* Posts by bombastic bob

10507 publicly visible posts • joined 1 May 2015

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

bombastic bob Silver badge
Devil

Re: Javascript

I normally just run 'noscript'

and if a web site is SO scripty that allowing its components would either screw up my personal "block JS mode" security model (i.e. allowing sites like CloudFlair or Google Analytics) or else (due to all of the 3rd party servers) requires SO many 'allow' clicks that it becomes IMPRACTICAL, then I do the simple thing:

a) use 'su' to switch to a totally unprivileged dedicated user

b) use the 'export DISPLAY=localhost:0.0' method to run FF on the desktop already running

c) set up FF to allow script, but erase ALL history and cache when it closes [I like this feature]

d) don't open ANY tabs not related to THAT web site

then, any tracking they do will be on what I did on THEIR SITE ONLY, and it all gets erased when I'm done - cookies, 'crackers' (script that stays running when I close a page), history, web cache, yotta yotta. "Track That" - ha ha ha ha!

Now, if their VPN plugin involed the TOR network, I might be interested.

I also can't blame them for trying to monetize their (otherwise free) browser.

I've ALSO been wanting to fork their browser for a while, RESTORE the 3D skeuomorphic menu-based system with NO 'hamburger' icon, like what the legacy UI plugins let you do prior to 57... so maybe a fork like that would DEFAULT TO USING TOR ??? [oh wait, that's been done, hasn't it? 'Onion' browser]

Google ex-employees demand retribution for Thanksgiving massacre

bombastic bob Silver badge
Trollface

Live by 'the left', DIE by 'the left'

I can't help but think that Google is basically reaping what they've sown...

a) employees misuse company resources to spy on other people (in this case other employees)

b) they work for a company that SPIES ON PEOPLE

c) employees are (allegedly) ALSO labor union organizers

d) Google's politics are most definitely left of center, in line with things LIKE labor unions

etc.

bottom line, they FIRE these employees who are (allegedly) SPYING on other employees, the same *KINDS* of thing Google does to its "customers" (aka US), as well as (apparently) participating in "the CANCEL Culture", something that Google (apparently) REGULARLY does on places like Youtube [aka 'shadow banning' and outright cancellation of content and/or accounts], based on political reasons, etc..

and OH, they JUST happen to be 'union organizers' too! (or at least that's what they apparently claim)

Hypocrisy knows NO bounds, I guess... [where's the 'popcorn' icon?]

Europol wipes out 30,000+ piracy sites, three suspects cuffed to walk the legal plank

bombastic bob Silver badge
Happy

Re: That's all very well

getting rid of the retailers is good. getting rid of the SUPPLIERS would be better.

Did they happen to say where the fake-luxury items came from?

At one time, quite some time ago actually, an alleged group under the alleged name of 'Luxury Replicas' (an allegedly well-known dealer in fake Rolexes and handbags at that time) was [allegedly] spamming advertisements with my e-mail address in the 'From' line.

I had to quickly learn about spf1 records [that 'allegedly' made it stop].

And since they were [allegedly] NOW my "new special friends", I [allegedly] managed to get at least one of their [alleged] web servers shut down along the way... [it was allegedly in S. Korea if I remember correctly]. But I [allegedly] contacted an ISP in Switzerland as part of that process. THAT [allegedly] got some action!

However, seeing at least SOME of these [expletive deleted] fake replica dealers get arrested, brings a smile to my face! And the ones I had to [allegedly] deal with were IRRITATING SPAMMERS as well.

So I'd call this arrest "a good start"

I'll give you my Windows 7 installation when you pry it from my cold, dead hands (and other tales)

bombastic bob Silver badge
Meh

Re: Refined OS or chocolate teapot?

I would pay a reasonable amount of money for a REASONABLE service pack for Win 7 with any reasonable extension of support, but NOT "a subscription" nor if it contains GWX-like things, or spyware...

