* Posts by bombastic bob

10515 publicly visible posts • joined 1 May 2015

Penguins force-fed root: Cruel security flaw found in systemd v228

bombastic bob Silver badge
Devil

Re: WTF

"Only root would be able to issue the write without the 6000 mode bits being reset."

assuming that a different exploit did not successfully write to this file and still keep the bits...

bombastic bob Silver badge
Linux

Re: The Inevitable

"Is Linux Secure"

yes. Linux is secure. Related, systemd is NOT Linux. thankfully.

bombastic bob Silver badge
Devil

Re: @Gerhard

"And FreeBSD knows nothing of systemd."

A _DEFINITE_ plus!

Additionally, the rc system on FBSD is a bit easier to config than Debian's old sysv startup support, last I checked. though much of the 'hackery' required was simply re-naming, creating, or removing a few symlinks from one of the rc#.d directories

bombastic bob Silver badge
Unhappy

Re: right ..

"As a server admin, SystemD has solved more problems than it has created."

I hear the same kind of logic applied to things like Virus Outbreak (aka MS Outlook), and the use of ".Not" in programming.

My guess is that the hackery is a better choice. Then post what you did in an appropriate place, so the rest of us can benefit from it too.

bombastic bob Silver badge
Unhappy

Re: Surprise

_NOT_ suid per se [it's actually needed for SOME things] but apparently how it's being utilized by systemd and it's minions

Using LinkedIn will land you a shiny new job – like, er, CTO of Microsoft

bombastic bob Silver badge
Holmes

his predecessor became a PATENT TROLL?

no WONDER Micro-shaft has been pursuing wrong directions!

Plump Trump dumps TPP trade pump

bombastic bob Silver badge
Megaphone

Re: HOLY CRAP!

"You think we don't remember certain people blaming Obama for the state of the economy before inauguration day?"

Or former President Bush II, 8 years later...

I believe Trump has the correct strategy.

a) tax cuts [for *EVERYBODY*, particularly "the rich"]

b) de-regulation

c) significantly reduce the actual SIZE of gummint

d) put people in charge who were chosen for their ability to do their jobs, not race/sex/lifestyle/whatever [including political payoffs]

e) ENFORCE! THE! LAW! - consistently, I might add. no more 'pick and choose' like Obaka

it's a recipe for putting things back on the right track. It's the same one _I_ would use. It's been tried before (1980's) and it worked well, but of course doesn't happen instantaneously. We'll hear all kinds of grief from "the lamestream media" until reality becomes SO obvious, that people will embrace the reality instead of the doom/gloom LIES from those who want it to NOT be so [if it bleeds, it leads!].

bombastic bob Silver badge
WTF?

Re: The last mercantilist president

I doubt VERY seriously that Trump is truly a "mercantilist".

His plans are simple: provide 'incentives' to keep what production is already inside the USA, as well as incentives to 'bring it back' (or expand within the U.S.).

Typically this will be in the form of

a) tax cuts

b) de-regulation

Although the threat of retaliatory import tariffs still exists, it is highly likely that this is the primary means by which Trump intends to 'make America great again'. However, it might be there as a 'stick' for when the carrot stops working. Incidentally, as I recall, such 'protectionist' means have already been written into things _LIKE_ NAFTA, and the WTO agreements.

But yeah, those of calling Trump "President Snowflake" (aka members of the "need a clue-by-4" club) won't get it at all. They'll believe the stuff they hear on late night "comedy news", and on Face-blank or Tw[a,i]tter rants, instead.

It's official: Ejit – sorry – Ajit Pai is new FCC boss (he's the one who hates network neutrality)

bombastic bob Silver badge
WTF?

from article: "President Snowflake"?

"President Snowflake"? I think not.

file THAT one under "you have been brainwashed by the lamestream media" and consider who the 'snowflakes' REALLY are...

http://www.foxnews.com/us/2016/11/14/university-michigan-cancels-plan-to-help-students-cope-with-trump-using-coloring-books-play-doh-and-bubbles.html

And the screaming, and the whining, and the tantrums, oh my!

