Sign in / up

* Posts by jonha

125 publicly visible posts • joined 22 Jul 2014

Page:

You probably can't trust your password manager if it's compromised

jonha
Reply Icon

Maybe, maybe not. It's the old tension between safety/security/privacy on the one hand and convenience/laziness/cantbebotheredness on the other. I do backups every day and every week (mostly automated, I'm lazy as well) and yes, it's a chore. But then again I've never lost files unlike some people in my acquaintance.

Same thing with password managers. And much of this ain't rocket science...it's just inconvenient. I'd rather accept a dose of inconvenience every now and then than facing a possibly catastrophic meltdown of my life (or the lives of those depending on me).

4 1
jonha
Reply Icon

Valid concern. I have normally two phones with me and if travelling by car, a tablet and/or a lappy. The latter running an encrypted Linux with KeePassXC, all the Androids KeePass2Android. I also have stored an encrypted 7z file with database, keyfile and the Android app on a tiny USB stick, separate from the devices, so I could in an emergency get a new phone and reinstall the whole thing relatively quickly. It's a bit fiddly but then again I've not lost a phone in 15 years. Touch wood.

9 0
jonha
Reply Icon

+1.

If my passwords, PINs etc were compromised my life would be turned upside-down. There's bank stuff, insurance, investment, health... you name it. How anyone can trust some unknown devs/admins in a third-party organisation with that stuff is totally beyond me.

Local storage with KeePass (and compatibles for Linux, Android, iOS etc). If the database file is secured with a strong password AND a suitable keyfile is used then the file can even be stored in the... cloud :-)

41 1

Mozilla Corporation installs Firefox driver in CEO reboot

jonha
FAIL

On the desktop I've long left FF in the dust... either it's Pale Moon or Vivaldi (+uBlock +CookieManagement). On mobile I'm still with FF (fennec from f-droid, to be exact) mostly because it supports the same extensions I use on the desktop. But its days are numbered and more AI will only hasten this. If I want(ed) AI, I know where I can find it.

12 4

Latest Servo release hints at a real Rust alternative to Chromium

jonha
Happy

There's more to Rust than...

its use in the Linux kernel and Servo. I'm an old fart and stick mostly to the command line and there's an amazing number of well-designed and performant utilities/tools in this space. There's sharkdp's fd, there casey's just, and ms-jpq's sad or chmln's sd... to name just a few of those I use every day.

3 0

MX Linux 25 reaches beta testing – complete with systemd

jonha
Thumb Up

Well... sysVinit IS officially supported for MX Xfce and Fluxbox editions

Good article, though your wording could be read as if the sysVinit variants are somehow 2nd-class citizens. Both the blog entry you linked to and further forum discussions make it clear that these are fully supported official versions. The big change is that with earlier versions you could decide at boot time which init system to use. Now and for the time being it's at install.

Having said that, another important change (for some at least) is that MX25 offers much better support for live booting with systemd as its init system. This means that frugal installs (which are based on live and can boot from almost any filesystem, including Windows NTFS partitions or even exfat) can now use systemd, for those who want it (or need it, as some software requires systemd). This somewhat mitigates the fact that MX25 has removed init system flexibility at boot.

9 0

The air is hissing out of the overinflated AI balloon

jonha
FAIL

The current crop of "AI" is anything but...

It always amuses me when people talk about ChatGPT, Claude etc etc as "AI". These LLMs use clever statistical trickery to emulate something (nobody knows what exactly) but do they exhibit "intelligence" in the sense we humans use the word? Nope.

I've used various of these bots for low-complexity tasks (eg "create a complete zsh completion script for app XYZ" or similar) and not once was the result immediately usable. Even after a few iterations the output is just not good enough.

33 0

UK drafts AI to help Joe Public decipher its own baffling bureaucracy

jonha

Bureaucracy stacks

Well, layers of bureaucracy are not that different (in principle, not in actual fact) to complex software stacks. I don't have to care about the underlying complexity (or call it bureaucracy) of all those lower layers if I can use a layer or layers that do that for me. Having said that, every sensible attempt to get rid of bureaucracy is welcome... but our world is so complex that there are severe limits of what can be done without triggering either chaos or unintended you-know-what.

