Posts by Kiwi

Of course if you can't see the need for customers, want to actively discourage them, or fail to turn up to appointments because you forgot to put it into your phone and your desktop computer then you wouldn't see the point.

And yet, strangely, throughout human history, people have been able to turn up for appointments on time, some without the benefit of clocks or a calendar system in their entire culture.

And I've had calendar integration with Evolution for a long time, not that I've used it for much. I can't remember the specifics of it now but in 2007 I could enter something on my feature phone (RAZR V3 for those who want something to make their smart phones actually seem smart!) and have it available on my calendar when I got home (only thing I can recall using it for is either a co-worker suggesting a recipe I entered to look up at home, or a TV show etc - still could have the computer tell me when it was due easily enough).

My current calendar is shared across a couple of bits of software on my tablet (was trying them both out, never came to a decision), Evolution on here, a mate's iphone and another mate's Thunderbird (because we have reasons to), and TB on my other machine. Seems easy enough to do, don't know why people say it can't be done without Outlook. Also tried creating calendar events from Evolution and Thunderbird. Both handled it, TB could perhaps use improvement but it's still more than most people would need.

So. What does Outlook have that others don't again?

And given your claims about business etc experience, why is it you believe that you need outlook's calendaring functions to have customers in business? If they're not customers, then what are those people who patronise firms who don't use outlook's calendar functions? My WOF place records all their appointments in a lump of dead-tree, sometimes as far as 6 months in advance. You saying that since they haven't been using outlook for the 40+ years the firm's been in business, they've not had a single customer?

Re: Buying non-cloud services

Microsoft's security model can deny US based staff and systems access to EU based data.

So, in the interests of doing a proper security audit, where do I download the source code for Office? Thought not.

Unlike say Google who's systems are based on Linux with its less powerful security model that for instance can't block access by root.

So what you're saying is admins on MS products cannot see clear text data "owned" by other users? So I can kill all chances of the administrator changing my config/desktop etc etc via "Policy" or otherwise just by changing the permissions on the relevant files? While we're on the subject, got any bridges you want to sell me?

--> looks like someone's sniffing something nasty in MS-land again!

Re: "They'll be back."

People always bring up AutoCAD.

Didn't you know that not only Western Commerce, but the entire existence of the FREE WORLD^TM is at stake unless each and every person in the office down to the youngest grandkid of the tea lady has a full fat version of ALL Adobe product, full Office, full AutoCad, every high-end game known to man (except the ones that don't do Windows).

That's why these people get so excited. Our very existence depends on these people having these things to do their jobs!

Re: Trump will want to be re-elected

so could this be the first time that the Soviets managed to dock a submarine in America?

Oh I'm sure that a Soviet successfully "docks a submarine" any time Putin and chump have a meeting!

You can't fix a bug you don't know about yet, yet you can't just let it lie,

So you crash the kermel. How then do you detect what was going on to trigger the crash? How can you fix the bug if you cannot trace what occurred? What if the bug is something appropriate in your init system that Cook&co failed to whitelist?

I wrote about something few days ago, and further comment here on this - I could've taken the server down and cost the company half a day or more of productivity, maybe cost them more than a day if we had to rebuild (if it was a hack you cannot trust backups - did the initial compromise occur today or was it 6 months ago and left dormant?).

We could've gone with "kill" and maybe killed the company as a result, or we could've gone with "monitor" and found out it was nothing after all. So we went with the sensible option, watch for anything of real concern.

Your approach would kill the server the instant a Chinese or Russian IP took a look at the system "JUST in CASE there's UNKNOWN bugs". The rest of us say "Lets wait till we know for sure, unexpected behaviour may only be a minor bug and it may even be perfectly acceptable behaviour that hasn't yet been whitelisted".

That's why Cook got blasted, and that's why Cook agreed it was a bad idea

But to fix the root problem you have to IDENTIFY it first. Meanwhile, you still have an exploit avenue potentially being exploited while you twiddle your thumbs.

In that case, the only prudent thing to do would be to turn your machine off and remain disconnected until you hear there's an OS +apps that is totally bug-free.

Care to demonstrate the effectiveness of this solution for us?

"Word warns you when opening such a document."

That's gonna stop a lot of users! ;-p

I've seen people somehow manage to have the mouse in position to click away UAC warnings the microsecond they appear (a decent concept except for the "user hits the 'make it go away NOW!' button" problem). I don't think warning dialogues from any other software would last as long with general users.

There's no slowing stupid :(

"Never ceases to amaze me..."

Really? How amazing is claiming "opening a text file (document) still gets the machine infected. In 2017."

A couple of us showed you links to articles on El Reg covering that. Why don't you go and read them?

or you are assuming other commentards know sweet fuck all.

With posts like yours, assumption is unnecessary.

problems like the Morris Worm

Never ceases to amaze me how, when talking about modern Windows flaws, MS shills have to reach all the way back to 1988 to find something almost as bad in *nix...