"up"grades are HIGHLY overrated. Win7 is 'fit for purpose' for anything _I_ need to do. It's a LOT more "fit" than Win-10-nic, THAT's for sure!

if I can't keep using 7, I'll get a MAC

After four years, Rust-based Redox OS is nearly self-hosting

bombastic bob Silver badge
Meh

Re: He's completely missed the point of everything being a file in unix

I have a program that uses a serial port for basic communications, designed for use with things lke Arduino. it runs on windows as well as POSIX systems. Serial I/O on windows is unnecessarily complicated and requires using threads to manage it. Serial I/O on POSIX systems is relatively consistent and does what you expect when you send something and wait for a reply, timeout if you don't get it. I've done a lot of OTHER things that are very similar. In windows, the "un-abstracted" way in which you perform IO is *PATHETIC*.

using a URL, and depending on the protocol, has the potential of requiring "different methods" downstream. This is where a model like this falls apart. You should not have to know about communication protocols to/from a device (example, is it USB or built-in hardware) for communicating to it, unless it being a USB device is particularly important (for example), and that's where /dev entries and ioctl operations come in in the POSIX world...

bombastic bob Silver badge
Meh

Re: He's completely missed the point of everything being a file in unix

"can you treat a window or an edit box like a file in Linux?"

a file would not be fit-for-purpose for a UI element, just like it's not fit-for-purpose for a single keystroke. however, the connection to the X server is DEFINITELY a file underneath the hood, either a pipe or a socket (really in the POSIX world it could be a serial port and the library would still work).

Yeah I've done low-level X coding. writing my own toolkit even. But my project doesn't "make ink" in El Reg I guess because it's not "sexy" enough, doesn't use "new language of the month", isn't controversial, etc.. [and I keep having to adapt to the moving targets caused by OTHER toolkit/WM makers, who can't just keep system settings as it was, for example, and must change and change again to adopt their OWN way of telling you what colors to use...]

window identifiers are like handles. that's just for events, though, to designate 'who gets it'. Processing events, drawing, etc. is up to your code to perform. And it's VERY low level.

bombastic bob Silver badge
Devil

Re: He's completely missed the point of everything being a file in unix

working on kernel code in multiple OSs can give you the same *kind* of insight as someone who wrote one from scratch. You get to see how different architectures work, how easy they are to maintain, etc..

I've done that, by the way. Already wrote what I think in another thread.

A quick summary: The "safety" aspect of Rust is essentially UN-DONE by using 'raw pointers' for things that MUST use 'raw pointers' for performance reasons. This ESPECIALLY includes the network stack and zero copy buffers... and when you use "raw" pointers, you essentially bypass the "safety" part. So there ya have it. No real advantage, plenty of DISadvantages, using Rust for a kernel.

bombastic bob Silver badge
Meh

'Rust Revolution'

"lest they get left behind in the Rust-revolution."

just like C and Java got left behind in the "C-pound" revolution, yeah. Heh. Last I looked, C++ was neck-neck with Python, both around twice the popularity of C-pound, "after all these years" and the ZILLIONS of dollars and developer time being thrown at it.

I've looked at rust a little bit. I don't see it as being all that "superior" to C language coding (and is probably NOT in my opinion). "Safer" might be from the view point in SOME cases, for poorly managed/written code, but i don't see it being 'fit for purpose' inside of a kernel.

Just reading about how its memory allocation works makes me think of the worst Java bloatware (say IntelliJ or the Android build process in general) that I've ever seen. ANY form of garbage collection does NOT belong in the internals of an OS's memory, and non-relocatable memory blocks don't, either. And 'smart pointers' could easily be implemented with C or C++ and reference counting, kinda like COM in Windows. Nothing special here. I've been doing things _like_ that for DECADES (like when COM aka OLE 2 was invented back in the 90's).

I can't imagine allocating buffers for the network stack using any method OTHER than what is done inside of Linux or FreeBSD's kernel [they are very similar]. Zero copy buffers also. So in short you'll need "raw pointers" for those which basically GOES AROUND the definition of "safety" for pointers...

And there goes your entire reason for using Rust in the fist place, other than "for the lulz".

Having done a lot inside of kernels (for Linux _and_ for FreeBSD, as well as some inside of Windows) I'd just like to say I prefer using a language that was originally designed for EXACTLY that purpose (note history of C language and UNIX), than trying to make a high level language (one NOT designed for kernel processing) do the same job, better.

Rust sounds like it might be a good choice for web services running in userland. I think it should stay there.

bombastic bob Silver badge
Devil

Re: I'm tempted...

" "Everything is a link" seems much more logical and consistent."

I agree 100% (and then some). Having coded for windows as well as for POSIX systems, I totally _LOVE_ the "everything is a file" principle.

