Random musings on IT

[Beardy]

I was rootling for some tools yesterday when a bunch of USB cables attacked me from above. After I had bravely fought them off, I noticed that at some point in the past I have collected all(I assume) of the USB A to USB B cables in my possession and fastened them all together. Judging by the dust, I’ve since cast them aside and ignored them which possibly accounts for the savage attack.

It occurred to me that the reason for this neglect is the lack of devices that now sport a USB B port. Does anyone know of any current devices that come with such or can I dispose of them before they can plot another attack.

[rafletcher]

I think some printers may still use it.

[Kim]

Printers, scanners and hubs, mostly.  Oh, UPSes, too.  And the device you'll need a cable for about two weeks after having a cable cull, obviously.

Shame really, the B connector is one of the least annoying ones.

ETA: Just remembered that the Ardunio Uno and Mega use a B connector.  The newer stuff tends to use Micro-B, which is generally more convenient.

[Mr Larrington]

Miss von Brandenburg bought a new MacBook yesterday.

USB? We've heard of it! ~ The Mega-Global Fruit Corporation of Cupertino, USAnia, also yesterday.

[Jurek]

Miss von Brandenburg bought a new MacBook yesterday.

USB? We've heard of it! ~ The Mega-Global Fruit Corporation of Cupertino, USAnia, also yesterday.

It's a bit like opening the bonnet  of a modern car.
And finding that there are no visible fasteners.
No way of getting inside the motor.
Almost certainly, the manufacturer's way of saying 'Don't fuck about with what is inside here'.

[FifeingEejit]

Having had a surprisingly large step forward landed on us at work, I'm now fighting with docker containers.

This means working with BASH.

Why do I have to type a standard abbreviation of "password" to find out where I am in the file system?
And why would anyone rip off the 1970s in the 2000s?

[pcolbeck]

And why would anyone rip off the 1970s in the 2000s?

They didn't. Bash was originally written in the late 80s as a free shell that could run the millions of lines of existing shell scripts developed on *nixes so far.

[Kim]

Why do I have to type a standard abbreviation of "password" to find out where I am in the file system?

Because pwd has meant Print Working Directory since the 70s, and at some point people who didn't use *nix^[1] started using it as an abbreviation for password?

Like most things in unix-like operating systems, the names of common commands make sense if you're aware of the historical context, and tend to the arcane if you're not.


_{[1] Who would abbreviate it as passwd, obviously.}

[vorsprung]

Having had a surprisingly large step forward landed on us at work, I'm now fighting with docker containers.

This means working with BASH.

Why do I have to type a standard abbreviation of "password" to find out where I am in the file system?

you don't see https://unix.stackexchange.com/questions/100959/how-can-i-change-my-bash-prompt-to-show-my-working-directory 
for instance

And why would anyone rip off the 1970s in the 2000s?

I think you are trying to say that bash is somehow outdated?  The great thing about Unix commands is that I can still use stuff I learnt in 1988 to do actual work now.

Docker is bloody awful though, you have my sympathy

[Feanor]

Having a working knowledge of UNIX commands is a useful skill to keep in your back pocket.

To be able to edit config files on a remote machine where all you have is SSH is an example.
( I had a router that could do IPv6 stuff that was not exposed on the crummy web interface, but could be enabled by hand-crafting the config files.)
Vi worked just fine.

And a knowledge of tar commands is useful in many scenarios, including defusing nuclear bombs.

[Greenbank]

MiniGB has an adventure game on her Raspberry Pi (running Kano as the OS) that has got her used to cd, ls, cat, mv and a few other UNIX commands. She started using that at 8yo.

(I didn't get my hands on a UNIX shell until I was 16.)

[FifeingEejit]

And why would anyone rip off the 1970s in the 2000s?

They didn't. Bash was originally written in the late 80s as a free shell that could run the millions of lines of existing shell scripts developed on *nixes so far.

I was referring to ripping off Unix in general.
But then I did get my timeline slightly wrong as I first came across linux in '98ish

Don't worry I'll be slagging off PowerShell at some point too.
Like- Why are the commands so bloody long, what's wrong with abbreviations?

[CommuteTooFar]

Malwarebytes (Intel's antivirus company) has claimed that there have been more new malware exploits for the Apple systems than the pcs.

[ian]

Hmm, do they by any chance sell a product that claims to remedy that?

[CommuteTooFar]

Of course they do. It is the anti-virus business model is to cry large wild dog.  That does not exclude the possibility that there is a ravenous pack of wolves waiting out there to damage your data.

Just like on the PC be sensible then there is little chance malware will enter your system. 

Having said that before I retired I worked for a computer security company.  An infected file found its way onto our network (from a managers pc).  We spotted it before it did any harm (we believe).

[ian]

I couldn't idly find any evidence to back their claim (though it might not be reasonable to speculate that a good proportion of malware, and perhaps more variety, is aimed at Unix-y things, they power the back-end of stuff rather than boting or ransoming Windows boxes). I may be wrong, but I've always been of the understand that Unix has a considerably more sophisticated security model whereas you just ask a Window's user to install your trojan and they'll happily oblige. Years of training to click endless OK buttons has taken care of whatever sense they had left.

