* Posts by KSM-AZ

114 posts • joined 4 Dec 2017


Appeals court nixes online blueprint sharing ban on 3D-printed 'ghost guns'


A Right . .

In the US ownership of a gun IS a right. An explicitly enumerated right added by the founding fathers of this Nation. If you don't like it you don't have to live hear, or you can get enough like minded citizens and amend the constitution.

And for all the folks talking about how there are no gun deaths in countries with strict gun laws. I read a week or so ago about a shootout with the cartels in Mx south of here. In fact the police are generally afraid of the cartels, no wait I must be mistaken, guns are 100% illegal in Mx so it must have been a mis-print.

Japan, the country where the population blindly followed the edicts of it's rulers and jumped off cliffs rather than be captured by the Americans. Europe where students protest and make sure they stay off the grass.

Yea, your right culture has nothing to do with people dying.


Re: Why bother with 3D printing

You can get a decent small lathe for around $1000. Gunsmith lathe for a rifle barrel would be a quite a bit more. The problem is drilling a hole in something like stainless steel that is more than a few inches long *perfectly*. Then add the rifling. Pistol barrel is a little easier, I could do a 5 inch 1911 barrel and rifle it on a sub $1k lathe with patience and a gunsmiths drill. The rifling is the trickiest part. But why would I bother?

If your willing to spend $1000 on a 3d printer to print a crappy gun you are beyond stupid. You can get a High Point 9mm carbine all tricked out to look spiffy, why you might even call it an "Assault Rifle" for less than $500. It will reliably shoot 9mm cartridges, and comes with a lifetime guarantee.

vs $1000+ for something that may or may not fire even a .22LR round reliably. Uh-huh.

A decent .22 rifle can be had for under $300, I have a .22 long barrel revolver, its worth about $50. It will reliably shoot 6 rounds at a time without fear of exploding.

Feel good legislation.

Ex-Geeks staff lose legal bid to claw back withheld training costs from final paycheques


Re: What's the fuss?

You don't "buy" a job? Hmmm. Remind me to ask the university for the money back for my kid's engineering degree.

How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director

IT Angle

There is *NO* excuse for paying to get data back

Never pay ransom,

You should always have a backup. period. If you don't you should go out of business because you deserve to. If you pay the ransom to keep them from disseminating info they stole you are even dumber. For how long?

If you fail to protect your business, it's on you. Backups, Backups, Backups

IT Angle

Ban Microsoft?

Calls to ban Microsoft . . . Google Chrome is probably one of the currently weakest links, but I digress. Like the microsoft issues chrome allows a bit too much flexibility.

Training is really the best way to prevent problems. If someone emails a the payroll clerk asking for an emailed copy of the W-2 run from last year that appears to be from a legitimate person, the answer should ALWAYS be no. Such information should NEVER be handled thru email, if you are that is a procedural problem. I'm still trying to get this thru peoples thick skulls. Okay sent it on a USB via POST c/o General Delivery, Caymen Islands <sigh>.

IT Angle

Lots of opinions, Problem is ...

People need email to do business. They complain loudly when it starts 'costing them money' because you are being secure . Then even more loudly because you let something thru that created a ransomeware or someting.

It's not perfect by any means, but you really need to use Mimecast/Proofpoint/Barracuda/etc, and have them defang MIME attachments, and filter/rewrite links. Nothing prevents a zero day exploit, but with sufficient volume, the bigger players can detect, and block maybe three nines or more depending on scope. They detonate the link for you first, and try and dig down, or follow you in.

Spam is somewhat more difficult than the malicious to eradicate.

Finally EDUCATION is the hardest thing but nothing beats running one of the phish testers against your people, and 'having a prayer meeting' with the dumb-asses that follow the link and put in thieir creds...

So Jody! How long has your password been MyDogRover1989$ ?

UK's National Cyber Security Centre recommends password generation idea suggested by El Reg commenter


Weird Always Sucks

Adding a symbol or two outperforms weird every time. Password checks should be entropy checks. p455w0rd! is not better than 'Humbled By 1950 Jaded Pelicans' And frankly not easier to type. mis-spel the word for even more simple fun. 'Flexable Furnature 500 Dollers'.

NOBODY is breaking modest passwords with brute force unless it's a weak hash. It's phishing and repeated reuse across multiple sites, until you get bitten. Set up on kewlstuff.com use the same password as the bank their hashes are stolen, and were md5. "Let's try this one . . ." That is assuming you crack the actual password, and not just an alternate hash match.

Password cracking is not TV easy. But as Kevin Mitnick will attest, people are often even easier.


Re: Set up for dictionary based attacks?