But like so many "smarter than thou" (millennial) types, he has to go and CHANGE things (like making every UI into 2D FLATTY when 3D Skeuomorphic was PERFECT, 'nuff on that). What he forgot is that Microshaft (with windows) _ALREADY_ does this, which means that something using a serial port vs a socket vs a pipe vs a console must CODE EACH CODE PATH DIFFERENTLY in the winders world. In the POSIX world, it's generally the SAME CODE for all of them [with a few exceptions while setting it up, as needed].

I call the POSIX way "simpler" and MUCH easier to develop for. It's why (I believe) we're STILL using the UNIX model for so many "non windows" operating systems, for over 4 decades. It was SO well thought out.

bombastic bob Silver badge
Devil

Re: 3 seconds boot time?

obsession with boot times might cripple it entirely, leading to NOTHING REAL GETTING DONE.

FUNCTIONALITY FIRST - and THEN tweek it for performance!

bombastic bob Silver badge
Devil

Re: 3 seconds boot time?

NOT having SystemD would improve that. Devuan comes up really fast, booting into a GUI window manager (not gdm, I forget what it's called, it's lightweight). Evdn when I had it connecting wirelessly, it was still pretty fast. But ethernet is a bit faster I think. That box has an SSD on it.

Most of the boot time on my BSD boxen is due to all of the daemons I load. I never bother timing it and they all have spinny drives. I've never really minded, since they run for WEEKS (and months) without booting.

if BOOT TIME is all you're concerned about, a dedicated RTOS is probably going to be thee fastest. Whoopee.

Internet Society CEO: Most people don't care about the .org sell-off – and nothing short of a court order will stop it

bombastic bob Silver badge
Devil

I predict

that this is a big NOTHING BURGER

the '.org' registry will continue, and the for-profit company will simply register things as the non-profit did, maybe even better, maybe not paying unnecessarily high administrative costs, etc..

It might actually end up costing LESS to have a '.org'.

And that's how I see it, actually...

/me in wait and see mode

(there is NOTHING WRONG with PROFIT)

ESA toasts 10% budget boost by stretching ISS support out to 2030

bombastic bob Silver badge
Devil

is there a UK version of ESA or NASA ?

maybe it's time...

bombastic bob Silver badge
Thumb Down

Re: Doomed I tells yer

even _I_ gave that one a thumbs down

(unless it was supposed to be funny, but I wasn't really laughting)

bombastic bob Silver badge
Unhappy

Re: So jealous

sadly, gummint contract abuse IS part of "the swamp" and needs to be DRAINED...

bombastic bob Silver badge
Meh

Re: If billionaires paid an extra million in tax ...

after gummint gets ITS cut, and determines who the 'favored' are, you'd be lucky if 1 reached the poor. And they (the politicians) would scream for MORE MONEY because that's just what they always do...

bombastic bob Silver badge
Thumb Up

Re: So jealous

Cyberman. heh.

/me imagines a bunch of Cybermen marching in time with one another, thunka, thunka, thunka, thunka...

bombastic bob Silver badge
Devil

Re: So jealous

Spending money on rockets DOES help the poor... it helps get them JOBS

And you get something BACK for the spent money. And there are OTHER benefits, from technological advancement to the PRIDE of having done something COOL!

It's all good. Buy more rockets, ESA!

Here's a starter for 10 on smartphones: Who grew in Q3? A) Everyone. B) Asian vendors. C) Apple

bombastic bob Silver badge
Devil

MORE 3D Skeuomorphic, LESS 2D FLATTY

I bet THAT would help boost upgrading!

shadowing is a good start, but I bet people want MORE because all of the surveys _I_ have seen suggest that 3D Skeuomorphic is preferred 2:1 over a FLATTY appearance, and if the touch screens look MORE skeuomorphic out of the box, people will WANT them more!

Apple, Google: G'head g'head prove me wrong, by at LEAST making it an OPTION for interface appearance... and see how many people CHOOSE it over 2D FLAT!

(I'd suggest Microsoft, too, but they NEVER listen)

'Ethical' hackers say: It's just hacker. To be one is no longer a bad thing

bombastic bob Silver badge
Devil

Re: Grey hat hackers

I have a nice black western style hat, an Indiana Jones replica. but it does not affect my hacker style, which is white with a touch of grey.

Hats came back for a short time in the 80's, probably because of Michael Jackson. Also Adam Savage from Mythbusters always wore a western style hat.

