
Re: WTF
"Only root would be able to issue the write without the 6000 mode bits being reset."
assuming that a different exploit did not successfully write to this file and still keep the bits...
10515 publicly visible posts • joined 1 May 2015
systemd
v228
"And FreeBSD knows nothing of systemd."
A _DEFINITE_ plus!
Additionally, the rc system on FBSD is a bit easier to config than Debian's old sysv startup support, last I checked. though much of the 'hackery' required was simply re-naming, creating, or removing a few symlinks from one of the rc#.d directories
"As a server admin, SystemD has solved more problems than it has created."
I hear the same kind of logic applied to things like Virus Outbreak (aka MS Outlook), and the use of ".Not" in programming.
My guess is that the hackery is a better choice. Then post what you did in an appropriate place, so the rest of us can benefit from it too.
"You think we don't remember certain people blaming Obama for the state of the economy before inauguration day?"
Or former President Bush II, 8 years later...
I believe Trump has the correct strategy.
a) tax cuts [for *EVERYBODY*, particularly "the rich"]
b) de-regulation
c) significantly reduce the actual SIZE of gummint
d) put people in charge who were chosen for their ability to do their jobs, not race/sex/lifestyle/whatever [including political payoffs]
e) ENFORCE! THE! LAW! - consistently, I might add. no more 'pick and choose' like Obaka
it's a recipe for putting things back on the right track. It's the same one _I_ would use. It's been tried before (1980's) and it worked well, but of course doesn't happen instantaneously. We'll hear all kinds of grief from "the lamestream media" until reality becomes SO obvious, that people will embrace the reality instead of the doom/gloom LIES from those who want it to NOT be so [if it bleeds, it leads!].
I doubt VERY seriously that Trump is truly a "mercantilist".
His plans are simple: provide 'incentives' to keep what production is already inside the USA, as well as incentives to 'bring it back' (or expand within the U.S.).
Typically this will be in the form of
a) tax cuts
b) de-regulation
Although the threat of retaliatory import tariffs still exists, it is highly likely that this is the primary means by which Trump intends to 'make America great again'. However, it might be there as a 'stick' for when the carrot stops working. Incidentally, as I recall, such 'protectionist' means have already been written into things _LIKE_ NAFTA, and the WTO agreements.
But yeah, those of calling Trump "President Snowflake" (aka members of the "need a clue-by-4" club) won't get it at all. They'll believe the stuff they hear on late night "comedy news", and on Face-blank or Tw[a,i]tter rants, instead.
"President Snowflake"? I think not.
file THAT one under "you have been brainwashed by the lamestream media" and consider who the 'snowflakes' REALLY are...
http://www.foxnews.com/us/2016/11/14/university-michigan-cancels-plan-to-help-students-cope-with-trump-using-coloring-books-play-doh-and-bubbles.html
And the screaming, and the whining, and the tantrums, oh my!
(yeah you'll just say Trump does those things, I know, and I see NO evidence of Trump behaving like the 'snowflakes' so devastated by him being in the White House - nothing like a big fat lie to distract, typical lefty trick, and re-enforcing the lie by repeating it over, and over, and over, and over, and over, and over and I'm sure you'll say "Trump does that too" which of course is NOT the case, but those who WANT to believe it will say it and quote one another so they can FEEL better, yeah - so WHO is the snowflake then?)
Looking forward to a more REASONABLE FCC that doesn't try to REGULATE CONTENT.
"Anybody that can send packets to your router with a dest IP set to 192.168.1.x can connect to your LAN machines regardless of any NAT going on on the router."
On an IMPROPERLY CONFIGURED router, yes. It's not that hard to create rules to block all incoming AND outgoing connections to/from RFC1918 addresses. I would assume that router makers would be smart enough to do this. If not, I'd like a list of FAIL, please...
Or the other choice: use 'bridge mode' on whatever 'thing' plugs into the intarweb, and firewall it with your OWN 'dual home' box, running Linux or FreeBSD. You could even set it up as an IPv6 gateway, via a free IPv4/IPv6 tunnel. Yeah. I do that.
"Plus, even if not blocking everything, the standard Windows ports have been blocked in network borders for ages now."
except that it's a moving target. Windows Vista, 7, "Ape", and now Win-10-nic each seem to add NEW ports to be concerned about. And the Windows built-in firewall is pretty much a JOKE, in my opinion. It's still "Windows" between ethernet and the listening applications, after all...
