* Posts by John Deeb

252 posts • joined 3 Nov 2007

Page:

Bulk interception is NOT mass surveillance, says parliamentary committee

John Deeb

yes they can!

The committee established that "bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtains a specific authorisation naming that individual, signed by a Secretary of State".

Summarized with "yes we can do that if the right person pushes the right buttons but trust us!".

Thereby misunderstanding the majority of the resistance against this mechanism: that its presence becomes already the abomination because only a slight change in legislation or national emergency level could easily change this "signed" procedure. The only proper protection against this is then by not having the infrastructure at all as it will take a lot of time building one from scratch. It's the same with nuclear weapons as there's only way to make sure one doesn't end up using them in ways that will extract a price too big to pay.for all.

3
0

CIA re-orgs to build cyber-snooping into all investigations

John Deeb
Big Brother

Just regard the NSA as the Google of American Intelligence Agencies. The NSA collects while, amongst other interested parties, the CIA wants to do the looking and analysis. The NSA, like Google, always has excused collecting and storing of other people's data with the claim it's not constituting any violation of anything because machines do not "invade" anything by just the processing or storing. That's a rather weak logical basis but considering the scale of businesses and secrecy build on this precept, the consequences of such reasoning.are staggering and seemingly impossible to challenge. Actually only more agencies and IT companies are getting aboard that same high-speed train to nowhere as we speak.

3
5

Dutch MEP slams 'cowboy practices' of GCHQ 'n' pals following Gemalto allegations

John Deeb

DavCrav: "... then say they didn't know about IS seems a bit weird."

The larger point is here of course the failure of proper intelligence reaching the desks of policy makers and ideally entering their minds. Despite all the high tech cowboy spying and drone flying, enormous intelligence errors appear to occur more as rule than exceptions, for example: Iraqi WMD, linkage between Iraq & Bin Laden, 9/11 hijack & crash threat, airspace readiness, Iranian nuclear bomb and consequences of meddling with Libya and Syria for regime change.... all disastrous advices and reports if not meddled with by politicians of course - hard to say at times.

The moral of that story is that computers, hacked or not, like communications, hacked or not, rarely make a government or a human being for that matter one ounce wiser. Any seasoned IT professional should already know that! If anything, computers and modern communications dumb down, overreach, distract and inflate in spades. Especially politicians seems to be vulnerable - even more so than teenagers!

4
1

They've finally solved it: Schrödinger's cat is both ALIVE AND DEAD

John Deeb

ambiguous

Reality remains fundamentally ambiguous -- especially while trying to study it with more and more observations. What we call object remains all movement trying to escape analysis and almost succeeding.

1
0

Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*

John Deeb

Bigger Brother keeping an eye on Big Brother

The puzzling thing for me about Clapper's bragging is that one can hardly justify any moral or legal objection against this Sony hack when you just admit you've broken into and basically control someone else's digital properties (spanning a whole state) all for your own benefit. Then lets call the Sony hack a "vile" act from the NK state hacking department. But violation remains violation. What is the difference between a burglar hiding forever in your closet or take some stuff, run off and show the world? The basic crime is really the same and all potential intelligence "benefits" seem like more of the same to me too, that is: relative.

It's weird though this picture of NK controlling their state with a system of control and NSA controlling that system again in the digital realm.

Bigger Brother keeping an ever watchful eye on Big Brother?

0
0

Snowden leaks lack context says security studies professor

John Deeb

Re: Disagree

Androgynous Cupboard, you're so wrong there:

"Snowden was a system administrator, not a spook"

Since he was sent abroad with diplomatic cover it would classify as spy in most books. And the term "system administrator" is something the feds suggested. Deeper investigation by several newspapers reveal a way broader expertise and training.

"but almost certainly doesn't have the knowledge to put any of them into context."

But Snowden didn't publish them! All the background check, verification and expansion appeared to have been done by a team of journalists and their contacts inside and outside intelligence. This is well documented by the way so you're commenting in lazy mode.

Not sure why you dismiss so quickly tapping fibre at the bottom of the sea either. It was one of the most believable parts as it would be the logical place in those hotspots of the world where they could obviously not get into the main access points or core routers.

0
0

Why has the Russian economy plunged SO SUDDENLY into the toilet?

