* Posts by Maventi

186 posts • joined 2 Jul 2014


It's now 2019, and your Windows DHCP server can be pwned by a packet, IE and Edge by a webpage, and so on


Re: people use windows server's DHCP ?

Totally agree that Windows DNS is rubbish for any serious work, but it does function. If you've got the time and resources of course it's possible to put together a far better solution for DHCP/DNS than Windows and often for less cost, but orgs who lack ability probably don't know what they are missing with it anyway and for them it's quick, easy and does in fact work perfectly well enough.

I repeat: horses for courses.


Re: people use windows server's DHCP ?

As a Linux guy at heart I somewhat agree with your sentiments, but for MS-centric shops there's little to gain from deploying ISC just to do DHCP and then trying to train admins who often have little mroe than MS certification how to drive it. Whether it's good or not is fairly subjective, but this is just how things are for many orgs.


Re: people use windows server's DHCP ?

It's extremely common in Windows-centric corporate environments using Active Directory, and in those cases it makes perfect sense as you check a box and DHCP just works with dynamic DNS updates and all the trimmings.

Yes Windows DHCP is a bit less flexible than the likes of ISC DHCP if you want to get into more advanced functionality, but in the above cases the time and effort saved more than makes up for the difference.

As always, horses for courses.

LibreOffice 6.2 is here: Running up a Tab at the NotebookBar? You can turn it all off if you want


Re: Two things to fix in LO, and a benefit you forgot

> Now try that if you have an English keyboard...

Just tried on my Mac with LibreOffice 6.1.0 and English keyboard and alt/option as a modifier works just like it does in any other application.


Re: Font problems

To be fair though, 6.2 is still in preview while 6.1 is stable. LibreOffice certainly has it's warts, but context is important when making judgements too.

Open sourcerers drop sick Fedora Remix to get Windows Subsystem for Linux pumping


Re: Linux is moving on the desktop.

> Adobe have pretty much said they hate Linux and will NEVER port Photoshop

I wouldn't say that's entirely true - never say never!


Outlook Mobile heads to the White House, passes infosec clearance for federal sector


And it's a shame, because Outlook has never been very good at actual email at all. This has only improved slightly in the last couple of versions. It's the extra non-email bits that make it useful. Now if only they would finally fix contact searching and all those annoying modal dialog boxes.

Windows 10 can carry on slurping even when you're sure you yelled STOP!


Re: diving headlong into the Registry

I thought one of the advantages of Windows over Linux was not having to resort to 'complex' stuff like this?

Microsoft polishes up Chromium as EdgeHTML peers into the abyss


Re: "Oh shit I just hit back space and actually went back a page"

> Don't you ever notice such behaviour in the past twenty years? How do you believe people not using a mouse go back?

> Or you're quite new to those things called "browsers"?

I've been using "browsers" for over 20 years. It's been a long time since I've used one where the backspace key went a page backwards, probably some old version of IE. It's a silly feature anyway as it's prone to accidents when focus moves out of a text field so I don't miss it in the slightest.


> Periodically I try Linux and after a few hours of trying to get everything working, I give up and go back to windows.

Same in reverse here. I guess everyone has different needs.

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz


Re: At least is isnt oracle or M$

> honestly, MS would be fine. They're big into Linux and open source and still a heavily pro-engineering company.

> Companies like Oracle and IBM are about nothing but making money. Which is why they're both going down the tubes. No-one who doesn't already have them goes near them.

Disagree - all three are about making money, and all three are 'into' Linux in some shape or form. The only difference that separates Microsoft from the other two is that it has an enormous and entrenched marketshare in consumer and enterprise client computing that the other two don't. The downside to MS grabbing RH is that it would further reduce the options available for commercially supported 'enterprise' OS vendors. Those tech big companies have too much power as it is.

Is this cuttlefish really all that cosmic? Ubuntu 18.10 arrives with extra spit, polish, 4.18 kernel


Re: GNOME, KDE, LightDM, XFCE ...

> As for developers ... well bad luck if you were writing a suite for Unity, and your target market switches to GNOME.

At least in that particular case they both used GTK 3 so not an issue in practice. Agree with some of the other points though.

Love Microsoft Teams? Love Linux? Then you won't love this


This is no surprise - Microsoft is very specific in terms of how it 'loves' Linux and all of them involve revenue. Microsoft supports Linux in terms of:

1. Allowing users to run Linux apps on their own desktop OS (Windows 10). This helps keep devs on their platform (revenue stream) who might have otherwise moved on.

2. Ensuring Linux VMs run well in their hypervisor. This is purely a play at Azure - MS knows that the majority of Internet platforms use some form of FOSS stack and that isn't changing any time soon. Better to embrace and provide somewhere to host it reliably (i.e. Azure). That makes up half of Azure now, and is steadily increasing. That's at least double the Azure revenue than would be the case without good Linux support.

