* Posts by carl0s

52 posts • joined 2 Nov 2013

Page:

RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81

carl0s

Google killed desktop Drive and replaced it with two apps. Now it’s killing those, and Drive for desktop is returning

carl0s

Re: But…

I was given admin access to both orgs, and tried signing into either org first, checked Drive service enablement (b&s, dfs, d4d etc), no joy. The person on Reddit said that they are a Mac outfit and of their team of users, every Intel one didn't have the option, and every M1 user did.

carl0s

Re: But…

Well, supposedly one of the new features of version 49 - from yesterday, is that you can be signed in to up to 4 accounts at the same time. There's an asterisk against that feature saying you can only do that if Backup and Sync is turned on for the account (which one? Both, all four, etc?).

Try as I might, I could not figure out, after two hours today, why this guy I had to help, who has Macbook (that I don't support / work with, and I didn't set him up or his Google Apps/Workspace either.. just got lumbered with helping him), why the option to sign in to another account wasn't there. He says that before this, he could at least click 'switch account' or something.

Anyway after a couple of hours of faffing about and comparing Workspace admin settings between the two organisations, and getting nowhere, I found a comment on Reddit from some randomer stating that the multiple accounts feature, on Mac OS, only works on ARM (M1 CPU), not Intel Macs.

Not a word from Google on it. Nice waste of a couple of hours.

Audacity is a poster child for what can be achieved with open-source software

carl0s

Ultimate guitar is basically a scam site that has licensed "permission" to host user created guitar tabs. It's full of "download pdf" links that don't give you a pdf, but in fact try to make you install their app. They also used to give fake 5 star ratings to duplicates of guitar-pro (gp4/gp5) files and present them as 5 star rated app-only files. Except that they were just the existing 3 star rated free to use public guitar pro files that you can download and use in either guitar pro or tuxguitar (free). The rating was fake and the idea was to coerce you into downloading their app, again. There was no indication that it was just the GP file duplicated and given a fake 5 star rating.

In fact, good luck trying to browse tabs on their site from a mobile device, unless you try to trick the site by setting 'desktop mode, on your mobile device.

I don't care for this company at all. Shady A.F.

Stop. Look... Install Linux? The Reg solves Microsoft's latest Windows teaser

carl0s

More Edge pushing

I expect the main feature of Windows 11 will be more things that automatically open up Edge and completely ignore your choice of browser. Like the current start menu in Windows 10, the search box, and the new weather bollocks widget.

Ubuntu, Wikimedia jump ship to the Libera Chat IRC network after Freenode channel confiscations

carl0s

Bonus of all this is that I have been able to reclaim the nick that I've used for the past 25 years but lost after a short absence. Sweet.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

carl0s

Re: How is this possible?

At least you can check it yourself before using it.

Lenovo ThinkPad Carbon X1 Gen 8: No boundaries were pushed in the making of this laptop – and that's OK

carl0s

I think I am waiting for an AMD based thing that's similar to the X1 Carbon. I do like the light weight. I used to always have a T series, had most of the T4x series up until the T43, then I had an X301 or two, prior to the X1 Carbon. I recommended the X1 to a customer, a gen 1 I think, then I was on a train with her a year or so later and used it and realised I had to get one. Thankfully skipped the gen2 and its keyboard.

The 8gb is still enough for me, and I changed out the SSD for a 512gb one a little while back. Battery's getting tired now though!

I've supplied/recommended a lot of the E580/585 and E590/595 and now the E15 to customers. While quite a bit chunkier than a T series ThinkPad, they're still very good. Just about to recommend a couple of Ryzen 4500U E15s to someone actually..

I do like the ThinkPads!

carl0s

I'm really pleased to see that touch is an option again, on a 400 nit IPS display too. a 1080p screen. I think 1080p is probably good for a 14" display.

