• Re: Wonderful Windows Zaps Banks/Transport/Media after "Update" Yesterd

    From yeti@21:1/5 to 26yh.0713@e6t5y.net on Fri Jul 19 16:45:34 2024
    XPost: talk.politics.misc, alt.security

    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    Wouldn't that be similarly vulnerable?

    IMO "MSLinux" everywhere would have the same problem.

    I think redundancy, diversity and reducing complexity is the right
    answer.

    --
    I do not bite, I just want to play.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Anna@21:1/5 to All on Fri Jul 19 11:09:15 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 10:47 AM, 26yh.0712 wrote:
    https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors

    Global computer outage linked to security firm CrowdStrike
    grounds flights, hits banks, media

    . . .

      Ah ... wunnerful Winders  :-)

      It should be banned as a socioeconomic WMD ...

      This was supposed to be an "update" from a
      FRIENDLY entity. What about all the UN-friendly
      actors in the world these days ?


    Yeah I know several people who were told to just not come into work this morning. Can't imagine the chaos an actual happening would bring.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John McCue@21:1/5 to 26yh.0713@e6t5y.net on Fri Jul 19 16:24:57 2024
    XPost: talk.politics.misc, alt.security

    In comp.os.linux.misc 26yh.0712 <26yh.0713@e6t5y.net> wrote:
    https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors

    Global computer outage linked to security firm CrowdStrike
    grounds flights, hits banks, media
    <snip>

    You heard it here first :)

    I guess here in the US, there will be Congressional
    Inquiries into this and how to stop it from happening
    again.

    For people not in the US, "Congressional Inquiries"
    in most cases is a fund raiser, or as non-US people
    refer to them "Bribe Requests" :(

    Nothing ever comes from these Inquiries.

    --
    csh(1) - "An elegant shell, for a more... civilized age."
    - Paraphrasing Star Wars

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to yeti on Fri Jul 19 12:27:21 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 12:03 PM, yeti wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    Wouldn't that be similarly vulnerable?

    IMO "MSLinux" everywhere would have the same problem.

    I think redundancy, diversity and reducing complexity is the right
    answer.


    But it's an answer apparently very difficult
    to arrive at. Corps/managers don't WANT to
    pay for "diversity" or "redundancy" and,
    as with almost any kind of system "complexity"
    (and thus 'opacity') always increases.

    Big-Money Biz should stick to some kind of Unix
    or Linux (pref WITHOUT systemd). Winders looks
    pretty and seems friendly - but then so does
    a tiger until ......

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to 26yh.0713@e6t5y.net on Fri Jul 19 23:18:00 2024
    XPost: talk.politics.misc, alt.security

    On 2024-07-19, 26yh.0712 <26yh.0713@e6t5y.net> wrote:

    On 7/19/24 12:03 PM, yeti wrote:

    I think redundancy, diversity and reducing complexity is the right
    answer.

    But it's an answer apparently very difficult
    to arrive at. Corps/managers don't WANT to
    pay for "diversity" or "redundancy" and,
    as with almost any kind of system "complexity"
    (and thus 'opacity') always increases.

    This is often by design. Complexity is a weapon -
    it ties your victims - and competitors - in knots,
    and makes it easy to hide all sorts of nasty stuff.
    This has been known by politicians and bureaucrats
    for centuries.

    Big-Money Biz should stick to some kind of Unix
    or Linux (pref WITHOUT systemd). Winders looks
    pretty and seems friendly - but then so does
    a tiger until ......

    Hmmm, reminds me of the ending of the movie "Don't Look Up"...

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to yeti on Sat Jul 20 00:56:56 2024
    XPost: talk.politics.misc, alt.security

    On Fri, 19 Jul 2024 16:45:34 +0042, yeti wrote:

    Imagine systemd swallowing package management, doing automagic security updates and such a "MSLinux" monoculture.

    Wouldn't that be similarly vulnerable?

    Obviously not.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to All on Sat Jul 20 02:12:46 2024
    XPost: talk.politics.misc, alt.security

    On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:

    Linux/Unix is, or can be, "better" ... but even most Linux distros
    now are quite large and complex and way too heavy on GUI bells and
    whistles.

    Old engineering adage: in any system, the complexity arises not so much
    from the number of components, as from the number of potential
    interactions between them.

    This is why Linux is more robust than Windows.

    Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
    a choice Windows gives you.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Charlie Gibbs on Fri Jul 19 21:53:05 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 7:18 PM, Charlie Gibbs wrote:
    On 2024-07-19, 26yh.0712 <26yh.0713@e6t5y.net> wrote:

    On 7/19/24 12:03 PM, yeti wrote:

    I think redundancy, diversity and reducing complexity is the right
    answer.

    But it's an answer apparently very difficult
    to arrive at. Corps/managers don't WANT to
    pay for "diversity" or "redundancy" and,
    as with almost any kind of system "complexity"
    (and thus 'opacity') always increases.

    This is often by design. Complexity is a weapon -
    it ties your victims - and competitors - in knots,
    and makes it easy to hide all sorts of nasty stuff.
    This has been known by politicians and bureaucrats
    for centuries.

    'Complexity' CAN be a sort of weapon ... but in the
    whole computer universe - and I got in pre-PCs -
    we're mostly looking at 'feature creep' ... with
    every developer thinking they're doing good. I've
    writ enough complicated software - and then you
    get back to it and it's "Oh ... wouldn't it be
    great if it could do *this* and *that* and look
    nicer ?". Pretty soon you have spaghetti code even
    you yourself can't follow nor find all the possible
    flaws within.

    Winders is a good example. It is said that the last
    old guy who could hold the whole system in his head,
    anticipate actions/reactions, retired right after
    Win2K. Since then ......

    Linux/Unix is, or can be, "better" ... but even
    most Linux distros now are quite large and complex
    and way too heavy on GUI bells and whistles. Now
    idiots have messed up even Debian, probably hired
    some rejects from Canonical, much more complication
    and absolutely pointless deviations from the old
    norms. We need a genuine FORK, built starting from
    maybe BullsEye, maybe even Buster, but now there
    are just SO many distros .........

    Big-Money Biz should stick to some kind of Unix
    or Linux (pref WITHOUT systemd). Winders looks
    pretty and seems friendly - but then so does
    a tiger until ......

    Hmmm, reminds me of the ending of the movie "Don't Look Up"...

    NOT sure I've ever seen that one ....

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to John McCue on Fri Jul 19 23:04:17 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 12:24 PM, John McCue wrote:
    In comp.os.linux.misc 26yh.0712 <26yh.0713@e6t5y.net> wrote:
    https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors

    Global computer outage linked to security firm CrowdStrike
    grounds flights, hits banks, media
    <snip>

    You heard it here first :)

    I guess here in the US, there will be Congressional
    Inquiries into this and how to stop it from happening
    again.

    Oh yea ... "Congressional inquiries" always fix stuff ! :-)

    For people not in the US, "Congressional Inquiries"
    in most cases is a fund raiser, or as non-US people
    refer to them "Bribe Requests" :(

    Nothing ever comes from these Inquiries.

    CrowdStrike and some others will now be obligated
    to increase their "donations" to the Pols.

    Bill Gates learned early on to keep his pols WELL
    greased.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Anna on Fri Jul 19 23:00:44 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 12:09 PM, Anna wrote:
    On 7/19/24 10:47 AM, 26yh.0712 wrote:
    https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors


    Global computer outage linked to security firm CrowdStrike
    grounds flights, hits banks, media

    . . .

       Ah ... wunnerful Winders  :-)

       It should be banned as a socioeconomic WMD ...

       This was supposed to be an "update" from a
       FRIENDLY entity. What about all the UN-friendly
       actors in the world these days ?


    Yeah I know several people who were told to just not come into work this morning. Can't imagine the chaos an actual happening would bring.

    Hell, Homeland actually woke-up Biden at 4am to
    inform him that a global cyber-attack might be
    underway .......

    Not sure Joe understands "cyber-attack" very well,
    but it WAS their duty to inform him :-)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Lawrence D'Oliveiro on Fri Jul 19 22:57:49 2024
    XPost: talk.politics.misc, alt.security

    On 7/19/24 10:12 PM, Lawrence D'Oliveiro wrote:
    On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:

    Linux/Unix is, or can be, "better" ... but even most Linux distros
    now are quite large and complex and way too heavy on GUI bells and
    whistles.

    Old engineering adage: in any system, the complexity arises not so much
    from the number of components, as from the number of potential
    interactions between them.

    Quite correct - and everything in Winders these days
    is tied to pretty much everything else. No WAY to
    pin down all the possible interactions.

    This is why Linux is more robust than Windows.

    For NOW ... but Linux does seem to be drifting in
    the Winders direction and for many of the same
    reasons. Seems like every little install or update
    the list of dependencies, and dependencies of the
    dependencies and so forth, gets longer and longer.

    I can no longer trace a fault or weirdness through
    all that mess.

    I've been using Manjaro on a couple of boxes of
    late since I went off Deb. Try to install or
    update most ANYTHING and it totally re-loads
    about 1.5gb worth of system. That's their
    sledgehammer "fix" for the dependencies issue ...

    Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
    a choice Windows gives you.

    Well ... there IS a 'terminal', of sorts :-)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to All on Sat Jul 20 04:30:29 2024
    XPost: talk.politics.misc, alt.security

    On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:

    'Complexity' CAN be a sort of weapon ... but in the
    whole computer universe - and I got in pre-PCs - we're mostly looking
    at 'feature creep' ... with every developer thinking they're doing
    good. I've writ enough complicated software - and then you get back
    to it and it's "Oh ... wouldn't it be great if it could do *this* and
    *that* and look nicer ?". Pretty soon you have spaghetti code even
    you yourself can't follow nor find all the possible flaws within.

    Feature creep cna happen up front. We've has a couple of programmers that
    wrote very flexible, complicated code to cover every future possibility
    they could think of. 20 years later the future stuff never happened and
    you're left with a maintenance nightmare.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to All on Sat Jul 20 04:35:29 2024
    XPost: talk.politics.misc, alt.security

    On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:

    I've been using Manjaro on a couple of boxes of late since I went off
    Deb. Try to install or update most ANYTHING and it totally re-loads
    about 1.5gb worth of system. That's their sledgehammer "fix" for the
    dependencies issue ...