3. Supporting expensive but niche products like SQL Server on Linux. Once again, new opportunities for revenue in terms of SQL Server licensing.

4. Enterprise is heavily entrenched in Microsoft, of which one factor is that the whole stack is designed around itself (some might call this vendor lock-in). This represents a big, steady revenue stream.

Producing an 'enterprise' client app such as SfB or Teams for the Linux desktop sets a (very small) precedent for validating the Linux desktop as a viable enterprise option. This in turn threatens (albeit lightly) number four above with little to gain in return. No wonder there is little incentive for them to make this a reality at this time. Eventually as the revenue model moves more towards cloud then this will matter less to them, so no doubt far down the track we might see some progress.

Microsoft has signed up to the Open Invention Network. We repeat. Microsoft has signed up to the OIN


Good move Microsoft! Now let's see a properly open implementation of ExFAT.

Red Hat admin? Get off Twitter and patch this DHCP client bug


Re: Is this dependent on Netcat?

> I always wondered why netcat is installed in every 'nix...

Except that it isn't; try a minimal RHEL or CentOS 7 install for example.

What I would like to know however is why NetworkManager counts as necessary for a 'minimal' install.

Microsoft loves Linux so much it wants someone else to build distros for its Windows Store


> Still, that'd be one way of getting WiFi working properly in "Linux". All the Windows device drivers would be available.

Funny, I've had more issues dealing with WiFi in Windows (usually from patches) than Linux. That said I blame the issues on both platforms squarely on the WiFi chipset vendors.

Windows 10 to force you to use Edge, even if it isn't default browser


> The latest few versions of macOS bug you a bit if it's not Safari though.

That they do, and it's damn annoying. If I wanted to use Safari then I would use it.


Re: Fucking idiots

> exactly my point on here, Microsoft does it - out come the penguins on a rant

> anyone else does it - silence

Incorrect - they are all taking the piss. Apple on iOS. MS with their apps (Cortana, now Mail, etc). Google with things like Hangouts.

All are user-hostile decisions.

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them


Re: Oh dear

> But I honestly don't have the time to manage hundreds of individual client IPs like that. Set up the servers. Maintain a list of their IPs. Done.

Neither do I, or even have the time to maintain lists of IPs. It's called IPAM and most decent provisioning/lifecycle tools automate all that. Bootstrap new systems via DHCP (for PXE) then have them reconfigure themselves with the same static address as they build. Let the tool take care of assignments and managing leases. Easy as pie. If you need to bulk update changes such as DNS then that's what tools like Ansible are for; change one line in a playbook, test, commit, job done.

Servers shouldn't rely on DHCP - in fact servers should rely on as little external services as possible to sustain their operation.

Wish you could log into someone's Netgear box without a password? Summon a &genie=1


Re: Exactly why I don't use OEM firmware.

> I do use DD-WRT, but just because the code is freely available doesn't mean it's not got bugs...

Correct - those platforms (like most) absolutely have bugs. The practical advantage of those third party FOSS options is that the bugs are normally more complex, and more importantly the patches are released quickly; support usually continues longer after the manufacturer gave up on the hardware.

LEDE and OpenWRT kiss and make up


Re: Thanks, folks.

And one from me too. Keep up the good work folks!

Azure VMs borked following Meltdown patch, er, meltdown


Re: like mnany I suspect.

> This is part of what organisations should be doing in assessing the risk to their organisation on machines which don't run user interactive sessions, and "adequate protection" is deemed to be in place.

Good call.

> If you are in public/hybrid cloud...

Then it's probably best to take the performance hit as you never know who else might be sharing your compute node with potential access to your own host's memory.

And we return to Munich's migration back to Windows - it's going to cost what now?! €100m!


It does certainly appear to be primarily an organisational and political failure (as opposed to technology) as we can see with all the speculation and commantary around this issue. There are plenty of wide-scale Linux desktop deployments out there (particularly in the European public sector) that have been very successful - they simply don't make the news because they just work as expected.

Speaking as someone who's spent over 20 years managing Windows-based and and some fully Linux-based enterprise networks, both can be done effectively with the right processes in place. The Linux networks I've managed (including desktops) have had almost zero complaints even from extremely illiterate users - users simply don't care what the tech is as long as they can get their work done. Linux can certainly save a lot of money overall if done right, but whether it does in practice all depends on the organisation's actual requirements.

The best thing that can be done is to actually establish those requirements and build to them, rather than choosing the platform first.