I'm still on my gen 3 with an i5-5200u. This has a 2.5k touch display (2560 × 1440 or thereabouts), which is nice and dandy in Windows, but has caused me all sorts of hi-dpi grief in Gnome, and similarly in many win32 gkt based apps (inkscape, gimp.. although both much better in recent releases).

I have avoided newer models of the X1 Carbon, partly due to not feeling like spunking such dosh, but mostly because I really like the touch screen, and they have not included the option in recent models. I find mixing touch + keyboard + trackpoint to be very good. Just the odd webpage scroll and touch of a button or icon here and there. You can also do some rapid "touch-keypress, touch-keypress, touch-keypress" working through lists and stuff that you just couldn't otherwise do, to workaround UX deficiencies in some programs/systems.

Also the non-touch doesn't have a stuck-on bezel to collect dust. Same with the XPS 13 - I much prefer the touch models and hate the dust collection of the bezel edge on the non-touch models.

el reg: I think you have the model name wrong though. It's an X1 Carbon, not a Carbon X1, AFAIK.

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

carl0s

If the US govt have created things like Ghidra, and all their other secret backdoor intel stuff, I wonder why they need Solarwinds? Similar thoughts re Microsoft.

Marmite of scripting languages PHP emits version 8.0, complete with named arguments and other goodies

carl0s

I'll reply to myself then.

Django by itself should have been enough. I really shouldn't have needed to say more.

I suggest anybody considering PHP should look instead at Python and in turn at Django.

carl0s

Django

It's better to burn out than fade Huawei: UK rolls out schedule for rip-and-replace rules

carl0s

As someone who knows that Huawei VDSL ('fibre') cabinets and end-user Openreach modems were always the first to trial or get new technologies, vs the other ones - the ECI kit (I'm not an expert in this field but am thinking of g.inp and vectoring), I do find this disappointing.

I can only hope that our govnt will change their mind once Trump is gone and they no longer have to keep up the facade. But what can you do? That idiot could be back in control again in 2024. Maybe some kind of law will be passed that will prevent governments being taken over by complete loony tunes in future.

Cool stuff: MacBook Air and Pro teardowns show thermal changes and missing T2 chip

carl0s

Re: Keyboard riveted?

Yeah I've had to cut off plastic weld/rivets on Asus an Acer laptops so that I could replace keyboards without having to buy entire palmrest+keyboard assemblies.

My now rather old ThinkPad X1 Carbon gen3 is on its third keyboard+palmrest+ultranav, as you say, just through long term use. It's still a very good machine.

carl0s

No repairs

Repairability? My friend has cracked the screen in a fairly new 16" MacBook Pro (model A2141). While she thinks about finding a box to send it off to Apple in, I said it would be interesting to see what a panel costs in the aftermarket i.e. eBay, fully expecting it might be expensive for an LCD-TFT or AMOLED panel, maybe £400 at worst, or simply not available at all new leaving you in the hands of Apple and their decision on whether they would or could repair a cracked screen.

Turns out you can buy them, for between £720 and £1000.

To be fair, it is the whole lid/top assy, rather than the OEM panel, but it reaffirms my feelings on this manufacturer's computers in general.

Red Hat tips its Fedora 33: Beta release introduces Btrfs as default file system, .NET on ARM64, plus an IoT variant

carl0s

Re: Btrfs

I think that's harsh. Yes there have been past problems, but for some scenarios it's amazing.

I believe there are still issues around metadata safety/reliability with raid5, but that's not to say you can't use raid5 for your data (mkfs.btrfs -m raid1 -d raid5). I know there were some curious scenarios in the past like a 2-disk raid1 would not mount if one of the disks was missing or failed. That would worry me especially when you're too busy to have to figure out and learn about 'why won't it work with one disk.. it's a two disk mirror ffs, that's the whole point'. Don't think that's an issue anymore. Last time I looked at quotas they killed my performance, and I was only enabling them to try to get a clear view of snapshot space utilisation.