    I knew what I was getting into but today's upgrades want to upgrade 246 packages and replace the kernel for a little under 1 GB of downloads. It's
    the KDE spin so a lot of it seems to be getting plasma, Qt, and kwhatever
    to play nice. Almost every day is a new batch of upgrades.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to All on Sat Jul 20 04:53:40 2024
    XPost: talk.politics.misc, alt.security

    On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:

    On 7/19/24 10:12 PM, Lawrence D'Oliveiro wrote:

    This is why Linux is more robust than Windows.

    For NOW ... but Linux does seem to be drifting in the Winders
    direction ...

    No, it’s not.

    I've been using Manjaro on a couple of boxes of late since I went off
    Deb. Try to install or update most ANYTHING and it totally re-loads
    about 1.5gb worth of system. That's their sledgehammer "fix" for the dependencies issue ...

    That’s just one distro.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to rbowman on Sat Jul 20 02:00:19 2024
    XPost: talk.politics.misc, alt.security

    On 7/20/24 12:35 AM, rbowman wrote:
    On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:

    I've been using Manjaro on a couple of boxes of late since I went off
    Deb. Try to install or update most ANYTHING and it totally re-loads
    about 1.5gb worth of system. That's their sledgehammer "fix" for the
    dependencies issue ...


    I knew what I was getting into but today's upgrades want to upgrade 246 packages and replace the kernel for a little under 1 GB of downloads. It's the KDE spin so a lot of it seems to be getting plasma, Qt, and kwhatever
    to play nice. Almost every day is a new batch of upgrades.


    Hell, I used the XFCE spin ... a lot smaller ... but STILL !

    As I've said before - SOMETHING needs to be done about
    the Dependencies Issue in Linux. Every lib needs to be
    guarenteed to be 100% backwards compatible over LONG
    time spans - and apps need to be happy with ANY libs of
    the right names ... screw version/sub/sub-sub numbers ...
    that still contain the code/function-names they need. It'd
    require a slightly different style of programming and
    packaging info.

    Without that, I don't see how Linux can go much
    further forward. Compared to a decade ago it's
    a MESS - and there's nothing new on the horizon
    that might replace it. Do we, the world, WANT
    to be stuck with naught but M$ and the wormy
    apple ??? If so, the cyber-villains have
    already won and we'll be back to exchanging
    pigs for chickens again.

    As for Biz ... I'd still say to go with some kind
    of Unix at this time. Some of the apps might have
    that 80s terminal/curses look but they'd be SOLID.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to All on Sat Jul 20 06:21:23 2024
    XPost: talk.politics.misc, alt.security

    On Sat, 20 Jul 2024 02:00:19 -0400, 26yh.0712 wrote:

    As I've said before - SOMETHING needs to be done about the
    Dependencies Issue in Linux.

    Create a new, smaller distro! That contains only the functionality you
    care about!

    The code doesn’t write itself, you know.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to rbowman on Sat Jul 20 08:39:39 2024
    XPost: talk.politics.misc, alt.security

    On 20/07/2024 05:30, rbowman wrote:
    On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:

    'Complexity' CAN be a sort of weapon ... but in the
    whole computer universe - and I got in pre-PCs - we're mostly looking
    at 'feature creep' ... with every developer thinking they're doing
    good. I've writ enough complicated software - and then you get back
    to it and it's "Oh ... wouldn't it be great if it could do *this* and
    *that* and look nicer ?". Pretty soon you have spaghetti code even
    you yourself can't follow nor find all the possible flaws within.

    Feature creep cna happen up front. We've has a couple of programmers that wrote very flexible, complicated code to cover every future possibility
    they could think of. 20 years later the future stuff never happened and you're left with a maintenance nightmare.

    I remember US robotics sold future proof modems that could be upgraded.
    No one ever did.

    They threw them and bought the newer modems instead

    --
    "When one man dies it's a tragedy. When thousands die it's statistics."

    Josef Stalin

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Lawrence D'Oliveiro on Sat Jul 20 11:08:50 2024
    (Newsgroups limited to comp.os.linux.misc. talk.politics.misc, really!?)

    On 2024-07-20, Lawrence D'Oliveiro wrote:

    On Fri, 19 Jul 2024 16:45:34 +0042, yeti wrote:

    Imagine systemd swallowing package management, doing automagic security
    updates and such a "MSLinux" monoculture.

    Wouldn't that be similarly vulnerable?

    Obviously not.

    As far as both are Turing-complete, there's probably not much difference
    in capabilities for this discussion. Windows does not hold a monopoly in
    the capability to run code with errors.

    (In fact, given that Broadcom has their own wireless linux drivers,
    possibly with the same quality level as their firmware...)

    I'd say what happened here was probably a bad decision or mistake in how
    data gets processed in a driver. Linux and FLOSS in general would be
    similarly vulnerable if some mechanism like that is in use. A
    significant difference would be that (at least with the source
    available) one could try to see what code is running in the driver and
    spot coding issues that could lead to this sort of situation.

    But immediately ruling out this scenario for Linux systems sounds quite unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    --
    Nuno Silva
    (Who might like to point out Broadcom's WLAN quality way too often)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harold Stevens@21:1/5 to All on Sat Jul 20 08:04:30 2024
    In Message-ID: <-7CcndX6lpSstAb7nZ2dnZfqnPudnZ2d@earthlink.com> 26yh.0712:

    [Snip...]

    Bill Gates learned early on to keep his pols WELL greased.

    Quoting ProPublica:

    A full, public accounting of what happened in the Solar Winds case would
    have been devastating to Microsoft. ProPublica recently revealed that
    Microsoft had long known about — but refused to address — a flaw used
    in the hack. The tech company’s failure to act reflected a corporate
    culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.

    Please excuse any snits slrn had about this reference URL:

    https://www.propublica.org/article/cyber-safety-board-never-investigated- solarwinds-breach-microsoft

    --
    Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS *
    Pardon any bogus email addresses (wookie) in place for spambots.
    Really, it's (wyrd) at att, dotted with net. * DO NOT SPAM IT. *
    I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harold Stevens@21:1/5 to All on Sat Jul 20 07:52:55 2024
    In <lg0t4gFpjftU4@mid.individual.net> rbowman:

    [Snip...]

    today's upgrades want to upgrade 246 packages and replace the
    kernel for a little under 1 GB of downloads. It's the KDE spin
    so a lot of it seems to be getting plasma, Qt, and kwhatever
    to play nice. Almost every day is a new batch of upgrades.

    I used to love KDE, starting (I think) with very old SUSE.

    I reluctantly dropped KDE and Gnome for similar reasons noted.

    I dropped Ubuntu for Debian over their 5-system (or WTF) limits
    (etc) on non-commercial free support, a year or so ago.

    Now, it's Debian and Xfce/Openbox everywhere, for my part.

    BTW: I tolerate systemd only because Torvalds seems to, too.

    Clearly, I'm a Greybeard from Sun SPARCstation and Dilbert days
    and creeping Macroslop-like featurism in coding and support bug
    the living hell outta me.

    --
    Dropped Ubuntu for Debian over their 5-system (or WTF) limit on
    Pardon any bogus email addresses (wookie) in place for spambots.
    Really, it's (wyrd) at att, dotted with net. * DO NOT SPAM IT. *
    I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John McCue@21:1/5 to yeti on Sat Jul 20 13:49:41 2024
    XPost: talk.politics.misc, alt.security

    followups trimmed to comp.os.linux.misc

    In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    I can see this happening, I think they just swallowed sudo.

    Wouldn't that be similarly vulnerable?

    Maybe, any complex solution is open to vulnerabilities. I
    think (hope) these changes would be tested better than
    crowdstrike was. But as things get more complex, the harder
    to test :(

    I still think these changes Red Hat is pushing is their way
    to make things easier for admins, but to me, eventually you
    end up with a Windows clone. Now I wonder if they will "AI"
    systemd, I think it is possible since IBM seems to be
    getting into AI.

    IMO "MSLinux" everywhere would have the same problem.

    I think redundancy, diversity and reducing complexity is the right
    answer.

    --
    csh(1) - "An elegant shell, for a more... civilized age."
    - Paraphrasing Star Wars

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burns@21:1/5 to The Natural Philosopher on Sat Jul 20 17:25:01 2024
    XPost: talk.politics.misc, alt.security

    The Natural Philosopher wrote:

    I remember US robotics sold future proof modems that could be upgraded.

    Only the "Courier" model had DSP upgrades, other models like "Sportster"
    only had firmware upgrades.

    No one ever did.

    When I bought mine, Demon supported 14.4kbps, that modem was upgraded
    all the way to 56kbps.

    They threw them and bought the newer modems instead

    Still have a couple here.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burns@21:1/5 to Lawrence D'Oliveiro on Sat Jul 20 17:18:11 2024
    XPost: talk.politics.misc, alt.security

    Lawrence D'Oliveiro wrote:

    Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
    a choice Windows gives you.

    Oh? Windows Server Core.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to 26yh.0713@e6t5y.net on Sat Jul 20 17:43:28 2024
    XPost: talk.politics.misc, alt.security

    On 2024-07-20, 26yh.0712 <26yh.0713@e6t5y.net> wrote:

    Do we, the world, WANT
    to be stuck with naught but M$ and the wormy
    apple ???

    "Ooooh, shiny!"

    (In other words, for suitable values of "the world",
    the answer is a resounding yes.)

    If so, the cyber-villains have
    already won and we'll be back to exchanging
    pigs for chickens again.

    I'll raise you two hens and a rooster.

    As for Biz ... I'd still say to go with some kind
    of Unix at this time. Some of the apps might have
    that 80s terminal/curses look but they'd be SOLID.

    I still see curses-style screens in some commercial
    venues. They're not only solid but lightning-fast.
    But all they give you is what you need, so I don't
    see them getting far in the mass market...

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping Mad@21:1/5 to Nuno Silva on Sat Jul 20 14:21:03 2024
    On 7/20/24 6:08 AM, Nuno Silva wrote:
    As far as both are Turing-complete, there's probably not much difference
    in capabilities for this discussion. Windows does not hold a monopoly in
    the capability to run code with errors.

    (In fact, given that Broadcom has their own wireless linux drivers,
    possibly with the same quality level as their firmware...)


    For thirty years people have been saying stupid and meaningless stuff
    like this. It is garbage.

    The Windows situation... OBVIOUSLY... would never happen in a Linux
    evironment although systemd makes a huge step forward to make it possible.