"What Microsoft is doing is the right thing (for once) - trying to manage it correctly via DHCP."
I'm already doing that. I have the routing advertisements going around, AND isc-dhcp running for both IPv4 _AND_ IPv6. When I ran Windows 10 on it [back in the 'insider' days, as a sanity test] it _seemed_ to work, but I didn't test it very long. Windows 7 seems to work ok, and I had IPv6 working on an XP box, even. [I needed to know what ports it listens on so I could firewall them with the FreeBSD gateway/router].
So I think I'm qualified to criticize Micro-shaft when they're trying to do exactly what _I_ did a few years ago. And it's _NOT_ "rocket surgery".
(actually the info over on he.net was helpful, as well as other documentation available online)
So,when I fire up the installer for a debian Linux box, the installer correctly discovers the IPv6 routing information and starts downloading packages via IPv6. When I connect a 'droid device to my network, it routes properly via IPv6. And of course everything else that's configured.
As for Active Directory - that's a Micro-shaft problem, not mine. If it's not inherently broken, it should work just fine as well. Maybe they should try using a Samba server running on Linux or FreeBSD ???
"Linux probably already supports the protocols"
as a matter of fact, it does.
https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
(some of the info appears to be out of date, however)
For FreeBSD, I added isc-dhcp from the ports collection, and configured 2 instances, one for IPv4, the other for IPv6. it works pretty well. (I did this several years ago, working well since)
I blame windows for slowing down the implementation of IPv6.
Mostly, it would be due to ISPs not wanting to deal with the fact that there will be NO NAT DEVICE between the windows computer and the intarwebs.
This means that the plethora of well-known listening ports will be EXPOSED TO THE INTARWEBS again. Just like a dialup connection USED to be (and in some cases, probably still is).
So guess who gets to deal with the tech support issues caused by viruses, zero-day exploits, and so forth? That's right the ISP!
As a result, they don't want to deal with it. having to set up a tunnel through a free service (like he.net) is like an "intelligence test" of sorts. For average 'plug it in and it works' users, it's a security disaster waiting to happen.
And I blame WINDOWS for that. Their machines should NEVER expose ports like that. They should listen on localhost, NOT the entire address space! And MIcro-shaft's firewall is a *JOKE* at best. In any case, with the latest SMB exploit waiting to happen, I'm sure that Micro-shaft will have PLENTY of headaches and patches when they FINALLY get around to making IPv6 support good enough for ISPs to support it, too.
"BTW, who likes NAT? I can only think of one real advantage it has."
let me guess - the automatic firewalling of "all of those open ports" on the typical windows machine?
that's the only REAL advantage that I can think of. That and sharing the same connection with a single 'connected' device, but that part was a given...
er, trying to digest what you're saying here.
strangely, IPv6 works pretty well on my LAN and via a tunnel through he.net [it's one of the free IPv6 tunnel services, yeah]. I've got DNS returning AAAA records and everything. the only trouble I've had is with an old wifi router that seems to want to be the IPv6 gateway for the LAN, even though there's already a gateway for IPv6 [so I plugged the WAN port into the LAN, assigned it to a different IPv4 and IPv6 address, problem 'solved'].
So aside from the ancient wifi router not being set up properly for what _I_ happen to do with it, everything ELSE works quite well, including Windows 7. 10 seemed to work last time I tried it. But seriously, I'm just using off-the-shelf open source things, FreeBSD, Linux, isc-dhcp, and a tunnel via he.net .
This isn't "rocket surgery" (as Ladonna Harvey, a local radio personality, puts it - heh).
Of course, I've got my FreeBSD firewall blocking anything incoming to ports that are "open" because the windows firewall can't be trusted...
SO, Micro-shaft: What's SO HARD???
"For balance how many of Hillary's team or Obama's had passwords in these hacks?"
Better still (and I _AM_ pro-Trump) do like OBAKA did, and JUST! BLAME! THE! PREDECESSOR!!
He's only been in office for 2 days, after all.
Looks to ME like Giuliani needs to GET HOT and start shoring up his 'firewall defenses'...
"saying it cannot be exploited assumes that the machine running it is sufficiently airgapped (or otherwise protected)."