A good example of 'grey hat' hacking: writing an anti-virus that propagates itself whenever an internet virus (think 'Code Red') tries to infect the machine that contains it, shutting down the virus on the 'attempting to infect you' infected machine, and THEN disinfecting the infected machine with your anti-virus, but without the machine owner's permission. Code Red actually made this possible, because it left a back door on a known port that could be exploited to shut down IIS, stopping future infections and the constant pounding on the rest of the internet.

bombastic bob Silver badge
Devil

Re: Hackers v Crackers?

"already had the term cracker for the bad 'uns and hackers were the good guys / gals"

This has been the case for 2 decades or more over on USENET. Also white-hat vs black-hat, etc..

Also a hacker does not necessarily have to be related to computers. From various resources, the term 'hacker' may have originated from the use of an axe to make furniture. In short, it's someone who typically uses unconventional methods to get results, often superior results.

Hackers find their way into engineering and "think on your feet" jobs. I expect there are hacker cops, hacker firemen, hacker soldiers and sailors, ALL the time!

But you'll probably find most of your computer-hacker types in engineering (electronics and computer, mostly), IT and security related, and so on.

There's also hardware hacking, popular among RPi and Arduino fans.

A 'good hack' might even be using spit and bailing wire to fix something... [this sort of repair goes WAAAaaay back, like a farmer that needed 'that' to work and only had some bailing wire and basic tools available to fix it]

Open-source Windows Terminal does the splits: There ain't no party like a multi-pane party

bombastic bob Silver badge
Linux

Re: In the meantime

I prefer Cygwin

bombastic bob Silver badge
Happy

Re: ...at the annual Techie Platform party...

"That's very Prince Andrewish, AC."

I was thinking Steve Ballmer, actually... in line with his usual antics.

(But yours is better)

bombastic bob Silver badge
Devil

"Nowadays? A DVD and hundreds of megabytes of memory..."

That's called "progress". </snark>

I blame '.Net', UWP, arrogant millenial developers and the older devs who ENABLE them, feature creep, javascript, "it has OBJECTS now" thinking, garbage collection vs malloc/free, and outright LAZY programming.

This new bunch of "programmers" needs to spend some time working on a minicomputer with 64kb of RAM [maximum], floppy drives, a card reader and line printer [no console coding], etc.. It builds character and the desire to get it right the FIRST time to avoid hours-long turnarounds between job submission and the box of paper you accidentally generated (and a bill for the paper if it's at a college).

bombastic bob Silver badge
Devil

Re: Hello Microsoft!

"Not to worry, you'll soon catch up and begin to provide basic features like clipboard history, sensible mouse focus, properly implemented virtual workspaces and so on."

which is a lot like what Linux and FreeBSD had around 15 years ago. Heh.

bombastic bob Silver badge
Devil

alt+space and then 'copy' after highlighting the text in the regular windows console. I hope they don't make it harder in any way. NOT having hot keys would be irritating.

But with Cygwin terminal you need to use ctrl-insert to copy, shift-insert to paste [I think that's right]. I remember it's different, and somewhat necessarily so, because of the Linux-like use of keystrokes in Cygwin.

What would be REALLY nice is if the console allowed ctrl+insert and shift+insert as well, similar to what you get in Cygwin's console. But I think that only people who LIVE IN THE COMMAND SHELL would even consider such things...

Googlers fired after tracking colleagues working on US border cop projects. Now, if they had monetized that stalking...

bombastic bob Silver badge
Facepalm

"unwoke" ?

/me searches for the 'vomit' icon, settles for this one

bombastic bob Silver badge
Trollface

Re: Perhaps more to the story...

people who publicly shout with megaphones pointed at their former employer's office building (In My Bombastic Opinion) only want THE NEWS MEDIA to hear them

bombastic bob Silver badge
Unhappy

Re: Hoist on own petard

a qualified disagreement with the 'any law that uses subjective feelings', as much as I *HATE* the 'F' word "FEEL"... and here's why: If you "feel threatened", or are intimidated, or are constantly "creeped out" by someone's behavior, it can be considered a form of 'assault' [i.e. threats of harm and/or harassment].

The intent of such a law is to create a non-threatening society. And of course the details of whether any claims are valid belong to the jury and lawyers and judges involved in the cases, appellate courts, and so on. And IANAL.