    It has nothing to do with turing machines and advanced theoretical calculations. It has to do with the more secure Unix level design for
    Linux based systems and the way decisions are made in Linux development
    and how updates are run and generated.

    Does this make Linux perfect.. No. But it gives it a shot. MS makes
    insecure decisions from the ground up for business decisions. We have
    spent a lift time watch MS systems doing things they just should be able
    to do making them rich targets for visues big and small, and malware...
    things like runnng fucking email as an executable binary and autoruning
    DVD software etc etc. I can't even begin to discuss what it does to the browser.


    So please... put your bullshit away.

    THis was inevitable and it is inevitable to happen again.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David W. Hodgins@21:1/5 to Nuno Silva on Sat Jul 20 16:05:05 2024
    On Sat, 20 Jul 2024 06:08:50 -0400, Nuno Silva <nunojsilva@invalid.invalid> wrote:
    <snip>
    But immediately ruling out this scenario for Linux systems sounds quite unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    The failure was caused by one company that provides security software that
    runs with the windows equivalent of root privileges, that failed to properly test an update.

    Pushing an update for privileged software to tens of thousands of systems
    all at once is never a good idea. It should have been done in stages starting with a small number of systems, with verification that it was working properly at each stage of the roll out.

    The are very few cases where an update can not be done in stages, and in those cases the testing in a simulated environment must be extra careful.

    In this case it came back to destroy the reputation of the security software provider. A company that is supposed to be security oriented should is expected to do better. I'll be surprised if the lawsuits from this don't put them into bankruptcy.

    The os doesn't matter. Anyone can make a mistake. It's the lack of testing and the bad deployment strategy combined with the large number of mission critical systems that were impacted that made the problem more severe.

    Microsoft is also at fault for allowing updates to be pushed to their cloud customer's systems without staged roll out and testing. That's why the update was able to impact so many systems, with so many of them being mission critical.
    Many companies migrated to using cloud systems specifically to avoid situations like this.

    From what little has been disclosed, my guess is that the problem was a false positive in malware detection, likely from what was thought to be a minor signature update. While stuff like that happens easily, it should be expected to possibly happen. Proper testing and update roll out procedures would have mitigated the damage instead of causing the impact it did cause.

    This will remind everyone that no update is minor when the systems being updated
    are mission critical, and to always stage roll outs when a large number of systems are impacted.

    Regards, Dave Hodgins

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Charlie Gibbs on Sat Jul 20 19:05:16 2024
    XPost: talk.politics.misc, alt.security

    On 7/20/24 1:43 PM, Charlie Gibbs wrote:
    On 2024-07-20, 26yh.0712 <26yh.0713@e6t5y.net> wrote:

    Do we, the world, WANT
    to be stuck with naught but M$ and the wormy
    apple ???

    "Ooooh, shiny!"

    I do get that reference :-)

    (In other words, for suitable values of "the world",
    the answer is a resounding yes.)

    I have less care for MOST of the world in this
    respect ... if they want "shiny", well, fine -
    but they can't bitch when it all goes to hell.

    But for Big Biz, banks, hospitals, industry, NONE
    should be using M$.

    Not 100% sure about Mac ... it's a Unix under the
    hood, but they've added SO much to it ... is it
    really any more secure/stable than M$ anymore ?

    If so, the cyber-villains have
    already won and we'll be back to exchanging
    pigs for chickens again.

    I'll raise you two hens and a rooster.

    I'll see that with a basket of turnips.

    As for Biz ... I'd still say to go with some kind
    of Unix at this time. Some of the apps might have
    that 80s terminal/curses look but they'd be SOLID.

    I still see curses-style screens in some commercial
    venues. They're not only solid but lightning-fast.
    But all they give you is what you need, so I don't
    see them getting far in the mass market...

    I never curse curses screens. It is possible to make
    them very nice and STILL use like one percent the
    processor/code of a GUI equiv. Even GWBASIC that
    came with the old IBM-PCs had x-y cursor placement
    and text color (you could do the same with the BIOS
    routines). That made it possible to create nice
    displays.

    Didja notice how much of a pain it is these days to get
    at those line/corner/bracket/etc ASCII chars these days -
    UNICODE !

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Andy Burns on Sat Jul 20 19:10:14 2024
    XPost: talk.politics.misc, alt.security

    On 7/20/24 12:25 PM, Andy Burns wrote:
    The Natural Philosopher wrote:

    I remember US robotics sold future proof modems that could be upgraded.

    Only the "Courier" model had DSP upgrades, other models like "Sportster"
    only had firmware upgrades.

    No one ever did.

    When I bought mine, Demon supported 14.4kbps, that modem was upgraded
    all the way to 56kbps.

    They threw them and bought the newer modems instead

    Still have a couple here.

    I remember doing Compuserve Forums with a USR plugged
    into a dumb terminal - 9600 baud - and the BBS's even
    earlier - 300 baud. At 300 you can read the text real
    time as it comes in :-)

    ATTD ...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to David W. Hodgins on Sat Jul 20 23:23:08 2024
    On Sat, 20 Jul 2024 16:05:05 -0400, David W. Hodgins wrote:

    Pushing an update for privileged software to tens of thousands of
    systems all at once is never a good idea. It should have been done in
    stages starting with a small number of systems, with verification that
    it was working properly at each stage of the roll out.

    Canary testing is definitely beneficial. Even worse, our support people
    are indoctrinated from Day One that unless the system is completely broken
    and can't get any worse never push out updates on Friday when everyone is headed to the beach.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 26yh.0712@21:1/5 to Andy Burns on Sat Jul 20 19:16:01 2024
    XPost: talk.politics.misc, alt.security

    On 7/20/24 12:18 PM, Andy Burns wrote:
    Lawrence D'Oliveiro wrote:

    Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
    a choice Windows gives you.

    Oh?  Windows Server Core.

    True.

    But it's still full of M$ code.

    I note that even today's news is still dwelling
    on the CrowdStrike debacle and beyond. This hit
    SUCH a broad range and volume of vital biz interests
    that nobody's been able to sweep it under the rug.

    An actual Russian/Chinese cyber-hit would be likely
    ten times as bad - and hit industrial/utility systems
    as well. Hard to download yer patches when the lights
    are out ....

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Computer Nerd Kev@21:1/5 to Harold Stevens on Sun Jul 21 10:17:55 2024
    Harold Stevens <wookie@aspen.localdomain> wrote:
    In Message-ID: <-7CcndX6lpSstAb7nZ2dnZfqnPudnZ2d@earthlink.com> 26yh.0712:

    [Snip...]

    Bill Gates learned early on to keep his pols WELL greased.

    Quoting ProPublica:

    A full, public accounting of what happened in the Solar Winds case would
    have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about -- but refused to address -- a flaw used
    in the hack. The tech company's failure to act reflected a corporate
    culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.

    Please excuse any snits slrn had about this reference URL:

    https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft

    That was very interesting. Although following the link to the
    article about the whistleblower who quit Microsoft, guess who hired
    them next?

    ""The decisions are not based on what's best for Microsoft's
    customers but on what's best for Microsoft," said Harris, who now
    works for CrowdStrike, a cybersecurity company that competes with
    Microsoft." ...
    https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

    So it indeed seems like you can't really rely on any company in
    this market.

    --
    __ __
    #_ < |\| |< _#

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Andy Burns on Sun Jul 21 00:53:11 2024
    XPost: talk.politics.misc, alt.security

    On Sat, 20 Jul 2024 17:18:11 +0100, Andy Burns wrote:

    Lawrence D'Oliveiro wrote:

    Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
    a choice Windows gives you.

    Oh? Windows Server Core.

    Lots of things don’t work under that. Call it “Windows Server Crippled Core”.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Nuno Silva on Sun Jul 21 00:55:04 2024
    XPost: talk.politics.misc, alt.security

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds quite unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to David W. Hodgins on Sun Jul 21 00:57:09 2024
    On Sat, 20 Jul 2024 16:05:05 -0400, David W. Hodgins wrote:

    Pushing an update for privileged software to tens of thousands of
    systems all at once is never a good idea. It should have been done in
    stages starting with a small number of systems, with verification that
    it was working properly at each stage of the roll out.

    They probably did exactly that. They almost certainly followed exactly the
    same testing and rollout procedure they had followed a hundred or a
    thousand times before. But with Windows, that is no longer a guarantee of success.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to rbowman on Sun Jul 21 00:58:04 2024
    XPost: talk.politics.misc, alt.security

    On 20 Jul 2024 23:23:08 GMT, rbowman wrote:

    Even worse, our support people
    are indoctrinated from Day One that unless the system is completely
    broken and can't get any worse never push out updates on Friday when
    everyone is headed to the beach.

    What happens when the malware folks start releasing their zero-days on a Friday?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Computer Nerd Kev on Sun Jul 21 00:59:26 2024
    On 21 Jul 2024 10:17:55 +1000, Computer Nerd Kev wrote:

    That was very interesting. Although following the link to the article
    about the whistleblower who quit Microsoft, guess who hired them next?

    What is that supposed to be suggesting, exactly? Is it saying something
    about the ethics of the whistleblower, or of the company who hired them?
    If so, what?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Popping Mad on Sun Jul 21 00:55:59 2024
    On Sat, 20 Jul 2024 14:21:03 -0400, Popping Mad wrote:

    The Windows situation... OBVIOUSLY... would never happen in a Linux evironment although systemd makes a huge step forward to make it
    possible.

    systemd myth number 1: “systemd is monolithic”

    <http://0pointer.de/blog/projects/the-biggest-myths.html>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping Mad@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 00:45:31 2024
    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds quite
    unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that includes systemd. That does reduce the chance for trouble quite significantly.


    BTW - you are now in my kill fly, so you can troll the back of the hand
    now...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping Mad@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 00:44:47 2024
    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    and that
    includes systemd.


    Umm no it doesn't And don't cross post you trolling prick.

    Pottering systematricaly folded numerous parts into a single whole. It
    still has parts, but it is still monolithic and designed to be that way.
    It is not designed to be flexible or pluggin friendly, and it is not.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping Mad@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 00:41:53 2024
    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    systemd myth number 1: “systemd is monolithic”

    <http://0pointer.de/blog/projects/the-biggest-myths.html>


    yeah that is bullshit.

