Posts by hayzoos

NTFS/Linux permissions

Does root map to administrator? What could map to Windows system account? Many possible ways around the problem and make a complete mess of the ACLs when handed back to Windows.

Well there's your problem

"was observed viewing intelligence content on TS-SCI websites"

Who thought making such restricted information so readily available on a system designed to easily "share" information was a good idea? Access control is at best a bolt-on afterthought in an HTML based system. You know damn well that the very same core as the WWW was used as the starting point to build these "TS-SCI websites" using web developers familiar with the current HTML tech so these websites are probably of similar technical quality.

AT&T sucks - I have no choice

I have been a victim of AT&T for years going on decades. I had resisted the fad of first holding a brick to the side of the face from mouth to ear, and later doing the same with a Star Trek communicator-esque flip phone. My employer back then had decided all support roles were required to be reachable anywhere including me which worked within a space where cellphones were verboten. They issued me a Motorola flip phone with service by Verizon. Then after the numerous "me too" company issued cellphone requests became burdensome, they changed to reimbursement. After having the Verizon phone for what I considered a long trial period, I had found that stomping grounds were poorly served by Verizon but well served by AT&T this included my mother's house where Verizon phones killed their batteries trying to find a tower. I visit mom often enough that it matters. So when I had to contract for my own cellphone service at the company's expense I chose AT&T in order to be somewhat useful.

Even at home AT&T had better signal than Verizon, more "bars" in general and I could go to the basement without losing a call. It was almost better than tolerable back then. When AT&T began building it's 5G system, signal at my place began to degrade. At times worse than Verizon had been. At mom's Verizon was still non-existent but AT&T was degrading as well, sometimes no signal, sometimes poor call quality, sometimes dropped calls. To this day it has only marginally improved. BTW I am determined to stick with my "grandfatherd" "loyalty" plan which is only 4G but avoids the 5G tax. As I hear from others 5G in my area is hardly an improvement even non-existent in some spots. I have no choice, I could go with a MVNO but that does not change the service coverage, but maybe time to check into the option again for other reasons.

AT&T does provide excellent customer dis-service though. Calls to complain connect quickly and are auto answered promptly with the finest examples of maladjusted proprietary hold "music" audio. These calls do not drop either while on hold. Many times the calls will even stay connected through multiple transfers to different departments where audio quality is remarkably diminishing at each transfer. Other times a transfer goes to an anechonic chamber where the silence is deafening or possibly the fates will decide the call should just drop. All the while the voices on the other end are frequently accented perfectly mismatched to one which will not be intelligible to the caller.

The fixes presented during these calls involve, restarting the phone, shut down removing and cleaning the SIM reinstalling and powering up, refresh the account provisioning and pushing related config to the phone, issuing a new SIM, use WiFi calling, try on another phone, unplug it and plug it back in, try holding it differently, fully drain and recharge the battery, fully charge the battery and redrain the battery, remove the protective cover, remove the screen protector, remove both the protective cover and screen protector, try from outside, try from the attic, try from atop the chimney, cut down the neighbor's tree, cut down the neighbor's house, cut down the neighbor's SUV, does the neighbor have a windmill, does the neighbor have solar panels, does the neighbor have a daughter, power off and then power on the house, sunspots, moonspots, leprechauns, ok try that and give it a day or so and call back for more help if that does not work. Please take the survey at the end of the call.

The online experience is equally wonderful. Second Factor Authentication or is that Multi-Factor Authentication, has become mandatory. I remember when username and pet's name were all that were required. Shortly after some high profile SIM jacking events they did provide an optional security code. And eventually the pet's name had to be longer than Dino then longer than Flipper then longer than Tralphaz so currently Mephistopheles looks very confused when I call them to the dinner bowl. Maybe I should use a more secure passphrase like Satan's Little Helper. The 2FA is very sophisticated and therefore secure, so I have been told in an accented voice. You an only receive the randomly generated code via SMS, but wait not just any SMS, only to a line number on the account's plan. My concerns of being unable to receive the code because of: 1) being out of coverage area yet have internet access; 2) having only one line on the plan but having a malfunction, pilfered, lost, destroyed device; 3) having internet access yet the cell service is down; or 4) other reasons I cannot disclose; have been politely and cheerfully dismissed.

