it just amazes me that they can never ever get near fully secure.
They should ask Theo, he knows how to do it ... 2 vulns in the default install since the 90's ....
icon: Wearing my OpenBSD shirt today
2980 posts • joined 11 Aug 2009
it just amazes me that they can never ever get near fully secure.
They should ask Theo, he knows how to do it ... 2 vulns in the default install since the 90's ....
icon: Wearing my OpenBSD shirt today
And Windows AD Administrators usually use their company name or product names as passwords ... so easy guess ...
Seen sooooo many times in the wild, I guess I could remove the joke icon ...
MS LDAP is an entirely RFC4511 standards based implementation.
Agreed, and extended, with nested group search (1.2.840.1135220.127.116.111) ... IBM's approach is better, though. Nested and dynamic groups are common on Tivoli Directory Server; IBM has provided system class attributes ibm-allMembers and ibm-allGroups ...
Does AD have dynamic groups (defined by an LDAP search) ?
Using Windows Server as an Active Directory server:
"Won't authenticate" - you're holding it wrong
"Wrong permissions" - you're holding it wrong
"My coffee is cold" - you're holding it wrong
This is what you get from MS support, however, when you ask simple questions like "How so, am I holding it wrong?" They reply: "One moment, I'll get third line on this case, that guy's a hacker, sure, he knows how to . source!" and then you wait three weeks ... long enough to migrate to samba ... ;-)
True, get my upvote!
Which part of Samba from 4.0.0 onwards do you not understand ? So six years, I suppose. Note that it allows users with an LDAP tool to change certain account passwords.
As for monitoring the system:
The important attributes to watch are pwdLastSet and msDS-KeyVersionNumber
ldbsearch -H /usr/local/samba/private/sam.ldb objectclass=user pwdLastSet msDS-KeyVersionNumber
These values will change if a password is changed or reset.
As Samba does not at this time change the machine account passwords of Domain Controllers, any change to these, or to the passwords of administrators should be a concern.
The pwdLastSet can be printed using the samba.nttime2string function:
>>> import samba
Tue Mar 13 15:16:13 2018 NZDT
Only for publically shared data. Otherwise that would already be illegal in the EU.
How can we be sure that they only peruse "publicly shared" data, whatever you mean by that ? As for the illegality, sure, but who cares about laws, these days ... Windows 10 upgrade fiasco, anyone ?
Well no because Microsoft in the US dont have access to MS EU data without approval of a local data custodian. By design.
Well, they would have to change their design if they lose that case, would they not ?
And if they did ignore the GDPR, company officers would likely be imprisoned and the fines are up to 4% of global turn over PER INCIDENT!
That is exactly what I implied, especially if MS loses its case ... and I cannot see the supreme court telling USian 3 letter agencies to forget about obtaining digital data, which will be what this boils down to.
Capita won the contract to administer miners' pensions at the end of last year.
Thank Feynman I am not a miner ... this is just the beginning ... incompetence in action!
Indeed, upvoted ... well, Britain is in the top 10 or even top 50 BUT should be in the bottom 5 ... ;-)
You have to understand our British readership was raised to believe Britain won WWII single-handedly, it was also the last breath of our late empire, which most Brits believe still exists, no joke!
So yeah, us Brits, all we have is glorious history ... we love history, remember each battle we won and like to tease citizens of countries we defeated centuries ago by naming the battle .... we conveniently forget any allies who helped us out at the time or battles we lost ...
Britain, the last country on the planet where newsagents still carry war-glorifying WWII-related comics for kids after 1960 ... 2018 and still the same ... so yeah ... hopeless
Please note that I do not condone atrocities committed on either sides and I think it is important to remember that carnage so it never ever happens again, it is the glorification of war that is so puke-inducing.
Let us not forget The Daily Mail's title page "Britain does not want Jews from Europe" (paraphrasing) - absolutely NOTHING glorious about that.
Donw-vote on, I could not care less!