John Deeb

commodities vs common moods

"If you're wondering why economists harp on about that efficiency, that TFP, so much the reason is one that Karl Marx not only understood but popularised."

Hmm, how do I read that convoluted sentence exactly? I think I might agree :-)

In any case, this all assumes oil and other resources to be commodity which only works as an abstract, unlimited entity. But oil obviously isn't. Actually it depends on vague calculations on "Oil Peaks" and the various cost analysis and estimates for new fields and retrieval methods. Right now they are generally way more optimistic and hyped than they were earlier. It's not inconceivable that world instability and/or regime changes are just another tool for influencing or stabilizing oil prices on the long run.

The story about efficiency is generally true but does not really apply for the principle of scarcity. When that happens, it's all about perception, prediction, belief and ability to stabilize (eg OPEC pricing schemes). In my view that's exactly the global chess board right now. No matter which "model" one takes, the power of mood and emotion are the most defining in the larger economical games corporations and politicians play. Which does introduce the topic of (civil) wars and rumours of war rather quickly in these sort of discussions.

1
1

Useless 'computer engineer' Barbie FIRED in three-way fsck row

John Deeb

Life in plastic, it's fantastic!

Not sure why some people were so upset by this Barbie episode. It's always been a teen-age fashion doll, that was the whole point! She was supposed to be superficial and stupid while having as many accessories, friends and glamour as possible. Although it's based on a certain actually existing type who are around already since the 1950's and arose with modernity I suppose. But to start now to wonder if the doll might be still encouraging the Barbie in the child.... that's really,...uhmm naive? It's the Barbie World which influenced and influences the doll as icon and gadget. The criticism on the book is like believing FPS games has signicant influence when ti comes to murder in the streets or terrorism. A message then to all the upset women and men: the doll is not meant to educate. If you think education has anything to do with the doll or the books than you should get a job in the fashion industry for a few years and learn how the business, and the world, really works. It will make you laugh more and cry less about these things while at the same time realize the modern world is very much populated by the Barby types seeking assistence everywhere but not because of education or toys.

11
1

Russians hear Tim Cook is gay, pull dead Steve Jobs' enormous erection

John Deeb

Re: Cheap dig

Smartypants wrote: "Putin != Russia, no matter what the propaganda suggests."

Indeed ... although you have it possibly the wrong way around here as homophobia is very much prevalent throughout the population of Russia and way less so with Putin (if at all). Your rather naive sounding opinion on what "Russians" (as nation or ethnicity?) desire and what not appears also to be in conflict with your belief that they are "not a monolithic" people. While in fact they are, at least compared to "European" or "Western" people.

1
0

MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less

John Deeb
Mushroom

Orbital nag

"Nag it from orbit. It's one of the many ways to make it less sure".

4
2

'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts

John Deeb

the war on rudeness

Wow, the War on Rudeness.

It might become just as costly and pointless as the War on Terror.

Plus, it redefines the definition of "troll" to something else altogether. But that's part and parcel of every modern war, redefining words, I suppose.

21
2

NetWare sales revive in China thanks to that man Snowden

John Deeb

Re: Developing NLMs

A Non e-mouse: "This was due to NetWare not having a protected memory model like *nix or Windoze NT."

Utter Nonsense! It was not much different when developing kernel modules for Unix or anything video related for NT4. Most people's problem with NLM's were caused by a) it operating in the lower ring or more often b) exposing a bug in the buggy main kernel or c) not knowing how to deal with a crashed NLM.

Protected memory worked way better since Netware 5 but as you said, by then it was already writing on the wall. There was no comeback from the lure of having a Windows operated Application & File Server combo, no matter how slow, insecure or unmanageable and featureless those turned out to be for a long time to come. The intuitive looking interface and seducing promise of more (visual) integration between client and server was enough.

1
0

LOHAN crash lands on CNN

John Deeb

Re: KARDASHIAN

Upvoted, seems an improvement over mine. Still I think the 3d printer reference would be nice to retain. But does it blend? And of course we know nothing yet on the design but it needs to be ass-kicking! Double the kick.