Just READ the XKCD. It's about entropy. There are a LOT of words, proper names, foreign words . . . Many of which are not dictionary words. I use 3 words + a number so like '43 Walruses Vomit Chartruse' Spaces if they let me. Creates really nasty entropy.Or I let keepassXC generate 24 random chars and just paste. I never use special characters unless required. Invariably I'm stuck typing the crap in by hand in a pressure situation, . . was that a star or an at sign?


Kudos to KeepassXC as well, remind me to send them some money.


Re: Biometrics and FIDO U2F

I use U2F for everything that will accept it. All M"FA shoud need 2 of 3 items, prefierably allow multiple U2F devices and/or text and and/or TOTP taken with maybe a password. U2F is about as secure as it gets. You don't got my physical key your outta luck. TWO because I want one in an alternate location in cae something bad happens.

U2F is the heat. No way to break it easily, and the private key cannot be copied, and it lotsa bits!


Re: Strong like this?

Whatsup Buck?

Flagship Chinese chipmaker collapses before it makes a single chip or opens a factory


Wow, flame bait.

I'm struggling thinking real people would actually believe the CCP is amazing. These threads must be started by torolls. The US, Japan, Korea, are democracies, for a little bit longer hopefully anyway.

People always talk about how smart Chinese people are. Just look at the kids in the schools here in the US. That's because the smart ones finally got fed up and left.

When China was moving towards a more democratic society it was growing by leaps and bounds, and beginning to earn the respect of the west. Of late they are moving back to a more totalitarian regime, which will likely lead to a steep downturn. As Andy Rooney once noted. I'm glad I don't live in Hong Kong, and as he predicted, the CCP just screwed the pooch there.

I'm sure we can figure out a way to blame that on Trump (or the US). After all Trump is responsible for World Hunger, Covid, and the woes of everyone in the world. What a crock of sh*t.

And I might note , in the begiining Japanese cars (for example) were crap. But free markets and innovation...''' ie FREEDOM allowed the businesses to incrementally improve to the quality levels we see now. Same happened in S Korea. Freedom drives innovation, not government. As long as the government is driving the innovation, there won't be much.

Citibank accidentally wired $500m back to lenders in user-interface super-gaffe – and judge says it can't be undone


Re: I suppose the big thing about this one

"That sounds like a bit of a hand to mount situation if the company can only afford the payroll from that months income."

Depends on your business. If your business is running a coffee shop with 10 folks working there.. . OK. If your business is oh say a workforce provider, where you basically are skimming payroll money, the you basically would need to come up with your entire revenue stream for a month. If you churn out say $1m a month in payroll, you know a small provider, 1000 ish workers. . .

'Kinda like most people, I'm no different, we love to talk on things we don't know about' -- "Ten thousand words"

Synology to enforce use of validated disks in enterprise NAS boxes. And guess what? Only its own disks exceed 4TB

Thumb Up

Funny you mention software. . .

I've dabbled with XPenology. I own 4 RS and DS units personally/on the side. At work we use a couple of RS units for mass storage of non-critical data (Call logs, recordings, videos, marketing materials, deprecated machine snapshots, blah). We also use a (growing) number of the small 1U RS units for surveillance in our offices, very nice, join it to the domain, grant office access by group, etc. About the same money as the other BS, and you don't need a custom plugin for your browser to watch a video. Our phones are on our private network and MDM so DSCam works like a champ.

I also rolled my own, in fact I just put together a bad-ass 1U box for my 1/4 rack to replace a 2U unit. I want to play some hyper-converge games, maybe with gluster. Running a Ryzen 3600 on an ASRock Rack Mobo, I have 14 2.5 drive bays and 64GB of RAM. It's running Bullseye + MD/LVM. I slice the disk on all my homebrews into 1TB chunks (EFI parts) and array across chunks on different disks. This improves stability on rebuilds, then stack the md/pv's onto a big vg and slice it up into smaller LV's. Gives you lot's of flexibility.

But I'd love to build a bad-ass server for DS-Video & friends. DS1815+ is not that great at a couple of streams requanting, so I run Emby and Plex (Both lifetime paid) on a seperate server and use the 1815 as the backing store. The LV management could be better, but I broke it into music, tv-a-n, tv-o-z, movies and I have about 50TB of space. It also holds the DC backups on a seperate LV's. It'd be nice to have this on something with more guts using legit licensed software.

AS Rock Rack also makes a very slick c3758d4i-4l, atom board (w/cpu). It comes with 12 SATA ports and is suprisingly performant. I have it port-channeled 4x1g to a managed switch with the old rust from the syno, about 20T, and it will actually quant down a pair of video streams and not fall over. 8 actual core's will requant to 1080p @ 1G/hour at 1.2x. I think syno has a similar spec, might be the 3558, the extra cores matter if you want to serve video. Plan is to replace this with the new one, and play again at XPEnology.