I did a little (indirect) work for GE a while back, on their SCADA system in fact [adding a feature that used the analysis software from the company I was doing work for at the time], and their SCADA system ran on Windows. WINDOWS. Yeah, THERE's your security problem!
Other than that it seemed to be to be a pretty good SCADA system, so just have them tighten it up a bit more and we should be ok, right? THAT and port it to *LINUX* or *BSD*.
"so long as he receives populist applause at every event."
You forgot that the _REAL_ 'Narcisist in Chief' was OBAKA! Wait until his "legacy" gets BLOWED UP and POPPED like a cheap balloon over the coming few weeks...
I'm looking FORWARD to it! [starting with that ECONOMY KILLER, 'OBAKACARE']
"The ability to make racist, misogynistic, homophobic, religiophobic, hateful slurs at anybody we please at the top of our lungs? To bully without regret? To engage in delicate foreign policy in 140-character soundbites? To lie whenever it feeds our all-to-sensitive egos? (Isn't that the definition of 'snowflake'?) To return women to second-class citizenship?"
That sounds all-too-much like the leftist TWADDLE cooked up by Mrs. Clinton and George Soros. Yes, it's a complete _LIE_.
In other words, if you're willing to believe THAT, I have some swampland in Arkansas that I want to sell... wait, the Clintons beat me to it! ['Whitewater' anyone?]
follow, unfollow, who cares. I won't bother with tw[a,i]tter and will read about whatever trump says in El Reg instead.
Or watch him on Fox News.
I suspect more, WAY more, HOWLER MONKEYS on tw[a,i]tter anyway. Just a handful, drawing attention to themselves, trying to appear larger than they are. As usual. And paid by George Soros.
Dumping all of Obaka's "legacy" off of the white house web pages ON THE NEXT DAY is an obvious message: We're gonna UNdo that "legacy" ASAP. Starting with the executive orders, then Obaka-care, then the failed policies of basically ALLOWING illegal immigration, and so on - say buh-bye!
And don't forget those RIDICULOUS policies regarding "climate change" (not MAN made at ALL), and all of that FAVORITISM towards "protected classes" of people - you know, anyone who's NOT a straight white male. (just like Demo-rats to divide everyone up into manipulatable groups and pander to them, anyway). I have a thought: just treat LBGT{whatever} people as PEOPLE. Why does any one group need "special resources" on the whitehouse.gov site ANYWAY?
But if you want to see all of that again, you don't need to worry. Obaka will get his archive (we need it 'out there' as an example of what FAIL is, after all). Didn't the article say it would temporarily be on obamawhitehouse.archive.gov until the new domain is registered, etc. ??
"when in fact they're mostly paid trolls"
George Soros, the alleged payer of a LOT of those trolls, lost A BILLION DOLLARS after Trump was elected, by "getting it wrong" in his hedge fund (just having Trump ELECTED caused a bump up in the stock market, and Soros bet DOWN, and LOST).
Schadenfreude indeed! To those who DESERVE it, anyway.
"I'm making lots of money, so my world doesn't change with the changing of who runs the country."
lucky you. step aside and let everyone ELSE prosper for once! elitist...
NO need to apologize for Trump. Apologize for OBAKA and what HE did to America, and the world...
"But now you've got the whole terminal browser that can be duplicated."
how about a fake 2D FLATSO FLUGLY interface that looks like it' running Edge, with a fake dialog box saying "Welcome to Windows 10!". It would be a way of trolling people into throwing their computers out of a window or something...
"Seems you don't like full-screen ANYTHING"
I know that _I_ do *NOT* like 'full screen'. Except for movies. And I normally use an EXTERNAL player after downloading videos via "some plugin on Firefox" anyway, so I can download the HD version with my pathetic bandwidth and still view it without skipping.
"The guys with certs, I'm usually incredibly disappointed with"
ACK. Certs, like degrees, are proof of POTENTIAL. Demonstrable _EXPERIENCE_ is proof of CAPABILITY!
you'd be better off contributing to public projects (and getting credit for it) than getting "certs" from Micro-shaft.
"I don't think that they'll be seeing a pension."
Meh. Pensions are overrated, ESPECIALLY publically-funded ones. Just work until you die, or set up your OWN fund. Nobody owes anyone else a pension. Pay people NOT to work, and you get what you pay for.