Comparing modern MS security to 1988 Unix security. Way to show how great the security of MS products is!

sudo rm -rvaf /mnt/redmond_mscdev/windowssource

I was expecting he'd be expected to use Windows tools to do the job.

But now I write that I see the huge flaw in my thinking.. You cannot 'use windows tools to do the job'..... [now where's a bridge for me to hide under?]

Re: Google's Pixel security team

In a practical sense a large program probably does have bugs but if a problem is logical then perfect code can be written.

I agree that it is theoretically possible to write bug-free code even for considerably large programs.

The problem is, that code also has to interact with the rest of the system and the users. One of those two will break it. And if the users don't break it, they'll break something else that then breaks the program.

Re: Bad behaviour

Hmm, doesn't bullying people kinda belong to the past century? If it were anyone but Linus, we wouldn't be excusing it.

For some of the "precious little snowflakes" out there, even your post would count as bullying! (both the "belong to that past" snub and the implications behind "anyone but..."). Yep, probably not what you meant but it can be really hard NOT to trip over the lines that the PLS's and SJW's (are they actually different?) call "bullying".

(And I suspect that, aside from the use of PLS and SJW, just calling your post "potentially bullying" falls over one of those lines as well!)

Wonder if Linus can spare a few hours going of Windows code, should be good for a laugh how much he would strip out.

I'd suspect "deltree" would make a significant portion of his work in that case...

Re: Can't disagree..

All that said, and while I think Linus is a very bright guy, I don't think I'd want to work for or with him--I work in a toxic enough workplace already.

Every few months we see a story where someone has royally screwed up with security (most commonly Pottything and his ilk I believe, ICBW) or something else that "breaks userland" and/or causes significant kernel issues, and Mr Torvalds lets loose at them.

What we never see is how often he praises good work, or even if he praises good work. I guess "Linus says 'Well done'" isn't as entertaining as "Linus says 'F*cking morons'" in a headline.

[caution : wild tangent follows]

I've let off at underlings at times, and I've been the underling the boss has been unloading on me (deserved over a mistake that cost the company at least a full days productivity and several $thousands - c/w with another time as a junior I followed instructions as best as I knew and it took 3 of us 5 days to clean up the mess - no telling off because I did what I was told but was not warned of a "gotcha" that got me).

People who do consistently good work don't get told off often. Maybe they get praise, maybe not (after all a good quiet worker sadly gets less notice than a not-so-good worker). Sometimes they make a mistake and get a mild chastising, sometimes we make a costly mistake and the boss, being human, is so hurt and/or angry that they cannot help but let go.

And sometimes they get so sick of seeing the same stupid mistakes...

I've worked in toxic places, and I've worked in places where the boss gets shouty and sweary when you make a significant mistake or repeat a certain level of mistake. The two are not the same, and toxic places don't tend to last long whereas "shouty+sweary when deserved" places can last quite a while. The boss of the last one I was at is still a good friend, even though I was one who got shouted at the most (but then I also spent the most hours on site and had the most technical jobs ie most chance for mistakes)

Re: inter-intelligence sex.

Re: inter-intelligence sex.

Maybe he means his partner is

Wow. For someone crying about the amount of alleged "hate" in Linux forums, you're sure pouring plenty of it into this thread!

Re: Linus Torvalds is a f*cking moron?

now I see why when questions are asked in Linux forums they are answered with abuse by the penguinistas,

You'd prefer the "Help, my computer isn't powering on! No lights, no noise, nothing!"...."Oh just do a system restore from the control panel" of the windows forums?

Re: Linus Torvalds is a f*cking moron?

It's lucky most projects don't have project managers like Linus Torvalds. This sort of behaviour is not how you get the best out of people.

And yet it seems that devices using software he developed outnumber devices using the same class of software developed by everyone else. Guess he got something right in his people skills if he was able to get enough buy-in from the world to make that happen.

It is bullying behaviour that shouldn't be tolerated anywhere in this day and age.

Pot to kettle : You're black. Over.

(IOW, check your own post for "bullying behaviour that shouldn't be tolerated anywhere")

Re: Linus showed extreme tolerance, as usual.

nobody could ever hope to rise to such levels of advanced muppetry

Linus's OS¹ Usage : Most devices globally.

Yours? In fact, how many people around the world even know your name including all your pseudonyms?

¹ yes yes I know he didn't write the whole thing from scratch himself, but he did get it started, and was a good enough marketeer that others joined him in his Noble Cause^TM

Re: Userland

If I believed that someone had hacked into my server, would I try to patch and repair and keep the server going? or would I format the box, and rebuild it?

Funny, I had just this issue. The option taken was to watch and learn, then act.

Could've gone your way, taken the server down, spent a few days rebuilding (restoring from backups wouldn't have been an option for me, I can't say if there was an earlier intrusion that'd let the miscreants back in), restored the data and databases, and (at a huge cost to the company) had a nice clean server back up.

