@Tim_G said in Pentagon Warns Against Using Lenovo Equipment:
I see Lenovo adds ALL over the place on spiceworks. No idea why.
Just me?
Lenovo is one of a select few companies that spend lots and lots of money on advertising with Spiceworks. They seem to get special treatment from that. Also makes me question weather I can continue to trust anything Spiceworks related 
@scottalanmiller said:
What's amazing from living abroad is how you see corruption. In the US we point to places like Italy and their crazy levels of corruption - and it is bad enough that it really causes problems. But it is really, really obvious and in your face. Need a permit, you slip someone $50. Everyone knows exactly who is corrupt, how and how it works.
In the US people often say that there is so little corruption that you never even see it happen. The problem is, the corruption is so intense and so big that we don't see it any longer. We are conditioned to a level of corruption that makes "corrupt" countries look downright forthright. But it isn't your local mailman expecting an extra dollar for delivering the mail, it's in big government and huge businesses paying people off and stuff like that. It's massive money on a massive scale and it is so mixed into the whole thing that we stop seeing it.
Imagine a sound so loud that you stop hearing it because you go deaf. That's how the difference feels.
I realized that without having to leave the country to do it.... not that it's not blindingly obvious to anyone with a little sense.
@dafyre said:
Assembly programs give me nightmares, lol.
I had an assembly language class in college. While I don't really enjoy it, I very much appreciate someone who does. Just... not.... this. It's a itty bitty little package of evil.
Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.
From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.
Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.
Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.
I mean, even I make sure that GPG is enabled. Guess this could be included in the "Burned by eschewing best practices" thread as well.
I'm also wondering if that rhui-monitor.cloud host is a Microsoft or RedHat run server?
@dafyre said:
@hobbit666 said:
Moving VM's around ready to attempt to replace a ESXi host tomorrow
puts on full body armor and a helmet
hands wirestyle22 a claymore
@Jason said in Windows 10 home screen:
Microsoft is now putting weblinks to different content on the home screen. Wonder how soon there will be ads and sponsored content?
What is yesterday?
Amazon Snowmobile
To be fair, I first saw it on Spiceworks, but it was only a link to the Wired article.
Even with a one gigabit per-second connection such as Google Fiber, uploading 100 petabytes over the internet would take more than 28 years. At an average speed of 65 mph, on the other hand, you could drive a Snowmobile from San Francisco to New York City in about 45 hours—about 4,970 gigabits per second. That doesn’t count the time it takes to actually transfer the data onto Snowmobile–which Amazon estimates will take less than 10 days–or from the Snowmobile onto Amazon’s servers. But all told, that still makes the truck much, much faster.
I knew I missed my true calling, I should be driving everyone's data around the country faster than you could possibly download/upload it!
Hey Amazon, I can do computer networking, administration, service and drive a truck, what's an all-in-one driver/service person expect to make?
@wirestyle22 said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@wirestyle22 said in What Are You Doing Right Now:
@coliver said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
Employee of the year? I'd expect at least a 60-65" 4K for that...
I would much more appreciate a raise.
What's a raise? I've never heard of that. Do you have documentation on it?
That's why all the good advice I've seen is to change jobs. The promotions rarely happen internally, no matter what management says.
Nothing more true has ever been said
I'll give you 1 guess what project I've assigned myself for this weekend.... well, after that party anyway.
Put as many applications out as fast as possible?
Close. Work on the resume and precis package. I doubt I'll get it finished to my satisfaction, but every change requires a first step.
Clonezilla is just dd for those to lazy to figure out the exact command(s) needed to run. Also, I use it all the time.
Softpedia reporting on the new release.
The big new feature? You can now copy/paste into the message input area....
It only took them to version 1.15 for that? Really? Sounds like this release should be around .5 not 1.15 to me.
@Dashrender I don't expect access to the CEO of a company, but I do expect to have a way to contact their office.
That's telling you that it doesn't know what domain to create the cert for. This just won't work generally. You'll need to add
ServerName mydomainname
to a configuration file in /etc/httpd/conf.d/mydomainname.conf virtualhost section. The .conf file for my server is:
<VirtualHost *:80>
ServerName www.travisdh1.net
ServerAlias travisdh1.net
DocumentRoot /var/www/html
ServerAdmin [email protected]
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.travisdh1.net [OR]
RewriteCond %{SERVER_NAME} =travisdh1.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
Once you get that setup correctly the certbot-auto script should work. You might have to make a few changes to /etc/httpd/conf.d/ssl.conf in order to get the server using the correct certs.
Spotted the server side of AMD's new architecture. The raw numbers look good, but HotHardWare only had AMD's own performance review, which was obviously a 1 sided performance comparison... AMD didn't even put the same amount of memory in both systems.
I really want to see the performance comparison from a non-biased source.
The CPUs are 32 core/64 thread, 8 memory channels (16 total memory slots), and 128 lanes of PCIe per chip. Should be able to put massive amounts of workloads on those things... we'll see.
@BBigford said in How I Picture Managers Taking Away Facebook for "Productivity":
Lol social media isn't the problem for poor behavior... there's a deeper issue with the parenting skills obviously.
What parenting skills?
@olivier said in Xen Orchestra new design:
Guys, it's not even beta ready
Apparently that doesn't stop us from trying out the new shiny widgets.
My personal favorite 1 liner from the story: Neiderman claims to have discovered 40 previously undiscovered security flaws, including those that would allow hackers to run code without having physical access to the device.
So anything with Tizen is on the same level as Lenovo. Just what we don't need.
@olivier I was thinking of XO in particular, but this would be a good way to get the word out about your project for anyone. FLOSS Weekly, email [email protected] if you're interested in getting some free advertising.
Yeah, the entire show is basically free advertising for open source projects.
@scottalanmiller There is the "trusted domains" section of the config.php file. I don't think ownCloud throws that error when the trusted domains isn't set correctly tho.