He who uses a variable without making sure IT IS SET deserves all he gets ... yes, I learned that lesson as well ... but on rm -rf YOU BLOODY MAKE SURE THE VAR IS SET ... yes, even drunk, on a Saturday early morning with a picked up babe in my bed I make bloody sure that var is set ... rm -rf without due diligence is like driving without a seat belt ... I feel naked ... I cannot drive for more than 5 yards without seat belt ... I cannot hit enter without making 100% sure everything is ok ... well, tbh, it has bitten me so many times ... so yeah, that could hapen to me also, on the test server, though ;-)
Well, you have to read the EMEA data, everyone has seen growth in revenue, except HPE, flat revenue, they sold less, for more because they passed on price hikes to their customers ... even if revenue had been positive, it would have had to been very high ... world-wide, single digit increase in revenue, with price hikes, the others saw double digit growth, world-wide ... that tells me they are currently on the top of the wave, from now on, it will go downhill ... increases in costs will not save them next year and their delusions will start showing ... They were #1 Q4 2016 world-wide revenue per quarter, now #2, overtaken by Dell in Q4 ... unless they invert the trend, they will become #2 ... and since they recently dumped quite a lot of staff, THAT is not reflected in the numbers, yet .... expect lower quality of service and customers going elsewhere ... shareholders are OK, they will get hefty dividends, but that only works so long ...
Looks like a mammoth is finally on its knees ... I guess the layoffs are showing ... too late, you can hire as much as you like, the good staff you dumped have found elsewhere ... you'll probably get the lousy nobody else wants, now ...
Treat your proles like garbage and you will only ever be able to hire garbage!
I assume by SfB you mean "ShiteForBusiness"?
We switched to Teams after the shiite experience we had with Skype ... for an all new level of user satisfaction (not!).....
So, Teams ... in the history of Teams development/QA, has anyone, ever, tried to copy a subset of a message to the clipboard and reported the issues encountered ? Thought not ... no, I will not report that, coz that would help slurp.
Teams sometimes disables video on my box inviting me to "update my graphics drivers", needless to say, I have the latest ... a reboot fixes it, but then I lose state ... simply nuking Teams does not work.
Another issue that plagues teams is it freezes, well, not really, the ui still works, somewhat ... but you get no new notifications ... worse, you do not even get emails of missed messages, well, not until you have bounced Teams, which of course does NOT mean you click Quit from the context-menu, no, that is not enough, in this case .... although that appears to work, you still have a Teams process in task manager that needs to be taken behind the shed ....
The fat app is so useless and unreliable that I also like to have a Teams open in a browser window, so I do not lose out on important messages ... however, it does not like Firefox, so I ended up installing Slurp Jr, aka Chrome ... Thanks, MS ....
I could go on for ever ... got work to do ...
John Cleese style" BAAAAAASTAAAAARDS!"
Now, come forward, come on, who called the Karma Police ?
I have this medal for you ...
Like IoT the cost of a security failure is borne by the consumer; the cost of making secure is borne by the manufacturer.
Would you buy the same model car if your previous vehicle had been stolen ? Thought not ... and insurance offsets the price somewhat, though you eventually pay that ... if enough cars get stolen, premiums will be on the rise ...
You seem to be very informed about this stuff ... are you responsible in any way for this disaster ? I supect you work in automotive infotainment systems development ...
As I have written before, already ...
They ship outdated software, with script-toddler-level design flaws, and provide updates for max 24 months .. and that is if you are lucky to get them... the automotive industry is incapable to keep pace with technology, so why are they so obsessed. Cars are used on average for 10 years, imagine unpatched cars, can we sue manufacturers for not providing patches ? The worst joke is the price of these addons ...
Listen, our smartphones & tablets are fine for the car, we do not want your untested, obsolete at delivery, unpatched script-toddler code that has more vulns than a sex toy, thanks! Please provide us with an amp with standard connectors, no, WE DO NOT EVEN WANT bluetooth ...
"Our service teams are continuing to help customers restore from their own backups"
Website and email etc on 123Reg must be free (anything more would be fraud, imho), I will check them out ...
The draft also has a handy checklist of the challenges in automating the update process: for example, making sure failed updates are reversible but successful ones are not.
Hm, can it read the user's mind ? How else could it detect that the update succeeded ? You update the firmware and all of a sudden your automatic transmission plays funny when you enable both Wifi and Bluetooth with the aircon at lowest with fans at half speed or some other silly combination ... listen, our smartphones / tablets are fine for the car, we do not want your untested, obsolete at delivery, script-toddler code that has more vulns than a sex toy, thanks!
Shoes that recharge your mobile as you walk .... get a license from Nintendo for PokemonGo shoes ... there, pile of cash ...
The nouveau driver is crap with DP, it would most probably display at 1200x800 or something stupid and stretch the shit out of it ... you need a 4.9 kernel or higher, have to download the edid from the display and add a kernel parameter for it to work ... the nvidia driver should just work, though .... not sure about the AMD drivers ... I only have nvidia cards here ... I hate nvidia as much as Linus (if I run Linux it's for open source, not to be inconvenienced by a mighty download with a nice fat binary blob I dunno what it's doing), but AMD cards are excessively expensive and there are no real alternatives to those two ... to be fair, I hate broadcom as well, for the exact same reasons ....