    You can **SEE** it is monolithic .... it is not a guess. You are a
    fucking idiot.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Popping Mad on Sun Jul 21 05:47:45 2024
    On Sun, 21 Jul 2024 00:41:53 -0400, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:

    systemd myth number 1: “systemd is monolithic”

    <http://0pointer.de/blog/projects/the-biggest-myths.html>

    You are a fucking idiot.

    systemd-haters are like the anti-fluoridationists of the Open-Source world.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Computer Nerd Kev@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 16:11:19 2024
    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On 21 Jul 2024 10:17:55 +1000, Computer Nerd Kev wrote:
    That was very interesting. Although following the link to the article
    about the whistleblower who quit Microsoft, guess who hired them next?

    What is that supposed to be suggesting, exactly? Is it saying something
    about the ethics of the whistleblower, or of the company who hired them?
    If so, what?

    As is so often the case replying to you, I meant what I said in the
    bit of my text that you snipped. The fact the whistleblower took up
    a job at CrowdStrike after quitting M$ due to their management
    culture suggested that CrowdStrike would be more responsible. But
    the way this bug slipped out on such a wide scale contradicts that
    now. I'm meerly commenting that the business of trying to protect
    Windows systems from attack seems to be dodgy wherever you turn.

    --
    __ __
    #_ < |\| |< _#

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Popping Mad on Sun Jul 21 05:46:49 2024
    XPost: talk.politics.misc, alt.security

    On Sun, 21 Jul 2024 00:44:47 -0400, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:

    and that includes systemd.

    Umm no it doesn't

    systemd myth 1: “systemd is monolithic”

    <http://0pointer.de/blog/projects/the-biggest-myths.html>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Popping Mad on Sun Jul 21 09:25:48 2024
    On 2024-07-20, Popping Mad wrote:

    On 7/20/24 6:08 AM, Nuno Silva wrote:
    As far as both are Turing-complete, there's probably not much difference
    in capabilities for this discussion. Windows does not hold a monopoly in
    the capability to run code with errors.

    (In fact, given that Broadcom has their own wireless linux drivers,
    possibly with the same quality level as their firmware...)


    For thirty years people have been saying stupid and meaningless stuff
    like this. It is garbage.

    (Are you dismissing computer science as garbage?)

    The Windows situation... OBVIOUSLY... would never happen in a Linux evironment although systemd makes a huge step forward to make it
    possible.

    Not only it has reportedly happened already *on Linux systems*, it has
    happened also with CrowdStrike, which highlights the obvious: the
    problem isn't necessarily the system, but the bad code and the lack of
    testing:

    https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

    However, it is true that some systems, including Linux, may offer
    something that avoids this risk altogether, see https://nondeterministic.computer/@mjg59/112816011370924959

    But the problem is still CrowdStrike, and they could always have choosen
    to ignore this mechanism and continue with the same approach.

    It has nothing to do with turing machines and advanced theoretical calculations.

    If you choose to ignore computer science, your loss. Turing completeness
    does allow an abstraction here: bad code that runs on one Turing machine
    can run on another Turing machine. It doesn't matter much if it's
    Microsoft or not.

    This is certainly one of the tools in the toolbox computer science
    provides, and might even help avoiding some heated debates of "my
    tool/language is better than yours", which sometimes are much less
    rooted in actual technical differences and more in emotion. (There are differences in features and interfaces that do matter, differences in
    kernel design too, of course, but when it comes to the ability of
    running GIGO code, that tends to be quite omnipresent.)

    It has to do with the more secure Unix level design for
    Linux based systems and the way decisions are made in Linux development
    and how updates are run and generated.

    No, CrowdStrike seems to have intentionally made their own update
    handling system. The fact that many Linux distros have decent package management wouldn't have mattered here.

    Does this make Linux perfect.. No. But it gives it a shot. MS makes insecure decisions from the ground up for business decisions. We have
    spent a lift time watch MS systems doing things they just should be able
    to do making them rich targets for visues big and small, and malware... things like runnng fucking email as an executable binary and autoruning
    DVD software etc etc. I can't even begin to discuss what it does to the browser.


    So please... put your bullshit away.

    THis was inevitable and it is inevitable to happen again.

    Yeah, but the Microsoft you blame has had for some years the ability to
    save restore points and roll back if needed in Windows NT. And, from
    what I've observed, this seems to be invoked with software installation
    and possibly Windows updates too.

    It might be painful to watch a Windows machine spending quite long to
    install an update and then fail and roll back (they *do* need to improve dependency management in this, because quite often they just don't pull
    an update that is a dependency), but, at least as of NT 6.1, it *does*
    do that.

    I might not like Windows nor Microsoft, but... calling reality
    "bullshit"...

    --
    Nuno Silva

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 09:36:06 2024
    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds quite
    unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that includes systemd. That does reduce the chance for trouble quite significantly.

    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    If you write a bad quality module that crashes the kernel, what
    mechanisms are there to recover from that?

    --
    Nuno Silva

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From D@21:1/5 to Popping Mad on Sun Jul 21 11:23:08 2024
    On Sun, 21 Jul 2024, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds quite
    unrealistic to me. (And, from what I've read yesterday, I got the
    impression that there had been a similar incident with Linux systems,
    but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.


    BTW - you are now in my kill fly, so you can troll the back of the hand now...


    Wise choice! I also discovered that Lawrence was just a troll and choose
    the same action. He really has nothing of value to say in my opinion.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harold Stevens@21:1/5 to Computer Nerd Kev on Sun Jul 21 05:46:04 2024
    In <669c53b2@news.ausics.net> Computer Nerd Kev wrote:

    [Snip...]

    That was very interesting. Although following the link to the
    article about the whistleblower who quit Microsoft, guess who
    hired them next?

    ""The decisions are not based on what's best for Microsoft's
    customers but on what's best for Microsoft," said Harris, who now
    works for CrowdStrike, a cybersecurity company that competes with
    Microsoft." ...

    [Snip...]

    So it indeed seems like you can't really rely on any company in
    this market.

    ... and IMO that's why creeping featurism is more than simply an
    inconvenient complication in FOSS.

    It's a slippery slope into a semi-proprietary environment, where
    cutting corners inevitably takes priority over reliability.

    For example Red Hat, getting all pissy with Alma about access to
    source code and libraries:

    Impact of RHEL changes to AlmaLinux
    ...
    Jun 22, 2023
    https://almalinux.org/blog/impact-of-rhel-changes/

    A related example in smart TV reliabilty (note slrn line-wrap):

    Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?
    ...
    January 16, 2024 https://blog.tidelift.com/will-the-new-judicial-ruling-in-the-vizio-lawsuit -strengthen-the-gpl

    --
    Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS *
    Pardon any bogus email addresses (wookie) in place for spambots.
    Really, it's (wyrd) at att, dotted with net. * DO NOT SPAM IT. *
    I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Popping Mad on Sun Jul 21 14:14:07 2024
    Popping Mad <rainbow@colition.gov> wrote:
    The Windows situation... OBVIOUSLY... would never happen in a Linux evironment although systemd makes a huge step forward to make it possible.

    Ah, but, not so "obviously", given that a a few months back,
    CrowdStrike's Linux kernel module caused crashes and non-booting.

    CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

    The above article includes this quote, which just might be on the path
    to the true problem:

    "Crowdstrike's model seems to be 'we push software to your machines
    any time we want, whether or not it's urgent, without testing it',"
    lamented the team member.


    This quote comes after these two bits:

    The update proved incompatible with the latest stable version of
    Debian, despite the specific Linux configuration being supposedly
    supported.

    ...

    It took them weeks to provide a root cause analysis after
    acknowledging the issue a day later. The analysis revealed that the
    Debian Linux configuration was not included in their test matrix.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Nuno Silva on Sun Jul 21 14:20:07 2024
    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    If you write a bad quality module that crashes the kernel, what
    mechanisms are there to recover from that?

    Boot into single user mode (hopefully the module is not autoloaded by
    the kernel itself) and remove/rename the module file.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to rbowman on Sun Jul 21 16:37:13 2024
    On 2024-07-20, rbowman <bowman@montana.com> wrote:

    On Sat, 20 Jul 2024 16:05:05 -0400, David W. Hodgins wrote:

    Pushing an update for privileged software to tens of thousands of
    systems all at once is never a good idea. It should have been done in
    stages starting with a small number of systems, with verification that
    it was working properly at each stage of the roll out.

    Canary testing is definitely beneficial. Even worse, our support people
    are indoctrinated from Day One that unless the system is completely broken and can't get any worse never push out updates on Friday when everyone is headed to the beach.

    What is it you find so bad about not updating on a Friday?

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From vallor@21:1/5 to nospam@example.net on Sun Jul 21 18:01:17 2024
    On Sun, 21 Jul 2024 11:23:08 +0200, D <nospam@example.net> wrote in <09a33276-1f22-a9af-6c0b-990cef30f9ad@example.net>:

    On Sun, 21 Jul 2024, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got
    the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.


    BTW - you are now in my kill fly, so you can troll the back of the hand
    now...


    Wise choice! I also discovered that Lawrence was just a troll and choose
    the same action. He really has nothing of value to say in my opinion.

    There's a far cry from "I disagree" to "nothing of value".

    I don't agree with everything Lawrence posts, and I've called
    him out on his "snip and snark" style, but not everything he
    posts is without merit.

    Regarding the crowdstrike matter: It seems that Linux
    systems would be much less vulnerable to such SNAFUs -- and
    there are Linux distributions that don't use systemd, if
    that is a concern.

    --
    -v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
    OS: Linux 6.9.10 Release: Mint 21.3 Mem: 258G
    "He's dead Jim. Grab his tricorder. I'll get his wallet."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to Charlie Gibbs on Sun Jul 21 18:36:57 2024
    On Sun, 21 Jul 2024 16:37:13 GMT, Charlie Gibbs wrote:

    On 2024-07-20, rbowman <bowman@montana.com> wrote:

    On Sat, 20 Jul 2024 16:05:05 -0400, David W. Hodgins wrote:

    Pushing an update for privileged software to tens of thousands of
    systems all at once is never a good idea. It should have been done in
    stages starting with a small number of systems, with verification that
    it was working properly at each stage of the roll out.

    Canary testing is definitely beneficial. Even worse, our support people
    are indoctrinated from Day One that unless the system is completely
    broken and can't get any worse never push out updates on Friday when
    everyone is headed to the beach.