So yeah I'm generally apalled by "FEELY" things, but in this case, there may be no other way to describe it as the legal statute. NOT having such a statute is probably WORSE.

(sad icon because it's a sick sad world sometimes)

bombastic bob Silver badge
Devil

Re: Hoist on own petard

I don't know why anybody would give you a thumbs down... because pretty much everything you say is correct. I guess 2 people didn't like truth or something.

I think of it this way: if employees at my workplace were in ANY way using company time and/or company resources to TRACK ME, even if it's public info, for WHATEVER motivation they have, it's not only CREEPY it's unnerving. it sounds like an opportunity to invite said stalkers to the local boxing gym, for a 1 on 1 "sparring match" with no timekeeper nor referee... [and watch their bravery leak out onto the floor in a large yellow puddle]

bombastic bob Silver badge
Devil

Re: I can only assume that the stalkage etc moved into legal/crime territory

"This might not be a popular view"

I hope you're WRONG about it NOT being a popular view... because it SHOULD be the *ONLY* view, that is, to NOT be a "feely ideological activist" at work, and abuse data from the workplace against other employees, especially when their implied intent was "CANCEL CULTURE" kinds of stuff.

Oh, and ALSO a big thumbs up for the entire post.

bombastic bob Silver badge
Devil

Re: I can only assume that the stalkage etc moved into legal/crime territory

it does sound like a reason to stalk the stalkers, which may be how they found out about their excuse for legitimately firing them.

Actually, depending on how the union works, it may be *beneficial*. The stereotype union wants too much money for too little work, is thuggish, goes on strike at the slightest provocation, yotta yotta. A good union acts like a human resources department combined with a labor force that produces quality work at a reasonable cost to the management company.

However I think any kind of white collar union is a bad idea. It's the wrong kind of thinking pattern for GOOD engineers. The best engineers are creative types who think non-linearly, often 'out of the box'. A unionized labor force, however, tends to behave 'collectively', not something that induces creativity nor 'out of the box' thinking. The two are mutually exclusive (in my view).

bombastic bob Silver badge
Meh

Re: Hoist on own petard

"internal culture of self-righteous virtue-display totalitarianism"

So *MANY* levels of "wrong" involved, I don't know where to begin [snarking].

I'm not surprised to see Google fire these people for doing what Google does to EVERYONE. Why? because "Google reserves the right" and its an EXCLUSIVE right, in their eyes, to spy on EVERYONE.

But employees need to keep in mind, the job is an exchange of money for valuable work. It's not a crusade, a mission, political activism, one feudal land warring against another, yotta yotta.

Still, the fact that they were UNION ORGANIZERS does give me some pause for thought...

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE

bombastic bob Silver badge
Devil

Re: Nope, never saw this coming

was thinking later.. I suppose if IPv6 blocks were /96 instead of /64 then you'd be mapping a /96 but whatever. So many IPv6's are already being generated from the subnet using MAC addresses, in addition to any others you might get automatically assigned [my windows box typically gets 4 of them, 2 private, 1 'temporary', and one actually issued by dhcpv6] that exist within a /64 subnet. Anyway, same basic idea...

I suppose issuing /96 should be the norm? That gives you 32 bits (4 bytes of the MAC) instead of 48, Or you could issue /80 to get 48 bits for the MAC. I think there's already a mechanism in place for automatic addressing to use the lower 32-bits of the MAC on a /96 (or a subnet even smaller than that).

bombastic bob Silver badge
Devil

Re: Nope, never saw this coming

not DIRECTLY compatible you mean.

that's sort of inherent in a system where you somehow map a /64 into a /32 without some kind of "reverse NAT" in there.

And don't forget the IPv6 to IPv4 compatibility addresses... 64:ff9b::/96

https://tools.ietf.org/html/rfc6052

bombastic bob Silver badge
Devil

Re: The internet will be privatised

those net blocks aren't issued by ISPs? Who issued them?

A while back this one ISP was issuing /28's for a DSL service [that I was testing at the time], instead of using PPPoE or some other means of "just having one IP address", esentially using one as a gateway, one as the actual IP address, a third for broadcast, and a fourth that was basically 'wasted'. It was an ineffective use of 4 assigned IP addresses in my opinion, but unfortunately necessary in THAT configuration.

