Posts by big_D

Re: History repeats itself

The problem is, the pictograms are often ambiguous or have absolutely no relevance or context for the person looking at them.

The example in the article, I could actually correctly decipher 4 of the symbols, confused face (very apt), sad face, stethoscope (just about, given how small they are) and ambulance.

Re: History repeats itself

The problem is, with the example in the story, I see white man in white shirt, coloured person, TV, confused emoticon, ambulance, office block, stethoscope, sad emoticon.

I'm sure most medical terms and Latin names don't have emoticons. When I go to the doctor's, here in Germany, they speak German, which is a 2nd language to me, but the medical terms, especially the latin names, are universal.

A couple of times, the doctor has used the colloquial German name for an illness. I've never heard the name or can't relate to it, so they have used the Latin name, which is the same in the UK and Germany, because, Latin, and I knew what the doctor was talking about.

I'd rather they dropped back to Latin names than start showing me meaningless symbols.

I just checked emojipedia. Lung cancer, leukemia and meningococcus also Neisseria meningitidis. None of them have an associated emoji.

What is the doctor going to show you if you have lung cancer? sad smiley, crying smiley, blue face, screaming and gravestone? Very helpful!

Re: How can Facebook be encrypted end to end?

Apple wanted to do that (checking CSAM on the iPhone, before it was uploaded to iCloud), that kicked up such a stink about the sanctity of the personal device, that they have put the plans on hold, for now.

The problem isn't just CSAM, it is, if you start looking for CSAM, why not look for homosexual images for certain Eastern Block countries? Or anti-government posts in China? Or anti-royalist comments in Thailand? Anti-abortion talk in the USA?

Here, in Germany, the Constitutional Court backs E2EE and the state has to get a search warrant and install the "Staatstrojaner" on suspects devices in order to monitor messenger traffic.

It seems to be Microsoft's mantra at the moment, "break it and move on!"

Our boss suddenly had problems printing Word documents. Printing the document works, printing a page work, but printing a range doesn't! Turns out it was a bug introduced recently and no fix released, but using a version out of the beta channel might solve the problem.

Sorry, not putting beta software on the boss' computer!

What am I talking about? Almost all software these days is beta status, or worse!

Re: A bit over the top?

The messages are private, unless the recipient is offended by what you send them and pass the message on to the abuse reporting team...

Or they make a snapshot and post it online, or they copy and paste it into a blog post or into another WhatsApp conversation...

At the end of the day, the messages are encrypted at rest, encrypted in transit, but open for the user to see and the user can do anything they like with the message, once it has been displayed.

Re: We've all done it...

At one customer, they has an UPS and it was religiously tested every week... That is, the admin for the AS/400 that was plugged into it went into the server room and pressed the test switch on the UPS, it reported success and batteries at 100%...

Then we got a new manager and he insisted that we do a full test of the UPS - that is, the power to the UPS was shut off. Internal test carried out, OK. Batteries, OK. Power removed, AS/400 powered down within 2 seconds, as in uncontrolled, no power after 2 seconds, silent, but for the sound of disks whirring down...

Turns out the UPS test and battery monitor weren't worth the thousands they had cost. The batteries were dead as a doornail.

Powering the AS/400 back on didn't go to plan either. The drives had been running for years. Once powered off, the dry bearings ceased and refused to spin the drive back up. A new DASD for an AS/400 back then wasn't cheap.

Power supply fails, the secondary takes over, the machine keeps running. The dead PSU can be pulled out and a new one hot-plugged (put in, without turning the machine off)

Network port fails, secondary (or, these days, tertiary or quaternary) takes over. You pull the dead network port/adapter and replace it and it starts working again.

Drive in RAID array fails, the rest carry on and the dead drive can be swapped out and the RAID rebuilt.

A catastrophic failure or corrupted system drive, for example, will still cause the system to fail, but a lot of key components are duplicated and hot-swappable, meaning the parts can fail, without the system keeling over.

There, motherboard or memory failure and things like fire and lightning strikes are about the only things to stop it working, other than the OS getting its knickers in a twist.