(yeah you'll just say Trump does those things, I know, and I see NO evidence of Trump behaving like the 'snowflakes' so devastated by him being in the White House - nothing like a big fat lie to distract, typical lefty trick, and re-enforcing the lie by repeating it over, and over, and over, and over, and over, and over and I'm sure you'll say "Trump does that too" which of course is NOT the case, but those who WANT to believe it will say it and quote one another so they can FEEL better, yeah - so WHO is the snowflake then?)

Looking forward to a more REASONABLE FCC that doesn't try to REGULATE CONTENT.

Microsoft fixes remote desktop app Mac hole

bombastic bob Silver badge
Facepalm

*facepalm*

"Microsoft Remote Desktop Client for Mac OS X allows a malicious terminal server to read and write any file in the home directory of the connecting user,"

by crafting a special 'rdp' URL and directing the user to click it.

*FACEPALM*

Windows 10 networking bug derails Microsoft's own IPv6 rollout

bombastic bob Silver badge
Devil

Re: A short and inaccurate history of NAT routers in the home

"Anybody that can send packets to your router with a dest IP set to 192.168.1.x can connect to your LAN machines regardless of any NAT going on on the router."

On an IMPROPERLY CONFIGURED router, yes. It's not that hard to create rules to block all incoming AND outgoing connections to/from RFC1918 addresses. I would assume that router makers would be smart enough to do this. If not, I'd like a list of FAIL, please...

Or the other choice: use 'bridge mode' on whatever 'thing' plugs into the intarweb, and firewall it with your OWN 'dual home' box, running Linux or FreeBSD. You could even set it up as an IPv6 gateway, via a free IPv4/IPv6 tunnel. Yeah. I do that.

bombastic bob Silver badge
Thumb Up

"So ipv6 isn't a mess, has been ready for prime time for a very long time, but Microsoft products and enterprise it are messes?"

good summary!

bombastic bob Silver badge
Unhappy

Re: Sigh

"Plus, even if not blocking everything, the standard Windows ports have been blocked in network borders for ages now."

except that it's a moving target. Windows Vista, 7, "Ape", and now Win-10-nic each seem to add NEW ports to be concerned about. And the Windows built-in firewall is pretty much a JOKE, in my opinion. It's still "Windows" between ethernet and the listening applications, after all...

bombastic bob Silver badge
Linux

Re: It is not the backward, it is the forward bit which is the issue

"What Microsoft is doing is the right thing (for once) - trying to manage it correctly via DHCP."

I'm already doing that. I have the routing advertisements going around, AND isc-dhcp running for both IPv4 _AND_ IPv6. When I ran Windows 10 on it [back in the 'insider' days, as a sanity test] it _seemed_ to work, but I didn't test it very long. Windows 7 seems to work ok, and I had IPv6 working on an XP box, even. [I needed to know what ports it listens on so I could firewall them with the FreeBSD gateway/router].

So I think I'm qualified to criticize Micro-shaft when they're trying to do exactly what _I_ did a few years ago. And it's _NOT_ "rocket surgery".

(actually the info over on he.net was helpful, as well as other documentation available online)

So,when I fire up the installer for a debian Linux box, the installer correctly discovers the IPv6 routing information and starts downloading packages via IPv6. When I connect a 'droid device to my network, it routes properly via IPv6. And of course everything else that's configured.

As for Active Directory - that's a Micro-shaft problem, not mine. If it's not inherently broken, it should work just fine as well. Maybe they should try using a Samba server running on Linux or FreeBSD ???

bombastic bob Silver badge
Devil

Re: "but Android doesn't support that"

"Linux probably already supports the protocols"

as a matter of fact, it does.

https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems

(some of the info appears to be out of date, however)

For FreeBSD, I added isc-dhcp from the ports collection, and configured 2 instances, one for IPv4, the other for IPv6. it works pretty well. (I did this several years ago, working well since)

bombastic bob Silver badge
Devil

Re: Sigh

I blame windows for slowing down the implementation of IPv6.

Mostly, it would be due to ISPs not wanting to deal with the fact that there will be NO NAT DEVICE between the windows computer and the intarwebs.

