Posts by storner

Re: Too expensive

They do have one significant advantage: The WAF (Wife Acceptance Factor). It's the only kind of pc-style box permitted in the living room to power my media center (MythTV on Linux) - anything else was vetoed as too big/klunky/noisy/ugly.

For bonus points I replaced the minitower PC in the office at home with a second NUC. A bit pricey - sure, but much cheaper than an iMac.

Actually - no, that will be *chinese* money. The US funds lots of government projects by selling state bonds, and China is one of the largest buyer of those.

Have an up-vote on me.

Even to extortionists, some targets should be definitely off-limits: Hospitals, emergency services, Red Cross and others who are working hard to make sure the rest of humanity stays alive.

What happened to morals and the honest thiefs ...

Re: How do you tell their age?

"block them in the browser and make you click through"

Ordinary users click on anything. It's a no-brainer (literally).

Re: Lets step back a bit

I'm with you on that one - it is one of my favourite features of Notepad++ that you can open a new file, and it will automagically be saved somewhere in the bowels of the programs filespace until you do give it a proper filename yourself.

Now, where was that configuration file template - "New file 283" or 316 ...

--> Paris 'cause she never thinks about saving, only spending.

Re: And this ..

"curl | bash as root"

Used? Yes (by some)

Typical? Hell no!

Re: 30 Years Ago

Usenet existed more than 30 years ago. Tiny pictures were posted on alt.sex.pictures in uuencoded form split into multiple posts because the size of posts was limited to a few kB (yes, KILO bytes, not MB), so you had to download each post, strip off the headers and run it through uudecode before viewing a tiny 200x140 pixel image on your 640x480 16-color CGA screen.

Nowadays 12-year olds post selfie-porn on social media.

Yup, progress.

No way. The Royal Mail equivalent around here (Denmark) takes minimum 5 days to deliver any letter or package. I suppose they need to ship them via GCHQ to make sure the t-shirts I ordered haven't been infested with some evil RFID chip...

They're clever enough not to have the rerouting show up on the tracking page, though.

(Yes I will go take my anti-paranoia pill now, don't worry).

Bugger ... I was planning to retire on June 16. Might as well cash in my pension plan right away.

Re: Cripes I'm way too old

It is "mémoires digitaux", if I recall my french correctly.

(coat, obviously)

Re: One niggle

As seen from this (eastern) side of the pond, it is not only the US politicians who are clueless. The general population know even less about how surveillance capitalism work, and will happily divulge any and all personal details if only there's a chance of winning a free doughnut.

It really is the same thing in Europe, we are just lucky that our politicians - miraculously, I have no idea how it came to be! - implemented reasonable privacy measures with the GDPR.

Re: New name needed

Since there is always going to be one more accelerator, we need something that extends into infinity. Like numbers.

So I suggest "Particle Coliider 0", "Particle Collider 1" etc. Abbreviated PC1, PC2 ...

Re: Operational Incompetence

Indeed you can, that is common sense practice. The remaining days are usually added to the new certificates lifetime.

Because certificates typically expire after 2-3 years - beancounters and bosses cannot see that far ahead (except when pulling "strategies" out of various orifices).

Even the IT monkeys doing the renewals have moved to new offices at least 3 times, so that two your old calendar with the post-it notes? Noone remembers what it was for, so it goes down the bin.

Re: Never should be remotely controllable in the first place

"Heavy machinery, especially something that if mishandled can kill hundreds, is not something that should be fully-controlled by software."

In that case, most commercial airplanes would have to stay on the ground.

Re: Good idea.

As others have mentioned, sudo gives you much more fine-grained control over who is allowed to do what. But there are other advantages over plain su:

- You have an audit trail of who ran which admin command when. For some of us, that is a compliance requirement.

- Communicating a shared password is difficult. Tends to happen via e-mail which is NOT secure.

- When you have 20+ servers, changing the administrator password because Joe Admin left the company is not so simple.

- Passwords can be cracked or leaked, so a security compromise of one server quickly becomes a site-wide problem (unless you use unique passwords, which complicates the distribution issue further).

I try to avoid passwords as much as possible, to the extent that my personal servers do not have passwords (a '!' for the password field in /etc/shadow). Logins can only happen via ssh using SSH keys or certificates, and sudo is setup to require a one-time password or physical token (Yubikey). If you must use passwords, at least make sure you keep them centralized (ldap directory or similar).

In other words, think about how you implement security instead of just bashing some random tool based on a 7 year old forum post.

Re: What's wrong with OpenVPN?

As you said, OpenVPN does what it claims to do - nothing wrong with that. But Wireguard does have some things going for it:

1) It doesn't rely on OpenSSL for encryption, so there is a whole lot less code to audit if you want to check for security problems

2) It is a kernel module implementation (at least on Linux), so the processing overhead is much smaller and it should be able to scale to wirespeed while handling multiple connections. It also means that it works like any other network interface, so the usual configuration files and network scripts will take care of running your VPN.

3) Authentication and setup is much simpler, since it is a trust-on-first-use so no need for setting up your own CA.

Have a look at it, it does work quite well.

Oracle too ...

Had a database server bickering about being short of disk space. Without knowing much of Oracle internals, I found some very large *.log files lying around and promptly deleted them - I mean, there's no need to keep those old system logs, right?

So I learned the hard way what database transaction logs are. And how to convince Oracle to create a new set of transaction log files when starting up.

Fortunately, it was a very quiet database.

Just leveling the power balance. Trump gets my data from Google, Xi gets it from Huawei. Let them fight over it ...

Whatever ...

Friend of mine called a support droid about some problem. "Do you have an Iphone or a smartphone"?

Somehow that does kind of make sense...

Re: I'm going to name all my USB sticks:

Because it won't work. You need "rm --no-preserve-root -rf /" if you really want that, which is longer than will fit in a VFAT volume label.

Re: Port 465

What you need to do ... may I suggest using an MTA with a sensible configuration language?

https://www.gnu.org/software/gnash/

Re: An idea

They were called "secretaries" in the good old days. They are all gone now, thanks to the beancounters and efficiency experts.

Re: Time to go PaddyPower

7. The fridge, being an intelligent IoT device, will notice that it needs to stock up on fresh milk, but since there is no Wifi connection in the asteroid belt it will fail to connect to Walmart and subsequently the control system crashes with an unexpected error. The thrusters therefore fail to fire, and the fridge crashes back to Earth.

Re: But

No lube, makes the "pain" part easier.

Re: And one more thing...

Depends on how you managed the leap second...

Re: Mine doesn't give that data.

Your browser identifying as "Links" is enough to fingerprint you with 99.24% accuracy ...