With redundant, not only do you have the resilience, you also have a whole other system that is shadowed and can take over when the primary fails - usually in a separate fire section and with a separate mains power feed and a separate network. Preferably in another building or on another site, if possible.

Re: Proliant server

Been there, done that.

The best was a DEC engineer. We had ordered a memory upgrade for a VAX 11/785. All jobs moved to the neighbouring machine, all users logged out and onto the next machine...

VAX shutdown, console says it is safe to power off...

Engineer goes behind the cabinets and... Nothing, nichts, nada... Then sudden shouts, squeels and a general blue tinge to the air around the next VAX's console.

Yep, the DEC engineer had pulled the mains isolator on the wrong machine!

Re: While I agree

Under ethical hacking (i.e. hacking into somebody else's computer or system(s) is usually contractually defined, to ensure that such things, or being arrested, don't happen - although there have been a couple of instances, where a researcher has signed in good faith and still ended up in a police cell, until the matter could be cleared up.

The grey area is websites and cloud services.

Re: While I agree

When I did my ethical hacking course, the most important fact that was constantly drummed into us was, you get an agreement up front. You define exactly what you can and can't do - how far into their systems you can go, not alter any data, alert the customer as soon as the first intrusion was successful, or do you go further?

If you are checking your own kit, then there are no problems about hacking it and sending bug reports to the developer.

If you are checking a company's security, likewise, you have a very hard contract to cover you, as long as you stay within the lines.

Where it becomes troublesome is for researchers looking for, for example, open databases on AWS or specific weaknesses in a cloud service etc.. In those instances, you are tripping over flaws in the configuration of systems that are open on the Internet. If you make your own account on the service and are testing the data in your account is properly locked down, you might be okay, depending on how the cloud provider feels on that day... But actively looking for faults to report is difficult, if you are caught, before you have submitted a bug report.

This is the grey area that needs to be covered by the law. If you are a genuine security researcher, you need to ensure that you have your back covered.

A couple of weeks back, in Germany, a security researcher (Lilith Wittmann) found a flaw in the CDU's campaign app. The app let canvasers register the houses they had visited and what they had discussed, so that houses weren't contacted by multiple people or if there were follow up questions etc.

She reported the bug to the political party. As a thank you, for finding a gaping security flaw and GDRP breach, they set the police on her! It created such a stink on social media in among the IT community, that they quickly retracted the complaint they had lodged with the police.

I think the CDU/CSU probably lost a lot of votes in the IT and Security communities in the upcoming election.

That is why we need exceptions. Even if you do it right, report responsibly, you can still land in hot water.

Maybe accreditation would also help. If you are a registered security researcher, that would at least give you a "get out of jail, until the full facts are known" card.

Obviously, researchers can go rogue or overstep the bounds, so there do need to be checks and balances, but legitimate researchers doing their normal work should not have to live in fear of being arrested.

Re: Cliche

Builders as well. Another time, we were having additional AC put into our server room, as it was being expanded to accommodate a couple of new mini computers...

The builder just strolled up, unplugged one of the microVaxes and plugged in his drill!

The "real" VAXes were fine, they were hard wired and had a huge, physical switch to power them off. But the microVAXes were using standard 13amp sockets.

Re: Cliche

That is how I learnt to save my work regularly...

I was writing documentation on a Mac Plus and it was getting late (18:30). I had everything finished and was putting in the index flags into the document - every word on every page that should appear in the index had to be individually flagged! (I would have thought, creating an Index list would have been more sensible, but, no, instead of typing out a thousand words to index, I had to go through 400 pages of documentation and flag each occurrence of each word individually!

I had been struggling through and saving the document would take a couple of minutes, so I had not saved for a while, to decrease the wait for beer-o-clock...

Then the cleaner bustled in and phup! My screen went blank!! She'd just yanked out the cable for the Mac, so she could plug in the vacuum cleaner! GAAAAAHHH!

Re: Don’t forget the OP1

From the rumours, they will be using Samsung Exynos chips with Tensor cores added.

