Posts by Vic

Re: What the company is missing ...

> And how long would it take to write that web application in C compared to Ruby?

Have you seen HipHop?

Vic.

Re: Short termism?

> Think about it, are they really going to send a £100 / hour lawyer to fight a £100 claim.

Royal Mail claim to have spent far more than that on the claim I made against them. They sent me a ream of paper (mostly legalese), including a breakdown of their costs. And my claim was for very much less than £100.

Once they'd figured out I'm not the sort to be intimidated by that approach, they sent me a cheque.

Vic.

Re: Touch...

> I think I'd be happier with an inkless biro that just wrote on the screen.

You could have it light-driven. A light... pen

I'm sure there's a patent up for grabs if you try hard enough...

Vic.

Re: @postfix or something else?

> Postfix seems to work out-of-the-box if the LDAP server is located on the same system

Yes, that's the default. If you want it to talk to a different server, you use the server_host parameter. If you don't specify that parm, you get "localhost"...

Vic.

Re: For [Insert Diety here] sake

> you sure as all get-out don't run SSH on 22

I do. That's where my users expect to find my SSH daemon.

They don't get in without their keys, though.

Vic.

Re: For [Insert Diety here] sake

> Put a (metaphorical) land mine there - touch that port, immediately be blacklisted.

That upsets customers. They don't like being blacklisted for a single mistake...

Vic.

Re: postfix or something else?

> I suggest postfix, which is much easier to set up

That's somewhat subjective; personally, I find sendmail much easier to set up than postfix, but that's almost certainly down to the fact I have far more familiarity with it than I do with postfix...

> BTW this would be useless with the webmin approach.

There is a webmin module available for postfix. I've no idea how well it works...

Vic.

> If you use tools that edit the .mc directly - or you enjoy going in and editing the .mc by hand

> - then do not use the sendmail module in webmin

That's pretty much what I keep telling you. And you keep telling me you know better.

> I was taught emphatically to never edit the .mc file in sendmail directly

I very much doubt you were told that.

You were almost certainly told not to edit the .cf file directly.

> I am repeatedly and forcefully told that I am never to do anything outside of M4.

So you *weren't* told not to edit the .mc file. Like I said, then...

> M4 is where configuration changes are "supposed" to be made, and so I make them there.

And if you use the sendmail module in Webmin, that statement is no longer true, as it alters the .cf file directly for a number of options. Hence the warning I keep maknig, and you keep telling me isn't important.

Vic.

> Sendmail module on webmin has "M4 configuration."

Yes. But if you edit that, it'll throw away stuff you've done with the other config tools, which edit the .cf file directly.

This is why I raise the issue. Every time, you tell me you get it - then post stuff like this.

Webmin is a fine tool, but it runs the risk of rolling back changes if you edit the .m4 file after you've used it to effect other changes. I wonder that you keep trying to ignore this very simple fact.

Vic.

Re: Not all that useful...

> I doubt you'll find any serious Linux setup that isn't behind a dedicated firewall.

I can point you at a few thousand...

> I would advise turning SELinux off on your CentOS boxes.

I wouldn't.

SELinux is very, very effective. Russell Coker used to publish his root password on his website and let you shell into his machine to play with it. It was quite a stunning demonstration.

SELinux often needs to be disabled because the admin doesn't understand it well enough - and that's fine, it's still a fairly new technology. But it should be left enabled if at all possible, because it really does stop bad stuff happening.

Vic.

> Not sure I agree about using Webmin!

Webmin is a Good Thing(tm). It dramatically increases the discoverability of a server's features for the uninitiated.

But as I say every time the subject comes up, it has two significant problems: you need to be *very* careful if you try to have multiple users (as it doesn't really have them - they're all subsets of root), and you shouldn't do much sendmail administration with it (it writes the sendmail.cf file directly, meaning the sendmail.mc file gets out of sync, so future .mc modifications will roll back your webmin changes...)

Vic.

Re: India??

> I don't think I've *ever* had a spam from India

Do you want some of mine? They've been very prevalent lately.

Very few spams get through to me these days, but my filters[1] really aren't helped by the clueless fuckwits who insist on terminating their SPF records with "+all". For the uninitiated, that means "yes, absolutely everyone is explicitly authorised to send mail on behalf of my domain".

Grrr.

Vic.

[1] Yes, I know SPF isn't anti-spam. But my Spamassassin rules consider SPF authentication to be fairly indicative of hammy mail...

Re: Something smells.

> I remember Deadrat in the early days

Your next phrase gives the lie to your memory stemming from "the early days"...

> no love from the developers because they were taking something essentially free and charging for it

RH were giving away a free version for years and years. CentOS only came into play when RH ballsed up the transition from RHL to Fedora.