The Syno software set is amazing, but they really lack the high-end "enterprise" tools. Our NetApp reported a disk failure on Sunday! An hour or so later it reported it finished rebuilding from the "hot spare". The replacement drive arrived Monday. We didn't have to do *anything* until now, but the system is currently back to 100%. My cohort will take the drive over to our DC tomorrow, there will be a blinking red light on the drive he will replace. It will take longer to walk to our cage, than to swap the drive. He will sign on the interface, answer the alert, and put the new drive in the hot spare pool for the aggregate. This thing can handle a THREE DRIVE failure.

Synology can't quite match that. When it can, I'll call it "enterprise". When my "enterprise" sh*t breaks the only reason I know is because we got an alert. Nobody on the other side of the hardware will ever see anything!

IT Angle

Branded Drives in a nas.

Umm . . .

"The thrust is that, according to storage world people we've spoken to, it is unusual for a NAS box vendor to insist on its own branded drives above a certain capacity even in an enterprise environment."

Specifically which "Enterprise" NAS vendors? EMC? NetApp? Nimble? IBM? (AIX is also different from iSeries && their storage systems) I was not aware I could throw an "off-the-shelf" drive in my FAS or grab some cheap MLC flash drives and stick them in my AFF?.

A whole bunch of people with opinions, gotta luv the web. The people that buy truly "enterprise" storage (like us) could give a crap about the brand of drive, but the system we bought better work as advertised, and we WILL have full maintenance on it for the entire time we own it. When we get rid of it, if it hits the aftermarket, that's on you if you buy it and can't get drives for it. I know the older IBM storage drives were formatted with additional ECC for starters.

We are expressing opinions on things that the people who would be buying this high-dollar stuff (like me) don't care about. I buy storage from the vendor a shelf or so at a time with maintenance. I'm looking for IOPS, and reliability, not saving a few bucks on a couple of WD's I found on sale at Newegg. This will not affect their small business and consumer boxes. It remains to be seen if they can get someone to replace an aging NetApp with a Synology... But I haven't seen 'snapmirror' for a Syno yet, nor have I seen a simple way to schedule snapshots and/or recover them. I'm spending $500K on all flash storage, I want whatever the vendor is willing to support in it, and I don't care who's sticker is on it as long as I can call if there is a problem and get it replaced/fixed.

So the real discussion is how can they compete in that space?


Fawlty Intel Kit

It's the ATOM clock fiasco. A specific generation of units DS-1815 among them, I happened to own two. Syno replaced free of charge with a rapid swap. I cannot complain.

Cisco on the other hand . . . it took us about a year to swap out 23 routers with the same "Clock" problem. YMMV

Must 'completely free' mean 'hard to install'? Newbie gripe sparks some soul-searching among Debian community


Systemd isn't it

sysvinit sucks. I have no viable alternatives. The sh-t I've been using doesn't scale anymore. Someone came up with something, but It sucks because it isn't the crap I'm already using that doesn't scale.

OK. There are plenty of sysvinit like alternatives, but they can't get traction because systemd resolves many of the scaleability problems, and it's much easier to 'plug-in' to when things are deep.


I run haproxy on an active/passive pair with a shared configuration backend on NFS. Systemctl edit haproxy, add an 'After be.mount' to the unit section, mount dependencies resolved, even if haproxy uprades and replaces the systemd config.

Is it perfect? Nope. But long term it's a helluva lot better from a maintenance perspective. Seriously though, if YOU are digging in that deep and you anly need to run with scripts just get an Alpine distro with openRC and get happy. If I'm building an appliance, systemd is much more than I need, and it still has a lot of quirks.



Systemd was pretty awful, mostly lack of reasonable docs. It has grown on me. It's pretty simple to build a service, and a lot harder to hammer the system, (like as in inittab 2 wait /oops/script/doesnt/exit). They need to get the overrides better (systemctl edit service, 'cannot have two Exec...', but I want to run tomcat in a wrapper, and not edit /lib/... that the package will overwrite)

Or we can go back to scripts and ttymon . . . (Lovely sh-t there).

It is faster for the same level of startup cruft, but openRC is nice for embedded with limited tasks. No love lost with Sysvinit unless younare a masochist. Something had to give.

When /etc/init.d had 30 items to start.... pretty simple. Then 60, tolerable, With dbus, and udev and all the other crap, init.d/rc/... starts to get painful. Lessee, that's checkconfig or wasnthat update-rc.d or ....