It's a better world when everyone carries his own weight. It's not the job of a gummint (funded by the people) to bail out those who make bad decisions in life.
Where's _MY_ reward money for making GOOD decisions? *crickets*
I'll be looking forward to 4+ years of Trump at the helm. This should be a LOT better. Not ideal, just better.
"You get another chance to vote in four years time, until then suck it up and stop behaving like a spoilt child."
tell me about it. getting rid of OBAKA (and his RUINOUS policies) has been unnecessarily difficult. Just having an OPPOSING OPINION got you called a RACIST and a {insert plethora of terms}-phobe by a bunch of howler monkeys, online and offline.
And NOW we are HERE. (I'm looking forward to a LOT of "getting better all the time" over the next few years)
" I'm subcontracting to part of the company that develops software."
foot in the door, eh? would it jeopardize your status to suggest to them that shipping new PCs with Win-10-nic on them isn't helping their bottom line? And they should ship LINUX machines instead? And that if THEY do it, others will too, and the software development will follow?
just a thought...
"At least that's the meme we are supposed to swallow, according this Kieren person."
and you got 9 downvotes already! it's a badge of honor, yeah.
howler monkeys, at it again. shout down the opposition until they get tired of being shouted at. call them racists and "everyone-phobes", make outrageous claims, phony 'fake news' statistics, and try to shock people [who can't be shocked any MORE, news flash] into an emotional reaction, blah blah boring boring boring.
I can HARDLY WAIT until Trump takes on the office of President of the United States on Friday.
And anyone who is here LEGALLY isn't getting deported. ONLY the ILLEGAL ones will be deported, starting with the criminals. And don't let the door hit you in the arse on the way back to wherever you CAME FROM!
(that's my story, and I'm "schticking" with it, heh)
Apparently you can block SMB1 with Samba by adding an entry similar to the following in the '[global]' section:
min protocol = SMB2
- or -
server min protocol = SMB2
- and -
client min protocol = SMB2
source
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Apparently, this also prevents any XP, 2k, or Win '9x machines from using your Samba server.
NOW: in all snarkiness, does it _REALLY_ surprise anyone that the "fix" for this is to (effectively) MAKE XP GO AWAY ??? Yeah, WHY am I *NOT* Surprised???
actually, the first thing _I_ thought of was LiPo batteries in aircraft [which a couple of years ago grounded 777's for a bit, as I recall] and electric cars would be the next in line. So yeah.
"what happens in a car crash" with electric batteries in every exposed area of a car? Hopefully NOT a class D fire, but that happened once already, and I remember reading an El Reg article about it...
"manufacturers are going to design the cars to pass those tests"
it's happened with computers regarding various performance evaluation tests. no surprises here.
[it also happens in college classes when you give the prof what he wants, to get the grade, regardless of whether or not you believe it - useful for surviving lefty-lib indoctrination without caving in - "for the test" then brain-dump]
"Oh look all the car manufacturers have been caught with their hands in the 'emissions' cookie jar, what a surprise."
When the U.S. EPA calls CO2 a "pollutant", it's hard to take them seriously...
Hopefully the Trump administration will "fix them" and we'll get proper standards, proper enforcement, and proper respect.
"Where almost all of the population seem to own automatic weapons you mean? "
No, it's more like all of the CRIMINAL POPULATION seems to own automatic weapons.
If the HONEST CITIZENS had them too, they could at least PROTECT THEMSELVES. The only thing COPS can do is cower, and draw a chalk-line after the MURDER. At least a gun in the hand of an HONEST CITIZEN gives an advantage to self-defense. I know *I* would rather go down fighting than die as a coward in my own piss.
smart GUN OWNERS are a better idea. well, if you purchase a gun for self-protection, that's pretty SMART!
And arming MORE 'smart gun owners' with concealed carry permits means that someone _BESIDES_ the criminal in the room is likely to be carrying...
THEN fix the laws so that FIRING! A! PISTOL! in the act of defense against a gun-totin' criminal is NOT punishable by ANYTHING, even if you KILL! THAT! PERP! to DEATH!!
All of the laws and loopholes used by the loopy-left to keep people from PROTECTING THEMSELVES leads to a fearful society of WIMPS that are AFRAID to STAND UP to CRIME!