* Posts by foxyshadis

410 posts • joined 17 Oct 2006

Page:

Hell desk to user: 'I know you're wrong. I wrote the software. And the protocol it runs on'

foxyshadis

Not just the late 90's; I did that in 2013 or so with relatively recent HP gear. Brought a desktop into the datacenter to act as a network capture device, plugged it in, and POW. No auto input switching. Fortunately, it wasn't hard to scrounge a power supply, but you certainly learn your lesson after that.

0
0
foxyshadis

This has long since evolved

Now, if you don't have screenshots or better yet video recording, with some kind of cryptographic watermark from the system, they'll just accuse you of faking it all, because saving their own pride is far more important than your job or reputation.

13
0

Confessions of an ebook eater

foxyshadis

Re: The best way to acquire a programming skill

I mean that works if you have lucid API documentation. If it doesn't, you're basically spending weeks spelunking the source code and/or throwing calls against the way to see what works. And hopefully writing the API docs yourself, since no one else bothered to.

0
0

The future of Python: Concurrency devoured, Node.js next on menu

foxyshadis

Re: Async not always easy

Aside from shelling out, Python also has fully-working dll/so support, with the ctypes library or one of its pretty wrappers, saving even more overhead versus spinning up an executable and parsing its stdout. Practically all of the important libraries have cpu-intensive operations in compiled .pyd (which is just a dll/so), and quite a few wrappers exist to call out to standard libs.

2
0
foxyshadis

Re: Python 3 split over?

Programmers who consider Unicode an "unnecessary incompatibility" are the reason why so much software is fundamentally broken anytime it encounters anything that isn't Latin-1. I don't know about you, because you probably never had to touch foreign words or names at all, but Code Pages were a damned nightmare to anyone who actually wanted to do things right.

It really isn't that difficult to figure out bytes vs strings. You guys have had 10 years to wrap your heads around it, and all you have to do is do the right thing. It's not like Python 2.7 is going anywhere, literally all you have to do is convert your shell files from calling python to python2 to make them work, but you're too incompetent to even do that!

This is literally no different from the worthless sysadmins that still complain about Perl 6 and Linux 3, because it violates their comfortable safe space, and they just want to get paid to never have to learn anything ever again.

16
3
foxyshadis

Re: I'll wait...

Good luck with that; PHP seems to be the only language interested in major versions anymore, and its major versions would be minor versions to any other language. Python is probably going to be asymptotically on 3 forever.

0
0

Vaping ads flout EU rules, even if to promote healthier lifestyles

foxyshadis

Re: opponents are using guerrilla tactics

I'm not surprised at all that the recipients of billions of pounds a year in taxes to distribute as they see fit are fighting tooth and nail to keep the taxes coming in.

2
0

Big question of the day: Is it time to lock down .localhost?

foxyshadis

Might as well just do it

gTLDs broke a LOT more internet hardware and software that for some reason included a hardcoded list that it wouldn't deviate from. Heck, some were so bad that they didn't even allow ccTLDs. There are some times when breaking bad assumptions is the only way to go, and given the non-impact on the vast majority of OSes, hardware, and software, might as well just make it happen.

3
0

She's back! Jessica Rosenworcel returns to FCC as America's net neutrality row heats up

foxyshadis

Re: Who's to say we will have to wait until 2020?

That's all anyone needs, a continuation of using the FCC as a proxy war for Congressional power. The only losers in this war is everyone.

11
0

Sysadmin jeered in staff cafeteria as he climbed ladder to fix PC

foxyshadis

Re: What is this ?

All of which go out of date about 5 minutes after you walk away from the machine. Or so long and bitter experience tell me..

Learning to let go lessened my stress significantly. Once managed switches became a thing, it was much simpler to just track the MAC through a breadcrumb trail of ARP & mac-address tables until I found the final port, then it usually wasn't much effort to find the PC. (The massive sales office switch being the only exception.)

Finding wireless devices, on the other hand, that's the REAL fun.

5
0

User filed fake trouble tickets to take helpful sysadmin to lunches

foxyshadis

Re: Why so much anger?