Real fun ensued when attempting to login online when traveling and therefore using a VPN for a secure connection. The main website would appear just fine. The convoluted authentication workflow involved redirects to servers protected from hackers by denying connections from known VPNs. I found out through my own troubleshooting changing the pet's name yet again while on travel without the pet was not feasible. Many other websites had also begun using the very same hacker protection, so I now use an undetectable self-hosted VPN.

For the privilege of having to endure these fine levels of dis-service excellence one must be prepared to pay the piper, never mind the piper, no longer enough left after paying AT&T with rate increases at or above the rate of inflation.

On a related topic: New landline service is no longer available in this area. I only consider PSTN service to be landline. And even for those lucky enough to still have it or acquire it under extreme circumstances, the cost has risen to match or exceed cell service and reliability has degraded to cell service level or below. VOIP is not landline. Cable fixed line comes the closest, but requires power locally.

Has anybody considered...

An "UN-ethical hacker" had already found the "password" and accessed all the data. Given the company is a service provider to other businesses, all those companies would have then suffered a data breach. Considering the case is being heard in Germany, it would be safe to assume that large numbers of this company's business customers are European based or serving Europeans therefore falling under the GDPR.

This case would make an excellent distraction to such an event.

I think Modern Solutions should either provide proof of no massive data breach or face the consequences and unfortunately their business customers would have to face them as well.

I have produced copyrighted work which I have published. I have not granted license for LLM training. It did not exist at the time. LLM is a new use case.

I have also not granted license for wholesale photocopying. It did exist at the time. But legal standards had been set that permission has to be granted for wholesale photocopying of a copyrighted work.

I think the similarities of the technologies I compared should be considered in determining whether LLM training should be considered fair use. I do not think LLM training is fair use.

I do not care how "infeasible" it may be for an AI outfit to seek out permissions and provide compensation if the copyright holders demand it, for the vast volumes of training content they require. That is their problem, not the copyright holders.

procrastination pays off again

I have a work laptop with Windows. I configured Windows Update to its least automatic setting and identify network connections as metered. It lives off internet more than on. Its primary purpose is to produce reports and print them. I would keep it off internet permanently except some customers will accept emailed reports. Also the company has chosen MS Office subscription which requires going on the internet periodically. I have been putting off applying the latest update since it hasn't been convenient. I guess that may be why I can still print the reports.

I'll stick with a kernel panic message, thank you.

Adopting a BSOD is simply amusing. Dictating filesystem structure of the underlying OS?!? What next? Will we have to look for hosts in some subfolder under Systemd/WINDOWS/SYSTEM32/ since they will no longer be called directories?

What frustrates me the most about systemd is application dependency - real or imagined. You have apps checking for systemd on way or another during install or execution, but not truly needing systemd to execute. Then there are apps which become snap package only. There are people out there spending time on making snap packages work without the snap system and without systemd. Build from source you say? The source build environments have become equally bloated and convoluted. Rube Goldberg would be proud.

I installed Slackware to get away from systemd. Not quite. I looked into Linux from scratch, that project has also been infected. I have even heard of forking systemd to BSD and MAC worlds. Incredible! It is even worse than I thought.

Fully tested backups and affordability

So often backups are not tested. Some get lucky and have a good backup, then realize the time to restore is far more than anticipated. Proper backups should be tailored to the workloads and that includes the restore process and include a consideration for tolerable downtime.

The smaller customers who may be at risk of going under are with L&Z because of affordability, but maybe they cannot afford direct debit at all. But it is all the rage.

