* Posts by Maventi

272 publicly visible posts • joined 2 Jul 2014

Page:

Red Hat admin? Get off Twitter and patch this DHCP client bug

Maventi

Re: Is this dependent on Netcat?

> I always wondered why netcat is installed in every 'nix...

Except that it isn't; try a minimal RHEL or CentOS 7 install for example.

What I would like to know however is why NetworkManager counts as necessary for a 'minimal' install.

Microsoft loves Linux so much it wants someone else to build distros for its Windows Store

Maventi

> Still, that'd be one way of getting WiFi working properly in "Linux". All the Windows device drivers would be available.

Funny, I've had more issues dealing with WiFi in Windows (usually from patches) than Linux. That said I blame the issues on both platforms squarely on the WiFi chipset vendors.

Windows 10 to force you to use Edge, even if it isn't default browser

Maventi

> The latest few versions of macOS bug you a bit if it's not Safari though.

That they do, and it's damn annoying. If I wanted to use Safari then I would use it.

Maventi

Re: Fucking idiots

> exactly my point on here, Microsoft does it - out come the penguins on a rant

> anyone else does it - silence

Incorrect - they are all taking the piss. Apple on iOS. MS with their apps (Cortana, now Mail, etc). Google with things like Hangouts.

All are user-hostile decisions.

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them

Maventi

Re: Oh dear

> But I honestly don't have the time to manage hundreds of individual client IPs like that. Set up the servers. Maintain a list of their IPs. Done.

Neither do I, or even have the time to maintain lists of IPs. It's called IPAM and most decent provisioning/lifecycle tools automate all that. Bootstrap new systems via DHCP (for PXE) then have them reconfigure themselves with the same static address as they build. Let the tool take care of assignments and managing leases. Easy as pie. If you need to bulk update changes such as DNS then that's what tools like Ansible are for; change one line in a playbook, test, commit, job done.

Servers shouldn't rely on DHCP - in fact servers should rely on as little external services as possible to sustain their operation.

Wish you could log into someone's Netgear box without a password? Summon a &genie=1

Maventi

Re: Exactly why I don't use OEM firmware.

> I do use DD-WRT, but just because the code is freely available doesn't mean it's not got bugs...

Correct - those platforms (like most) absolutely have bugs. The practical advantage of those third party FOSS options is that the bugs are normally more complex, and more importantly the patches are released quickly; support usually continues longer after the manufacturer gave up on the hardware.

LEDE and OpenWRT kiss and make up

Maventi

Re: Thanks, folks.

And one from me too. Keep up the good work folks!

Azure VMs borked following Meltdown patch, er, meltdown

Maventi

Re: like mnany I suspect.

> This is part of what organisations should be doing in assessing the risk to their organisation on machines which don't run user interactive sessions, and "adequate protection" is deemed to be in place.

Good call.

> If you are in public/hybrid cloud...

Then it's probably best to take the performance hit as you never know who else might be sharing your compute node with potential access to your own host's memory.

And we return to Munich's migration back to Windows – it's going to cost what now?! €100m!

Maventi

It does certainly appear to be primarily an organisational and political failure (as opposed to technology) as we can see with all the speculation and commantary around this issue. There are plenty of wide-scale Linux desktop deployments out there (particularly in the European public sector) that have been very successful - they simply don't make the news because they just work as expected.

Speaking as someone who's spent over 20 years managing Windows-based and and some fully Linux-based enterprise networks, both can be done effectively with the right processes in place. The Linux networks I've managed (including desktops) have had almost zero complaints even from extremely illiterate users - users simply don't care what the tech is as long as they can get their work done. Linux can certainly save a lot of money overall if done right, but whether it does in practice all depends on the organisation's actual requirements.

The best thing that can be done is to actually establish those requirements and build to them, rather than choosing the platform first.

Most users certainly don't have many emotional ties to Windows - proof of this is the the fact that the majority of personal computing devices in use by consumers today don't run Windows (although it's a small margin admittedly). There is love for Word and Excel among a few users and sometimes those two applications alone can end up dictating the entire network architecture. A shame - an entire infrastructure shouldn't depend around a couple of apps, but that's what originally got Windows so pervasive in enterprise.