Frankly, I think the biggest achilles heel is 'Network Manager'. Early RC you scripted the ip config. Then defines in /etc/sysconfig or /etc/network. Now there is som abortion of that shit, with some netplan (and the stupid fucker who thought that was a good idea to make a hand edit with yaml bullshit), throw in a liitle systemd-resolv, and a splash of predictable interface names (Another utterly stupid idea, swap a nic, re-write your entire config, woo hoo, thanks asshole), and the lunitics are running the asylum.

Try running bind with conditonal forwards on a 'Desktop' ubuntu, using some openvpn 'client' configs. Toss in some Wifi and some netplan... and then see if you can get a name to resolve via bind without ripping sh-t out. Frankly that was much easier with 'man interfaces' and jessie. Don't even talk to me about netplan and 'bond' with some vlans. It went from a simple stanza with keywords, to netplan with undocumeted wierdly indented yaml. An extra space and your network is hosed. Brilliant fella's


ls, less, sort, head, tail

I will stir the tar for the jackass that forced single quotes around *some* filenames. Really screws with some shell scripts. Bring the asshole that changed the syntax for head/tail. They completely hosed sort moons ago. If you want to CHANGE the way a command works, create a new command. ( errr, .. more, then less . . . ). I talked the less maintainer off the ledge, when he made it automatically gunzip compressed files by default, moons back.

Intel maintained dominance by making everything work the way it always did. Having qoute wrapping as a feature, invokable with an argument, and on with an alias or environmental is fine. I can remove the rm aliases from .profile, bachrc, etc. Breaking the sorts in all my shell scripts sucks. I truly do not understand the arrogance. A big you are an asshole, who likes to break people's shit to ya.


There may be not one but two new air leaks in International Space Station: Russian boss tells us not to panic



There are some rather stark differences between ANSI and K&R. Particlarly when defining a jump table of functions.

NEC to sell the accelerator cards it puts into supercomputers – for about $11,000 a pop


Go for the Pine64? was: Pi??

RockPro64 has a 4? lane PCIE. Similar money. Just upconvert to a 16 lane with an adapter. A roll of duct tape. The NEC card can't burn more than 500 or so watts, so you'll need an interesting power arrangement. Does someone make an active pcie backplane with an ATX power plug? Does this beast have a seperate power inpuf?

Election security fears doused with reality: Top officials say Nov 3 'was the most secure in American history.' The end


If you are too stoopid to figure out how to vote, you are too stoopid to vote. My sister lives in Alaska. She received SEVEN (7) ballots at her house. TWO people live there. This is not evidence of fraud. But it definitely could make fraud easier to commit. What I want is all this stuff to wind thru the courts, and get clean and consistent. Biden er Harris won, but I want this to play out, and get nailed down.

It is extremely rare for recounts to favor a republican candidate. i find this odd. Once Florida got somewhat cleaned up in it's processes we see a republican renaissance. I would expect to see the opposite in other places would suspect I will not, because republicans game the system and suppress liberal voters by intimidation and making it difficult to vote.

I don't want to hear 'Voter Suppression' from either side. If you want to vote, its just not that hard to do anywhere. "Last Minute" voting eligibility is a crock. Mailing out ballots to 'registered voters' that did not ask for them simply invites fraud. Harvesting ballots seems wrong, in particular if they were sent unsolicited.

Anybody who disagrees with me is a racist bigot, who molests juvenile children, and only speak lies.


Re: Voting in America is flawed, not fraud.

America is not a "democracy" It is a "Republic". Rhode Island also gets two Senate seats. 1214 sq miles. Wyoming is just under 98,000 square miles. Maybe if we did it geographically rather than by population?

Our founding fathers created a system whereby New York City, Chicago, and LA do not get to elect the President. If you don't like the system move to Europe or maybe North Korea, or Columbia. As one of the most prosperous nations on the planet, we must be doing something right. It seems the more Socialist we get the less prosperous we become. With any luck we can be a third world dictatorship in no time.


Re: Some <irrational> thoughts on the election <from a brainwashed idiot>

"Not rich as a kid. Biden, at best, was middle class growing up. Not that I care, it depends on how he performs, but at least I bothered to look at who he is and where he came from."

A plagiarist politician who's been inside the beltway for over 40 years? One who supported rather racist legislation, and organizations as a young politician? A touchy-feely guy you wouldn't let your daughter get too close to? A guy who is very unlikely to serve out his full term? A Harris administration will indeed be interesting.