This means that the plethora of well-known listening ports will be EXPOSED TO THE INTARWEBS again. Just like a dialup connection USED to be (and in some cases, probably still is).

So guess who gets to deal with the tech support issues caused by viruses, zero-day exploits, and so forth? That's right the ISP!

As a result, they don't want to deal with it. having to set up a tunnel through a free service (like he.net) is like an "intelligence test" of sorts. For average 'plug it in and it works' users, it's a security disaster waiting to happen.

And I blame WINDOWS for that. Their machines should NEVER expose ports like that. They should listen on localhost, NOT the entire address space! And MIcro-shaft's firewall is a *JOKE* at best. In any case, with the latest SMB exploit waiting to happen, I'm sure that Micro-shaft will have PLENTY of headaches and patches when they FINALLY get around to making IPv6 support good enough for ISPs to support it, too.

bombastic bob Silver badge
Devil

Re: Not that awful

"BTW, who likes NAT? I can only think of one real advantage it has."

let me guess - the automatic firewalling of "all of those open ports" on the typical windows machine?

that's the only REAL advantage that I can think of. That and sharing the same connection with a single 'connected' device, but that part was a given...

bombastic bob Silver badge
Devil

"you have a big tech company like Microsoft and they cannot get IPv6 implemented without endless problems"

THEIR problem is the tenacity of a "it must be WINDOWS" solution. that, and general incompetence.

It's not "rocket surgery". heh.

bombastic bob Silver badge
Devil

Re: It is not the backward, it is the forward bit which is the issue

er, trying to digest what you're saying here.

strangely, IPv6 works pretty well on my LAN and via a tunnel through he.net [it's one of the free IPv6 tunnel services, yeah]. I've got DNS returning AAAA records and everything. the only trouble I've had is with an old wifi router that seems to want to be the IPv6 gateway for the LAN, even though there's already a gateway for IPv6 [so I plugged the WAN port into the LAN, assigned it to a different IPv4 and IPv6 address, problem 'solved'].

So aside from the ancient wifi router not being set up properly for what _I_ happen to do with it, everything ELSE works quite well, including Windows 7. 10 seemed to work last time I tried it. But seriously, I'm just using off-the-shelf open source things, FreeBSD, Linux, isc-dhcp, and a tunnel via he.net .

This isn't "rocket surgery" (as Ladonna Harvey, a local radio personality, puts it - heh).

Of course, I've got my FreeBSD firewall blocking anything incoming to ports that are "open" because the windows firewall can't be trusted...

SO, Micro-shaft: What's SO HARD???

Trump's 'cyber tsar' Giuliani among creds leaked in mass hacks

bombastic bob Silver badge
Devil

"For balance how many of Hillary's team or Obama's had passwords in these hacks?"

Better still (and I _AM_ pro-Trump) do like OBAKA did, and JUST! BLAME! THE! PREDECESSOR!!

He's only been in office for 2 days, after all.

Looks to ME like Giuliani needs to GET HOT and start shoring up his 'firewall defenses'...

General Electric plays down industrial control plant vulnerabilities

bombastic bob Silver badge
Devil

Re: Hmm

"saying it cannot be exploited assumes that the machine running it is sufficiently airgapped (or otherwise protected)."

I did a little (indirect) work for GE a while back, on their SCADA system in fact [adding a feature that used the analysis software from the company I was doing work for at the time], and their SCADA system ran on Windows. WINDOWS. Yeah, THERE's your security problem!

Other than that it seemed to be to be a pretty good SCADA system, so just have them tighten it up a bit more and we should be ok, right? THAT and port it to *LINUX* or *BSD*.

Welcome to the Wipe House: President Trump shreds climate change, privacy, LGBT policies on WhiteHouse.gov

bombastic bob Silver badge
Happy

Re: Narcissistic Personality Disorder at work

"so long as he receives populist applause at every event."

You forgot that the _REAL_ 'Narcisist in Chief' was OBAKA! Wait until his "legacy" gets BLOWED UP and POPPED like a cheap balloon over the coming few weeks...