Kickstart Assisted Revised ³D Automated Spacecraft Having Intelligent Ass-kicking Navigation (playmobil pilot included)

1
0
John Deeb

first try at that acronym

KARDASHIAN hmmm, a first dash at it:

Kickstart Assisted Revised ³D Automated Space Haunting Intelligent Agile Nipper

1
0

Antarctic ice at ALL TIME RECORD HIGH: We have more to learn, says boffin

John Deeb

Re: Antactica is melting too

Def "not that fucking graph again", lets hope you never will put your money in any stocks or shares. If after 18 years the value is still at 0.24 above the long running average then there was effectively zero growth. What you are thinking of perhaps is a different question: is the Earth surface temperature still warmer than the long running average of 30 years? Yes it is but that's "globally warmer" not "global warming" as defined at least by for example EOS/NASA.

Normally the usual goalpost widening starts here to describe the Earth as one giant energetic system where the "warming" is some process that is taking place especially in all the hidden corners. Some would call that process "change" by the way.

1
0

Sir Tim Berners-Lee defends decision not to bake security into www

John Deeb

Re: HTTP or HTML?

Mage: "email" <> SMTP/POP/IMAP

The point of the article is that sometimes a protocol becomes adopted because of its apparent simplicity and ease in use and implementation. And after setting up a couple of X400 gateways in the 90's I could see why (while not completely agreeing with it). And many secure mailers still use X400 based exchange.

Same story some might tell about IP vs IPX or even Microsoft vs OS2. While you can wish the world would wait and think before it acts on implementations, that doesn't mean the world will listen to that advice. The world doesn't revolve around finding "sound solutions" but more often about "who is first".

1
0

Stunned by Shellshock Bash bug? Patch all you can – or be punished

John Deeb

Re: Meanwhile on Solaris

AC, I'm pretty sure Solaris 10 has the Bourne shell as default. Your example should not invoke "/bin/sh" then.

0
0
John Deeb
Boffin

Mongo: "That's an evil DHCP server sending shell script to the client,"

That's a disturbing application of the shellschok misfeature. I might change my mind on the scope now.

Then again, this example is then also about the insecurity of DHCP client-server model (unauthorized DHCP servers being a well known and unpatched attack vector). Plus the proof of concept will probably work only with the DHCP client using the dhclient-script process (written by Ted Lemon). For some reason they found it nice to pass parameters to the subprocess by setting environment variables. It's the naive, 80-90's somewhat lame but also consistent "CGI approach" -- deeply embedded (in my view) in some of the UNIX philosophy of the time: everything a file, composite approach, interconnecting well made general tools through simple, transparent mechanisms, etc. But it makes it too easy to trick as well ("worse is better?") with all the current day security challenges.

0
0

Hackers thrash Bash Shellshock bug: World races to cover hole

John Deeb

bigger than jesus

Do we really have to be worried about those leaky CGI scripts? Bigger than Heartbleed? Which financial or government institution, social network or hightech company works with CGI still this century? But HTTPS and OpenSSL, that was being used. Therefore it seems to me silly to say "bigger than Heartbleed".

The local worm effect is a worry but it might be tricky to write something effective to run on routers and control devices everywhere. Again I'm not sure if a) Bash would be in use so much there and b) privileges of web daemons would be restricted more or less on those devices making it hard to run the hack tool universally.

Somehow I smell a scare being employed and perpetuated by a security and expert world in need of excitement.and audience. This is a common phenomenon culturally these days.

1
2

Emma Watson urges UN to back feminism – trolls threaten to leak her 'nude selfies'

John Deeb

rotten tomatoes

Emma: "Both men and women should feel free to be sensitive. .... start defining ourselves by what we are — we can all be freer and this is what HeForShe is about. It's about freedom."

But this implies they also should be free, men and women, to be very insensitive and defining themselves as a troll, by haunting celebrities on soapboxes? Her rhetoric goes nowhere. Since the dawn of time the person on the stage has been subject to praise and rotten tomatoes in all shapes and forms. The whole world wide web is a stage nowadays and we are merely surfers, icons, avatars and tweets. This whole thing seems up-side-down logic: the limelight is so harsh, please dim the audience!? Keanu Reeves has more right to complain with the female stalkers in his house lately.

0
4

YES, I have ridden the UNICORN: The Ubuntu Utopic unicorn

John Deeb

"If you love Ubuntu for the Software Center, Kubuntu might disappoint. Kubuntu uses Muon for GUI package management, which lacks some of the hand holding that made the Ubuntu Software Center friendly to beginners."