Most users certainly don't have many emotional ties to Windows - proof of this is the the fact that the majority of personal computing devices in use by consumers today don't run Windows (although it's a small margin admittedly). There is love for Word and Excel among a few users and sometimes those two applications alone can end up dictating the entire network architecture. A shame - an entire infrastructure shouldn't depend around a couple of apps, but that's what originally got Windows so pervasive in enterprise.

Also note that unhappy users exist on any platform - I've also come across plenty of badly-managed Windows networks where the users loathed it. Not a failing of Windows per-se, once again it's usually bad implementation. Apply some elbow grease (along with a big invoice) and everyone is happy again.

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered


Re: As an amateur

@AdamWill: probably the best response to this thread that I've read yet! This one's on me!


Re: Accidental Aardvark

> At least Windows never killed my BIOS...

Not your machine perhaps, but there have been plenty of reports of Windows also doing it in recent years.

That said, I don't think this is a really either Windows or Linux issue. I think the blame rests squarely with bloated UEFI design and in particular lazy implementations by many hardware manufacturers. It's plain that the design can't be very robust if software bugs can so easily upset the boot firmware.

Exim-ergency! Unix mailer has RCE, DoS vulnerabilities


> The vast majority of companies use MS Exchange.

Yes that is very true, although it's typically a user-facing groupware server as that is where it shines. As a straight MTA however, not so much as that isn't really the use case Exchange is designed for and it's a very bulky option for solely moving messages around behind the scenes.

Most orgs will use Exchange for groupware in conjunction with other MTAs for processing and filtering inbound and outbound mail (often located in a controlled network segment like a DMZ).

The 0.8% statistic does look strangely low, but when you consider that this survey was conducted in terms of Internet-facing services then it starts to look more realistic as I don't know of any orgs that currently present their Exchange SMTP services directly to the Internet.

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018


Re: I wonder about motherboards

> No - no it isn't. Not for Intel at least. It's part of your CPU!

Incorrect - it is in fact part of the chipset rather than the CPU. https://en.wikipedia.org/wiki/Intel_Management_Engine#Design

Still has access to all the things though.

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS


@Adam 1 you forgot to encode the password in base64, just for additional protection.

Don't worry about those 40 Linux USB security holes. That's not a typo


Re: Physical access means you own the system

> Unless of course it runs say Secure Boot with Bitlocker.

Hopefully then it doesn't use a key generated by an Infineon TPM, or use an Intel CPU manufactured after 2008.

AMD, Intel hate Nvidia so much they're building a laptop chip to spite it


Re: "Nvidia's dominance"?

@phuzz agree the PowerVR stuff is a complete joke, but if you stick to mainstream desktop CPUs (i5/i7) the situation is much better.


Re: "Nvidia's dominance"?

> The vast majority of people either can't upgrade (corporate purchases) or don't know it's an option.

Then there are those like myself who specifically purchase desktops with Intel graphics because their Linux support is second to none. That's especially important when deploying desktops in hundreds at a time.

OpenStack says its work is largely done. Now your hard work can fill in the blanks


Re: More likely...

> The easy life solution at the moment is Azure Stack.

For a short-term quick win then absolutely yes - Microsoft have a very compelling offering there.

Putting in hard yards for OpenStack is likely to provide better value long-term though, and helps avoid the lock-in.

'Open sesame'... Subaru key fobs vulnerable, says engineer


Re: Weakest link...

Possibly - but if done right this has some very sneaky potential.

It won't really speed up someone stealing the car outright (and that would be obvious anyway) but if you say left a wallet (or valuable item) in the car and a thief was able to unlock the car, steal the item and then lock the car afterwards, a lot of folks wouldn't even immediately notice and would likely have a hard time trying to remember where they actually last left with said wallet or item.

Certainly a locked car with no trace of tampering would not be high on the initial suspect list, and by the time the victim takes any decisive action, the thief has already had plenty of time to spend up large on their credit card or fob off stolen item. It's likely the car would remain completely unsuspected even well after the fact.

How many times can Microsoft kill Mobile?


Re: Microsoft is trying very hard to kill itself.

"What have they screwed up on Server?"

The licensing model.

Microsoft Edge shock: Browser opts for Apple WebKit, Google Blink


Re: Seriously.

Tried it, and it's not half bad. Certainly better than the crap that some Android vendors offer (including Samsung). Still got ways to go to top the true vanilla Android experience though (Nexus/Pixel).


I understand the choice for iOS as there is no choice, as we well know. What I don't get is the use of Blink for the Android version. This doesn't say much for their confidence in EdgeHTML.

In fact I think MS would be wise to open source EdgeHTML as it's the only 'major' HTML engine in existence today that is entirely closed source, and the only major browser still tied to a single platform and version. Either that, or switch desktop Edge to using WebKit or Blink.

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?