Perhaps one of the simpler solutions here is to re-do the IP address assignments to eliminate the need for these kinds of /28 netblocks, and INSTEAD assign the addresses directly and use a different protocol to communicate the data. customer still has his fixed address(es), but fewer are actually being used, and become available for others.

(earlier comment about IPv6:IPv4 gateway probably applies)

bombastic bob Silver badge
Devil

Re: The internet will be privatised

agreed. there is actually an IPv6/IPv4 gateway block that can be used to cover ALL IPv4 addresses with equivalent IPv6 ones. Why isn't THIS being used???

Sure, an IPv4-only system might have trouble routing back. For this you'd need a 'somewhat careful' NATing method, in effect the opposite of what IPv4 NAT already does, at whatever router is translating the IPv6 address space into an IPv4 one. It generally means "established connection" translations, to/from the IPv4 space, and it would really only work properly for services that aren't trying to connect out (but you would be able to connect TO them, and get responses back).

I expect this last part is the only real reason IPv4 needs to exist. but how ELSE could you map a bozillian possible IPv6 addresses down to a /32 address space?

So yeah, "said router" above would listen on the IPv6-mapped-to-IPv4 address. It would translate that incoming IPv6 packet into an IPv4 (assigning a private IPv4 to it) for the private network. The server on the private network would send traffic back, and the NAT on "said router" woudl translate it back to a public IPv6 to be transmitted the normal way. basically, "reverse NAT". And DNS for IPv6 could (in theory) be done the same way (as seen by the IPv4 side) for outbound connections, but you'd have to limit your "resolved" address space to 10/8 and 192.168/16 and so on, and expire the DNS records in a short enough time, and recycle the addresses 'as needed' to manage it.

[should be possible to "can" a solution to this with Linux or one of the BSDs, if it has not already been done]

bombastic bob Silver badge
Devil

did you test it with 'ping6' ?

bombastic bob Silver badge
Devil

IPv6 not that hard... seriously

most web browsers that I am aware of have some means of resolving IPv6 before IPv4, and you can generally tell them which one to use first. I actually ran into some problems with CLOUDFLARE because they weren't handling IPv6 properly, and not that long ago. It was affecting my ability to read El Reg articles.

Aside from that, IPv6 is generally NOT hard to use on the client end. However, the one thing people aren't fully aware of (apparently) is that every IPv6 address that can be used to access 'teh intarwebs' is public. So that means windows machines MUST be properly firewalled, and I'm not talking about the "Windows Firewall" when I say that [laughing about pathetic Windows Firewall being stifled while I write this].

Seriously, though, IPv6 not that hard to set up for routers, either, assuming you're running FreeBSD or Linux. I suppose a Windows server might have problems... (but WHY would you be exposing a Windows Server directly to 'teh intarwebs' anyway? And THEN, using it as a ROUTER?)

/me uses FreeBSD as a network gateway and router, firewall, 'server in general'

Beware the trainee with time on his hands and an Acorn manual on his desk

bombastic bob Silver badge
Devil

Re: Our university lab had somehow enabled xhost+ or the equivalent

there use to be 'flash bombs' like that - self-spawning copies all screaming "HEY - THIS GUY IS LOOKING AT GAY PORN!" or something equally embarrassing. Funny when you see it on your home machine. VERY embarrassing when it happens at work or in a school's computer lab...

bombastic bob Silver badge
Devil

Re: XWindows

I still use that feature of X Windows, probably its BEST feature, to run X11 programs on headless (and even the SAME) computers.

If you do export DISPLAY=localhost:0.0 and enable TCP and 'xhost +localhost', you can THEN su to whatever user you want, and run X11 applications under a different user context.

SO I can be logged in as 2 or 3 or more users on the same X11 desktop, much more easily than "run as": under windows.

And then there's development on an something like an RPi. Use 'pluma' to edit your code directly on the RPi, and *NOT* have to struggle with a tiny touch screen or separate HDMI-capable display? I do that a LOT, especially with 'headless' RPis.

But I think that this is most useful for web browsers. If you configure Firefox (for a particular user) to automatically purge ALL history, cookies, data, etc. every time you close it, you NOW have a stealthy browser that has NO history that could even POSSIBLY be abused by ANYONE.

And you can run that browser in the security context of a user that doesn't matter. "Oh, that downloaded thingy just wiped out my home directory. Oh, well, so what. *yawn* [rebuild] no problem now"

So yeah, the SINGLE BEST FEATURE of X11 is its inherent remote client/server configuration.