1 0

MS confidence in Windows 11: Pay us to host VMs for when your desktop inevitably dies

jonha
Headmaster

"Kaput" is...

kaputt

4 0

Windows 10 turns 10: Dying OS just worked, lacked compatibility chaos

jonha

Define "sane" :-/

For some the last "sane" version was Win2k Pro and who am I to disagree? And yet, I kept the faith until 7... but after that the pain to move my workflows, automation, macros, offixce documents etc etc to Linux was lower than moving to 8 (not to mention the abominations that followed). Never looked back.

43 1

Please, FOSS world, we need something like ChromeOS

jonha

> There are a lot of desktop Linux distros out there. It's the number one thing non-Linux users complain about: too much choice.

True... but let's just look over the fence for a sec. There are, say 100 car manufacturers with say 25 models each, give or take. That makes 2500 models to chose from... and yet most people seem to be perfectly able to manage these many choices. There must be more to it than just too much choice. Lazyness? Can't-be-bothered-ness? Too much FUD? Fear of tech you don't understand?

19 6

Backup tool Rescuezilla resurrects itself across six Ubuntus

jonha

Check MX-Workbench

Interesting to read that Hiren's is still around, will check it out.

Re Ventoy and a collection of rescue ISOs including Windows PE stuff... this is the easiest and most reliable method I've found. I have a number of NTFS external SSDs (mostly for data exchange) and every now and then I have to do a chkdsk /f because the Linux tools just don't cut it and WinPE is v handy for this.

There's also a respin of MX Linux called MX-Workbench, by one its devs, see https://sourceforge.net/projects/mx-linux/files/Community_Respins/MX-Workbench/ . I'm using this as a base, remove some stuff I don't need and add other bits and then create a snapshot (with the superb mx-snapshot utility)... which is just a bootable ISO with everything, apps, settings etc in it... perfect for Ventoy and can be recreated within half an hour. Has saved my bacon a few times when UEFI didn't work as I thought it would :-/

6 0

Stopping the rot when good software goes bad means new rules from the start

jonha
Reply Icon

Sure, 100% secure doesn't exist. But that's where the malware checks and the quarantine come into play. There's a point though where paranoia turns decidedly unhealthy and I'm not sure whether I sometimes cross that line :-) But at least I sleep well.

1 0
jonha

I never ever use Google's stores (Android or browser extensions), even don't have a Google account on phones/tablets. I use a few trustworthy stores (F-Droid and similar) and I sideload everything, after checking with two malware checkers and a period of quarantine. The only browser extension I use is uBlock Origin on Pale Moon and Firefox (actually LibreWolf). I accept that all this requires a bit more effort, but one advantage of apk sideloading is that I can update the zoo of phones and tablets I'm admin'ing with a single adb job.

I am not saying that one can totally avoid these sorts of threats but there are some ways to minimise the attack surface.

4 0

UK tax collector's phone service 'deliberately' bad to push users online, say MPs

jonha
Reply Icon
FAIL

Re: Nudge economists

> HMRC aren't alone - they're just catching up with the utility companies, banks and other private sector pioneers of enshittification.

True... but there's a critical difference: if my bank, phone company, streaming service etc do this I can at least try to find a better alternative. Or if I can't find one, I can (in some cases at least) decide to go without that service.

I can't do this with my tax returns.

I am very happy to use online services where available, so I registered for the HMRC "customer" forums. I have posted perhaps three or four questions and without fail, they were not answered correctly by HMRC "admins", even after repeatedly pointing out their wrong statements by providing links to their own internal manuals. Complete FAIL and I've now stopped to use them.

32 0

How to maintain code for a century: Just add Rust

jonha

What about APIs?