"It shouldn't be" is something kids say. It just is, and the better you are at it, the more clients love you. I actually joined my current business partner partly because he's a basket of nerves and hates dealing with client rage, and I can just shrug it off and take the brunt. You'd be surprised how much letting someone vent calms them down. (I still prefer it when they find a more suitable target, of course.)

3
0

Fan of FBI cosplay? Enjoy freaking out your neighbors? Have we got the eBay auction for you

foxyshadis

Re: oh

Law enforcement disposes of evidence after a conviction. Sometimes it's by dumpster, sometimes it's by auction, but they don't really care what happens. It's not like many privacy laws were in effect when they auctioned it off the first time.

0
0

You can't DevOps everything, kids. Off the shelf kit especially

foxyshadis

This is unnecessarily harsh

I'm pretty sure DevOps still includes the Ops part, and while a lot of "DevOps" kiddies I've met are basically hotshot programmers who've learned a couple of tricks about deploying and debugging the OS and slap the hot title du jour on themselves, there will always be room for operators who intimately know their software and hardware, even if they didn't develop it themselves. A big part of the value proposition of DevOps is that we can be fairly seamlessly pulled off of a development project to manage an operations project.

With any luck, we can leverage their development background to make something better than the usual Perl monstrosities that function as glue code. At its best, it's not just that we fuse the roles, it's that we can step into whatever role we're needed in and do better.

On the other hand, consultants are consultants, and any buzzword you hear is no better than any other buzzword. Any business hoodwinked by that deserves their fate.

Honestly, if a business wants to grab an ERP and try to shoehorn it in on the cheap, more power to them. When they need to go beyond the basic COTS customization capabilities, hopefully they'll call or hire someone capable.

1
1

'My dream job at Oracle left me homeless!' – A techie's relocation horror tale

foxyshadis

"Doesn't matter if they don't let you have the money, show no interest in letting you have it, and fire you because you couldn't use it." ... and then demand that you pay it back.

6
0

In after-hours trade on Monday, NYSE deployed test code to production

foxyshadis

Re: Beancounters are odd

@Christian, that's by far the worst misinterpretation of Banker's Rounding I've ever seen. Congratulations!

The results would make sense if they were using a "round to odd" variation of the common "round to even" scheme.

8
0

PC rebooted every time user flushed the toilet

foxyshadis

Re: Not a PC but...

The best part of 2G text messages is that you could hear them on any unshielded speaker, a couple seconds before your phone figured out that it had something to show you. The pattern was extremely distinct.

15
0

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns

foxyshadis

Re: It shows that there is one feature missing

What do you mean, "If there was a feature," just use TLS, don't use the pre-shared key method. It's explicitly recommended against in the documentation. TLS (with or without an additional PSK auth) already gives you perfect forward secrecy and has for over a decade.

Just stop being lazy and use certificates.

0
1
foxyshadis

Re: Details, details...

Nope, doesn't have to succeed; it's during the processing of the initial certificate exchange that it happens. An actual RCE hasn't been demonstrated, just a crash, but of the sort that an RCE could probably be created from. Another potential RCE, as well as multiple information leakages, are available if the attacker actively manipulates data MITM (which is usually only possible if server verification is turned off).

4
0

Hotel guest goes broke after booking software gremlin makes her pay for strangers' rooms

foxyshadis

Oh, he knew.

"As for the hotel, its head of PR has chosen the wrong moment to take a day off. A harassed assistant promised to get back to us."

I have a feeling the head of PR chose exactly the right day to take off, after getting wind of a problem of this size.

5
0
foxyshadis

Re: "Sounds like a lawsuit"

"After a stunt like that on a credit card:"

Despite being a debit card, it's still processed on the hotel's side as if it was a credit card. Their payment gateway is going to have some words for them, if they aren't dropped entirely, and Visa is probably going to have some very serious words with both the processor and the bank for allowing so many obviously anomalous transactions to go through.

20
0

Ransomware realities: In your normal life, strangers don't extort you. But here you are

foxyshadis

@Christoph

I've yet to see a single piece of ransomware that would transparently decrypt for the convenience of its users for a whole month to run out the backup clock, while at the same time serving encrypted bytes to backup software. Can you name a single one? Despite the obviousness, that's not a trivial creation; ransomware never bothers because they're all about the smash-and-grab, not nation-state injection.