Also note that unhappy users exist on any platform - I've also come across plenty of badly-managed Windows networks where the users loathed it. Not a failing of Windows per-se, once again it's usually bad implementation. Apply some elbow grease (along with a big invoice) and everyone is happy again.

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

Maventi
Pint

Re: As an amateur

@AdamWill: probably the best response to this thread that I've read yet! This one's on me!

Maventi

Re: Accidental Aardvark

> At least Windows never killed my BIOS...

Not your machine perhaps, but there have been plenty of reports of Windows also doing it in recent years.

That said, I don't think this is a really either Windows or Linux issue. I think the blame rests squarely with bloated UEFI design and in particular lazy implementations by many hardware manufacturers. It's plain that the design can't be very robust if software bugs can so easily upset the boot firmware.

Exim-ergency! Unix mailer has RCE, DoS vulnerabilities

Maventi

> The vast majority of companies use MS Exchange.

Yes that is very true, although it's typically a user-facing groupware server as that is where it shines. As a straight MTA however, not so much as that isn't really the use case Exchange is designed for and it's a very bulky option for solely moving messages around behind the scenes.

Most orgs will use Exchange for groupware in conjunction with other MTAs for processing and filtering inbound and outbound mail (often located in a controlled network segment like a DMZ).

The 0.8% statistic does look strangely low, but when you consider that this survey was conducted in terms of Internet-facing services then it starts to look more realistic as I don't know of any orgs that currently present their Exchange SMTP services directly to the Internet.

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

Maventi

Re: I wonder about motherboards

> No - no it isn't. Not for Intel at least. It's part of your CPU!

Incorrect - it is in fact part of the chipset rather than the CPU. https://en.wikipedia.org/wiki/Intel_Management_Engine#Design

Still has access to all the things though.

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Maventi

@Adam 1 you forgot to encode the password in base64, just for additional protection.

Don't worry about those 40 Linux USB security holes. That's not a typo

Maventi

Re: Physical access means you own the system

> Unless of course it runs say Secure Boot with Bitlocker.

Hopefully then it doesn't use a key generated by an Infineon TPM, or use an Intel CPU manufactured after 2008.

AMD, Intel hate Nvidia so much they're building a laptop chip to spite it

Maventi

Re: "Nvidia's dominance"?

@phuzz agree the PowerVR stuff is a complete joke, but if you stick to mainstream desktop CPUs (i5/i7) the situation is much better.

Maventi

Re: "Nvidia's dominance"?

> The vast majority of people either can't upgrade (corporate purchases) or don't know it's an option.

Then there are those like myself who specifically purchase desktops with Intel graphics because their Linux support is second to none. That's especially important when deploying desktops in hundreds at a time.

OpenStack says its work is largely done. Now your hard work can fill in the blanks

Maventi

Re: More likely...

> The easy life solution at the moment is Azure Stack.

For a short-term quick win then absolutely yes - Microsoft have a very compelling offering there.

Putting in hard yards for OpenStack is likely to provide better value long-term though, and helps avoid the lock-in.

'Open sesame'... Subaru key fobs vulnerable, says engineer

Maventi

Re: Weakest link...

Possibly - but if done right this has some very sneaky potential.

It won't really speed up someone stealing the car outright (and that would be obvious anyway) but if you say left a wallet (or valuable item) in the car and a thief was able to unlock the car, steal the item and then lock the car afterwards, a lot of folks wouldn't even immediately notice and would likely have a hard time trying to remember where they actually last left with said wallet or item.

Certainly a locked car with no trace of tampering would not be high on the initial suspect list, and by the time the victim takes any decisive action, the thief has already had plenty of time to spend up large on their credit card or fob off stolen item. It's likely the car would remain completely unsuspected even well after the fact.

How many times can Microsoft kill Mobile?

Maventi

Re: Microsoft is trying very hard to kill itself.

"What have they screwed up on Server?"

The licensing model.

Microsoft Edge shock: Browser opts for Apple WebKit, Google Blink

Maventi

Re: Seriously.

Tried it, and it's not half bad. Certainly better than the crap that some Android vendors offer (including Samsung). Still got ways to go to top the true vanilla Android experience though (Nexus/Pixel).

Maventi

I understand the choice for iOS as there is no choice, as we well know. What I don't get is the use of Blink for the Android version. This doesn't say much for their confidence in EdgeHTML.