In theory that is all well and good and I agree that FOSS has great potential to live forever (and I do think the language doesn't matter as much as some believe). However, it all depends on how the code is actually structured. Code which sits directly on the API layer is possibly faster and perhaps can do "fancier" things than code living on one or more layers of abstraction but if the API layer changes, or worse, disappears altogether, will become harder and harder to maintain or becomes obsolete.

Even for code using abstraction layers, there can be huge differences between the depth and breadth of the underlying abstractions, directly influencing the expected "lifetime" of the source code.

2 1

Microsoft forgets about SwiftKey's support site

jonha

Glad I left SwiftKey behind after realising that it can sync its clipboard between Android and Windows but not between Androids. Who designs such useless stuff?

5 2

Hong Kong's Furi Labs shakes up smartphone scene with dash of Debian

jonha

"but has an Android layer"?

Hm... the subtitle says there's an Android layer (I assume that means a compatibility layer which runs Android apks) but the article is silent about that!?

4 0

In Debian, APT 3 gains features – but KeepassXC loses them

jonha
Reply Icon

> I'm guessing you only read the headlines

No, I read the whole article.

> but do you think that Yubikey support and auto type is "network support"?

Again no, I don't. But in my post I concentrated on the issue most important to me personally. Inflated ego I presume.

0 1
jonha
Reply Icon

Yeah, there's probably something in your environment. On my Ryzen 5 5600u lappy KPXC needs around 1.5sec from fresh and is even faster 2nd time round.

2 0
jonha

While splitting KPXC into two versions was v badly communicated I am quite happy with the change in itself. The No 1 reason why I use KPXC vs LastPass, Bitwarden etc etc is that I want a strictly local database with no need (and no code) to go online. So I fully understand (and support) where Klode is coming from. But yeah, perhaps he could've been a bit more "diplomatic".

6 3

MX Linux updates Libretto, belts out 23.3, based on Debian 12.5

jonha
Thumb Up

I am using MX since MX18 as a replacement for then OOS Windows 7 (I've never touched any Windows version > 7. It has always worked on my zoo of desktops and laptops (among them a Lenovo X220 but also newer stuff with Ryzen 5 5600s). Always worked very well.

A further point worth mentioning is the lively and very helpful MX forum.

And last but not least, one of the rarely mentioned things all MX versions can do is to be installed in parallel to an existing Windows install *without* the need to resize or repartition the HDD. It'll perfectly boot from an NTFS partition, the only requirement being enough space for a frugal install (that'll be around 4 to 6GB). This was how I slowly migrated from Win7 to MX back then, by dual-booting Windows and a frugal MX18 install (nowadays I don't dual boot anymore).

2 0

AI is changing search, for better or for worse

jonha
Reply Icon

Re: @jonha - Please explain to us

> how a page missing from Google search

I didn't say that the page (or pages) ChatGPT based its answer on was missing from Google.

I just said that after 20 minutes or so of googling I had not found an answer to my very specific problem... the reason being that Google spewed out many dozens of pages dealing with Excel and the problem at hand... but all (or at least all pages I checked) were for much newer versions than the one I had to deal with (MiL with an old Windows XP PC, you get the idea:-/).

ChatGPT simply was much better at "filtering" all those pages and concentrating on the ancient Excel version I was fighting with. HTH.

2 0
jonha
Reply Icon

I agree with that... I fondly remember the time when Google was actually searching what I told it to search and not what it thought I wanted to search. This worked really well for a few years and if you knew how to use all these operators you could find almost anything (then again, this was in many respects a much simpler world than today's :-/ ).

Having said that, there are quite a few searches I've done over the years which would have benefited from a dose of AI. A year or so ago I faced a knotty problem with an older Excel version (but only with that version) and no amount of googling would deliver a page with a solution. After a frustrating 20 minutes I turned to ChatGPT and had my answer with two minutes. So there's a place for AI-assisted searches.

2 3

UK signals legal changes to self-driving vehicle liabilities

jonha

We have two Mway junctions near town with pairs of giant roundabouts, four or five lanes. The road markings were pretty unclear to start with and are now (mostly) so faded that they're becoming a real hazard, esp for those who don't know the roundabouts. I am not sure how a self-driving car will negotiate this sort of thing... never mind who's responsible for any accidents.