Muon? As Kubuntu user of a few years old I've always ignored that name and just started Software Center. Not sure how more options could disappoint! And as an aside, I'd happily try something else than KDE but every time I try any other sane flavour I end up running into major bugs or insane impracticalities. But I really would like something else, simple, clean yet powerful. Lets hope something "mateures" sooner or later!

1
0

Cave scrawls prove Neanderthals were AT LEAST as talented as modern artists

John Deeb

the title of the master piece

I'm pretty sure the original title waS:

"Bored Neanderthaler locked inside a cave"

0
0

Siri: Helpful personal assistant or SERIAL APP KILLER?

John Deeb

Just one of many, really

Voice control as one of the many user interfaces. What will liberate (not kill) the app market is the complete freedom to interface with any app with voice control being just one voice in the crowd. Maybe I want specific gestures, automation, external sensors, mind control, a mouse, normal touch, secure locks, childproofing etc. Same reasoning on output, flexibility in how and where to display things will have to grow as well.

Standards will set us free. Single interface designs are pipe dreams. The world of form is legion and will always demand more ways to access it, not less.

0
0

MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS

John Deeb

cult in need of advertising

From The Mirror: The whole town came together recently to help buy a huge widescreen TV for our community centre so we can all watch soap operas together. "And there's always time to stop and gossip, try on each other's clothes and do each other's hair and nails."

They do not really advertise, ehmmm, the romancing part, do they now? Their first catch should be an advertisement guru to create more illusions about wild romances and complex triangles. I mean the article does say they "share everything". Until the snake in paradise enters I suppose: the village will become soaked in blood when jealousy rears its ugly head.

3
2

NIST to sysadmins: clean up your SSH mess

John Deeb

"NIST points to the vulnerabilities in old versions of SSH"

Wasn't Heartbleed, being related to a new feature, present in what was at the time the latest major version but not present in many older ones? The exception confirming the rule then? While applying patches remains crucial, proper monitoring of (unusual) activity remains key in my opinion.

2
2

Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy

John Deeb
Trollface

Re: Logic fail

Killing Time: "A delusional egotist whose relevance faded several years ago."

Still way better than being a delusional egotist who never had any relevance at all, mostly because of lack of sufficient skill, understanding and balls. In my opinion that sums up 82.4% of Assange's critics and 24.5% of his supporters.

3
16
John Deeb

Re: "Soon"

Ross wrote: "downvoting... doesn't bother me."

A whole post to explain yourself because you noticed some down votes? Do you have any self-reflection at all? Anyway, your posts were just bad on many levels: humour, comprehension and information wise. That's all that there's to it. But keep looking for that "other" reason if that makes you happy...

28
10

Panic like it's 1999: Microsoft Office macro viruses are BACK

John Deeb

Yeah, just like..

"There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled."

Yeah, just like with HTML and Javascript.

Oh wait...

1
1

Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage

John Deeb
Pirate

speculation

"The timing of the outage came just days after the BBC's Internet Blog ... celebrated the fact that it had been nearly a year since the Corporation .... moved live processing into the cloud".

Perhaps somebody got the wrong idea and the timing this week with the internation media contest "how to pizz off 75% of the Russian population" might also have provided fuel. As mentioned above, the caching service might have been targetted and then it's just a question of stressing the load.

1
3

Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'

John Deeb

Re: Maybe we could get a consensus

Extreme weather? There are more extremes in terms of recent record setting perhaps. But no sign of increase of hurricanes, cyclones at the like worldwide since the start of the most recent global warming. Flooding, perhaps, but many of those are extreme in terms of impact because of human stupidity in failing to prepare for the inevitable.

What the actual conversation sounds more like: the energy went to the oceans where we can't exactly measure it yet because we don't have the equipment and a complete model to compensate for all factors at work at such depths.

1
1

Google's Pankhurst doodle doo-doo shows the perils of using Google to find stuff out

John Deeb

The Register = quite wrong here

As are all other pedants who think mediocre Google skills makes them feel a bit like god almighty. For two reasons, mainly:

1. Birth certificates in the 19th century certainly did not contain exactness for a couple of reasons, for example to keep within maximum registration periods. One needs to find out the date of registration and see it was perhaps around a six week window (or whatever was used at the time). Check with any historian and archivist, you know, real people with actual knowledge based on experience.