0
0

Good news, OpenVPN fans: Your software's only a little bit buggy

foxyshadis

Those are bugs?

"....here are the bugs the review did turn up:

* There's a buffer library API that handles dynamically allocated memory safely;

* Wrappers like strncpyt() and openvpn_snprintf() protect unsafe C standard libraries by protecting against buffer overflows and unsafe NULL termination; and

* Keys and other sensitive data are securely wiped from memory to prevent information leaks."

A bit more explanation might be needed?

9
0

BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky

foxyshadis

Re: Dries Buytaert is a joke

One of the first things they pound into HR's heads is that you can't bring up why someone left, or you can be faced with a lawsuit. He brought up that it was all over being Gorean, HR (or in this case, the lead) can refute the specific claim, but they still don't get to air all the dirty laundry, especially if there's a lot of bickering and he-said-she-said.

To me, it sounds like he was involved in a lot of internal strife, and it was him or someone else (or maybe even both). It's perfectly reasonable to fire someone who is causing office issues, unless it's for being a protected class.

5
1

Can you ethically suggest a woman pursue a career in tech?

foxyshadis

Uber and Oracle

Two of the most sleaziest and most hated companies in the entire industry, by men and women alike, and they just happen to be your only two examples. There certainly are more out there, but the fact that the tabloid-headline-grabbing excesses of a mere _two_ companies out of the hundreds of thousands of companies that employ IT and software devs points more to shallow thinking and reaction to headlines than a reasoned position.

20
2

Public IPv4 drought: Verizon Wireless to stop handing out static addys

foxyshadis

I wonder how much of the IPv6 resistance...

...came from the ludicrously long public addresses and the insistence that all internal addresses be external addresses. It's IANA's fault, they began the idiotic policy of beginning all registrations with 2001:0200::/23, then 2001:0400::/23, etc, so all public addresses start ugly and painful. Only in 2006 did they start allocating 2400::/12, 2600::/12, because everyone HATED the old scheme. Then ISPs do the same thing with their allocations, so you get to start off with something like 2601:201:8201:9390::/56 (my actual Comcast allocation) before you can even start using your own digits.

Then there was the constant drum-banging for a decade about how "NAT is evil, NAT is not security, NAT is a kludge." The entire reason that IPv6 is 128 bits instead of 64 bits is that NAT was supposed to go away forever, and we would all be in the glorious world where every network-connected device is public again.

Of course NAT is one layer of security, and admins actually don't think allowing all of their PCs to be publicly accessible for the latest vulnerability du jour is a good idea! The bad taste of that crusade and the related overengineering probably retarded IPv6's growth by a decade.

0
0

'I'm innocent!' says IT contractor on trial after Office 365 bill row spiraled out of control

foxyshadis

I guess you've never worked as an independent contractor, where the rule is to acquire the licenses first, then bill the entity on a cost-plus basis for the time involved. After all, most jobs are legit and pay on time, and running around with a client's credit card is seen as a serious faux pas.

Most likely the tech really did shoulder the £62K on his own; he says he already billed them and had proceeded to a civil suit before cutting them off, so what more do you want from him?

62
0

IT guy checks to see if PC is virus-free, with virus-ridden USB stick

foxyshadis

Re: Not work but...

Once you see how bad it is, it's a lot easier to just boot it up with a usb/cd of the new OS, clear partitions, and start fresh. Fighting for control is a lost cause.

27
0

Dear Microsoft – a sysadmin's wishlist

foxyshadis
Coffee/keyboard

Drunken Dr. Seuss

I am amused by the juxtaposition seen in this article.

https://www.dropbox.com/s/ah9edhmdxz9c39s/drunken-dr-seuss.png?raw=1

0
0

Mumsnet ordered to give users' real life IDs and messages to plastic surgeon they criticised

foxyshadis

Re: Errm ...

"UK libel law is something I don't understand. Now you have to be able to prove everything you write, even in private. Absurd."

Slander, the spreading of defaming stories in private, has been a tort in Common Law far longer than the UK has had colonies, and is much the same in the US. This isn't UK libel law, it's UK defamation law, encompassing both public and private statements.