Instead the issue turned out to be the password-equipped boss having installed a torrent client, and we resolved the issue without downtime (traffic spike, connected IP's from Ukraine (and other places but they stood out to me for some reason). I could've done the oft-suggested "nuke from orbit and rebuild", but there's a lot of costs involved in that. When it means people can't do their jobs while waiting....

Not every business that has a few servers has large fault-tolerant server farms, not all can even afford the power to run such things let alone hardware, IT staff etc etc

And yes, had I seen any signs of actual intrusion we would've been looking to rebuild ASAP (still got monitoring windows open here as I'm happy all is well, but I'm going to keep a weather-eye on it for a while longer yet)

[Icon coz I suspect that when he and the wife discuss things at home tonight, well....]

Re: Build statues in honor of Linus

Not that he has been doing a particularly good job at that, or shown much security clue, but certainly more clue than Linus.

I've spent a little while over the last couple of days remotely monitoring some suspicious traffic on a machine I part-time administer for someone else.

My philosophy is "watch, learn, act" - I watched, I spent some time learning about a few processes and tools I'd not yet had to learn about, and I acted - in this case to decide "almost certainly nothing to worry about" but make a few system changes to lessen any potential attack surface (as far as I can tell it was "none" but a little bit extra security should be fine). Oh, and to run a few other basic security checks.

Now, I could've run "sudo shutdown -h now" which is pretty much the equivalent to what Kees Cook would've done, but that a) would've not solved the problem and b) led to other problems, like the server not being able to perform it's other duties.

If I'd "paniced the kernel" (ie shut down) everything stops - monitoring, logging, ability to watch what's going on, and the ability for some of the staff to do their jobs. "Suspicious behaviour" that turned out to be a non-issue could've had his staff sitting around twiddling their thumbs while I travelled to location, isolated the machine from the network (the arduous task of unplugging the patch cable), and proceeded to spend hours upon hours scanning for the "cause" while also trying to check and if necessary secure the router and so on, or it could be left up, checked in-situ for the nature of the suspicious behaviour, with a phone call from me to do an urgent power down (pull the mains plug) should it look like more of a risk.

[BTW, the action? He'd thought it'd be great to chuck a torrent client on his always-on server, and later denied knowledge - the persistent Ukraine addresses probably weren't hackers trying to come in, they were most likely other clients wanting the series he'd been downloading - so the action was 2 fold 1) to have a discussion with him, his wife, and a couple of the other staff about system security and 2) to lock him out of the server admin (ie change the password). I do have to figure out a secure way to make it available (in case I'm not available) but so that he cannot get it without bloody good reason

Oh, and for some reason Nethogs wasn't showing transmission in the list, or any programs, just IP's (hence why I didn't detect it much sooner) - I see on some machines it does and some it doesn't ^O^ .

At least I have my Christmas travel costs sorted after this ;) ]

Re: Appalling ad practice

It's difficult to take you seriously on this topic when the read is ruined by the ads you plaster over the text which can't be dismissed. Frankly, you are of the same ilk.

I use AdAway^TM. Gets rid of those 'headachy' pains you get on a regular basis.

(Or you could use the more generic uBlock Origin or another adblocker if said ads really get too annoying (and video ads on El Reg are why I use ad blockers, had El reg used static ads I'd never have discovered ad blockers instead kept limiting my web use to sites that don't piss me off - El Reg had content worth trying to see more...)

Re: NCR

IT was quite physical in those days:

I am so glad I missed most of that!

I don't think I've ever seen a card reader. Or a punch card for that matter (though I can understand the concept easily enough). Nor paper tape (aside from ticker-tape used in high school to measure speeds and/or acceleration). FTR though I've seen a large tape reader in a very large wardrobe-size cabinet, I'm not sure I've seen a data tape. I have seen some of the old HDD platters - the ones about the size of a washing machine.

Semi-fortunate to have missed some of that era!

Re: Wait, the door doesn't re-lock until it's instructed to?

"Any fool knows that a sensible burglar alarm will have a backup battery so that it continues to operate even if the incoming mains takes a break."

And anyone who actually knows what they are talking about will tell you that the average system has a 2Ah battery and that PIRs draw maybe 30mA each. So in an average house with 4 PIRs the system will be dead in less than a day after you pull the power! Not exactly hard to take advantage of!

Got a tiny one from a mate's alarm next to me (paper weight now). It's the smallest SLA I've seen and it's a mere 4.5Ah battery. Most alarm batteries I've seen are closer to double the physical size, but I'd have to go digging for an old one (still part of a security system, in a box on a high shelf that looks "interesting" but, well, know what you're doing when you pull it down....) to know what the rating was.

The 4.5Ah battery at several years old kept the alarm system functional for 12 hours last year - the panel was lit and beeping every few minutes just before the power was restored after the Kaikoura earthquake (power was out for not quite 13 hours in our area). That said, some 6 months later it was completely stuffed.

It's rare for power cuts to last that long, and in most households someone would be home inside a 12hr period most days. But if the battery had to power a few cameras as well, and keep them online, then even an 8Ah one would struggle to keep up more than a few hours.