Trump is an ass, and wears in on his sleeve. Biden is a TOOL. The only reason he got the nomination is so the DP could present a "middle of the road" look to the people. Kamala Harris was not being rhetorical when she spoke of a Harris administration. Expect a far left agenda rammed down our throats. Shut your mouth or they will ridicule you, call you racist, and try and embarrass and shame you and your family as loudly and as publicly as possible to shut you up. Just like the people in this forum. Trump has been called 'Racist' no less than 10 times over the few responses I have read. Really? I guess if you should it out enough people believe. It's sad really.


Re: Some <irrational> thoughts on the election <from a brainwashed idiot>

Nobody 'got over' Hillary losing. The media and the Dems in congress spent 3 years trying to impeach and subvert the President. If Orange walked outside and said it was a nice day, and I had the audacity to agree, then I must be some low-life racist pervert. This type of shouting down and outward ridicule of people who don't fall in line with your way of thinking is straight out of the Communist/Socialist playbooks.

So please keep it up. Everything will be fine, it's obvious all these people constantly ridiculing the right have the entire worlds best interests at heart. Make sure whatever you say is in line with the anointed, that way you will be tolerated, and not thrown in jail for saying something they don't like. We will get the government we deserve. . . Hopefully saner heads will prevail, and the 2nd amendment to the US constitution will not see it's intended inclusion manifest. I fear Atlas may shrug in an unexpected way.

After figuring out that hope is not a strategy, SAP has a new one: We're gonna shift on-prem customers to the cloud!


Re: Security and cost

Two problems. Physical access. Logical access.

You will likely have a difficult time getting in my data center. Aws has a hundred or so, Lot's of people I did not vet touch their gear, so yea, they NEED more security.

Logically, if I create a path from the internet to/from my AWS environment how is that any different from a security perspective?

Lastly 'properly architected' applications. Bwahahahahah. Umm. Designing elastic applications for cloud, is decidedly non-trivial. Maintenance of same is decidedly non-trivial. You are speaking from a position of ignorance. I got 100 or so machines in AWS, cause the c-suite wants it. None of it scales much, but at least it's expensive. Talk to me when you have a fully resilient app in aws, lambda triggers and control/monitoring set up. It's slick but designing a system that magically adds nodes to a service cluster is intense. when the function can be accomplished with 2 guest's in 2 data centers, for redundancy, why am I spending months architecting?

'This was bigger than GNOME and bigger than just this case.' GNOME Foundation exec director talks patent trolls and much, much more


Re: Irrational fear of upgrades?

One word: openssl



The *only* desktop that scales worth a poop is KDE/Plasma. I use a 9" 2560x1600 laptop display scaled 1.4-1.6 undocked, switching to 1.0 is annoying docked, but gnome is 1X or 2X. Useless. I'm actually ok with plasma. I'm not a luddite, and I keep trying gnome thinking I'll get the hang of it... Then I move back to mate, or kde on the HiDPI stuff. KDE scaling just kinda sold me. Multi display support is also tolerable: it behaves and remembers configs for the home dock display (2560x1600, lt display off), and work dock display, (1920x1080, lt display on). YMMV, but mate/cinnamon/gnome/lxde/xfce all fell flat & useless for scaling.

Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done


Search and seizure

I can't agree more. Sometimes freedom has costs. Sometimes I think we offer protections to criminals that go too far. But the government should not have the right to search your phone without cause. Self-incrimination rules imply you cannot be forced by law to provide any keys or passwords. We must stay vigilent tonavoid the slippery slope. Anyone willing to give up freedom for security will have neither.


No graft or corruptiin in the UK

Wow, that's nice to know. The country that still fawns all over 'The Royals', then boots the corrupt lot, formed the worlds only corruption free government. That's pretty amazing.


More guns, less crime

Fairly comprehensive work has been done on this. The author set out to prove the opposite.

If ducks could shoot back, there wouldn't be very many duck hunters. If the Jews in the Warsaw ghetto were armed, I'm thinking it would have been very difficult to get them all out and into the gas chambers. But, you know, it wasn't really my problem. I'm not Jewish, and it will improve safety if we take all the guns away from them, I don't like guns anyway. They will never come for me.


Guns and alcohol

Guns and alcohol are not a good combination. Most places have laws around carry and alcohol. Many places forbid firearms in establishments that serve alcohol, the rest generally forbid consumption. I know 5 people besides myself who routinely carry. Two do not consume alcohol. The rest of us would avoid handling a firearm while drinking,especially if going to a bar or 'out drinking'. No reponsible person, generally handles firearms while intoxicated.

If a meth-head breaks thru the front door of my house, after I've consumed a few floating around the homestead, ... The shotgun just needs to be pointed in the correct general direction. Acuracy is not parmount at that point, and hollow-ponts may not make him stop anyway. I don't live in the best neighborhood, and I rarely drink more than a beer or two even so.