I think if you consider the plusses: snapshots work well, compression works well (zstd:2 a big win), the multi disk stuff is super flexible and impressive (and the whole concept of how it deals with multi-disks and errors/failures) and the send/recv stuff, and then maybe put the deduplication and quotas into the 'not quite sure' category.. well, you still end up with a pretty awesome thing. That's where I'm at anyway.

I've given it some abuse over the last few years and I'm doing ok I think. I ran it atop an md-raid0 for a few years, and now have the above btrfs-raid5 with raid1 metadata. This is for storing backups of Windows servers and esxi boxes. The btrfs snapshots work well for Windows wbadmin since it appends to the same vhdx file each time. Not so well for esxi ghettovcb since they're not incremental. I use snapper. Being read-only snapshots by default is good from a ransomware protection perspective (in case the server doing the wbadmin backups is compromised).

Being on Fedora is nice because it's pretty much bleeding edge with the kernel and btrfs utils etc.

Obviously you probably all already know that Netgear (for easily more than 5 years) and Synology (maybe more recently?) Use btrfs on their NAS boxes for snapshots, usually on top of their own (or probably a tweaked md) multi disk raid type thing.

Paragon 'optimistic' that its NTFS driver will be accepted into the Linux Kernel

carl0s

This is interesting.

I wonder if the code will stand up to kernel maintainers scrutiny, both in terms of code quality and legality (let's not have another SCO incident please).

Are Paragon the people who write the Mac hfs+ driver for windows? That has worked well and allowed me to salvage data from failing OS X drives before.

Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel

This post has been deleted by a moderator

Multiple customers knocked offline as firefighters tackle flames at Telstra's London Hosting Centre bit barn

carl0s

My customers are going to ditch me.

I'm going to ditch voiceflex.

Maybe voiceflex will ditch Telstra?

If voiceflex would answer the phone, answer tickets, have some kind of failover, or a working call-divert from their portal, this wouldn't have been so bad.

carl0s

not-so-cloud

To be fair, it's not just cloudy stuff. I manage a few on-prem Asterisk based PBXs, and the SIP trunks for connecting to the PSTN world have to go via a provider, who might have their kit in that data centre. As far as VoIP systems go, it's as un-cloudy as you can get really, I think.

Rip and replace is such a long Huawei to go, UK telcos plead, citing 'blackouts' and 'billion pound' costs: Are Vodafone and BT playing 'Project Fear'?

carl0s

Are there two Donas in the story, one a man and the other a woman? I noticed a couple of typos and double-words in the story so perhaps it's just an editorial oversight.

Mayday! Mayday! The next Windows 10 update is finally on approach to a PC near you

carl0s

Re: Huh

erm, I dunno. I have a Lenovo Explorer headset that is a Windows Mixed Reality headset. I don't actually do anything 'windows mixed reality' with it once I have got into Steam, but by the sounds of it, I still need Windows Mixed Reality stuff to work, or at least as well as it did. It often says it can't find the headset and stuff.

Cloud'n'server hosting giant OVH more like OMG: Data center hardware failure knocks out services in France

carl0s

Re: Great!

Yep!

A good majority of the scumbags in my fail2ban, RDP and SIP honeypot address lists are from OVH.

Facebook, distributor of deceptive political ads, sues registrar Namecheap over deceptive domain names

carl0s

Re: Only in England the source of the Skripal fantasy would this title fly

It's actually bloody marvelous. I feel very well looked after.

As for namecheap, I started using them over a year ago as 123-reg got more expensive and forced renewals and didn't allow you to remove PayPal details (you can cancel the authorisation from PayPal's side though) - basically too many surprise renewals that were a fair whack of money, plus the whole .UK debacle. Other companies that I used got bought up by same group (vidahost, tsohost, paragon group) and so have gone down in my estimations.

I thought that post-GDPR, WHOIS was anonymised now anyway? I haven't looked into that though. Namecheap give the whoisguard for free and I got very fed up of shitty web SEO companies and app builders promising to build me a site / app for every domain I registered for myself or a customer. Constant emails and phone calls.