I use simple passwords for low risk logins and poor interfaces for good passwords.

I use a password manager and generate the longest passwords a site will accept. Repeating criticism of many above... Why so short, or why accept a longer for setting but not for login? Duh.

The master password I use for the password manager is 48 characters. I memorized it in 8 character chunks. A while back I had upgraded from 24 characters.

I changed the master password earlier this year because of a weakness found in certain Key Derivation Functions amplified when using a low iteration count. This was necessary because I started using the password manager long ago and recommendations changed since then.

All rights reserved

You really do not need to state anything in a copyright notice, the laws take care of that. Even the often included "All rights reserved" is not quite accurate. Traditionally, copyrighted works were intended for consumption by human subjects and frequently for monetary compensation. Legal precedent around copyright tradition is well established yet not complete. Now the new technologies of AI/ML are upending those traditions. There are parallels to the traditions and there are tangents. In legal terms those parallels may only be similarities and not due the same fair use treatment. The tangents may be given a pass or prohibited as fair use. The courts' opinions are what matter here.

So wrong

Biometrics can only be used as an identifier like a username, or IRL a name. NIST IAL2 was mentioned in the article, Without anything else, just having a biometric match is really only IAL0 - no confidence the identity is authentic. Even IAL1 (some confidence the identity is authentic) is a stretch and IAL2 (high confidence the identity is authentic) is way beyond what a biometric can do.

To raise the level of confidence in the identity, authentication is required. Stronger authentication achieves higher confidence in the identity. A biometric as an authenticator of an identity is weak. A biometric can be added to other authenticators for multifactor authentication to improve authentication.

In security circles this process is called I&A (idebtification and authentication). First an identity is presented like a name, SSN, a biometric, a username, or account number. If no further steps are taken, then you have achieved IAL0 - no confidence. If some level of authentication is performed such as presentation of a pin, or a password, or a secret handshake, or a key..., then IAL1 is achieved - some confidence. To go to IAL2, some strong authentication is required, either a proven strong single authentication factor like a hardware token or multifactor like a password and a token or a pin and an SMS delivered one-time code.

So many get this wrong.

Google is nearly everywhere

An informal survey of my important bookmarked sites has google in various hostnames on over 90% of them. I use a handful of tools manage third party content on sites I visit. I have seen functionality of sites requiring more and more of Google hosts' content. Google has a multitude of products/services for the website operator to integrate.

P.S. also present on www.irs.gov

weak 2FA

Is weak 2FA even worth the cons? Lost access to email or phone is a problem. I work in areas without cell services and cannot login when 2FA is only SMS. Implementations are shit. 30 second lifetime of the 2FA code, usually expired by the time it is received. SMS nor email is supposed to be instantaneous nor even quick. Recovery methods that completely circumvent any protection the 2FA provides.

email is not as insecure as it used to be as generally since connections between clients and servers and server to server tend to be encrypted and additional hops on relays to get from domain to domain are nearly non-existent. SMS on the other hand is relatively immature and has not implemented much in the way of security.

I have researched the server side of TOTP and there is not that much more work to implement support for an authenticator app if email or SMS delivery of the TOTP has been implemented. Good enough is not good enough and far better does not require far more effort. Even then, poor implementation could still negate the whole.

I prefer U2F but {whiny voice}"that is just too hard"

systemd is not an just init system anymore MX Linux is a systemd Linux

If systemd were just an init system, it would not be so reviled. It is the fact that systemd has taken over so much more that it is avoided by so many. It has not only taken over various means of functionality, but also ways of doing things. It is doing things in a more "MS Windows-like" way both in a technical sense and conceptually. It has managed to become a dependency in more than one area of functionality.

A Linux OS can be 100% systemd free. A Linux OS can be full on systemd. There is a third wide ranging systemd variety of Linux OS, less than full systemd in order to deal with dependencies. Because MX Linux does not use systemd init, it falls into the third category, barely. MX Linux is a systemd Linux OS on all other counts, and that matters more than systemd just not being the active init.