So, I gave in and use the nvidia driver on the box with the DP-connected screen ... I would love to help fix nouveau ....
the VESA mounting specifications? Do away with the stand, how does it work with integrated desk mounted supports?
No VESA mount available for it ... see here, good look at the rear ...
BTW, El Reg, retical refresh rate is important, especially for gaming ... 144hz is bare minimum, these days ...
one of the tech guys there said he can't wait for IPv6 so that firewalls will be obsolete and we can throw them out... I kid you not. "There's a sucker born every minute"
Well, don't we all hope for miracles ? IT is such a broad subject that you cannot master everything, agreed, TCP/IP is pretty basic stuff, but still ... he probably heard that with IPv6 you no longer needed NAT and this guy confused NAT and firewall, certainly not his area of expertise. I have heard worse and have probably made equally lame remarks ... we all make mistakes ... as long as the guy admits he's wrong he can learn from his mistake, and that is EXACTLY how we learn best ... shame is an incredibly efficient learning-aid ;-)
True. But since the IPv6 draft standard was published in 1998, after almost two decades of work, anybody claiming legacy business critical systems as an excuse should be tied to a gate and have their arse kicked for a week.
So spot on!
I am sure people will call "Ahhh, easy, hindsight et al" to which I have the right answer ... NO, it is called foresight which is hard to come by these days ... I regularly get downvoted because I push for TLS 1.3 adoption by all and sundry asap, with preparations starting everywhere NOW ... and that is not even foresight, it should be common sense!
Don't come with corporate ^dwpolicy fallacy, enterprise IT, mission critical flying pink unicorns, or other lame excuses, if you don't seriously take care of security, insecurity will seriously take care of you.
Your group (a) is buying a brand, so can easily be pulled to another brand once that becomes recognisable as being a status-symbol.
No device with Microsoft Windows can ever achieve "status-symbol" brand recognition. Sony has been trying for years, Microsoft's trying now and seems to be faring pretty badly, even with their army of fanbois ... basically because Microsoft is uncool and everybody has it running on their desktops ...
HP/Lenovo/Dell would be better off creating a new brand for these models (as Microsoft does with Surface and Dell does with Alienware for the same reason in a different demographic),
Microsoft Surface is a "more money than sense" symbol, sure, but the kit is crap AND expensive PLUS has lousy support, so more like the idiot symbol ...
Alientware, status symbol brand WTF ?
1. Dell bought Alienware
2. Alienware makes gamer laptops, not ideal as a status symbol, especially business people
I think you misunderstood the whole branding and status symbol concept.
NB: I used to be a Mac OS X fanboy, back when nobody used it (first Mac in 2001) - OS 9 was crap - even had an iPhone years ago, but switched when idiots started running around with one ... stopped buying Apple laptops when the RAM/SSD soldering started. I do not think they are over-priced since they come with a usable OS that is what I consider "pretty stable" and support is good.
I feel your pain if Lenovo aren't honouring law - go to a small claims court - you will be back with your money in no time. Would work the same for Huawei.
You missed the whole point, good manufacturers have good service ... expecting you to have to go to a small claims court when something goes amiss with the kit is piss-poor service, I would even go as far as qualifying it as fraud. I am slightly excessive? Basically, it means the company is betting on punters either to not know what the law says ortoo busy to go through the hassle of a small claims court..... iow BASTARDS (ala John Cleese)
Companies like that DO NOT DESERVE ANY CASH not until they figure out how to provide adequate service.
Were the British forces in Dunkirk already by then ? How conveniently you forget the British runners ... Oh, and before you claim "At least me made it to Dunkirk before the Nazis" I am sorry to have to inform you that the Nazis let you reach Dunkirk, mostly unharmed, Führerbefehl.
I'm loving it ... and next time you take the Mickey out of the French, remember 1066, a total defeat.
Note, I am a Brit (have the Queen's passport somewhere), consider myself stateless ... for states, flags, anthems are, imho, for the simple-minded, YMMV.
Tiala pegged the problem to running the sudo command as a non-root user.
Hm, does Tiala know what the sudo command is used for ?
His appeal to the Land of the Free's highest court
I'm not that cheap, this one will do:
BTW, the only billionaire I know of that ended up in a US jail was Madoff ... and that because he defrauded the powerful ....