(and Wayland cannot do that, nya nya-nya nya-nyaaaa nyaaaaa)

heh

20 years ago i was doing stuff with windows boxen. 15 years ago I decided that it was DEFINITELY worth doing a lateral to POSIX systems like FreeBSD and Linux, as it appeared that Windows was just simply going the WRONG direction in 2003 (and I know I was right).

Guess what I stuck with? yep!

30 years ago I was doing stuff with PCs, combining a process involving Lotus 123, Harvard graphics, Word Perfect, and a bunch of '.bat' files, minicomputer report scripts, downloading, and overall "process automation" to generate a multi-page weekly report on Monday AM that reflected the most up to date data and presented it in a manager friendly way. TOok about 2-3 hours to print so I started it at 6AM, showed up around 8 AM, made sure the paper didn't jam [or Id hav to re-run it], got it all copied and stapled by 9 AM, had it all delivered by 10 AM, and then said "Wow, my week is done. Now what do I do? I think I'll work on THIS today..." [and they let me - that report took a week to generate before I started, had less stuff in it, didn't look as nice, and was 4 days old data-wise when it was finally completed]

NOTE: because I don't like doing data entry or futzing around with presentation on paper, I came up with a way for the computer to DO ALL THAT WORK FOR ME because I'm LAZY and I _HATE_ _DRUDGERY_. Worked out pretty nicely for all parties involved.

bombastic bob Silver badge
Unhappy

Re: ITeC

turbo buttons and frequency output [hard coded] on an LED display. yeah, kinda pointless.

Early on games were written using a clock timer, and NOT the CPU speed, so you didn't need to turn OFF the 'turbo' mode.

RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software

bombastic bob Silver badge
Thumb Up

the server keep locking within minutes because of so many accesses with the default password.

Yep, that's consistent with my observations as well, DECADES AGO even. FIREWALL NEEDED.

bombastic bob Silver badge
Devil

Re: My reason for RealVNC 5.x

TigerVNC: A Spinoff of TightVNC with TLS, actually looking good!

and generally, TigerVNC has better support for X11, such as GLX support, something that Mate (and apparently gtk3 in general) needs. It's why I switched to it a couple o' years ago, yeah.

I haven't tried the TLS though. And yeah self-signed certs with openssl are built-in except Windows, but I'd just use Cygwin or a Linux or BSD box to generate them for W, so there ya go.

But even with TLS I'd rather firewall it. Mentioned already, the daily poundings on VNC's listening port range by automated crack-bots makes it NOT worth having attached to teh intarwebs'. SSH login attempts are bad enough [but fail2ban helps with that, yeah]

bombastic bob Silver badge
Meh

Re: VNC isn't secure!

I'd still do the tunnel. It's been my experience that things _like_ VNC aren't trustworthy enough on their own, and it would just be simpler if you always use them via SSH and NEVER expose their ports to 'teh intarwebs'. It's kinda like "safe surfing". No amount of anti-virus or similar things will stop the daily pounding on the expose ports, nor prevent a 0-day exploit. Use SSH and firewall it.

bombastic bob Silver badge
Devil

Re: KVM

VNC into a KVM seems to work ok for me and I've used it a LOT actually... but usually by setting up an ssh tunnel so I'm listening on a specific IP address [usually localhost] on whatever machine I want to access it from. To make that work you can have a headless (Linux or BSD) VM that makes an ssh connection onto another machine (let's say a server) and directs incoming "server:xxxx" to "vm:22" for ssh. Then, just do something like "ssh server xxxx" to access it. That's how I've been doing it, anyway.

THEN, for VNC access, you use something _like_ TigerVNC server to actually run the desktop, and set up VNC tunneling via the ssh connection [same basic idea] and VOILA! you open VNC and you now have the full desktop. (you can also do this on an RPi that's headless to access its desktop via VNC).

This works exceptionally well when you want to have KDE on your Mate machine, or if you want to do X11 debugging from a GUI [so you run the debugged program in a VNC session, which is a different X server and isnt going to lock up on you if you break in the middle of certain libX11 calls...].

