
Re: One of my favotire tools
Damn - now I've got Julie Andrews singing in my head.
134 publicly visible posts • joined 24 Mar 2020
The design was so bad, it caused quite a bit of froth on road.cc and other cycling sites.
To make matters worse they didn't migrate your order data from the old system to the new system and they had to keep the old systems running for warranty purposes and also returns - they had a generous 'return with 365 days' policy for some goods and actually had very good after sales service that was pretty much useless without that old order data.
They committed the cardinal sin of computing - they ignored their users and built a system that they wanted, not what their customers wanted.
I don't have a passport, it's over 20 years since I last had one and it was only because work was in NL and it was only stupid UK law that meant I had to have one then. We were in the EU (it was Maastricht Agreement and currency union time and my Dutch colleagues were very agitated about losing the Guilder) and I just walked in and out of Schipol without problem.
I don't currently have ANY form of photo ID. My driving licence was updated 35 years ago when we last changed houses.
When I got SC a few years ago, they had no problems with the above.
How am I too dumb and lazy ?
It's the same with these stupid anti-money laundering laws - they just get in the way of normal citizens going about their business while the intended targets just find another loophole to circumvent the problem.
You would think by now that _ANYBODY_ writing C code would know that buffer overflows are to be watched out for and good coding practice should be to never EVER EVER use *cpy etc. without bounds checking but we keep getting buffer overflows. Why ?
It's not as if it's a new problem or old code. glibc-2.34 was released in 2021.
I spent most of yesterday looking into this and learned more about the Red Hat philosophy than I really wanted. Their mitigation is basically to install a script that checks for a the environment variable being set and borking if setuid. Oh and if you reboot the machine, you have to manually repeat the process.
Why not just release a properly patched glibc - or perhaps stop doing just *ing stupid backport patching. glibc-2.28 on RHEL8 is vulnerable - 'but it's 2.28, this is a 2.34 bug' I hear you say. I'd agree but the *wits have backported code from 2.34 into 2.28 and that includes the bug.
Maybe the RUST people can help out here.
FFS - why isn't there a 'head in hands icon'
I could have done the work in C or C++* but I wanted something different - purely for the sake of it, I'm comfortable with them so why not try something else.
I started at GO (where else) but didn't like the enforced style and funny brace rules, then went to Rust and spent a lot of time reading the book and trying different things and tutorials, felt quite good and happy with how it was going then went to write my first bit of code for the project and started getting warnings and compile fails that I'd never had before so back to the tutorials and experimenting.
In the end I got fed up and found D (https:://dlang.org) and it's really quite nice, there are a couple of minor issues with it but the community is very helpful and it's not been that difficult to get up and running with it. It certainly fits my brain wiring better than Rust.
I had my first module written after about four hours and while not complete, it's workable for what I want at the moment and will grow as the project grows.
& there's no evangelism either denigrating other languages and telling you how D's going to take over the world.
It's just quietly good.
This is where I think Rust is really getting it wrong - it's being rammed down our throats and pushed but it just ain't a better mousetrap.
*I used to like C++, but C++ as it was in the early days, it's now a bit of a dogs breakfast with C++11 or C++17 etc flavours and new ones coming every few years and each new one getting more arcane (and still not trapping IDIV0 exceptions) & (or && if you will) constantly changing the spec says to me that they haven't got it right.
Write a program in Rust (probably better in Perl IMHO) that converts C to Rust - you can call it crust - I won't trademark it.
Then run the Linux kernel code (and the GNU stuff) through crust and fork a new distro, let's call it crustux and see how well it goes.
Let's face it, most of the code at this level is idiomatic so it should be a fairly simple task to do the convert.
It'll be useful as well, it will show up all the errors in C that are in the kernel and hopefully lead to a better kernel so those of us who are not bright enough* to master Rust and love the simplicity of C can be left in our own little C kernel space in peace.
* me included because I have tried Rust a couple of times and keep falling over when I hit str and String and borrows and traits and structs with strings....
Who cares really. I've been using Linux for almost three decades and can honestly say I've never wanted to write to an NTFS volume. I think NTFS write is an edge case. The existing read only NTFS driver is more than adequate, if you want to write something to an NTFS volume then go and buy a Windows licence. If a project says it has to use NTFS I doubt very much it will say it also has to use Linux. Right tool for the job etc.
I'm struggling to think of a case where you would need NTFS write with Linux as well or even where there is a need for write to co-exist. Just read the data and store it on ext4 etc. or as mentioned in a previous post use SMBFS or NFS. NTFS really is a non issue. If NTFS is the solution, you have been asked the wrong question.
We then come to the politics. M$ will _NEVER_ release NTFS source code. They could release a kernel module or blob so that anybody that wanted write functionality could have it but why would they bother, almost nobody would use it so it's a lot of effort for nothing really.