7 0

GNOME Foundation's new executive director sparks witch hunt

jonha
Reply Icon

Re: It's not a witch hunt.

> 4DOS

Well, I *was* a big fan of that (and later 4NT and TC), almost from its first release (which may explain why compatibility was never much of a problem for me) when ordering software in the States still felt like an adventure. And compared to CMD.EXE it was real progress, not least because Rex listened to his users.

I've since changed OS base from W to L and after a short stint with bash I've switched to zsh. The learning curve was/is breathtakingly steep but it's miles better than 4DOS/NT/TC ever was.

0 0

The world seems so loopy. But at least someone's written a memory-safe sudo in Rust

jonha

LuaJIT v2.x

I used to do a lot of work with a JIT compiler for Lua. This thing could produce phenomenally fast native code *and* it had a powerful FFI (of course, this was not a memory-safe area, very much like unsafe for Rust). Alas, the garbage collector made it very hard to write code that guaranteed a certain performance. There were some tricks to mitigate this and Mike Pall, the author of LuaJIT, had plans for a better garbage collection implementation but these never materialised. Even today, to hack together a quick utility I am more likely to use LuaJIT than Python.

4 0

antiX 23: Anarchic for sure, but 'design by committee' isn't always the best for Linux

jonha

> But we can't help but feel that, as its name hints, it's a bit anarchic. It feels designed by committee, where everyone got their choices included. Some judicious pruning and selection would really help buff it to a shine.

I am not sure I follow. Take the various apt, synaptic, MX Package Installer, aptitude etc choices. Nobody forces you to use any or all of them but if you're used to one of those, it's nice to have it OOTB. The worst they'll do is waste a little disk space and even that can be reclaimed by judicious use of apt, synaptic, MX Package Installer, aptitude etc :-)

Also, I was used to synaptic but when I saw (and played with) aptitude I was immediately sold (nowadays I do much with simple apt-get commands). Wouldn't have happened if they had only included one or two package managers.

And if they prune and select... who's to decide what's included and what's left out? I bet that there will then be people who loudly lament the missing aptitude while others groan about synaptic. Etc etc.

It's not an obvious one, IMO.

7 0
jonha
Reply Icon
Go

Re: Live remaster

(I am currently not at home but I'm 99.99% sure that those MX utilities also exist in antiX.)

You could either use mx-snapshot which will create a full-fledged ISO, with all changes you did and also your home bits and pieces intact if you include the "Preserving accounts (for personal backup)" option. You could then transfer the ISO to a USB stick or similar and presto, you have new system with all your mods.

Or you could do it in one go with live-usb-maker which also has options to create an encrypted USB stick, again with all changes on the new stick.

Hey Liam, if you're bored you could do worse than look into those utilities and also the whole way the antiX/MX system supports frugal installs.

7 0

After injecting pop-up ads for Bing into Windows, Microsoft now bends to Europe on links

jonha
Reply Icon

Re: So glad...

You're right, amazing how time flies. Wikipedia says " It was first released in 2015 as part of Windows 10" so I stand corrected. (I never installed or bought Windows 10 (or 8 or 8.1) anywhere, let alone Edge.)

2 0
jonha
Stop

So glad...

I switched from Win7 to Linux about 5 or 6 years ago. Nothing to do with then unheard-of Edge or other such Windows shenanigans. Yes, it was a very bumpy ride for the first months because I knew Windows quite well (we bought the first Windows SDK when it was still in beta ~1985 IIRC) and knew very little about Linux.

And to think they do this specifically for (parts of) Europe and just ignore the rest of the world. Amazing.

I am so glad I left that Himalaya of crap behind.

13 0

With version 117, Firefox finally speaks Chrome's translation language

jonha
Reply Icon

Re: FF convert

> Nope, still not using it: it STILL doesn't have Page Source viewing!