In fact I think MS would be wise to open source EdgeHTML as it's the only 'major' HTML engine in existence today that is entirely closed source, and the only major browser still tied to a single platform and version. Either that, or switch desktop Edge to using WebKit or Blink.

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Maventi

>This is partly the fault of yum's maintainers. There should be a blatantly obvious warning and acceptance prompt if you try to install an unsigned package. That would force companies to do it to prevent complaints from users.

There is. By default yum will scream at you if you try to installed unsigned packages; you have to explicitly configure yum to ignore signatures. Given that even the most lowly back-alley free projects can quite happily manage signing (as someone who has built plenty of RPMs myself I assure you it's utterly trivial!) I'm completely astonished by Slack.

Gotta live up to their name I guess.

Unloved Microsoft Edge is much improved – but will anyone use it?

Maventi

Free EdgeHTML

Seriously Microsoft, just open source the EdgeHTML engine already. Edge is the only major browser left that doesn't use an open source rendering engine, and the only major browser stuck on a single platform.

Nobody chooses an OS for the browsers that run on it, but they do sometimes choose browsers because of the OSes they don't run on.

You will very quickly see folks use it to create a browser for other OSes (even older Windows) and all sorts of other creative things you couldn't imagine, which would likely foster wider adoption, mind share and good-will.

Just saying...

Official: Windows for Workstations returns in Fall Creators Update

Maventi

> ... as a corporation would for a hefty server would be a hard sell.

I agree, although I specifically meant client versions of Windows; there are enough of those alone. The Windows Server licensing situation is a whole different nightmare altogether. :)

Maventi

Why are there so many different versions of Windows 10? Can't they just make single release for all client devices (desktops, notebooks, etc.) and be done with it? Be a lot easier for all of us.

Windows Subsystem for Linux to debut in Windows 10 Fall Creators Update

Maventi

Re: Windows 10 Fail

Ugh, I have terrible memories of the Microsoft NFS server. It's also completely pointless as serves little purpose for Windows clients and does an awful job for POSIX clients.

Maventi

Re: Standardisation is always welcome

"And whatever Unix did, forty years later it may just be an outdated standard today..."

As opposed to say the relevance of 'C:\' today?

Unix has aged far more gracefully.

Solaris, Java have vulns that let users run riot

Maventi

"Most Android Apps are written in Java"

Java is simply a language. Oracle Java SE is a well-known example of a Java VM or runtime environment that is also colloquially referred to as 'Java'.

"and the ADK has mostly Java interfaces"

Google copied Sun's Java API in their own implementation of the language and runtime. This is the basis of the infamous Oracle lawsuit.

"how does Android not run Java?"

Android runs ART, which in turn replaced Dalvik found in older Android versions. These are both Google's own creations and are unrelated to Oracle's JVM products mentioned above.

The poor security reputation for Java largely stems from the browser plugin included with the desktop versions of Oracle's JVMs (and it is pretty bad), but this has unfortunately extended across much of the industry to tarring anything remotely involving the name 'Java' with the same brush. That said, this latest run isn't helping. :)

Maventi
Coat

Fair call. I did a cursory search for such vulns and found nothing obvious, but subsequently see what a number of these appear in OpenJDK too. Humble pie time for me.

Maventi
Holmes

Seriously though, who in their right mind still uses Oracle Java SE when we have OpenJDK?

Azure Stack's debut ends the easy ride for AWS, VMware and hyperconverged boxen

Maventi

This is a brilliant play by Microsoft. In many heterogenous networks Windows is slowly being relegated to a middleware software layer running on the likes of VMware and being accessed from thin clients and mobile devices. This turns the tables right around and puts their stack out in front, with Linux and other platforms becoming the meat in the Microsoft sandwich.

The trick for those wanting to go down this road will be to watch the early adopters and then jump in once (or if) this matures - execution is certainly not Microsoft's strong point historically so best leave to others to sort the teething issues out first (and there will be plenty). If this works out it will make for a very low entry barrier for those who simply can't use public cloud.

Like most 'black-box' solutions, the drawback is massive potential for lock-in via proprietary APIs so it will be interesting to see how this plays out long term. It might be an ideal solution medium turn, but your entire infrastructure becomes dependent on the direction of a single company which always results in pain when you have a business need that doesn't fit into the mould.