What is an "assault" rifle? The definition varies quite a bit around the world. What I normally see is that any rifle that has a wood stock is a "hunting" rifle and anything with a metal or plastic stock is an "assault" rifle.
According to your definition an AK-47 is thus a "hunting" rifle ?
DISCLAIMER: I am not into guns, don't need them ...
Besides, Tramp wants to arm teachers, listen Duck, watch this: https://www.youtube.com/watch?v=0rR9IaXH1M0&feature=youtu.be&t=5m5s
Next, a depressed teacher shoots at the kids, then, NRA will say: Let's arm the school kids as well! Then, a teacher gives a numpty a C and the numpty says: "My AK-47 in my schoolbag tells me this is worth an A+!, thank you in advance!"
Substantially more Americans killed themselves in the period than have been killed in all wars - so bloody what!
Suicidal people need help, not guns! I think Politifact are spot on, the whole point is saving lives, take away guns and you save lives, fact - it works everywhere else, why would it not work in the US ?
Listen, accept that you are wrong, you can turn the facts the way you want, no assault rifles => thousands of lives saved yearly, fact, undeniable fact!
Icon: Even Paris understands that ...
Violent video games [...] blamed
What a relief, there I was thinking they would blame Kinder surprise eggs ...
Seriously, could you not at least get rid of the big and/or [semi-]automatic weapons and maybe, just maybe, you could think about blaming your education system as well? We have violent video games in Europe as well and no mass shootings ... except terrorist attacks, not quite the same as school boys ...
I know, https://www.youtube.com/watch?v=0rR9IaXH1M0
Windows on ARM will never succeed unless I can still install programs released 20 years ago and 1 year ago.
Well, WIndows on ARM can only do 32-bit applications, NOT 64-bit Windows applications ... so ... really depends ;-).
Who wants a resource hog like WIndows on ARM ??????????????
No, it's an absolute scandal you could not run the same binaries on different releases of the same distro of Linux... because breaking changes in libraries didn't allow that.
LD_LIBRARY_PATH is your friend. Now, this works on all ELF platforms, so Linux, as well as a bunch of UNIX systems, including the BSD's, Solaris and HP-UX* on iTanic .
No such thing as DLL hell on *NIX.
HP-UX has readelf: http://www.polarhome.com/service/man/?qf=readelf&tf=2&of=HP-UX&sf=1
call me paranoid if you will but I have problems putting some of my trust into Android
Naah, you are not paranoid, you trust MS. A Radiohead fan, maybe ?
a gif heavy forum will shut the browser and kick me back to the Start Menu.
I call that piss-poor stability, you do not ask me and that is fine ...
Crikey, these Windows Phone fanboys are funny ....
It always amused me that the phone loads most gifs on forums quite easily and yet I seem to remember it was announced as some big thing in an iOS a few years ago
Well, if 11 years is a "few years" for you, then yeah, I never tried the first iPhone, but I doubt it had trouble with that, my iPhone 3G back in the day had no trouble at all ... besides, the first iPhone could load SVG's, can Windows Phone ? BTW, I am not a big fan of animated gif's ...
Steven Sinofsky, former president of the Windows group at Microsoft, suggested people are just imagining things.
When you choose to quote someone, you should go for a person with credentials ... Steven's opinion on Windows is probably acceptable, however, what any [former] MS guy thinks of "software stability" is totally irrelevant, in any context I can think of ... I am not saying he is wrong when he compares macOS with Windows (if I understood him correctly), I am saying Steven's opinion here simply does not count.
@Steven, thanks for stating the glaring obvious... you should probably give Linux and/or FreeBSD a try, you'll be surprised, I am sure, to experience ultimate "software stability".
To be fair I think I've made that mistake once, which is something you learn from.
Well, it should no longer happen now, because Outlook finally has this dates feature*, you know, the feature that Notes already had a few decades before Outlook, handy that, huh ?
* "Send this reply between these two dates" or something like that ...
Remember when you opened your retail CPU box, there was paperwork? You had to read it. By not returning your CPU, you accepted the EULA.
However, far more likely, you didn't buy a retail CPU, you bought the much cheaper OEM CPU, in which case, yet again, you also don't get a new CPU, as you being the OEM, you take the hit for any problems,...
They can write all they want in their EULA.