Interesting. I've never missed this feature under Android and I even if it existed I would use it once in blue moon. Whereas the extensions (uBlock, Cookie AutoDelete and Decentraleyes) get used every day. I simply hadn't realised that FFoA has this feature.

And Brave being a child of Chrome, I doubt it supports extensions on Android.

6 0
jonha
Happy

FF convert

I started browser life (well, almost) with Firefox, later switched to Pale Moon (still my std browser) and use(d) Vivaldi for stuff that doesn't work under PM. I also had Vivaldi as default under Android.

However, the other day, after yet another bloated Vivaldi for Android update I decided to try Firefox for Android (f-droid version), as Vivaldi is not only bloated but is getting slower with every release. MUCH better. It's faster, both for startup and in use and it supports Firefox extensions. The latter is a killer feature as I now can control cookies under Android as I can under Linux (Cookie AutoDelete extension). Hooray!

Not stopping there, I also installed LibreWolf (a Firefox descendant) on my Linux desktop. And I have to say, it's again much better than I expected though I am not sure it'll fully replace Vivladi any time soon.

I for one am new officially a Firefox fanboi :-)

15 1

USENET, the OG social network, rises again like a text-only phoenix

jonha
Reply Icon
Thumb Up

Re: sudo apt install slrn

> Not as bereft of life as I expected, but not exactly about to nuzzle up to the bars

Depends. Some groups are still pretty active (say on average 50 messages/day), others half-sleeping and still others smell like a dead mouse.

And in keeping with the ripe old age of USENET I still use it with a reader almost as old... the good ol' Forte Agent which runs beautifully in my Windows VM. (Agent is one of a smallish number of apps I still run in a VM as I've simply found nothing I like as much that'll run under Linux (or perhaps because I am too lazy to convert all the killfile rules). Others in that select group are foobar2k, Poptray and a couple of graphics programs.)

12 0

UK air traffic woes caused by 'invalid flight plan data'

jonha
FAIL

It's getting harder and harder for those excitable papers to blame everything on the EU (not that some still try hard) so it's of course the turn of the French.

As to the fail-safe strategy of shutting down everything on running into invalid data, it's hard to say whether that's appropriate or not without knowing a lot about the systems involved.

What certainly IS strange though is that a backup system (that is there precisely in case No 1 fails) has apparently been fed the very same crap... which produced the same result. Resilience?

18 10

High severity vuln in WinRAR could allow code to run when files are opened

jonha
Reply Icon

Re: Also available for Linux... if you're no CLI hater :-)

No, not better compression. As a rule 7z is the better compression utility, sometimes significantly so. However, as commented elsewhere RAR can create redundant archives (with user-definable amounts of redundancy) which makes sure that files in the archive can be accessed even when parts of the archive become corrupted or unreadable (happened twice in 20+ years).

5 0
jonha
Reply Icon

Well... I use 7z for many things (it's faster and normally has better compression rates than RAR) but for everything that has to survive for a long time and is REALLY important I use RAR only. Main reason is that RAR can add user-defined amounts of redundancy to an archive, so even if bits of an archive go and bit-rot, chances are I can still access most if not all of it. I don't think 7z has such a feature.

12 0
jonha
Happy

Also available for Linux... if you're no CLI hater :-)

I've been using the Linux version of (Win)RAR for many years... my Reg file works for both versions though I am not sure about giveaway licences. Some may find the CLI-only Linux version a bit sparse but it has the same functions as the Windows version, just not as much eye candy.

4 1

Cruise self-driving taxi gets wheels stuck in wet cement

jonha
WTF?

Well...

As much as this will create mirth for certain readers, I am pretty sure that human drivers have done, do and will do this all the time... but it doesn't get reported (or if so, then just in the local papers' "Mirth" section).

14 4

Electoral Commission had internet-facing server with unpatched vuln

jonha

Compare this with flying

If aircraft would be serviced, repaired and flown like servers are secured and maintained we would have the landscape full with crashed airplanes.

