Use the new KeePassXC, add the plugin to Chrome/Firefox. Very Nice
48 posts • joined 4 Dec 2017
Re: How To Do Encryption IN THE REAL WORLD
I reply to this because,... If you want to do ANY one-way key crypto, it's just not trivial. My pubkeys are registered, I copied my .gnupg folder onto the box fired up TB installed enigmail, checked the sign all mail box, and off I went. There is another box to 'encrypt by magic' for folks in your keyring.
Seahorse is reasonably intuitive to set up a fresh set of keys, or add pubkeys of people you know. And enigmail will happily add any .gpg/.pgp pubkeys if you let it and confirm.
I've tried to explain 1-way crypto to the unwashed masses several times. They don't get it. Neither did the IBM salesman understand 'Blockchain' tech he was trying to sell me. But he sure did want me to buy it for a lot of 'bitcoin' ;)
As long as you are not doing MFA, davmail will convert O365 to imap/smtp/davical/carddav/ldap. Calendars not so great, the rest of the stuff is pretty good. Our MFA has an on-net exemption, to I just fire up a vpn connection and use davical. I am using thunderbird. On balance it's currently best in breed for my use. A bit high on the knob turning, but enigmail works well, and lightning is barely tolerable. the stalls from Evolution drove me nuts. I handle several hundred messages a day. Back in the day mail filtering was done by a '.forward' file in your home folder, and then processed by your MTA as got dropped in your maildir (or . . .). Again exchange integrated and hid all this in a standalone server. Good design choice, woeful implementation.
The 'exchange calendars' plugin for TB is very good. except. No MFA, and it goes berzerk if I'm online but not on VPN. Considering a TB container with a full time VPN tunnel X'd to the not-wayland local display. Arf, arf.`
Re: That's nice dear ...
The nice thing is how well outlook runs with exchange. Well most of the time. Maybe. Unless you have a Samsung phone. Or how well 'modern' auth works. You know 2FA with O365 is so . . . Uh, er, stable...ish. And how the native clients work so well with 'modern' auth. If I hear one more MS flunky talk to me about 'Modern Auth, and how you can't have security without it, I'm going to shove my phone down his or her throat.
Frankly none of the mail clients on the planet today are worth a sh*t. Evolution? T-Bird? I used to like the integrated opera mail client, but It died with the old rendering engine. And good ole MS. They've had what? 6 or 7 different 'standards' for communicating with exchange. I believe we are going back to MSA or whatever it was because OWA doesn't support ... wait for it .. 'Modern Auth'.
The calendar integrations for the various non-ms cruft, ical, davical, whatever-you-cal lit. They are either implemented poorly or broken, I don't know which.
And now that my company O365 password is changed, my win10 native mail client won't talk any more either. ADFS is an abortion. If someone comes up with something better that works, I'm all in, but I'm still confused as to why one could not trivially extend IMAP/POP/Whatever to create a 2nd factor or token.
My biggest gripe has always been around separating SMTP. I wrote a pop3 daemon years ago that would allow the XMIT extension supported on several text mail clients. Eudora comes to mind. This was always the big win with Exchange, simpler to connect, and tied into your directory service. IMAP has extensions for this as well, but I never really understood why one would complicate the interaction so much over pop3.
I could fairly trivially hack my pop3 daemon to handle tokenized and/or MFA as well, so frankly I just don't get why nobody ever supported stuff like this in a client.
Re: So is the latest itteration of 1809 safe to install yet??
Frankly, A big chunk of the SH^h^h cruft issues are because of INTEL. To my knowledge INTEL parts have failed to meet specifications since the 8080 days. Bus controllers were notorious. The Z80 zoomed to fame becase their parts were so much closer to published spec. Then crashed, because they couldn't get parts out the door. In the early days the n86 'chipset' vendors were numerous, many producing vastly superior support chipsets to the INTEL ones. It was kind of stunning. As it is, *today* INTEL can't seem to produce a consistently performing support chipset. Every rev seems to have idiosyncrasies that bloat driver code, and require much tweaking and intervention by the hardware manufacturers. I don't understand why the hardware API needs to change so dramatically every rev. It's not like the 1GB ethernet spec changed. Further why does something like suspend/resume get more convoluted from rev to rev?