    What is it you find so bad about not updating on a Friday?

    I don't think you what you wrote is what you intended. Anyway for most organizations Friday is the end of the week and people are more focused on planning their weekend. If there is IT support on the weekend it is an
    oncall situation and they are not actually at their desks. In the
    CrowdStrike scenario that really hurts since a remote reboot doesn't work.

    Too put it colloquially, people really don't want to deal with shit on
    Friday and that goes for more than software updates. Sure, in this case
    where the system is completely FUBAR they have to but the response time is slower.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bobbie Sellers@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 13:58:59 2024
    On 7/20/24 22:47, Lawrence D'Oliveiro wrote:
    On Sun, 21 Jul 2024 00:41:53 -0400, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:

    systemd myth number 1: “systemd is monolithic”

    <http://0pointer.de/blog/projects/the-biggest-myths.html>

    You are a fucking idiot.

    systemd-haters are like the anti-fluoridationists of the Open-Source world.

    in your opinion but unlike floridation systemd has a large attack surface. That makes it more like the MS program launcher.and
    promotes disruption of services.

    --
    b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From D@21:1/5 to vallor on Sun Jul 21 23:39:45 2024
    On Sun, 21 Jul 2024, vallor wrote:

    On Sun, 21 Jul 2024 11:23:08 +0200, D <nospam@example.net> wrote in <09a33276-1f22-a9af-6c0b-990cef30f9ad@example.net>:

    On Sun, 21 Jul 2024, Popping Mad wrote:

    On 7/20/24 8:55 PM, Lawrence D'Oliveiro wrote:
    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got
    the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.


    BTW - you are now in my kill fly, so you can troll the back of the hand
    now...


    Wise choice! I also discovered that Lawrence was just a troll and choose
    the same action. He really has nothing of value to say in my opinion.

    There's a far cry from "I disagree" to "nothing of value".

    I don't agree with everything Lawrence posts, and I've called
    him out on his "snip and snark" style, but not everything he
    posts is without merit.

    Regarding the crowdstrike matter: It seems that Linux
    systems would be much less vulnerable to such SNAFUs -- and
    there are Linux distributions that don't use systemd, if
    that is a concern.


    I agree completely with you linux point of view. It has benefitted me
    greatly in the past. In the distant past I think I even ran a web server
    on OpenBSD and had the pleasure of tail -f:inf the web server logs
    watching some windows worm trying again and again without anything
    happening.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to rbowman on Sun Jul 21 22:04:11 2024
    On 2024-07-21, rbowman <bowman@montana.com> wrote:

    On Sun, 21 Jul 2024 16:37:13 GMT, Charlie Gibbs wrote:

    What is it you find so bad about not updating on a Friday?

    I don't think you what you wrote is what you intended.

    I suspected that there was possibly some terminological confusion.

    Anyway for most organizations Friday is the end of the week and people are more focused
    on planning their weekend. If there is IT support on the weekend it is
    an oncall situation and they are not actually at their desks. In the CrowdStrike scenario that really hurts since a remote reboot doesn't work.

    Too put it colloquially, people really don't want to deal with shit on
    Friday and that goes for more than software updates. Sure, in this case
    where the system is completely FUBAR they have to but the response time is slower.

    Many of our customers are hotels, for whom the output of our system is
    a revenue stream. We're a small outfit, and can't provide 24/7 support.
    If an update knocks out our data stream on Friday afternoon, there's
    nobody around until Monday to fix things - and many of our hotels'
    peak time is on the weekend. It saves a lot of headaches to refrain
    from Friday updates; if the excrement does hit the rotating ventilation
    device as the result of a bad update, we can get them back up within
    24 hours.

    Note: not all outages are due to software bugs on our part. Configuration changes on the customer site can kill things just as effectively, and in
    fact are the more likely cause of a failure. Or maybe someone unplugged something they shouldn't. But if data stops flowing, the finger is
    pointed at us first, rightly or wrongly. So not only do we not do
    updates on Friday, we recommend the philosophy on genreral principles.

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Bobbie Sellers on Sun Jul 21 23:14:10 2024
    On Sun, 21 Jul 2024 13:58:59 -0700, Bobbie Sellers wrote:

    systemd has a large attack surface.

    Mmm ... myth 11, “systemd is complex”, and/or myth 12, “systemd is bloated”, maybe even myth 18, “systemd is a feature creep”? And of course myth 24, “systemd is unstable and buggy”, plus myth 25, “systemd is not debuggable”?

    <http://0pointer.de/blog/projects/the-biggest-myths.html>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Nuno Silva on Sun Jul 21 23:12:01 2024
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got
    the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    ldo@theon:~> find /lib/modules/$(uname -r) -name \*.ko\* | wc -l
    4142

    See that number? That’s how many loadable modules I have on my system--and that’s just for the currently-running kernel.

    If you write a bad quality module that crashes the kernel, what
    mechanisms are there to recover from that?

    First you said it was “monolithic”, now you realize that “modules” are involved.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Lawrence D'Oliveiro on Sun Jul 21 23:27:36 2024
    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got
    the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to rbowman on Mon Jul 22 06:05:03 2024
    On 22 Jul 2024 05:31:36 GMT, rbowman wrote:

    Paging suddenly stopped working and it took
    a while to figure out a dispatcher got sick of listening to the modem
    and turned it off.

    “ATM0”, I believe is the command.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to Charlie Gibbs on Mon Jul 22 05:31:36 2024
    On Sun, 21 Jul 2024 22:04:11 GMT, Charlie Gibbs wrote:

    Note: not all outages are due to software bugs on our part.
    Configuration changes on the customer site can kill things just as effectively, and in fact are the more likely cause of a failure. Or
    maybe someone unplugged something they shouldn't. But if data stops
    flowing, the finger is pointed at us first, rightly or wrongly. So not
    only do we not do updates on Friday, we recommend the philosophy on
    genreral principles.

    Yup. Our clients are PSAPs (dispatch software in 911 call centers). They
    get really unhappy when the software goes down during a mass casualty
    incident.

    The typical procedure is to deploy software to a backup/training server
    and test it using the site's configuration files before pushing it to the
    main servers and workstations.

    We're definitely #1 on the 'who do you call?' list. My favorite goes back
    to the days of modems. Paging suddenly stopped working and it took a while
    to figure out a dispatcher got sick of listening to the modem and turned
    it off.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Rich on Mon Jul 22 08:40:03 2024
    On 2024-07-21, Rich wrote:

    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    If you write a bad quality module that crashes the kernel, what
    mechanisms are there to recover from that?

    Boot into single user mode (hopefully the module is not autoloaded by
    the kernel itself) and remove/rename the module file.

    I was thinking more along the lines of recovering without a reboot.

    But for what you say, it's indeed an approach (unless there is something
    in place that prevents such access to remove the file - which, I think,
    has been happening with some Windows machines with CrowdStrike, and
    could always be implemented on Linux systems too).

    --
    Nuno Silva

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Rich on Mon Jul 22 08:36:12 2024
    On 2024-07-22, Rich wrote:

    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got
    the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that
    includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    The modular part, AFAIK, only applies to having the separate files and
    loading and unloading. Isn't it still a monolithic process in-memory?

    Or, for what matters for the topic of this thread: if code in a module
    crashes, how can the rest of the kernel continue running?

    --
    Nuno Silva

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Nuno Silva on Mon Jul 22 16:49:59 2024
    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-22, Rich wrote:

    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds
    quite unrealistic to me. (And, from what I've read yesterday, I got >>>>>> the impression that there had been a similar incident with Linux
    systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that >>>>> includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    The modular part, AFAIK, only applies to having the separate files and loading and unloading. Isn't it still a monolithic process in-memory?

    For that, one starts delving into semantics, which I'm trying to avoid.
    For those "literal thinking art students" like Lawrence, the mere fact
    that the word "module" is used to name the loadable code files means
    the kernel must be "not-monolithic".

    Or, for what matters for the topic of this thread: if code in a module crashes, how can the rest of the kernel continue running?

    It can't, just about any (unexpected) CPU protection fault while
    running ring 0 (kernel) mode code (whether in the main kernel or code
    from a loaded module) results in a kernel panic and halt of the system.
    But that fact does not lend any evidence for, or against, whether the
    kernel itself is "modular".

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Nuno Silva on Mon Jul 22 16:44:29 2024
    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-21, Rich wrote:

    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    Well, there is one notable piece of software in Linux systems that's
    quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    If you write a bad quality module that crashes the kernel, what
    mechanisms are there to recover from that?

    Boot into single user mode (hopefully the module is not autoloaded by
    the kernel itself) and remove/rename the module file.

    I was thinking more along the lines of recovering without a reboot.

    A kernel panic is not recoverable without a reboot -- that is the whole point. Something went wrong that the code can't recover from, so the system
    stops. And most processor detected faults, when they happen in kernel
    code, trigger a kernel panic (to prevent one fault from compounding
    into more, and creating more damage in the process).

    But for what you say, it's indeed an approach (unless there is
    something in place that prevents such access to remove the file -
    which, I think, has been happening with some Windows machines with CrowdStrike, and could always be implemented on Linux systems too).

    If one had their root partition encrypted, and did not have a source,
    other than the non-booting computer, for the encryption key, then a
    Linux system owner could be in the same boat as many Window's users
    find themselves. Without the encryption key to access the disk, they
    can't "get in" to delete the file (and for 'corporate/govt' windows
    machines, most all end users do not have the encryption key if the
    filesystem is encrypted by MS Bitlocker).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nuno Silva@21:1/5 to Rich on Mon Jul 22 18:19:31 2024
    On 2024-07-22, Rich wrote:

    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-22, Rich wrote:

    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds >>>>>>> quite unrealistic to me. (And, from what I've read yesterday, I got >>>>>>> the impression that there had been a similar incident with Linux >>>>>>> systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that >>>>>> includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's >>>>> quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    The modular part, AFAIK, only applies to having the separate files and
    loading and unloading. Isn't it still a monolithic process in-memory?

    For that, one starts delving into semantics, which I'm trying to avoid.
    For those "literal thinking art students" like Lawrence, the mere fact
    that the word "module" is used to name the loadable code files means
    the kernel must be "not-monolithic".

    (I don't know what to say, the kernel is monolithic, it's a single
    process, and wasn't this also a topic of a discussion between Torvalds
    and Tanenbaum that's part of the USENET lore?)