Ubuntu 'weaponised' to cure NHS of its addiction to Microsoft Windows

Maventi

"The rollout was cancelled because they had paid for the wrong licence, then built the image on the incorrect (ie the version they *meant* to buy a licence for) version of Win7, but that's another story!"

And that, folks, is one of many examples of the hidden costs of complex proprietary licenses that simply disappear with FOSS. It goes beyond the sticker price - the cost of license management and compliance is eye watering but seems to be often overlooked.

Raspberry Pi sours thanks to mining malware

Maventi
WTF?

Uh, that looks more like a typical crypt password hash (in this case SHA-512) rather than an actual password.

It's a shame this worm is even a thing; recent-ish Raspbian versions warn you every time you login via SSH if you retain the default password.

I'd have expected that most folks knowledgeable enough to get a public IP directly to their Pi (even if via port forwarding) should know better, but I guess you learn something every day.

Does Microsoft have what it takes to topple Google Docs?

Maventi
Meh

I've done a fair bit of work with O365 and Google Docs, assisting schools and small business. To be frank, anyone who says that one is substantially better than the other is simply biased and shouldn't be taken seriously. They both have some real advantages and drawbacks and what is best comes own to nothing but your own organisation and use cases.

O365 - good web functionality, ability to use full Office if needed (the web version has bizarre limitations), great compatibility with legacy Office formats. It's also a lot more open with regards to educational organisations - it's much easier to get a free O365 subscription over Google Docs if you are a legitimate educational organisation or charity but not an actual school. On the downside, it's generally more expensive, it's much more complex to manage than Google Docs (don't get me started on the insane license management process), less reliable than Google Docs in a browser and while there are a huge number of apps in the ecosystem, they just don't feel as coherent and integrated as Google's offerings. There's also an obvious preference towards supporting Windows on the endpoint that's hard to get away from. Understandable for MS, but the world has moved on from the early 2000s.

O365 summary: Great for those who absolutely need perfect Office compatibility/familiarity and probably more scalable to the high end if you are massive. Also recommended to those charities who need free tools and have fallen through the (large) cracks in Google's acceptance check process.

Google Docs - cheaper, simpler, more reliable. On the downside, things like Sheets are less powerful than Excel and you don't get local apps provided. The simplicity and way lower TCO speaks volumes though - managing a fleet of Chromebooks is miles cheaper and easier than a fleet of Windows devices with O365 - and that's not just my own observation but also my customers words from those who have experienced both.

Google summary: If you are a startup or school, I'd recommend Google Docs.

Ultimately though, both scare me (along with AWS) as they all result in the world's data becoming hostage to a handful of American megacorps that have all demonstrated hostility to end users and customers.

systemd-free Devuan Linux hits version 1.0.0

Maventi

Re: It's not infighting

"IIS doesn't tend to be running insecure crap like PHP..."

Case and point. So it's not Linux/Apache versus Windows/IIS security we are talking about per se; what we are really referring to is the plethora of quickly hacked up PHP apps and the like that become low-hanging bot fodder.

Saying that this is a 'Linux' issue is entirely missing the point; it's analogous to the folks that bag 'Java' as insecure without having any clue what they are actually referring to.

Unfortunately I guess this is the price to pay for a platform with such a low entry barrier.

Maventi

Re: It's not infighting

"and historically was about 4 time LESS likely to be hacked"

Simply because those mountains of outdated WordPress sites left to rot out there aren't running on IIS.

Context is everything.

Microsoft promises twice-yearly Windows 10, O365 updates – with just 18 months' support

Maventi

Re: Dear gods...

"... doubt very much a lot of non technical users would welcome it's arrival on their desktop/laptop unless it's skinned."

Speaking as someone who once lived and breathed all things Microsoft, I have real world experience with this and you might be surprised! I've maintained a few Linux desktop networks, both small and large scale.

In most cases that has been either CentOS or Ubuntu (yes, with Unity), mostly stock except for some basic branding and additional shortcuts and things to common stuff like network shares. Sure there are some under-the-hood tweaks for such environments, but they are invisible to users.