Anyway, ssh + sshd tunneling magic works fine. A bit tricky at first, but there are many examples in duck-duck-go-land

bombastic bob Silver badge
Meh

Re: TightVNC development is active AFAIK

So it looks like if you are using it on linux, you will have to change to something else

oh, so THAT is what happened! [I don't use Win-10-nic and haven't VNC'd with a windows box in FOREVER... so that is probably why I had to switch to Tiger VNC for BSD and Linux - lack of current X11 support etc.]

windows-only. THAT is @#$%^ *DISAPPOINTING*.

bombastic bob Silver badge
Linux

Re: TightVNC development is active AFAIK

I've been using Tiger Vnc which is a fork of TighVNC... because for quite a while it seemed out of date and wouldn't handle certain GLX things that Mate and other systems needed support for. So I switched.

from the article:

600,000 public-facing machines offer VNC access

These people exposing "known port" VNC connections MUST understand it's a security risk already... what, does VNC protocol's pathetic password protection actually HELP? do ya think? yeah, should be obvious, right? I wonder how many OTHER firewall logs have shown a zillion daily attempts at banging on ports 5900-5999 looking for VNC...

(they should be using a VPN and ONLY listen on private addresses at the very least and NOT exposing those ports to 'teh intarwebs')

But then again, WINDOWS machines are INFAMOUS for "listen on *.*.*.*" so there you have it. Unless you explicitly put a firewall between 'teh intarwebs' and your windows boxen, you're insecure (apparently) by DESIGN.

Sure, putting ANY windows on a public IP is just STUPID these days. So, at least firewall it with a LINUX box, at the VERY least! [you could even use an RPi to do it if you add a 2nd network adaptor or make it a WiFi access point]

And when you need VNC access from 'teh intarwebs' you should use a VPN or ssh anyway. It's just common sense.

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much

bombastic bob Silver badge
Devil

Re: An easier solution...

it's always going to be difficult to keep up with careful (read: tricky and malicious) use of DNS

A 301 "moved permanently" response could be cached. It could return a small graphic, like a logo, but re-direct to a unique URL that identifies you, like "http://tracker.example.com/" re-directing to "http://tracker.example.com/alphabet-soup-identifier". Making that URL consistent every time might simply involve your IP address, the web browser's cache, and a few other minor details. And if the DNS records for each of those web sites point to the SAME set of IP addresses, and the web server supports virtual hosting, there's now a way to have a "single point of tracking" for a LOT of web sites... and nothing can really stop that UNLESS you have a black list of tracker sites.

Legislation might help fix it, as long as PROSECUTIONS HAPPEN and they happen PROMINENTLY, with VERY STIFF FINES against the violators. And, it MUST be OPT-IN ONLY to be tracked.

Halfords invents radio signals that don't travel at the speed of light

bombastic bob Silver badge
Boffin

Re: Speed of light

yeah, and obviously a physics constant.

The quote in the article suggests that he should have said BANDWIDTH [for the modulation] and not "super-fast wavelength" implying "speed", but people who don't understand modulation won't get it, probably. [People in here probably WILL get it]

Whenever you modulate a carrier, you generate frequencies that are equal to the modulation frequency[ies] plus or minus the carrier frequency. In the case of FM, FSK, QAM, and other modulation methods, you have to include harmonics as well, and in theory, the harmonic output goes out to 'infinity' in both directions around the carrier frequency. [in practice it's limited by filters]..

16khz bandwidth (+/- 8khz) would be typical for an AM broadcast, up to ~8khz audio freq in the modulation. This gives you reasonable quality audio, good for voice [hence news/talk formats typical on AM].

+/- 75Khz bandwidth is typical for a wide-band FM broadcast. A total bandwidth of 75khz would have too much harmonic distortion (think 'missing information'). In the USA, there is a 200khz 'in between' frequency range between stations to allow for sufficient bandwdth without side-channel interference.

for QAM and FSK and spread spectrum and other digital modulation methods, you have a much higher bandwidth requirement, and 'frequency hopping', and things like that. Wifi, cell phones, digital radio and TV signals, all use something _like_ this. And of course, their bandwidth is in Mhz and not Khz, and can take up a pretty big chunk of the available spectrum. Hence, it's transmitted in the Ghz range where this kind of thing makes more sense.

Anyway, what the quoted marketeer was apparently TRYING to say is that wider BANDWIDTH means you can transmit MORE DATA at a higher DATA RATE.

but yeah he got it wrong in the details, concepts, and presentation.