At 25 yards free standing with the baretta, my shot group is the size of a fist. With iron sites on the carbine, free standing, the same or better at 50 yards. With the sub-compact 9, maybe a 5" ring at 15 yards. The point being, when you carry something it's usually small, for close quarters. You're not shooting at anyone 'running away'. James Bond can hit someone in the head the first shot at 100 yards with a Walther PPK, but nobody real can.

The greatest majority of 'gun violence' is aound street gangs, and drugs. Now if you want a discussion of stupid drug laws that feed the violence...


Re: Suicide rates and gun ownership

So assuming the earlier stats, If we ttook away all the guns our suicide rate would be 30-40% lower than the UK. Wow.

Figures don't lie but liars sure can figure... All these stats are anecdotal.


I'm not stopping you...

By all means. Move to the UK, and live there. Do not come to the US. I'm not (ahem) putting a gun to anyone's head making them live under the laws here. I'm not asking you to change your laws, nor am I ridiculing them. If you think it sucks in the US don't live here. I like the gun laws here, and if you just held up the liquor store, and you get shot running away, so be it.

If you get stopped by the police for any reason, be respectful, and cooperative. If you happen to have run into a cop having a bad day, it will do wonders to diffuse the situation. If you have done something wrong 'man up', then 'shut up', and call a lawyer, before you say *anything*, other than, 'I think I should speak to an attorney before i talk with you.'

Further, as bad as some of the incidences are, upon investigation, there is quite often a bit more to it than 'Jonny was innocently running down the street with a hoodie on, and droopy drawers.' If there are bad actors get rid of them.

Proposed US fix for Boeing 737 Max software woes does not address Ethiopian crash scenario, UK pilot union warns


Re: Another work around...

This would also solve the problem of having to wear a mask while flying!

Microsoft will release a web browser for Linux next month. Repeat, Microsoft will release a browser for Linux – and it uses Google's technology


Microsft Teams, Linux

The missing link is Office/Calendar-ing.

Edge on linux is just silly. But, read below, probably soon to be a requirement for (er) web tools. This way we can get back to web sites that only work with IE 6.15, ... release 7.14256a4 x 10^24.but not with the august patch. There were two other releases that mostly work but we forgot which ones they were.

Teams was mostly working on linux, now not so much.with the microphone.anymore.

And if you are 'collaborating' you can only have one group active at a time. So when i switch from my company team to the developer group not part of my company, nothing works with my company, and it resets when you switch back and forth. Not a linux specific issue. I can't evrer find sh*t in the thing. Shoot anyone in the head if the sentence starts with "All you gotta do is ..." And Skype is gone soon.

Apparently teams cannot operate in a defined manner. Teams seems to require constant tweaking on my PA's to work. I'm not blindly opening RTSP to servers anywhere on the planet. Why my Teams client in PHX,AZ needs to talk to an MS server in Sri Lanka, so I can meet with someone in Denver is beyond me.

I Run UBU18 on my desktop. Zoom 'just works'. Occasionally i have to toggle between audio devices, it has crashed, but I use it constantly > 4hours a day (unfortunately).. Bluejeans also generally just works, and the audio has improved dramatically. Webex used to work in chrome just fine. Not so much on the audio side anymore. Vonage has a web platform that seems to be stable under chrome, but has issues around audio quality.

Microsoft is still resting on Office and Outlook. They are going to force users into the ecosystem, like android/apple, or enterprise with Azure & AD / SSO. MS will continually make the API's into their infrastructure / software a moving target. (Can you say 'modern auth'?) to force the issue and enterprise will put up with it because it's the horse we know, Nobody ever got fired for ...

Our CIO could give a care, because if O365 is puking, everyone is puking, and the C-suiter's all know it already, we deal with it. If something else craps the bed, regardless if it's 1/10th as often as MS, they want to know why we didn't go with Microsoft.

Google catches up to AWS and steals a march on Azure with introduction of cloudy Certificate Authority Service


Re: SCEP....

Let's Encrypt has simple tools with ACME v2. I'm not sure why I'd pay 400.00 / mo for a private CA. A minor effort with openssl and bash one could spew a few zillion certs every day from a tiny server.

The problem is people don't understand how certs work, but they need one for X... So they pay amazon or whoever 400.00/mo to generate a ca, then spew keys and certs.

If you need this if you pay me 300/mo, and spec your api needs I'll get it prototyped in a week, running in 2, minimum3 year agreement. This whole certificate/ca bs is a crock.

EasyRSA is already able to do most of it. Stupid.

