mac OS support to get access to its full capacity."

Ummm... I don't know about Windows since I don't run Windows, but Macs have been supporting single drives larger than 2 terabytes for ages (without the 2^32 sector limit). Mac OS X 10.2 will support a single drive up to 8 terabytes and 10.4 and later up to 8 exabytes. This has absolutely nothing to do with 64 bitness.

This is newsworthy?

These guys played you - they got you to publish this piece about that age-old practice of getting people to PAY for things in Windows which everyone else gets for free with every other OS.

I would expect other sites to fall for this, but I am rather surprised that The Register would!