Look at the '8049' code in the linux kernel. Since INTEL started with their newest chipsets there are now dozens of code work arounds attacking broken things in the various intel chipset implementations. We are talking about a microcontroller running the KB and Mouse from the original IBM PC from the '80's. Surely by now that would require pretty much ZERO coding changes, and yet . . .
Frankly I find it stunning, and innovation stifling. The reason the PC-AT-... platform became the de-facto standard was because we only had to write the low level driver cruft once. ARM could own much of the desktop/laptop market with an incremental leap in performance and a decent reference design. Alas we don't seem to see it on the horizon.
Re: Where we are vs. Sci Fi predictions
This doesn't really deserve a downvote, although a bit vitriolic. There are thinks about building a house that perhaps warrant a modicum of regulation. Not sure *where* that should occur. What is the libertarian way to make sure the wiring in your house is at least reasonable? Caveat Emptor? Do we really want to allow a sub-division at the end of an airport runway? Sure, don't worry about the leaky gas line up to your house. How could that possibly affect your neighbor 20 feet away?
OTOH, there was a movie with James Cromwell about building a house on his property in the middle of nowhere, basically from scratch. Who am I or anyone else to tell him how he is to do it? So the best ticket is the least intrusive, but we have to keep folks from screwing other folks next door by being stupid.
This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet
Re: Any actual configurations where this might work?
Nope. Deb 9 the setuid was removed if current. This breaks startx and Xrdp. So there is now a wrapper. And some config tweaks needed to use vnc. You can run startx against your own console vtxx but it beaks if it auto-allocates, can't write... xorg -query .... aaagh.
This is easy to fix removing he suid bits, but the other tools just need to catch up.
I'd patch hourly if it didn't break shit. Unfortunately it breaks shit. Not every time. Generally when you are least expecting it, and sometimes two weeks after it was applied, ... "Every time the EOM jobs run now they puke, and it takes hours for us to clean it up... What gives?" You can pie in the sky all you want, but if you change shit, you break shit. The more shit you break the worse your reputation, and the more push-back you get the next time you want to patch. YMMV
Well you sound smart.
Nobody is going to move anything. Fiber is all or nothing in most cases. Bends are a huge issue above 40ghz on smf, generally you hook up and test. The cable manufacturer won't be doing any studies, and I'd bet most of the ta stuff is 100ghz or less. I'm not aware of any feeds into my dc that are over 100. Still too finicky, and the termination equipment is outrageously expensive at 100.
Depending in what you can put down on the ocean floor as a repeater, every 30 klicks, I'd say any issues at a facility on the coast would be pretty simple to overcome by comparison. It's not like the coastal facility is a data center, it's just a switch/repeater to some inland dc.
Total Malarky. This is abject stupidity
So all these seaworthy cables terminate 1" above the shoreline?
In an environment near the ocean with tides and surges, I put all my equipment 1 " above the high tide mark?
Trust me. Back in the 80's/90's the main switchpoint Inland in Va or MD got flooded, took out communication on the East Coast for a day. It was weeks before full capacity was restored. I can assure you that lesson was not forgotten. An underground bunker seemed like a good idea at the time. Unfortunately the equipment was sitting in a foot or two of water, once it breeched.
Now this transatlantic stuff is totally over-engineered. I'd bet those cables terminate 20-30 ft above highest tide in sealed structures with massive pumps and backup systems. Tsunami might get it, but I'd bet even then they could have it online in a day or three..
Problems are usually more mundane, like the fiber cut 2-3 years ago in Roll,Az. Took out the fiber on both sides of the RR tracks doing some road work. Took out as in they had to run all new cable for the segment in the ground. That took some time, we routed dallas to chicago to la for over a week from phx.
Re: Hypocrisy of dissent
What's an 'Assault Weapon'? Which 'Assault' weapons do you wish to ban? Want to make a case for a bump stock, I might listen. Calling semi-automatic rifles 'Assault' weapons cause they look militaristic is STUPID! Automatic weapons are aready very restricted. So are crossbows in many places.
Again, lack of basic understanding. Some medical machine is not running 50 vm's and random user generated processes in a cloud rack. It's a dedicated hardware appliance. Specter/Meltdown are not relevant. Generally the PC component is for control and data analysis of the hardware system. Like an old CNC or a shiney new EWACS. The problems normally are that you have to leave lower security protocols in use on the net because the control PC "Don't Talk TLS1.2". And of course you don't want the control system compromised because ie5 is running on XP, and the operator was surfing porn sites from the control console. These are manageable issues with proper care.