I'm looking FORWARD to it! [starting with that ECONOMY KILLER, 'OBAKACARE']

bombastic bob Silver badge
Devil

Re: @dalethorn

"The ability to make racist, misogynistic, homophobic, religiophobic, hateful slurs at anybody we please at the top of our lungs? To bully without regret? To engage in delicate foreign policy in 140-character soundbites? To lie whenever it feeds our all-to-sensitive egos? (Isn't that the definition of 'snowflake'?) To return women to second-class citizenship?"

That sounds all-too-much like the leftist TWADDLE cooked up by Mrs. Clinton and George Soros. Yes, it's a complete _LIE_.

In other words, if you're willing to believe THAT, I have some swampland in Arkansas that I want to sell... wait, the Clintons beat me to it! ['Whitewater' anyone?]

bombastic bob Silver badge
Devil

Re: Likely

follow, unfollow, who cares. I won't bother with tw[a,i]tter and will read about whatever trump says in El Reg instead.

Or watch him on Fox News.

I suspect more, WAY more, HOWLER MONKEYS on tw[a,i]tter anyway. Just a handful, drawing attention to themselves, trying to appear larger than they are. As usual. And paid by George Soros.

bombastic bob Silver badge
Pirate

Re: whois obamawhitehouse.org

Dumping all of Obaka's "legacy" off of the white house web pages ON THE NEXT DAY is an obvious message: We're gonna UNdo that "legacy" ASAP. Starting with the executive orders, then Obaka-care, then the failed policies of basically ALLOWING illegal immigration, and so on - say buh-bye!

And don't forget those RIDICULOUS policies regarding "climate change" (not MAN made at ALL), and all of that FAVORITISM towards "protected classes" of people - you know, anyone who's NOT a straight white male. (just like Demo-rats to divide everyone up into manipulatable groups and pander to them, anyway). I have a thought: just treat LBGT{whatever} people as PEOPLE. Why does any one group need "special resources" on the whitehouse.gov site ANYWAY?

But if you want to see all of that again, you don't need to worry. Obaka will get his archive (we need it 'out there' as an example of what FAIL is, after all). Didn't the article say it would temporarily be on obamawhitehouse.archive.gov until the new domain is registered, etc. ??

bombastic bob Silver badge
Devil

"when in fact they're mostly paid trolls"

George Soros, the alleged payer of a LOT of those trolls, lost A BILLION DOLLARS after Trump was elected, by "getting it wrong" in his hedge fund (just having Trump ELECTED caused a bump up in the stock market, and Soros bet DOWN, and LOST).

Schadenfreude indeed! To those who DESERVE it, anyway.

bombastic bob Silver badge
FAIL

Re: I'd offer the world an apology for the garbage that is "American First"

"I'm making lots of money, so my world doesn't change with the changing of who runs the country."

lucky you. step aside and let everyone ELSE prosper for once! elitist...

NO need to apologize for Trump. Apologize for OBAKA and what HE did to America, and the world...

bombastic bob Silver badge
Devil

Re: I'd offer the world an apology for the garbage that is "American First"

"That inauguration speech in full:"

nice parody. it would play well on South Park

Chrome dev explains how modern browsers make secure UI just about impossible

bombastic bob Silver badge
Joke

Re: "picture-in-picture attacks"

"But now you've got the whole terminal browser that can be duplicated."

how about a fake 2D FLATSO FLUGLY interface that looks like it' running Edge, with a fake dialog box saying "Welcome to Windows 10!". It would be a way of trolling people into throwing their computers out of a window or something...

bombastic bob Silver badge
Meh

Re: HTML5 can do WHAT?!

"Seems you don't like full-screen ANYTHING"

I know that _I_ do *NOT* like 'full screen'. Except for movies. And I normally use an EXTERNAL player after downloading videos via "some plugin on Firefox" anyway, so I can download the HD version with my pathetic bandwidth and still view it without skipping.

bombastic bob Silver badge
Unhappy

Re: HTML5 can do WHAT?!