2. It's certainly not strange, or wrong, for biographies to select birth certificates over other claims or sources. Even if the person involved herself would make the claim. One might not agree personally but that's how it's done and Wikipedia is not different here from many formal biography projects. Same goes for spelling of names, if one has to be picked it's the one officially registered, if known, and not how someone might have decided to spell it over time. Ideally one would find the entry in both instances but that's not always a good idea.

Cheers.

5
0

You 'posted' a 'letter' with Outlook... No, NO, that's the MONITOR

John Deeb
Pirate

it's really Dabbs's fault, not sweet Bill's

Better to start troubleshooting with asking the exact error or description of whatever is visible on the screen during any attempts to open or close things. This will make sure there is actually something on the screen to work with. Dabby went into the whole thin a bit too impatient, solving without actually seeing what might be happening. It would also help using Teamview or similar products. That is to prevent exactly conversations like these! I guess I had too many of them in my helpdesk years and soon you start to understand and accept the reality of them, you stop judging the customer and start criticizing ones own line of questioning. And oh yeah, don't support people when not feeling comfortable when other customers are staring at you, wondering what you're doing. It doesn't help. That's also not Bill's fault by the way. The silliness is yet again Dabbs's....

0
2

Internet of Things fridges? Pfft. So how does my milk carton know when it's empty?

John Deeb

Re: The internet of fridges

Bulleyes and some follow-up comments. The weight based shelves would only work if every item in the fridge is RFID enabled and not thrown at the shelves and containers in a chaotic way but preferable in a neat sequence. Just like programmers would fill their virtual fridge in a fricking demo! In real messy life the fridge will forever remain in a partially confused state.

"Sensitivity stripes" would be a problem on items where the packaging is already too much part of the cost and recycling woes. And as you already wrote, fridges of people not working on these projects - with less predictable and organized live - are often filled with many fresh, self-made, rather undefined and other unpackaged items. So then we need to have two administrations where there was only one before.

But with large scale applications, like storage rooms for massive food preparations, high volumes, predictable items, this could be actually useful. And as someone else already wrote here, it's already being done. But at consumer level it's in the "hoover car" and "jet pack" category for sure!

1
0

CIA rendition jet was waiting in Europe to SNATCH SNOWDEN

John Deeb

Mr Snowden's colleagues??

"According to Mr Snowden's colleagues,..."

Ahum. And who are those exactly? Former colleagues? Colleague whistle-blowers? Fellow planespotters? No reason for this added mystique here, I'd think.

0
0

Snowden's Big Brother isn't as Orwellian as you'd think

John Deeb
Big Brother

Between a "Brave New World" rock and an "Orwellian" hard place

The article displays a rather convoluted and paradoxical approach on the subject. On the one hand the "abuse" factor in the Snowden files is downplayed in favour of praising some degree of self-restraint these same files appear to suggest. On the other hand it ends by admitting there's now the start visible of NSA reform and as well the potential of much needed GCHQ reforms. But all of this is hard to imagine without Snowden's decision to do exactly what he did, where he did and how he did it. Alternative but sane options open to him at the time I'd love to hear!

Or is perhaps the case being made these reforms could have happened without Snowden since "its theoretical extent has been obvious for many years". This is a giant leap, asserting with now almost (and assumed) perfect hindsight that large complex organizations could change somehow by spontaneous inner pressure or political oversight. This line of thinking has zero historical credibility.

And then a defence like: "in an Orwellian world, Edward Snowden would never have made it to Hong Kong" sounds pretty desperate, considering all the rather well documented hoops Snowden had to jump through to make sure he was not taken out even before he got his information out properly and particularly his flight out of Hong Kong, getting involuntary stuck on a Russian Airport, between a "Brave New World" rock and an "Orwellian" hard place.

Any implication that Snowden's own success somehow would prove that all those warnings about the largest security agencies might be overblown is an argument collapsing under its own weight. As are perhaps these overweight security agencies themselves are already doing under all the increasing pressure and scrutiny.