And the idiot users at my company that just keep clicking on effing phishing and putting in their creds to get the doc. 200 people out of 1500 clicked the link this time. Never heard of xyz cleaning service but I sure do want to see the invoice from this dude I've never had an interaction with, ever, in our company! Since I'm now on compromised.com's https site, I'd better put in my o365 email and pass, plus my security questions, cause my password didn't work! It's stunning.
East-west mime de-fang coming to a neighborhood near you... It's only money.
Re: weird decision by Aussies
If you are clueless of how the tech works shut the Eff up. Trust me, a chinese knockoff fingerprint scanner is not "phoning home" nor installing malware. It might return the same data no matter the finger. . . Testable. But it can't take over your phone and send your bank data to china. The main issue with this cheap hardware is quality. Reads your fingerprint just fine . . . For about 6 months, then just refuses to respond. Mixed bag. Your call, just like the tires on your car.
Be that as at may, some really intersting IOT hardware runs these components. I'd worry about somone leaving a gadget plugged in on the home net like these new fridges, way before replacement hardware in my cupertino engineered candy bar.
Both outsides. even on the 8"s
4 pin on 3.5 was awful but the 2 insides were ground, outsides were 12/5. I had some 8's with non-standard connectors. However I have reversed the 4 pin molex on both hard and floppy drives. Often very cheap plastic with minimal material around the key side, or brittle to the point of splitting with minimal force.
Bunch of Crap... GDPR bah.
GDPR is vague shitty cruft. A hammer on a thumbtack. Facebook the company did not post pictures of your house, car, dog, cat, kids, and all your recent photos, trip itenerary, when you are not going to be home so it can be robbed. Your diatribe against bank that bounced your check, your wonderful investments with Schwab, or ...
But darnit if someone figures out from your posts that your bank account is vulnerable and uses that information to steal it, we are going to throw Mr Z in jail and take all his money damnit!.....
No wait, the lawyers get the money, but that's fine as long as he gets the shaft!
Uh huh, totally sane.
Uber's disturbing fatal self-driving car crash, a new common sense challenge for AI, and Facebook's evil algorithms
Draw the line please.
Where is the stupidity line? Phoenix/Tempe is on a grid made up of higher speed feeder roads every mile. it is often 1 mile between lights that are often timed to let traffic run without stopping. If you live here you know that. Some fool decided to walk a bicycle out in front of a car likely traveling in excess of 40 MPH at night from a random point between major cross streets. I doubt anyone in this discussion would have reacted in time. If you tell me any different I call bullsh*t.
I wonder if it was one of those rent-a-bikes.
I wonder if someone was trying to get 'nicked' for insurance... Happens not too infrequently here.
But please feel free to believe that you can react and swerve in less than a second because some idiot decided to run out in front of you pushing a bike. Likely I would have hit them as well.
Back in the day . . .
It often was not clear on your 16 color screen. . . The stupid thing is that a program wou;d let you set your fg and background the same. The hard part was typing blind to get it back. Thimk bumping the wrong language on an old android and trying to figure out which setting in chinese says language or whatever. Only worse.
Digging a lake . . .
Nope. You'll need a permit for any kind of man-made lake. Along with an environmental impact statement. Sign-off from the Army Corps of Engimeers, . . . Etc, etc, etc. Wanna piss thru a billion? Try contruction pretty much anywhere in CA on anything involving altering natural landscape that involves water. Even a swimming pool can be a pain.
Re: It's time...
Bullshit. My old man flew those things when getting shot at. He's got a picture of one he flew back with a pretty damn big hole in it. Scary, maybe a 30mm round, hard to tell from the pic. Pop didn't notice, mechanic showed it to him. I've seen a drone disentigrate tapping a clothes line. Average drone hits a chopper blade I'm not sure if you'd even notice. Drone would be obliterated. You act like they make helicopter blades out of tissue paper or something.
That being said they should outlaw drones, for myriad other reasons.
Re: Fork in the road far back
BBx/Mkeyed on SCO, with ~100M records. Wouldn't fit on a single drive of the day. I think we had a 3 raid arrays with 1G drives in it, this monster took 2. Further, you could forget backing it up easily. CPU is rarely the bottleneck since before 2000. Disk performance has increased dramatically with SSD, but CPU's still spend most of the time waiting for i/o. Meltdown was trivially addressed, and new os kernel models will improve performance closer to ignoring it. Spectre is kind of far out there from an exploit concept. Both will be addressed in the nextgen chips at some level. Let's be real about this, and stop sensationalizing the impacts. Your Netapp/EMC/IBM storage array is your bottleneck, and these issues are irrelevant to them.