USA seeks Moon and Mars nuke power plant designs ready to fly in 2027


Re: Coudn't they have specified...

What exactly does voltage have to do with temperature? That would have more to do with amps/watts. My 60 amp 110v element will heat water faster than your 220v/5a one. I could produce about 6 times the heat(calories,btu's...) Also this is for nasty DC. I don't grok that one. How much ripple do I get?

California Attorney General asks judge to force Lyft and Uber to classify drivers as employees – or else


It is apparent....

Most of the people commenting have never driven a cab, or worked in the industry. Cab drivers have generally always leased a vehicle, for a shift, generally 12 hours, and have been independent contactors. In most cases the lease covers, dispatch, and the vehicle, but not fuel. As far as what you charge, that is purely up to you, but cannot Generally exceed the meter, unless they puke in your car and you charge a cleaning fee or something.

Most uber and lyft drivers drive for both companies. There are tricks to work around and maximize trip charges, so generally they run one or the other, based on situational experience... End up on the west side, switch to Lyft. End up back over on the east, now I'm gonna signin to uber. Many folks do this on the side, some just out of boredom, or a few days a month, to help pay for things.

It's a decent wage filler if your between jobs. Places with the most rules, generally have the worst cabs.

Maze ransomware gang threatens to publish sensitive stolen data after US aerospace biz sensibly refuses to pay


Advanced Tools

A lucky hit on google chrome, grab the password file for an admin, ... Have sanpshots and backups people! Advanced ($$$) tools?

Next gen threat protection:


Carbon Black


High dollar firewall:

PA firewall with SSL inspection.

Email / MIME defang and mask:

Proof-point / Mimecast / Barracuda

Log and traffic monitoring:

Splunk, third party active monitoring, Arctic wolf, crowdstrike again.

Implement MFA. This is huge for phishing.

Most smaller companies have plenty of gaps in just this short list.

A fête worse than death: After struggling to connect into SAP's SapphireNow online shindig, we were all 'rewarded' with a Sting concert


SAP Deployment.

First you get to install a coupla 10 servers. Then you get to hire a coupla 50 or so SAP consultants and programming types that know the lingo. They (the consultants) all drive cars nobody here can afford. Then you get to design and write all your software around the accounting framework. So the answer is, as long as it takes to wirte an ap system, an ar system, a gl system, and whatever else you might need to run your business.

Then you take a few weeks to pat yourself on the back about how easy it was, and over the course of the next few years you hire consultants to fix your PO system so that you can see a list of the PO's you created, and other fun things like "converting" an expense PO to a Capital PO without deleting the 50 or so lines and re-entering them on a different input form. Oh and writing an asset export/import routine so you can do inventory on sharepoint and spreadsheets because nobody wants to write anything where someone can actually look at the stuff they are resposible for in real time.

Oh, also the consultants will make sure all your various accounting codes are as long as possible so looking at a number your will imediately know what it is like 7100100001 will mean 7xxx1pppnn = a cost center expense code 7 = this is a cost center code xxx = xxx is the cost center 1 means the plant (location) and ppp is the plant number (normally the same as xxx and nn = item type, not to be confused with the general ledger category, which is another really fucking long number, but it's not a big deal because even though it's a lot of typing I can hand type all of it every time with muscle memory generally flawlessly.

Woth every penny of the million bucks a year, make sure it's as complex as possible. SAP cloud servers are a piece of work as well.


Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers


Flamable but true

Sorry, but I'm dealing with a bunch of chinese built camera's and dvr's, running abandoned firmware. There is a TON of this ship and forget tech out there, sitting on networks, vulnerable.

Thought you'd addressed those data-leaking Spectre holes on Linux? Guess again. The patches aren't perfect


Re: Remove high accuracy timers?

I'll bite. Specifically what apps use nano-second timers. Explotation of these 'cpu' flaws is esoteric lab research at best. It's easier just to phish passwords. I'm still not seeing how one could realistically exploit this stuff. You gotta know the workload, know the process, and sniff aound petabytes of data until you match something. All the POC's involved running two processes in a controlled environment, or sniffing around with a known workload passing thru at a known time, I mean if I got all that, I'm pretty sure I already have you pwned.

There has not been a single ransomware tied back to meltdown or spectre. If resticting access to precision timers is feasable, and takes the bulk of the risk away, it beats crippling performance for day-to-day worloads. I know it's *possible* someone could inject a stored procedure on my sql server, that daisy chains something to exploit meltdown. My only question would be why? I'm already f*cked. If it makes you sleep better by all means have fun.

What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you

IT Angle

Re: I'm so angry I can't think

Ubuntu what?