I seemed to have succeeded in never catching anything on either Windows or MacOS (back in the days I was regularly exposed to Word and Excel Macros, we got a considerable number).

[Beardy]

I couldn't idly find any evidence to back their claim (though it might not be reasonable to speculate that a good proportion of malware, and perhaps more variety, is aimed at Unix-y things, they power the back-end of stuff rather than boting or ransoming Windows boxes). I may be wrong, but I've always been of the understand that Unix has a considerably more sophisticated security model whereas you just ask a Window's user to install your trojan and they'll happily oblige. Years of training to click endless OK buttons has taken care of whatever sense they had left.

I seemed to have succeeded in never catching anything on either Windows or MacOS (back in the days I was regularly exposed to Word and Excel Macros, we got a considerable number).

I don't think that its that Unix boxes are inhenrtly more secure rather that traditionally they've been installed in more secure environments and have been run by geeks and so unintended installations tend to be few. Windows boxes have as you say been more in the 'public' domain and thus used by less tech savvy individuals.

[Greenbank]

Ubiquity and homogeneity mean that malware writers will go for Windows first, then Mac.

UNIX is by no means immune, there are plenty of Linux machines out there unwittingly running rootkits and being part of various enormous botnets.

I did a weeks' work experience back in 1993 at some company in Cambridge (forget the name) that wrote their own X windows environment. The devs also had fun writing their own versions of viruses for it. And don't forget that the Morris Worm is 32 years old!

[ian]

I figure if you want to get into backend systems, then you need to hit Unix/Linux based systems. If you want to ransom end-users, Windows. The desktop population of Mac users is around 9% compared to 88% for Windows. It's a bit of a niche, which doesn't tally with the claim.

[Jaded]

Yes but Mac users are way richer. How else could they afford the things

[Kim]

I figure if you want to get into backend systems, then you need to hit Unix/Linux based systems. If you want to ransom end-users, Windows. The desktop population of Mac users is around 9% compared to 88% for Windows. It's a bit of a niche, which doesn't tally with the claim.

Linux on the desktop and server lacks the homogeneity and user-base of Windows, so it's much less worthwhile as a malware target (it also tends to attract more security-conscious users).  If you want to pwn Linux machines, you're better off targeting embedded systems, such as consumer routers and internet-of-shit devices, which don't exactly have a good track record for secure default settings or security updates.

Of course, it depends on your objective.  Ransomware and spyware generally need desktops.  Botnets need a large installed base.  General chaos can be caused be hitting a lot of end-users or a smaller number of servers or network infrastructure.  Exfiltrating sensitive data requires luck or hard work, whatever the actual systems might be.

[FifeingEejit]

I may be wrong, but I've always been of the understand that Unix has a considerably more sophisticated security model whereas you just ask a Window's user to install your trojan and they'll happily oblige. Years of training to click endless OK buttons has taken care of whatever sense they had left.

SUDO...
Typed before almost every command because I can't be arsed finding out if it didn't need it.
And also because I have more interesting questions to ask the colleague that's properly into this *nix and Docker stuff that about altering it so everything I do is sudo which of course is what everyone else has done...

Wonder how difficult it would be to get something malicious into say Alpine's base image on docker hub...

[Kim]

And also because I have more interesting questions to ask the colleague that's properly into this *nix and Docker stuff that about altering it so everything I do is sudo which of course is what everyone else has done...

sudo su

or in the increasingly unlikely event that your system has a root password and you know what it is:

su

Both should give you a root shell.


Obvious disclaimer:  Going around doing mundane stuff with admin privileges when you don't actually need them is a recipe for accidental deletion disasters, being tricked by malware, creating files you need root privileges to access and so on.  But it's SOP on, say, Windows, and those systems hardly ever halt and catch fire.  Security-by-Simon-Says is great up till the point where you start sudoing things without thinking, so you might as well save a bit of typing (particularly of passwords into the wrong window).

[Feanor]

My webmail box is a Centos7 box running Roundcube.

The first time I installed it, I could not get it to work due to SELinux preventing Apache having r/w access to the necessary directories.
It was too much pain to figure it out at the time, so I just disabled SELinux, which was the general response on The Internet.

When I re-installed it more recently, I took the time to learn a bit about SELinux, and just configured it properly.

From my readings on the Internet, I was not alone in putting into the too-hard basket and just disabling it.

[FifeingEejit]

And also because I have more interesting questions to ask the colleague that's properly into this *nix and Docker stuff that about altering it so everything I do is sudo which of course is what everyone else has done...

sudo su

or in the increasingly unlikely event that your system has a root password and you know what it is:

su

Both should give you a root shell.


Obvious disclaimer:  Going around doing mundane stuff with admin privileges when you don't actually need them is a recipe for accidental deletion disasters, being tricked by malware, creating files you need root privileges to access and so on.  But it's SOP on, say, Windows, and those systems hardly ever halt and catch fire.  Security-by-Simon-Says is great up till the point where you start sudoing things without thinking, so you might as well save a bit of typing (particularly of passwords into the wrong window).

Not the box op, they sit in another room, actually based on the fact the guy sitting in another room keeps saying he's firing off a support call to some company, I suspect he doesn't have root access either...

Every single bloody instruction to docker seems to need Sudo'ed though.