But they didn't claim any such thing
I'd like to see the guarentee, or claim made by intel their chip would run any paticular software at any paticular defined rate. Statements like this are stupid. Further, all these issues could be addressed by software at the os level 100%, by creating an OS level security model around the behavior. So let's sue microsoft and the fsf and apple and,. . . Better yet, why don't you just turn all your shit off if it's really that bad to you. This is just flame bait.
In the case of the multiply bug intel DID make claims. In this case the device performs as advertised. The fact that performance comes with some security issues is what it is. Re-write your kernel to handle it, or move on. In the mean time show me someone who has successfully used this outside of a lab to actually gain something useful.
Kaspersky is just not that good anyway.
If the US Govornment doesn't want to buy tech from a firm that is not on native soil that sounds like a reasonable security measure to me. It's probably stupid, until it isn't. . . Not to say a US tech firm could not be exploited by a foreign government, but I'm guessing we could react somewhat faster if they were here in CONUS. But hey, it's a free country *you* can buy whatever you want, from wherever you want.
If you live in the UK, you can howl to the appropriate places as you see fit to allow whatever you might want your government to use. If you don't live in the US, then it's not your concern, get over yourself.
All that said Kaspersky is as awful as McAfee. I'm liking Cylance thus far, Sophos was getting way too flakey and fat. YMMV.
This must be intentional flame war comment stuff. Do people really lack enough cynicism and experience to believe that the Russian government, or the US governent for that matter would not try and exploit something like an AV program installed on machines if it so desired? Really?
Re: Software has to pay attention
Not easy per se, not generally difficult.
You have to either set the iostream to NONBLOCK or use a select call. The issue in a pipe/ipc is the stream you are reading from and how buggy your select() function is.
Select can be a real bitch, you have to load your file descriptors you want to monitor in arrays for read write, give it a count with a timeout 0. I wrote a simplified C function long ago along the lines of has_data(int fd) ... nested in a readline function. If you can get NONBLOCK on your stream you can just do a read(int fd, char *buf...) and it will return 0 if you got nuthin. Much fun with ioctl's on serial lines and other character devices.
Correct me if I'm wrong. . .
These bugs allow someone already on the machine to read memory they shouldn't by crafting a specially designed program.
Then you have to make some sense out of what you managed to see.
So basically you get to sift thru gb of constantly changing data and try and spot something useful.
Not saying it can't be done, but from a threat perspective, or attack vector this seems way more difficult than dropping USB sticks outside the building. . . Enlighten me with something you can actually accomplish with some kind of timeframe and numbers. Don't get me wrong it should be addressed but multiplying floats wrong seems a lot more dangerous than this.
Re: Hardware difference
It depends on how far you are from the DSLAM. Carriers are slowly migrating the billions of purchased hardware over to new vdsl3 endpoints, and they've actually pushed near gb speeds with the latest hardware. Att uverse last mile is generally bonded, actually vdsl these days, but ymmv by location. Can't run 5 mi on copper any more for the newer stuff. If you can get under a mile to the dslam 100m is no problem unless your copper is shot.
Obviously you don't have a clue about the technical challenges of a 10g fiber rollout. I do. Where might I obtain some carrier grade multi terabit backplane gear on the cheap? Really, truly, I'm interested in it. Heck, I'm down for some non-finicky 100G single-mode long distance interconnects. Really, advise, please. 40G is tough, going past that is esoteric, and very expensive. But hey broadband should be cheap for *me*. After all I deserve it.
Further, neither am I interested if our employees can stream the latest episode of Game of Thrones in 4K to their desktop. I would like them to be able to put in a salesorder, securely, and reliably. Hence the desire for 10M on fiber, instead of bundled T's or DSL on aging copper (to connect to MPLS services, you know, with those pesky SLA's). We have secured wireless backup services. Spotty at best, we won't talk about voip on most of it, but hey, you sure sound like you got this stuff down. Please let some of us clueless f-cks actually doing the sh-t in the trench what we are doing wrong!
Bunch of ungrateful brats this generation.
First part of the article, good info.