I do not think there is any Linux OS which cannot have systemd added 100% with relative ease. On the other hand taking a systemd Linux and removing systemd ranges from not to hard to nearly impossible. The systemd cancer is beginning to take hold even in Windows through WSL. There are efforts to emulate systemd through compatibility deamons on BSDs to allow some Linux origin software to run.

It is the dependencies on systemd which are making matters worse. I have been able to overcome some of the supposed dependencies by manually installing a "service". But other dependencies are far greater and would require a rip and replace of a major part of a package and possibly easier to rewrite the whole package. Software dependency on systemd has to be considered part of the cancer.

There should be an organized effort to make software and Linux "systemd not required"

late comer to Slackware

I dabbled with many an OS over the years (too many since 1978). Windows brought in the living money so that is where I spent most of that time. On my personal machines I also used Windows out of bad habit. I did try others from time to time to break the habit, but never happened across Slackware, Slax and Porteus were close. At one point I had committed myself to use Linux starting dual boot with Mandrake from CDs I purchased. That was the dial-up era and CDs via post was faster than downloading. I gave up again when my ISP refused to disclose configuration changes they had made to their pppd to support Windows connections.

When Slackware 15.0 release was announced, I made the jump. Prior to that I went to Mint when Windows 7 went EOL. I was not aware of systemd. Too much of Mint just wasn't right because of systemd when i was poking around under the hood. Slackware is much closer to the *nix I had used before. systemd may not be installed, but it leaves its mark through other softwares' phantom systemd dependencies. It does use elogind from systemd. It could be changed to be more pure non-systemd, but it is systemd-free enough for me. You can even install systemd if you like, Slackware is that flexible.

I have been installing Slackware 15.0-64 from the "live" version. I am comfortable enough with it for the friends and family installs.

May the Slack be with you.

And the answer is 42.

Telecom Industry Standards

Experienced similar telecom shenanigans multiple times in multiple jobs. First job out of university I managed to work my way up to Head of IT (only 25 people in corp office, single step up from bottom rung). This set me up to oversee the tech aspects of the office move 40 miles from the then current location. This involved seven phone/fax/modem lines, and a small capacity DID trunk line. Bell of PA which was becoming Bell Atlantic - PA which later became Verizon - PA all formerly known as Ma Bell under AT&T said they could only provide four POTS lines and the DID trunk line with a 2 week delay for the additional three POTS lines. I had to do some quick learning of the advanced configuration of the Merlin Legend phone system and came up with a workable solution. No more dedicated lines! All incoming would be on the DID trunk and outgoing from a shared pool of POTS lines whose use I could configure in the system far more simple actually. It turns out the existing configuration was advanced and complex because it grew ad-hoc from two POTS lines phone and fax with published numbers and rollover and dedicated modem and all going away because those numbers could not follow our move. But the DID trunk numbers could because they were regional and the move was within the region.

A number of years later I was with another company a hundred or so miles away. We were a private payphone (as a service) company as opposed to phone company payphones. We were servicing one of our rapidly expanding convenience store customer's new locations in the same area of my previous job's office. We were required to provide four payphones each requiring a POTS line. The store itself required about 8 lines. We had our order of four lines in and confirmed to be live no less than ten days before store opening. Then the customer put their order in with Verizon - PA which did not have eight available lines. Verizon gave them two lines from our order, without notice. Our crew was there to install and connect the payphones ten days before opening. They called me because there were only two lines with our name on them. I called Verizon and this is when I found out what had happened. We were obligated under contract to have four working payphones five days prior to opening. That requirement was reduce to two in this situation. Funny thing though, somehow, without us pressuring them, Verizon came through with our two additional lines six days prior. I think somebody with our customer knew somebody at Verizon who could make it happen.

Not enough lines, happened many times. Now no new ones going in, you have to wait for Widow Smith's line to become available.