Releasing the source code isn't as simple as dropping a tarchive out and it's done. There will be a lot of work needed to modify the low level calls to the drivers, problems with endianness, sector translations etc. They would also have to visit every line of code and check that everything is perfectly formatted, logically correct and well written and they would probably have to strip the comments out as well then make sure that it all compiles cleanly on GCC and LLVM and performs in a native Linux environment. They will then release it and some poor OS developer will have it land on their lap and try and make sense of it, make sure that there are no hidden nasties in the code (intentional or unintentional) and then test it thoroughly before letting it free to the community.
Once it's out there, you'll get the sad people poring over the code and criticising every line of it - "oooh look they've used camelCase on line 454 here and CamelCase on line 427 - that's BAAAD...." and even if it's perfectly written, as soon as one bug is found the whole thing will be spread all over the net as M$ flusterCluck and nobody will use it again ever...
I'm still struggling to think why we need it and what the positives are for M$ - as I said click bait article.
Have a beer sir. Sorry about the icon but it was the nearest I could get to oxidisation.
When I was reading the article I just knew there'd be a 'rust angle' in it somewhere. It wasn't _really_ about C was it.
I think we're going to need another icon before too long, rust gets way too much air time here, it's in danger of becoming the new systemd.
Have one of these ---->
If it was open hardware we'd be a lot better off. We can probably blame IBM for the mess we're in with phones. If they hadn't made their PC so bloody open that everybody copied it the phone companies wouldn't be so cautious about their proprietories* ...
*I know it's not a real word but it should be :-)
I like Alpine too Have one of these.
I'm not too chuffed with musl not supporting utmp/wtmp, their reasons seem spurious at best Scroll down here https://wiki.musl-libc.org/faq.html for more info)
Administering big multi user systems, seeing who is online and having a history of logins/reboots etc. is pretty fundamental.
It's not the CLI.
It's the usual suspects desire to have everything graphical in front of the CLI that's causing this.
I really hate Red Hat for this very reason. When I build a system I don't want X installing on it, I don't want a graphical boot or install process, I don't want avahi (lets sniff round the network and look for shares and printers...) installing on it, I don't want graphical tools on it for basic system admin tasks. polkit et. al. is in place to allow circumvention of the command line and good system management practice.
When I build a server I want nothing on it apart from the bare minimum required to perform its functions, everything extraneous to that just adds another attack vector.
or is Rust just trying too hard - it wants to join the party it's knocking on the door and nobody's answering.
From what I see, the biggest issue with Rust is the evangelical zeal of its proponents/proselytisers. It's a solution looking for a problem and they are trying to push it everywhere. Unfortunately when you try pushing and over hyping stuff, people just turn off and reject your advances. I'd far rather see a language just creep up on us and discover it was brilliant for a particular task and be adopted than be lectured to by a bunch of wannabes trying to be the next big thing because they've nailed themselves to the floor and they want you to do the same.
Yes, you probably can't compile something that's not safe but you can still compile flawed logic and no amount of language design is going to cater for developers (and we're all capable of it - no matter how good we are) getting the logic wrong so Rust really doesn't add a lot.
Where did I say energy consumption didn't matter ?
In the examples you mention I'd hope that the programmers were aware of the power consumption issue and used the most appropriate languages and techniques to minimise that.
The reason we're using so much energy is because we have a "throw more CPU's at it" mentality rather than 'can we write it better'.
Rust (and any other language) isn't going to solve the problem - (almost) nobody tries to write efficient code anymore or revisits their old code to clean it up - if it works - leave it.
All languages allow you to produce bad, inefficient results, e.g. pretty much everybody would write a bubble sort, rust is no exception so using power consumption as a marketing message is spurious.
M$ have effectively re-invented themselves over the last few years. Almost nobody buys their stuff anymore, they rent it and effectively make M$ a none state tax entity, HMRC where the M is for Microsoft. Apple are currently exploiting their monopoly position i.e. locking every apple user into the system, but that is all they have. If you take away the iPhone name, there is very little of substance for them to fall back on. They got lucky with the phones, M$ got lucky with the desktop, M$ have moved on and are reaping the 'rewards' (AKA screwing the gullible in another manner) Apple are sitting on their laurels.
Sadly while we have a brain dead corporate model that favours OPEX (lets give our money to somebody else) over CAPEX (lets innovate and do stuff ourselves) these two corporations will continue to prosper and laugh all the way to the bank.
Question #3: What should I do if I receive a ransom/threat?
1 Do not pay the ransom
Paying the ransom only encourages bad actors—and there’s no guarantee that they won’t attack your network now or later.
2 Notify Cloudflare*
We can help ensure your website and network infrastructure are safeguarded against these attacks.
3 Notify local law enforcement
They will also likely request a copy of the ransom letter that you received.
Alright there's no ambulance to chase here but how blatant is that of the marketing people.
* Other parasitic scumbags are available.
R4 had disgruntled customers complaining - what a bunch of whiney whingers we have in this country - "Tesco .. can't deliver for me this week / change my order - my kids will starve" - F-OFF go and walk to the shop and push a f*ing trolley round...
"The firm also recommends that *nix implementations in telco-land need "basic security controls and logging in place (e.g., SSH logging forwarded to a SIEM, endpoint detection and response (EDR) for process execution, file integrity monitoring (FIM) for recording file changes of key configuration files)".
which you can buy from us of course.....
Have a beer on me - I think you might be me in a parallel universe because that's exactly what I was going to write.
Still stuck with ADSL2 here and because NTBloodyHell rolled cable down the close there is no way BT/OpenReach are going to bother too much as we have an alternative.
I like beer in this universe, I hope I like it in the alternative one. NTBllodyHell/Virgin will be sh*t in whatever alternative universes there are.
Middlesbrough's a sh*thole. I suspect that a lot of them would rather be on duty in Afghanistan.
Middlebrough lad born & bred BTW and it's a shame how it is now - and most of the problems are the boro natives not the foreigners that the boro natives are very vocal about.
The drives will probably still be intact and the data read pretty easily. There is no way that a roller could crush aall those PC's flat enough to destroy the inner disks, even if they were running them over one at a time.
Publicity stunt just about sums it up. Probably a lot of bent coppers using bent disks to carry on the mining :-)
Providing it's our kit that's on prem - not yours.
The cloud providers must be wetting themselves with laughter over this. The tin vendors as well. It's a win win for everybody apart from the poor customer who's decimated their data centre, culled their staff and outsourced everything.
Cue the architects going to the board telling them this is the future and polishing their CV for the next job.
I *&^%ing hate this industry at times.
I was just thinking of this earlier.
There were regular articles that started with "Researchers at IBM's....." or "IBM research labs release ..."
It's rare nowadays to see anything new and innovative with IBM in the name.
I can remember them writing the letters IBM out in individual atoms (Silicon I think) back in the 1980's.
This is what happens when you let accountants run the show.
Glad to know I'm not alone.
I thought that playing their game would get it workiing so I went down the SPF, DKIM, DANE and TLS route and it made not a blind bit of difference. Never had a problem so far with gmail - just M$.
It's still happening - maybe I should try something other than Exim :-)
1.1 million complaints, 100k linked - policy appears to be only worry if we get 10 or more complaints.
They also said 'linked to' - they didn't say they did anything about them so I wonder how many were actually deleted.
I use Namecheap myself - have done for almost 20 years - they were Enom resellers when I first started using them. The service has been quite good over the years though I am sick of asking them to stop sending emails out in HTML only format.
Recently, my account has been getting locked due to failed login attempts - I suspect that Namecheap are now being bombarded with speculative logon attempts, they are now a nice big target.
They also supported the Nominet EGM so they earned some respect there :-)
My RANT with MS is the fact that most of my mails to outllook/hotmail go to clients JUNK folders and you get no feedback from M$ as to why - at the moment I'm getting regular spam offering the services of sweet young things from outlook via what looks like some sort of injection into sharepointonline.com.
Of course M$ won't do anything about it.
It's in their interest to give externals a sh*t service - there's peer pressure from clients to do even more of their dirty work :-
DId you get my email ?
No.
Is it in Junk ?
Yes.
Cool, any ideas why it went to junk ?
No. Why don't you use outlook for you mail - we never get stuff in junk from other microsoft clients...
Grr
But shouldn't they have been told ?
Realistically, somebody somewhere down the food chain will have warned them about the possibility of the attack - I bet there's some techy guy rubbing his hands with glee and running round shouting I told you so - naa naa na naa naaa :-)
Philip Hazel retired years ago - Exim was at 3 something when he went and he's had nothing to do with it since.
Exim 4 has been pretty solid but it is getting unwieldy, it's configuration is arcane and idiosyncratic and it's documentation obtuse (never mind the quality - look how many pages we've got).
It's certainly suffered from feature creep.
I don't think the devs have anything to to be proud of really.
Even this emergency release, they mentioned a feature that turns off the taint checking but also said it's immediately deprecated and that feature isn't in the main release - you have to download a slightly different release '-fixes' which there isn't a tarball of on the main download server.
Alternatively you can download the previous 4.93-fixes stable (release without the tainting checks) that they have generously applied the patches to but again the tar files are not on the main site.
Yep, you have to pull a git release from the source repository to get those fixes - sigh :-(
I'm definitely thinking of an alternative now - Exim's credibility is at 0 now and I have a load of work to do because of how they have handled it - a comment from the mailing earlier mentioned they had been sitting on these bugs for 7 months.
They then go and release and publish and everybody is left running around like idiots hastily patching, rebuilding and fixing stuff. It will all end in tears.
I know it's not polite to criticise volunteer efforts but sometimes being too polite creates more trouble. If people had been more critical, Exim may not be in the mess it now is.