Then we seem to imply it's the governments resposibility to MAKE broadband providers upgrade infrastructure. Say what?
I've trying to get 10M fiber based service up in 3 not so remote locations. The hold up? Permits. Can't get permits. Ever tried to get a permit to run a cable in California? Get the government out of the way, and then maybe we'll see an improvment. No broadband provider is going to expand into less lucrative rural areas until they can get the infrastructure in place in more lucrative ones without spending zillions to get past the governmental bureaucracy to fund it. The US is *big*, lots of land area, and if you want to expand coverage stop setting up roadblocks.
Re: American democracy
Nobody's holding a gun to anyone's head who wants to leave. All those hollywood types promised if trump was elected. . . They were full of sh--t because they like living in their overpriced left coast homes with their illegal alien housekeepers, fleecing the willing from their entertainment dollars.
If it's really that awful to you, don't live here. Move to mexico or the UK, or Greece, or Canada. Really much better, get the f-ck out, and don't come back.
Re: Liar liar....
I'm so confused when people downvote stuff like this. Get your head out of the freking sand. Even the liberally biased media reported this stuff (On page 4, but I digress). Wake up people and think critically. Where is Sam Clemmons when you need him? Hillary is is as Dirty as Nixon ever was. Playing political strong arm is plain wrong no matter the side of the aisle you are on. Sheesh
This is the short term answer. Fusion PHEV is now upwards of 50mi on a charge. Pretty impressive. My commute is around 25-30 round trip. Most times thats about my limit for a day. If not, let the hybrid kick in. I'd probably have to force the issue once and a while to keep the gas engine from rusting ;). Interesting times indeed, I think it's exciting.
Saying 'Ford sells crap' (or any other brand for that matter) is silly. I've seen plenty of junk from all of them, and conversely most car makers have series that have been strong.
Many (er many many) years ago when my grandfather was still alive ford did a commercial with a pinto and a model T driving up steps. I said something along the lines of 'gee grandpa too bad they don't make cars like they used to!' After he stopped laughing hysterically. . . He said something like 'SON! Those cars came with a tool kit. . . Because you needed it! This caddy will run close to 100000 miles before the engine quits, has a/c, electric windows, leather seats, and takes us down the highway smoothly at over 70mph. I've been watching cars improve for 50 years, these vehicles today are amazing!'
Today's worst vehicles will run 200kmi, sip fuel, and pollute our environment an order of magnitude less. It will only get better over time.
Most currencies have a government backing of some sort. Historically, the weaker the backing the higher the inflation rate of said currency. Bitcoin is backed by pretty much nothing. There is no government nor body that is behind the value. There are no hard assets behind the value. The fact that zillions of folks invested in a number created by an algorithm strikes me as slightly insane.
If the balloon goes up, I would be heavily invested in ammunition?, food, tools, metals, land, you know, hard assets that are useful for something. When people don't have enough to eat, or shelter from the elements, even paper currencies fall from grace. None the less paper currency with a government (Army, Navy, Infrastructure, etc, etc) behind it generlly still has some value.
Just not seeing bitcoin as other than a novelty. I truly expect to see it crash hard. I could be wrong, and plenty of folks will get rich off it either way . . .
Re: The paper trail will say what the machine SAYS
Look *anything* can be manipulated. The goal is to make manipulation as difficult as possible.
A printer improves things dramatically, in that the ballot "MARKS" can be both visible and barcoded. There could be random spot checks post-voting. If there was a question (say) a party/group could request re-counts using their own scanners, or manually, as long as they want to pay for it. The machines that print the scannable ballot can be trivially 100% isolated. The paper generated should be near 100% legible and scannable. The scan results could trivially be validated by alternate scanning and/or manual counting.
Every voter sould be able to physically look at the printed ballot with their votes on it and verify it before it is taken and scanned. If something was out of whack the printed names could be counted by hand as a check. As a matter of course there should be a "hand count" limit unless some sort of anomoly can be proven for a given set of ballots by a particular machine. If no resaonable descrepancy can be shown machine counts stand.
Current party systems should keep most fraud at bey. ie, I take my counting machine to precinct X eyeball count N ballots, feed them into my machine, verify, Feed the stack, Verify precinct result.
Again, you can always have fraud, someone could be tossing out paper ballots they don't like, etc. Every scanned ballot should get serialized on scan, and again you have a total count validation and cross check point. You have to make it as difficult as possible to cheat.