10
1

Space hackers prepare to reactivate antiquated spacecraft

John Deeb
Black Helicopters

"Some of the original engineering team got together"

But those are not the blokes on the photo I presume unless they cryopreserved themselves in their secret lab for the last decades and only recently woke up because of some old signal.

1
0

Linux distros fix kernel terminal root-hole bug

John Deeb

Re: Definition of "local"

There's no real fixed definition, Jim59. Someone can also speak about "local" in terms of "local access" to the hardware under the OS itself which is fairly common with (shared) workstations since decades and since last decade even more so with all the Unix derivatives and improvements around. Local access which by the way would change the whole security context right there and then. Perhaps a better term in this article would be "users able to start-up a local shell process". This is not that much different from starting some sshd or httpd subprocess or thread by accessing some port. Although shells are more powerful processes with more possibilities than most other user services. By design of course. Perhaps on a large shared hosting provider, one might have some different security concerns and expectations than on private platforms. For that reason the impact factor of this bug doesn't seem that high but still important enough to think about though. Briefly.

1
0

Scientists warn of FOUR-FOOT sea level rise from GLACIER melt

John Deeb

Re: Show me....

Slow changes spanning geological time-spans are not of the same order of impact as the same change within centuries. In the same way an overall rise of sea levels will not manifest everywhere evenly as something to be measured with a ruler. Even so, it's hard to imagine what a flood coming from such an enormous surface with slightly raised water-level would look like when you stand there with the ruler. It's a lot more water coming your way.

I do agree though we'll just have to deal with this like with all the other major disasters, many probably larger and even more serious, and most of them little to do with CO2. Let starts not to build cities on flood planes or earthquake faults. Oops.

4
3

Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

John Deeb

numbers don't mean much

Or perhaps 2,500 admins or developers wordlwide decided to have a test machine online for a while to play with key extraction themselves? And some honeypots too perhaps. Numbers don't mean much.

0
0

Laser deflector shields possible with today's tech – but there's one small problem

John Deeb

In space nobody sees you scream

Article: "...would also not allow light to reach the pilot".

Note: in space it's pretty dark unless one is close enough to a light source like a star. Pilots won't steer by visible light unless they are flying in a carton cabin hung inside a well lid studio. But I guess radar beams won't go through the plasma either. Enemy ships need to be detected at least with "sub-space particles scanners" one would presume. At least in Startrek.

0
0

Lost treasure of Atari REVEALED

John Deeb

Re: Mmmmm

Or a SF movie like Tremors: innocent geeks being swallowed by a million angry unloved cartridges. They're unstoppable! Now heading for Hollywood and Sunnyvale, to wreak utter revenge on their unsuspecting heartless makers.

0
0

German space centre endures cyber attack

John Deeb

"state sponsored"?

Puzzling how anyone at this stage could determine that these attacks are "state sponsored". Obviously there'd be a lively global trade in information which hackers and intelligence agents from all over the world might be involved in. But to scream "state sponsored" without some Snowden-scale leaking -- would likely be a tad primature.

1
0

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

John Deeb

health check?

What about a general FOSS project health check? For all core projects insist perhaps on a certain minimum amount of developers and reviewers, with some properly documented reviewing processes? Perhaps this is just about having some standards even when it's free and volunteer work. This is not about creating more overhead but about learning from mistakes and underlying causes in all the practises and work-flows. It hardly seems an incident, how many important libraries are maintained and minimally reviewed because of similar reasons?

0
0

Cheat Win XP DEATH: Little-known tool to save you from the XPocalypse

John Deeb

Perhaps I missed something

Perhaps I missed something but isn't it way easier to install XP directly into the virtual machine instead of downloading the MS image and make it somehow work with Virtualbox or VMware? I know it was faster for me at the time to manually install XP than to use lets say the Windows 7 evaluation image.

It's hard to imagine serious businesses with only OEM licensing for XP but even so, there are still original and legal XP media and licenses for sale, no big effort to track one down.

I wonder now, would Windows PE 2004 or BartPE be a solution for some cases? Based on XP2 and for just running that one program it might just work. Yes, the licensing might be limited but aren't you actually recovering a malfunctioning OEM XP that way?

0
0
John Deeb

Re: Once again...

Bob Camp, so much wrong in one post! Where to begin.

1. No, the host will generally not detect most viruses as they enter a NAT-ed XP client. Better to rely on solutions on the client to cover a broader scope.