>This is partly the fault of yum's maintainers. There should be a blatantly obvious warning and acceptance prompt if you try to install an unsigned package. That would force companies to do it to prevent complaints from users.

There is. By default yum will scream at you if you try to installed unsigned packages; you have to explicitly configure yum to ignore signatures. Given that even the most lowly back-alley free projects can quite happily manage signing (as someone who has built plenty of RPMs myself I assure you it's utterly trivial!) I'm completely astonished by Slack.

Gotta live up to their name I guess.

Unloved Microsoft Edge is much improved – but will anyone use it?


Free EdgeHTML

Seriously Microsoft, just open source the EdgeHTML engine already. Edge is the only major browser left that doesn't use an open source rendering engine, and the only major browser stuck on a single platform.

Nobody chooses an OS for the browsers that run on it, but they do sometimes choose browsers because of the OSes they don't run on.

You will very quickly see folks use it to create a browser for other OSes (even older Windows) and all sorts of other creative things you couldn't imagine, which would likely foster wider adoption, mind share and good-will.

Just saying...

Official: Windows for Workstations returns in Fall Creators Update


> ... as a corporation would for a hefty server would be a hard sell.

I agree, although I specifically meant client versions of Windows; there are enough of those alone. The Windows Server licensing situation is a whole different nightmare altogether. :)


Why are there so many different versions of Windows 10? Can't they just make single release for all client devices (desktops, notebooks, etc.) and be done with it? Be a lot easier for all of us.

Windows Subsystem for Linux to debut in Windows 10 Fall Creators Update


Re: Windows 10 Fail

Ugh, I have terrible memories of the Microsoft NFS server. It's also completely pointless as serves little purpose for Windows clients and does an awful job for POSIX clients.


Re: Standardisation is always welcome

"And whatever Unix did, forty years later it may just be an outdated standard today..."

As opposed to say the relevance of 'C:\' today?

Unix has aged far more gracefully.

Solaris, Java have vulns that let users run riot


"Most Android Apps are written in Java"

Java is simply a language. Oracle Java SE is a well-known example of a Java VM or runtime environment that is also colloquially referred to as 'Java'.

"and the ADK has mostly Java interfaces"

Google copied Sun's Java API in their own implementation of the language and runtime. This is the basis of the infamous Oracle lawsuit.

"how does Android not run Java?"

Android runs ART, which in turn replaced Dalvik found in older Android versions. These are both Google's own creations and are unrelated to Oracle's JVM products mentioned above.

The poor security reputation for Java largely stems from the browser plugin included with the desktop versions of Oracle's JVMs (and it is pretty bad), but this has unfortunately extended across much of the industry to tarring anything remotely involving the name 'Java' with the same brush. That said, this latest run isn't helping. :)


Fair call. I did a cursory search for such vulns and found nothing obvious, but subsequently see what a number of these appear in OpenJDK too. Humble pie time for me.


Seriously though, who in their right mind still uses Oracle Java SE when we have OpenJDK?

Azure Stack's debut ends the easy ride for AWS, VMware and hyperconverged boxen


This is a brilliant play by Microsoft. In many heterogenous networks Windows is slowly being relegated to a middleware software layer running on the likes of VMware and being accessed from thin clients and mobile devices. This turns the tables right around and puts their stack out in front, with Linux and other platforms becoming the meat in the Microsoft sandwich.

The trick for those wanting to go down this road will be to watch the early adopters and then jump in once (or if) this matures - execution is certainly not Microsoft's strong point historically so best leave to others to sort the teething issues out first (and there will be plenty). If this works out it will make for a very low entry barrier for those who simply can't use public cloud.

Like most 'black-box' solutions, the drawback is massive potential for lock-in via proprietary APIs so it will be interesting to see how this plays out long term. It might be an ideal solution medium turn, but your entire infrastructure becomes dependent on the direction of a single company which always results in pain when you have a business need that doesn't fit into the mould.

Ubuntu 'weaponised' to cure NHS of its addiction to Microsoft Windows


"The rollout was cancelled because they had paid for the wrong licence, then built the image on the incorrect (ie the version they *meant* to buy a licence for) version of Win7, but that's another story!"

And that, folks, is one of many examples of the hidden costs of complex proprietary licenses that simply disappear with FOSS. It goes beyond the sticker price - the cost of license management and compliance is eye watering but seems to be often overlooked.

Raspberry Pi sours thanks to mining malware


Uh, that looks more like a typical crypt password hash (in this case SHA-512) rather than an actual password.

It's a shame this worm is even a thing; recent-ish Raspbian versions warn you every time you login via SSH if you retain the default password.

I'd have expected that most folks knowledgeable enough to get a public IP directly to their Pi (even if via port forwarding) should know better, but I guess you learn something every day.


Biting the hand that feeds IT © 1998–2019