This is about the likes of Kindle, Audible, Tolino, Storytel, Nextory, BookBeat etc.

If I want to read a new book on my iPad Kindle app, I have to put the iPad to one side, get out my Android phone, buy the book, switch back to the iPad, wait for it to sync, then download the book. Very seamless, Apple, very seamless /s

I thought naming the OS after a disease wasn't a good idea the first time round...

Re: Eh?

It was the same with Windows 9x, Windows 2000, Windows XP and Windows 7.

People don't like change, and when change is forced upon them, that thing they've been slagging off for half a decade is suddenly the bee's knees and needs to be kept at all costs.

XP was a pile of poop, when it was released. It was a security nightmare until SP2 came along. Then, people were used to using it for so long that many fought to keep it, when Vista and Windows 7 came along. The same with 7 going to 10.

Re: Eh?

My 2009 Sony Vaio Core i7 no additional series number, 1st generation, is still happily running Mint Linux and works just fine (since I put an SSD in a couple of years back).

I use it as a backup PC, but it works just fine. I also have a Pi 400, which is fun.

Tossing up, whether to put openSUSE or Manjaro on my main PC at the moment.

Re: How do I opt users out of this "upgrade" ?

To be fair, not all businesses. I've worked at a few companies that have used LibreOffice and some that have used Linux as the OS.

Especially in software security companies, I've found.

Re: How do I opt users out of this "upgrade" ?

I'm tossing up between openSUSE and Manjaro for my main PC at home. But for work, I'll just not be approving the Windows 11 upgrade in our patch management system.

Just don't approve it in WSUS or whatever you use for patch management.

I set up an extra group for trying out the new releases and Windows 11 will go the same way. It will be blocked for a majority of users and only released to a test group, once we are ready to look at it. Once it runs fine with the test group, we then gradually add other machines to the Windows 11 upgrade group, until all (eligible) PCs have been upgraded.

Re: For everybody...

This was anecdotal about how the level of "openess" of the Kernel fluctuated over the years. The code was open, but it was very closed to the ideas of proprietary drivers having the relevant access, which made it extremely difficult to get hardware working at times.

When a majority of manufacturers hadn't gotten the Linux and OSS bug and the number of developers available to reverse engineer video drivers, network drivers etc. was limited, there was often no way around using those proprietary drivers, until an open source video driver came along - in the case of the X600m, I think the open source driver turned up about 2 years after I purchased the laptop. But the distros and the Kernel devs made it as awkward as possible and made users jump through as many hoops as they could think of, in order to get a running system off the ground.

It was the difference between the Kernel developers and the distributions, and the end users. The former 2 groups were ideological about their solution, whereas the latter had more practical problems - Linux doesn't run on my hardware, I'll do what it takes to get it running, even if it need proprietary drivers until the OSS community can get around to producing their own.

It was this attitude, whilst understandable, that put so many people off using Linux. They'd try it, find they'd need to manually download drivers using either Lynx or wget, learn how to link the drivers into the Kernel through the command line, and then manually install a graphics shell over the top and manually configure it. And, if they were very unlucky, they'd need to source a network adapter driver from somewhere else, copy it onto the PC - manually mounting the media in the process - to be able to get at the website with the graphics driver.

That is a big ask of somebody who has heard how great Linux is, yet only knows how to use the desktop on Windows or OS X.

Once it is up and running, Linux is great, but if there are configuration problems, it is a real pain.

My mother came over to visit me and was using an old laptop (not the Acer, an older Advent laptop with integrated graphics). She said, "your Windows is much better than my Windows." She ended up taking that laptop back home with her, it was running SUSE.

Nowadays, thankfully, that sort of problem is few and far between with most off-the-shelf PCs these days.

Re: For everybody...

Yep. We used DEC VT terminals, IBM PCs and HP PCs with CP/M and DOS. The DECs used extended ANSI, the IBM PCs had an ANSI driver to allow it to emulate ANSI escape codes, but the HPs used their own sequences. We had different header files for the versions of our programs for each platform.