Facts: CPU was said have performance x, it seems that now it has performance y because software had to be adjusted .... they sold a car that could do 300km/h, due to a software patch, it can now only do 250 ... they can write whatever they want in their EULA, if they were aware of the issue when you bought your CPU and YOU were not told, then they need to fix it for you ... I happen to be in that case and am looking into the options at my disposal (no class actions in France), I got an i5 8600k for Xmas ... had I known, I would have gone Ryzen. Well, was NOT for me, had it been me, Ryzen all the way, I disgress ... I know Ryzen's are also affected by some vulns, NOT the worst, and this is besides the point.
Are you confusing Microsoft with OpenBSD? https://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/
Ok, would you please be so kind as to first read the article you linked to as well as all the resources, you will notice it was "tried" and "failed". Theo published the email for openness, I doubt he would have if there had been an unpatched issue.
Nobody, ever, can confuse OpenBSD with Microsoft, Microsoft has more zero days found in its default Windows configuration EVERY SINGLE MONTH than OpenBSD has had in the decades it's been around (2, at the time of this writing [not sure this standard sentence is needed in this particular case]).
No wonder you post AC, FUD, lies, and more FUD, RedmondBot.
Time to ban elks.
An elk is wildlife and we need elks as they clean up the forests ... you cannot ban wildlife. Typical USian flawed logic.
Here*, we have a drone pilot who by no means can claim he did not see the chopper, by no means can claim he did not hear the chopper, yet flew his drone ever closer. You should all know that piloting a chopper is not that straight forward and I invite those who blame the pilot to take a single chopper pilot's lesson ...
* Provided, of course, there was a drone and it flew near the chopper, we have not heard the version of the drone pilot, yet.
This means that once the UK leaves the bloc, there needs to be a new legal basis for data sharing
No, F.* off, there does have to be ... listen, you cannot have the butter, the cost of the butter, AND the vendor's wife ... Brexit means Brexit, now F.* off!
So am I until March 2019, then I am f*****d
Tu l'es déjà, mon ami!
How about Axelle Red, Stromae, Guy Verhofstadt and my personal favorite because Farage spent years in Brussels without knowing this guy was PM at the time ... Herman van Rompuy.
BTW, I am a mere Brit, however, unlike 99.999% of my countrymen, I master 5 languages ....
Belgie, kunt u niet ook Microsoft gewoon verklagen wegen de Windows 10 upgrade fiasco ? Alvast bedankt!
Belgique, tant que vous y êtes, ne pouvez-vous pas vous occuper de Microsoft et de la mis-à-jour forcée vers Windows 10 ? Merci par vanace!
Belgien, könnt Ihr nicht Microsoft wegen dem Windows 10 Migrationsfiasco anklagen ? Viielen Dank!
I should add that I do not like Canonical, I am of the Devuan-type ... Debian with no trace of système d hacks and I think Canonical have betrayed the spirit of the FSF, as have Suse, Cygwin and others, by cooperating with Microsoft ... you know, the GNU guyz are there to replace proprietary code, not run alongside it, they wrote the whole userland stuff and I think their spirit should be honored ... says he who uses Cygwin, I know ... nobody's perfect ... but I could not stand Windows without that glass of ice water ... then again, I am glad to see Ubuntu/Windows still segfaults when you sneeze ...
I am OK with it, I always opt-in to this type of data collection .... why ? Because I know what they are gathering, precisely, shit, I can even amend the list of things they collect, simple hack -> compile -> done. Ubuntu not the only distro doing this, I think it is opt-in with the others, so, yeah, they should make it opt-in, I think.
The Amazon search bar story was different, there they were ^dwsending selling data to Amazon ...
I wouldn't read too much into Nokia's "comeback" – but it provides grist for the mill for critics who insist Nokia should have gone Android as soon as it could. Who knows? The debate will never go away.
Why not, proof if any was needed, that Android was a solution ... back then and now. Anything that thinks WP was smarter than Symbian, Meego, Linux or Android needs brain surgery. Any of these options would have worked much better than WP ... why ? Because Nokia had the know-how to create great smartphone OS' ... they were in for a surprise when Jobs showed off the iPhone, deprecating* any communications device of the time, all with a 20 minutes or so presentation (you can argue xyz looked similar, behaved similar, whatever, iPhone slaughtered the market, undeniable fact, end of story). I think that caused panic @Nokia ... they should have stuck to one platform, do it well, basta ... instead, they went left right and center, we need something NOW, if we can, with as little work as possible to compete ... Apple had spent half a decade developing what eventually became the iPhone, you cannot catch up over a fortnight. Blackberry was also too ambitious with their BB10 and hence late to market ...
* In the minds of average punters
Biting the hand that feeds IT © 1998–2018