    Or, for what matters for the topic of this thread: if code in a module
    crashes, how can the rest of the kernel continue running?

    It can't, just about any (unexpected) CPU protection fault while
    running ring 0 (kernel) mode code (whether in the main kernel or code
    from a loaded module) results in a kernel panic and halt of the system.
    But that fact does not lend any evidence for, or against, whether the
    kernel itself is "modular".

    It does provide evidence against the claim that something like the
    CrowdStrike incident would not be likely on Linux: what you describe
    means that, if CrowdStrike were operating with a similar driver on Linux
    as they do on Windows (a comment I linked elsewhere in the thread
    suggests they might (hopefully?) be doing something else now), it'd just
    fail in the same way as it did on Windows: with a hung system that needs
    a reboot/restart/....

    --
    Nuno Silva

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Nuno Silva on Mon Jul 22 18:26:55 2024
    On 22/07/2024 18:19, Nuno Silva wrote:
    if CrowdStrike were operating with a similar driver on Linux
    as they do on Windows (a comment I linked elsewhere in the thread
    suggests they might (hopefully?) be doing something else now), it'd just
    fail in the same way as it did on Windows: with a hung system that needs
    a reboot/restart/....

    I've had linux updates brick my Pi.

    And, back in the day stop wifi working on a laptop.

    The point as issue is not where Linux is immune - clearly it isn't - but
    that crowdstrike appears to have the quality control standards of a
    portaloo, which is why their share price is tanking.

    If your business model is predicated on keeping customers kit running,
    and you crash the fucking lot, you don't deserve to be in business.

    Dont bring carefully crafted bullshit to a reality contest.


    --
    The lifetime of any political organisation is about three years before
    its been subverted by the people it tried to warn you about.

    Anon.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Nuno Silva on Mon Jul 22 17:46:27 2024
    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-22, Rich wrote:

    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-22, Rich wrote:

    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds >>>>>>>> quite unrealistic to me. (And, from what I've read yesterday, I got >>>>>>>> the impression that there had been a similar incident with Linux >>>>>>>> systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just >>>>>>> inherently put together in a more modular, flexible fashion, and that >>>>>>> includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's >>>>>> quite monolithic, unless something has changed and I didn't get the >>>>>> memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    The modular part, AFAIK, only applies to having the separate files and
    loading and unloading. Isn't it still a monolithic process in-memory?

    For that, one starts delving into semantics, which I'm trying to avoid.
    For those "literal thinking art students" like Lawrence, the mere fact
    that the word "module" is used to name the loadable code files means
    the kernel must be "not-monolithic".

    (I don't know what to say, the kernel is monolithic, it's a single
    process,

    Yes, agreed.

    and wasn't this also a topic of a discussion between Torvalds
    and Tanenbaum that's part of the USENET lore?)

    Also why I'm trying to avoid falling down into that pit. We aren't
    likely to add anything that Torvalds and Tanenbaum had not already
    hashed out.

    Or, for what matters for the topic of this thread: if code in a
    module crashes, how can the rest of the kernel continue running?

    It can't, just about any (unexpected) CPU protection fault while
    running ring 0 (kernel) mode code (whether in the main kernel or
    code from a loaded module) results in a kernel panic and halt of the
    system. But that fact does not lend any evidence for, or against,
    whether the kernel itself is "modular".

    It does provide evidence against the claim that something like the CrowdStrike incident would not be likely on Linux: what you describe
    means that, if CrowdStrike were operating with a similar driver on
    Linux as they do on Windows (a comment I linked elsewhere in the
    thread suggests they might (hopefully?) be doing something else now),
    it'd just fail in the same way as it did on Windows: with a hung
    system that needs a reboot/restart/....

    No need for 'providing evidence'. CrowdStrike *did* break Linux a few
    months ago in the same way they just broke Windows just this past
    Friday:

    CrowdStrike broke Debian and Rocky Linux months ago, but no one
    noticed

    https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

    But breaking the few foolish ones who installed CrowdStrike on their
    Linux machines didn't get the same press coverage as halting air
    traffic for much of the world for a day.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to rbowman on Mon Jul 22 18:43:01 2024
    On 2024-07-22, rbowman <bowman@montana.com> wrote:

    On Sun, 21 Jul 2024 22:04:11 GMT, Charlie Gibbs wrote:

    Note: not all outages are due to software bugs on our part.
    Configuration changes on the customer site can kill things just as
    effectively, and in fact are the more likely cause of a failure. Or
    maybe someone unplugged something they shouldn't. But if data stops
    flowing, the finger is pointed at us first, rightly or wrongly. So not
    only do we not do updates on Friday, we recommend the philosophy on
    genreral principles.

    Yup. Our clients are PSAPs (dispatch software in 911 call centers). They
    get really unhappy when the software goes down during a mass casualty incident.

    For sure. We have call tracking software in some 911 call centres;
    it doesn't do the actual dispatching, but records call metadata generated
    by the dispatch software (both for PSAPs and downstream agencies).
    The consequences of our software going down are less severe than the
    dispatch software going down - still, though, the police would get a
    bit miffed if call data was missing when they're trying to get a record
    of all calls related to, say, reports of gunshots in an area.

    The typical procedure is to deploy software to a backup/training server
    and test it using the site's configuration files before pushing it to the main servers and workstations.

    At any given time we have a customer or two with whom we're working
    closely (usually with remote access these days, thank goodness).
    It makes it easy to slip in a new program and watch it for a while.
    Then we try it at a few more friendly sites, and wait until several
    customers are banging away at it without problems before proceeding
    with a general release.

    We're definitely #1 on the 'who do you call?' list. My favorite goes back
    to the days of modems. Paging suddenly stopped working and it took a while
    to figure out a dispatcher got sick of listening to the modem and turned
    it off.

    At our local 911 call centre, we had a test routine built into our code.
    If we received no 911 call data for a certain length of time, we would
    dial out on special numbers that went directly to the various dispatchers.
    So that they'd know it was just a test, upon connection we'd send an ATDT command to the modem, and the dispatcher would hear "Mary had a little
    lamb" in DTMF tones. The dispatching software would generate a record
    for the call, and everybody knew all was well. If we didn't receive
    a call record at this point, we'd trigger an alarm. One night an entire telephone central office went down; the first warning anyone had was when
    our tester alerted the call centre, who called the phone company.

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to Charlie Gibbs on Mon Jul 22 19:49:33 2024
    On Mon, 22 Jul 2024 18:43:01 GMT, Charlie Gibbs wrote:

    For sure. We have call tracking software in some 911 call centres;
    it doesn't do the actual dispatching, but records call metadata
    generated by the dispatch software (both for PSAPs and downstream
    agencies).
    The consequences of our software going down are less severe than the
    dispatch software going down - still, though, the police would get a bit miffed if call data was missing when they're trying to get a record of
    all calls related to, say, reports of gunshots in an area.

    Previous history certainly is important and we search either by location
    or phone number. There is a configurable limit on returns. Mom's Nursing
    Home and Joe's Bucket of Blood tend to generate a lit of previous history. There are also database searches for persons or vehicles involved in
    previous incidents. I wouldn't want to be a dispatcher. You never know if
    the next time the phone rings if it will be somebody complaining about the neighbor's cat, a medical emergency, or a home invasion in progress.

    It's also easy for the clients to create alerts that will pop up for a location. They may be informational for businesses with contact
    information and Knox Box locations or comments on a resident who doesn't interact well with police.

    The historical data has to be retained too. Sometimes it takes years for a
    case to come to court where evidence has to be presented. The volume of
    data has taken off with the increased use of bodycams and dashcams.
    Luckily we just pass incident information to a third party. They're
    responsible for activating cameras for the responding units, capturing the video data, and archiving it. That's got to amount to petabytes sooner or later.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to rbowman on Mon Jul 22 20:43:22 2024
    On 2024-07-22, rbowman <bowman@montana.com> wrote:

    On Mon, 22 Jul 2024 18:43:01 GMT, Charlie Gibbs wrote:

    For sure. We have call tracking software in some 911 call centres;
    it doesn't do the actual dispatching, but records call metadata
    generated by the dispatch software (both for PSAPs and downstream
    agencies).
    The consequences of our software going down are less severe than the
    dispatch software going down - still, though, the police would get a bit
    miffed if call data was missing when they're trying to get a record of
    all calls related to, say, reports of gunshots in an area.

    Previous history certainly is important and we search either by location
    or phone number. There is a configurable limit on returns. Mom's Nursing
    Home and Joe's Bucket of Blood tend to generate a lit of previous history. There are also database searches for persons or vehicles involved in
    previous incidents. I wouldn't want to be a dispatcher. You never know if
    the next time the phone rings if it will be somebody complaining about the neighbor's cat, a medical emergency, or a home invasion in progress.

    Yes, I've been in the call centre and overheard the dispatchers at work. They're pretty amazing, keeping cool in the face of what's going on out
    there - even more than air traffic control (and I've heard a few ATC
    exchanges that must have created grey hair).

    It's also easy for the clients to create alerts that will pop up for a location. They may be informational for businesses with contact
    information and Knox Box locations or comments on a resident who doesn't interact well with police.

    The historical data has to be retained too. Sometimes it takes years for a case to come to court where evidence has to be presented. The volume of
    data has taken off with the increased use of bodycams and dashcams.
    Luckily we just pass incident information to a third party. They're responsible for activating cameras for the responding units, capturing the video data, and archiving it. That's got to amount to petabytes sooner or later.

    The call metadata isn't too much by today's standards - a couple of hundred megabytes a month. When we first got our stuff working, the cost of disk storage was falling to the point where it was worth keeping it all for more than just a few months. They were storing the actual call transcripts on
    audio cassettes in those days - it's probably all digitized now. But video
    is a whole other dimension...

    --
    /~\ Charlie Gibbs | We'll go down in history as the
    \ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
    X I'm really at ac.dekanfrus | itself because it wasn't cost-
    / \ if you read it the right way. | effective. -- Kurt Vonnegut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Nuno Silva on Tue Jul 23 00:38:14 2024
    On Mon, 22 Jul 2024 18:19:31 +0100, Nuno Silva wrote:

    ... if CrowdStrike were operating with a similar driver on Linux
    as they do on Windows ...