"TML5 can force a browser into full-screen mode?"

sounds like a need for:

a) a plugin like 'noscript' to block all of that by default;

b) user-configurable settings for the same thing (i.e. "never full-screen the browser" just like "never open popup windows")

On last day as president, Obama's CIO shrouds future .gov websites in secret code

bombastic bob Silver badge
Happy

Re: Someone forgetting how https actually works?

"I hope browsers are going to start using a different public key for each website."

good idea! or for each DAY, for that matter. that would make a nice add-on for firefox, wouldn't it?

/me ponders...

Facebook bans Russia's RT ahead of Trump's Inauguration Day (then changes its mind)

bombastic bob Silver badge
Holmes

let's just stop using facebook

what it says in the title.

Microsoft posts death notices for Windows 7 sysadmin certifications

bombastic bob Silver badge
Devil

Re: Perspective.

"The guys with certs, I'm usually incredibly disappointed with"

ACK. Certs, like degrees, are proof of POTENTIAL. Demonstrable _EXPERIENCE_ is proof of CAPABILITY!

you'd be better off contributing to public projects (and getting credit for it) than getting "certs" from Micro-shaft.

Trump inauguration DDoS protest is 'illegal', warn securobods

bombastic bob Silver badge

Re: A sad day :(

"I don't think that they'll be seeing a pension."

Meh. Pensions are overrated, ESPECIALLY publically-funded ones. Just work until you die, or set up your OWN fund. Nobody owes anyone else a pension. Pay people NOT to work, and you get what you pay for.

It's a better world when everyone carries his own weight. It's not the job of a gummint (funded by the people) to bail out those who make bad decisions in life.

Where's _MY_ reward money for making GOOD decisions? *crickets*

I'll be looking forward to 4+ years of Trump at the helm. This should be a LOT better. Not ideal, just better.

bombastic bob Silver badge
Devil

Re: @ OliP

"You can't have been paying attention for the last eight years. How long did Trump himself rattle on about that birther nonsense?"

not long enough, apparently. Don't forget, it was Mrs. Clinton who first brought that issue up.

bombastic bob Silver badge
Pirate

"You get another chance to vote in four years time, until then suck it up and stop behaving like a spoilt child."

tell me about it. getting rid of OBAKA (and his RUINOUS policies) has been unnecessarily difficult. Just having an OPPOSING OPINION got you called a RACIST and a {insert plethora of terms}-phobe by a bunch of howler monkeys, online and offline.

And NOW we are HERE. (I'm looking forward to a LOT of "getting better all the time" over the next few years)

AI and robots? Will someone think of the jobs, says HPE CEO Whitman

bombastic bob Silver badge
Devil

Re: People don't need jobs...

"Given your usual tone"

WOW - I've got FANS!

bombastic bob Silver badge
Linux

Re: Meg in Davos - why?

" I'm subcontracting to part of the company that develops software."

foot in the door, eh? would it jeopardize your status to suggest to them that shipping new PCs with Win-10-nic on them isn't helping their bottom line? And they should ship LINUX machines instead? And that if THEY do it, others will too, and the software development will follow?

just a thought...

bombastic bob Silver badge
Trollface

Re: People don't need jobs...

"Your shtick has become tedious. Please stop."

you're welcome. *kiss*

Valley techies to protest outside Palantir – Trump adviser's creepy citizen database biz

bombastic bob Silver badge
Devil

Re: Me Too!

"Wow it's easy to make shit up isn't it."

And, JUST BECAUSE YOU SAY IT, *THAT* makes it *TRUE*!!!!!

like 'fake news'. and statistics. and lies. oh my!

bombastic bob Silver badge
Megaphone

Re: Next Week

"At least that's the meme we are supposed to swallow, according this Kieren person."

and you got 9 downvotes already! it's a badge of honor, yeah.

howler monkeys, at it again. shout down the opposition until they get tired of being shouted at. call them racists and "everyone-phobes", make outrageous claims, phony 'fake news' statistics, and try to shock people [who can't be shocked any MORE, news flash] into an emotional reaction, blah blah boring boring boring.

I can HARDLY WAIT until Trump takes on the office of President of the United States on Friday.