5
1

Naughty sysadmins use dark magic to fix PCs for clueless users

foxyshadis

Re: "Mechanical Sympathy" and magic

Many years ago, Microsoft RDP and Citrix had an odd bug that sometimes caused a modifier key (shift, ctrl, etc) to stick despite being unpressed. Ever since then, I've always had a habit of running a finger across all the modifier keys just in case, when a password doesn't work the first time, to "remind" the system of the actual state of the keys. It seems to work! I rarely mistype my password twice in a row. ;)

5
0

After promising Donald Trump jobs will come home, IBM swings axe

foxyshadis

Re: The last trump?

That name would be tantamount to high treason, a hanging offense....

It'll obviously be Republican People's Republic of North America.

2
0

Galileo! Galileo! Galileo! Galileo! Galileo fit to go: Europe's GPS-like network switches on

foxyshadis

Re: Meh!

Think of it more as adding 50% more satellites to the GPS cloud -- 100% more within a few years. Significantly better accuracy for the whole world, no chance the US could one day say "not yours."

4
0

Ghost of DEC Alpha is why Windows is rubbish at file compression

foxyshadis

There were never any big instruction set changes to the Alpha, once it was done it was done, later revisions just sped up the chips. DEC/Compaq fronted most of the money and half the engineering to make it happen, because their customers wanted it. It was far more than a marketing ploy, but once Compaq threw in the towel, there was no way Microsoft was going to shoulder all of the burden.

The speed challenges were always more about the crappy compiler, anyway; Microsoft's Alpha C compiler was worse than UNIX ones, and much worse than its x86 compiler. (Which if you've used VC6, is saying quite a bit!)

1
0
foxyshadis

Back in 2003, when I first made the attempt to offline compress the OS, it was an absolute night-and-day performance difference in startup and daily use, thanks to how crappy hard drives of the day were. I didn't say on the full disk, I just said to use it by default; Microsoft could have improved almost everyone's experience for little effort, even if it was only for the Windows and Program Files folders.

Now I have an SSD, and only enable compression on disk images and the OS to fit a little more until I can upgrade it. Performance difference is pretty much zero, when I've benchmarked, because the overhead of compression was designed to be low for 20-year-old CPUs -- it's undetectable now. (Unless you force LZX mode, which I'm too lazy to.) Sure, the SSD itself would compress for performance purposes, but it won't actually give you back any of that extra space.

For the external mass-storage disk, of course, there's little point in bothering.

The days of resource constraints that can be relieved by workarounds aren't behind us for everyone just yet.

0
0
foxyshadis

Re: One Step Beyond?

The first date in the Wikipedia article is 2000, let's go with that.

Oh, the Opteron didn't come out until 2003? Eh, shrug.

0
0
foxyshadis

I'm not sure that calling it rubbish is even all that accurate -- it's not bad for what it is, and competing modern options like LZO and LZ4 aren't much better, they're mostly just faster. It's annoying that they didn't include both a fast and slow compression, like they did with cabinets and wim, but I understand that they solved the 90% problem and going beyond that would just mean new UI work and lots more testing.

What's rubbish is that fact that it's not used by default on all installations since 2004 or so, by which point the disparity between CPU overhead and reading from disk had become completely absurd and file compression was rock-solid. Every OS since XP SP2 should have made it mandatory; it basically halves the overhead of OS and program installs, and is like a little extra space for everything else.

1
1

Two first-gen flaws carried over to HTTP/2, warn security bods

foxyshadis

Code Red WAS the digital Pearl Harbor. In fact, old folks might argue it was the Morris worm, and ILOVEYOU is another good contender. We've been at war ever since, and it's not getting any quieter, just new battlefronts opening up as old ones are won or lost.

5
0

Encyclopedia Dramatica user hit with £10k damages after calling ex-councillor a 'paedo'

foxyshadis

If it's indexed by Google, then you don't have to have heard of it or dabble in it to end up harmed by it.

5
0

By 2040, computers will need more electricity than the world can generate

foxyshadis

Yup, doesn't matter if the linear lines are on a log scale, real life has never followed straight trends. The P4/Power=>Opteron/Core2=>Arm transitions have probably each temporarily _reduced_ the world's computing power needs until device count caught up again; it's not unlikely that this will happen again at some point. That might be the laziest prediction every made.