    They don’t. On Linux, they can use EBPF. Matthew Garrett mentioned this in his posting.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From vallor@21:1/5 to All on Tue Jul 23 02:00:34 2024
    On Mon, 22 Jul 2024 16:49:59 -0000 (UTC), Rich <rich@example.invalid>
    wrote in <v7m2jn$nqfd$2@dont-email.me>:

    Nuno Silva <nunojsilva@invalid.invalid> wrote:
    On 2024-07-22, Rich wrote:

    Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
    On Sun, 21 Jul 2024 09:36:06 +0100, Nuno Silva wrote:

    On 2024-07-21, Lawrence D'Oliveiro wrote:

    On Sat, 20 Jul 2024 11:08:50 +0100, Nuno Silva wrote:

    But immediately ruling out this scenario for Linux systems sounds >>>>>>> quite unrealistic to me. (And, from what I've read yesterday, I got >>>>>>> the impression that there had been a similar incident with Linux >>>>>>> systems, but I didn't study that further.)

    Sure. But remember, the various pieces of a Linux system are just
    inherently put together in a more modular, flexible fashion, and that >>>>>> includes systemd. That does reduce the chance for trouble quite
    significantly.

    Well, there is one notable piece of software in Linux systems that's >>>>> quite monolithic, unless something has changed and I didn't get the
    memo: the kernel itself.

    It’s always been modular. Look up “Linux kernel modules”:

    Ah, no. Although one does have to time travel back to circa 1994 to
    find a Linux kernel that did not have the modules subsystem. But it
    has not "always" been modular.

    Back in those days we had to recompile the kernel to turn on drivers
    that one's distro did not compile in by default. And compiling the
    kernel on a 386 was a multi hour proposition.

    The modular part, AFAIK, only applies to having the separate files and
    loading and unloading. Isn't it still a monolithic process in-memory?

    For that, one starts delving into semantics, which I'm trying to avoid.
    For those "literal thinking art students" like Lawrence, the mere fact
    that the word "module" is used to name the loadable code files means
    the kernel must be "not-monolithic".

    Or, for what matters for the topic of this thread: if code in a module
    crashes, how can the rest of the kernel continue running?

    It can't, just about any (unexpected) CPU protection fault while
    running ring 0 (kernel) mode code (whether in the main kernel or code
    from a loaded module) results in a kernel panic and halt of the system.
    But that fact does not lend any evidence for, or against, whether the
    kernel itself is "modular".

    I recently was starting up a game, which triggered rebuild of
    DXVK shaders for the game. The nvidia module freaked out, wreaking
    havoc on the kernel, and freezing the display.

    I was able to ssh in, dump dmesg output to a file, and reboot. For
    those interested in what that can look like, the dmesg.txt.gz
    can be found in this post on the developer forum:

    https://forums.developer.nvidia.com/t/550-78-release-feedback-discussion-thread/291665/12?u=scott-nv

    --
    -v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
    OS: Linux 6.9.10 Release: Mint 21.3 Mem: 258G
    "One way to better your lot is to do a lot better..."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to vallor on Tue Jul 23 02:43:19 2024
    On 23 Jul 2024 02:00:34 GMT, vallor wrote:

    I recently was starting up a game, which triggered rebuild of DXVK
    shaders for the game. The nvidia module freaked out, wreaking havoc on
    the kernel, and freezing the display.

    So you had trouble with a proprietary module. Big surprise.

    Remember the open-source dictum: “many eyes make all bugs shallow”.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bobbie Sellers@21:1/5 to All on Tue Jul 30 22:58:28 2024
    On 7/30/24 22:30, candycanearter07 wrote:
    John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
    followups trimmed to comp.os.linux.misc

    In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    I can see this happening, I think they just swallowed sudo.

    You mean polkit?

    No he means "sudo" is going to be replaced with "run0." <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
    Not right away but sooner or later unless it causes even
    more problems. "Sudo" is a bad implementation which replaced "su".
    which invoked superuser privileges. You had to use your root
    account password but Ubuntu decided that was dangerous so to invoke
    the same privileges you can use your user accont passwork.
    Canonical thought apparently that it was asking too
    much of their projected userbase to remember User account
    password and root password.



    Wouldn't that be similarly vulnerable?

    Maybe, any complex solution is open to vulnerabilities. I
    think (hope) these changes would be tested better than
    crowdstrike was. But as things get more complex, the harder
    to test :(

    I still think these changes Red Hat is pushing is their way
    to make things easier for admins, but to me, eventually you
    end up with a Windows clone. Now I wonder if they will "AI"
    systemd, I think it is possible since IBM seems to be
    getting into AI.

    That sounds like a nightmare. AI Systems...

    Nightmare or some one's wet dream.

    IMO "MSLinux" everywhere would have the same problem.

    I think redundancy, diversity and reducing complexity is the right
    answer.


    The system on my computer uses SysV.init and "su".

    bliss- Dell Precision 7730- PCLOS 2024.07- Linux 6.6.42- 5.27.11

    --
    b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From candycanearter07@21:1/5 to John McCue on Wed Jul 31 05:30:04 2024
    John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
    followups trimmed to comp.os.linux.misc

    In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    I can see this happening, I think they just swallowed sudo.

    You mean polkit?

    Wouldn't that be similarly vulnerable?

    Maybe, any complex solution is open to vulnerabilities. I
    think (hope) these changes would be tested better than
    crowdstrike was. But as things get more complex, the harder
    to test :(

    I still think these changes Red Hat is pushing is their way
    to make things easier for admins, but to me, eventually you
    end up with a Windows clone. Now I wonder if they will "AI"
    systemd, I think it is possible since IBM seems to be
    getting into AI.

    That sounds like a nightmare. AI Systems...

    IMO "MSLinux" everywhere would have the same problem.

    I think redundancy, diversity and reducing complexity is the right
    answer.



    --
    user <candycane> is generated from /dev/urandom

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to Bobbie Sellers on Wed Jul 31 06:23:14 2024
    On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers wrote:

    No he means "sudo" is going to be replaced with "run0." <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/

    sudo has been a running saga of security vulnerabilities. Poettering is offering a much simpler design with a smaller attack surface. He actually
    wants to do away with the whole idea of set-user-ID executables.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Bobbie Sellers on Wed Jul 31 09:30:28 2024
    On 31/07/2024 06:58, Bobbie Sellers wrote:
    "Sudo" is a bad implementation which replaced "su".
    which invoked superuser privileges.  You had to use  your root
    account password but Ubuntu decided that was dangerous so to invoke
    the same privileges you can use your user accont passwork.
        Canonical thought apparently that it was asking too
    much of their projected userbase to remember User account
    password and root password.

    Sudo allowed tailored access by certain users to certain root
    privileges, that su did not.

    It's a reasonable admin tool for a multiuser system.

    But who tuns a true multiuser system these days especially one where
    users can do simple admin?

    --
    “The fundamental cause of the trouble in the modern world today is that
    the stupid are cocksure while the intelligent are full of doubt."

    - Bertrand Russell

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Richard Kettlewell on Wed Jul 31 11:17:43 2024
    On 31/07/2024 10:23, Richard Kettlewell wrote:
    The Natural Philosopher <tnp@invalid.invalid> writes:
    On 31/07/2024 06:58, Bobbie Sellers wrote:
    "Sudo" is a bad implementation which replaced "su".
    which invoked superuser privileges.  You had to use  your root
    account password but Ubuntu decided that was dangerous so to invoke
    the same privileges you can use your user accont passwork.
        Canonical thought apparently that it was asking too
    much of their projected userbase to remember User account
    password and root password.

    Sudo allowed tailored access by certain users to certain root
    privileges, that su did not.

    It's a reasonable admin tool for a multiuser system.

    But who tuns a true multiuser system these days especially one where
    users can do simple admin?

    Even disregarding hobbyists, more than zero but I expect the number is
    indeed rather small.

    There’s a few points here:

    * You can still set a root password and use ‘su’ on Ubuntu systems if
    that’s what you want. Canonical are not enforcing a policy here, just
    setting a default.

    * The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I
    expect the motivation for the default setup on Ubuntu is
    simplification, not any theories about who can remember how many
    passwords.

    * Trusting sudo to enforce the a tailored access model is somewhat
    optimistic given its CVE record, and the general record of the setuid
    model that underpins it.

    * By escaping the setuid model run0 may improve on this issue, though it
    brings other kinds of complexity with it; how it balances out is
    probably a question for a few years time.

    * In the single-user context, sudo effectively creates the model that
    your single user account has privileges equivalent to root, but that
    you must explicitly mark any privileged operation. The former is just
    acknowledging reality, the latter is a useful guard against accidents.

    +1 to all of that.

    I use sudo if its just one thing I need to do, but if its messing with
    config files and restarting daemons, I use su -

    --
    Microsoft : the best reason to go to Linux that ever existed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Bobbie Sellers on Wed Jul 31 13:41:39 2024
    Bobbie Sellers <blissInSanFrancisco@mouse-potato.com> wrote:
    On 7/30/24 22:30, candycanearter07 wrote:
    John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT): >>> followups trimmed to comp.os.linux.misc

    In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    I can see this happening, I think they just swallowed sudo.

    You mean polkit?

    No he means "sudo" is going to be replaced with "run0." <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
    Not right away but sooner or later unless it causes even
    more problems. "Sudo" is a bad implementation which replaced "su".
    which invoked superuser privileges.

    su still exists, even on Ubuntu systems. It's just that Ubuntu's 'user
    docs' (as they are) only talk about sudo, and you know the old saying:

    Learn Ubuntu and you learn Ubuntu, learn Slackware and you learn Unix.

    You had to use your root account password but Ubuntu decided that
    was dangerous so to invoke the same privileges you can use your user
    accont passwork.

    sudo long predates Ubuntu <https://en.wikipedia.org/wiki/Sudo> (initial
    release "around 1980").

    Canonical thought apparently that it was asking too
    much of their projected userbase to remember User account
    password and root password.

    For traditional Unix systems (multiple users all logged on to the same
    system at the same time) the /premise/ of sudo provides some value add.
    You can grant individual, more trusted, users rights to do things as
    root, without having to share the root password with them in order to
    do so.

    For typical Ubuntu setups (single user who is system owner and the only
    user) sudo adds no value add over just becoming root via su (other
    than, as you say, not having to remember a 'root' password).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lars Poulsen@21:1/5 to The Natural Philosopher on Wed Jul 31 07:49:41 2024
    On 7/31/2024 3:17 AM, The Natural Philosopher wrote:
    On 31/07/2024 10:23, Richard Kettlewell wrote:
    The Natural Philosopher <tnp@invalid.invalid> writes:
    But who tuns a true multiuser system these days especially one where
    users can do simple admin?