And anyone who is here LEGALLY isn't getting deported. ONLY the ILLEGAL ones will be deported, starting with the criminals. And don't let the door hit you in the arse on the way back to wherever you CAME FROM!

(that's my story, and I'm "schticking" with it, heh)

Kill it with fire: US-CERT urges admins to firewall off Windows SMB

bombastic bob Silver badge
Devil

Samba can disable SMB1 as well

Apparently you can block SMB1 with Samba by adding an entry similar to the following in the '[global]' section:

min protocol = SMB2

- or -

server min protocol = SMB2

- and -

client min protocol = SMB2

source

https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

Apparently, this also prevents any XP, 2k, or Win '9x machines from using your Samba server.

NOW: in all snarkiness, does it _REALLY_ surprise anyone that the "fix" for this is to (effectively) MAKE XP GO AWAY ??? Yeah, WHY am I *NOT* Surprised???

Search for MH370 called off after new theory about resting place is ruled out

bombastic bob Silver badge
Devil

I bet the U.S. Navy knows where it is

I'd bet the U.S. Navy knows where it is, but can't say because, classified. The location of submarines is at 'secret' level or higher, and (very likely) some of the sonar capabilities as well. Maybe they'll consider dropping more hints?

Chelsea Manning sentence slashed by Prez Obama: She'll be sprung in the spring

bombastic bob Silver badge
Unhappy

I'd rather be done with the drama surrounding Pvt Manning [who I understand got the sex change done AT THE TAXPAYER'S EXPENSE] anyway, but letting Manning out of prison early isn't necessarily the best way to be done with this...

it doesn't send a very good message. not at all.

Li-ion tamers: Boffins build battery with built-in fire extinguisher

bombastic bob Silver badge
Devil

Re: Cars

actually, the first thing _I_ thought of was LiPo batteries in aircraft [which a couple of years ago grounded 777's for a bit, as I recall] and electric cars would be the next in line. So yeah.

"what happens in a car crash" with electric batteries in every exposed area of a car? Hopefully NOT a class D fire, but that happened once already, and I remember reading an El Reg article about it...

Auto emissions 'cheatware' scandal sparks war of words between Italy, Germany

bombastic bob Silver badge
Devil

Re: But did they actually break any rules ?

"manufacturers are going to design the cars to pass those tests"

it's happened with computers regarding various performance evaluation tests. no surprises here.

[it also happens in college classes when you give the prof what he wants, to get the grade, regardless of whether or not you believe it - useful for surviving lefty-lib indoctrination without caving in - "for the test" then brain-dump]

bombastic bob Silver badge
Devil

"Oh look all the car manufacturers have been caught with their hands in the 'emissions' cookie jar, what a surprise."

When the U.S. EPA calls CO2 a "pollutant", it's hard to take them seriously...

Hopefully the Trump administration will "fix them" and we'll get proper standards, proper enforcement, and proper respect.

Smart guns are a neat idea on paper. They'll never survive reality

bombastic bob Silver badge
Megaphone

Re: The inherent failure...

"Where almost all of the population seem to own automatic weapons you mean? "

No, it's more like all of the CRIMINAL POPULATION seems to own automatic weapons.

If the HONEST CITIZENS had them too, they could at least PROTECT THEMSELVES. The only thing COPS can do is cower, and draw a chalk-line after the MURDER. At least a gun in the hand of an HONEST CITIZEN gives an advantage to self-defense. I know *I* would rather go down fighting than die as a coward in my own piss.

bombastic bob Silver badge
Megaphone

Re: 'Smart guns' - an inherent failure

smart GUN OWNERS are a better idea. well, if you purchase a gun for self-protection, that's pretty SMART!

And arming MORE 'smart gun owners' with concealed carry permits means that someone _BESIDES_ the criminal in the room is likely to be carrying...

THEN fix the laws so that FIRING! A! PISTOL! in the act of defense against a gun-totin' criminal is NOT punishable by ANYTHING, even if you KILL! THAT! PERP! to DEATH!!

All of the laws and loopholes used by the loopy-left to keep people from PROTECTING THEMSELVES leads to a fearful society of WIMPS that are AFRAID to STAND UP to CRIME!