Namecheap's portal/cart/control panel is rather well done too. I like it. It could be a bit snappier but it's a well built platform, so for now I quite like them.

I permanently deleted my Facebook account about 6 months ago mind you. Took my data archive and left.

In summary I'm on Namecheap's side.

Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop

carl0s

Re: Electron

To be fair, my standard editor is sublime text. I use vscode with platformio for embedded stuff, when I last did any of that anyway, and I use it with Quasar framework for Vue JS stuff. I use sublime as my everyday editor and for Django stuff.

Funny you should mention VS code memory usage, because when I tried to use it with Django, its intellisense stuff just got in an endless loop digging through the python libraries and used all my 16 gigs of ram, then started swapping out all over my SSD.

carl0s

Re: Electron

I think it's more down to what you do with it.

Microsoft Teams is utter shite, Discord appears to be excellent.

VS Code is also pretty excellent.

Teenagers today. Can't take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist

carl0s

I have been on the gin, but I don't think it's me this time..

"a serious of vulnerability"

a series of vulnerabilities, perhaps?

The Windows Phone keeps ringing but no one's home: Microsoft finally lets platform die

carl0s

This is good. It has worked out right.

No mobile phone share, and very low browser share. The borg must be kept at arms length. They already have too much power and control. Thank god browsing the web doesn't require ActiveX or Silverlight.

Complete with keyboard and actual, literal, 'physical' escape key: Apple emits new 16" $2.4k+ MacBook Pro

carl0s

I don't like Apple laptops because:

They genuinely have a tendency to suffer expensive irreparable* failures.

The screens don't tilt back to a useful degree.

The build quality does not match the price-tag - i.e. they don't seem to wear very well.

No touchscreen options.

I'm still rocking my 3rd gen X1 Carbon Touch, which I have upgraded the SSD drive in twice now. OK it's not NVMe (it's M.2 SATA).

I wish the new gen X1 Carbon was available with touch. It's handy for zooming in on html element edges to check design consistency and stuff.

*unless you get the help of somebody like Louis Rossmann.

'No more room for wars in the new world'? Who are you and what have you done with Microsoft?

carl0s

Am I the only one fixated on Microsoft and Borg(es) then?

Q. Who's triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

carl0s

I'm not even sure it's right to call them virtual private networks. There's not much private about these public tunnel services that use VPN protocols. Perhaps they should just be renamed as tunnel services.

A funny thing happened on Huawei to the bank. We made even more money. Hahaha. Here till Friday

carl0s

Re: Wait, what?

I tried to open the Kindle up so that I could put some yellow kaptan tape over the LEDs, but for the life of me I can't figure out how to get to thqt part of it.

carl0s

Re: Wait, what?

I have a Kindle Oasis. The one with the extra battery in the leather cover.

The backlight is very white/bluey.

They've just brought out a new revision, which doesn't have the extra battery/cover, but adds a colour temperature control ('adjustable warm light'), so you can go sepia to bluey white. It starts at about £230. Same as my last one I think.

Mine is definitely quite bluey white.

I got a Tablift holder to go with the Mediapad tablet. I'm very pleased with it. I'm trying to learn lots of stuff from big PDFs and it works much better than the Kindle.

carl0s

I like my P20 Pro, and I have recently bought a mediapad m5 8" tablet. It's very good as an ereader. I was fed up of my £300 kindle that had a very blue screen, the fix for which is a new version for another £300. The mediapad does pdfs nicely and in colour and is not heavy.

The devil's advocate, or rather the opposite - the brainwash protection in me, makes me want to support Huawei.

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

carl0s

Tbh I'm surprised SSH sends password keypresses to the remote end like telnet. I would have thought the password was captured client-side and then dealt with in some secure manner.

Are they meaning they capture you logging in to another system from the side-channel-monitored system? So you are already on a remote session from machine A to machine B, typing away, and you SSH from machine B to machine C, while some code on machine B infers your keypresses from the network packets coming from machine A to machine B? That sounds like it would make sense.