    Even disregarding hobbyists, more than zero but I expect the number is
    indeed rather small.

    Not sure what you mean by "hobbyist". To me, a "linux hobbyist" is
    someone like me, who deliberately runs a system at home that is more
    complex and "professional" than necessary, to keep alive some skills
    acquired decades ago when we managed a Unix system used by our department.
    But I also use those skills in the small company that still writes me a paycheck in my semi-retirement.

    There’s a few points here:

    * You can still set a root password and use ‘su’ on Ubuntu systems if
       that’s what you want. Canonical are not enforcing a policy here, just >>    setting a default.

    My Linux systems are Fedora rather than Ubuntu; Fedora also promotes sudo.

    * The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I >>    expect the motivation for the default setup on Ubuntu is
       simplification, not any theories about who can remember how many
       passwords.

    * Trusting sudo to enforce the a tailored access model is somewhat
       optimistic given its CVE record, and the general record of the setuid >>    model that underpins it.

    * By escaping the setuid model run0 may improve on this issue, though it
       brings other kinds of complexity with it; how it balances out is
       probably a question for a few years time.

    * In the single-user context, sudo effectively creates the model that
       your single user account has privileges equivalent to root, but that
       you must explicitly mark any privileged operation. The former is just >>    acknowledging reality, the latter is a useful guard against accidents. >>
    +1 to all of that.

    I use sudo if its just one thing I need to do, but if its messing with
    config files and restarting daemons, I use su -

    Is that because you do not know about "sudo -i" ?

    Note that run0 - which is built on polkit - still relies on setuid
    executables within polkit. I don't see them as all that different.

    The grace period in sudo is a convenience. It probably does add a bit of
    risk. There is probably a way to turn it off --- yes:
    timestamp_timeout=0 in /etc/sudoers (apparently per-user)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Dallman@21:1/5 to Richard Kettlewell on Wed Jul 31 17:45:00 2024
    In article <wwv1q39valn.fsf@LkoBDZeT.terraraq.uk>,
    invalid@invalid.invalid (Richard Kettlewell) wrote:

    The relevant point is that there are (at least a few) large
    organizations running multi-user Unix systems, and care about
    isolation between users.

    For example, my workplace. Most of our Linux and macOS machines are not people's personal systems, but dedicated build/test machines with fairly full-time jobs. I am not a skilled sysadmin, but being able to use sudo
    for simple tasks gets them done a lot faster than opening a helpdesk
    ticket.

    John

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Rich on Wed Jul 31 17:52:06 2024
    On 31/07/2024 14:41, Rich wrote:


    For typical Ubuntu setups (single user who is system owner and the only
    user) sudo adds no value add over just becoming root via su (other
    than, as you say, not having to remember a 'root' password).

    I say it does. Fat finger proofing.

    If I HAVE to type sudo every time I want to do something sysadmin-ish it
    forces me to stop and think just a little. And sometimes prevents me
    from doing what I really didnt want to do

    Anyqay, as with most of these religious arguments, you have the choice.
    I choose to use both.

    Like I used the command line AND the GUI.


    --
    Renewable energy: Expensive solutions that don't work to a problem that
    doesn't exist instituted by self legalising protection rackets that
    don't protect, masquerading as public servants who don't serve the public.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Richard Kettlewell on Wed Jul 31 17:55:14 2024
    On 31/07/2024 16:34, Richard Kettlewell wrote:
    The relevant point is that there are (at least a few) large
    organizations running multi-user Unix systems, and care about isolation between users.

    There are, but they are rare birds.

    Most 'multi-user' machines run pure web applications.
    I cant offhand think of anything outside say a research super computer
    where true multiuser exists

    Anyway their sysdamins are free to set them up how they like, as are we
    on our single user machines


    --
    No Apple devices were knowingly used in the preparation of this post.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rbowman@21:1/5 to John Dallman on Thu Aug 1 01:45:34 2024
    On Wed, 31 Jul 2024 17:45 +0100 (BST), John Dallman wrote:

    For example, my workplace. Most of our Linux and macOS machines are not people's personal systems, but dedicated build/test machines with fairly full-time jobs. I am not a skilled sysadmin, but being able to use sudo
    for simple tasks gets them done a lot faster than opening a helpdesk
    ticket.

    At one time (25 years ago) the Linux boxes were our personal machines and
    the build/test machines were RS6000/AIX boxes that we shared. The same
    code base built on both although some of the data had to be converted
    between big and little endian.

    IBM priced themselves out of competition and our clients went to Windows.
    We use the MKS NutCracker environment on Windows so for the most part the
    code builds on Linux or Windows. The Linux boxes are still our personal machines, with shared Windows systems for build/testing.

    The shared AIX resources sometimes had problems like a newbie programmer deleting what amounts to /usr/bin to free up disk space. Screw-ups on that level meant you bought the donuts.

    We had a homegrown thing called 'gosu' which was essentially sudo without
    the training wheels.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to The Natural Philosopher on Thu Aug 1 09:39:39 2024
    The Natural Philosopher <tnp@invalid.invalid> writes:
    On 31/07/2024 16:34, Richard Kettlewell wrote:
    The relevant point is that there are (at least a few) large
    organizations running multi-user Unix systems, and care about isolation
    between users.

    There are, but they are rare birds.

    Most 'multi-user' machines run pure web applications.
    I cant offhand think of anything outside say a research super computer
    where true multiuser exists

    The example I hear about most is more or less that, specifially a
    compute farm used for genomics research. You don’t get to log into the compute nodes, but the ‘head nodes’ used for uploading data sets and submitting jobs have logins for all.

    I’m less clear on the details of the other example I’m aware of, we only really got to hear about how it interacts with attributes of our
    product.

    We have a few in-principle shared Unix machines at work but in practice
    they can go months between anyone logging in.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Richard Kettlewell on Thu Aug 1 10:35:00 2024
    On 01/08/2024 09:39, Richard Kettlewell wrote:
    The Natural Philosopher <tnp@invalid.invalid> writes:
    On 31/07/2024 16:34, Richard Kettlewell wrote:
    The relevant point is that there are (at least a few) large
    organizations running multi-user Unix systems, and care about isolation
    between users.

    There are, but they are rare birds.

    Most 'multi-user' machines run pure web applications.
    I cant offhand think of anything outside say a research super computer
    where true multiuser exists

    The example I hear about most is more or less that, specifially a
    compute farm used for genomics research. You don’t get to log into the compute nodes, but the ‘head nodes’ used for uploading data sets and submitting jobs have logins for all.

    I’m less clear on the details of the other example I’m aware of, we only really got to hear about how it interacts with attributes of our
    product.

    We have a few in-principle shared Unix machines at work but in practice
    they can go months between anyone logging in.

    A friend of mine who does very advanced mathematical matrix research has
    a login to a vast array of CPU power somewhere in the States, where he
    uploads code and data, compiles the code and then crunches huge amounts
    of data. No root level access needed or wanted.

    Real old school

    --
    The higher up the mountainside
    The greener grows the grass.
    The higher up the monkey climbs
    The more he shows his arse.

    Traditional

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From vallor@21:1/5 to ldo@nz.invalid on Sun Aug 4 12:45:53 2024
    On Wed, 31 Jul 2024 06:23:14 -0000 (UTC), Lawrence D'Oliveiro
    <ldo@nz.invalid> wrote in <v8cl8i$1fhag$1@dont-email.me>:

    On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers wrote:

    No he means "sudo" is going to be replaced with "run0."
    <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/

    sudo has been a running saga of security vulnerabilities. Poettering is offering a much simpler design with a smaller attack surface. He actually wants to do away with the whole idea of set-user-ID executables.

    From the very beginning of our company (1994), we had no setuid
    executables on our shell server. (We finally discontinued the service at the end of June -- the end of an era!)

    I see now on this system (Mint 21.3) that ping is no longer setuid.
    (Nowadays, it uses Linux capabilities.) Back in the day, it was setuid,
    but we replaced it with a client that reached out to a "ping server" that
    did the job.

    --
    -v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
    OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G
    "Couldn't myself have better it said."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to vallor on Sun Aug 4 22:25:49 2024
    On 4 Aug 2024 12:45:53 GMT, vallor wrote:

    I see now on this system (Mint 21.3) that ping is no longer setuid. (Nowadays, it uses Linux capabilities.)

    Whaddaya know ...

    root@theon:~ # getcap /usr/bin/ping
    /usr/bin/ping cap_net_raw=ep

    And here I thought capabilities are a process-level thing, there was no equivalent of set-user-id for them.

    By the way, the “capabilities” idea comes from an old DEC OS called VMS, where it was just called “privilege masks”.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From 186283@ud0s4.net@21:1/5 to All on Tue Aug 6 02:01:52 2024
    On 7/31/24 1:30 AM, candycanearter07 wrote:
    John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
    followups trimmed to comp.os.linux.misc

    In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
    "26yh.0712" <26yh.0713@e6t5y.net> writes:

    Ah ... wunnerful Winders :-)

    It should be banned as a socioeconomic WMD ...

    Imagine systemd swallowing package management, doing automagic
    security updates and such a "MSLinux" monoculture.

    I can see this happening, I think they just swallowed sudo.

    You mean polkit?

    Wouldn't that be similarly vulnerable?

    Maybe, any complex solution is open to vulnerabilities. I
    think (hope) these changes would be tested better than
    crowdstrike was. But as things get more complex, the harder
    to test :(

    I still think these changes Red Hat is pushing is their way
    to make things easier for admins, but to me, eventually you
    end up with a Windows clone. Now I wonder if they will "AI"
    systemd, I think it is possible since IBM seems to be
    getting into AI.

    That sounds like a nightmare. AI Systems...


    Once you get into it more than a little, "AI" becomes
    something like "magic". It finds its patterns and
    sense in ways humans can't comprehend and creates
    software/rules/structure humans wouldn't - and thus
    cannot properly understand.

    On present trajectory, we're headed straight to
    Hogwarts ....

    The "AI" doesn't even have to be evil to be
    extraordinarily dangerous.

    Now open your spell-books to page 27 and don't
    forget to flick your wands !

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)