2, No, the VM is not just as vulnerable since you must mentioned the NAT mode but also the ability to create snapshot and do restores faster, to strip functionality to bare bone and use the more secure host for more sensitive matters would differ quite lot.

3. You don't trust the average user with a VM but you trust them with a complete PC? Where's the logic? It still needs some level of support or management, obviously

4. The host does not need "functioning drivers" for everything at all and to know "which PC's" to keep a closer eye on" sounds not like a professional consideration. You will have to keep an eye on a lot of services, logs, rules and configuration, no matter in which box, virtual or not, they are stuffed.

7
0

Win XP security deadline: Biz bods MUST protect user data – ICO

John Deeb

difference?

"Tuesday doesn't only mean increased risk from hackers exploiting vulnerabilities that will never be patched. It also creates a heightened data protection risk to businesses".

Maybe it's me but any supposed difference between vulnerabilities increasingly exploited by hackers and "heightened data protection risk" seems largely academic. It should have read perhaps: ..." this would include a heightened data protection risk to businesses and consumers".

1
0

The... Windows... XPocalypse... is... NIGH

John Deeb

Pott: "There are lots of reasons why this isn't always possible – hardware dongles, the need to power proprietary hardware cards and so forth.."

Well, yeah, but lets take a step back here. If core business equipment is aged and there's no money and/or willingness to invest in serious replacements or upgrades of any kind, we're talking about a bigger, non-technical issue which will affect the production and security of such places in many ways.

So lets look at the situation where there's at least some will and financing available. There are enough PCI centronics or serial port cards for dongles which can be made available to the virtual machine. Having some ISA card to support? USB to ISA card adaptors do exist (eg Arstech) and drivers will be able to detect the redirected IRQ, DMA etc. The hardware costs are not the problem here but time for testing and troubleshooting might be. Especially for timing-sensitive equipment this solution might run into trouble though or as some report, for any non-plug&play cards. So what is being invested in is a supported solution and the work of an engineer to sort it out. But for mission critical equipment that cannot be replaced (yet), it seems worth a try.

1
1

How Microsoft can keep Win XP alive – and WHY: A real-world example

John Deeb
Boffin

Sounds like emulation is the way to go here

Badly needing to run old software with out-dated requirements is a recurrent problem and often ends up with the same solution on a newer PC's. Just use the new machine's power to start-up some emulator which can emulate the whole stack, from OS, network to application. Strip the image from any other use and distribute or reload daily. This is how it's done in all the cases I encountered since the introduction of Windows 95 and NT as replacement of the old DOS (note: those machines would be safer controlled with non-scheduling DOS anyway). Configure the emulator as bridged interface and remove TCP/IP from the guest and the setup is safer than any "supported" XP config including some form of quick restore added as bonus.

But yeah, I wouldn't worry about XP "security" if firewall, LAN, malware scanning and user interactions can be controlled to a sufficient degree.

0
1

Ubuntu N-ONE: 'Storage war' with Dropbox et al annihilates cloud service

John Deeb

Déjà Duped

One of the Nice things in Ubuntu was that they included since 11.10 as default a backup tool (deja dup) to schedule and backup stuff into their cloud, which seemed like a neat feature to offer this way. Nice and easy, what else to use that "cloud" thingy for? Bit of strange to announce by mail today that the service is to discontinue while suggesting to "download the files". Actually I'd prefer them to suggest or point out as well an alternative cloud storage for their own supplied default backup program. Or at least supply a hint which additional packages enable other backup services. You know, think with your customers, not against them. Ah well, sorted it out by now. I know, it's all free and DIY but I thought Ubuntu wanted to make money and appeal to simple folks as well. Pulling plugs on important services without much of any "now what" suggestions is not going to help with the old perception.

1
1

Driver drama delays deep desert XP upgrade

John Deeb

anti-virus update

" three machines all trying to do an anti-virus update at the same time the network slowed to a silly speed."

You need one machine to do the update and distribute it locally at a convenient or random time. This is how it was done in the times of lower bandwidth and still is done for sure when loads of PC's on a LAN are trying to update daily or even more while the files being nowadays rather chunky.

Not sure if non-enterprise clients or free versions have this option always. Otherwise it's scripting time!

1
0

Page:

Forums