Microsoft's only gone and published the exFAT spec, now supports popping it in the Linux kernel

carl0s

What about non Linux use?

Does this make any difference for non-Linux use? What if I build an embedded stm32 project or Arduino project, and the FAT implementation uses exFAT features. Am I going to be taken to court by Microsoft?

Isn't Linux supposed to be about free software? It's not very free if Microsoft will still sue people for using it (or rather, compatible implementations) outside of Linux.

Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory

carl0s

I am not a robot

I thought the 'i am not a robot' checkbox wasn't there with recaptcha v3. Isn't that the whole point of v3 - no user interaction required?

LTO-8 tape media patent lawsuit cripples supply as Sony and Fujifilm face off in court

carl0s

I used to think that the name Linear Tape Open meant that it was an open standard unencumbered by patents.

Crypto-chaps on scam rap in a flap over Slack chat tap, want court case zapped: 'Attorney-client priv info' in messages

carl0s
Happy

That article title!

Razer – perfectly happy to sell you a laptop for over $2,000, but when it comes to fixing security holes... tough sh*t

carl0s

Re: Official sponsorship

That should of course be true. It irritates the hell out of me ;-)

Iranian-backed hackers ransacked Citrix, swiped 6TB+ of emails, docs, secrets, claims cyber-biz

carl0s

Citrix knew about this on 2nd December

Monday morning of 3rd December, all users of Citrix ShareFile, including clients of users, (e.g. every client of an accountancy firm that uses ShareFile to send secured emails to their clients) were unable to log in to ShareFile. Some of these users use ShareFile as their 'cloud network drive' (sigh), some just for sending secure emails, or rightsignature documents.

After a while it became apparent that Citrix had forced a password reset for all accounts.

Explanations from Citrix were at first missing altogether, and then those that did come were conflicting.

My own opinion was that a data breach had happened and Citrix were not being open about it.

https://www.reddit.com/r/Citrix/comments/a2qs6p/sharefile_password_resets/

https://www.reddit.com/r/sysadmin/comments/a2ozk3/was_sharefile_citrix_compromised/

Office 365 CSP ordering down for days ??

carl0s

Office 365 CSP ordering down for days ??

Not sure if this is news or not. I haven't needed to order any new licenses in a little while.

Just tried to, and found out from Ingram Cloud that for the past 2 - 3 days, many resellers or customers can't manage their subscriptions.

Most of my customer's subs are showing as 'Configuring' with the Manage Subscription button disabled.

The chap said it was a problem at Microsoft's side. He may have been making that up, but if not, I'm getting really sick of this. What are we at now so far this year, Office 358?

picture here

Open sourcerers drop sick Fedora Remix to get Windows Subsystem for Linux pumping

carl0s

funny timing. I'm am doing some Django + Vue development at the mo. Doing it on my win10 desktop, and it's all fine except when it came time to get redis running today as I learn how to use Celery.

I tried WSL with Ubuntu and I had redis running there in 15 mins.

I will be running the finished system from a Linux box anyway, usually fedora + nginx, but WSL proved handy today. I was stingy and went with free Ubuntu instead of fedora though.

Like, subscribe and comment: Sage takes a breath as cloud sales bounce

carl0s

Yes. Exactly this. Also a bit of smoke and mirrors for the shareholders?

Y'know CSS was to kill off HTML table layout? Well, second time's a charm: Meet CSS Grid

carl0s

I suppose the key difference, vs Microsoft's history of being 'non standard', is that all these other browsers are available on pretty much all operating systems.

If you build something to only work on Internet Explorer or Edge, then you're forcing the users to use your operating system, and forcing them to upgrade their operating system when you stop providing updates to your browser on the customer's version of the operating system.