I got no issues with 18.04 / kubuntu. Win10 is ok as well, it's display handling is much better. KDE/plasma at least scales betwen 1 and 2 kn a high dpi display, But W10 is superior on the dynamic side.

On the RDP front... why not just use . . . Well RDP, instead of VNC. Apt install xrdp. Viola, i can use msrdp from W10 to my ubu, or remmina from UBU to win. These days thats all pretty stable and seemless. Actually, for ubu server you can run LXDE skip the compositor, and use vanilla 16bit rdp, without beating up your client, or turn it up, use remoteFX, and have a pleasant experience if you've got the bandwdth. RDP on 2008+ is abysmal without a modern rdp client and good bandwidth.

W10/2012+ is decidedly more polished though, and even though I do run it, setting up openldap, and PAM, makes AD/fsmo roles, and cruft, look simple. At least until it breaks ;).

Most of the xrdp server stuff, fixed and got stable 3ish years ago. RDP accel is still hit or miss, on BOTH. Multi-display is cli invocation only.

From Gmail to Gfail: Google's G-Suite topples over for unlucky netizens, rights itself


Re: titsup URL?

I noted this as well. Good Luck getting to bit.ly/...anything... from inside my firewalls.

NOBODY hand types in URL's anymore, and it's almost criminal for google to put out anything that doesn't use a google domain name. What would have been wrong with:


bit.ly, and it's ilk are *all* banned thru my PA's. We actually had our dental provider offering dental appointments at a mobile trailer at our office. You scheduled by following a bit.ly link (Fail) witch directed to an insecure link, (Fail) which directed to a secure link that had nothing to do with the company providing the dental services (FAIL, appointment.com or something like that), with a mis-matched certificate (WOW, unbeliveable). There was no HIPAA notifications, and the site asked for your name and date of birth to set up the appointment.

And HR/benefits actually dragged me in front of my boss and our CIO because I REFUSED to allow the traffic through. My boss almost snorted an entire cheese sandwich thru his nose when I told him why we were being summoned.

That awful moment when what you thought was a number 1 turned out to be a number 2


Re: You solved the problem, goodbye

I don't move my clock. I live in a very strange place where people who want to get up earlier, move their alarms (or leave the blinds open a crack), instead of making everyone move their clocks. I'm debating 'moving' them all to 24 hors UTC. YMMV


Re: Passwords

The problem with passwords is the checkers should look for entropy, not symbols or mixing case, or doubling characters. My favorite is a vendor site that requires, 1 upper, 1 lower, and one special character at least 12 long. So fuggit keepassXC is my friend and I'm storing , gen somethIng atrocious, cut paste save ... Sorry special chars can only be one of ..... You've got to be kidding me.... I have another will some of the same sillyness, so I gen my standard 16 char gook, . . . Sorry passwords can be no more than 12 chars. . . You can't make this stuff up. 'We are so stupid we can't hash a long string'.

Our S2 Netbox badge system, requires at least 1 number no more than 10 chars, no doublets, will not take special chars, and they've written code such that you cannot use paste in the fields on the login page. I currently store >100 passwords in my Keepass file, that I unfotunately actually need all of over the course of a month. Need to send those guys another beer.

Butterfly defect stripped from MacBook Pros, Airs by Q2 2020, reckons Apple analyst


Re: I liked the butterfly keyboard..

The Vt100 keyboard was a rugged piece of sh.. Layout right up there with the venerable ADM-3A. And still for some unknown reason backspace keys have to send ascii 0x77 aka DEL or RUBOUT, because the POS VT100 didn't have the key... had switches underneath though.

Wyse 50 and later 60's and 150's had the first reasonable layouts. The pc101/102 IBM's with collapsing springs are the best to actually type on. You can still buy them. You can keep your vt100, ansi layouts. I learned to type on manuals, then Selectrics. IBM used to be able to really engineer stuff. Great action is useless if the layout ain't got the keys you need. Ctrl-h (jk and l) on an adm anyone?

Fresh virus misery for Illinois: Public health agency taken down by... web ransomware. Great timing, scumbags



Fighting the same shit now, started Saturday. I wish we spent a little more on our NetApp to keep more snapshots. Over-priced storage just pulled our fat out of the fryer, making it worth about 20 times what we paid for it. <1 hr to pull ~80TB back to the day before. Doesn't clean up the mess, but it sure made it easier for us to do it. If anyone finds these fucks, I'll be first on the list to pull the gallows handle. We will be increasing our snapshot space. Grrrr.

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?



WPAWEPFARTTURDTWAT is useful for allowing users on the Wifi network. Not protecting what's *IN* the Wifi network. YMMV



Biting the hand that feeds IT © 1998–2021