2
0

Seagate in 10TB drive brand brainstorm

foxyshadis

What's the point of FireCuda?

I don't understand the Firecuda line. 1-2TB SSHD? You can fairly cheaply buy a real SSD to fill that gap, or an SSD+HDD combo to maximize your capacity and performance, instead of a premium-priced half-assed compromise. (Even most laptops have M.2+HDD combos now.) The market Firecuda is trying to serve is shrinking every month, and I wouldn't be surprised if the brand is retired after disappointing sales in the first generation.

0
0

Dell confirms price rise post Brexit vote as UK pound stumbles

foxyshadis

Re: No Problem...

Damn, you want an M.2, two drive bays, AND an optical drive? Geez, that seems a bit much for a portable unit. I found a 128GB M.2 + 1TB spinning rust was good, with an external Bluray reader in the bag in case it's ever necessary (only a couple of times), and today you can easily get 1TB M.2 and 2TB SSD or 4TB spinning rust, which is a pretty massive combined capacity without even needing a second 2.5 slot.

Nowadays you're starting to see laptops with NO 2.5 drive bays, so maybe it'll become a real problem someday, but those are still mostly the tiny super-tablets and ultraportables I have no interest in.

1
0

You know how that data breach happened? Three words: eBay, hard drives

foxyshadis

Degaussing hard drives has never been a workable data erasure method, despite it working so well with tape. Even back kin the 90's, you needed more magnetic power than any commercial electromagnet can provide, unless you have access to a weather radar unit, and they've only become better since.

https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

1
0

Coders crack Oculus DRM in 24 hours, open door to mass piracy

foxyshadis

I think the reporter is a little bit confused, since the DRM was the hardware check, not a software check. This patch doesn't change anything about whether or not you can pirate a given piece of software, it's about whether you can actually play it with another headset once you get it, by paying or by piracy.

0
0

Salesforce.com crash caused DATA LOSS

foxyshadis

That's better than Amazon gives you ("Your instance went down! Too bad! Time to rebuild!"), but I thought the whole point of going to SaaS was that the vendor took care of replication so that server crashes with major data loss just wouldn't happen.

10
0

Compression tool 7-Zip pwned, pain flows to top security, software tools

foxyshadis

Re: More guidance please

7-zip ignores the file name when parsing it, so any .zip or .rar could potentially mask a UDF or HFS exploit. Obviously anything you have up to now wouldn't be a problem, you just have to carefully examine or decline everything new (or use another unzipper) until you upgrade to 16.x.

7
0

US Supremes to hear Samsung's gripes about the patent system after Apple billed it $550m

foxyshadis
Big Brother

Won't be 4-4

It's pithy to assume that the Supreme Court will break even because it does in some highly controversial cases, but if you look at its recent patent decisions, there hasn't been a single 4-5 decision in the last 16 years, and many are unanimous: http://writtendescription.blogspot.com/p/patents-scotus.html

7
0

Telling your wife why you were fired is the only punishment

foxyshadis

Re: If you don't want to be traumatised by people's pictures ...

You'd think having a strong stomach would be an occupational hazard; I've never met any tech who hadn't browsed /b/ out of curiosity, not to mention been linked to goatse and other things all their life. By the same token you'd think that in an internet awash in porn, you wouldn't need a little titillation from selfies, but apparent some guys have a stronger creep factor and need to know their spank bank in person.

2
0
foxyshadis

Re: I doubt it

What cops are going to fully believe the word of an avowed pedophile? He can blab, they can come by and ask some questions, but absent any corroborating evidence, the investigation would be dropped as an attempt to deflect blame.

Maybe if it happened a few times in a row, someone would issue a warrant, but if all the data's been long purged, there's not much they can do there, either.

1
1

You've seen things people wouldn't believe – so tell us your programming horrors

foxyshadis

Not so much your compiler, as every C/C++ compiler ever made. That is perfectly valid code, although modern compilers will spit out a warning if you enable all warnings.

0
0

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

foxyshadis

I don't think "growing sophistication" and...

..."uses VBScript" belong together in the same description.

I don't see how writing code to encrypt network drives but disabling it indicates sophistication, either. Cryptolocker and Cryptowall were already doing that by the end of 2013, and they're 90% of infections.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017