Embattled Barracuda Networks looks for buyer – report

carl0s

I'm curious what might come of their FreeSWITCH based PBX software. Forgotten the name now but it looked very tidy. Just expensive. I considered it for deploying to customers but they wanted to back-charge maintenance for appliances that I had bought, stocked for a year, and then supplied to a customer. No thanks.

BT blames 'faulty router' for mega outage. Did they try turning it off and on again?

carl0s

Re: Anyone use a VPN?

BTnet leased lines (fibre to the prem) at two of my sites in South Manchester both lost connectivity to various destinations, while other destinations were fine.

DNS lookups were OK, using BT's resolvers as it happens, but there was no working route to the problematic destinations.

We had people in remote locations who lost access to our stuff as well. On-prem mail servers not receiving mail from a majority of sources, or sending to, etc.

Nightmare. Thankfully the SIP provider was still reachable, else I'd have been having a total meltdown :D

Samsung, with this new 3D NAND SSD, you're really spoiling us ... or perhaps a rival?

carl0s

I had quite an admiration for tape drives & still like LTO. I confess to be a Macrium-to-disk convert now though.

Whether flash is going to be less stressful in the long term than hard drives is another matter though.

At least I have half a chance of recovering 99% of a failing hard drive's sectors.

You've got two weeks to beat off Cryptolocker, GameoverZeus nasties

carl0s

"business as usual"

Like another commenter mentioned below - it's business as usual, or rather a nice two week bit of respite, isn't it?

Many people are panicking about what's going to happen in two weeks, thanks to these reports.

Am I missing something? All we've done is pull out the network lead as we might do during a cleanup anyway, right?

Of course it's not a bad idea to run a zbotkiller or malwarebytes periodically anyway, but the message here seems to be way wrong and out of context to me.

Here is what I sent to a customer who asked if they needed to take any urgent drastic action.

Am I off the mark? See below:

"No.

Nothing is any different to how it has been for the last couple of years.

Zeus/zbot and cryptolocker have been on/off people's computers for years and sometimes I am removing it from two different customers in the same week. In the last couple of months, having got increasingly fed up with it, I have set policies of blocking all .zip and executable attachments on email servers since this is the most common source of infection (.zip attachments on fake emails from amazon/tax/payroll/sage/sky/fed-ex/ups/etc.).

Usually it becomes apparent that a computer is infected because it tends to get straight on with the CryptoLocker part of things, files become inaccessible, and a ransom is demanded. I then have to restore data from a backup. This is the thing that Fiona got onto her computer a few months ago.

All I would say is that I have noticed the occasional attempt to distribute it through a dropbox link, so you could tell the staff not to open any "You have been sent a file through dropbox" email links, without first confirming legitimacy, since I can't block that. The other way is popups that tell you you have to update your Adobe Flash or similar. They're often on dodgy websites, but also sometimes legitimate websites get hacked and have these popups injected. This is nothing to do with the two week window thing though and is just general advice. I have wondered about some kind of safe-computing training to show people what these popups and other dodgy things look like when they come in, but for now the above advice basically covers the current trends.

From a banking point of view, some were particularly susceptible in the past (HSBC & First Direct.. you sign in once with your code, then you can freely add new payees and transfer out money to them, without having to enter any new codes from the security device/dongle). HSBC & FD have changed their systems now, and do require re-entering a code from the keypad/card every time a new payee is added or amended. Obviously this would only matter if you were infected, but it has been a source of stolen bank funds in the past (screen gets blanked after you log into the bank.. money gets transferred out in the background), but it's a bit of extra peace of mind anyway.

All that has changed is this they have disconnected the controlling systems (command & control servers), and they expect that it'll get going again in two weeks. I'm not sure why they would use the words "two weeks to prepare for massive attack", as all they mean is it's been switched off, and it'll probably get going again in two weeks. Unless I'm missing something... I don't think am though. The command/control servers being disconnected doesn't make it any easier to detect or remove from a computer. It just means it can't be commanded to do harm."

Google and Samsung bare teeth in battle for LANDFILL ANDROID™

This post has been deleted by a moderator

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021