Any anger at RH was because it *appeared* at the time that they were ditching the idea of a free distribution. They actually ended up doing something very different - hatching a free distro with community control - but we didn't know that at the time.

Vic.

Re: The simple script

> rpm -Uvh --force oracle-release-$version.x86-64.rpm

Not far off.

It does other things, though - like disabling your old repositories before it's downloaded the new -release RPM. Instant broken yum system if anything goes wrong.

And Oracle wonders why nobody trusts them...

Vic.

Re: This story makes no sense at all.

> What did I get wrong?

You confused Java the language with Java the VM.

Some parts of Android apps are typically programmed in the Java language, but Android handsets have no Java VM on them. They use the Dalvik VM, which is entirely different, being a register-based machine rather than the Java stack-based one. Think Z80 vs. 6502...

Vic.

Re: "They have promised to meet all costs faced by the police and armed forces."

> The reputational hit is rather harder to quantify of course.

It's fuck all. They're as useless as we all knew them to be.

Vic.

Re: Please don't insult OS/2

> it's not been used in these systems since

The Santander cash machine in Bitterne Precinct in Southampton runs OS/2 Warp. I doubt it is the only one.

I watched it boot a few months back...

Vic.

Re: Sea Fox Repurposed @Vic

> If navy divers baulk at 90m dives, then they ain't navy divers!

Nobody mentioned baulking at anything.

What I'm trying to point out is that a 90m dive is non-trivial, and you don't just plonk divers in willy-nilly.

Trying to take out a mini-sub with using divers is a non-starter.

Vic.

Re: Stupid design

> Don't mines detonate when something hits them?

That depends on the mine. Modern ones are somewhat more capable that the contact-spike things you see in war films.

Modern sea mines are typically looking for specific accoustic or magnetic signatures. This is why clearance diver kit is closed-circuit (to eliminate bubbling) and has all the chrome stripped off the brass bits (regs etc.)

CDBA is very, very expensive. But if you went in with a 5 grand unit like mine, it's pretty much guaranteed to blow up in your face.

There's bound to be a cheaper way to hunt mines and get them to explode than sending in $100K submarines. And it probably involves a Rasberry Pi...

Vic.

Re: Sea Fox Repurposed @Vic

> the Persian Gulf and the straits are at most a couple of hundred feet deep

Max depth in the Straits of Hormuz is 90m.

90m is a non-trivial dive on Scuba.

> that's not going to be a problem

How many dives have you done to 90m? How many to " a couple of hundred feet", for that matter?

> Moreover, floating or moored mines will be at the surface, or within seventy feet of it.

But a submarine would not. It would approach at depth, then rise to meet its target. To do otherwise is to make it an easy target.

Vic.

Re: Sea Fox Repurposed

> Locate Sea Fox, send in SCUBA divers

Scuba diving to 300m is possible, but it is not a trivial undertaking...

Vic.

Re: "runas" !~ "sudo"

> having sudo you can lock the admin root account to completely disallow login

You can also set up /etc/sudoers to permit only a limited subset of root's capabilities, giving users the features they need without opening up the whole box...

Vic.

Re: Getting to the truth

> I'd be 99% confident of identifying some banks who did the wrong thing

Isn't that a "Murder on the Orient Experss" moment? "They all did it".

> Is it worth £150 million to convict (say) 5 rogue traders

Yes.

The value of such convictions is not in getting some sort of revenge against those traders, it is to discourage others from following in their footsteps.

Vic.

Re: The curious thing about all this..

> It is not fraudulent to say that someone else is doing a better deal than they are.

Yes it is.

Section 2 of the Fraud Act 2006 says :

"A person is in breach of this section if he—

(a)dishonestly makes a false representation, and

(b)intends, by making the representation—

(i)to make a gain for himself or another, or

(ii)to cause loss to another or to expose another to a risk of loss."

Vic.

Re: A few sore spots with the GPL...

> In the case of statically linked binaries, the GPL is incompatible.

This is deliberate. The GPL sets out to copyleft all derivative works, and is generally successful This is a Good Thing(tm).

> The LGPL sort-of allows it -- you have to provide the binary blob as well.

This is not true. The LGPL permits linking against a proprietary blob. You only have to supply the LGPL work (as source).

> Often when companies do pass on the code, they do so under a NDA.

An NDA does not excuse the distributor from his obligations under (L)GPL. It also usually contravenes the "no additional clauses" rule (GPLv2 Section 6, for example).

> BSD looks close to what I want

BSD is a great licence, but it does not impose copyleft obligations. Given your misunderstanding of GPL, and your desire for copyleft, I'd recommend you look again at the GPL.

Vic.

Re: FOSS versus Crowdsourcing

> But fuck for-profit crowdsourcers with 4 Vesta. Dry.

"FERITE"[1] is probably the acronym you're looking for...

Vic.

[1] Right In The Eye