IT security is doable (OK, harder for zero days but even there a well-run outfit could think about possible mitigations before the fact). But as people usually don't die because of these idiots (alas, the PSNI leak may prove this to be wrong) we're fucked.

8 0

UK voter data within reach of miscreants who hacked Electoral Commission

jonha
Reply Icon
FAIL

Re: Any monitoring taking place?

> I get the strong impression that nobody is really monitoring their networks.

That's because they are so incredibly busy with pretending to take our security extremely seriously :-/

24 0

Middleweight champ MX Linux 23 delivers knockout punch

jonha
Reply Icon

I'm with Peter here. Actually sudo gives you much more fine-grained control over which user can do what than the blunt non-root-user/root dichotomy. It's really worthwhile to read up about its capabilities... perhaps especially for an old-timer, if you pardon the expression.

21 0
jonha
Pint

You should've mentioned MX's frugal/persistence install mode. This allows to install MX on any (and I mean ANY) PC with, say, 8GB of free disk space. I am not talking about shuffling partitions or creating a new partition where MX would be installed: no, MX can peacefully and fully-featured co-exist with a Windows7...11 install on the very same NTFS partition, given enough free space.

This has allowed me, back in the days, to test drive then-MX17 in parallel with my aging Win7 install for a few months and to gradually switch from one OS to the other... Even now, six or so years on, I still have MX (now 23) running as frugal as it's incredibly easy to backup (just copy three or four files) and a breeze to install on new machines, even without the snapshot/ISO route.

The beer goes to the devs.

33 0

Google's browser security plan slammed as dangerous, terrible, DRM for websites

jonha

The web has turned into a playground for Google and a select band of other miscreants, either spreading good ol' FUD and/or inventing yet another great scheme to make it all so much better but... cui bono? Not the users, I suspect.

In other words, the web is broken, possibly beyond repair. The good thing is that the internet, aka TCP/IP, is a "simple" transport mechanism and so it will always be possible to create alternatives. Whether these succeed on a grand scale, given among other things the ever raging battle between security/privacy et al on one hand and convenience/laziness et al on the other, is another matter.

52 1

Want to live dangerously? Try running Windows XP in 2023

jonha
Reply Icon

Re: “There's a reason...”

Maybe I'm a masochist... but for many, many tasks most people perform with a file manager or other pointy-clicky GUI tools my zsh is way faster. For some tasks it's an order of magnitude faster.

And there's a plethora of other CLI tools out there which can be amazingly fast... look at ugrep (not grep, *u*grep) if you want to search stuff, for instance.

Of course there are things where zsh or other CLI tools are not the best choice... but then I can always switch to GUIs and the mouse.

9 0
jonha

Not entirely unexpected. There's a reason why I'm still mouse-adverse and why much of what I do (all admin, the music player, some text and all hex editing...) happens in the CLI.

12 9

Microsoft kicks Calibri to the curb for Aptos as default font

jonha
Pint

Wow, I'd never have thought to read anything about Bierstadt (the WI suburb) in El Reg. Lived there many years ago for a while before moving to Frauenstadt.

Never say never.

12 0

Free Wednesday gift for you lucky lot: Extra mouse button!

jonha
Reply Icon

Re: I'm ashamed to say I didn't know or had forgotten about the browser functions!

> It's not entirely accurate - middle button title bar click appears to only open a tab on Firefox, not Chromium or Edge

It does work on Linux Vivaldi. Can't say anything about other Chromium-based browsers.

4 0

Google's Go may add telemetry that's on by default

jonha
Mushroom

Anyone remember Ken Thompson's login hack?

We're slowly inching towards Ken Thompson's login programme hack (see https://www.industrialcybersecuritypulse.com/threats-vulnerabilities/throwback-attack-ken-thompson-lays-the-foundation-for-software-supply-chain-attacks/ ) for details. His was just a demo... Google's version might not be.

2 1

JD Sports admits intruder accessed 10 million customers' data

jonha
Reply Icon

Nope. They take security EXTREMELY seriously.

As always. As do all the others, like BA or TalkTalk.

So no reason at all to worry.

8 0

Page: