Before long we'll be just running several apps on the server, get rid of the dock overhead as well.
95 posts • joined 24 Mar 2020
Glad to know I'm not alone.
I thought that playing their game would get it workiing so I went down the SPF, DKIM, DANE and TLS route and it made not a blind bit of difference. Never had a problem so far with gmail - just M$.
It's still happening - maybe I should try something other than Exim :-)
1.1 million complaints, 100k linked - policy appears to be only worry if we get 10 or more complaints.
They also said 'linked to' - they didn't say they did anything about them so I wonder how many were actually deleted.
I use Namecheap myself - have done for almost 20 years - they were Enom resellers when I first started using them. The service has been quite good over the years though I am sick of asking them to stop sending emails out in HTML only format.
Recently, my account has been getting locked due to failed login attempts - I suspect that Namecheap are now being bombarded with speculative logon attempts, they are now a nice big target.
They also supported the Nominet EGM so they earned some respect there :-)
My RANT with MS is the fact that most of my mails to outllook/hotmail go to clients JUNK folders and you get no feedback from M$ as to why - at the moment I'm getting regular spam offering the services of sweet young things from outlook via what looks like some sort of injection into sharepointonline.com.
Of course M$ won't do anything about it.
It's in their interest to give externals a sh*t service - there's peer pressure from clients to do even more of their dirty work :-
DId you get my email ?
Is it in Junk ?
Cool, any ideas why it went to junk ?
No. Why don't you use outlook for you mail - we never get stuff in junk from other microsoft clients...
But shouldn't they have been told ?
Realistically, somebody somewhere down the food chain will have warned them about the possibility of the attack - I bet there's some techy guy rubbing his hands with glee and running round shouting I told you so - naa naa na naa naaa :-)
Philip Hazel retired years ago - Exim was at 3 something when he went and he's had nothing to do with it since.
Exim 4 has been pretty solid but it is getting unwieldy, it's configuration is arcane and idiosyncratic and it's documentation obtuse (never mind the quality - look how many pages we've got).
It's certainly suffered from feature creep.
I don't think the devs have anything to to be proud of really.
Even this emergency release, they mentioned a feature that turns off the taint checking but also said it's immediately deprecated and that feature isn't in the main release - you have to download a slightly different release '-fixes' which there isn't a tarball of on the main download server.
Alternatively you can download the previous 4.93-fixes stable (release without the tainting checks) that they have generously applied the patches to but again the tar files are not on the main site.
Yep, you have to pull a git release from the source repository to get those fixes - sigh :-(
I'm definitely thinking of an alternative now - Exim's credibility is at 0 now and I have a load of work to do because of how they have handled it - a comment from the mailing earlier mentioned they had been sitting on these bugs for 7 months.
They then go and release and publish and everybody is left running around like idiots hastily patching, rebuilding and fixing stuff. It will all end in tears.
I know it's not polite to criticise volunteer efforts but sometimes being too polite creates more trouble. If people had been more critical, Exim may not be in the mess it now is.
Been using it since 1993 ish.
Just been and compiled and rolled out the new release. Ended up having to do a lot of reading and farting around.
Exim has copious documentation but it is really difficult to digest. Most of the problems today weren't with the compile, it was trying to find what I needed to do to the configuration file so that it would used de-tainted data.
What's de-tainted data ? I hear you all cry. In their wisdom the Exim developers decided that any data that could possibly come from the outside world was dangerous and couldn't be used directly in, for example the name of a file. Seems like a good plan but they didn't tell anybody they were doing this, they just rolled it out and mentioned it in the release notes (not even at the top of the release notes either). Consequently the mailing list was flooded with people screaming because their 'working for decades' configs suddenly stopped.
It's generally been accepted thet the exim devs could have handled the release better.
It's particularly galling that while the devs were busy looking at the tainted data splinter they missed the *()&ing planks that today's release is hopefully in mitigation of.
It does make me wonder what else they have missed and has dented my (and I suspect a lot of other postmastes) confidence in the product.
> Good coders who use Rust are prevented from the occasional mistake.
Only if Rust detects them.
Bad coders are prevented from the majority of mistakes.
There is the problem that all coders will over rely on the compiler and have the 'it must be good code because the compile was clean' attitude.
I don't see any of the those as benefits.
A good cautious slow C programmer is preferable to a dozen sloppy rust code monkeys putting blind faith in the compiler.
I can imagine that they would spend all that time dreaming up new algorithms and horizons and better more efficient ways of doing it.
In reality, they'll just go and yak about daytime telly and watch more soaps.
Too many programmers don't give a flying fig - if they did we wouldn't have as many security breaches, OOM errors, patch Tuesday's and segfaults as we do.
Manglement are as much to blame - quality vs quantity etc. and deadlines trump correctness.
Potentially dangerous code can be written in any language. Good coders know this, good coders work hard to ensure there is no dangerous code. Syntax checking and analysis by rust just allows crap coders to get away with being crap. Can you imagine the horrors that will result when all these Rust programmers suddenly have to write a bit of C or C++.
I'm currently sorting some Python out & I can confirm that while code is beautifully indented and formatted, it is still shit code, uncommented and logically flakey.
I won't use Go either - any language that forces a style on you is plain old bad.
Pet peeve - traffic management signs on motorways - e.g. A123 closed at J92. Where the F is that - I might know the A123 and J92 if I live on it but as a passing driver no chance. If they said A123 closed at THE NEAREST TOWN TO THE CLOSURE it may actually help.
Other than that, signs are a good way to go.
I take my wheels off, wire brush the bosses clean and the inside of the wheel hub and slather the mating parts with a CopaSlip
Also do the threads on the nuts/studs.
Your nuts come loose so much better when well lubricated fnarr fnarr.
In my experience, I feel that the standard of driving on Britains roads is now worse than it was before covid.
As a cyclist, I see more close passes, poor lane discipline and aggressive driving than I did before lockdown.
As a car driver, I have been passed in 30 & 40mph zones more often as well.
Too many think a driving licence is a right not a privilege.
would try sleeping with you - now it's just a spotty nerd in a run down office block clicking 'Like' icons :-(
Never done LinkedIn, or any other social media platform for that matter.
I was working at <I'd rather not say> defence contractor in a security role (it may or may not have been patroling the perimter and issuing car park passes but it was still security) a few years ago and the missive came round telling staff to remove their clearance status from LinkedIn.
Personally, if you are stupid enough to put your clearance status on LinkedIn then you should be fired and have no place in a security role. The only exception I can think of is if you are phishing for foreign agents to contatct you.
I _REALLY_ don't get social media.
> I am the registered 'owner' not my registrar,
You would be surprised to see how many domains I have had from the big boys where the registered owner is the large registrar themself. I've not had one come in since Nominet started making a fuss about it a few years ago but it was very common. Admittedly some of the smaller registrars were sloppy but the big ones were worse simply because the registrant was ignorant and was guided through the requirements.
And the one domain one vote was tried - but it was realised that it would only take a couple of the largest registrars to collude and there would be mayhem - couple this with the lare registrars not being UK based and you basically have no teeth.
I can compete with <CHOOSE YOUR SUPPORTING REGISTRAR HERE> on price and service - as can any one of the other smaller registrars.
Over the years I have seen hundreds of customers leave me for the likes of 123-reg and 1&1 - sadly, I don't think most customers care, they just see the 'domains for 1p' and other dodgy claims.
The problems started long ago - I've been a member for over 20 years and some of my fellow members have been railing against Nominet and the management of it from before I joined, it has been, if not as rotten as it is now, getting a bit whiffy for a lot longer than most people want to admit.
Nominet have never kicked 1&1, 123 or uk2 to name a few of the big bad ones and I have had to jump through hoops to clean the mess up when receiving domains in - it was not uncommon for domains to come in from the big registrars with registrant details that were wrong and should not have been registered. The likes of the above three didn't care, they'd got the money, they'd also got a lot of clout with Nominet as well. Little fish like me got the grief though.
I also got a LOT OF GRIEF from Mrs Lunatic because she had to do the paperwork and sort the TS&C's out and jump through hoops with policy documents for Nominet to inspect just so we could become an 'accredited' registrar. I'm expecting a letter from Nominet any day now telling me that they have audited our web site and it's still compliant but our liability insurance is about t o expire so please supply us with a policy number to maintain your accredited status...
And then you see what a bunch of self serving pocket lining brain dead oxygen wasters is running the board - you may understand why the members are thoroughly disenchanted.
I wondered about this as well. Why didn't they just get a court order to threaten turn off said companies internet connection in X days if they fix the problem. You can lose your freedom for petty misdemeanours, why not just lose your link until you have shown that you can fix the problem.
Going in and modding somebody's server - no matter how bad the situation or good the intentions is an awful precedent to set.
Is this a recent thing - my N8 was acting weird for a few days last week and I did a webview update and it solved the probs. Google had pushed a funny patch out that was stuffing something and forcing a reload was enough to clear the probs. I'm sure I saw an article on the reg somewhere about it... here it is :-
Of course, it would be cheaper if said companies (and public sector orgs) actually paid for qualified advice and staff to mange the problems and risks BEFORE the attack took place.
Unfortunately we have a culture of cheapest wins and Brenda* can do speadsheets, lets make her security officer.
*Apologies to any person called Brenda - it's not personal - I just pulled the name at random - I don't know anybody called Brenda either.
I was working in Holland when she died. I remember waking up to BBC R4 on longwave and thinking "WTF are they on about - you'd think she was dead"...
Had a pleasant ride from Eindhoven through to Belgium on that day. I embarassingly was the slowest tomato.
It was a PITA getting back home for a couple of weekends - the country seemed to have gone mad and everybody wanted to go home. It took me ages to get through Schipol due to the queues. I'd have stayed in my flat another weekend had I realised.
I'm glad I was out ofthe country and was a bit embarassed by what looked like mass hysteria.
pwgen and vi -x here.
Firefox does a pretty good job of generating garbled passwords and storing them. PITA if you want to access a site from another machine though.
My pet hate is websites that change the rules so the password you register with uses a different rule set to the "I've forgotten My Password" process.
Bloke with a big shed then.
Marketing - the registrars do that - why do Nominet need to do it ?.
Finance - only needed to find intuitive ways to line the directors pockets - realistically :-
money in from domains - (server costs + staff costs + a bit for contingency + a bit for good causes) == 0.
Personally, I knew they's blew it when I found they were using Oracle as the backend database,
The registry is only as bloated and inefficient as it has been made by the gravy chasing leadership has made it over the last few decades.
Nominet have tried (successfully!!) to make a mountain of the molehill, it seriously does need reforming and has done for several years, I have been a member for over 20 years and when I started there wereother members complaining about the way it was run - and they wee right then and they are still right - it's just that Nominet managed to sideline, ignore and gerrymander the system against them.
Any idiot can run a monopoly, unfortunately for the erstwhile board, they were special idiots that brought the monopoly down.
There were worries years ago that BIS would get involved and that Mandelson had his beady eye on the organisation when there were problems - it quelled the dissent then. Can't remember what the crisis was at the time - I think it was something about voting rights and power being given to the board.
I've lost interest over the years in Nominet - I'm still a member and dutifully pay my fees but have basically been treat by them (as have other smaller members) like shit and totally ignored. Eventually, we have had enough and this is the result, the structure is Gerrymandered for the big organisations and they have supported Nominet, hopefully when the mess gets cleared up, there will be a more equitable relationship between Nominet and ALL it's members.
TBH, the governemnt marching in and stomping all over them wouldn't make things much worse.
The update for grub2 released as DSA 4735-1 caused a boot-regression
when chainloading another bootlaoder and breaking notably dual-boot with
Windows. Updated grub2 packages are now available to correct this issue.
For the stable distribution (buster), this problem has been fixed in
They will roll out the patches to Ubuntu (if they haven't already) and it will automatically update as is Ubuntu's wont.
If you are really desperate to apply the patches, open a terminal and :-
and that should apply all the latest and greatest.
My preferred method is :-
apt-get dist-upgrade which is a bit more intense that a mere upgrade ;-)
Are you a Stable Genius because you look after horses before they bolt ?
I installed debian on them, it's a bit fiddly without a console.
Next NAS box I get will be a DIY thing - the QNAP's are good but lack of a console and proprietary motherboard and UI lets them down a bit. They're great for plug and play but to really make best use of them, ditch QNAP's O/S which is a pretty limited Linux.
Shirley Crabtree ?
Wikipedia has a page of Shirley's, admittedly there are more Shirley (F) than Shirley (M) but Shirley (M) is not that uncommon.
John Wayne was a Marion.
Point is, even with the new names, they are going to upset somebody somewhere - it's just that those they upset won't be the ones they are upsetting now.
In a few years time, we will be having them change the stuff because we're all woke to Shirley's plight :-(
We could always steal 'bastard' from engineering. If we can't think of a nice friendly name for something we can just call them bastards. So we have a bastard mating with a bastard, or a bastard calling a bastard.
That should clear up all confusion :-)
This was one big gripe with them. They ate batteries and I ended up leaving them plugged in to the wall wart. More annoying was that the radios had to be on a window sill to receive anything, I don't get a particularly good FM signal here either but I can generally get it anywhere in the house with a bit of careful orientation of the radio, DAB is window sill only, it has improved since early days where it was kitchen window sill, at least now it's any window sill and the dining room.
Don't get me started on the number of times we have to retune the smart telly because somebody has decided to renumber the stations or move them.
Back in the 405 days, we had three channels and admittedly the volume wasn't there but at least you could watch something. Digital it's either picture of black screen.
We'd probably get better service if th BBC actually puit some money into infrastructure and bandwidth instead of the luvvies/over paid presenters.
One person's filth is another's erotic art.
Once government start banning or controlling this, they won't stop. Eventually, you would only end up with government filtered content because the governments would be under so much pressure for the next moral issue to hit society. Ban junk food sites, ban you tube because there's some scary stuff on there about sharpening pencils with a craft knife...
In essence, the proposal won't work. How do you know it's porn firstly ? The originator has to classify it. What if they don't ? Do you say only streams with a classification are allowed ? You will really throw the baby out with the bath water then.
Biting the hand that feeds IT © 1998–2021