Does anyone care? Not a bit. Hundreds of happy users from technically savvy to the most technology illiterate you can imagine. Contrary to what you would expect, folks find their way around documents, network shares, browsing and email just fine with virtually no training.

In fact it's easier to support than Windows because everything keeps itself patched with little intervention, the office suite doesn't dramatically change in look and feel with every version change, and stuff generally doesn't break.

Subtle differences from Windows like the lack of network drive letters doesn't bother anyone non-technical because they don't understand that stuff anyway.

Of course it's not completely perfect, but I've never kidded myself that Windows was either.

Why Firefox? Because not everybody is a web designer, silly

Maventi

That's certainly the case in Windows, but funnily enough on 'nix Firefox is quite straightforward to manage in a corporate environment (as is Chrome/Chromium).

Microsoft IE11 update foxes Telerik dialogue boxes

Maventi

Re: Yet more proof MS fails.

"It doesn't make that much difference. You should be testing the patch..."

You've completely missed the point. Of course we test patches, but if one doesn't work I still very much want the rest installed to resolve the other issues rather than remain completely vulnerable.

I also don't expect to waste my time calling vendor support in order to do so; my time is much more valuable than that.

Brit ISP TalkTalk blocks control tool TeamViewer

Maventi

Re: Well thats my family screwed

Not to mention that RDP is Windows-specific, whilst TeamViewer works on practically anything.

Frustrated by reboot-happy Windows 10? Creators Update hopes to take away the pain

Maventi

Re: apt

As someone who's created many MSI and Deb packages, I'll take Deb any day of the week thank you.

Dying for Windows 10 Creators Update? But wait, there's more!

Maventi

Re: SSH

I am very much aware, having administered Windows systems for the last two decades.

Being someone who operates in heterogeneous environments, I look forward to having something that's actually a standard and that works both from and to any platform.

Maventi

Re: SSH

This. So much this.

SQL Server on Linux? HELL YES! Linux on Windows 10? Meh

Maventi

Re: POSIX subsystem

"Can't recall anything ever wrong with it? It outperformed Linux as an NFS Server last time I tested it!"

Seriously? Mate, if you are going to tout MS as being all greatness, at least pick something they are good at (along with a more believable quote about 'testing it').

Microsoft added an NFS server with two goals: POSIX compliance for contracts that required it and the hope of using it as a migration service for existing 'nix kit. Both of those reasons are nothing more than box-checking exercises. Microsoft already has SMB/CIFS, so NFS would seem to be little more than an afterthought.

Now the anecdote to reinforce that. A couple of years ago one of my colleagues bought a NAS box for using in our lab. This was a pretty typical vanilla 2U rack server from either Dell or HP (I forget which) running Windows Storage Server 2012 R2. I don't recall it being particularly cheap either, but we found it to be a reasonably capable iSCSI and SMB server, both of which were pretty straightforward to get going.

One day I needed some NFS shares for a project I was working on. We spent hours battling with NTFS permissions and the confusing NFS UI (not helped by the use of non-standard terminology) and eventually managed to get it working. The performance was pretty average at best, but sufficient to at least get on with things. Then we tried netbooting a box using an NFS share as the root filesystem, which simply refused to work.

After a few more hours not getting anywhere with that, we ended up wiping the entire OS and installing FreeNAS instead. Less than an hour later we had everything working perfectly (including SMB and iSCSI, plus much faster NFS) and simply got on with the rest of the project.

Microsoft has virtually no use case for NFS except to provide shares to 'nix boxes, and like you stated yourself the compatibility between the two isn't great so it's much less work to use a proper NFS implementation instead. I'm struggling to think of what possible use case it serves at all?

Microsoft's Q2: LinkedIn In, Mobile out, Azure up, Xbox down

Maventi

Good plan! Just look at what happened to Skype, unfortunately.

How Lexmark's patent fight to crush an ink reseller will affect us all

Maventi

Re: We're still printing?

Yes - as long as the most-used document format used practically everywhere in business is still paper-shaped, produced and consumed by software designed for working with paper-shaped documents, then wasteful printing will always continue because the antiquated document format simply encourages it.

Maventi
WTF?

I didn't even know Lexmark still existed. Now that I do, this news doesn't surprise me in the least unfortunately.

Page: