From m.kaoru.wilbur at gmail.com  Mon Jan  1 00:38:50 2018
From: m.kaoru.wilbur at gmail.com (Kaoru Wilbur)
Date: Mon, 1 Jan 2018 00:38:50 -0700
Subject: Lists and the DMCA
Message-ID: <CACYBypLTz212=BaXnqU4kijRz=jqD2UGcCKTgttR-g8bXXc5+Q@mail.gmail.com>

Today was the deadline for limitations on liability if you have not updated
your DMCA agent information digitally, I suggest you do so promptly.

https://blogs.loc.gov/copyright/2017/12/dmca-agent-re-registration-deadline-is-december-31-2017/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/329b527c/attachment.html>

From bob.elzer at gmail.com  Mon Jan  1 10:56:22 2018
From: bob.elzer at gmail.com (Bob Elzer)
Date: Mon, 1 Jan 2018 10:56:22 -0700
Subject: Lists and the DMCA
In-Reply-To: <CACYBypLTz212=BaXnqU4kijRz=jqD2UGcCKTgttR-g8bXXc5+Q@mail.gmail.com>
References: <CACYBypLTz212=BaXnqU4kijRz=jqD2UGcCKTgttR-g8bXXc5+Q@mail.gmail.com>
Message-ID: <CANQAHVCUFERk2eaTKck_FRbV+876og=nUTWatUtZCdNq2T7t2A@mail.gmail.com>

you sent this a day late, oh no I'm screwed

On Jan 1, 2018 12:38 AM, "Kaoru Wilbur" <m.kaoru.wilbur at gmail.com> wrote:

> Today was the deadline for limitations on liability if you have not
> updated your DMCA agent information digitally, I suggest you do so promptly.
>
> https://blogs.loc.gov/copyright/2017/12/dmca-agent-
> re-registration-deadline-is-december-31-2017/
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/9d033e4a/attachment.html>

From mhgraham at crow202.org  Mon Jan  1 11:25:22 2018
From: mhgraham at crow202.org (Matt Graham)
Date: Mon, 01 Jan 2018 11:25:22 -0700
Subject: How to open a text file with kwrite from a  =?UTF-8?Q?menu=3F?=
In-Reply-To: <07e60101a15119acd70cfae8841a3a3c.squirrel@box945.bluehost.com>
References: <f554a7dda19c72ff3c4135da54a12203.squirrel@box945.bluehost.com>
 <CAAqYjtP7A2OO48ggM3dQT89Gte4OruunUUjMdCifVjShCs1+3Q@mail.gmail.com>
 <07e60101a15119acd70cfae8841a3a3c.squirrel@box945.bluehost.com>
Message-ID: <509ffe82c0dbe410dcaa9fc8778b4d6b@crow202.org>

On 2017-12-31 11:21, joe at actionline.com wrote:
>> On Dec 30, 2017 13:01, <joe at actionline.com> wrote:
>> <a href=file:/home/joe/data/notes.odt>notes</a>
>> When I click on "notes" (using Firefox) a dialog pops up
>> that reads: "What should Firefox do with this file?"
>> (*) Open with LibreOffice Writer (default)

>> (1) What actions and what syntax could I use to open a plain text
>> document with 'kwrite' (the text editor that I use most often)?
>> 
>> (2) How can I get this to work with the Chrome browser, also?
> You suggested:
> <a href="/home/joe/data/SOMEFILE.txt">notes</a>

> [opens the file], to read-only, but what I want to
> do is open the file in the text editor 'kwrite'.

I am not sure that firefox can do this without a lot of fooling around, 
because this is way outside what firefox was designed to do.  "Open a 
file with MIME type text/plain in the browser, read-only" seems to be 
baked in to the application.  A number of people have wanted to do what 
you're doing as seen in 
https://support.mozilla.org/bn-BD/questions/738336 , but that's from 
~2011 and so may not be applicable any more.

FWIW, konqueror will allow you to right-click on <a href="file.txt">a 
link like so</a> and open it with kwrite.

-- 
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.

From techlists at phpcoderusa.com  Mon Jan  1 15:47:13 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Mon, 01 Jan 2018 15:47:13 -0700
Subject: Happy New Year!!
Message-ID: <f9fba6c5d544d84cc10cf6493aadefea@phpcoderusa.com>

Hi PLUG, 

Hope everyone has a prosperous New Year!! 

I have high hopes for 2018. 

Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/548f9dab/attachment.html>

From vodhner at cox.net  Mon Jan  1 17:22:17 2018
From: vodhner at cox.net (Victor Odhner)
Date: Mon, 1 Jan 2018 17:22:17 -0700
Subject: OT: New Email Home?
Message-ID: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>

I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.

I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.

I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.

Suggestions? Experience?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/677a527d/attachment.html>

From cryptworks at gmail.com  Mon Jan  1 17:24:39 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Mon, 1 Jan 2018 17:24:39 -0700
Subject: OT: New Email Home?
In-Reply-To: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
Message-ID: <CACS_G9zL_VOxz30rcs+SfX-FRc3Fk=d7cyDEOcVSxrzK7pFfHA@mail.gmail.com>

Well I have been happy with my Gmail experience and their 2 factor
authentication is pretty nice to work with.

On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:

> I want to open a new email account, using a good solid provider with
> decent security. My requirements aren’t paranoid, but I don’t want another
> Yahoo.
>
> I’m willing to pay something like $20 - $40 a year for a reputable service
> with no ads.
>
> I could use Startmail (I do my searches via StartPage), but that’s
> $60/year and I don’t need all that encryption, though I wouldn’t turn it
> down.
>
> Suggestions? Experience?
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/fe8e5d69/attachment.html>

From cryptworks at gmail.com  Mon Jan  1 17:49:46 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Mon, 1 Jan 2018 17:49:46 -0700
Subject: OT: New Email Home?
In-Reply-To: <CACS_G9zL_VOxz30rcs+SfX-FRc3Fk=d7cyDEOcVSxrzK7pFfHA@mail.gmail.com>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
 <CACS_G9zL_VOxz30rcs+SfX-FRc3Fk=d7cyDEOcVSxrzK7pFfHA@mail.gmail.com>
Message-ID: <CACS_G9xSjG0APjUJY9L9jQOs3rA5hrskF3GJpiqSA1Kkh-wqVw@mail.gmail.com>

Also an idea would be maybe a Google domain hosting and the gapps for your
email acct.

On Jan 1, 2018 5:24 PM, "Stephen Partington" <cryptworks at gmail.com> wrote:

> Well I have been happy with my Gmail experience and their 2 factor
> authentication is pretty nice to work with.
>
> On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>
>> I want to open a new email account, using a good solid provider with
>> decent security. My requirements aren’t paranoid, but I don’t want another
>> Yahoo.
>>
>> I’m willing to pay something like $20 - $40 a year for a reputable
>> service with no ads.
>>
>> I could use Startmail (I do my searches via StartPage), but that’s
>> $60/year and I don’t need all that encryption, though I wouldn’t turn it
>> down.
>>
>> Suggestions? Experience?
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/b3868839/attachment.html>

From cryptworks at gmail.com  Mon Jan  1 17:54:47 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Mon, 1 Jan 2018 17:54:47 -0700
Subject: OT: New Email Home?
In-Reply-To: <CACS_G9xSjG0APjUJY9L9jQOs3rA5hrskF3GJpiqSA1Kkh-wqVw@mail.gmail.com>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
 <CACS_G9zL_VOxz30rcs+SfX-FRc3Fk=d7cyDEOcVSxrzK7pFfHA@mail.gmail.com>
 <CACS_G9xSjG0APjUJY9L9jQOs3rA5hrskF3GJpiqSA1Kkh-wqVw@mail.gmail.com>
Message-ID: <CACS_G9yf0n8hXvwKoC1Li=aCx9gwogCRa8tgZqijJszQNsNtBA@mail.gmail.com>

https://www.bluehost.com/products/shared

On Jan 1, 2018 5:49 PM, "Stephen Partington" <cryptworks at gmail.com> wrote:

> Also an idea would be maybe a Google domain hosting and the gapps for your
> email acct.
>
> On Jan 1, 2018 5:24 PM, "Stephen Partington" <cryptworks at gmail.com> wrote:
>
>> Well I have been happy with my Gmail experience and their 2 factor
>> authentication is pretty nice to work with.
>>
>> On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>>
>>> I want to open a new email account, using a good solid provider with
>>> decent security. My requirements aren’t paranoid, but I don’t want another
>>> Yahoo.
>>>
>>> I’m willing to pay something like $20 - $40 a year for a reputable
>>> service with no ads.
>>>
>>> I could use Startmail (I do my searches via StartPage), but that’s
>>> $60/year and I don’t need all that encryption, though I wouldn’t turn it
>>> down.
>>>
>>> Suggestions? Experience?
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/7d6b3980/attachment.html>

From steveb7 at gmail.com  Mon Jan  1 19:32:56 2018
From: steveb7 at gmail.com (Steve B)
Date: Mon, 1 Jan 2018 19:32:56 -0700
Subject: OT: New Email Home?
In-Reply-To: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
Message-ID: <CAAHWJ+5sS-FSuKEbnfXXsm2GeaFg=1sK_GH2JVCXpBhrJw5waw@mail.gmail.com>

Protonmail?

On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:

> I want to open a new email account, using a good solid provider with
> decent security. My requirements aren’t paranoid, but I don’t want another
> Yahoo.
>
> I’m willing to pay something like $20 - $40 a year for a reputable service
> with no ads.
>
> I could use Startmail (I do my searches via StartPage), but that’s
> $60/year and I don’t need all that encryption, though I wouldn’t turn it
> down.
>
> Suggestions? Experience?
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/8e33fd4f/attachment.html>

From sesso at djsesso.com  Mon Jan  1 19:43:16 2018
From: sesso at djsesso.com (sesso at djsesso.com)
Date: Mon, 01 Jan 2018 19:43:16 -0700
Subject: OT: New Email Home?
In-Reply-To: <CAAHWJ+5sS-FSuKEbnfXXsm2GeaFg=1sK_GH2JVCXpBhrJw5waw@mail.gmail.com>
Message-ID: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>

I second with protonmail

Regards,

Jason
________________________________
From: Steve B <steveb7 at gmail.com>
Sent: Monday, January 1, 2018 7:32 PM
To: Main PLUG discussion list
Subject: Re: OT: New Email Home?

Protonmail?

On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>
> I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.
>
> I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.
>
> I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.
>
> Suggestions? Experience?
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/291f6549/attachment.html>

From retro64xyz at gmail.com  Mon Jan  1 20:29:28 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Mon, 1 Jan 2018 20:29:28 -0700
Subject: OT: New Email Home?
In-Reply-To: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
References: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
Message-ID: <6BA42567-B511-4B49-AEAA-E4975EEF1234@gmail.com>

Mail in a box. 

> On Jan 1, 2018, at 7:43 PM, sesso at djsesso.com wrote:
> 
> I second with protonmail
> 
> Regards,
> 
> Jason
> From: Steve B <steveb7 at gmail.com>
> Sent: Monday, January 1, 2018 7:32 PM
> To: Main PLUG discussion list
> Subject: Re: OT: New Email Home?
> 
> Protonmail?
> 
>> On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>> I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.
>> 
>> I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.
>> 
>> I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.
>> 
>> Suggestions? Experience?
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180101/fb13e69a/attachment.html>

From newsletters at thetoolwiz.com  Mon Jan  1 22:21:14 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Tue, 02 Jan 2018 05:21:14 +0000 (UTC)
Subject: OT: New Email Home?
In-Reply-To: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
Message-ID: <6AC08F24-7566-4908-B2B9-B872EAA8411E@thetoolwiz.com>

Do you do any web hosting?

Virtually every reasonable web hosting account today has email support included.

A shared hosting account can be had pretty cheaply these days.

I’ve run a “reseller” type account for years, because it lets me set up separate hosting accounts for each domain. That means if one gets hacked, it doesn’t take out all the others. (I do NOT “resell” hosting!)

I recently moved to a shared SSD hosting account at eleven2.com, and I’ve been quite happy so far.

Shared hosting of any kind can be a challenge, because they load-up the servers with accounts, and over time performance slowly degrades as they add more accounts and people use their accounts more.

I was blown away with the performance boost switching to an SSD hosting account! I’m sure it will peter off over time, but for now it’s crazy fast.

And … so there’s no mistake about what I’m referring to here … most of my use is EMAIL. My websites are mostly just parking pages right now.

I use these for my INCOMING email, and I use sendgrid for all outgoing mail. This lets me effectively shut down my outgoing SMTP service so when hackers get into my accounts, they can’t use the email as a relay, which is what the vast majority of hackers are after. (Sendgrid is free for the first 10,000 emails per month; I don’t think I hit 50.)

Anyway, I see that eleven2.com has SSD-100 shared hosting right now for $2.98/mo. That’s probably on a 3-yr prepaid plan. But they’re offering a 50% discount on that page, and a coupon for 30% on their home page. Whatever the discount is, like most hosting providers it’s only valid on your first payment. I think I signed up for a 1-yr plan of reseller hosting for $75.

These guys offer vanilla cPanel hosting for managing everything. And if you want to throw up a wordpress site or two, it takes about two minutes.

-David Schwartz



> On Jan 1, 2018, at 5:22 PM, Victor Odhner <vodhner at cox.net> wrote:
> 
> I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.
> 
> I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.
> 
> I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.
> 
> Suggestions? Experience?
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeYso68UQFEwkJX0y8yHRcl1pmtZeVekDhoQHlDX9EI-2B-2FIYXxCXTn-2BRmuEujyqX0PDeqPMghIZqxbkBV7li0pqbo1TjRTYLakoNrm5YoOxsWe1Okn0jlrovAb2oJD3D7wCZMqg3Hny4nENyix6p-2B6ldDggUtIqs-2F-2FHlf5GaTH-2BKf8-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/23a8ce59/attachment.html>

From eric.oyen at icloud.com  Tue Jan  2 00:02:40 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Tue, 02 Jan 2018 00:02:40 -0700
Subject: OT: New Email Home?
In-Reply-To: <6AC08F24-7566-4908-B2B9-B872EAA8411E@thetoolwiz.com>
References: <0F4FC3F2-88C5-4A84-8232-9451373A5604@cox.net>
 <6AC08F24-7566-4908-B2B9-B872EAA8411E@thetoolwiz.com>
Message-ID: <3D5F15D7-251B-47F8-BE63-5C788CA520D1@icloud.com>

well, lets see.

protonmail.com
Startmail.com
gmail.com
mail in a box
secure web hosting with domain support..

lots of available choices, some of which are free.

-eric
from the central offices of the technomage Guild, Securities and mail Exchanges Dept.

On Jan 1, 2018, at 10:21 PM, David Schwartz wrote:

> Do you do any web hosting?
> 
> Virtually every reasonable web hosting account today has email support included.
> 
> A shared hosting account can be had pretty cheaply these days.
> 
> I’ve run a “reseller” type account for years, because it lets me set up separate hosting accounts for each domain. That means if one gets hacked, it doesn’t take out all the others. (I do NOT “resell” hosting!)
> 
> I recently moved to a shared SSD hosting account at eleven2.com, and I’ve been quite happy so far.
> 
> Shared hosting of any kind can be a challenge, because they load-up the servers with accounts, and over time performance slowly degrades as they add more accounts and people use their accounts more.
> 
> I was blown away with the performance boost switching to an SSD hosting account! I’m sure it will peter off over time, but for now it’s crazy fast.
> 
> And … so there’s no mistake about what I’m referring to here … most of my use is EMAIL. My websites are mostly just parking pages right now.
> 
> I use these for my INCOMING email, and I use sendgrid for all outgoing mail. This lets me effectively shut down my outgoing SMTP service so when hackers get into my accounts, they can’t use the email as a relay, which is what the vast majority of hackers are after. (Sendgrid is free for the first 10,000 emails per month; I don’t think I hit 50.)
> 
> Anyway, I see that eleven2.com has SSD-100 shared hosting right now for $2.98/mo. That’s probably on a 3-yr prepaid plan. But they’re offering a 50% discount on that page, and a coupon for 30% on their home page. Whatever the discount is, like most hosting providers it’s only valid on your first payment. I think I signed up for a 1-yr plan of reseller hosting for $75.
> 
> These guys offer vanilla cPanel hosting for managing everything. And if you want to throw up a wordpress site or two, it takes about two minutes.
> 
> -David Schwartz
> 
> On Jan 1, 2018, at 5:22 PM, Victor Odhner <vodhner at cox.net> wrote:
> 
> I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.
> 
> I’m willing to pay something like $20 – $40 a year for a reputable service with no ads.
> 
> I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.
> 
> Suggestions? Experience?
> 
> --------------------------------------------------- PLUG-discuss mailing list – PLUG-discuss at lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/c22ef988/attachment.html>

From mark at phillipsmarketing.biz  Tue Jan  2 09:49:38 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Tue, 2 Jan 2018 09:49:38 -0700
Subject: KeePass2 versus KeePassX
Message-ID: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>

Happy New Year to everyone!!

I have been using KeePass2 on my Ubuntu machine for over 10 years (through
wine), and I just discovered KeePassX as a native application. I use
Keepass2 primarily as a password backup, as I also use LastPass with the
chrome extension for my day to day password manager.

I have a couple of questions about moving from KeePass2/wine to KeePassX.

I found in one post that the differences that the database files are binary
compatible. (
https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx).
Can anyone confirm this?

The only other difference (other that GUI related stuff) is that KeePass2
has plugins and KeePassX does not. I am not using any plugins now. Are
there any that you think are really valuable to have, and would be a reason
not to switch?

Should I switch to KeePassX? I am assuming I can get rid of wine and save
some disk space, and run a native application instead of a wine application.

Thanks!

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/712d02fa/attachment.html>

From Rusty.Carruth at smartm.com  Tue Jan  2 10:14:13 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Tue, 2 Jan 2018 17:14:13 +0000
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
Message-ID: <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>

My only interaction with the KeePas* suite resulted in not being able to read the database after an upgrade/update/something.

I don’t remember which it was (2, x, whatever).  The machine is at home.  I’ll have to look, but I’m hoping we’ll get some reaction and info that maybe will point to a solution for me as well…


From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Mark Phillips
Sent: Tuesday, January 02, 2018 9:50 AM
To: Main PLUG discussion list
Subject: KeePass2 versus KeePassX

Happy New Year to everyone!!

I have been using KeePass2 on my Ubuntu machine for over 10 years (through wine), and I just discovered KeePassX as a native application. I use Keepass2 primarily as a password backup, as I also use LastPass with the chrome extension for my day to day password manager.

I have a couple of questions about moving from KeePass2/wine to KeePassX.

I found in one post that the differences that the database files are binary compatible. (https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone confirm this?

The only other difference (other that GUI related stuff) is that KeePass2 has plugins and KeePassX does not. I am not using any plugins now. Are there any that you think are really valuable to have, and would be a reason not to switch?

Should I switch to KeePassX? I am assuming I can get rid of wine and save some disk space, and run a native application instead of a wine application.

Thanks!

Mark


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/17bbe6b0/attachment.html>

From PLUGd at LuftHans.com  Tue Jan  2 10:56:55 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 2 Jan 2018 17:56:55 +0000 (UTC)
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801021731490.14234@post>

Am 02. Jan, 2018 schwätzte Mark Phillips so:

moin moin Mark,

I've been using and recommending KeePassX for years.

KeePassX uses the KeePass data format. KeePass2.x support was added
recently ( I think one or two years ago, but don't remember exactly ).

I don't use any of the plugins. I have considered a couple, but decided
against them.

I haven't ever used the windows version, so can't personally speak to
compatability with that.

I have created and shared KeePassX files with co-workers who were using
macs and maybe some with windows. I haven't ever gotten complaints about 
the files not working. That was all with KeePass1.x files.

I do use some files with both KeePassX and KeePassDroid. That has been
with both KeePass1.x and KeePass2.x files.

I also ocassionally use kpcli and one of the Perl libraries.

ciao,

der.hans

> Happy New Year to everyone!!
>
> I have been using KeePass2 on my Ubuntu machine for over 10 years (through
> wine), and I just discovered KeePassX as a native application. I use
> Keepass2 primarily as a password backup, as I also use LastPass with the
> chrome extension for my day to day password manager.
>
> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>
> I found in one post that the differences that the database files are binary
> compatible. (
> https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx).
> Can anyone confirm this?
>
> The only other difference (other that GUI related stuff) is that KeePass2
> has plugins and KeePassX does not. I am not using any plugins now. Are
> there any that you think are really valuable to have, and would be a reason
> not to switch?
>
> Should I switch to KeePassX? I am assuming I can get rid of wine and save
> some disk space, and run a native application instead of a wine application.
>
> Thanks!
>
> Mark
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "To enjoy the flavor of life, take big bites. Moderation is for monks."
#     -- Robert Heinlein

From PLUGd at LuftHans.com  Tue Jan  2 11:05:38 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 2 Jan 2018 18:05:38 +0000 (UTC)
Subject: KeePass2 versus KeePassX
In-Reply-To: <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <alpine.DEB.2.11.1801021757140.14234@post>

Am 02. Jan, 2018 schwätzte Carruth, Rusty so:

moin moin Rusty,

the only time I've lost access to a KeePassX file was when I've forgotten
a passphrase. My passphrase memorization regime has since been improved
:).

I have not yet run into file corruption.

With KeePassX, moving to KeePass2.x requires importing KeePass1.x files
and saving them as KeePass2.x files. KeePassX will no longer write
KeePass1.x files. The documentation about the requirements was less than
ideal.

For a while I could choose between the old and new versions of KeePassX in
debian, but it might just be that I pinned the already installed old
version until I was ready to move.

I highly recommend KeePassX, see any of my many presentations on the
topic :).

ciao,

der.hans

> My only interaction with the KeePas* suite resulted in not being able to read the database after an upgrade/update/something.
>
> I don’t remember which it was (2, x, whatever).  The machine is at home.  I’ll have to look, but I’m hoping we’ll get some reaction and info that maybe will point to a solution for me as well…
>
>
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Mark Phillips
> Sent: Tuesday, January 02, 2018 9:50 AM
> To: Main PLUG discussion list
> Subject: KeePass2 versus KeePassX
>
> Happy New Year to everyone!!
>
> I have been using KeePass2 on my Ubuntu machine for over 10 years (through wine), and I just discovered KeePassX as a native application. I use Keepass2 primarily as a password backup, as I also use LastPass with the chrome extension for my day to day password manager.
>
> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>
> I found in one post that the differences that the database files are binary compatible. (https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone confirm this?
>
> The only other difference (other that GUI related stuff) is that KeePass2 has plugins and KeePassX does not. I am not using any plugins now. Are there any that you think are really valuable to have, and would be a reason not to switch?
>
> Should I switch to KeePassX? I am assuming I can get rid of wine and save some disk space, and run a native application instead of a wine application.
>
> Thanks!
>
> Mark
>
>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Communications without intelligence is noise;
#  Intelligence without communications is irrelevant."
#  Gen. Alfred. M. Gray, USMC

From dev at snitselaar.org  Tue Jan  2 11:36:20 2018
From: dev at snitselaar.org (Jerry Snitselaar)
Date: Tue, 2 Jan 2018 11:36:20 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <20180102183620.ielocnq7mgud4bwm@cantor>

On Tue Jan 02 18, Carruth, Rusty wrote:
>My only interaction with the KeePas* suite resulted in not being able to read the database after an upgrade/update/something.
>
>I don’t remember which it was (2, x, whatever).  The machine is at home.  I’ll have to look, but I’m hoping we’ll get some reaction and info that maybe will point to a solution for me as well…
>


There is an action in the database menu to import a keepass 1 format database. Perhaps the issue was that. I have a vague recollection of running into that at some point.



>
>From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Mark Phillips
>Sent: Tuesday, January 02, 2018 9:50 AM
>To: Main PLUG discussion list
>Subject: KeePass2 versus KeePassX
>
>Happy New Year to everyone!!
>
>I have been using KeePass2 on my Ubuntu machine for over 10 years (through wine), and I just discovered KeePassX as a native application. I use Keepass2 primarily as a password backup, as I also use LastPass with the chrome extension for my day to day password manager.
>
>I have a couple of questions about moving from KeePass2/wine to KeePassX.
>
>I found in one post that the differences that the database files are binary compatible. (https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone confirm this?
>
>The only other difference (other that GUI related stuff) is that KeePass2 has plugins and KeePassX does not. I am not using any plugins now. Are there any that you think are really valuable to have, and would be a reason not to switch?
>
>Should I switch to KeePassX? I am assuming I can get rid of wine and save some disk space, and run a native application instead of a wine application.
>
>Thanks!
>
>Mark
>
>

>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From mark at phillipsmarketing.biz  Tue Jan  2 11:51:20 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Tue, 2 Jan 2018 11:51:20 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <20180102183620.ielocnq7mgud4bwm@cantor>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
Message-ID: <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>

I forgot to add that I also use KeePass2Android, and I forget how the two
stay synchronized. But it works well.

Maybe I will download the two, KeePassX and KeePassDroid, and see if they
can read my KeePass2 database.

Mark

On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
wrote:

> On Tue Jan 02 18, Carruth, Rusty wrote:
>
>> My only interaction with the KeePas* suite resulted in not being able to
>> read the database after an upgrade/update/something.
>>
>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>> maybe will point to a solution for me as well…
>>
>>
>
> There is an action in the database menu to import a keepass 1 format
> database. Perhaps the issue was that. I have a vague recollection of
> running into that at some point.
>
>
>
>
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
>> Behalf Of Mark Phillips
>> Sent: Tuesday, January 02, 2018 9:50 AM
>> To: Main PLUG discussion list
>> Subject: KeePass2 versus KeePassX
>>
>> Happy New Year to everyone!!
>>
>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>> (through wine), and I just discovered KeePassX as a native application. I
>> use Keepass2 primarily as a password backup, as I also use LastPass with
>> the chrome extension for my day to day password manager.
>>
>> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>>
>> I found in one post that the differences that the database files are
>> binary compatible. (https://superuser.com/questio
>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
>> confirm this?
>>
>> The only other difference (other that GUI related stuff) is that KeePass2
>> has plugins and KeePassX does not. I am not using any plugins now. Are
>> there any that you think are really valuable to have, and would be a reason
>> not to switch?
>>
>> Should I switch to KeePassX? I am assuming I can get rid of wine and save
>> some disk space, and run a native application instead of a wine application.
>>
>> Thanks!
>>
>> Mark
>>
>>
>>
> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/5f3f8d93/attachment.html>

From plug-discussion at stcaz.net  Tue Jan  2 11:43:02 2018
From: plug-discussion at stcaz.net (Joseph Sinclair)
Date: Tue, 2 Jan 2018 11:43:02 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
Message-ID: <3cac1645-e0b6-7a6c-eee6-97831274b215@stcaz.net>

I tried a conversion a while back (relative using Windows ==> KeypassX on my Linux).
Best suggestion I have is to copy the original file to backup, copy again to a working test copy and work on that copy.
It's slippery at times and may fail a conversion, so it's good to be able to dump the broken file and try again with a new copy of the (safe on backups!) original.
IIRC it took me 3-4 tries to get a successful import from a v2 database to the X version, but the import may have improved since then (in fact I might have been using an external converter, hard to be certain, much has happened in the year+ since then).

On 2018-01-02 09:49 AM, Mark Phillips wrote:
> Happy New Year to everyone!!
> 
> I have been using KeePass2 on my Ubuntu machine for over 10 years (through
> wine), and I just discovered KeePassX as a native application. I use
> Keepass2 primarily as a password backup, as I also use LastPass with the
> chrome extension for my day to day password manager.
> 
> I have a couple of questions about moving from KeePass2/wine to KeePassX.
> 
> I found in one post that the differences that the database files are binary
> compatible. (
> https://superuser.com/questions/878902/whats-the-difference-between-keepass-and-keepassx).
> Can anyone confirm this?
> 
> The only other difference (other that GUI related stuff) is that KeePass2
> has plugins and KeePassX does not. I am not using any plugins now. Are
> there any that you think are really valuable to have, and would be a reason
> not to switch?
> 
> Should I switch to KeePassX? I am assuming I can get rid of wine and save
> some disk space, and run a native application instead of a wine application.
> 
> Thanks!
> 
> Mark
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/d1c17787/attachment.sig>

From PLUGd at LuftHans.com  Tue Jan  2 12:13:52 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 2 Jan 2018 19:13:52 +0000 (UTC)
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801021902420.14234@post>

Am 02. Jan, 2018 schwätzte Mark Phillips so:

moin moin Mark,

I sync my files manually. Last I looked KeePassX still didn't have a
viable sync option. A sync tool was probably the plugin I considered.

Missing features include a tool for syncing files, a tool for exporting
password sets and a use anywhere random stringerator.

All easy to work around for an individual, but the sync features would
help a lot of team use.

ciao,

der.hans

> I forgot to add that I also use KeePass2Android, and I forget how the two
> stay synchronized. But it works well.
>
> Maybe I will download the two, KeePassX and KeePassDroid, and see if they
> can read my KeePass2 database.
>
> Mark
>
> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
> wrote:
>
>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>
>>> My only interaction with the KeePas* suite resulted in not being able to
>>> read the database after an upgrade/update/something.
>>>
>>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>>> maybe will point to a solution for me as well…
>>>
>>>
>>
>> There is an action in the database menu to import a keepass 1 format
>> database. Perhaps the issue was that. I have a vague recollection of
>> running into that at some point.
>>
>>
>>
>>
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
>>> Behalf Of Mark Phillips
>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>> To: Main PLUG discussion list
>>> Subject: KeePass2 versus KeePassX
>>>
>>> Happy New Year to everyone!!
>>>
>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>> (through wine), and I just discovered KeePassX as a native application. I
>>> use Keepass2 primarily as a password backup, as I also use LastPass with
>>> the chrome extension for my day to day password manager.
>>>
>>> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>>>
>>> I found in one post that the differences that the database files are
>>> binary compatible. (https://superuser.com/questio
>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
>>> confirm this?
>>>
>>> The only other difference (other that GUI related stuff) is that KeePass2
>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>> there any that you think are really valuable to have, and would be a reason
>>> not to switch?
>>>
>>> Should I switch to KeePassX? I am assuming I can get rid of wine and save
>>> some disk space, and run a native application instead of a wine application.
>>>
>>> Thanks!
>>>
>>> Mark
>>>
>>>
>>>
>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Life is pain, Highness! Anyone who says differently is selling something."
#   -- Dread Pirate Roberts in The Princess Bride

From mailinglists at mattcrews.com  Tue Jan  2 15:39:07 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Tue, 02 Jan 2018 17:39:07 -0500
Subject: Major Intel Memory Vulnerability
Message-ID: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.

Also crucial to note is that AMD chips are not affected by this.

How the heck does something like this go unnoticed for so long?

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/8d42804d/attachment.html>

From PLUGd at LuftHans.com  Tue Jan  2 15:54:24 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 2 Jan 2018 22:54:24 +0000 (UTC)
Subject: Major Intel Memory Vulnerability
In-Reply-To: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
Message-ID: <alpine.DEB.2.11.1801022247540.14234@post>

Am 02. Jan, 2018 schwätzte Matthew Crews so:

moin moin,

thanks! I was just looking to see if there was an update on the story :).

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

ciao,

der.hans

> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>
> Also crucial to note is that AMD chips are not affected by this.
>
> How the heck does something like this go unnoticed for so long?
>
> Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Try not to become a man of success, but rather try to become a man
#  of value" -- Albert Einstein

From techlists at phpcoderusa.com  Tue Jan  2 16:06:26 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Tue, 02 Jan 2018 16:06:26 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
Message-ID: <33fdf9ad067fd8ef2fd58707c0bf6a3c@phpcoderusa.com>

Interestingly the last line of the article says "A spokesperson for
Intel was not available for comment."....

On 2018-01-02 15:39, Matthew Crews wrote:

> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
> 
> Also crucial to note is that AMD chips are not affected by this.
> 
> How the heck does something like this go unnoticed for so long?
> 
> Sent from ProtonMail [1], Swiss-based encrypted email.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
 

Links:
------
[1] https://protonmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/98c95f7e/attachment.html>

From Rusty.Carruth at smartm.com  Tue Jan  2 16:09:44 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Tue, 2 Jan 2018 23:09:44 +0000
Subject: Major Intel Memory Vulnerability
In-Reply-To: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
Message-ID: <CO2PR04MB23110251709BC5C557D9F6959D190@CO2PR04MB2311.namprd04.prod.outlook.com>

If you read the article, it went undetected so long probably because it looks like you have to do 2 or 3 ‘illegal’ things in just the right order at just the right time.  (‘illegal’ as in ‘not supposed to work’.  I did find the second article very interesting – the one that explained rowhammer.)

I mean, how long did it take my friends at ASU lo these many years ago to put together 3 little bits of information to realize the large hole that was left?  Oh, probably at least a year…  So even with motivation and time AND all the information presented right there in front of you, it can take a while.  THIS bug apparently involves doing stuff that isn’t really supposed to work.

(And Rowhammer is just SICK.)


From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Matthew Crews
Sent: Tuesday, January 02, 2018 3:39 PM
To: Main PLUG discussion list
Subject: Major Intel Memory Vulnerability


https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.

Also crucial to note is that AMD chips are not affected by this.

How the heck does something like this go unnoticed for so long?




Sent from ProtonMail<https://protonmail.com>, Swiss-based encrypted email.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/9b461a4b/attachment.html>

From jrefl5 at gmail.com  Tue Jan  2 16:38:15 2018
From: jrefl5 at gmail.com (James Crawford)
Date: Tue, 2 Jan 2018 16:38:15 -0700
Subject: KeePass2 versus KeePassX
Message-ID: <c3cba95c-429c-47a0-e277-54bd76b777c9@gmail.com>

I keep current copies of Keepassx files on a removable drive.

I have had no problems using them on Linux (Fedora, Ubuntu), Windows, or 
android.

although I have not used the android version with the new format.

James C.


From ted at gould.cx  Tue Jan  2 18:13:23 2018
From: ted at gould.cx (Ted Gould)
Date: Tue, 2 Jan 2018 19:13:23 -0600
Subject: KeePass2 versus KeePassX
In-Reply-To: <alpine.DEB.2.11.1801021902420.14234@post>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
Message-ID: <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>

I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop
I have the file saved in the directory that NextCloud syncs and then
have KeePass2Android also grab it from Nextcloud. Works great.

Ted


On 01/02/2018 01:13 PM, der.hans wrote:
> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>
> moin moin Mark,
>
> I sync my files manually. Last I looked KeePassX still didn't have a
> viable sync option. A sync tool was probably the plugin I considered.
>
> Missing features include a tool for syncing files, a tool for exporting
> password sets and a use anywhere random stringerator.
>
> All easy to work around for an individual, but the sync features would
> help a lot of team use.
>
> ciao,
>
> der.hans
>
>> I forgot to add that I also use KeePass2Android, and I forget how the
>> two
>> stay synchronized. But it works well.
>>
>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>> they
>> can read my KeePass2 database.
>>
>> Mark
>>
>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>> wrote:
>>
>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>
>>>> My only interaction with the KeePas* suite resulted in not being
>>>> able to
>>>> read the database after an upgrade/update/something.
>>>>
>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>> home.
>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>> that
>>>> maybe will point to a solution for me as well…
>>>>
>>>>
>>>
>>> There is an action in the database menu to import a keepass 1 format
>>> database. Perhaps the issue was that. I have a vague recollection of
>>> running into that at some point.
>>>
>>>
>>>
>>>
>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
>>>> Behalf Of Mark Phillips
>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>> To: Main PLUG discussion list
>>>> Subject: KeePass2 versus KeePassX
>>>>
>>>> Happy New Year to everyone!!
>>>>
>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>> (through wine), and I just discovered KeePassX as a native
>>>> application. I
>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>> with
>>>> the chrome extension for my day to day password manager.
>>>>
>>>> I have a couple of questions about moving from KeePass2/wine to
>>>> KeePassX.
>>>>
>>>> I found in one post that the differences that the database files are
>>>> binary compatible. (https://superuser.com/questio
>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>> anyone
>>>> confirm this?
>>>>
>>>> The only other difference (other that GUI related stuff) is that
>>>> KeePass2
>>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>>> there any that you think are really valuable to have, and would be
>>>> a reason
>>>> not to switch?
>>>>
>>>> Should I switch to KeePassX? I am assuming I can get rid of wine
>>>> and save
>>>> some disk space, and run a native application instead of a wine
>>>> application.
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>>
>>>>
>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/e27cb3ff/attachment.html>

From plug-announce at lists.phxlinux.org  Tue Jan  2 19:24:55 2018
From: plug-announce at lists.phxlinux.org (PLUG Announcements)
Date: Tue, 2 Jan 2018 19:24:55 -0700
Subject: IMPORTANT PLEASE READ: PLUG's Security Meeting is switching days...
 continue reading for this month's topic
Message-ID: <mailman.278.1514946298.304.plug-announce@lists.phxlinux.org>


  *PLUG *Security Meeting

Meets on the*3rd Thursday of every month*, starting at 7pm.
For more information see: 
https://phxlinux.org/index.php/meetings/20-plug-security.html

------------------------------------------------------------------------


  Please note that this meeting has been permanently moved to the _3rd
  Thursday_ of the month.  The start time and location remain unchanged.


Please take note that the security meeting is moving to a new day 
starting this month.  It will no longer be held on the second Tuesday 
and will *from now on be held on the 3rd Thursday.  So this month's 
meeting will be on the 18th of January.*

So on the 18th, please come join the Phoenix Linux Users Group at their 
Security Session and watch Aaron Jones tell us all the security related 
craziness that happened over 2017. We will be discussing major breaches, 
attacks, legal events, and all number of events from 2017. This is a 
round up of the biggest events to rock the cyber security world over the 
past year. We will attempt to explain the how for many of these events 
and the what in relation to actions we can take in 2018 to better 
protect ourselves. Hope to see you there!

If you would like to see Aaron's presentation on the 2016 security year 
end review you can see it here: https://youtu.be/8a1J6qF37_I

The meeting will start at 7pm at The Desert Breeze Substation. People 
start arriving as early as 6pm, so if you would like to help setup 
and/or chat for a while, feel free to arrive a little early.
*Meeting Location*:
Desert Breeze Substation
251 North Desert Breeze Blvd West
Chandler, AZ 85226

The Desert Breeze Substation is on Chandler Blvd and Desert Breeze Blvd, 
which is half way between McClintock and Rural.  It is very close
to both the south 202 and 101 freeways.  Public transportation is
available into the late hours.
	<https://www.google.com/maps/place/251+Desert+Breeze+Blvd+W,+Chandler,+AZ+85226/@33.3076899,-111.9220921,17z/data=%214m5%213m4%211s0x872b06cdd50c43c7:0x7d3e9c66bdb7f8a2%218m2%213d33.3070191%214d-111.9193025?hl=en>

See the meeting information on our web site 
<http://phxlinux.org/index.php/meetings/20-plug-security.html> for more 
information.

See you there,
Brian Cluff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/4f392d50/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: infhiipekjnknkhl.png
Type: image/png
Size: 38453 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/4f392d50/attachment.png>
-------------- next part --------------
_______________________________________________
PLUG-announce mailing list  -  PLUG-announce at lists.phxlinux.org
http://lists.phxlinux.org/mailman/listinfo/plug-announce
PLUG Website at http://plug.phoenix.az.us

From eric.oyen at icloud.com  Tue Jan  2 19:49:39 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Tue, 02 Jan 2018 19:49:39 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
Message-ID: <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>

so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?

-eric
from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.

On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:

> 
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
> 
> Also crucial to note is that AMD chips are not affected by this.
> 
> How the heck does something like this go unnoticed for so long?
> 
> 
> 
> 
> Sent from ProtonMail, Swiss-based encrypted email.
> 
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/63f356dd/attachment.html>

From joe at actionline.com  Tue Jan  2 19:53:43 2018
From: joe at actionline.com (joe at actionline.com)
Date: Tue, 2 Jan 2018 19:53:43 -0700
Subject: How to get ffmpeg installed on my system? 
Message-ID: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>

When I tried to run this to convert a video:

cat workshop2.VOB | ffmpeg -i - workit.mp4

This was the result:

ffmpeg: command not found

When searching my system for ffmpeg, I found lots
of entries, but apparently not the right thing.

Or ... what do I need to differently to get this to work?


locate ffmpeg | fgrep lib
/usr/lib/i386-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
/usr/lib/kde4/ffmpegthumbs.so
/usr/lib/kde4/k3bffmpegdecoder.so
/usr/lib/kde4/kffmpegthumbnailer.so
/usr/lib/kde4/kfilemetadata_ffmpegextractor.so
/usr/lib/transcode/export_ffmpeg.so
/usr/lib/transcode/import_ffmpeg.so
/usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4
/usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4.0.8
/usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpeg.so
/usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
/usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegscale.so
/usr/lib/x86_64-linux-gnu/libquicktime2/lqt_ffmpeg.so
/usr/share/doc/libffmpegthumbnailer4
/usr/share/doc/libxine1-ffmpeg
/usr/share/doc/libffmpegthumbnailer4/changelog.Debian.gz
/usr/share/doc/libffmpegthumbnailer4/copyright
/var/lib/dpkg/info/ffmpegthumbs.list
/var/lib/dpkg/info/ffmpegthumbs.md5sums
/var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.list
/var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.md5sums
/var/lib/dpkg/info/kffmpegthumbnailer.list
/var/lib/dpkg/info/kffmpegthumbnailer.md5sums
/var/lib/dpkg/info/libffmpegthumbnailer4.list
/var/lib/dpkg/info/libffmpegthumbnailer4.md5sums
/var/lib/dpkg/info/libffmpegthumbnailer4.postinst
/var/lib/dpkg/info/libffmpegthumbnailer4.postrm
/var/lib/dpkg/info/libffmpegthumbnailer4.shlibs
/var/lib/dpkg/info/libxine1-ffmpeg.list
/var/lib/dpkg/info/libxine1-ffmpeg.md5sums
/var/lib/dpkg/info/libxine1-ffmpeg.postinst



From herminio.hernandezjr at gmail.com  Tue Jan  2 20:24:05 2018
From: herminio.hernandezjr at gmail.com (Herminio Hernandez Jr. )
Date: Tue, 2 Jan 2018 20:24:05 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
Message-ID: <045F9E9D-3AAB-40CF-BCE4-30ACAC2BF033@gmail.com>

What distro do you use?

Sent from my iPhone

> On Jan 2, 2018, at 7:53 PM, joe at actionline.com wrote:
> 
> When I tried to run this to convert a video:
> 
> cat workshop2.VOB | ffmpeg -i - workit.mp4
> 
> This was the result:
> 
> ffmpeg: command not found
> 
> When searching my system for ffmpeg, I found lots
> of entries, but apparently not the right thing.
> 
> Or ... what do I need to differently to get this to work?
> 
> 
> locate ffmpeg | fgrep lib
> /usr/lib/i386-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> /usr/lib/kde4/ffmpegthumbs.so
> /usr/lib/kde4/k3bffmpegdecoder.so
> /usr/lib/kde4/kffmpegthumbnailer.so
> /usr/lib/kde4/kfilemetadata_ffmpegextractor.so
> /usr/lib/transcode/export_ffmpeg.so
> /usr/lib/transcode/import_ffmpeg.so
> /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4
> /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4.0.8
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpeg.so
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegscale.so
> /usr/lib/x86_64-linux-gnu/libquicktime2/lqt_ffmpeg.so
> /usr/share/doc/libffmpegthumbnailer4
> /usr/share/doc/libxine1-ffmpeg
> /usr/share/doc/libffmpegthumbnailer4/changelog.Debian.gz
> /usr/share/doc/libffmpegthumbnailer4/copyright
> /var/lib/dpkg/info/ffmpegthumbs.list
> /var/lib/dpkg/info/ffmpegthumbs.md5sums
> /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.list
> /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.md5sums
> /var/lib/dpkg/info/kffmpegthumbnailer.list
> /var/lib/dpkg/info/kffmpegthumbnailer.md5sums
> /var/lib/dpkg/info/libffmpegthumbnailer4.list
> /var/lib/dpkg/info/libffmpegthumbnailer4.md5sums
> /var/lib/dpkg/info/libffmpegthumbnailer4.postinst
> /var/lib/dpkg/info/libffmpegthumbnailer4.postrm
> /var/lib/dpkg/info/libffmpegthumbnailer4.shlibs
> /var/lib/dpkg/info/libxine1-ffmpeg.list
> /var/lib/dpkg/info/libxine1-ffmpeg.md5sums
> /var/lib/dpkg/info/libxine1-ffmpeg.postinst
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From jmcphe at gmail.com  Tue Jan  2 20:36:13 2018
From: jmcphe at gmail.com (James Mcphee)
Date: Tue, 2 Jan 2018 20:36:13 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <045F9E9D-3AAB-40CF-BCE4-30ACAC2BF033@gmail.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <045F9E9D-3AAB-40CF-BCE4-30ACAC2BF033@gmail.com>
Message-ID: <CA+scvgCwOf5-O0+fA4GGhLbUhTEiryR-pFBi-4YbDpD07T8apw@mail.gmail.com>

dpkg makes me think debian or *buntu.  apt-cache search ffmpeg to see
packages available that have it in there.  if it were me, i'd probably
install dvdrip and use the perl tools that frontend libffmpeg.

On Tue, Jan 2, 2018 at 8:24 PM, Herminio Hernandez Jr. <
herminio.hernandezjr at gmail.com> wrote:

> What distro do you use?
>
> Sent from my iPhone
>
> > On Jan 2, 2018, at 7:53 PM, joe at actionline.com wrote:
> >
> > When I tried to run this to convert a video:
> >
> > cat workshop2.VOB | ffmpeg -i - workit.mp4
> >
> > This was the result:
> >
> > ffmpeg: command not found
> >
> > When searching my system for ffmpeg, I found lots
> > of entries, but apparently not the right thing.
> >
> > Or ... what do I need to differently to get this to work?
> >
> >
> > locate ffmpeg | fgrep lib
> > /usr/lib/i386-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> > /usr/lib/kde4/ffmpegthumbs.so
> > /usr/lib/kde4/k3bffmpegdecoder.so
> > /usr/lib/kde4/kffmpegthumbnailer.so
> > /usr/lib/kde4/kfilemetadata_ffmpegextractor.so
> > /usr/lib/transcode/export_ffmpeg.so
> > /usr/lib/transcode/import_ffmpeg.so
> > /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4
> > /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4.0.8
> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpeg.so
> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegscale.so
> > /usr/lib/x86_64-linux-gnu/libquicktime2/lqt_ffmpeg.so
> > /usr/share/doc/libffmpegthumbnailer4
> > /usr/share/doc/libxine1-ffmpeg
> > /usr/share/doc/libffmpegthumbnailer4/changelog.Debian.gz
> > /usr/share/doc/libffmpegthumbnailer4/copyright
> > /var/lib/dpkg/info/ffmpegthumbs.list
> > /var/lib/dpkg/info/ffmpegthumbs.md5sums
> > /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.list
> > /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.md5sums
> > /var/lib/dpkg/info/kffmpegthumbnailer.list
> > /var/lib/dpkg/info/kffmpegthumbnailer.md5sums
> > /var/lib/dpkg/info/libffmpegthumbnailer4.list
> > /var/lib/dpkg/info/libffmpegthumbnailer4.md5sums
> > /var/lib/dpkg/info/libffmpegthumbnailer4.postinst
> > /var/lib/dpkg/info/libffmpegthumbnailer4.postrm
> > /var/lib/dpkg/info/libffmpegthumbnailer4.shlibs
> > /var/lib/dpkg/info/libxine1-ffmpeg.list
> > /var/lib/dpkg/info/libxine1-ffmpeg.md5sums
> > /var/lib/dpkg/info/libxine1-ffmpeg.postinst
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
James McPhee
jmcphe at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/77816650/attachment.html>

From herminio.hernandezjr at gmail.com  Tue Jan  2 20:38:05 2018
From: herminio.hernandezjr at gmail.com (Herminio Hernandez Jr. )
Date: Tue, 2 Jan 2018 20:38:05 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <CA+scvgCwOf5-O0+fA4GGhLbUhTEiryR-pFBi-4YbDpD07T8apw@mail.gmail.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <045F9E9D-3AAB-40CF-BCE4-30ACAC2BF033@gmail.com>
 <CA+scvgCwOf5-O0+fA4GGhLbUhTEiryR-pFBi-4YbDpD07T8apw@mail.gmail.com>
Message-ID: <5356F4E3-BDD3-4E8F-A989-BE3D32AB98B1@gmail.com>

If Debian based then dpkg -l ffmpeg should to tell you if it is installed. 

Sent from my iPhone

> On Jan 2, 2018, at 8:36 PM, James Mcphee <jmcphe at gmail.com> wrote:
> 
> dpkg makes me think debian or *buntu.  apt-cache search ffmpeg to see packages available that have it in there.  if it were me, i'd probably install dvdrip and use the perl tools that frontend libffmpeg.
> 
>> On Tue, Jan 2, 2018 at 8:24 PM, Herminio Hernandez Jr. <herminio.hernandezjr at gmail.com> wrote:
>> What distro do you use?
>> 
>> Sent from my iPhone
>> 
>> > On Jan 2, 2018, at 7:53 PM, joe at actionline.com wrote:
>> >
>> > When I tried to run this to convert a video:
>> >
>> > cat workshop2.VOB | ffmpeg -i - workit.mp4
>> >
>> > This was the result:
>> >
>> > ffmpeg: command not found
>> >
>> > When searching my system for ffmpeg, I found lots
>> > of entries, but apparently not the right thing.
>> >
>> > Or ... what do I need to differently to get this to work?
>> >
>> >
>> > locate ffmpeg | fgrep lib
>> > /usr/lib/i386-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
>> > /usr/lib/kde4/ffmpegthumbs.so
>> > /usr/lib/kde4/k3bffmpegdecoder.so
>> > /usr/lib/kde4/kffmpegthumbnailer.so
>> > /usr/lib/kde4/kfilemetadata_ffmpegextractor.so
>> > /usr/lib/transcode/export_ffmpeg.so
>> > /usr/lib/transcode/import_ffmpeg.so
>> > /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4
>> > /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4.0.8
>> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpeg.so
>> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
>> > /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegscale.so
>> > /usr/lib/x86_64-linux-gnu/libquicktime2/lqt_ffmpeg.so
>> > /usr/share/doc/libffmpegthumbnailer4
>> > /usr/share/doc/libxine1-ffmpeg
>> > /usr/share/doc/libffmpegthumbnailer4/changelog.Debian.gz
>> > /usr/share/doc/libffmpegthumbnailer4/copyright
>> > /var/lib/dpkg/info/ffmpegthumbs.list
>> > /var/lib/dpkg/info/ffmpegthumbs.md5sums
>> > /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.list
>> > /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.md5sums
>> > /var/lib/dpkg/info/kffmpegthumbnailer.list
>> > /var/lib/dpkg/info/kffmpegthumbnailer.md5sums
>> > /var/lib/dpkg/info/libffmpegthumbnailer4.list
>> > /var/lib/dpkg/info/libffmpegthumbnailer4.md5sums
>> > /var/lib/dpkg/info/libffmpegthumbnailer4.postinst
>> > /var/lib/dpkg/info/libffmpegthumbnailer4.postrm
>> > /var/lib/dpkg/info/libffmpegthumbnailer4.shlibs
>> > /var/lib/dpkg/info/libxine1-ffmpeg.list
>> > /var/lib/dpkg/info/libxine1-ffmpeg.md5sums
>> > /var/lib/dpkg/info/libxine1-ffmpeg.postinst
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> 
> -- 
> James McPhee
> jmcphe at gmail.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180102/e6ad913c/attachment.html>

From brian at snaptek.com  Tue Jan  2 23:43:34 2018
From: brian at snaptek.com (Brian Cluff)
Date: Tue, 2 Jan 2018 23:43:34 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
Message-ID: <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>

Just do:
sudo apt-get update ; sudo apt-get install ffmpeg

Also, for future reference, to find out if you have a package installed, 
try:
dpkg -l *ffmpeg*
or
dpkg -l |grep -i ffmpeg
If you see the package you are looking for and the line starts with "ii" 
then it's installed.  Otherwise if you don't see it, or you do but the 
line starts with something like "un" then it's uninstalled and the "un" 
just means that there are left over config files on the system from when 
it was previously installed.  If it's there and started with anything 
else you probably have a broken package.

If you are on a fairly old distro you might have to install avconv 
instead in order to get ffmpeg... well technically not ffmpeg exactly, 
but there was a fork for a while and ubuntu decided to use the avconv 
fork before switching back to ffmpeg in more recent years.

Brian Cluff

On 01/02/2018 07:53 PM, joe at actionline.com wrote:
> When I tried to run this to convert a video:
>
> cat workshop2.VOB | ffmpeg -i - workit.mp4
>
> This was the result:
>
> ffmpeg: command not found
>
> When searching my system for ffmpeg, I found lots
> of entries, but apparently not the right thing.
>
> Or ... what do I need to differently to get this to work?
>
>
> locate ffmpeg | fgrep lib
> /usr/lib/i386-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> /usr/lib/kde4/ffmpegthumbs.so
> /usr/lib/kde4/k3bffmpegdecoder.so
> /usr/lib/kde4/kffmpegthumbnailer.so
> /usr/lib/kde4/kfilemetadata_ffmpegextractor.so
> /usr/lib/transcode/export_ffmpeg.so
> /usr/lib/transcode/import_ffmpeg.so
> /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4
> /usr/lib/x86_64-linux-gnu/libffmpegthumbnailer.so.4.0.8
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpeg.so
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegcolorspace.so
> /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstffmpegscale.so
> /usr/lib/x86_64-linux-gnu/libquicktime2/lqt_ffmpeg.so
> /usr/share/doc/libffmpegthumbnailer4
> /usr/share/doc/libxine1-ffmpeg
> /usr/share/doc/libffmpegthumbnailer4/changelog.Debian.gz
> /usr/share/doc/libffmpegthumbnailer4/copyright
> /var/lib/dpkg/info/ffmpegthumbs.list
> /var/lib/dpkg/info/ffmpegthumbs.md5sums
> /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.list
> /var/lib/dpkg/info/gstreamer0.10-ffmpeg:amd64.md5sums
> /var/lib/dpkg/info/kffmpegthumbnailer.list
> /var/lib/dpkg/info/kffmpegthumbnailer.md5sums
> /var/lib/dpkg/info/libffmpegthumbnailer4.list
> /var/lib/dpkg/info/libffmpegthumbnailer4.md5sums
> /var/lib/dpkg/info/libffmpegthumbnailer4.postinst
> /var/lib/dpkg/info/libffmpegthumbnailer4.postrm
> /var/lib/dpkg/info/libffmpegthumbnailer4.shlibs
> /var/lib/dpkg/info/libxine1-ffmpeg.list
> /var/lib/dpkg/info/libxine1-ffmpeg.md5sums
> /var/lib/dpkg/info/libxine1-ffmpeg.postinst
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From retro64xyz at gmail.com  Wed Jan  3 00:43:09 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Wed, 3 Jan 2018 00:43:09 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
Message-ID: <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>

I read the performance hit for Intel chips will be %35 or so after the fix. 

> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
> 
> -eric
> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
> 
>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>> 
>> 
>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>> 
>> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>> 
>> Also crucial to note is that AMD chips are not affected by this.
>> 
>> How the heck does something like this go unnoticed for so long?
>> 
>> 
>> 
>> 
>> Sent from ProtonMail, Swiss-based encrypted email.
>> 
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/ac40dcc1/attachment.html>

From mailinglists at mattcrews.com  Wed Jan  3 05:55:53 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 03 Jan 2018 07:55:53 -0500
Subject: Major Intel Memory Vulnerability
In-Reply-To: <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
Message-ID: <aLPbq9EDhJ6I-esEJk07QpqixJYMy_52YblOMoJD4L3QZ_Py0JK1KvRXdFgRJcDxPoOQU1q5TGlZfeOvSd0gXhoeKbl8ntbspcwp0ZQCgF4=@mattcrews.com>

Phoronix posted some synthetic benchmarks with the patch applied. The main applications that seem affected are things like database software, while things like code compiling and video encoding are barely affected.

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-------- Original Message --------
On Jan 3, 2018, 00:43, Aaron Jones wrote:

> I read the performance hit for Intel chips will be %35 or so after the fix.
>
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>
>> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>
>> -eric
>> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>>
>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>
>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>
>>> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>>>
>>> Also crucial to note is that AMD chips are not affected by this.
>>>
>>> How the heck does something like this go unnoticed for so long?
>>>
>>> Sent from [ProtonMail](https://protonmail.com/), Swiss-based encrypted email.
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/7f768004/attachment.html>

From mailinglists at mattcrews.com  Wed Jan  3 06:07:02 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 03 Jan 2018 08:07:02 -0500
Subject: OT: New Email Home?
In-Reply-To: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
References: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
Message-ID: <GjIxmowWCad-gEAay8BWGzIxLPJV1tBx04UkKhRxtqm_EKXbsFPQn7hRqhaJfv5r5JgaCz-2Bi-VX0xaB3N8gWZd_17g703zsfnaD0eZsd4=@mattcrews.com>

I third with Protonmail, with some caveats. I used paid Google for awhile, but my general distrust for Google these days made me want to move.

Right now Protonmail does not have IMAP support on Linux (they use bridge software which currently is only available on Windows/Mac), so if you want to use it on Linux you are stuck on the web client for now.

Also from a storage/price perspective they are considerably pricier than Google.

You also do not have a complete feature-set compared to Google, such as synced contacts and calendars.

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-------- Original Message --------
On Jan 1, 2018, 19:43, wrote:

> I second with protonmail
>
> Regards,
>
> Jason
> ---------------------------------------------------------------
>
> From: Steve B <steveb7 at gmail.com>
> Sent: Monday, January 1, 2018 7:32 PM
> To: Main PLUG discussion list
> Subject: Re: OT: New Email Home?
>
> Protonmail?
>
> On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>
>> I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.
>>
>> I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.
>>
>> I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.
>>
>> Suggestions? Experience?
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/8fe27f33/attachment.html>

From Rusty.Carruth at smartm.com  Wed Jan  3 08:35:52 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Wed, 3 Jan 2018 15:35:52 +0000
Subject: OT: New Email Home?
In-Reply-To: <GjIxmowWCad-gEAay8BWGzIxLPJV1tBx04UkKhRxtqm_EKXbsFPQn7hRqhaJfv5r5JgaCz-2Bi-VX0xaB3N8gWZd_17g703zsfnaD0eZsd4=@mattcrews.com>
References: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
 <GjIxmowWCad-gEAay8BWGzIxLPJV1tBx04UkKhRxtqm_EKXbsFPQn7hRqhaJfv5r5JgaCz-2Bi-VX0xaB3N8gWZd_17g703zsfnaD0eZsd4=@mattcrews.com>
Message-ID: <CO2PR04MB23111AFEF8AAF913E0EC5E859D1E0@CO2PR04MB2311.namprd04.prod.outlook.com>

I use hostgator for my web sites (lunchspace and elmers (elmers isn’t finished yet…  Hmm, for that matter, neither is lunchspace, but at least lunchspace is deployed ;-))

Anyway, hostgator web comes with email for ‘free’.  IMAP, POP, and webmail available.

And their web hosting ACTUALLY allows using Django, which webhostinghub didn’t do.

Just as a point of info.  (BEWARE if you want to run something like Django that just because a hosting place says they support Python does NOT mean they support adding packages like Django to it!)

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Matthew Crews
Sent: Wednesday, January 03, 2018 6:07 AM
To: sesso at djsesso.com; plug-discuss at lists.phxlinux.org
Subject: Re: OT: New Email Home?

I third with Protonmail, with some caveats. I used paid Google for awhile, but my general distrust for Google these days made me want to move.

Right now Protonmail does not have IMAP support on Linux (they use bridge software which currently is only available on Windows/Mac), so if you want to use it on Linux you are stuck on the web client for now.

Also from a storage/price perspective they are considerably pricier than Google.

You also do not have a complete feature-set compared to Google, such as synced contacts and calendars.


Sent from ProtonMail<https://protonmail.com>, Swiss-based encrypted email.





-------- Original Message --------
On Jan 1, 2018, 19:43, < sesso at djsesso.com<mailto:sesso at djsesso.com>> wrote:

I second with protonmail

Regards,

Jason
________________________________
From: Steve B <steveb7 at gmail.com<mailto:steveb7 at gmail.com>>
Sent: Monday, January 1, 2018 7:32 PM
To: Main PLUG discussion list
Subject: Re: OT: New Email Home?

Protonmail?

On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net<mailto:vodhner at cox.net>> wrote:
I want to open a new email account, using a good solid provider with decent security. My requirements aren’t paranoid, but I don’t want another Yahoo.

I’m willing to pay something like $20 - $40 a year for a reputable service with no ads.

I could use Startmail (I do my searches via StartPage), but that’s $60/year and I don’t need all that encryption, though I wouldn’t turn it down.

Suggestions? Experience?



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org<mailto:PLUG-discuss at lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/e59da738/attachment.html>

From alex at misteralexander.com  Wed Jan  3 09:11:51 2018
From: alex at misteralexander.com (Snyder, Alexander J)
Date: Wed, 3 Jan 2018 09:11:51 -0700
Subject: OT: New Email Home?
In-Reply-To: <CO2PR04MB23111AFEF8AAF913E0EC5E859D1E0@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <p36iom3ijlmo0pe6h0hmq5ve.1514860996630@email.android.com>
 <GjIxmowWCad-gEAay8BWGzIxLPJV1tBx04UkKhRxtqm_EKXbsFPQn7hRqhaJfv5r5JgaCz-2Bi-VX0xaB3N8gWZd_17g703zsfnaD0eZsd4=@mattcrews.com>
 <CO2PR04MB23111AFEF8AAF913E0EC5E859D1E0@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <CAAqYjtP6XcYQ8psigzucJNn-zeBmMo00N5ruFszNpX1Jd8gyvw@mail.gmail.com>

Late to the party, but I've been using Google Apps since it was free. I pay
now, but $10/m (per user) is well worth it. I host the services through my
own GoDaddy domain.

Security and peace of mind knowing that Google owns my digital life. Like
getting a constant hug from a stranger .... all.the.time.

It is what it is. I vote for G-Suite (Or whatever the marketing buzzword is
today).

Thanks,
Alex.

Sent from my Samsung Galaxy S8+

On Jan 3, 2018 08:50, "Carruth, Rusty" <Rusty.Carruth at smartm.com> wrote:

> I use hostgator for my web sites (lunchspace and elmers (elmers isn’t
> finished yet…  Hmm, for that matter, neither is lunchspace, but at least
> lunchspace is deployed ;-))
>
>
>
> Anyway, hostgator web comes with email for ‘free’.  IMAP, POP, and webmail
> available.
>
>
>
> And their web hosting ACTUALLY allows using Django, which webhostinghub
> didn’t do.
>
>
>
> Just as a point of info.  (BEWARE if you want to run something like Django
> that just because a hosting place says they support Python does NOT mean
> they support adding packages like Django to it!)
>
>
>
> *From:* PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] *On
> Behalf Of *Matthew Crews
> *Sent:* Wednesday, January 03, 2018 6:07 AM
> *To:* sesso at djsesso.com; plug-discuss at lists.phxlinux.org
> *Subject:* Re: OT: New Email Home?
>
>
>
> I third with Protonmail, with some caveats. I used paid Google for awhile,
> but my general distrust for Google these days made me want to move.
>
> Right now Protonmail does not have IMAP support on Linux (they use bridge
> software which currently is only available on Windows/Mac), so if you want
> to use it on Linux you are stuck on the web client for now.
>
> Also from a storage/price perspective they are considerably pricier than
> Google.
>
> You also do not have a complete feature-set compared to Google, such as
> synced contacts and calendars.
>
>
> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
> email.
>
>
>
>
>
> -------- Original Message --------
> On Jan 1, 2018, 19:43, < sesso at djsesso.com> wrote:
>
>
>
> I second with protonmail
>
>
>
> Regards,
>
> Jason
> ------------------------------
>
> *From:* Steve B <steveb7 at gmail.com>
> *Sent:* Monday, January 1, 2018 7:32 PM
> *To:* Main PLUG discussion list
> *Subject:* Re: OT: New Email Home?
>
>
>
> Protonmail?
>
>
>
> On Jan 1, 2018 5:22 PM, "Victor Odhner" <vodhner at cox.net> wrote:
>
> I want to open a new email account, using a good solid provider with
> decent security. My requirements aren’t paranoid, but I don’t want another
> Yahoo.
>
>
>
> I’m willing to pay something like $20 - $40 a year for a reputable service
> with no ads.
>
>
>
> I could use Startmail (I do my searches via StartPage), but that’s
> $60/year and I don’t need all that encryption, though I wouldn’t turn it
> down.
>
>
>
> Suggestions? Experience?
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/08e2ba9b/attachment.html>

From joe at actionline.com  Wed Jan  3 12:39:02 2018
From: joe at actionline.com (joe at actionline.com)
Date: Wed, 3 Jan 2018 12:39:02 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
Message-ID: <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>

Thanks to all who responded,
but ffmpeg is apparently still not found on my system.

cat workshop2.VOB | ffmpeg -i - workit.mp4

ffmpeg: command not found

This was after I did this:

sudo apt-get update ; sudo apt-get install ffmpeg

Then this:

dpkg -l *ffmpeg*

Got this result:

|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name              Version       Architecture  Description
+++-=================-=============-=====-=======================================
ii  ffmpegthumbs      4:4.14.2-0ubu amd64 video thumbnail generator using
ffmpeg
ii  gstreamer0.10-ffm 0.10.13-5ubun amd64 FFmpeg plugin for GStreamer
ii  kffmpegthumbnaile 1.1.0-0ubuntu amd64 video thumbnailer for KDE
ii  libffmpegthumbnai 2.0.8-2       amd64 shared library for
ffmpegthumbnailer
ii  libxine1-ffmpeg   1.1.21-2ubunt amd64 MPEG-related plugins for libxine1




From brian at snaptek.com  Wed Jan  3 14:00:59 2018
From: brian at snaptek.com (Brian Cluff)
Date: Wed, 3 Jan 2018 14:00:59 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
 <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>
Message-ID: <1a536598-d58a-4469-f096-eff79aeb69d0@snaptek.com>

Strange... did you get an error while it was installing?

Brian Cluff

On 01/03/2018 12:39 PM, joe at actionline.com wrote:
> Thanks to all who responded,
> but ffmpeg is apparently still not found on my system.
>
> cat workshop2.VOB | ffmpeg -i - workit.mp4
>
> ffmpeg: command not found
>
> This was after I did this:
>
> sudo apt-get update ; sudo apt-get install ffmpeg
>
> Then this:
>
> dpkg -l *ffmpeg*
>
> Got this result:
>
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name              Version       Architecture  Description
> +++-=================-=============-=====-=======================================
> ii  ffmpegthumbs      4:4.14.2-0ubu amd64 video thumbnail generator using
> ffmpeg
> ii  gstreamer0.10-ffm 0.10.13-5ubun amd64 FFmpeg plugin for GStreamer
> ii  kffmpegthumbnaile 1.1.0-0ubuntu amd64 video thumbnailer for KDE
> ii  libffmpegthumbnai 2.0.8-2       amd64 shared library for
> ffmpegthumbnailer
> ii  libxine1-ffmpeg   1.1.21-2ubunt amd64 MPEG-related plugins for libxine1
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From plugaz at codezilla.xyz  Wed Jan  3 15:35:15 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Wed, 03 Jan 2018 15:35:15 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
Message-ID: <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>

I'm more curious to know which versions of Intel's upcoming chips have
been fixed already. I would like to upgrade my current workstation in
the next year and will stick with Intel despite any performance impact
over AMD. 

On 2018-01-03 00:43, Aaron Jones wrote:

> I read the performance hit for Intel chips will be %35 or so after the fix.  
> 
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent? 
> 
> -eric 
> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept. 
> 
> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote: 
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
> 
> Also crucial to note is that AMD chips are not affected by this.
> 
> How the heck does something like this go unnoticed for so long?
> 
> Sent from ProtonMail [1], Swiss-based encrypted email.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

 

Links:
------
[1] https://protonmail.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/aa52d752/attachment.html>

From PLUGd at LuftHans.com  Wed Jan  3 16:09:28 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Wed, 3 Jan 2018 23:09:28 +0000 (UTC)
Subject: Major Intel Memory Vulnerability
In-Reply-To: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
Message-ID: <alpine.DEB.2.11.1801032304070.14234@post>

Am 02. Jan, 2018 schwätzte Matthew Crews so:

moin moin,

the bugs now have names and logos, let the marketing begin.

http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/

###
Am I affected by the bug?

Most certainly, yes.
###

Rumors thus far:

* new Linux kernel has a 'fix' for some value of 'fix'

* microsoft will force an update tonight

* a macos update from early December already has the fix

* AWS east will be doing reboots tomorrow

* AZURE will have extra reboots in the near future

* Google Android systems ( Nexus and Pixel ) have fixes available, but
might be mostly unaffected anyway

* tshirts available soon ;-)

ciao,

der.hans

> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>
> Also crucial to note is that AMD chips are not affected by this.
>
> How the heck does something like this go unnoticed for so long?
>
> Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "The illiterate of the 21st century will not be those who cannot read and
#  write, but those who cannot learn, unlearn, and relearn." -- Alvin Toffler

From joe at actionline.com  Wed Jan  3 16:31:57 2018
From: joe at actionline.com (joe at actionline.com)
Date: Wed, 3 Jan 2018 16:31:57 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <1a536598-d58a-4469-f096-eff79aeb69d0@snaptek.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
 <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>
 <1a536598-d58a-4469-f096-eff79aeb69d0@snaptek.com>
Message-ID: <5be757f0a534bab983af10e43c1fd034.squirrel@box945.bluehost.com>

> Strange... did you get an error while it was installing?

no


> On 01/03/2018 12:39 PM, joe at actionline.com wrote:
>> Thanks to all who responded,
>> but ffmpeg is apparently still not found on my system.
>>
>> cat workshop2.VOB | ffmpeg -i - workit.mp4
>>
>> ffmpeg: command not found
>>
>> This was after I did this:
>>
>> sudo apt-get update ; sudo apt-get install ffmpeg
>>
>> Then this:
>>
>> dpkg -l *ffmpeg*
>>
>> Got this result:
>>
>> |
>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>> ||/ Name              Version       Architecture  Description
>> +++-=================-=============-=====-=======================================
>> ii  ffmpegthumbs      4:4.14.2-0ubu amd64 video thumbnail generator
>> using
>> ffmpeg
>> ii  gstreamer0.10-ffm 0.10.13-5ubun amd64 FFmpeg plugin for GStreamer
>> ii  kffmpegthumbnaile 1.1.0-0ubuntu amd64 video thumbnailer for KDE
>> ii  libffmpegthumbnai 2.0.8-2       amd64 shared library for
>> ffmpegthumbnailer
>> ii  libxine1-ffmpeg   1.1.21-2ubunt amd64 MPEG-related plugins for
>> libxine1
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss



From bob.elzer at gmail.com  Wed Jan  3 17:59:07 2018
From: bob.elzer at gmail.com (Bob Elzer)
Date: Wed, 3 Jan 2018 17:59:07 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <5be757f0a534bab983af10e43c1fd034.squirrel@box945.bluehost.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
 <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>
 <1a536598-d58a-4469-f096-eff79aeb69d0@snaptek.com>
 <5be757f0a534bab983af10e43c1fd034.squirrel@box945.bluehost.com>
Message-ID: <CANQAHVAdwNL=GULzULVJ00TG5qE+ZBzqVi_ZXC4X1cawKYfiHA@mail.gmail.com>

if it installed, it wont necessarily show up in your path.

try typing the whole path to the location of ffmpeg


On Jan 3, 2018 4:56 PM, <joe at actionline.com> wrote:

> > Strange... did you get an error while it was installing?
>
> no
>
>
> > On 01/03/2018 12:39 PM, joe at actionline.com wrote:
> >> Thanks to all who responded,
> >> but ffmpeg is apparently still not found on my system.
> >>
> >> cat workshop2.VOB | ffmpeg -i - workit.mp4
> >>
> >> ffmpeg: command not found
> >>
> >> This was after I did this:
> >>
> >> sudo apt-get update ; sudo apt-get install ffmpeg
> >>
> >> Then this:
> >>
> >> dpkg -l *ffmpeg*
> >>
> >> Got this result:
> >>
> >> |
> >> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/
> trig-aWait/Trig-pend
> >> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> >> ||/ Name              Version       Architecture  Description
> >> +++-=================-=============-=====-==================
> =====================
> >> ii  ffmpegthumbs      4:4.14.2-0ubu amd64 video thumbnail generator
> >> using
> >> ffmpeg
> >> ii  gstreamer0.10-ffm 0.10.13-5ubun amd64 FFmpeg plugin for GStreamer
> >> ii  kffmpegthumbnaile 1.1.0-0ubuntu amd64 video thumbnailer for KDE
> >> ii  libffmpegthumbnai 2.0.8-2       amd64 shared library for
> >> ffmpegthumbnailer
> >> ii  libxine1-ffmpeg   1.1.21-2ubunt amd64 MPEG-related plugins for
> >> libxine1
> >>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/df73714e/attachment.html>

From bob.elzer at gmail.com  Wed Jan  3 18:06:33 2018
From: bob.elzer at gmail.com (Bob Elzer)
Date: Wed, 3 Jan 2018 18:06:33 -0700
Subject: How to get ffmpeg installed on my system?
In-Reply-To: <5be757f0a534bab983af10e43c1fd034.squirrel@box945.bluehost.com>
References: <4d6e6c86e8b66306de2c610b64189f75.squirrel@box945.bluehost.com>
 <3262b3bf-5522-ab3c-62b5-6111a59789b6@snaptek.com>
 <17e4e165356fe698fd416c4883a530da.squirrel@box945.bluehost.com>
 <1a536598-d58a-4469-f096-eff79aeb69d0@snaptek.com>
 <5be757f0a534bab983af10e43c1fd034.squirrel@box945.bluehost.com>
Message-ID: <CANQAHVDO_bgZ2811c2mqPOPEcKTw5cVj1vjxm2KOu=qi_sqH2g@mail.gmail.com>

you can run rehash if you run csh to load any new programs in your path

also the command. whereis ffmpeg  should tell you its path


On Jan 3, 2018 4:56 PM, <joe at actionline.com> wrote:

> > Strange... did you get an error while it was installing?
>
> no
>
>
> > On 01/03/2018 12:39 PM, joe at actionline.com wrote:
> >> Thanks to all who responded,
> >> but ffmpeg is apparently still not found on my system.
> >>
> >> cat workshop2.VOB | ffmpeg -i - workit.mp4
> >>
> >> ffmpeg: command not found
> >>
> >> This was after I did this:
> >>
> >> sudo apt-get update ; sudo apt-get install ffmpeg
> >>
> >> Then this:
> >>
> >> dpkg -l *ffmpeg*
> >>
> >> Got this result:
> >>
> >> |
> >> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/
> trig-aWait/Trig-pend
> >> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> >> ||/ Name              Version       Architecture  Description
> >> +++-=================-=============-=====-==================
> =====================
> >> ii  ffmpegthumbs      4:4.14.2-0ubu amd64 video thumbnail generator
> >> using
> >> ffmpeg
> >> ii  gstreamer0.10-ffm 0.10.13-5ubun amd64 FFmpeg plugin for GStreamer
> >> ii  kffmpegthumbnaile 1.1.0-0ubuntu amd64 video thumbnailer for KDE
> >> ii  libffmpegthumbnai 2.0.8-2       amd64 shared library for
> >> ffmpegthumbnailer
> >> ii  libxine1-ffmpeg   1.1.21-2ubunt amd64 MPEG-related plugins for
> >> libxine1
> >>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/18778bd0/attachment.html>

From plugaz at codezilla.xyz  Wed Jan  3 18:12:14 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Wed, 03 Jan 2018 18:12:14 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <alpine.DEB.2.11.1801032304070.14234@post>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <alpine.DEB.2.11.1801032304070.14234@post>
Message-ID: <73c51e4924d7069026b6af57fcc04d33@codezilla.xyz>


Came across this Google blog article where they claim AMD is affected as 
well.

https://security.googleblog.com/



On 2018-01-03 16:09, der.hans wrote:
> Am 02. Jan, 2018 schwätzte Matthew Crews so:
> 
> moin moin,
> 
> the bugs now have names and logos, let the marketing begin.
> 
> http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/
> 
> ###
> Am I affected by the bug?
> 
> Most certainly, yes.
> ###
> 
> Rumors thus far:
> 
> * new Linux kernel has a 'fix' for some value of 'fix'
> 
> * microsoft will force an update tonight
> 
> * a macos update from early December already has the fix
> 
> * AWS east will be doing reboots tomorrow
> 
> * AZURE will have extra reboots in the near future
> 
> * Google Android systems ( Nexus and Pixel ) have fixes available, but
> might be mostly unaffected anyway
> 
> * tshirts available soon ;-)
> 
> ciao,
> 
> der.hans
> 
>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>> 
>> In a nutshell, it is a major security flaw in Intel hardware dating 
>> back a decade that is requiring a complete kernel rewrite for every 
>> major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot 
>> be patched out with a CPU microcode update. Major enough that code 
>> comments are redacted in the patches until an embargo period is 
>> expired. Also the reported fix will have a huge performance impact.
>> 
>> Also crucial to note is that AMD chips are not affected by this.
>> 
>> How the heck does something like this go unnoticed for so long?
>> 
>> Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted 
>> email.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From mailinglists at mattcrews.com  Wed Jan  3 18:12:12 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 03 Jan 2018 20:12:12 -0500
Subject: Major Intel Memory Vulnerability
In-Reply-To: <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
Message-ID: <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>

I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.

Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-------- Original Message --------
On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:

> I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD.
>
> On 2018-01-03 00:43, Aaron Jones wrote:
>
>>
>> I read the performance hit for Intel chips will be %35 or so after the fix.
>>
>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>
>>> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>>
>>> -eric
>>> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>>>
>>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>
>>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>>
>>>> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>>>>
>>>> Also crucial to note is that AMD chips are not affected by this.
>>>>
>>>> How the heck does something like this go unnoticed for so long?
>>>>
>>>> Sent from [ProtonMail](https://protonmail.com/), Swiss-based encrypted email.
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/b6dabbd2/attachment.html>

From PLUGd at LuftHans.com  Wed Jan  3 18:18:55 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Thu, 4 Jan 2018 01:18:55 +0000 (UTC)
Subject: Major Intel Memory Vulnerability
In-Reply-To: <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
Message-ID: <alpine.DEB.2.11.1801040117190.14234@post>

Am 03. Jan, 2018 schwätzte Matthew Crews so:

moin moin,

good writeup on memory management and how this is an issue from before the
bug details were released and a follow up article from the same guy about
the bugs.

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

If I were still teaching sysadmin that article would be required reading.

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

ciao,

der.hans

> I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.
>
> Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
>
> -------- Original Message --------
> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>
>> I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD.
>>
>> On 2018-01-03 00:43, Aaron Jones wrote:
>>
>>>
>>> I read the performance hit for Intel chips will be %35 or so after the fix.
>>>
>>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>
>>>> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>>>
>>>> -eric
>>>> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>>>>
>>>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>>
>>>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>>>
>>>>> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>>>>>
>>>>> Also crucial to note is that AMD chips are not affected by this.
>>>>>
>>>>> How the heck does something like this go unnoticed for so long?
>>>>>
>>>>> Sent from [ProtonMail](https://protonmail.com/), Swiss-based encrypted email.
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
# An architect who does not believe in privacy may also lack faith
# in keeping out the rain" -- John M. Ford, Growing Up Weightless

From mark at phillipsmarketing.biz  Wed Jan  3 18:56:15 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Wed, 3 Jan 2018 18:56:15 -0700
Subject: Weird Chrome and Gmail Interaction
Message-ID: <CAEqej2NU7-7PfidWMLg44cFsfTuGKY_z0uBtth=1Cx=BRzeBXw@mail.gmail.com>

I normally use chrome to access my gmail accounts. I let Ubuntu keep chrome
updated. I have Ubuntu 14.04, but with all the updates.

I just rebooted my machine. I can open both of my gmail accounts and I get
the list of emails. On one account, I can click on an email and it opens.
On the other account, I get the little hand icon that shows the email
subject is a link, but when I click it, nothing happens. The email does not
open. This happens for all emails in the account.

I can, however, open emails from this account on my android phone. I tried
exiting out of chrome (from the icon in the systray), and restarting, and
logging out of each of the email accounts and logging in again. Still can't
open emails from the one account.

I can open emails from both accounts if I use firefox 57.0.3 (64-bit). But
firefox crashes a lot on my system, so I never use it.

Is there a setting somewhere that says "Time to mess with Mark, so don't
open emails from this account?", and how do I turn it off????

Thanks,

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/82523acd/attachment.html>

From cryptworks at gmail.com  Wed Jan  3 20:30:23 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Wed, 3 Jan 2018 20:30:23 -0700
Subject: Weird Chrome and Gmail Interaction
In-Reply-To: <CAEqej2NU7-7PfidWMLg44cFsfTuGKY_z0uBtth=1Cx=BRzeBXw@mail.gmail.com>
References: <CAEqej2NU7-7PfidWMLg44cFsfTuGKY_z0uBtth=1Cx=BRzeBXw@mail.gmail.com>
Message-ID: <CACS_G9y4D4GXgYiFJ-hwwfMLbL1QN2ofjP2nU_upbHGD1ERm9A@mail.gmail.com>

Are you logged in to Chrome as either of the accounts? Are you trying to
connect to both at the same time? Have you tried making other browsing
users to separate accounts?

On Jan 3, 2018 6:56 PM, "Mark Phillips" <mark at phillipsmarketing.biz> wrote:

> I normally use chrome to access my gmail accounts. I let Ubuntu keep
> chrome updated. I have Ubuntu 14.04, but with all the updates.
>
> I just rebooted my machine. I can open both of my gmail accounts and I get
> the list of emails. On one account, I can click on an email and it opens.
> On the other account, I get the little hand icon that shows the email
> subject is a link, but when I click it, nothing happens. The email does not
> open. This happens for all emails in the account.
>
> I can, however, open emails from this account on my android phone. I tried
> exiting out of chrome (from the icon in the systray), and restarting, and
> logging out of each of the email accounts and logging in again. Still can't
> open emails from the one account.
>
> I can open emails from both accounts if I use firefox 57.0.3 (64-bit). But
> firefox crashes a lot on my system, so I never use it.
>
> Is there a setting somewhere that says "Time to mess with Mark, so don't
> open emails from this account?", and how do I turn it off????
>
> Thanks,
>
> Mark
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180103/25a0af62/attachment.html>

From PLUGd at LuftHans.com  Thu Jan  4 10:21:15 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Thu, 4 Jan 2018 17:21:15 +0000 (UTC)
Subject: HTML5 as JS
Message-ID: <alpine.DEB.2.11.1801041714370.14234@post>

moin moin,

I haven't paid much attention to HTML and CSS standards for many years.

As I understand it, HTML5 is script-like to lesson use of javascript.

Does that mean plain HTML ( no javascript ) is sufficient to exploit
browsers in light of #meltdown and #spectre ?

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca

What about CSS?

ciao,

der.hans
-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  As we enjoy great Advantages from the
#  Inventions of others we should be glad of an
#  Opportunity to serve others by any Invention of ours,
#  and this we should do freely and generously.
#  -- Benjamin Franklin (1706-1790), on his refusal to patent his inventions.

From mark at phillipsmarketing.biz  Thu Jan  4 10:27:51 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Thu, 4 Jan 2018 10:27:51 -0700
Subject: Weird Chrome and Gmail Interaction
In-Reply-To: <CACS_G9y4D4GXgYiFJ-hwwfMLbL1QN2ofjP2nU_upbHGD1ERm9A@mail.gmail.com>
References: <CAEqej2NU7-7PfidWMLg44cFsfTuGKY_z0uBtth=1Cx=BRzeBXw@mail.gmail.com>
 <CACS_G9y4D4GXgYiFJ-hwwfMLbL1QN2ofjP2nU_upbHGD1ERm9A@mail.gmail.com>
Message-ID: <CAEqej2P+=wKasNDYiS37k97O7rSdk1DZikQhiaKV4O4F0ef_Aw@mail.gmail.com>

I don't log in to chrome...I just open it. Perhaps I am missing something.

Also, I open both accounts at the same time, in different tabs. I have been
doing this for many many years. It has never been an issue.

The good news is that our benevolent overlords at Google worked their
magic, and I can not click on emails and read them.

Thanks!

Mark

On Wed, Jan 3, 2018 at 8:30 PM, Stephen Partington <cryptworks at gmail.com>
wrote:

> Are you logged in to Chrome as either of the accounts? Are you trying to
> connect to both at the same time? Have you tried making other browsing
> users to separate accounts?
>
> On Jan 3, 2018 6:56 PM, "Mark Phillips" <mark at phillipsmarketing.biz>
> wrote:
>
>> I normally use chrome to access my gmail accounts. I let Ubuntu keep
>> chrome updated. I have Ubuntu 14.04, but with all the updates.
>>
>> I just rebooted my machine. I can open both of my gmail accounts and I
>> get the list of emails. On one account, I can click on an email and it
>> opens. On the other account, I get the little hand icon that shows the
>> email subject is a link, but when I click it, nothing happens. The email
>> does not open. This happens for all emails in the account.
>>
>> I can, however, open emails from this account on my android phone. I
>> tried exiting out of chrome (from the icon in the systray), and restarting,
>> and logging out of each of the email accounts and logging in again. Still
>> can't open emails from the one account.
>>
>> I can open emails from both accounts if I use firefox 57.0.3 (64-bit).
>> But firefox crashes a lot on my system, so I never use it.
>>
>> Is there a setting somewhere that says "Time to mess with Mark, so don't
>> open emails from this account?", and how do I turn it off????
>>
>> Thanks,
>>
>> Mark
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180104/ed84108f/attachment.html>

From andrewmcrobb at gmail.com  Thu Jan  4 13:32:36 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Thu, 4 Jan 2018 13:32:36 -0700
Subject: HTML5 as JS
In-Reply-To: <alpine.DEB.2.11.1801041714370.14234@post>
References: <alpine.DEB.2.11.1801041714370.14234@post>
Message-ID: <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>

No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is like
comparing apples to oranges. All HTML5 does is include new tags to use when
building a web app for you or search engines to use:
https://www.w3schools.com/html/html5_intro.asp. It doesn't at all handle
any logic like JS would, if that's what you are asking.

Same can almost go for CSS. It's a description language, it doesn't handle
any logic (except for select queries). However, CSS is starting to
implement variables, but you can only use those for *attributes*. Not write
a fully functional app with CSS alone.

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:

> moin moin,
>
> I haven't paid much attention to HTML and CSS standards for many years.
>
> As I understand it, HTML5 is script-like to lesson use of javascript.
>
> Does that mean plain HTML ( no javascript ) is sufficient to exploit
> browsers in light of #meltdown and #spectre ?
>
> https://blog.mozilla.org/security/2018/01/03/mitigations-
> landing-new-class-timing-attack/
>
> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>
> What about CSS?
>
> ciao,
>
> der.hans
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  As we enjoy great Advantages from the
> #  Inventions of others we should be glad of an
> #  Opportunity to serve others by any Invention of ours,
> #  and this we should do freely and generously.
> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
> inventions.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180104/e5643070/attachment.html>

From dev at snitselaar.org  Thu Jan  4 16:22:56 2018
From: dev at snitselaar.org (Jerry Snitselaar)
Date: Thu, 4 Jan 2018 16:22:56 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <alpine.DEB.2.11.1801040117190.14234@post>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <alpine.DEB.2.11.1801040117190.14234@post>
Message-ID: <20180104232256.6zet4ksw67futf6s@cantor>

On Thu Jan 04 18, der.hans wrote:
>Am 03. Jan, 2018 schwätzte Matthew Crews so:
>
>moin moin,
>
>good writeup on memory management and how this is an issue from before the
>bug details were released and a follow up article from the same guy about
>the bugs.
>
>https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
>
>If I were still teaching sysadmin that article would be required reading.
>
>https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
>
>ciao,
>
>der.hans
>

The writeup from the project zero folks: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html


>>I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.
>>
>>Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
>>
>>-------- Original Message --------
>>On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>
>>>I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD.
>>>
>>>On 2018-01-03 00:43, Aaron Jones wrote:
>>>
>>>>
>>>>I read the performance hit for Intel chips will be %35 or so after the fix.
>>>>
>>>>On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>>
>>>>>so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>>>>
>>>>>-eric
>>>>>from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>>>>>
>>>>>On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>>>
>>>>>>https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>>>>
>>>>>>In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>>>>>>
>>>>>>Also crucial to note is that AMD chips are not affected by this.
>>>>>>
>>>>>>How the heck does something like this go unnoticed for so long?
>>>>>>
>>>>>>Sent from [ProtonMail](https://protonmail.com/), Swiss-based encrypted email.
>>>>
>>>>---------------------------------------------------
>>>>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>To subscribe, unsubscribe, or to change your mail settings:
>>>>http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>-- 
>#  https://www.LuftHans.com   https://www.PhxLinux.org
># An architect who does not believe in privacy may also lack faith
># in keeping out the rain" -- John M. Ford, Growing Up Weightless

>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From PLUGd at LuftHans.com  Thu Jan  4 16:59:57 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Thu, 4 Jan 2018 23:59:57 +0000 (UTC)
Subject: HTML5 as JS
In-Reply-To: <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801042349010.14234@post>

Am 04. Jan, 2018 schwätzte Andrew McRobb so:

moin moin Andrew,

cool, sounds like having umatrix or NoScript blocking javascript is still
sufficient.

Need to make sure <script> is blocked as well as the external JS.

https://www.w3schools.com/html/html_scripts.asp

ciao,

der.hans

> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is like
> comparing apples to oranges. All HTML5 does is include new tags to use when
> building a web app for you or search engines to use:
> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all handle
> any logic like JS would, if that's what you are asking.
>
> Same can almost go for CSS. It's a description language, it doesn't handle
> any logic (except for select queries). However, CSS is starting to
> implement variables, but you can only use those for *attributes*. Not write
> a fully functional app with CSS alone.
>
> Andrew McRobb
> Full-time Software Developer
> Part-time Freelancer
> mcrobb.info
>
> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
>
>> moin moin,
>>
>> I haven't paid much attention to HTML and CSS standards for many years.
>>
>> As I understand it, HTML5 is script-like to lesson use of javascript.
>>
>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>> browsers in light of #meltdown and #spectre ?
>>
>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>> landing-new-class-timing-attack/
>>
>> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>>
>> What about CSS?
>>
>> ciao,
>>
>> der.hans
>> --
>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>> #  As we enjoy great Advantages from the
>> #  Inventions of others we should be glad of an
>> #  Opportunity to serve others by any Invention of ours,
>> #  and this we should do freely and generously.
>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>> inventions.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  Nobody grows old merely by living a number of years.
#  We grow old by deserting our ideals.
#  Years may wrinkle the skin, but to give up enthusiasm
#  wrinkles the soul.  -- Samuel Ullman

From plug at 0x1b.com  Thu Jan  4 20:46:35 2018
From: plug at 0x1b.com (Ed)
Date: Thu, 4 Jan 2018 20:46:35 -0700
Subject: HTML5 as JS
In-Reply-To: <alpine.DEB.2.11.1801042349010.14234@post>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
Message-ID: <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>

More like raccoons to oranges...
8)

On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
> Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>
> moin moin Andrew,
>
> cool, sounds like having umatrix or NoScript blocking javascript is still
> sufficient.
>
> Need to make sure <script> is blocked as well as the external JS.
>
> https://www.w3schools.com/html/html_scripts.asp
>
> ciao,
>
> der.hans
>
>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>> like
>> comparing apples to oranges. All HTML5 does is include new tags to use
>> when
>> building a web app for you or search engines to use:
>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all handle
>> any logic like JS would, if that's what you are asking.
>>
>> Same can almost go for CSS. It's a description language, it doesn't handle
>> any logic (except for select queries). However, CSS is starting to
>> implement variables, but you can only use those for *attributes*. Not
>> write
>>
>> a fully functional app with CSS alone.
>>
>> Andrew McRobb
>> Full-time Software Developer
>> Part-time Freelancer
>> mcrobb.info
>>
>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
>>
>>> moin moin,
>>>
>>> I haven't paid much attention to HTML and CSS standards for many years.
>>>
>>> As I understand it, HTML5 is script-like to lesson use of javascript.
>>>
>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>>> browsers in light of #meltdown and #spectre ?
>>>
>>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>>> landing-new-class-timing-attack/
>>>
>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>>>
>>> What about CSS?
>>>
>>> ciao,
>>>
>>> der.hans
>>> --
>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>> #  As we enjoy great Advantages from the
>>> #  Inventions of others we should be glad of an
>>> #  Opportunity to serve others by any Invention of ours,
>>> #  and this we should do freely and generously.
>>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>>> inventions.
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  Nobody grows old merely by living a number of years.
> #  We grow old by deserting our ideals.
> #  Years may wrinkle the skin, but to give up enthusiasm
> #  wrinkles the soul.  -- Samuel Ullman
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From andrewmcrobb at gmail.com  Thu Jan  4 22:52:49 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Thu, 4 Jan 2018 22:52:49 -0700
Subject: HTML5 as JS
In-Reply-To: <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
Message-ID: <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>

JavaScript being the Raccoon? heh

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug at 0x1b.com> wrote:

> More like raccoons to oranges...
> 8)
>
> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
> > Am 04. Jan, 2018 schwätzte Andrew McRobb so:
> >
> > moin moin Andrew,
> >
> > cool, sounds like having umatrix or NoScript blocking javascript is still
> > sufficient.
> >
> > Need to make sure <script> is blocked as well as the external JS.
> >
> > https://www.w3schools.com/html/html_scripts.asp
> >
> > ciao,
> >
> > der.hans
> >
> >> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
> >> like
> >> comparing apples to oranges. All HTML5 does is include new tags to use
> >> when
> >> building a web app for you or search engines to use:
> >> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
> handle
> >> any logic like JS would, if that's what you are asking.
> >>
> >> Same can almost go for CSS. It's a description language, it doesn't
> handle
> >> any logic (except for select queries). However, CSS is starting to
> >> implement variables, but you can only use those for *attributes*. Not
> >> write
> >>
> >> a fully functional app with CSS alone.
> >>
> >> Andrew McRobb
> >> Full-time Software Developer
> >> Part-time Freelancer
> >> mcrobb.info
> >>
> >> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
> >>
> >>> moin moin,
> >>>
> >>> I haven't paid much attention to HTML and CSS standards for many years.
> >>>
> >>> As I understand it, HTML5 is script-like to lesson use of javascript.
> >>>
> >>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
> >>> browsers in light of #meltdown and #spectre ?
> >>>
> >>> https://blog.mozilla.org/security/2018/01/03/mitigations-
> >>> landing-new-class-timing-attack/
> >>>
> >>> https://sites.google.com/a/chromium.org/dev/Home/
> chromium-security/ssca
> >>>
> >>> What about CSS?
> >>>
> >>> ciao,
> >>>
> >>> der.hans
> >>> --
> >>> #  https://www.LuftHans.com   https://www.PhxLinux.org
> >>> #  As we enjoy great Advantages from the
> >>> #  Inventions of others we should be glad of an
> >>> #  Opportunity to serve others by any Invention of ours,
> >>> #  and this we should do freely and generously.
> >>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
> >>> inventions.
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >>
> >
> > --
> > #  https://www.LuftHans.com   https://www.PhxLinux.org
> > #  Nobody grows old merely by living a number of years.
> > #  We grow old by deserting our ideals.
> > #  Years may wrinkle the skin, but to give up enthusiasm
> > #  wrinkles the soul.  -- Samuel Ullman
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180104/22a5bc21/attachment.html>

From herminio.hernandezjr at gmail.com  Fri Jan  5 01:29:40 2018
From: herminio.hernandezjr at gmail.com (Herminio Hernandez, Jr.)
Date: Fri, 5 Jan 2018 01:29:40 -0700
Subject: HTML5 as JS
In-Reply-To: <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
 <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
Message-ID: <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>

Damn Stallman was right again

https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html

On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb at gmail.com>
wrote:

> JavaScript being the Raccoon? heh
>
> Andrew McRobb
> Full-time Software Developer
> Part-time Freelancer
> mcrobb.info
>
> On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug at 0x1b.com> wrote:
>
>> More like raccoons to oranges...
>> 8)
>>
>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
>> > Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>> >
>> > moin moin Andrew,
>> >
>> > cool, sounds like having umatrix or NoScript blocking javascript is
>> still
>> > sufficient.
>> >
>> > Need to make sure <script> is blocked as well as the external JS.
>> >
>> > https://www.w3schools.com/html/html_scripts.asp
>> >
>> > ciao,
>> >
>> > der.hans
>> >
>> >> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>> >> like
>> >> comparing apples to oranges. All HTML5 does is include new tags to use
>> >> when
>> >> building a web app for you or search engines to use:
>> >> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
>> handle
>> >> any logic like JS would, if that's what you are asking.
>> >>
>> >> Same can almost go for CSS. It's a description language, it doesn't
>> handle
>> >> any logic (except for select queries). However, CSS is starting to
>> >> implement variables, but you can only use those for *attributes*. Not
>> >> write
>> >>
>> >> a fully functional app with CSS alone.
>> >>
>> >> Andrew McRobb
>> >> Full-time Software Developer
>> >> Part-time Freelancer
>> >> mcrobb.info
>> >>
>> >> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
>> >>
>> >>> moin moin,
>> >>>
>> >>> I haven't paid much attention to HTML and CSS standards for many
>> years.
>> >>>
>> >>> As I understand it, HTML5 is script-like to lesson use of javascript.
>> >>>
>> >>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>> >>> browsers in light of #meltdown and #spectre ?
>> >>>
>> >>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>> >>> landing-new-class-timing-attack/
>> >>>
>> >>> https://sites.google.com/a/chromium.org/dev/Home/chromium-
>> security/ssca
>> >>>
>> >>> What about CSS?
>> >>>
>> >>> ciao,
>> >>>
>> >>> der.hans
>> >>> --
>> >>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>> >>> #  As we enjoy great Advantages from the
>> >>> #  Inventions of others we should be glad of an
>> >>> #  Opportunity to serve others by any Invention of ours,
>> >>> #  and this we should do freely and generously.
>> >>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>> >>> inventions.
>> >>> ---------------------------------------------------
>> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >>> To subscribe, unsubscribe, or to change your mail settings:
>> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >>
>> >>
>> >
>> > --
>> > #  https://www.LuftHans.com   https://www.PhxLinux.org
>> > #  Nobody grows old merely by living a number of years.
>> > #  We grow old by deserting our ideals.
>> > #  Years may wrinkle the skin, but to give up enthusiasm
>> > #  wrinkles the soul.  -- Samuel Ullman
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/b78d7eb8/attachment.html>

From PLUGd at LuftHans.com  Fri Jan  5 01:36:58 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Fri, 5 Jan 2018 08:36:58 +0000 (UTC)
Subject: HTML5 as JS
In-Reply-To: <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
 <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
 <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801050831450.14234@post>

Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so:

moin moin,

Yeah, JavaScript's annoying. I've been using NoScript to block it outright
for years. I only allow certain sites to have JavaScript. Some of those
sites only get JavaScript when I'm trying to checkout. Some get their own
browser instance before I allow them to have JavaScript.

Recently JavaScript has been used to do bitcoin mining via web browsers
and it's had several security issues over the years.

It can't escape the sandbox if it never runs :).

ciao,

der.hans

> Damn Stallman was right again
>
> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html
>
> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb at gmail.com>
> wrote:
>
>> JavaScript being the Raccoon? heh
>>
>> Andrew McRobb
>> Full-time Software Developer
>> Part-time Freelancer
>> mcrobb.info
>>
>> On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug at 0x1b.com> wrote:
>>
>>> More like raccoons to oranges...
>>> 8)
>>>
>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>>>>
>>>> moin moin Andrew,
>>>>
>>>> cool, sounds like having umatrix or NoScript blocking javascript is
>>> still
>>>> sufficient.
>>>>
>>>> Need to make sure <script> is blocked as well as the external JS.
>>>>
>>>> https://www.w3schools.com/html/html_scripts.asp
>>>>
>>>> ciao,
>>>>
>>>> der.hans
>>>>
>>>>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>>>>> like
>>>>> comparing apples to oranges. All HTML5 does is include new tags to use
>>>>> when
>>>>> building a web app for you or search engines to use:
>>>>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
>>> handle
>>>>> any logic like JS would, if that's what you are asking.
>>>>>
>>>>> Same can almost go for CSS. It's a description language, it doesn't
>>> handle
>>>>> any logic (except for select queries). However, CSS is starting to
>>>>> implement variables, but you can only use those for *attributes*. Not
>>>>> write
>>>>>
>>>>> a fully functional app with CSS alone.
>>>>>
>>>>> Andrew McRobb
>>>>> Full-time Software Developer
>>>>> Part-time Freelancer
>>>>> mcrobb.info
>>>>>
>>>>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
>>>>>
>>>>>> moin moin,
>>>>>>
>>>>>> I haven't paid much attention to HTML and CSS standards for many
>>> years.
>>>>>>
>>>>>> As I understand it, HTML5 is script-like to lesson use of javascript.
>>>>>>
>>>>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>>>>>> browsers in light of #meltdown and #spectre ?
>>>>>>
>>>>>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>>>>>> landing-new-class-timing-attack/
>>>>>>
>>>>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-
>>> security/ssca
>>>>>>
>>>>>> What about CSS?
>>>>>>
>>>>>> ciao,
>>>>>>
>>>>>> der.hans
>>>>>> --
>>>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>>>> #  As we enjoy great Advantages from the
>>>>>> #  Inventions of others we should be glad of an
>>>>>> #  Opportunity to serve others by any Invention of ours,
>>>>>> #  and this we should do freely and generously.
>>>>>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>>>>>> inventions.
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>
>>>> --
>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>> #  Nobody grows old merely by living a number of years.
>>>> #  We grow old by deserting our ideals.
>>>> #  Years may wrinkle the skin, but to give up enthusiasm
>>>> #  wrinkles the soul.  -- Samuel Ullman
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  It's up to the reader to make the book interesting.
#  An author has only the opportunity to make it uninteresting. - der.hans

From herminio.hernandezjr at gmail.com  Fri Jan  5 01:45:47 2018
From: herminio.hernandezjr at gmail.com (Herminio Hernandez, Jr.)
Date: Fri, 5 Jan 2018 01:45:47 -0700
Subject: HTML5 as JS
In-Reply-To: <alpine.DEB.2.11.1801050831450.14234@post>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
 <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
 <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>
 <alpine.DEB.2.11.1801050831450.14234@post>
Message-ID: <CAJRA9dyyahfKjapd6pVYi1R0w0+irw401yCqCZvvghG7N5t+ZA@mail.gmail.com>

Mozilla confirms this bug is exploitable. I am making sure JavaScript is
off by default and only enabled in pages where I want it to.

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

On Fri, Jan 5, 2018 at 1:36 AM, der.hans <PLUGd at lufthans.com> wrote:

> Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so:
>
> moin moin,
>
> Yeah, JavaScript's annoying. I've been using NoScript to block it outright
> for years. I only allow certain sites to have JavaScript. Some of those
> sites only get JavaScript when I'm trying to checkout. Some get their own
> browser instance before I allow them to have JavaScript.
>
> Recently JavaScript has been used to do bitcoin mining via web browsers
> and it's had several security issues over the years.
>
> It can't escape the sandbox if it never runs :).
>
> ciao,
>
> der.hans
>
>
> Damn Stallman was right again
>>
>> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html
>>
>> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb at gmail.com>
>> wrote:
>>
>> JavaScript being the Raccoon? heh
>>>
>>> Andrew McRobb
>>> Full-time Software Developer
>>> Part-time Freelancer
>>> mcrobb.info
>>>
>>> On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug at 0x1b.com> wrote:
>>>
>>> More like raccoons to oranges...
>>>> 8)
>>>>
>>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
>>>>
>>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>>>>>
>>>>> moin moin Andrew,
>>>>>
>>>>> cool, sounds like having umatrix or NoScript blocking javascript is
>>>>>
>>>> still
>>>>
>>>>> sufficient.
>>>>>
>>>>> Need to make sure <script> is blocked as well as the external JS.
>>>>>
>>>>> https://www.w3schools.com/html/html_scripts.asp
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>>
>>>>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>>>>>> like
>>>>>> comparing apples to oranges. All HTML5 does is include new tags to use
>>>>>> when
>>>>>> building a web app for you or search engines to use:
>>>>>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
>>>>>>
>>>>> handle
>>>>
>>>>> any logic like JS would, if that's what you are asking.
>>>>>>
>>>>>> Same can almost go for CSS. It's a description language, it doesn't
>>>>>>
>>>>> handle
>>>>
>>>>> any logic (except for select queries). However, CSS is starting to
>>>>>> implement variables, but you can only use those for *attributes*. Not
>>>>>> write
>>>>>>
>>>>>> a fully functional app with CSS alone.
>>>>>>
>>>>>> Andrew McRobb
>>>>>> Full-time Software Developer
>>>>>> Part-time Freelancer
>>>>>> mcrobb.info
>>>>>>
>>>>>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com> wrote:
>>>>>>
>>>>>> moin moin,
>>>>>>>
>>>>>>> I haven't paid much attention to HTML and CSS standards for many
>>>>>>>
>>>>>> years.
>>>>
>>>>>
>>>>>>> As I understand it, HTML5 is script-like to lesson use of javascript.
>>>>>>>
>>>>>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>>>>>>> browsers in light of #meltdown and #spectre ?
>>>>>>>
>>>>>>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>>>>>>> landing-new-class-timing-attack/
>>>>>>>
>>>>>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-
>>>>>>>
>>>>>> security/ssca
>>>>
>>>>>
>>>>>>> What about CSS?
>>>>>>>
>>>>>>> ciao,
>>>>>>>
>>>>>>> der.hans
>>>>>>> --
>>>>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>>>>> #  As we enjoy great Advantages from the
>>>>>>> #  Inventions of others we should be glad of an
>>>>>>> #  Opportunity to serve others by any Invention of ours,
>>>>>>> #  and this we should do freely and generously.
>>>>>>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>>>>>>> inventions.
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>>> #  Nobody grows old merely by living a number of years.
>>>>> #  We grow old by deserting our ideals.
>>>>> #  Years may wrinkle the skin, but to give up enthusiasm
>>>>> #  wrinkles the soul.  -- Samuel Ullman
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  It's up to the reader to make the book interesting.
> #  An author has only the opportunity to make it uninteresting. - der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/a6d0135d/attachment.html>

From andrewmcrobb at gmail.com  Fri Jan  5 09:36:28 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Fri, 5 Jan 2018 09:36:28 -0700
Subject: HTML5 as JS
In-Reply-To: <CAJRA9dyyahfKjapd6pVYi1R0w0+irw401yCqCZvvghG7N5t+ZA@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
 <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
 <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>
 <alpine.DEB.2.11.1801050831450.14234@post>
 <CAJRA9dyyahfKjapd6pVYi1R0w0+irw401yCqCZvvghG7N5t+ZA@mail.gmail.com>
Message-ID: <CAH1v-qgKd6uGVcpqaqG=pE8Sx_mNk+97swwrsAZ+YotDpSM-=Q@mail.gmail.com>

>
> Users are recommended to update to Firefox 57
>
>
Looks like I'm good here. I'm honestly surprised you can pull this off in
JavaScript. Must be a true JS wizard if you can pull this off. Looks like
I'm setting my Updates Manager to check every 30 days now, until all this
stuff has been resolved, since some apps don't look like they can get a
patch until near the end of the month.

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Fri, Jan 5, 2018 at 1:45 AM, Herminio Hernandez, Jr. <
herminio.hernandezjr at gmail.com> wrote:

> Mozilla confirms this bug is exploitable. I am making sure JavaScript is
> off by default and only enabled in pages where I want it to.
>
> https://www.bleepingcomputer.com/news/security/mozilla-
> confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/
>
> On Fri, Jan 5, 2018 at 1:36 AM, der.hans <PLUGd at lufthans.com> wrote:
>
>> Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so:
>>
>> moin moin,
>>
>> Yeah, JavaScript's annoying. I've been using NoScript to block it outright
>> for years. I only allow certain sites to have JavaScript. Some of those
>> sites only get JavaScript when I'm trying to checkout. Some get their own
>> browser instance before I allow them to have JavaScript.
>>
>> Recently JavaScript has been used to do bitcoin mining via web browsers
>> and it's had several security issues over the years.
>>
>> It can't escape the sandbox if it never runs :).
>>
>> ciao,
>>
>> der.hans
>>
>>
>> Damn Stallman was right again
>>>
>>> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html
>>>
>>> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb at gmail.com>
>>> wrote:
>>>
>>> JavaScript being the Raccoon? heh
>>>>
>>>> Andrew McRobb
>>>> Full-time Software Developer
>>>> Part-time Freelancer
>>>> mcrobb.info
>>>>
>>>> On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug at 0x1b.com> wrote:
>>>>
>>>> More like raccoons to oranges...
>>>>> 8)
>>>>>
>>>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd at lufthans.com> wrote:
>>>>>
>>>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>>>>>>
>>>>>> moin moin Andrew,
>>>>>>
>>>>>> cool, sounds like having umatrix or NoScript blocking javascript is
>>>>>>
>>>>> still
>>>>>
>>>>>> sufficient.
>>>>>>
>>>>>> Need to make sure <script> is blocked as well as the external JS.
>>>>>>
>>>>>> https://www.w3schools.com/html/html_scripts.asp
>>>>>>
>>>>>> ciao,
>>>>>>
>>>>>> der.hans
>>>>>>
>>>>>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>>>>>>> like
>>>>>>> comparing apples to oranges. All HTML5 does is include new tags to
>>>>>>> use
>>>>>>> when
>>>>>>> building a web app for you or search engines to use:
>>>>>>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
>>>>>>>
>>>>>> handle
>>>>>
>>>>>> any logic like JS would, if that's what you are asking.
>>>>>>>
>>>>>>> Same can almost go for CSS. It's a description language, it doesn't
>>>>>>>
>>>>>> handle
>>>>>
>>>>>> any logic (except for select queries). However, CSS is starting to
>>>>>>> implement variables, but you can only use those for *attributes*. Not
>>>>>>> write
>>>>>>>
>>>>>>> a fully functional app with CSS alone.
>>>>>>>
>>>>>>> Andrew McRobb
>>>>>>> Full-time Software Developer
>>>>>>> Part-time Freelancer
>>>>>>> mcrobb.info
>>>>>>>
>>>>>>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd at lufthans.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> moin moin,
>>>>>>>>
>>>>>>>> I haven't paid much attention to HTML and CSS standards for many
>>>>>>>>
>>>>>>> years.
>>>>>
>>>>>>
>>>>>>>> As I understand it, HTML5 is script-like to lesson use of
>>>>>>>> javascript.
>>>>>>>>
>>>>>>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>>>>>>>> browsers in light of #meltdown and #spectre ?
>>>>>>>>
>>>>>>>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>>>>>>>> landing-new-class-timing-attack/
>>>>>>>>
>>>>>>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-
>>>>>>>>
>>>>>>> security/ssca
>>>>>
>>>>>>
>>>>>>>> What about CSS?
>>>>>>>>
>>>>>>>> ciao,
>>>>>>>>
>>>>>>>> der.hans
>>>>>>>> --
>>>>>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>>>>>> #  As we enjoy great Advantages from the
>>>>>>>> #  Inventions of others we should be glad of an
>>>>>>>> #  Opportunity to serve others by any Invention of ours,
>>>>>>>> #  and this we should do freely and generously.
>>>>>>>> #  -- Benjamin Franklin (1706-1790), on his refusal to patent his
>>>>>>>> inventions.
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>>>>>> #  Nobody grows old merely by living a number of years.
>>>>>> #  We grow old by deserting our ideals.
>>>>>> #  Years may wrinkle the skin, but to give up enthusiasm
>>>>>> #  wrinkles the soul.  -- Samuel Ullman
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>
>> --
>> #  https://www.LuftHans.com   https://www.PhxLinux.org
>> #  It's up to the reader to make the book interesting.
>> #  An author has only the opportunity to make it uninteresting. - der.hans
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/9864adfd/attachment.html>

From techlists at phpcoderusa.com  Fri Jan  5 09:39:08 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Fri, 05 Jan 2018 09:39:08 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
Message-ID: <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>

I think they have a moral obligation to destroy all effected chips that
are in the pipeline.  Dell and others need to stop sales and not
continue selling until the CPU is fixed. 

This is much bigger than we know.  Almost every computer is effected. 
The intermittent fix is software.  What keeps some smart and devious
person from creating an app that replaced the patch with their own and
then they can drain your bank account... crash your automated or self
driving car.... Yikes. 

The real solution is a new generation of chips that are not exploitable.
 That means replacing every computer and device that is effected.   

This should be a wake up call to all of us.  We are way too dependent on
computers. 

There will be major fireworks over this.  I can see a lot of companies
getting sued.  And the only ones that win are the lawyers.   

This is going to be with us for years. 

I have 7 computers that can be or already are connected to the internet.
 A lot of it is old technology, however it's value is in testing.  I am
a software developer.  As long as I keep them on a private net I am
ok.... Otherwise I will need to replace at least 2.   

This is a potential nightmare.... Patching hardware with software is a
weak plan.  All that need to happen is some wise person to figure out
how to replace the patch with their own.  Say good by to our economy if
that happens. 

What a mess!! 

On 2018-01-03 18:12, Matthew Crews wrote:

> I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.
> 
> Sent from ProtonMail [1], Swiss-based encrypted email.
> 
> -------- Original Message --------
> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote: 
> 
> I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD. 
> 
> On 2018-01-03 00:43, Aaron Jones wrote: 
> 
> I read the performance hit for Intel chips will be %35 or so after the fix.  
> 
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent? 
> 
> -eric 
> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept. 
> 
> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote: 
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> 
> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
> 
> Also crucial to note is that AMD chips are not affected by this.
> 
> How the heck does something like this go unnoticed for so long?
> 
> Sent from ProtonMail [2], Swiss-based encrypted email.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1] https://protonmail.com
[2] https://protonmail.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/18259b3d/attachment.html>

From cryptworks at gmail.com  Fri Jan  5 09:41:08 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Fri, 5 Jan 2018 09:41:08 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
Message-ID: <CACS_G9wB8MXhTNRhyq1Rch6dqj+jSyQ4ePWWUY+ia4nYiE_KEQ@mail.gmail.com>

It is certainly a deciding factor in my desire to move to AMD on my CPU
rollout.

On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:

>
> I think they have a moral obligation to destroy all effected chips that
> are in the pipeline.  Dell and others need to stop sales and not continue
> selling until the CPU is fixed.
>
> This is much bigger than we know.  Almost every computer is effected.  The
> intermittent fix is software.  What keeps some smart and devious person
> from creating an app that replaced the patch with their own and then they
> can drain your bank account... crash your automated or self driving car....
> Yikes.
>
> The real solution is a new generation of chips that are not exploitable.
> That means replacing every computer and device that is effected.
>
> This should be a wake up call to all of us.  We are way too dependent on
> computers.
>
> There will be major fireworks over this.  I can see a lot of companies
> getting sued.  And the only ones that win are the lawyers.
>
> This is going to be with us for years.
>
> I have 7 computers that can be or already are connected to the internet.
> A lot of it is old technology, however it's value is in testing.  I am a
> software developer.  As long as I keep them on a private net I am ok....
> Otherwise I will need to replace at least 2.
>
> This is a potential nightmare.... Patching hardware with software is a
> weak plan.  All that need to happen is some wise person to figure out how
> to replace the patch with their own.  Say good by to our economy if that
> happens.
>
> What a mess!!
>
>
>
>
>
>
> On 2018-01-03 18:12, Matthew Crews wrote:
>
> I would be more concerned IF the next gen CPU has this fixed. All's I know
> is that if Intel wants to fix the very next gen, they will need to scrap a
> lot of silicon that has already been finished.
>
>
> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
> email.
>
>
>
>
>
> -------- Original Message --------
> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>
>
> I'm more curious to know which versions of Intel's upcoming chips have
> been fixed already. I would like to upgrade my current workstation in the
> next year and will stick with Intel despite any performance impact over AMD.
>
>
>
> On 2018-01-03 00:43, Aaron Jones wrote:
>
>
> I read the performance hit for Intel chips will be %35 or so after the
> fix.
>
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>
> so, does this mean that the UEFI might get patched first? OR, does the OS
> ecology have to do so first? Lastly, how much of a performance hit will
> this represent?
>
> -eric
> from the central offices of the Technomage Guild, the "oh look! yet
> another bug!" Dept.
>
> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>
>
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> In a nutshell, it is a major security flaw in Intel hardware dating back a
> decade that is requiring a complete kernel rewrite for every major OS
> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
> with a CPU microcode update. Major enough that code comments are redacted
> in the patches until an embargo period is expired. Also the reported fix
> will have a huge performance impact.
>
> Also crucial to note is that AMD chips are not affected by this.
>
> How the heck does something like this go unnoticed for so long?
>
>
>
>
> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
> email.
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/2d9df571/attachment.html>

From mailinglists at mattcrews.com  Fri Jan  5 10:29:32 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Fri, 05 Jan 2018 12:29:32 -0500
Subject: Major Intel Memory Vulnerability
In-Reply-To: <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
Message-ID: <0rFK9djRasZzI-vb_sHeKw-lbZG59M2uEo9w-P0lesBqlHBR-Qq2cLoYvMu80npTjvcomSzp4SDj4V_xelSO9lgZdkNp8Xr2YjSFcAb3U1Y=@mattcrews.com>

>From: techlists at phpcoderusa.com
>I think they have a moral obligation to destroy all effected chips that are in the pipeline.  Dell and others need to stop sales and not continue selling until the CPU is fixed.

Not happening. Nor is Intel issuing a recall.
https://www.cnet.com/news/meltdown-spectre-intel-ceo-no-recall-chip-processor/

>This is much bigger than we know.  Almost every computer is effected.  The intermittent fix is software.  What keeps some smart and devious person from creating an app that replaced the patch with their own and then they can drain your bank account... crash your automated or self driving car.... Yikes.
>
>The real solution is a new generation of chips that are not exploitable.  That means replacing every computer and device that is effected.  

Intel claims that they are issuing firmware and microcode updates that patch Spectre and Meltdown, though I am highly suspicious that it is possible without a complete hardware redesign.

>There will be major fireworks over this.  I can see a lot of companies getting sued.  And the only ones that win are the lawyers.  

Already happening.
https://www.theguardian.com/technology/2018/jan/05/intel-class-action-lawsuits-meltdown-spectre-bugs-computer

>This is going to be with us for years.

Not denying it, but this also illustrates the serious problem with the whole "Internet of Things" ecosystem we find ourselves in. Today it is Intel CPUs, while yesterday it was your car. Tomorrow it could be your pacemaker or your life support system if you are in a hospital.

From PLUGd at LuftHans.com  Fri Jan  5 10:47:14 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Fri, 5 Jan 2018 17:47:14 +0000 (UTC)
Subject: Major Intel Memory Vulnerability
In-Reply-To: <CACS_G9wB8MXhTNRhyq1Rch6dqj+jSyQ4ePWWUY+ia4nYiE_KEQ@mail.gmail.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <CACS_G9wB8MXhTNRhyq1Rch6dqj+jSyQ4ePWWUY+ia4nYiE_KEQ@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801051743090.14234@post>

Am 05. Jan, 2018 schwätzte Stephen Partington so:

> It is certainly a deciding factor in my desire to move to AMD on my CPU
> rollout.

Trying to imagine a car salesperson knowing which CPUs are in a particular
model and utterfly failing.

Luckily IoT generally has so many holes that we don't need to worry about
meltdown and spectre for them...

ciao,

der.hans

> On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:
>
>>
>> I think they have a moral obligation to destroy all effected chips that
>> are in the pipeline.  Dell and others need to stop sales and not continue
>> selling until the CPU is fixed.
>>
>> This is much bigger than we know.  Almost every computer is effected.  The
>> intermittent fix is software.  What keeps some smart and devious person
>> from creating an app that replaced the patch with their own and then they
>> can drain your bank account... crash your automated or self driving car....
>> Yikes.
>>
>> The real solution is a new generation of chips that are not exploitable.
>> That means replacing every computer and device that is effected.
>>
>> This should be a wake up call to all of us.  We are way too dependent on
>> computers.
>>
>> There will be major fireworks over this.  I can see a lot of companies
>> getting sued.  And the only ones that win are the lawyers.
>>
>> This is going to be with us for years.
>>
>> I have 7 computers that can be or already are connected to the internet.
>> A lot of it is old technology, however it's value is in testing.  I am a
>> software developer.  As long as I keep them on a private net I am ok....
>> Otherwise I will need to replace at least 2.
>>
>> This is a potential nightmare.... Patching hardware with software is a
>> weak plan.  All that need to happen is some wise person to figure out how
>> to replace the patch with their own.  Say good by to our economy if that
>> happens.
>>
>> What a mess!!
>>
>>
>>
>>
>>
>>
>> On 2018-01-03 18:12, Matthew Crews wrote:
>>
>> I would be more concerned IF the next gen CPU has this fixed. All's I know
>> is that if Intel wants to fix the very next gen, they will need to scrap a
>> lot of silicon that has already been finished.
>>
>>
>> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
>> email.
>>
>>
>>
>>
>>
>> -------- Original Message --------
>> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>
>>
>> I'm more curious to know which versions of Intel's upcoming chips have
>> been fixed already. I would like to upgrade my current workstation in the
>> next year and will stick with Intel despite any performance impact over AMD.
>>
>>
>>
>> On 2018-01-03 00:43, Aaron Jones wrote:
>>
>>
>> I read the performance hit for Intel chips will be %35 or so after the
>> fix.
>>
>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>
>> so, does this mean that the UEFI might get patched first? OR, does the OS
>> ecology have to do so first? Lastly, how much of a performance hit will
>> this represent?
>>
>> -eric
>> from the central offices of the Technomage Guild, the "oh look! yet
>> another bug!" Dept.
>>
>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>
>>
>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>
>> In a nutshell, it is a major security flaw in Intel hardware dating back a
>> decade that is requiring a complete kernel rewrite for every major OS
>> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
>> with a CPU microcode update. Major enough that code comments are redacted
>> in the patches until an embargo period is expired. Also the reported fix
>> will have a huge performance impact.
>>
>> Also crucial to note is that AMD chips are not affected by this.
>>
>> How the heck does something like this go unnoticed for so long?
>>
>>
>>
>>
>> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
>> email.
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  The Internet is the front line of the battle
#  to protect our freedom. -- Nathaniel Borenstein

From eric.oyen at icloud.com  Fri Jan  5 11:27:38 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Fri, 05 Jan 2018 11:27:38 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
Message-ID: <F8071162-1449-4894-BBA5-E9E3BAEA7373@icloud.com>

oh boy. This sounds like another Y2K problem, only this one has some reality about it and real consequences.

-eric
from the central offices of the Technomage Guild, Truth or Consequences Dept.

On Jan 5, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:

> 
> I think they have a moral obligation to destroy all effected chips that are in the pipeline.  Dell and others need to stop sales and not continue selling until the CPU is fixed.
> 
> This is much bigger than we know.  Almost every computer is effected.  The intermittent fix is software.  What keeps some smart and devious person from creating an app that replaced the patch with their own and then they can drain your bank account... crash your automated or self driving car.... Yikes.
> 
> The real solution is a new generation of chips that are not exploitable.  That means replacing every computer and device that is effected.  
> 
> This should be a wake up call to all of us.  We are way too dependent on computers.
> 
> There will be major fireworks over this.  I can see a lot of companies getting sued.  And the only ones that win are the lawyers.  
> 
> This is going to be with us for years.
> 
> I have 7 computers that can be or already are connected to the internet.  A lot of it is old technology, however it's value is in testing.  I am a software developer.  As long as I keep them on a private net I am ok.... Otherwise I will need to replace at least 2.  
> 
> This is a potential nightmare.... Patching hardware with software is a weak plan.  All that need to happen is some wise person to figure out how to replace the patch with their own.  Say good by to our economy if that happens.
> 
> What a mess!!
> 
> 
> 
> 
> 
>  
> 
> 
> On 2018-01-03 18:12, Matthew Crews wrote:
> 
>> I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.
>> 
>> 
>> Sent from ProtonMail, Swiss-based encrypted email.
>> 
>> 
>> 
>> 
>> 
>> -------- Original Message --------
>> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>> 
>> 
>> I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD.
>> 
>> 
>> 
>> 
>> 
>> On 2018-01-03 00:43, Aaron Jones wrote:
>> 
>>  
>> I read the performance hit for Intel chips will be %35 or so after the fix. 
>> 
>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>> 
>> so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>  
>> -eric
>> from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>> 
>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>> 
>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>> 
>> In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>> 
>> Also crucial to note is that AMD chips are not affected by this.
>> 
>> How the heck does something like this go unnoticed for so long?
>> 
>> 
>> 
>> 
>> Sent from ProtonMail, Swiss-based encrypted email.
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/2bc7410d/attachment.html>

From cryptworks at gmail.com  Fri Jan  5 11:40:20 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Fri, 5 Jan 2018 11:40:20 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <alpine.DEB.2.11.1801051743090.14234@post>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <CACS_G9wB8MXhTNRhyq1Rch6dqj+jSyQ4ePWWUY+ia4nYiE_KEQ@mail.gmail.com>
 <alpine.DEB.2.11.1801051743090.14234@post>
Message-ID: <CACS_G9wv7ZrA8528Ki=nUbwLxMxUM4mKDtJ8nqcF0dHFOKMHkA@mail.gmail.com>

​I still do not want my car to be the massively online thing that car
makers seem to think is the bes thing ever. cause they have no clue what
security is.​

Leave my car dumb, gime a bluetooth interface to my phone and leave me be...


And get off my lawn :-P

On Fri, Jan 5, 2018 at 10:47 AM, der.hans <PLUGd at lufthans.com> wrote:

> Am 05. Jan, 2018 schwätzte Stephen Partington so:
>
> It is certainly a deciding factor in my desire to move to AMD on my CPU
>> rollout.
>>
>
> Trying to imagine a car salesperson knowing which CPUs are in a particular
> model and utterfly failing.
>
> Luckily IoT generally has so many holes that we don't need to worry about
> meltdown and spectre for them...
>
> ciao,
>
> der.hans
>
> On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:
>>
>>
>>> I think they have a moral obligation to destroy all effected chips that
>>> are in the pipeline.  Dell and others need to stop sales and not continue
>>> selling until the CPU is fixed.
>>>
>>> This is much bigger than we know.  Almost every computer is effected.
>>> The
>>> intermittent fix is software.  What keeps some smart and devious person
>>> from creating an app that replaced the patch with their own and then they
>>> can drain your bank account... crash your automated or self driving
>>> car....
>>> Yikes.
>>>
>>> The real solution is a new generation of chips that are not exploitable.
>>> That means replacing every computer and device that is effected.
>>>
>>> This should be a wake up call to all of us.  We are way too dependent on
>>> computers.
>>>
>>> There will be major fireworks over this.  I can see a lot of companies
>>> getting sued.  And the only ones that win are the lawyers.
>>>
>>> This is going to be with us for years.
>>>
>>> I have 7 computers that can be or already are connected to the internet.
>>> A lot of it is old technology, however it's value is in testing.  I am a
>>> software developer.  As long as I keep them on a private net I am ok....
>>> Otherwise I will need to replace at least 2.
>>>
>>> This is a potential nightmare.... Patching hardware with software is a
>>> weak plan.  All that need to happen is some wise person to figure out how
>>> to replace the patch with their own.  Say good by to our economy if that
>>> happens.
>>>
>>> What a mess!!
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 2018-01-03 18:12, Matthew Crews wrote:
>>>
>>> I would be more concerned IF the next gen CPU has this fixed. All's I
>>> know
>>> is that if Intel wants to fix the very next gen, they will need to scrap
>>> a
>>> lot of silicon that has already been finished.
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
>>>
>>> email.
>>>
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>>
>>>
>>> I'm more curious to know which versions of Intel's upcoming chips have
>>> been fixed already. I would like to upgrade my current workstation in the
>>> next year and will stick with Intel despite any performance impact over
>>> AMD.
>>>
>>>
>>>
>>> On 2018-01-03 00:43, Aaron Jones wrote:
>>>
>>>
>>> I read the performance hit for Intel chips will be %35 or so after the
>>> fix.
>>>
>>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>
>>> so, does this mean that the UEFI might get patched first? OR, does the OS
>>> ecology have to do so first? Lastly, how much of a performance hit will
>>> this represent?
>>>
>>> -eric
>>> from the central offices of the Technomage Guild, the "oh look! yet
>>> another bug!" Dept.
>>>
>>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>
>>>
>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>
>>> In a nutshell, it is a major security flaw in Intel hardware dating back
>>> a
>>> decade that is requiring a complete kernel rewrite for every major OS
>>> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched
>>> out
>>> with a CPU microcode update. Major enough that code comments are redacted
>>> in the patches until an embargo period is expired. Also the reported fix
>>> will have a huge performance impact.
>>>
>>> Also crucial to note is that AMD chips are not affected by this.
>>>
>>> How the heck does something like this go unnoticed for so long?
>>>
>>>
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
>>> email.
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>
>>
>>
>>
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  The Internet is the front line of the battle
> #  to protect our freedom. -- Nathaniel Borenstein
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/442f89a9/attachment.html>

From sesso at djsesso.com  Fri Jan  5 11:45:36 2018
From: sesso at djsesso.com (sesso at djsesso.com)
Date: Fri, 05 Jan 2018 11:45:36 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <CACS_G9wv7ZrA8528Ki=nUbwLxMxUM4mKDtJ8nqcF0dHFOKMHkA@mail.gmail.com>
Message-ID: <468oik6piaci2angtg4c4791.1515177936029@email.android.com>

Spectre also affected AMD. Nobody is safe. 

Regards,

Jason
________________________________
From: Stephen Partington <cryptworks at gmail.com>
Sent: Friday, January 5, 2018 11:40 AM
To: Main PLUG discussion list
Subject: Re: Major Intel Memory Vulnerability

​I still do not want my car to be the massively online thing that car makers seem to think is the bes thing ever. cause they have no clue what security is.​

Leave my car dumb, gime a bluetooth interface to my phone and leave me be...


And get off my lawn :-P

On Fri, Jan 5, 2018 at 10:47 AM, der.hans <PLUGd at lufthans.com> wrote:
>
> Am 05. Jan, 2018 schwätzte Stephen Partington so:
>
>> It is certainly a deciding factor in my desire to move to AMD on my CPU
>> rollout.
>
>
> Trying to imagine a car salesperson knowing which CPUs are in a particular
> model and utterfly failing.
>
> Luckily IoT generally has so many holes that we don't need to worry about
> meltdown and spectre for them...
>
> ciao,
>
> der.hans
>
>> On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:
>>
>>>
>>> I think they have a moral obligation to destroy all effected chips that
>>> are in the pipeline.  Dell and others need to stop sales and not continue
>>> selling until the CPU is fixed.
>>>
>>> This is much bigger than we know.  Almost every computer is effected.  The
>>> intermittent fix is software.  What keeps some smart and devious person
>>> from creating an app that replaced the patch with their own and then they
>>> can drain your bank account... crash your automated or self driving car....
>>> Yikes.
>>>
>>> The real solution is a new generation of chips that are not exploitable.
>>> That means replacing every computer and device that is effected.
>>>
>>> This should be a wake up call to all of us.  We are way too dependent on
>>> computers.
>>>
>>> There will be major fireworks over this.  I can see a lot of companies
>>> getting sued.  And the only ones that win are the lawyers.
>>>
>>> This is going to be with us for years.
>>>
>>> I have 7 computers that can be or already are connected to the internet.
>>> A lot of it is old technology, however it's value is in testing.  I am a
>>> software developer.  As long as I keep them on a private net I am ok....
>>> Otherwise I will need to replace at least 2.
>>>
>>> This is a potential nightmare.... Patching hardware with software is a
>>> weak plan.  All that need to happen is some wise person to figure out how
>>> to replace the patch with their own.  Say good by to our economy if that
>>> happens.
>>>
>>> What a mess!!
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 2018-01-03 18:12, Matthew Crews wrote:
>>>
>>> I would be more concerned IF the next gen CPU has this fixed. All's I know
>>> is that if Intel wants to fix the very next gen, they will need to scrap a
>>> lot of silicon that has already been finished.
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
>>>
>>> email.
>>>
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>>
>>>
>>> I'm more curious to know which versions of Intel's upcoming chips have
>>> been fixed already. I would like to upgrade my current workstation in the
>>> next year and will stick with Intel despite any performance impact over AMD.
>>>
>>>
>>>
>>> On 2018-01-03 00:43, Aaron Jones wrote:
>>>
>>>
>>> I read the performance hit for Intel chips will be %35 or so after the
>>> fix.
>>>
>>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>
>>> so, does this mean that the UEFI might get patched first? OR, does the OS
>>> ecology have to do so first? Lastly, how much of a performance hit will
>>> this represent?
>>>
>>> -eric
>>> from the central offices of the Technomage Guild, the "oh look! yet
>>> another bug!" Dept.
>>>
>>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>
>>>
>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>
>>> In a nutshell, it is a major security flaw in Intel hardware dating back a
>>> decade that is requiring a complete kernel rewrite for every major OS
>>> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
>>> with a CPU microcode update. Major enough that code comments are redacted
>>> in the patches until an embargo period is expired. Also the reported fix
>>> will have a huge performance impact.
>>>
>>> Also crucial to note is that AMD chips are not affected by this.
>>>
>>> How the heck does something like this go unnoticed for so long?
>>>
>>>
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
>>> email.
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>>
>
> -- 
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  The Internet is the front line of the battle
> #  to protect our freedom. -- Nathaniel Borenstein
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss




-- 
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/2842fd90/attachment.html>

From vodhner at cox.net  Fri Jan  5 12:06:59 2018
From: vodhner at cox.net (Victor Odhner)
Date: Fri, 5 Jan 2018 12:06:59 -0700
Subject: OT: Major Intel Memory Vulnerability - worse than Y2K?
In-Reply-To: <uiTk1w01Q1oaZ9c01iTx53>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com> <uiTk1w01Q1oaZ9c01iTx53>
Message-ID: <62BAF3A9-F2CF-42C7-BA4B-EBCD96F2EC40@cox.net>

So, Eric — You don’t think Y2K had consequences?
:)

It just happened to be a raft of stupid bugs that the industry dealt with in time.
I was coding around Y2K bugs as early as 1979, as were lots of other people, just matter of factly planning on Y2K, but some of the older and more primitive stuff wasn’t being looked at until the late 1990s, and lots of production lines would have gone nuts.

As for how much damage this year's vulnerability will do, yeah, strap in for the ride. Hopefully it will help people think about Internet of Things. (Banned from my house, as much as possible, but I can’t control my Vizio TV.)

And self-driving cars are going to be scarey, but I’ll need a driver in another 10 years if I’m still around. I might already be more dangerous behind the wheel than a compromised automatic driver . . . . But I agree with Stephen, at least they need an air gap between the Internet and the robotic driver.

Even then, some rich kids *will* get kidnapped on the way to school by their hacked chauffeur-bots, it’s bound to happen, too obvious. And remember the TV series “Extant,” where the top robotics guy was assassinated by the central computer which locked him in his car on the railroad track. (I’m sorry, Dave….)
______________________

On 20180105, at 11:27, Eric Oyen <eric.oyen at icloud.com> wrote:

oh boy. This sounds like another Y2K problem, only this one has some reality about it and real consequences.

-eric
from the central offices of the Technomage Guild, Truth or Consequences Dept.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/ef1c8b0a/attachment.html>

From techlists at phpcoderusa.com  Fri Jan  5 12:24:04 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Fri, 05 Jan 2018 12:24:04 -0700
Subject: Major Intel Memory Vulnerability
In-Reply-To: <CACS_G9wv7ZrA8528Ki=nUbwLxMxUM4mKDtJ8nqcF0dHFOKMHkA@mail.gmail.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <CACS_G9wB8MXhTNRhyq1Rch6dqj+jSyQ4ePWWUY+ia4nYiE_KEQ@mail.gmail.com>
 <alpine.DEB.2.11.1801051743090.14234@post>
 <CACS_G9wv7ZrA8528Ki=nUbwLxMxUM4mKDtJ8nqcF0dHFOKMHkA@mail.gmail.com>
Message-ID: <2293e4c7c36133502aa82821bd483064@phpcoderusa.com>

I think my next car will be some old iron without any of the modern
electronic.... 

On 2018-01-05 11:40, Stephen Partington wrote:

> I still do not want my car to be the massively online thing that car makers seem to think is the bes thing ever. cause they have no clue what security is. 
> 
> Leave my car dumb, gime a bluetooth interface to my phone and leave me be... 
> 
> And get off my lawn :-P 
> 
> On Fri, Jan 5, 2018 at 10:47 AM, der.hans <PLUGd at lufthans.com> wrote:
> Am 05. Jan, 2018 schwätzte Stephen Partington so:
> 
> It is certainly a deciding factor in my desire to move to AMD on my CPU
> rollout. Trying to imagine a car salesperson knowing which CPUs are in a particular
> model and utterfly failing.
> 
> Luckily IoT generally has so many holes that we don't need to worry about
> meltdown and spectre for them...
> 
> ciao,
> 
> der.hans
> 
> On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:
> 
> I think they have a moral obligation to destroy all effected chips that
> are in the pipeline.  Dell and others need to stop sales and not continue
> selling until the CPU is fixed.
> 
> This is much bigger than we know.  Almost every computer is effected.  The
> intermittent fix is software.  What keeps some smart and devious person
> from creating an app that replaced the patch with their own and then they
> can drain your bank account... crash your automated or self driving car....
> Yikes.
> 
> The real solution is a new generation of chips that are not exploitable.
> That means replacing every computer and device that is effected.
> 
> This should be a wake up call to all of us.  We are way too dependent on
> computers.
> 
> There will be major fireworks over this.  I can see a lot of companies
> getting sued.  And the only ones that win are the lawyers.
> 
> This is going to be with us for years.
> 
> I have 7 computers that can be or already are connected to the internet.
> A lot of it is old technology, however it's value is in testing.  I am a
> software developer.  As long as I keep them on a private net I am ok....
> Otherwise I will need to replace at least 2.
> 
> This is a potential nightmare.... Patching hardware with software is a
> weak plan.  All that need to happen is some wise person to figure out how
> to replace the patch with their own.  Say good by to our economy if that
> happens.
> 
> What a mess!!
> 
> On 2018-01-03 18:12, Matthew Crews wrote:
> 
> I would be more concerned IF the next gen CPU has this fixed. All's I know
> is that if Intel wants to fix the very next gen, they will need to scrap a
> lot of silicon that has already been finished.
> 
> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted 
> 
> email.
> 
> -------- Original Message --------
> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
> 
> I'm more curious to know which versions of Intel's upcoming chips have
> been fixed already. I would like to upgrade my current workstation in the
> next year and will stick with Intel despite any performance impact over AMD.
> 
> On 2018-01-03 00:43, Aaron Jones wrote:
> 
> I read the performance hit for Intel chips will be %35 or so after the
> fix.
> 
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> so, does this mean that the UEFI might get patched first? OR, does the OS
> ecology have to do so first? Lastly, how much of a performance hit will
> this represent?
> 
> -eric
> from the central offices of the Technomage Guild, the "oh look! yet
> another bug!" Dept.
> 
> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
> 
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ [1]
> 
> In a nutshell, it is a major security flaw in Intel hardware dating back a
> decade that is requiring a complete kernel rewrite for every major OS
> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
> with a CPU microcode update. Major enough that code comments are redacted
> in the patches until an embargo period is expired. Also the reported fix
> will have a huge performance impact.
> 
> Also crucial to note is that AMD chips are not affected by this.
> 
> How the heck does something like this go unnoticed for so long?
> 
> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
> email.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]

-- 
 #  https://www.LuftHans.com   https://www.PhxLinux.org
 #  The Internet is the front line of the battle
#  to protect our freedom. -- Nathaniel Borenstein
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] 

  -- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1] https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
[2] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/be08db80/attachment.html>

From eric.oyen at icloud.com  Fri Jan  5 12:35:02 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Fri, 05 Jan 2018 12:35:02 -0700
Subject: OT: Major Intel Memory Vulnerability - worse than Y2K?
In-Reply-To: <62BAF3A9-F2CF-42C7-BA4B-EBCD96F2EC40@cox.net>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <uiTk1w01Q1oaZ9c01iTx53@mac.com>
 <62BAF3A9-F2CF-42C7-BA4B-EBCD96F2EC40@cox.net>
Message-ID: <695755C4-B33C-4D0D-AEC5-21C77A3D0E1A@icloud.com>

well, that was a known factor well ahead of time. This situation is different. Intel KNEW there might be a problem with this method of memory processing. They just didn't know how big a problem it could turn out to be. And all of these chips are in everything from routers, to servers to switches and even devices used in the smart home. That is slightly more than $3 trillion worth of infrastructure and commodity equippment that many consumers have bought since then. This includes smart phones (which can be as expensive as $1,000 a throw). That's a hell of a lot of exposure that Intel will have to deal with and they don't have nearly enough capital to even touch a small part of this mess.

-eric
from the central offices of the Technomage Guild, "The world does not die with a bang, but a whimper" dept.

On Jan 5, 2018, at 12:06 PM, Victor Odhner wrote:

> So, Eric — You don’t think Y2K had consequences?
> :)
> 
> It just happened to be a raft of stupid bugs that the industry dealt with in time.
> I was coding around Y2K bugs as early as 1979, as were lots of other people, just matter of factly planning on Y2K, but some of the older and more primitive stuff wasn’t being looked at until the late 1990s, and lots of production lines would have gone nuts.
> 
> As for how much damage this year's vulnerability will do, yeah, strap in for the ride. Hopefully it will help people think about Internet of Things. (Banned from my house, as much as possible, but I can’t control my Vizio TV.)
> 
> And self-driving cars are going to be scarey, but I’ll need a driver in another 10 years if I’m still around. I might already be more dangerous behind the wheel than a compromised automatic driver . . . . But I agree with Stephen, at least they need an air gap between the Internet and the robotic driver.
> 
> Even then, some rich kids *will* get kidnapped on the way to school by their hacked chauffeur-bots, it’s bound to happen, too obvious. And remember the TV series “Extant,” where the top robotics guy was assassinated by the central computer which locked him in his car on the railroad track. (I’m sorry, Dave….)
> ______________________
> 
> On 20180105, at 11:27, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> oh boy. This sounds like another Y2K problem, only this one has some reality about it and real consequences.
> 
> -eric
> from the central offices of the Technomage Guild, Truth or Consequences Dept.
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/f209f365/attachment.html>

From mailinglists at mattcrews.com  Fri Jan  5 12:53:36 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Fri, 05 Jan 2018 14:53:36 -0500
Subject: OT: Meltdown and Spectre - worse than Y2K?
Message-ID: <hu4mfcOb4EFpFm8gVO4HxVn3khjUaCpz02RbiWATUQ32X77Vy9f4pYiab1Qdc66_toaZtzlS2AQyWDOJe62O3X8gnjmhEp7HbeMrEf13BGY=@mattcrews.com>

>-------- Original Message --------
>Subject: Re: OT: Major Intel Memory Vulnerability - worse than Y2K?
>Local Time: January 5, 2018 12:35 PM
>UTC Time: January 5, 2018 7:35 PM
>From: eric.oyen at icloud.com
>To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>
>well, that was a known factor well ahead of time. This situation is different. Intel KNEW there might be a problem with this method of memory processing. They just didn't know how big a problem it could turn out to be. And all of these chips are in everything from routers, to servers to switches and even devices used in the smart home. That is slightly more than $3 trillion worth of infrastructure and commodity equippment that many consumers have bought since then. This includes smart phones (which can be as expensive as $1,000 a throw). That's a hell of a lot of exposure that Intel will have to deal with and they don't have nearly enough capital to even touch a small part of this mess.

To be clear, if we are talking Spectre, then it isn't just Intel involved, it is most (all?) silicon vendors for the last decade or more. Meltdown is also known to affect some silicon vendors besides Intel.

As for the impact, then yeah this will haunt us for some time. I'm less concerned about systems that are upgraded or patched, but at-large this WILL go unpatched on working systems for a long time, if at all. (billions of cell phones still operating that won't receive firmware updates, and millions and millions of servers and desktop/laptop machines that will never be fixed either).

From techlists at phpcoderusa.com  Fri Jan  5 12:55:04 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Fri, 05 Jan 2018 12:55:04 -0700
Subject: Cyrix
Message-ID: <7d20dfa452902a388f6eaaabc92b3d7c@phpcoderusa.com>

Hi, 

I seem to recall in the early 90's Cyrix chips were less expensive that
Intel and AMD. 

I also seem to recall there was a bug in their math logic.  I do not
recall hearing of Cyrix after that.  

Anyone recall what happened?  I did some research and found the coma bug
-- however I do not think that was it.   

Thinking about what Intel is going through made me think of Cyrix. 

I would not doubt Intel goes out of business and comes back as something
else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/d2b48745/attachment.html>

From cryptworks at gmail.com  Fri Jan  5 13:14:23 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Fri, 5 Jan 2018 13:14:23 -0700
Subject: Cyrix
In-Reply-To: <7d20dfa452902a388f6eaaabc92b3d7c@phpcoderusa.com>
References: <7d20dfa452902a388f6eaaabc92b3d7c@phpcoderusa.com>
Message-ID: <CACS_G9yDA=OwGwmHizW1fBcKOM4XtQYHzOxf3ezVNZ3xqgMo4A@mail.gmail.com>

Cyrix  had some very innovative tech in them putting them on part with AMD
and Intel for certain things. but they went under in 1997, and their assets
went to AMD and VIA

On Fri, Jan 5, 2018 at 12:55 PM, <techlists at phpcoderusa.com> wrote:

>
> Hi,
>
> I seem to recall in the early 90's Cyrix chips were less expensive that
> Intel and AMD.
>
> I also seem to recall there was a bug in their math logic.  I do not
> recall hearing of Cyrix after that.
>
> Anyone recall what happened?  I did some research and found the coma bug
> -- however I do not think that was it.
>
> Thinking about what Intel is going through made me think of Cyrix.
>
> I would not doubt Intel goes out of business and comes back as something
> else.
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/0292ecb5/attachment.html>

From matt at birchwood-abbey.net  Fri Jan  5 13:51:04 2018
From: matt at birchwood-abbey.net (Matt Birkholz)
Date: Fri, 05 Jan 2018 13:51:04 -0700
Subject: HTML5 as JS
In-Reply-To: <CAH1v-qgKd6uGVcpqaqG=pE8Sx_mNk+97swwrsAZ+YotDpSM-=Q@mail.gmail.com>
References: <alpine.DEB.2.11.1801041714370.14234@post>
 <CAH1v-qgJ4bnKWxe=JTEU4xqoJ8ySVDdT4CcU0fWGeSgMnh08DA@mail.gmail.com>
 <alpine.DEB.2.11.1801042349010.14234@post>
 <CAO2XAM4v=QPyyST8BWnK84NQpYn-KEQRqCWMLv5X6D0948cxKQ@mail.gmail.com>
 <CAH1v-qggbt6vd8tfy_onBAT-y4sHZQr--PkGZqbRN4esdjfD8g@mail.gmail.com>
 <CAJRA9dywxOr7ot7m-r7rTnFAyW7QUZx3Yw6VCep40tJ4UC0g1w@mail.gmail.com>
 <alpine.DEB.2.11.1801050831450.14234@post>
 <CAJRA9dyyahfKjapd6pVYi1R0w0+irw401yCqCZvvghG7N5t+ZA@mail.gmail.com>
 <CAH1v-qgKd6uGVcpqaqG=pE8Sx_mNk+97swwrsAZ+YotDpSM-=Q@mail.gmail.com>
Message-ID: <1515185464.6438.2.camel@birchwood-abbey.net>

Thanks, Herminio, for

    https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html

in which I was surprised to read the following.

    It is theoretically possible to program in HTML and CSS, but in
    practice this capability is limited and inconvenient; merely to
    make it do something is an impressive hack.

So I echo der.hans and ask again: HTML5 as JS?  Is this a thing now?!

I do NOT ask "Can we expect w3.org to keep these things off us?"
because I don't want to sound like a serf.  I dare ask "Can we pepper
our banks and grocery stores with requests that appear to come from
browsers that do not support HTML5 nor JS?" and I ask this because I
expect the free market to listen like no leet standards body flogging
a dead mandate.

[Brought to you by Honest To Goodness text/plain.]


From slitt at troubleshooters.com  Fri Jan  5 23:48:20 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Sat, 6 Jan 2018 01:48:20 -0500
Subject: Y2K was real: was Major Intel Memory Vulnerability
In-Reply-To: <F8071162-1449-4894-BBA5-E9E3BAEA7373@icloud.com>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <F8071162-1449-4894-BBA5-E9E3BAEA7373@icloud.com>
Message-ID: <20180106014820.6fe8d806@mydesk.domain.cxm>

On Fri, 05 Jan 2018 11:27:38 -0700
Eric Oyen <eric.oyen at icloud.com> wrote:

> oh boy. This sounds like another Y2K problem, only this one has some
> reality about it and real consequences.

Y2K was completely real, and would have had real consequences if our
society hadn't taken three years to fix most of it. We were fortunate
that in those days society was willing to put in hard work to fix a
future problem, rather than "kicking the can down the road."

Between 1984 and 1991 I wrote plenty of software using 2 digit years.
So did everyone else. Much of the Cobol from the 1960's onward used 2
digit dates to save memory, which was very precious back then. Much of
that software was still used in 1999, and some is still used today. It
got fixed.

It's speculation what would have happened if our entire society hadn't
pitched in and fixed most software in 1997-1999, but it's my opinion
that if we'd done then what we'd surely do now (call it somebody else's
problem, keep prioritizing our own little lives and those of our
corporations, and do nothing), we'd be bartering gold for tuna and water
for bullets.

None of this is to imply that Meltdown and Spectre aren't a very big
deal. Just don't think Y2K was no big deal because we did the necessary
work to fix it proactively.

SteveT

Steve Litt 
December 2017 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive

From plug-announce at lists.phxlinux.org  Sat Jan  6 01:57:01 2018
From: plug-announce at lists.phxlinux.org (PLUG Announcements)
Date: Sat, 6 Jan 2018 01:57:01 -0700
Subject: The Installfest for Jan 6th (today) has been moved
Message-ID: <mailman.285.1515229023.304.plug-announce@lists.phxlinux.org>

Due to a last second scheduling conflict we have had to move the 
Installfest to an alternate location.
We are very sorry for the inconvenience.

This installfest for January 6th will be at:
Xtreme Bean Coffee Co, 1707 East Southern Avenue, Tempe, AZ

Future Installfest will be back at the regular location.

Brian Cluff

_______________________________________________
PLUG-announce mailing list  -  PLUG-announce at lists.phxlinux.org
http://lists.phxlinux.org/mailman/listinfo/plug-announce
PLUG Website at http://plug.phoenix.az.us

From cryptworks at gmail.com  Sat Jan  6 09:53:27 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sat, 6 Jan 2018 09:53:27 -0700
Subject: Y2K was real: was Major Intel Memory Vulnerability
In-Reply-To: <20180106014820.6fe8d806@mydesk.domain.cxm>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <F8071162-1449-4894-BBA5-E9E3BAEA7373@icloud.com>
 <20180106014820.6fe8d806@mydesk.domain.cxm>
Message-ID: <CACS_G9wBeqPUrO+AqYr=rC6yX5foOOk5DQijTF=Pdej89ez-2A@mail.gmail.com>

The big difference is that was mostly resolved via software. Intel issue is
much harder.

On Jan 5, 2018 11:48 PM, "Steve Litt" <slitt at troubleshooters.com> wrote:

> On Fri, 05 Jan 2018 11:27:38 -0700
> Eric Oyen <eric.oyen at icloud.com> wrote:
>
> > oh boy. This sounds like another Y2K problem, only this one has some
> > reality about it and real consequences.
>
> Y2K was completely real, and would have had real consequences if our
> society hadn't taken three years to fix most of it. We were fortunate
> that in those days society was willing to put in hard work to fix a
> future problem, rather than "kicking the can down the road."
>
> Between 1984 and 1991 I wrote plenty of software using 2 digit years.
> So did everyone else. Much of the Cobol from the 1960's onward used 2
> digit dates to save memory, which was very precious back then. Much of
> that software was still used in 1999, and some is still used today. It
> got fixed.
>
> It's speculation what would have happened if our entire society hadn't
> pitched in and fixed most software in 1997-1999, but it's my opinion
> that if we'd done then what we'd surely do now (call it somebody else's
> problem, keep prioritizing our own little lives and those of our
> corporations, and do nothing), we'd be bartering gold for tuna and water
> for bullets.
>
> None of this is to imply that Meltdown and Spectre aren't a very big
> deal. Just don't think Y2K was no big deal because we did the necessary
> work to fix it proactively.
>
> SteveT
>
> Steve Litt
> December 2017 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180106/f0a61867/attachment.html>

From techlists at phpcoderusa.com  Sat Jan  6 10:22:27 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sat, 06 Jan 2018 10:22:27 -0700
Subject: Y2K was real: was Major Intel Memory Vulnerability
In-Reply-To: <20180106014820.6fe8d806@mydesk.domain.cxm>
References: <suJyONuHfthgI9P8w4rS47ApeJWoJPyHrwk5Tv1Rl6TaroVL3hNoU2K2B16IScxK4UEElJ7DNPcABfwoLnNjjXxAr-MOjmbhBrAXisvPvgI=@mattcrews.com>
 <16BB4047-2DBC-44DE-9535-7A676E043A14@icloud.com>
 <E34912D7-D902-484B-BCA1-E18984D4ECBF@gmail.com>
 <a56ed1e927259c13fc8b6f8d7529c459@codezilla.xyz>
 <ZVQL1rR2KdNbgN5sFBiBGsnb_19nQNzneqCgKdDSAg7zD_EgKqeBoztzE8o90pi0EWdr2t653YUikTnGmfwHRny77YVYeWjc-Z8pHq9wbv0=@mattcrews.com>
 <3d024dea228d87c87cf4da8118da08aa@phpcoderusa.com>
 <F8071162-1449-4894-BBA5-E9E3BAEA7373@icloud.com>
 <20180106014820.6fe8d806@mydesk.domain.cxm>
Message-ID: <65fc984586826d8350cf29a04aaf0d9a@phpcoderusa.com>



I'm not sure how one can compare Y2K with Meltdown and Spectre.  We know 
there was a point when Y2K would become a problem.  That was 1/1/2000... 
Meltdown and Spectre are different.  Millions of computers and maybe 
even more devices and embedded systems are affected today. We have no 
time to fix.  No fix by date.  The other issue is 18 years ago we were 
just beginning to rely on computers. Today we have a generation that 
does not know what not having computers, cellular, or smart phones would 
be like.  Maybe I am being overly dramatic... However I think Meltdown 
and Spectre are by far bigger than Y2K.

And the solution? Fix a hardware issue with software.  Yikes.  Apply a 
patch that a hacker can remove and apply their's and own a computer or a 
network of computers. Just think of the possibilities.  What if it is a 
computer that manages nuclear launch sequence? Maybe it is your banks 
computer system...  I wish I were naive enough to think everything will 
be ok.

We need to wise up.  We are in a pickle.  We have been in a pickle.  
Look at at the data breaches over the past year.  The Experian data 
breach effects all of us. By the way Experian is a private company that 
holds all your financial data. Sounds like they are violating our 
privacy.  3 or 4 years ago the Maricopa college system was breach. If 
you attended classes or even one class at Maricopa Community College you 
could be effected.  The one I like the most is the guy to took a disk 
home that contained 2.6 million veterans data and his house was 
burglarized and the disk was at large for several days.  We were told no 
one accessed that data. I trust my Government so I am sure they are 
right.

Computers come with a lot of great befits, however there sure seems to 
be a big price for those benefits.




On 2018-01-05 23:48, Steve Litt wrote:
> On Fri, 05 Jan 2018 11:27:38 -0700
> Eric Oyen <eric.oyen at icloud.com> wrote:
> 
>> oh boy. This sounds like another Y2K problem, only this one has some
>> reality about it and real consequences.
> 
> Y2K was completely real, and would have had real consequences if our
> society hadn't taken three years to fix most of it. We were fortunate
> that in those days society was willing to put in hard work to fix a
> future problem, rather than "kicking the can down the road."
> 
> Between 1984 and 1991 I wrote plenty of software using 2 digit years.
> So did everyone else. Much of the Cobol from the 1960's onward used 2
> digit dates to save memory, which was very precious back then. Much of
> that software was still used in 1999, and some is still used today. It
> got fixed.
> 
> It's speculation what would have happened if our entire society hadn't
> pitched in and fixed most software in 1997-1999, but it's my opinion
> that if we'd done then what we'd surely do now (call it somebody else's
> problem, keep prioritizing our own little lives and those of our
> corporations, and do nothing), we'd be bartering gold for tuna and 
> water
> for bullets.
> 
> None of this is to imply that Meltdown and Spectre aren't a very big
> deal. Just don't think Y2K was no big deal because we did the necessary
> work to fix it proactively.
> 
> SteveT
> 
> Steve Litt
> December 2017 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From techlists at phpcoderusa.com  Sat Jan  6 10:52:54 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sat, 06 Jan 2018 10:52:54 -0700
Subject: opportunity in chaos
Message-ID: <8d4e07419fbc913c3fd8b3223081b1c0@phpcoderusa.com>

About 20 years ago my then manager told me "there is opportunity in
chaos".   

Probably too early to ask, however given current events... I wonder what
the opportunities are in this chaos......?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180106/8740ec36/attachment.html>

From michael at butash.net  Sat Jan  6 11:14:19 2018
From: michael at butash.net (Michael Butash)
Date: Sat, 6 Jan 2018 11:14:19 -0700
Subject: opportunity in chaos
In-Reply-To: <8d4e07419fbc913c3fd8b3223081b1c0@phpcoderusa.com>
References: <8d4e07419fbc913c3fd8b3223081b1c0@phpcoderusa.com>
Message-ID: <CADWnDssAV3Y=cEFLpvC-zUCXZfQDiqpkTa3bYPvUgGA+rHAvMA@mail.gmail.com>

Everyone is looking for managed security services provider solutions, as
they are scared to be blamed themselves when they know their security isn't
up to spec, and want a finger to point at if/when exposed.

Full disclosure, we sell said mssp services, and business is good.

-mb

On Sat, Jan 6, 2018 at 10:52 AM, <techlists at phpcoderusa.com> wrote:

>
> About 20 years ago my then manager told me "there is opportunity in
> chaos".
>
> Probably too early to ask, however given current events... I wonder what
> the opportunities are in this chaos......?
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180106/970d355d/attachment.html>

From plug-announce at lists.phxlinux.org  Sun Jan  7 14:52:29 2018
From: plug-announce at lists.phxlinux.org (PLUG Announcements)
Date: Sun, 7 Jan 2018 14:52:29 -0700
Subject: PLUG Meeting topic for Thursday January 9th
Message-ID: <mailman.286.1515361951.304.plug-announce@lists.phxlinux.org>


  PLUG Meeting for January 11th

------------------------------------------------------------------------


    Stephen Partington will present "LVM Cache Round 2, now with some
    real use"


    Plus More ... TBA*
    *


    *For more info, Meeting time and location see:*

**
*http://phxlinux.org/index.php/meetings/14-east-valley-meeting.html**
*
** ****
------------------------------------------------------------------------
*Stephen Partington: LVM Cache Round 2, now with some real use*

*Description:*
Having Presented the LVMcache in using an SSD to speed up your system, 
single disk, or array some time ago, this will be a follow up with the 
real time experience and use of LVMcache and its application in day to 
day use.

*Biography:*
20+ years of Technology, Almost as many of that with at least some level 
of supporting or using Linux desktops and servers. Into gaming, 
Technology, Mobile devices, Linux, Photography and Maybe soon Blacksmithing.
------------------------------------------------------------------------

The meeting will start at 7pm at The Desert Breeze Substation.  People 
start arriving as early as 6pm, so if you would like to help setup 
and/or chat for a while, arrive a little early.
*Meeting Location*:
Desert Breeze Substation
251 North Desert Breeze Blvd West
Chandler, AZ 85226

The Desert Breeze Substation is on Chandler Blvd and Desert Breeze Blvd, 
which is half way between McClintock and Rural.  It is very close to 
both the south 202 and 101 freeways.  Public transportation is
available into the late hours.

For more information see the meeting information on our web site 
<http://phxlinux.org/meetings/14-east-valley-meeting.html>

Contact PLUG:
Email: https://phxlinux.org/index.php/email-lists.html
IRC: https://phxlinux.org/index.php/chat.html
Google+: https://plus.google.com/+PhxlinuxOrg
Meetup: http://www.meetup.com/Phoenix-Linux-Users-Group/
	<https://www.google.com/maps/place/251+Desert+Breeze+Blvd+W,+Chandler,+AZ+85226/@33.3076899,-111.9220921,17z/data=%214m5%213m4%211s0x872b06cdd50c43c7:0x7d3e9c66bdb7f8a2%218m2%213d33.3070191%214d-111.9193025?hl=en>

We will go for food to BJs at the Chandler Fashion Center Mall after the 
meeting so we can chat with each other comfortably. Please feel free to 
join us. Please come even if you aren't hungry, the food is not mandatory.

See you there,
Brian Cluff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180107/220ac685/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bmbjdaifmonadlci.png
Type: image/png
Size: 38453 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180107/220ac685/attachment.png>
-------------- next part --------------
_______________________________________________
PLUG-announce mailing list  -  PLUG-announce at lists.phxlinux.org
http://lists.phxlinux.org/mailman/listinfo/plug-announce
PLUG Website at http://plug.phoenix.az.us

From newsletters at thetoolwiz.com  Sun Jan  7 19:02:04 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Mon, 08 Jan 2018 02:02:04 +0000 (UTC)
Subject: Cyrix
In-Reply-To: <CACS_G9yDA=OwGwmHizW1fBcKOM4XtQYHzOxf3ezVNZ3xqgMo4A@mail.gmail.com>
References: <7d20dfa452902a388f6eaaabc92b3d7c@phpcoderusa.com>
 <CACS_G9yDA=OwGwmHizW1fBcKOM4XtQYHzOxf3ezVNZ3xqgMo4A@mail.gmail.com>
Message-ID: <EA2D0554-0005-44E9-8A41-B47C7B6E5180@thetoolwiz.com>

According to Wikipedia, 

"Cyrix merged with National Semiconductor <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZuXg7pb6zmegjIVXNr5ZbBvcuKixVw-2BrcMSyawKwe-2B6FphB-2FLXmIlDIip4S0eJjIiw-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRSnvOcovIY3LrO6kwS3CLiAQ0HL4iZaDXmFaasnQ6-2FfEZ7-2FZowUyD9owPkervaeGVvljWdb-2FWHR4gPDmLi4ZNyJxeIXoZ-2FkDWPiwHfbgusQ-2Bz2O7Bi94HP26HUfuflEyrySncid6Eqx2-2BHxPBv5k7nU-3D> on 11 November 1997.”

Some assets found their way to VIA, and later some were sold to AMD.

https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZuXg7pb6zmegjIVXNr5ZbBsqtSDKRUTj57ArI6EsDTee_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRY6ISThiFdvjAJEk5dBdB3Wj1qjscJNHdouq4bm2c4N75DZsT9qtdl92pVjSA2ChgOlb-2Fnv1bcFgmcjHbE3wnI9YumlCUFKaDzhm4huDKZ15GWSldv9CroZt-2FdB-2BZUNRC38N7CIceA-2B0gmHqe95W3T4-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZuXg7pb6zmegjIVXNr5ZbBsqtSDKRUTj57ArI6EsDTee_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRZRj-2BzyNEZLsE7RVcH4J0m4CH9PBs4wAWM6McUsy9-2Fz-2F6EdV2K1kM-2BYNn6lqaqob8TXys5zZvGswJKCzXvl-2FMX9ANZRVqJpts8q9Qv-2FJ61mAJoQUZt7tUmpztBRHKUnOQABLtfl6V7aC3YAzpAjufok-3D>

-David Schwartz



> On Jan 5, 2018, at 1:14 PM, Stephen Partington <cryptworks at gmail.com> wrote:
> 
> Cyrix  had some very innovative tech in them putting them on part with AMD and Intel for certain things. but they went under in 1997, and their assets went to AMD and VIA
> 
> On Fri, Jan 5, 2018 at 12:55 PM, <techlists at phpcoderusa.com <mailto:techlists at phpcoderusa.com>> wrote:
> 
> 
> Hi,
> 
> I seem to recall in the early 90's Cyrix chips were less expensive that Intel and AMD.
> 
> I also seem to recall there was a bug in their math logic.  I do not recall hearing of Cyrix after that. 
> 
> Anyone recall what happened?  I did some research and found the coma bug -- however I do not think that was it.  
> 
> Thinking about what Intel is going through made me think of Cyrix.
> 
> I would not doubt Intel goes out of business and comes back as something else. 
> 
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org <mailto:PLUG-discuss at lists.phxlinux.org>
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRfVkh4aZNpEh6jJWjiSQmKpArymVE3aHNZjcoPoAZc6TAfd-2FlsYlRH64nEyW10RnqwAp6ZX8by-2FZoLzxi8kFJYHMSYeQ5tvh2Jex7SDz90L8EAMC7A1WlyVcAVjX6377-2BOj62S-2BUZkaBbkoPzqMe2sw-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRTObqUP5i8CdiaSTHpNe32GED3C0aGgdvqgjelWYL2rDwBUpjzLaXb-2B2evZECNEmqDUzuBoLHBEpBGqJc3igM7bSSl-2FHHgW7bSlh0OcuplNDq277AgNuFGCnRUr2TNnUDvIUHKU-2BSpNjFjPJv9M6Xnc-3D>
> 
> 
> 
> -- 
> A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRU1Fd0t0B63vXgAZgAOUHsgquh0s9klHIgEfBRNg1Csh6hEM-2BVxtyaZMVQuOmHVQ6UguIef0bxzXxaFbgH0yBpWDhGN1CyIUtsvwINoG413aAlTBnRaHPb8m4Blr6p6LtAdn2mPwFqL3vloIOdaMZms-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180108/50a9b4e6/attachment.html>

From techlists at phpcoderusa.com  Mon Jan  8 20:02:45 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Mon, 08 Jan 2018 20:02:45 -0700
Subject: Cyrix
In-Reply-To: <EA2D0554-0005-44E9-8A41-B47C7B6E5180@thetoolwiz.com>
References: <7d20dfa452902a388f6eaaabc92b3d7c@phpcoderusa.com>
 <CACS_G9yDA=OwGwmHizW1fBcKOM4XtQYHzOxf3ezVNZ3xqgMo4A@mail.gmail.com>
 <EA2D0554-0005-44E9-8A41-B47C7B6E5180@thetoolwiz.com>
Message-ID: <ceee7c591c57c82c5ed954f9e6eca299@phpcoderusa.com>

Thank you David!!

On 2018-01-07 19:02, David Schwartz wrote:

> According to Wikipedia,  
> 
> "Cyrix merged with National Semiconductor [1] on 11 November 1997." 
> 
> Some assets found their way to VIA, and later some were sold to AMD. 
> 
> https://en.wikipedia.org/wiki/Cyrix [2] 
> 
> -David Schwartz 
> 
> On Jan 5, 2018, at 1:14 PM, Stephen Partington <cryptworks at gmail.com> wrote: 
> 
> Cyrix  had some very innovative tech in them putting them on part with AMD and Intel for certain things. but they went under in 1997, and their assets went to AMD and VIA 
> 
> On Fri, Jan 5, 2018 at 12:55 PM, <techlists at phpcoderusa.com> wrote:
> 
> Hi, 
> 
> I seem to recall in the early 90's Cyrix chips were less expensive that Intel and AMD. 
> 
> I also seem to recall there was a bug in their math logic.  I do not recall hearing of Cyrix after that.  
> 
> Anyone recall what happened?  I did some research and found the coma bug -- however I do not think that was it.   
> 
> Thinking about what Intel is going through made me think of Cyrix. 
> 
> I would not doubt Intel goes out of business and comes back as something else.  
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [3] 
> 
> -- 
> A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [4]

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1]
https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZuXg7pb6zmegjIVXNr5ZbBvcuKixVw-2BrcMSyawKwe-2B6FphB-2FLXmIlDIip4S0eJjIiw-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRQaWne6FKtK7Td9Pye8GmHAK99oe53ThZP87Gmye2PBY45J5Eg5l4SSro3YOVxNrDVKqAjUz9OXLhvvJJ6ay4M4ko1E3Faet1MH4AKCIkuXbYCuLqvoBChAb0i6GLa9PuZiMl10qWBFhWTaZyQUh-2BX8-3D
[2]
https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZuXg7pb6zmegjIVXNr5ZbBsqtSDKRUTj57ArI6EsDTee_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRZkyZO491rsIA77hb018qTvl8pVDrzpwnjsgTPhezrTxnE-2BuIS6qifJMKkjr93fzrK6onkKhRhewW7STcR-2F-2Fs6o1kFDX1IRQ2sQA1pNpsSrjklgZPEV-2F2UQMM9vMduCWL6PXwTjm45wD0oAuzzadhNo-3D
[3]
https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRUmR6usIjKI-2BcTgJPJ034fTNVSS-2BIbpy2NMm13n8iGMKoWVhvUb-2BVYcVxrX9q7LSR3OnnFhFcjJWFh0WGkY30KiXv-2FeakAozc3ItfM38Ma2NVtzoCCTf4zgfbt4n6QAkttcfwQBmdDgtTNOS4X8JOiY-3D
[4]
https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeul1-2BBbRPzB3GosT3z8SFRb4KJTR3e6WecTprbVO7BHaAy-2FaciesoIHAZ-2BMOsnaZMc4f73PF8WbJ-2FL33jsWZ0fM3M416iEdokxmbOS6O3wwSYD3xzHAmIXSXRqUcOrf6d4yWx8DE2BWUSS057VY3y2rnWEblyTLiQm-2BZWYts4JBo-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180108/7728c9ab/attachment.html>

From techlists at phpcoderusa.com  Mon Jan  8 20:09:42 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Mon, 08 Jan 2018 20:09:42 -0700
Subject: Meltdown and Spectre - What to do about it
Message-ID: <3f681513284f3532600715e3425734cd@phpcoderusa.com>

Hi, 

I'm looking for more info or ideas on how one might protect them self
given Meltdown and Spectre. 

Now that it has come to light that computer memory is not completely
segregated or kept private by the CPU hardware... a failure in design
allowing a hacker access to even the CPU Kernel memory.  This is
catastrophic.   

I'm reading the initial solution is for the O/S manufactures to patch
their Kernel to secure the memory at its boundaries.  In and of itself
this seems to be a weak approach, however probably the only one at this
point. 

I am reading that the real solution is a new bread of CPU that does not
have this vulnerability. It would seem even modifying the existing CPUs
and manufacturing them would take months if not a year or so.  In the
meantime we have to survive with hardware patched with software.   

I read that desktops are the most vulnerable. Maybe that should be any
devise that runs a browser.  The browser is the point of failure. 
Introduce some rogue JavaScript and your memory is compromised.   

This article says [1] one should enable site isolation using Chrome. 

At this point my preventative steps are: 

1) flush all browsers of any usernames, passwords and history. 

2) Only run the latest version of Chrome and only Chrome. 

3) Configure Chrome to run in isolation mode.  

Anyone have any other thoughts? 

Thank you in advance.  

Keith   

 

Links:
------
[1]
http://www.linuxandubuntu.com/home/how-hackers-can-read-your-websites-passwords-using-meltdown-and-spectre-with-solution
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180108/bd8cab0f/attachment.html>

From newsletters at thetoolwiz.com  Mon Jan  8 21:29:19 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Tue, 09 Jan 2018 04:29:19 +0000 (UTC)
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
Message-ID: <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>

I haven’t done any in-depth research on this, but from what I have read, I cannot really see how anything running in a virtualized or interpreted environment, or something that doesn’t have direct access to the physical machine, would be a potential threat.

The 286 chip had a "protected mode” built into it. IBM and Microsoft spent a huge amount of money writing an OS that was designed to run in protected mode. But it turned out that one of the chip designers at Intel decided to save a few bytes of microcode and created a situation where the processing of the interrupt vector that pushed the current IP onto the stack was not an “atomic” operation — it could be interrupted. And this affected context switches into protected mode.

I was working at Intel at the time and there was quite a bit of discussion about this, mostly a lot of jokes about the probability of lightning striking the same person twice on the same golf course on a cloudless day. That is to say, the statistical likelihood of that happening during “normal” operation was absurdly low.

Needless to day, a protected OS was never released for the 286. But while they were busy fixing this bit of microcode to make the 386 work properly, there was enough pressure from customers that they added a new memory model option that disabled the “segmented memory model” that the 286 used and allowed it to run in a “virtual” mode that flattened the entire address space.

They still had a couple of protected areas that were carried over from the 286 (the GOT and GDT, amongh others) that could only be accessed when the chip was put into a special mode that only the OS kernal was supposed to do.

But there were rumors that there were other ways of triggering faults on the chip to gain access to some of the protected memory areas. These areas were protected by virtue of the fact that they required a base segment register to be loaded that pointed to an area of memory that was outside of the normal memory space. To access them, you generally had to put the chip into what amounts to “admin” mode (I forget what it’s called), load the registered and trigger a fault (or sw interrupt). As I recall, this required some assistance from the memory chip interfaces because they used an address bit that wasn’t part of the regular  32-bit address space.

(Motorola advocates argued that their chips didn’t require this special chip between the CPU and system RAM, but it was simply a dynamic RAM controller. I suspect it took on additional security roles over time because it WAS independent of the CPU.)

During normal operation, it’s virtually impossible to trigger these modes. It used to be that you had to put the chip into “single-user mode” briefly, just like in a Unix environment when you need to perform certain low-level OS operations. (Windows doesn’t do that, which is why you have to reboot the damn thing every time you install a new device driver, for instance.)

It would be necessary to overwrite some kernal code that executes when the chip is in this “admin” mode, and that code would have to execute some protected-mode instructions in a very specific order. Most other things are locked-out while that’s going on, so it’s not a mode that’s usually enabled for very long.

They could have changed things since then, but from what I’ve read this particular “hairline fracture" has been around forever, and isn’t even rooted in a specific CPU or CPU family, but possibly due to interactions between the CPU and (external) memory controllers.

The moral of the story is … if this is something that java or javascript or anything running in a web browser can trigger, then there’s absolutely no way to protect any aspect of the hardware whatsoever.

Said another way, it would allow the web browser to install a device driver in Windows and activate it without having to reboot the machine. I for one would welcome a standalone app that would do that! Not so much something that runs in a web browser, tho.

People would be patching the kernel, switching into protected mode, fiddling within things any time they like, reprogramming the hardware … I mean. there would be no limits to what could be done by code running anywhere.

In 30 years we haven’t seen any evidence that this is the case, even though this has apparently been around forever.

Have there even been any reports of any code “in the wild” triggering this exploit from a web browser?

The articles I’ve seen only said it was discovered “in a lab” and they were able to trigger it “in the lab”.

I’m not much of a conspiracy theorist, but I’m far more inclined to think this is something that the engineers who work at chip and hardware vendors have known about for decades, only never talked about, and somebody with a lot of money caught wind of it and decided to use it to win his own lottery by shorting a bunch of tech stocks before announcing this “shocking hack” to the world.

-David Schwartz



> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
> 
> Hi,
> 
> I'm looking for more info or ideas on how one might protect them self given Meltdown and Spectre.
> 
> Now that it has come to light that computer memory is not completely segregated or kept private by the CPU hardware... a failure in design allowing a hacker access to even the CPU Kernel memory.  This is catastrophic.  
> 
> I'm reading the initial solution is for the O/S manufactures to patch their Kernel to secure the memory at its boundaries.  In and of itself this seems to be a weak approach, however probably the only one at this point.
> 
> I am reading that the real solution is a new bread of CPU that does not have this vulnerability. It would seem even modifying the existing CPUs and manufacturing them would take months if not a year or so.  In the meantime we have to survive with hardware patched with software.  
> 
> I read that desktops are the most vulnerable. Maybe that should be any devise that runs a browser.  The browser is the point of failure.  Introduce some rogue JavaScript and your memory is compromised.  
> 
> This article says <https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUZ8NnknvQ7-2Bf6wkzOMZJ5l35vJQdR4eO1tqNkrT8g5JyjrDLC3ldM5JJdYP00A0te3bNsb8S-2FwM-2FGJBVS0BNvTQ9Wey3QjFPOff5WpHec9nAKs6Di9WPpNsBr1OIQpLPQBywUm8PtRT-2BnFqDoIIoxBo-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRWr34lrm7E5auB-2Bd42WLL4gjhi0N5AXxx4GNVTkstXmaDq1gRoCDt54XKMmsixSEF8m1Vdm0TD8q7fRHCDxBI8YDpUL3waOtKelhRNUN1LumERHBWzYmfTSW21bKr0NN2FhkmZk4WNOOABPilEMm1Gw-3D> one should enable site isolation using Chrome.
> 
> At this point my preventative steps are:
> 
> 1) flush all browsers of any usernames, passwords and history.
> 
> 2) Only run the latest version of Chrome and only Chrome.
> 
> 3) Configure Chrome to run in isolation mode. 
> 
> Anyone have any other thoughts?
> 
> Thank you in advance. 
> 
> Keith  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRX4crQPuckE4-2B6zwIXxAW5M2r42hOKBtLdXJePdtL67bmK1QedZaakn-2BOrQ7kZLqZlYp4hikzsXzyT-2FMK4gTkECu2VNnjuvvQze4x5nFm-2FYC1LllAGz0HFhHNmGswJwHpWpmvAX3dQZ5uWd0qY-2BF06s-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180109/1622dffa/attachment.html>

From PLUGd at LuftHans.com  Mon Jan  8 23:03:22 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 9 Jan 2018 06:03:22 +0000 (UTC)
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
Message-ID: <alpine.DEB.2.11.1801090412470.14234@post>

Am 08. Jan, 2018 schwätzte techlists at phpcoderusa.com so:

moin moin,

Raspberry Pi is not vulnerable to Meltdown or either Spectre, so use it if
you can :).

For desktops, disable as much JavaScript as you can in addition to the
Chromium setting you mentioned.

uMatrix does a pretty good job of disabling 3rd party JavaScript for web
sites. At this point I recommend removing the "* 1st-party * allow" option
under "My Rules".

I also removed "* 1st-party frame allow".

See the bottom of the pdf of the slides for a table of what each affects.

https://plus.google.com/+StevenVaughanNichols/posts/GpzMQHz5tUP

The next post requires JavaScript. You should make sure pcid is available
on base OS and also on guest OS if you're using VMs. His testing found
it's on for VMware.

Subsequent reading elsewhere shows that AWS paravirtualized probably
doesn't have it, but hardware virtualized does.

A QEMU post says that KVM doesn't yet support pcid.

grep pcid /proc/cpuinfo

https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU

ciao,

der.hans

> Hi,
>
> I'm looking for more info or ideas on how one might protect them self
> given Meltdown and Spectre.
>
> Now that it has come to light that computer memory is not completely
> segregated or kept private by the CPU hardware... a failure in design
> allowing a hacker access to even the CPU Kernel memory.  This is
> catastrophic.
>
> I'm reading the initial solution is for the O/S manufactures to patch
> their Kernel to secure the memory at its boundaries.  In and of itself
> this seems to be a weak approach, however probably the only one at this
> point.
>
> I am reading that the real solution is a new bread of CPU that does not
> have this vulnerability. It would seem even modifying the existing CPUs
> and manufacturing them would take months if not a year or so.  In the
> meantime we have to survive with hardware patched with software.
>
> I read that desktops are the most vulnerable. Maybe that should be any
> devise that runs a browser.  The browser is the point of failure.
> Introduce some rogue JavaScript and your memory is compromised.
>
> This article says [1] one should enable site isolation using Chrome.
>
> At this point my preventative steps are:
>
> 1) flush all browsers of any usernames, passwords and history.
>
> 2) Only run the latest version of Chrome and only Chrome.
>
> 3) Configure Chrome to run in isolation mode.
>
> Anyone have any other thoughts?
>
> Thank you in advance.
>
> Keith
>
>
>
> Links:
> ------
> [1]
> http://www.linuxandubuntu.com/home/how-hackers-can-read-your-websites-passwords-using-meltdown-and-spectre-with-solution

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  If it's not a toy you're looking at it wrong. -- der.hans

From eric.oyen at icloud.com  Tue Jan  9 07:29:28 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Tue, 09 Jan 2018 07:29:28 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
Message-ID: <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>

well,
it appears that the "conspiracy theory" of someone shorting tech stocks has already happened. the CEO of Intel dumped a huge load of stock last november. Now, it is likely that it was for another reason, but the timing seems rather suspect. btw, said CEO is now under review by the SEC and may be facing charges of insider trading.

-eric
from the central offices of the technomage Guild, News Dept.

On Jan 8, 2018, at 9:29 PM, David Schwartz wrote:

> I haven’t done any in-depth research on this, but from what I have read, I cannot really see how anything running in a virtualized or interpreted environment, or something that doesn’t have direct access to the physical machine, would be a potential threat.
> 
> The 286 chip had a "protected mode” built into it. IBM and Microsoft spent a huge amount of money writing an OS that was designed to run in protected mode. But it turned out that one of the chip designers at Intel decided to save a few bytes of microcode and created a situation where the processing of the interrupt vector that pushed the current IP onto the stack was not an “atomic” operation — it could be interrupted. And this affected context switches into protected mode.
> 
> I was working at Intel at the time and there was quite a bit of discussion about this, mostly a lot of jokes about the probability of lightning striking the same person twice on the same golf course on a cloudless day. That is to say, the statistical likelihood of that happening during “normal” operation was absurdly low.
> 
> Needless to day, a protected OS was never released for the 286. But while they were busy fixing this bit of microcode to make the 386 work properly, there was enough pressure from customers that they added a new memory model option that disabled the “segmented memory model” that the 286 used and allowed it to run in a “virtual” mode that flattened the entire address space.
> 
> They still had a couple of protected areas that were carried over from the 286 (the GOT and GDT, amongh others) that could only be accessed when the chip was put into a special mode that only the OS kernal was supposed to do.
> 
> But there were rumors that there were other ways of triggering faults on the chip to gain access to some of the protected memory areas. These areas were protected by virtue of the fact that they required a base segment register to be loaded that pointed to an area of memory that was outside of the normal memory space. To access them, you generally had to put the chip into what amounts to “admin” mode (I forget what it’s called), load the registered and trigger a fault (or sw interrupt). As I recall, this required some assistance from the memory chip interfaces because they used an address bit that wasn’t part of the regular  32-bit address space.
> 
> (Motorola advocates argued that their chips didn’t require this special chip between the CPU and system RAM, but it was simply a dynamic RAM controller. I suspect it took on additional security roles over time because it WAS independent of the CPU.)
> 
> During normal operation, it’s virtually impossible to trigger these modes. It used to be that you had to put the chip into “single-user mode” briefly, just like in a Unix environment when you need to perform certain low-level OS operations. (Windows doesn’t do that, which is why you have to reboot the damn thing every time you install a new device driver, for instance.)
> 
> It would be necessary to overwrite some kernal code that executes when the chip is in this “admin” mode, and that code would have to execute some protected-mode instructions in a very specific order. Most other things are locked-out while that’s going on, so it’s not a mode that’s usually enabled for very long.
> 
> They could have changed things since then, but from what I’ve read this particular “hairline fracture" has been around forever, and isn’t even rooted in a specific CPU or CPU family, but possibly due to interactions between the CPU and (external) memory controllers.
> 
> The moral of the story is … if this is something that java or javascript or anything running in a web browser can trigger, then there’s absolutely no way to protect any aspect of the hardware whatsoever.
> 
> Said another way, it would allow the web browser to install a device driver in Windows and activate it without having to reboot the machine. I for one would welcome a standalone app that would do that! Not so much something that runs in a web browser, tho.
> 
> People would be patching the kernel, switching into protected mode, fiddling within things any time they like, reprogramming the hardware … I mean. there would be no limits to what could be done by code running anywhere.
> 
> In 30 years we haven’t seen any evidence that this is the case, even though this has apparently been around forever.
> 
> Have there even been any reports of any code “in the wild” triggering this exploit from a web browser?
> 
> The articles I’ve seen only said it was discovered “in a lab” and they were able to trigger it “in the lab”.
> 
> I’m not much of a conspiracy theorist, but I’m far more inclined to think this is something that the engineers who work at chip and hardware vendors have known about for decades, only never talked about, and somebody with a lot of money caught wind of it and decided to use it to win his own lottery by shorting a bunch of tech stocks before announcing this “shocking hack” to the world.
> 
> -David Schwartz
> 
> 
> 
>> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
>> 
>> Hi,
>> 
>> I'm looking for more info or ideas on how one might protect them self given Meltdown and Spectre.
>> 
>> Now that it has come to light that computer memory is not completely segregated or kept private by the CPU hardware... a failure in design allowing a hacker access to even the CPU Kernel memory.  This is catastrophic.  
>> 
>> I'm reading the initial solution is for the O/S manufactures to patch their Kernel to secure the memory at its boundaries.  In and of itself this seems to be a weak approach, however probably the only one at this point.
>> 
>> I am reading that the real solution is a new bread of CPU that does not have this vulnerability. It would seem even modifying the existing CPUs and manufacturing them would take months if not a year or so.  In the meantime we have to survive with hardware patched with software.  
>> 
>> I read that desktops are the most vulnerable. Maybe that should be any devise that runs a browser.  The browser is the point of failure.  Introduce some rogue JavaScript and your memory is compromised.  
>> 
>> This article says one should enable site isolation using Chrome.
>> 
>> At this point my preventative steps are:
>> 
>> 1) flush all browsers of any usernames, passwords and history.
>> 
>> 2) Only run the latest version of Chrome and only Chrome.
>> 
>> 3) Configure Chrome to run in isolation mode. 
>> 
>> Anyone have any other thoughts?
>> 
>> Thank you in advance. 
>> 
>> Keith  
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180109/b202b489/attachment.html>

From retro64xyz at gmail.com  Tue Jan  9 07:37:43 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Tue, 9 Jan 2018 07:37:43 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
Message-ID: <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>

I highly doubt they will punish him. Just like when the credit companies got to investigate their own breaches. 

Surprise! No one was found at fault. Weird!

> On Jan 9, 2018, at 7:29 AM, Eric Oyen <eric.oyen at icloud.com> wrote:
> 
> well,
> it appears that the "conspiracy theory" of someone shorting tech stocks has already happened. the CEO of Intel dumped a huge load of stock last november. Now, it is likely that it was for another reason, but the timing seems rather suspect. btw, said CEO is now under review by the SEC and may be facing charges of insider trading.
> 
> -eric
> from the central offices of the technomage Guild, News Dept.
> 
>> On Jan 8, 2018, at 9:29 PM, David Schwartz wrote:
>> 
>> I haven’t done any in-depth research on this, but from what I have read, I cannot really see how anything running in a virtualized or interpreted environment, or something that doesn’t have direct access to the physical machine, would be a potential threat.
>> 
>> The 286 chip had a "protected mode” built into it. IBM and Microsoft spent a huge amount of money writing an OS that was designed to run in protected mode. But it turned out that one of the chip designers at Intel decided to save a few bytes of microcode and created a situation where the processing of the interrupt vector that pushed the current IP onto the stack was not an “atomic” operation — it could be interrupted. And this affected context switches into protected mode.
>> 
>> I was working at Intel at the time and there was quite a bit of discussion about this, mostly a lot of jokes about the probability of lightning striking the same person twice on the same golf course on a cloudless day. That is to say, the statistical likelihood of that happening during “normal” operation was absurdly low.
>> 
>> Needless to day, a protected OS was never released for the 286. But while they were busy fixing this bit of microcode to make the 386 work properly, there was enough pressure from customers that they added a new memory model option that disabled the “segmented memory model” that the 286 used and allowed it to run in a “virtual” mode that flattened the entire address space.
>> 
>> They still had a couple of protected areas that were carried over from the 286 (the GOT and GDT, amongh others) that could only be accessed when the chip was put into a special mode that only the OS kernal was supposed to do.
>> 
>> But there were rumors that there were other ways of triggering faults on the chip to gain access to some of the protected memory areas. These areas were protected by virtue of the fact that they required a base segment register to be loaded that pointed to an area of memory that was outside of the normal memory space. To access them, you generally had to put the chip into what amounts to “admin” mode (I forget what it’s called), load the registered and trigger a fault (or sw interrupt). As I recall, this required some assistance from the memory chip interfaces because they used an address bit that wasn’t part of the regular  32-bit address space.
>> 
>> (Motorola advocates argued that their chips didn’t require this special chip between the CPU and system RAM, but it was simply a dynamic RAM controller. I suspect it took on additional security roles over time because it WAS independent of the CPU.)
>> 
>> During normal operation, it’s virtually impossible to trigger these modes. It used to be that you had to put the chip into “single-user mode” briefly, just like in a Unix environment when you need to perform certain low-level OS operations. (Windows doesn’t do that, which is why you have to reboot the damn thing every time you install a new device driver, for instance.)
>> 
>> It would be necessary to overwrite some kernal code that executes when the chip is in this “admin” mode, and that code would have to execute some protected-mode instructions in a very specific order. Most other things are locked-out while that’s going on, so it’s not a mode that’s usually enabled for very long.
>> 
>> They could have changed things since then, but from what I’ve read this particular “hairline fracture" has been around forever, and isn’t even rooted in a specific CPU or CPU family, but possibly due to interactions between the CPU and (external) memory controllers.
>> 
>> The moral of the story is … if this is something that java or javascript or anything running in a web browser can trigger, then there’s absolutely no way to protect any aspect of the hardware whatsoever.
>> 
>> Said another way, it would allow the web browser to install a device driver in Windows and activate it without having to reboot the machine. I for one would welcome a standalone app that would do that! Not so much something that runs in a web browser, tho.
>> 
>> People would be patching the kernel, switching into protected mode, fiddling within things any time they like, reprogramming the hardware … I mean. there would be no limits to what could be done by code running anywhere.
>> 
>> In 30 years we haven’t seen any evidence that this is the case, even though this has apparently been around forever.
>> 
>> Have there even been any reports of any code “in the wild” triggering this exploit from a web browser?
>> 
>> The articles I’ve seen only said it was discovered “in a lab” and they were able to trigger it “in the lab”.
>> 
>> I’m not much of a conspiracy theorist, but I’m far more inclined to think this is something that the engineers who work at chip and hardware vendors have known about for decades, only never talked about, and somebody with a lot of money caught wind of it and decided to use it to win his own lottery by shorting a bunch of tech stocks before announcing this “shocking hack” to the world.
>> 
>> -David Schwartz
>> 
>> 
>> 
>>> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
>>> 
>>> Hi,
>>> 
>>> I'm looking for more info or ideas on how one might protect them self given Meltdown and Spectre.
>>> 
>>> Now that it has come to light that computer memory is not completely segregated or kept private by the CPU hardware... a failure in design allowing a hacker access to even the CPU Kernel memory.  This is catastrophic.  
>>> 
>>> I'm reading the initial solution is for the O/S manufactures to patch their Kernel to secure the memory at its boundaries.  In and of itself this seems to be a weak approach, however probably the only one at this point.
>>> 
>>> I am reading that the real solution is a new bread of CPU that does not have this vulnerability. It would seem even modifying the existing CPUs and manufacturing them would take months if not a year or so.  In the meantime we have to survive with hardware patched with software.  
>>> 
>>> I read that desktops are the most vulnerable. Maybe that should be any devise that runs a browser.  The browser is the point of failure.  Introduce some rogue JavaScript and your memory is compromised.  
>>> 
>>> This article says one should enable site isolation using Chrome.
>>> 
>>> At this point my preventative steps are:
>>> 
>>> 1) flush all browsers of any usernames, passwords and history.
>>> 
>>> 2) Only run the latest version of Chrome and only Chrome.
>>> 
>>> 3) Configure Chrome to run in isolation mode. 
>>> 
>>> Anyone have any other thoughts?
>>> 
>>> Thank you in advance. 
>>> 
>>> Keith  
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180109/f38eddd5/attachment.html>

From mark at phillipsmarketing.biz  Tue Jan  9 09:45:09 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Tue, 9 Jan 2018 09:45:09 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
Message-ID: <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>

I would be leery of conspiracy theories in relation to the stock market and
tech stocks. Lots of people are taking profits from the huge rise in the
stock market in anticipation of a correction. The correction will come, we
just don't know when.

https://www.google.com/imgres?imgurl=https://upload.wikimedia.org/wikipedia/commons/7/7e/S_and_P_500_chart_1950_to_2016_with_averages.png&imgrefurl=https://en.wikipedia.org/wiki/S%2526P_500_Index&h=798&w=1145&tbnid=w2UuAMqXUpl0aM:&tbnh=63&tbnw=92&usg=__z0CAhDP2E--B9mCoEpEZPz1al6g%3D&vet=10ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ..i&docid=uzs0pfDsy6G10M&itg=1&sa=X&ved=0ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ

Mark

On Tue, Jan 9, 2018 at 7:37 AM, Aaron Jones <retro64xyz at gmail.com> wrote:

> I highly doubt they will punish him. Just like when the credit companies
> got to investigate their own breaches.
>
> Surprise! No one was found at fault. Weird!
>
> On Jan 9, 2018, at 7:29 AM, Eric Oyen <eric.oyen at icloud.com> wrote:
>
> well,
> it appears that the "conspiracy theory" of someone shorting tech stocks
> has already happened. the CEO of Intel dumped a huge load of stock last
> november. Now, it is likely that it was for another reason, but the timing
> seems rather suspect. btw, said CEO is now under review by the SEC and may
> be facing charges of insider trading.
>
> -eric
> from the central offices of the technomage Guild, News Dept.
>
> On Jan 8, 2018, at 9:29 PM, David Schwartz wrote:
>
> I haven’t done any in-depth research on this, but from what I have read, I
> cannot really see how anything running in a virtualized or interpreted
> environment, or something that doesn’t have direct access to the physical
> machine, would be a potential threat.
>
> The 286 chip had a "protected mode” built into it. IBM and Microsoft spent
> a huge amount of money writing an OS that was designed to run in protected
> mode. But it turned out that one of the chip designers at Intel decided to
> save a few bytes of microcode and created a situation where the processing
> of the interrupt vector that pushed the current IP onto the stack was not
> an “atomic” operation — it could be interrupted. And this affected context
> switches into protected mode.
>
> I was working at Intel at the time and there was quite a bit of discussion
> about this, mostly a lot of jokes about the probability of lightning
> striking the same person twice on the same golf course on a cloudless day.
> That is to say, the statistical likelihood of that happening during
> “normal” operation was absurdly low.
>
> Needless to day, a protected OS was never released for the 286. But while
> they were busy fixing this bit of microcode to make the 386 work properly,
> there was enough pressure from customers that they added a new memory model
> option that disabled the “segmented memory model” that the 286 used and
> allowed it to run in a “virtual” mode that flattened the entire address
> space.
>
> They still had a couple of protected areas that were carried over from the
> 286 (the GOT and GDT, amongh others) that could only be accessed when the
> chip was put into a special mode that only the OS kernal was supposed to do.
>
> But there were rumors that there were other ways of triggering faults on
> the chip to gain access to some of the protected memory areas. These areas
> were protected by virtue of the fact that they required a base segment
> register to be loaded that pointed to an area of memory that was outside of
> the normal memory space. To access them, you generally had to put the chip
> into what amounts to “admin” mode (I forget what it’s called), load the
> registered and trigger a fault (or sw interrupt). As I recall, this
> required some assistance from the memory chip interfaces because they used
> an address bit that wasn’t part of the regular  32-bit address space.
>
> (Motorola advocates argued that their chips didn’t require this special
> chip between the CPU and system RAM, but it was simply a dynamic RAM
> controller. I suspect it took on additional security roles over time
> because it WAS independent of the CPU.)
>
> During normal operation, it’s virtually impossible to trigger these modes.
> It used to be that you had to put the chip into “single-user mode” briefly,
> just like in a Unix environment when you need to perform certain low-level
> OS operations. (Windows doesn’t do that, which is why you have to reboot
> the damn thing every time you install a new device driver, for instance.)
>
> It would be necessary to overwrite some kernal code that executes when the
> chip is in this “admin” mode, and that code would have to execute some
> protected-mode instructions in a very specific order. Most other things are
> locked-out while that’s going on, so it’s not a mode that’s usually enabled
> for very long.
>
> They could have changed things since then, but from what I’ve read this
> particular “hairline fracture" has been around forever, and isn’t even
> rooted in a specific CPU or CPU family, but possibly due to interactions
> between the CPU and (external) memory controllers.
>
> The moral of the story is … if this is something that java or javascript
> or anything running in a web browser can trigger, then there’s absolutely
> no way to protect any aspect of the hardware whatsoever.
>
> Said another way, it would allow the web browser to install a device
> driver in Windows and activate it without having to reboot the machine. I
> for one would welcome a standalone app that would do that! Not so much
> something that runs in a web browser, tho.
>
> People would be patching the kernel, switching into protected mode,
> fiddling within things any time they like, reprogramming the hardware … I
> mean. there would be no limits to what could be done by code running
> anywhere.
>
> In 30 years we haven’t seen any evidence that this is the case, even
> though this has apparently been around forever.
>
> Have there even been any reports of any code “in the wild” triggering this
> exploit from a web browser?
>
> The articles I’ve seen only said it was discovered “in a lab” and they
> were able to trigger it “in the lab”.
>
> I’m not much of a conspiracy theorist, but I’m far more inclined to think
> this is something that the engineers who work at chip and hardware vendors
> have known about for decades, only never talked about, and somebody with a
> lot of money caught wind of it and decided to use it to win his own lottery
> by shorting a bunch of tech stocks before announcing this “shocking hack”
> to the world.
>
> -David Schwartz
>
>
>
> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
>
> Hi,
>
> I'm looking for more info or ideas on how one might protect them self
> given Meltdown and Spectre.
>
> Now that it has come to light that computer memory is not completely
> segregated or kept private by the CPU hardware... a failure in design
> allowing a hacker access to even the CPU Kernel memory.  This is
> catastrophic.
>
> I'm reading the initial solution is for the O/S manufactures to patch
> their Kernel to secure the memory at its boundaries.  In and of itself this
> seems to be a weak approach, however probably the only one at this point.
>
> I am reading that the real solution is a new bread of CPU that does not
> have this vulnerability. It would seem even modifying the existing CPUs and
> manufacturing them would take months if not a year or so.  In the meantime
> we have to survive with hardware patched with software.
>
> I read that desktops are the most vulnerable. Maybe that should be any
> devise that runs a browser.  The browser is the point of failure.
> Introduce some rogue JavaScript and your memory is compromised.
>
> This article says
> <https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUZ8NnknvQ7-2Bf6wkzOMZJ5l35vJQdR4eO1tqNkrT8g5JyjrDLC3ldM5JJdYP00A0te3bNsb8S-2FwM-2FGJBVS0BNvTQ9Wey3QjFPOff5WpHec9nAKs6Di9WPpNsBr1OIQpLPQBywUm8PtRT-2BnFqDoIIoxBo-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRf8gIt0e8Fnu-2B3rLUP-2B5SpBa7TUaFUGLIHIlS5-2BYadzPk8riHnXHIiHSPpBdRUgn-2B52xPZjdNWTyUtwjVOkwz8D9dY-2BUvu4gwXzY2oiV2CWrtDBccVqP3kLi7tgp48qDelv1vJHCGcwghCrbRbepkak-3D>
> one should enable site isolation using Chrome.
>
> At this point my preventative steps are:
>
> 1) flush all browsers of any usernames, passwords and history.
>
> 2) Only run the latest version of Chrome and only Chrome.
>
> 3) Configure Chrome to run in isolation mode.
>
> Anyone have any other thoughts?
>
> Thank you in advance.
>
> Keith
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRZYGIX2ARMdmeC7OzECbQaerF509GlFyEt16hZE0R-2Bck3ecElkIH5JcVBujltuaZFqBetqXBuMSYeN3giBmt0sBjzzJugaZRaVxStjkCzVU46xvqCZHxBX8mrZwfv8Iu-2Bvs7yflX3Mlgl5HV1qC7yQ4-3D>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180109/50f5dfb4/attachment.html>

From cryptworks at gmail.com  Tue Jan  9 11:55:47 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Tue, 9 Jan 2018 11:55:47 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
 <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
Message-ID: <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>

https://www.itwire.com/security/81338-handling-of-cpu-bug-disclosure-incredibly-bad-openbsd-s-de-raadt.html

On Tue, Jan 9, 2018 at 9:45 AM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> I would be leery of conspiracy theories in relation to the stock market
> and tech stocks. Lots of people are taking profits from the huge rise in
> the stock market in anticipation of a correction. The correction will come,
> we just don't know when.
>
> https://www.google.com/imgres?imgurl=https://upload.
> wikimedia.org/wikipedia/commons/7/7e/S_and_P_500_chart_1950_to_2016_with_
> averages.png&imgrefurl=https://en.wikipedia.org/wiki/S%
> 2526P_500_Index&h=798&w=1145&tbnid=w2UuAMqXUpl0aM:&tbnh=63&
> tbnw=92&usg=__z0CAhDP2E--B9mCoEpEZPz1al6g%3D&vet=
> 10ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ..i&docid=
> uzs0pfDsy6G10M&itg=1&sa=X&ved=0ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ
>
> Mark
>
> On Tue, Jan 9, 2018 at 7:37 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>
>> I highly doubt they will punish him. Just like when the credit companies
>> got to investigate their own breaches.
>>
>> Surprise! No one was found at fault. Weird!
>>
>> On Jan 9, 2018, at 7:29 AM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>
>> well,
>> it appears that the "conspiracy theory" of someone shorting tech stocks
>> has already happened. the CEO of Intel dumped a huge load of stock last
>> november. Now, it is likely that it was for another reason, but the timing
>> seems rather suspect. btw, said CEO is now under review by the SEC and may
>> be facing charges of insider trading.
>>
>> -eric
>> from the central offices of the technomage Guild, News Dept.
>>
>> On Jan 8, 2018, at 9:29 PM, David Schwartz wrote:
>>
>> I haven’t done any in-depth research on this, but from what I have read,
>> I cannot really see how anything running in a virtualized or interpreted
>> environment, or something that doesn’t have direct access to the physical
>> machine, would be a potential threat.
>>
>> The 286 chip had a "protected mode” built into it. IBM and Microsoft
>> spent a huge amount of money writing an OS that was designed to run in
>> protected mode. But it turned out that one of the chip designers at Intel
>> decided to save a few bytes of microcode and created a situation where the
>> processing of the interrupt vector that pushed the current IP onto the
>> stack was not an “atomic” operation — it could be interrupted. And this
>> affected context switches into protected mode.
>>
>> I was working at Intel at the time and there was quite a bit of
>> discussion about this, mostly a lot of jokes about the probability of
>> lightning striking the same person twice on the same golf course on a
>> cloudless day. That is to say, the statistical likelihood of that happening
>> during “normal” operation was absurdly low.
>>
>> Needless to day, a protected OS was never released for the 286. But while
>> they were busy fixing this bit of microcode to make the 386 work properly,
>> there was enough pressure from customers that they added a new memory model
>> option that disabled the “segmented memory model” that the 286 used and
>> allowed it to run in a “virtual” mode that flattened the entire address
>> space.
>>
>> They still had a couple of protected areas that were carried over from
>> the 286 (the GOT and GDT, amongh others) that could only be accessed when
>> the chip was put into a special mode that only the OS kernal was supposed
>> to do.
>>
>> But there were rumors that there were other ways of triggering faults on
>> the chip to gain access to some of the protected memory areas. These areas
>> were protected by virtue of the fact that they required a base segment
>> register to be loaded that pointed to an area of memory that was outside of
>> the normal memory space. To access them, you generally had to put the chip
>> into what amounts to “admin” mode (I forget what it’s called), load the
>> registered and trigger a fault (or sw interrupt). As I recall, this
>> required some assistance from the memory chip interfaces because they used
>> an address bit that wasn’t part of the regular  32-bit address space.
>>
>> (Motorola advocates argued that their chips didn’t require this special
>> chip between the CPU and system RAM, but it was simply a dynamic RAM
>> controller. I suspect it took on additional security roles over time
>> because it WAS independent of the CPU.)
>>
>> During normal operation, it’s virtually impossible to trigger these
>> modes. It used to be that you had to put the chip into “single-user mode”
>> briefly, just like in a Unix environment when you need to perform certain
>> low-level OS operations. (Windows doesn’t do that, which is why you have to
>> reboot the damn thing every time you install a new device driver, for
>> instance.)
>>
>> It would be necessary to overwrite some kernal code that executes when
>> the chip is in this “admin” mode, and that code would have to execute some
>> protected-mode instructions in a very specific order. Most other things are
>> locked-out while that’s going on, so it’s not a mode that’s usually enabled
>> for very long.
>>
>> They could have changed things since then, but from what I’ve read this
>> particular “hairline fracture" has been around forever, and isn’t even
>> rooted in a specific CPU or CPU family, but possibly due to interactions
>> between the CPU and (external) memory controllers.
>>
>> The moral of the story is … if this is something that java or javascript
>> or anything running in a web browser can trigger, then there’s absolutely
>> no way to protect any aspect of the hardware whatsoever.
>>
>> Said another way, it would allow the web browser to install a device
>> driver in Windows and activate it without having to reboot the machine. I
>> for one would welcome a standalone app that would do that! Not so much
>> something that runs in a web browser, tho.
>>
>> People would be patching the kernel, switching into protected mode,
>> fiddling within things any time they like, reprogramming the hardware … I
>> mean. there would be no limits to what could be done by code running
>> anywhere.
>>
>> In 30 years we haven’t seen any evidence that this is the case, even
>> though this has apparently been around forever.
>>
>> Have there even been any reports of any code “in the wild” triggering
>> this exploit from a web browser?
>>
>> The articles I’ve seen only said it was discovered “in a lab” and they
>> were able to trigger it “in the lab”.
>>
>> I’m not much of a conspiracy theorist, but I’m far more inclined to think
>> this is something that the engineers who work at chip and hardware vendors
>> have known about for decades, only never talked about, and somebody with a
>> lot of money caught wind of it and decided to use it to win his own lottery
>> by shorting a bunch of tech stocks before announcing this “shocking hack”
>> to the world.
>>
>> -David Schwartz
>>
>>
>>
>> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
>>
>> Hi,
>>
>> I'm looking for more info or ideas on how one might protect them self
>> given Meltdown and Spectre.
>>
>> Now that it has come to light that computer memory is not completely
>> segregated or kept private by the CPU hardware... a failure in design
>> allowing a hacker access to even the CPU Kernel memory.  This is
>> catastrophic.
>>
>> I'm reading the initial solution is for the O/S manufactures to patch
>> their Kernel to secure the memory at its boundaries.  In and of itself this
>> seems to be a weak approach, however probably the only one at this point.
>>
>> I am reading that the real solution is a new bread of CPU that does not
>> have this vulnerability. It would seem even modifying the existing CPUs and
>> manufacturing them would take months if not a year or so.  In the meantime
>> we have to survive with hardware patched with software.
>>
>> I read that desktops are the most vulnerable. Maybe that should be any
>> devise that runs a browser.  The browser is the point of failure.
>> Introduce some rogue JavaScript and your memory is compromised.
>>
>> This article says
>> <https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUZ8NnknvQ7-2Bf6wkzOMZJ5l35vJQdR4eO1tqNkrT8g5JyjrDLC3ldM5JJdYP00A0te3bNsb8S-2FwM-2FGJBVS0BNvTQ9Wey3QjFPOff5WpHec9nAKs6Di9WPpNsBr1OIQpLPQBywUm8PtRT-2BnFqDoIIoxBo-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRf8gIt0e8Fnu-2B3rLUP-2B5SpBa7TUaFUGLIHIlS5-2BYadzPk8riHnXHIiHSPpBdRUgn-2B52xPZjdNWTyUtwjVOkwz8D9dY-2BUvu4gwXzY2oiV2CWrtDBccVqP3kLi7tgp48qDelv1vJHCGcwghCrbRbepkak-3D>
>> one should enable site isolation using Chrome.
>>
>> At this point my preventative steps are:
>>
>> 1) flush all browsers of any usernames, passwords and history.
>>
>> 2) Only run the latest version of Chrome and only Chrome.
>>
>> 3) Configure Chrome to run in isolation mode.
>>
>> Anyone have any other thoughts?
>>
>> Thank you in advance.
>>
>> Keith
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRZYGIX2ARMdmeC7OzECbQaerF509GlFyEt16hZE0R-2Bck3ecElkIH5JcVBujltuaZFqBetqXBuMSYeN3giBmt0sBjzzJugaZRaVxStjkCzVU46xvqCZHxBX8mrZwfv8Iu-2Bvs7yflX3Mlgl5HV1qC7yQ4-3D>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180109/b4cbe08d/attachment.html>

From PLUGd at LuftHans.com  Tue Jan  9 12:05:23 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Tue, 9 Jan 2018 19:05:23 +0000 (UTC)
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
 <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
 <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801091903070.14234@post>

Am 09. Jan, 2018 schwätzte Stephen Partington so:

Theo has previously broken embargoes ( arguably justified, but mostly just
arguable ), so OpenBSD was likely intentionally left out.

ciao,

der.hans

> https://www.itwire.com/security/81338-handling-of-cpu-bug-disclosure-incredibly-bad-openbsd-s-de-raadt.html
>
> On Tue, Jan 9, 2018 at 9:45 AM, Mark Phillips <mark at phillipsmarketing.biz>
> wrote:
>
>> I would be leery of conspiracy theories in relation to the stock market
>> and tech stocks. Lots of people are taking profits from the huge rise in
>> the stock market in anticipation of a correction. The correction will come,
>> we just don't know when.
>>
>> https://www.google.com/imgres?imgurl=https://upload.
>> wikimedia.org/wikipedia/commons/7/7e/S_and_P_500_chart_1950_to_2016_with_
>> averages.png&imgrefurl=https://en.wikipedia.org/wiki/S%
>> 2526P_500_Index&h=798&w=1145&tbnid=w2UuAMqXUpl0aM:&tbnh=63&
>> tbnw=92&usg=__z0CAhDP2E--B9mCoEpEZPz1al6g%3D&vet=
>> 10ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ..i&docid=
>> uzs0pfDsy6G10M&itg=1&sa=X&ved=0ahUKEwiQnbP0qcvYAhVB3mMKHcFQCmkQ_B0IrQEwDQ
>>
>> Mark
>>
>> On Tue, Jan 9, 2018 at 7:37 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>
>>> I highly doubt they will punish him. Just like when the credit companies
>>> got to investigate their own breaches.
>>>
>>> Surprise! No one was found at fault. Weird!
>>>
>>> On Jan 9, 2018, at 7:29 AM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>
>>> well,
>>> it appears that the "conspiracy theory" of someone shorting tech stocks
>>> has already happened. the CEO of Intel dumped a huge load of stock last
>>> november. Now, it is likely that it was for another reason, but the timing
>>> seems rather suspect. btw, said CEO is now under review by the SEC and may
>>> be facing charges of insider trading.
>>>
>>> -eric
>>> from the central offices of the technomage Guild, News Dept.
>>>
>>> On Jan 8, 2018, at 9:29 PM, David Schwartz wrote:
>>>
>>> I haven’t done any in-depth research on this, but from what I have read,
>>> I cannot really see how anything running in a virtualized or interpreted
>>> environment, or something that doesn’t have direct access to the physical
>>> machine, would be a potential threat.
>>>
>>> The 286 chip had a "protected mode” built into it. IBM and Microsoft
>>> spent a huge amount of money writing an OS that was designed to run in
>>> protected mode. But it turned out that one of the chip designers at Intel
>>> decided to save a few bytes of microcode and created a situation where the
>>> processing of the interrupt vector that pushed the current IP onto the
>>> stack was not an “atomic” operation — it could be interrupted. And this
>>> affected context switches into protected mode.
>>>
>>> I was working at Intel at the time and there was quite a bit of
>>> discussion about this, mostly a lot of jokes about the probability of
>>> lightning striking the same person twice on the same golf course on a
>>> cloudless day. That is to say, the statistical likelihood of that happening
>>> during “normal” operation was absurdly low.
>>>
>>> Needless to day, a protected OS was never released for the 286. But while
>>> they were busy fixing this bit of microcode to make the 386 work properly,
>>> there was enough pressure from customers that they added a new memory model
>>> option that disabled the “segmented memory model” that the 286 used and
>>> allowed it to run in a “virtual” mode that flattened the entire address
>>> space.
>>>
>>> They still had a couple of protected areas that were carried over from
>>> the 286 (the GOT and GDT, amongh others) that could only be accessed when
>>> the chip was put into a special mode that only the OS kernal was supposed
>>> to do.
>>>
>>> But there were rumors that there were other ways of triggering faults on
>>> the chip to gain access to some of the protected memory areas. These areas
>>> were protected by virtue of the fact that they required a base segment
>>> register to be loaded that pointed to an area of memory that was outside of
>>> the normal memory space. To access them, you generally had to put the chip
>>> into what amounts to “admin” mode (I forget what it’s called), load the
>>> registered and trigger a fault (or sw interrupt). As I recall, this
>>> required some assistance from the memory chip interfaces because they used
>>> an address bit that wasn’t part of the regular  32-bit address space.
>>>
>>> (Motorola advocates argued that their chips didn’t require this special
>>> chip between the CPU and system RAM, but it was simply a dynamic RAM
>>> controller. I suspect it took on additional security roles over time
>>> because it WAS independent of the CPU.)
>>>
>>> During normal operation, it’s virtually impossible to trigger these
>>> modes. It used to be that you had to put the chip into “single-user mode”
>>> briefly, just like in a Unix environment when you need to perform certain
>>> low-level OS operations. (Windows doesn’t do that, which is why you have to
>>> reboot the damn thing every time you install a new device driver, for
>>> instance.)
>>>
>>> It would be necessary to overwrite some kernal code that executes when
>>> the chip is in this “admin” mode, and that code would have to execute some
>>> protected-mode instructions in a very specific order. Most other things are
>>> locked-out while that’s going on, so it’s not a mode that’s usually enabled
>>> for very long.
>>>
>>> They could have changed things since then, but from what I’ve read this
>>> particular “hairline fracture" has been around forever, and isn’t even
>>> rooted in a specific CPU or CPU family, but possibly due to interactions
>>> between the CPU and (external) memory controllers.
>>>
>>> The moral of the story is … if this is something that java or javascript
>>> or anything running in a web browser can trigger, then there’s absolutely
>>> no way to protect any aspect of the hardware whatsoever.
>>>
>>> Said another way, it would allow the web browser to install a device
>>> driver in Windows and activate it without having to reboot the machine. I
>>> for one would welcome a standalone app that would do that! Not so much
>>> something that runs in a web browser, tho.
>>>
>>> People would be patching the kernel, switching into protected mode,
>>> fiddling within things any time they like, reprogramming the hardware … I
>>> mean. there would be no limits to what could be done by code running
>>> anywhere.
>>>
>>> In 30 years we haven’t seen any evidence that this is the case, even
>>> though this has apparently been around forever.
>>>
>>> Have there even been any reports of any code “in the wild” triggering
>>> this exploit from a web browser?
>>>
>>> The articles I’ve seen only said it was discovered “in a lab” and they
>>> were able to trigger it “in the lab”.
>>>
>>> I’m not much of a conspiracy theorist, but I’m far more inclined to think
>>> this is something that the engineers who work at chip and hardware vendors
>>> have known about for decades, only never talked about, and somebody with a
>>> lot of money caught wind of it and decided to use it to win his own lottery
>>> by shorting a bunch of tech stocks before announcing this “shocking hack”
>>> to the world.
>>>
>>> -David Schwartz
>>>
>>>
>>>
>>> On Jan 8, 2018, at 8:09 PM, techlists at phpcoderusa.com wrote:
>>>
>>> Hi,
>>>
>>> I'm looking for more info or ideas on how one might protect them self
>>> given Meltdown and Spectre.
>>>
>>> Now that it has come to light that computer memory is not completely
>>> segregated or kept private by the CPU hardware... a failure in design
>>> allowing a hacker access to even the CPU Kernel memory.  This is
>>> catastrophic.
>>>
>>> I'm reading the initial solution is for the O/S manufactures to patch
>>> their Kernel to secure the memory at its boundaries.  In and of itself this
>>> seems to be a weak approach, however probably the only one at this point.
>>>
>>> I am reading that the real solution is a new bread of CPU that does not
>>> have this vulnerability. It would seem even modifying the existing CPUs and
>>> manufacturing them would take months if not a year or so.  In the meantime
>>> we have to survive with hardware patched with software.
>>>
>>> I read that desktops are the most vulnerable. Maybe that should be any
>>> devise that runs a browser.  The browser is the point of failure.
>>> Introduce some rogue JavaScript and your memory is compromised.
>>>
>>> This article says
>>> <https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUZ8NnknvQ7-2Bf6wkzOMZJ5l35vJQdR4eO1tqNkrT8g5JyjrDLC3ldM5JJdYP00A0te3bNsb8S-2FwM-2FGJBVS0BNvTQ9Wey3QjFPOff5WpHec9nAKs6Di9WPpNsBr1OIQpLPQBywUm8PtRT-2BnFqDoIIoxBo-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRf8gIt0e8Fnu-2B3rLUP-2B5SpBa7TUaFUGLIHIlS5-2BYadzPk8riHnXHIiHSPpBdRUgn-2B52xPZjdNWTyUtwjVOkwz8D9dY-2BUvu4gwXzY2oiV2CWrtDBccVqP3kLi7tgp48qDelv1vJHCGcwghCrbRbepkak-3D>
>>> one should enable site isolation using Chrome.
>>>
>>> At this point my preventative steps are:
>>>
>>> 1) flush all browsers of any usernames, passwords and history.
>>>
>>> 2) Only run the latest version of Chrome and only Chrome.
>>>
>>> 3) Configure Chrome to run in isolation mode.
>>>
>>> Anyone have any other thoughts?
>>>
>>> Thank you in advance.
>>>
>>> Keith
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBe90ZrKPsPNFnspMLdRsopRZYGIX2ARMdmeC7OzECbQaerF509GlFyEt16hZE0R-2Bck3ecElkIH5JcVBujltuaZFqBetqXBuMSYeN3giBmt0sBjzzJugaZRaVxStjkCzVU46xvqCZHxBX8mrZwfv8Iu-2Bvs7yflX3Mlgl5HV1qC7yQ4-3D>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  I only eat free-range vegetables that were hunted down and slain by
#  a member of my immediate family.  -- der.hans

From brian at snaptek.com  Tue Jan  9 17:54:31 2018
From: brian at snaptek.com (Brian Cluff)
Date: Tue, 9 Jan 2018 17:54:31 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <alpine.DEB.2.11.1801091903070.14234@post>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
 <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
 <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>
 <alpine.DEB.2.11.1801091903070.14234@post>
Message-ID: <c4257efe-ce30-eaeb-d8dd-78ff90894d67@snaptek.com>

I just got security notifications that the patches for meltdown for 
Ubuntu just hit.

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Looks like it's time for all of us to update and slow down our own 
systems... ARG!

I also saw a security update for NVIDIA cards today that implied that 
they were also effected by speculative execution bugs.

Brian Cluff


From techlists at phpcoderusa.com  Wed Jan 10 09:39:54 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Wed, 10 Jan 2018 09:39:54 -0700
Subject: =?UTF-8?Q?Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
Message-ID: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>

Hi, 

Who knows if this is true, however here it is:   

https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180110/6996c5c4/attachment.html>

From retro64xyz at gmail.com  Wed Jan 10 10:33:44 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Wed, 10 Jan 2018 10:33:44 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
Message-ID: <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>

I thought we all knew that intel has hardware level access points baked into the system specifically for the INTELigence agencies. 

See what I did there? Hah!

But seriously... If its not baked in, they just intercept devices in the mail and solder in their own goodies. So what does it REALLY matter if they just do it blanket instead of one at a time? Maybe cpu prices will go down. ...

> On Jan 10, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:
> 
> Hi,
> 
> Who knows if this is true, however here it is:  
> 
> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180110/caf0c1f1/attachment.html>

From mailinglists at mattcrews.com  Wed Jan 10 12:15:56 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 10 Jan 2018 14:15:56 -0500
Subject: =?UTF-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>
Message-ID: <dYljpVdtGGyX3RYYLwOn1veDZu1OhUJVduV-TTOCu8yNrP8l4JXyfu9aP2HUAU-SNPHfnSDEsy72LNoVSiy3-bil3Oc75oWcf6-WiHOVsvA=@mattcrews.com>

>-------- Original Message --------
>Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>Local Time: January 10, 2018 10:33 AM
>UTC Time: January 10, 2018 5:33 PM
>From: retro64xyz at gmail.com
>To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>
>
>I thought we all knew that intel has hardware level access points baked into the system specifically for the INTELigence agencies. 
>
>See what I did there? Hah!
>
>But seriously... If its not baked in, they just intercept devices in the mail and solder in their own goodies. So what does it REALLY matter if they just do it blanket instead of one at a time? Maybe cpu prices will go down. ...
>
>On Jan 10, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:
>>Hi,
>>
>>Who knows if this is true, however here it is:  
>>
>>https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1

I'm leery to buy into conspiracy theories like this, nor posts on 4chan as fact (the reddit post is clearly a screenshot of a 4chan post), but in this day and age this would not surprise me in the least if this is true.

From vodhner at cox.net  Wed Jan 10 12:48:45 2018
From: vodhner at cox.net (Victor Odhner)
Date: Wed, 10 Jan 2018 12:48:45 -0700
Subject: =?utf-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?utf-8?Q?W?=
In-Reply-To: <wjG21w00b1oaZ9c01jGMae>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com> <wjG21w00b1oaZ9c01jGMae>
Message-ID: <39AC766E-3D79-4304-8F87-E92FC68D5CA1@cox.net>

This is just another result of monoculture. When Apple gave up on Motorola CPUs, it occurred to me that we would have basically a single computer structure. It appears that this “management” thing (actually a very cute name for something that manages everybody, if true) would go around a lot of this anyway. But while Linux is fine for bypassing things we might not like about Windows or OS X, the fact is that the hardware world has become very uniform, so some things we may not like are kind of universal.

Not that someone couldn’t develop a whole new computer architecture. But another fact is that the hardware and firmware logic have so many layers, and so many of those layers are so 1960s and how they work is so totally forgotten, coming up with a different architecture would be a 30-year project!

The original Space Shuttle had at least two versions of software, and I think they also tried to build more than one hardware system, so that a bug wouldn’t take the whole thing down. Pretty hard to do something like that, back then, but quite impossible today.
______________

On 20180110, at 12:15, Matthew Crews <mailinglists at mattcrews.com> wrote:
> -------- Original Message --------
> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
> Local Time: January 10, 2018 10:33 AM
> UTC Time: January 10, 2018 5:33 PM
> From: retro64xyz at gmail.com
> To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
> 
> 
> I thought we all knew that intel has hardware level access points baked into the system specifically for the INTELigence agencies. 
> 
> See what I did there? Hah!
> 
> But seriously... If its not baked in, they just intercept devices in the mail and solder in their own goodies. So what does it REALLY matter if they just do it blanket instead of one at a time? Maybe cpu prices will go down. ...
> 
> On Jan 10, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:
>> Hi,
>> 
>> Who knows if this is true, however here it is:  
>> 
>> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1

I'm leery to buy into conspiracy theories like this, nor posts on 4chan as fact (the reddit post is clearly a screenshot of a 4chan post), but in this day and age this would not surprise me in the least if this is true.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180110/c5f1eef1/attachment.html>

From eric.oyen at icloud.com  Wed Jan 10 13:15:28 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Wed, 10 Jan 2018 13:15:28 -0700
Subject: =?windows-1252?Q?Re=3A_Post_=3A_INTEL=92S_SECURITY_FLAW_IS_NO_FL?=
 =?windows-1252?Q?AW?=
In-Reply-To: <dYljpVdtGGyX3RYYLwOn1veDZu1OhUJVduV-TTOCu8yNrP8l4JXyfu9aP2HUAU-SNPHfnSDEsy72LNoVSiy3-bil3Oc75oWcf6-WiHOVsvA=@mattcrews.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>
 <dYljpVdtGGyX3RYYLwOn1veDZu1OhUJVduV-TTOCu8yNrP8l4JXyfu9aP2HUAU-SNPHfnSDEsy72LNoVSiy3-bil3Oc75oWcf6-WiHOVsvA=@mattcrews.com>
Message-ID: <78A323DE-60E3-445C-A05A-A7CBE7181117@icloud.com>

oh boy! 4chan… I guess they have gone downhill a bit since Moot sold it off to some venture capitalist and retired to the south pacific. :)

Actually, in all seriousness, some of the more interesting news items that the main stream media refuses to deal with have shown up there from time to time. This story of the Memory cache flaw is no exception.

Still, with all the "conspiracy theories" coating around, who knows really what the truth is. Basically, it is up to us to sift through it all these days (the news media isn't going to do it anymore). 

-eric
from the central offices of the Technomage Guild, the "poking the eye of the powers-that-be" Dept.

On Jan 10, 2018, at 12:15 PM, Matthew Crews wrote:

>> -------- Original Message --------
>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>> Local Time: January 10, 2018 10:33 AM
>> UTC Time: January 10, 2018 5:33 PM
>> From: retro64xyz at gmail.com
>> To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>> 
>> 
>> I thought we all knew that intel has hardware level access points baked into the system specifically for the INTELigence agencies. 
>> 
>> See what I did there? Hah!
>> 
>> But seriously... If its not baked in, they just intercept devices in the mail and solder in their own goodies. So what does it REALLY matter if they just do it blanket instead of one at a time? Maybe cpu prices will go down. ...
>> 
>> On Jan 10, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:
>>> Hi,
>>> 
>>> Who knows if this is true, however here it is:  
>>> 
>>> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
> 
> I'm leery to buy into conspiracy theories like this, nor posts on 4chan as fact (the reddit post is clearly a screenshot of a 4chan post), but in this day and age this would not surprise me in the least if this is true.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From cryptworks at gmail.com  Wed Jan 10 13:32:59 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Wed, 10 Jan 2018 13:32:59 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <39AC766E-3D79-4304-8F87-E92FC68D5CA1@cox.net>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>
 <39AC766E-3D79-4304-8F87-E92FC68D5CA1@cox.net>
Message-ID: <CACS_G9xSZVDwh6be4AxVV1Evp-48nuxJvVJg=saAYPTSf6pSeg@mail.gmail.com>

ARM is releasing some Server Grade processors. Will be interesting to see
what their impact is. especially after this latest fubar.

That is 2 big fubars by intel in one year....

On Wed, Jan 10, 2018 at 12:48 PM, Victor Odhner <vodhner at cox.net> wrote:

> This is just another result of monoculture. When Apple gave up on Motorola
> CPUs, it occurred to me that we would have basically a single computer
> structure. It appears that this “management” thing (actually a very cute
> name for something that manages everybody, if true) would go around a lot
> of this anyway. But while Linux is fine for bypassing things we might not
> like about Windows or OS X, the fact is that the hardware world has become
> very uniform, so some things we may not like are kind of universal.
>
> Not that someone couldn’t develop a whole new computer architecture. But
> another fact is that the hardware and firmware logic have so many layers,
> and so many of those layers are so 1960s and how they work is so totally
> forgotten, coming up with a different architecture would be a 30-year
> project!
>
> The original Space Shuttle had at least two versions of software, and I
> think they also tried to build more than one hardware system, so that a bug
> wouldn’t take the whole thing down. Pretty hard to do something like that,
> back then, but quite impossible today.
> ______________
>
> On 20180110, at 12:15, Matthew Crews <mailinglists at mattcrews.com> wrote:
>
> -------- Original Message --------
> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
> Local Time: January 10, 2018 10:33 AM
> UTC Time: January 10, 2018 5:33 PM
> From: retro64xyz at gmail.com
> To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>
>
> I thought we all knew that intel has hardware level access points baked
> into the system specifically for the INTELigence agencies.
>
> See what I did there? Hah!
>
> But seriously... If its not baked in, they just intercept devices in the
> mail and solder in their own goodies. So what does it REALLY matter if they
> just do it blanket instead of one at a time? Maybe cpu prices will go down.
> ...
>
> On Jan 10, 2018, at 9:39 AM, techlists at phpcoderusa.com wrote:
>
> Hi,
>
> Who knows if this is true, however here it is:
>
> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_
> security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
>
>
> I'm leery to buy into conspiracy theories like this, nor posts on 4chan as
> fact (the reddit post is clearly a screenshot of a 4chan post), but in this
> day and age this would not surprise me in the least if this is true.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180110/a973d23d/attachment.html>

From plugaz at codezilla.xyz  Wed Jan 10 15:21:22 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Wed, 10 Jan 2018 15:21:22 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <CACS_G9xSZVDwh6be4AxVV1Evp-48nuxJvVJg=saAYPTSf6pSeg@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <92FE6438-7D5F-43F8-983B-5596D38139F0@gmail.com>
 <39AC766E-3D79-4304-8F87-E92FC68D5CA1@cox.net>
 <CACS_G9xSZVDwh6be4AxVV1Evp-48nuxJvVJg=saAYPTSf6pSeg@mail.gmail.com>
Message-ID: <bb1677a6695b2ce5d8ea4fabf623de29@obrennan.xyz>

On 2018-01-10 13:32, Stephen Partington wrote:

> ARM is releasing some Server Grade processors. Will be interesting to see what their impact is. especially after this latest fubar. 
> 
> That is 2 big fubars by intel in one year....

The more reading I do about all of this the more crazy some of it
sounds. I'm still interested in an article on Ars about the responses of
each. Basically saying Intel said do this, ARM (which licenses Intel
tech) said do this similar thing to Intel. AMD said something totally
different. AMD states they do memory different so they are not
susceptible to Meltdown and have limited liability with the Spectre
issues. AMD, while embargo'd, may have broken that embargo and let slip
what all the fuss was about before anyone was supposed to know. 

So my real questions now, as a pretty serious Intel fanboi as anyone who
knows me knows, what is AMD's real part in this? Are we naive to think
AMD isn't also embedding backdoor ME type technologies? Are they still
too small for the (pick your government alphabet agency) to worry about?
Are there security people out there dedicated to finding the same type
bugs on AMD now? While everyone affected so far has released some type
of white paper, AMD has only given lip service, which is generally what
they do anyway.  

Apple uses Intel chips, but they claim they design their own chips so
they are not susceptible, oh but here is a patch to fix it... 

I cannot wait to see more of what AMD does because they are either the
same scumbag company I have always looked at them to be ("oh look at us,
we support open source", while employing a single linux engineer and not
ever coming through on any of their promises, and don't claim the video
graphics drivers, it's garbage, and with every promise they drop support
for additional cards) or I'm going to completely give up on Intel and
flip sides faster than John Kerry in a campaign speech. 

I gotta say, I'm actually starting to get happy that my home file
server, with all my dedicated projects and personal storage, while
painfully slow with encryption because AMD doesn't include AES type
instructions, is an AMD A series processor and not an i3. 

I don't seriously expect Intel to offer refund or to replace all the
processors in the world, that would spell bankruptcy and no one would
get anything, what I do expect is to see some form of government penalty
on the CEO for insider trading (government has to get their cut) but
largely a sweep of the hand, a la Star Wars, and a look the other way. 

Intel is dead. Long live AMD...?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180110/1fe714ff/attachment.html>

From slitt at troubleshooters.com  Wed Jan 10 22:03:58 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Thu, 11 Jan 2018 00:03:58 -0500
Subject: Post : =?UTF-8?B?SU5URUzigJlT?= SECURITY FLAW IS NO FLAW
In-Reply-To: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
Message-ID: <20180111000358.4592442b@mydesk.domain.cxm>

On Wed, 10 Jan 2018 09:39:54 -0700
techlists at phpcoderusa.com wrote:

> Hi, 
> 
> Who knows if this is true, however here it is:   
> 
> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1

I would hope people smart enough and possessing enough knowledge of
logic to program computers would have the smarts and logic not to pass
along "information" like this, even with the "who knows if this is
true" disclaimer. I didn't see one reference to a remotely credible
source, and I saw an obvious political agenda in both the article and
the comments.

I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
saw nothing but drivel from wannabe poser internet journalists making
up unsupported pseudo-speculations. No different from the tabloids at
the checkout line, except probably less credible.

Passing along a URL to a sewer site like this is a disservice to all,
and lowers your credibility, "who knows if this is true" not
withstanding. I hope nobody passes this further, because it's almost
certainly just plain bullshit.

SteveT

Steve Litt 
December 2017 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive

From techlists at phpcoderusa.com  Thu Jan 11 08:41:47 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Thu, 11 Jan 2018 08:41:47 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <20180111000358.4592442b@mydesk.domain.cxm>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
Message-ID: <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>



While this article may not be factual, it is completely within the realm 
of possibilities. This is a huge problem and there may be HUGE 
consequences.

What I'd like to know is how these issues persisted for over 20 years 
without detection.  I assume Intel, AMD and the other chip manufactures 
have some really smart people on staff.  Given that, how did these 
issues, that are basic to the CPU functionality, become built in without 
detection (or functionality left out).  How is it that some guy reading 
the CPU manual discovered he could trick the CPU into spilling it's 
cache so he can have access to other programs data.  How is it that 
under certain circumstances Kernel memory can be accessed giving away 
the store.

I've read these issues may have persisted as far back as 1995.  How does 
that happen?  How does an army of engineers miss this for 23 years?  How 
do you explain that?

That means lots of people came and went.  There should have been lots of 
QA... for 23 years.

How does this happen?  Only two ways I can see 1) sloppy work, or 2) 
intentionally.

We all know that every phone call and electronic message is stored in 
Government warehouse(s).  We have all heard that it is possible to 
function our cellular phones remotely so others can spy on us. And there 
is much more....

If this was done for the Gov.  Maybe it was done for national security 
-- not meant to be used against U.S.citizens.  Maybe it was done (if 
intentional) to give the Gov the ability to spy on our adversaries.  
Maybe it started out innocently.

The bottom line is we have a HUGE problem that will take years to work 
though.   And we have a HUGE question of how did this persist for 23 
years without detection?



On 2018-01-10 22:03, Steve Litt wrote:
> On Wed, 10 Jan 2018 09:39:54 -0700
> techlists at phpcoderusa.com wrote:
> 
>> Hi,
>> 
>> Who knows if this is true, however here it is:
>> 
>> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
> 
> I would hope people smart enough and possessing enough knowledge of
> logic to program computers would have the smarts and logic not to pass
> along "information" like this, even with the "who knows if this is
> true" disclaimer. I didn't see one reference to a remotely credible
> source, and I saw an obvious political agenda in both the article and
> the comments.
> 
> I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
> saw nothing but drivel from wannabe poser internet journalists making
> up unsupported pseudo-speculations. No different from the tabloids at
> the checkout line, except probably less credible.
> 
> Passing along a URL to a sewer site like this is a disservice to all,
> and lowers your credibility, "who knows if this is true" not
> withstanding. I hope nobody passes this further, because it's almost
> certainly just plain bullshit.
> 
> SteveT
> 
> Steve Litt
> December 2017 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From cryptworks at gmail.com  Thu Jan 11 08:47:07 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Thu, 11 Jan 2018 08:47:07 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
Message-ID: <CACS_G9xzxHPdb6_pgH9eFzeoraztDoVOXZ7qR7AKNu1dyGs0iw@mail.gmail.com>

Something to consider is the the meltdown and spectre flaws are entirely
seperate than the management engine. Which has known vulnerabilities.

On Jan 11, 2018 8:41 AM, <techlists at phpcoderusa.com> wrote:

>
>
> While this article may not be factual, it is completely within the realm
> of possibilities. This is a huge problem and there may be HUGE consequences.
>
> What I'd like to know is how these issues persisted for over 20 years
> without detection.  I assume Intel, AMD and the other chip manufactures
> have some really smart people on staff.  Given that, how did these issues,
> that are basic to the CPU functionality, become built in without detection
> (or functionality left out).  How is it that some guy reading the CPU
> manual discovered he could trick the CPU into spilling it's cache so he can
> have access to other programs data.  How is it that under certain
> circumstances Kernel memory can be accessed giving away the store.
>
> I've read these issues may have persisted as far back as 1995.  How does
> that happen?  How does an army of engineers miss this for 23 years?  How do
> you explain that?
>
> That means lots of people came and went.  There should have been lots of
> QA... for 23 years.
>
> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
> intentionally.
>
> We all know that every phone call and electronic message is stored in
> Government warehouse(s).  We have all heard that it is possible to function
> our cellular phones remotely so others can spy on us. And there is much
> more....
>
> If this was done for the Gov.  Maybe it was done for national security --
> not meant to be used against U.S.citizens.  Maybe it was done (if
> intentional) to give the Gov the ability to spy on our adversaries.  Maybe
> it started out innocently.
>
> The bottom line is we have a HUGE problem that will take years to work
> though.   And we have a HUGE question of how did this persist for 23 years
> without detection?
>
>
>
> On 2018-01-10 22:03, Steve Litt wrote:
>
>> On Wed, 10 Jan 2018 09:39:54 -0700
>> techlists at phpcoderusa.com wrote:
>>
>> Hi,
>>>
>>> Who knows if this is true, however here it is:
>>>
>>> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_
>>> security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
>>>
>>
>> I would hope people smart enough and possessing enough knowledge of
>> logic to program computers would have the smarts and logic not to pass
>> along "information" like this, even with the "who knows if this is
>> true" disclaimer. I didn't see one reference to a remotely credible
>> source, and I saw an obvious political agenda in both the article and
>> the comments.
>>
>> I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
>> saw nothing but drivel from wannabe poser internet journalists making
>> up unsupported pseudo-speculations. No different from the tabloids at
>> the checkout line, except probably less credible.
>>
>> Passing along a URL to a sewer site like this is a disservice to all,
>> and lowers your credibility, "who knows if this is true" not
>> withstanding. I hope nobody passes this further, because it's almost
>> certainly just plain bullshit.
>>
>> SteveT
>>
>> Steve Litt
>> December 2017 featured book: Thriving in Tough Times
>> http://www.troubleshooters.com/thrive
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/b5060870/attachment.html>

From retro64xyz at gmail.com  Thu Jan 11 09:00:08 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Thu, 11 Jan 2018 09:00:08 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CACS_G9xzxHPdb6_pgH9eFzeoraztDoVOXZ7qR7AKNu1dyGs0iw@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CACS_G9xzxHPdb6_pgH9eFzeoraztDoVOXZ7qR7AKNu1dyGs0iw@mail.gmail.com>
Message-ID: <9D1CF6EE-A69C-44D1-8E83-26107243814C@gmail.com>

Two is one and one is none. A single flaw can get patched. Multiple flaws and over lapping issues can be pointed out as mistakes and at least one method might still work. 

Other than dlink, no one is stupid enough to declare their vulnerabilities and attacks. Right?

#Super secret anti iran flaw here

Public function dothething{
Print “lulz u got pwned”;
} //kilroy and the cia wuz here lol

> On Jan 11, 2018, at 8:47 AM, Stephen Partington <cryptworks at gmail.com> wrote:
> 
> Something to consider is the the meltdown and spectre flaws are entirely seperate than the management engine. Which has known vulnerabilities. 
> 
>> On Jan 11, 2018 8:41 AM, <techlists at phpcoderusa.com> wrote:
>> 
>> 
>> While this article may not be factual, it is completely within the realm of possibilities. This is a huge problem and there may be HUGE consequences.
>> 
>> What I'd like to know is how these issues persisted for over 20 years without detection.  I assume Intel, AMD and the other chip manufactures have some really smart people on staff.  Given that, how did these issues, that are basic to the CPU functionality, become built in without detection (or functionality left out).  How is it that some guy reading the CPU manual discovered he could trick the CPU into spilling it's cache so he can have access to other programs data.  How is it that under certain circumstances Kernel memory can be accessed giving away the store.
>> 
>> I've read these issues may have persisted as far back as 1995.  How does that happen?  How does an army of engineers miss this for 23 years?  How do you explain that?
>> 
>> That means lots of people came and went.  There should have been lots of QA... for 23 years.
>> 
>> How does this happen?  Only two ways I can see 1) sloppy work, or 2) intentionally.
>> 
>> We all know that every phone call and electronic message is stored in Government warehouse(s).  We have all heard that it is possible to function our cellular phones remotely so others can spy on us. And there is much more....
>> 
>> If this was done for the Gov.  Maybe it was done for national security -- not meant to be used against U.S.citizens.  Maybe it was done (if intentional) to give the Gov the ability to spy on our adversaries.  Maybe it started out innocently.
>> 
>> The bottom line is we have a HUGE problem that will take years to work though.   And we have a HUGE question of how did this persist for 23 years without detection?
>> 
>> 
>> 
>>> On 2018-01-10 22:03, Steve Litt wrote:
>>> On Wed, 10 Jan 2018 09:39:54 -0700
>>> techlists at phpcoderusa.com wrote:
>>> 
>>>> Hi,
>>>> 
>>>> Who knows if this is true, however here it is:
>>>> 
>>>> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
>>> 
>>> I would hope people smart enough and possessing enough knowledge of
>>> logic to program computers would have the smarts and logic not to pass
>>> along "information" like this, even with the "who knows if this is
>>> true" disclaimer. I didn't see one reference to a remotely credible
>>> source, and I saw an obvious political agenda in both the article and
>>> the comments.
>>> 
>>> I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
>>> saw nothing but drivel from wannabe poser internet journalists making
>>> up unsupported pseudo-speculations. No different from the tabloids at
>>> the checkout line, except probably less credible.
>>> 
>>> Passing along a URL to a sewer site like this is a disservice to all,
>>> and lowers your credibility, "who knows if this is true" not
>>> withstanding. I hope nobody passes this further, because it's almost
>>> certainly just plain bullshit.
>>> 
>>> SteveT
>>> 
>>> Steve Litt
>>> December 2017 featured book: Thriving in Tough Times
>>> http://www.troubleshooters.com/thrive
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/97636316/attachment.html>

From Rusty.Carruth at smartm.com  Thu Jan 11 09:02:51 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Thu, 11 Jan 2018 16:02:51 +0000
Subject: =?utf-8?B?UkU6IFBvc3QgOiBJTlRFTOKAmVMgU0VDVVJJVFkgRkxBVyBJUyBOTyBGTEFX?=
In-Reply-To: <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
Message-ID: <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>

As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)

We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))

Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).

Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.

I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)

Rusty

-----Original Message-----
From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
Sent: Thursday, January 11, 2018 8:42 AM
To: Main PLUG discussion list
Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW

...

I've read these issues may have persisted as far back as 1995.  How does 
that happen?  How does an army of engineers miss this for 23 years?  How 
do you explain that?

That means lots of people came and went.  There should have been lots of 
QA... for 23 years.

How does this happen?  Only two ways I can see 1) sloppy work, or 2) 
intentionally.


From mark at phillipsmarketing.biz  Thu Jan 11 09:11:41 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Thu, 11 Jan 2018 09:11:41 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>

There is no conspiracy here. 23 years ago no one thought about attack
vectors and how to take over machines. It is only recently that we are all
sensitized to this problem. Even though the tech world is sensitized to the
nature of exploits, companies still ship brand new products (e.g. Nest,
cars, etc.) that can be exploited by almost anyone. It was only recently
that router and switch companies stopped using admin and admin as login
credentials!

Your argument that these new CPU exploits are a government conspiracy can
be applied to any potential exploit discovered today in a piece of code
written yesterday.

Mark

On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com>
wrote:

> As mentioned earlier, I've done my share of ... um, looking for flaws in
> design of operating systems back when I was in college.  (What, 1976?)
>
> We discovered some bad flaws in the design of the <redacted>.  How long
> had the Univac been around?  I don't know, but a while.  Unless someone
> with WAY too much time on their hands is actively seeking ways around
> stuff, there's only so much 'bug' you can find. (and, actually, you really
> need more than one person involved (partially so someone can ask the
> 'right' stupid question :-))
>
> Doesn't take malice or sloppiness, and I will say being a publicly-traded
> company makes it very hard to spend the time required to even start on the
> hacking required (Being publically-traded makes your owner effectively
> insane, since your owner is actually many people, all with different and
> often diametrically opposing goals for the company).
>
> Anyway, tell you what - go read the Intel hardware docs and see if you can
> find the info needed to put together to see the bug.  And this with prior
> knowledge of where to look.
>
> I will say that this doesn't excuse much, but realize that being a public
> company drives you insane ;-)
>
> Rusty
>
> -----Original Message-----
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
> Behalf Of techlists at phpcoderusa.com
> Sent: Thursday, January 11, 2018 8:42 AM
> To: Main PLUG discussion list
> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>
> ...
>
> I've read these issues may have persisted as far back as 1995.  How does
> that happen?  How does an army of engineers miss this for 23 years?  How
> do you explain that?
>
> That means lots of people came and went.  There should have been lots of
> QA... for 23 years.
>
> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
> intentionally.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/f7c5f351/attachment.html>

From retro64xyz at gmail.com  Thu Jan 11 09:24:02 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Thu, 11 Jan 2018 09:24:02 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
Message-ID: <60291BE0-37DE-4563-B541-AEAB2F1DB115@gmail.com>

Cyber security didn’t exist until the past couple years? We have been hooking up bugs to telegraphs since the civil war. 

2016 wasn't the year we invented cyber security. ...

> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> 
> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
> 
> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
> 
> Mark
> 
>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>> 
>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>> 
>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>> 
>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>> 
>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>> 
>> Rusty
>> 
>> -----Original Message-----
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> Sent: Thursday, January 11, 2018 8:42 AM
>> To: Main PLUG discussion list
>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>> 
>> ...
>> 
>> I've read these issues may have persisted as far back as 1995.  How does
>> that happen?  How does an army of engineers miss this for 23 years?  How
>> do you explain that?
>> 
>> That means lots of people came and went.  There should have been lots of
>> QA... for 23 years.
>> 
>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>> intentionally.
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/3b99daa8/attachment.html>

From retro64xyz at gmail.com  Thu Jan 11 09:25:36 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Thu, 11 Jan 2018 09:25:36 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
Message-ID: <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>

Signals intelligence is believed to have been birthed in 1904. 

But exploiting hardware isn't new. For military, police, or criminal intentions.

You work at Intel Mark? Lol

> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> 
> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
> 
> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
> 
> Mark
> 
>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>> 
>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>> 
>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>> 
>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>> 
>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>> 
>> Rusty
>> 
>> -----Original Message-----
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> Sent: Thursday, January 11, 2018 8:42 AM
>> To: Main PLUG discussion list
>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>> 
>> ...
>> 
>> I've read these issues may have persisted as far back as 1995.  How does
>> that happen?  How does an army of engineers miss this for 23 years?  How
>> do you explain that?
>> 
>> That means lots of people came and went.  There should have been lots of
>> QA... for 23 years.
>> 
>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>> intentionally.
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/a5b0c57a/attachment.html>

From mark at phillipsmarketing.biz  Thu Jan 11 10:10:35 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Thu, 11 Jan 2018 10:10:35 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
Message-ID: <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>

No, I don't work at Intel. I am, however, not a believer in all the
government conspiracy theories floating around the Internet.

Mark

On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:

> Signals intelligence is believed to have been birthed in 1904.
>
> But exploiting hardware isn't new. For military, police, or criminal
> intentions.
>
> You work at Intel Mark? Lol
>
> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz>
> wrote:
>
> There is no conspiracy here. 23 years ago no one thought about attack
> vectors and how to take over machines. It is only recently that we are all
> sensitized to this problem. Even though the tech world is sensitized to the
> nature of exploits, companies still ship brand new products (e.g. Nest,
> cars, etc.) that can be exploited by almost anyone. It was only recently
> that router and switch companies stopped using admin and admin as login
> credentials!
>
> Your argument that these new CPU exploits are a government conspiracy can
> be applied to any potential exploit discovered today in a piece of code
> written yesterday.
>
> Mark
>
> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com>
> wrote:
>
>> As mentioned earlier, I've done my share of ... um, looking for flaws in
>> design of operating systems back when I was in college.  (What, 1976?)
>>
>> We discovered some bad flaws in the design of the <redacted>.  How long
>> had the Univac been around?  I don't know, but a while.  Unless someone
>> with WAY too much time on their hands is actively seeking ways around
>> stuff, there's only so much 'bug' you can find. (and, actually, you really
>> need more than one person involved (partially so someone can ask the
>> 'right' stupid question :-))
>>
>> Doesn't take malice or sloppiness, and I will say being a publicly-traded
>> company makes it very hard to spend the time required to even start on the
>> hacking required (Being publically-traded makes your owner effectively
>> insane, since your owner is actually many people, all with different and
>> often diametrically opposing goals for the company).
>>
>> Anyway, tell you what - go read the Intel hardware docs and see if you
>> can find the info needed to put together to see the bug.  And this with
>> prior knowledge of where to look.
>>
>> I will say that this doesn't excuse much, but realize that being a public
>> company drives you insane ;-)
>>
>> Rusty
>>
>> -----Original Message-----
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
>> Behalf Of techlists at phpcoderusa.com
>> Sent: Thursday, January 11, 2018 8:42 AM
>> To: Main PLUG discussion list
>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>>
>> ...
>>
>> I've read these issues may have persisted as far back as 1995.  How does
>> that happen?  How does an army of engineers miss this for 23 years?  How
>> do you explain that?
>>
>> That means lots of people came and went.  There should have been lots of
>> QA... for 23 years.
>>
>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>> intentionally.
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/61b02f56/attachment.html>

From retro64xyz at gmail.com  Thu Jan 11 10:29:33 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Thu, 11 Jan 2018 10:29:33 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
Message-ID: <DC61175A-7BFD-427F-B088-3A25C2A75094@gmail.com>

We had a silent helicopter we used in Vietnam to tap wires in cambodia. 

We tapped wires miles under water during the cold war. 

Russia built a listening device that used the vibrations of speech to power it and hid it in a wooden award given to a diplomat. It was found because his maid accidentally broke it. 

In the 80s and 90s we used lasers aimed at glass to measure ems from monitors. 

We have some awesome stories from every conflict on the planet. We have THE defacto military on the planet. We have enough weapons to kill every one on earth multiple times over. 

But you don't believe someone could be tasked with purposefully adding a back door to some code 20 years ago during some fab work?

Just to get that straight?

> On Jan 11, 2018, at 10:10 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> 
> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
> 
> Mark
> 
>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>> Signals intelligence is believed to have been birthed in 1904. 
>> 
>> But exploiting hardware isn't new. For military, police, or criminal intentions.
>> 
>> You work at Intel Mark? Lol
>> 
>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>> 
>> 
>>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
>>> 
>>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
>>> 
>>> Mark
>>> 
>>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>>>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>>> 
>>>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>>> 
>>>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>>> 
>>>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>>> 
>>>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>>> 
>>>> Rusty
>>>> 
>>>> -----Original Message-----
>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>>>> Sent: Thursday, January 11, 2018 8:42 AM
>>>> To: Main PLUG discussion list
>>>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>>>> 
>>>> ...
>>>> 
>>>> I've read these issues may have persisted as far back as 1995.  How does
>>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>>> do you explain that?
>>>> 
>>>> That means lots of people came and went.  There should have been lots of
>>>> QA... for 23 years.
>>>> 
>>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>>> intentionally.
>>>> 
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/8f8c5ba8/attachment.html>

From techlists at phpcoderusa.com  Thu Jan 11 10:36:18 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Thu, 11 Jan 2018 10:36:18 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
Message-ID: <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>

This is basic stuff.  Kernel memory must be segregated and each
application's memory must be segregated.  These are the basics of CPU
functionality.  That is why I find theses issues perplexing. And it
leads me to one basic question.  If these problems persisted since 1995,
how could these issue go undetected until recently when multiple
separate groups discovered these flows?  AND is it possible others have
found and used these flaws for their own gain? 

No matter what happened, politics, accident... etc We have a HUGE
problem.  Even if there were CPUs that were not vulnerable, it would
take years to replace all computers that are publicly facing.  In the
mean time there are some seriously evil people / groups / countries that
will be looking into how they can use theses chip bugs / vulnerabilities
/ features... to further their goals.  

>From what I can tell the solution is to use software - the kernel to fix
or patch the shortcomings of these CPUs.  A software patch to fix
hardware.  This is very scary.  A software patch can be removed and / or
replaced, leaving the host vulnerable.   

On 2018-01-11 10:10, Mark Phillips wrote:

> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet. 
> 
> Mark 
> 
> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
> 
> Signals intelligence is believed to have been birthed in 1904.  
> 
> But exploiting hardware isn't new. For military, police, or criminal intentions. 
> 
> You work at Intel Mark? Lol 
> 
> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> 
> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials! 
> 
> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
> 
> Mark 
> 
> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
> 
> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
> 
> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
> 
> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
> 
> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
> 
> Rusty
> 
> -----Original Message-----
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
> Sent: Thursday, January 11, 2018 8:42 AM
> To: Main PLUG discussion list
> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
> 
> ...
> 
> I've read these issues may have persisted as far back as 1995.  How does
> that happen?  How does an army of engineers miss this for 23 years?  How
> do you explain that?
> 
> That means lots of people came and went.  There should have been lots of
> QA... for 23 years.
> 
> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
> intentionally.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]

> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] 
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/4dae9f1f/attachment.html>

From mailinglists at mattcrews.com  Thu Jan 11 12:33:52 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Thu, 11 Jan 2018 14:33:52 -0500
Subject: =?UTF-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
Message-ID: <Y0az6BB5YD8mkxU1KDFBxpmZLxmCB2zLb6YuRmos0P2O3i6sr13FZY2p7mNiLI2kGLVPe3YH8mMJRTrBKlpNIgv5bzuem8eIQudzivmy7Ks=@mattcrews.com>

>-------- Original Message --------
>Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>Local Time: January 11, 2018 10:36 AM
>UTC Time: January 11, 2018 5:36 PM
>From: techlists at phpcoderusa.com
>To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>
>This is basic stuff.  Kernel memory must be segregated and each application's memory must be segregated.  These are the basics of CPU functionality.  That is why I find theses issues perplexing. And it leads me to one basic question.  If these problems persisted since 1995, how could these issue go undetected until recently when multiple separate groups discovered these flows?  AND is it possible others have found and used these flaws for their own gain?

Remember, these flaws were found by Google's Project Zero (among others). Project Zero didn't exist (publically) until about a year after the Snowden revelations, and I'm not sure it would have ever existed without such an event. Well maybe it would have, Google has its own motivations to keep things as secure as possible.
https://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html

Its not impossible for a state level actor to slip design flaws into CPUs during manufacture, if you want to go down that rabbit hole deep enough. Has it happened? Who is to say?
https://arstechnica.com/information-technology/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/

I do know that overseas organizations are MUCH less trusting of US-based hardware than in the past (and for good reason), just as we are less trusting of Chinese or Russian-based hardware for the same reasons. I sure as hell don't want to buy a Cisco router only to find that the NSA intercepted it first.

From brian at snaptek.com  Thu Jan 11 12:44:22 2018
From: brian at snaptek.com (Brian Cluff)
Date: Thu, 11 Jan 2018 12:44:22 -0700
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <c4257efe-ce30-eaeb-d8dd-78ff90894d67@snaptek.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
 <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
 <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>
 <alpine.DEB.2.11.1801091903070.14234@post>
 <c4257efe-ce30-eaeb-d8dd-78ff90894d67@snaptek.com>
Message-ID: <13994e1d-e09f-ae8f-1526-cd71176cca5a@snaptek.com>

The Intel microcode that you need to update to go along with the 
previous patches just hit.
https://usn.ubuntu.com/usn/usn-3531-1/

Brian Cluff

On 01/09/2018 05:54 PM, Brian Cluff wrote:
> I just got security notifications that the patches for meltdown for 
> Ubuntu just hit.
>
> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
>
> Looks like it's time for all of us to update and slow down our own 
> systems... ARG!
>
> I also saw a security update for NVIDIA cards today that implied that 
> they were also effected by speculative execution bugs.
>
> Brian Cluff
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


From slitt at troubleshooters.com  Thu Jan 11 14:16:56 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Thu, 11 Jan 2018 16:16:56 -0500
Subject: Post : =?UTF-8?B?SU5URUzigJlT?= SECURITY FLAW IS NO FLAW
In-Reply-To: <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
Message-ID: <20180111161656.7c81970b@mydesk.domain.cxm>

While you may not be an agent for Kim Jong-un, it's completely within
the realm of possibilities. This is a huge problem and there may be
HUGE consequences.

Not so fun when YOU'RE the target of accusations masked as ambiguity,
is it?

There's a reason we were taught at the age of 10 not to spread rumors.

Just for the record, I highly doubt you're an agent for Kim Jong-un.

SteveT




On Thu, 11 Jan 2018 08:41:47 -0700
techlists at phpcoderusa.com wrote:

> While this article may not be factual, it is completely within the
> realm of possibilities. This is a huge problem and there may be HUGE 
> consequences.
> 
> What I'd like to know is how these issues persisted for over 20 years 
> without detection.  I assume Intel, AMD and the other chip
> manufactures have some really smart people on staff.  Given that, how
> did these issues, that are basic to the CPU functionality, become
> built in without detection (or functionality left out).  How is it
> that some guy reading the CPU manual discovered he could trick the
> CPU into spilling it's cache so he can have access to other programs
> data.  How is it that under certain circumstances Kernel memory can
> be accessed giving away the store.
> 
> I've read these issues may have persisted as far back as 1995.  How
> does that happen?  How does an army of engineers miss this for 23
> years?  How do you explain that?
> 
> That means lots of people came and went.  There should have been lots
> of QA... for 23 years.
> 
> How does this happen?  Only two ways I can see 1) sloppy work, or 2) 
> intentionally.
> 
> We all know that every phone call and electronic message is stored in 
> Government warehouse(s).  We have all heard that it is possible to 
> function our cellular phones remotely so others can spy on us. And
> there is much more....
> 
> If this was done for the Gov.  Maybe it was done for national
> security -- not meant to be used against U.S.citizens.  Maybe it was
> done (if intentional) to give the Gov the ability to spy on our
> adversaries. Maybe it started out innocently.
> 
> The bottom line is we have a HUGE problem that will take years to
> work though.   And we have a HUGE question of how did this persist
> for 23 years without detection?
> 
> 
> 
> On 2018-01-10 22:03, Steve Litt wrote:
> > On Wed, 10 Jan 2018 09:39:54 -0700
> > techlists at phpcoderusa.com wrote:
> >   
> >> Hi,
> >> 
> >> Who knows if this is true, however here it is:
> >> 
> >> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1  
> > 
> > I would hope people smart enough and possessing enough knowledge of
> > logic to program computers would have the smarts and logic not to
> > pass along "information" like this, even with the "who knows if
> > this is true" disclaimer. I didn't see one reference to a remotely
> > credible source, and I saw an obvious political agenda in both the
> > article and the comments.
> > 
> > I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
> > saw nothing but drivel from wannabe poser internet journalists
> > making up unsupported pseudo-speculations. No different from the
> > tabloids at the checkout line, except probably less credible.
> > 
> > Passing along a URL to a sewer site like this is a disservice to
> > all, and lowers your credibility, "who knows if this is true" not
> > withstanding. I hope nobody passes this further, because it's almost
> > certainly just plain bullshit.
> > 
> > SteveT
> > 
> > Steve Litt
> > December 2017 featured book: Thriving in Tough Times
> > http://www.troubleshooters.com/thrive
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss  
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From plugaz at codezilla.xyz  Thu Jan 11 15:23:14 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Thu, 11 Jan 2018 15:23:14 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W_-_Or_any_other_post_for_that_matter?=
In-Reply-To: <20180111161656.7c81970b@mydesk.domain.cxm>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <20180111161656.7c81970b@mydesk.domain.cxm>
Message-ID: <2ae9634bb8373b44816f75accb74150e@codezilla.xyz>


Wow, this group is viscous. Remind me never again to post *any* form of 
opinion.


From mark at phillipsmarketing.biz  Thu Jan 11 15:59:44 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Thu, 11 Jan 2018 15:59:44 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW_=2D_Or_a?=
 =?UTF-8?Q?ny_other_post_for_that_matter?=
In-Reply-To: <2ae9634bb8373b44816f75accb74150e@codezilla.xyz>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <20180111161656.7c81970b@mydesk.domain.cxm>
 <2ae9634bb8373b44816f75accb74150e@codezilla.xyz>
Message-ID: <CAEqej2Nu-QxDA-iyha9Ns9=shpB6GWX=GQRY8LGVfrhoEyenuw@mail.gmail.com>

Hmmm....viscous, as in we are all a little dense? or vicious as in brutal?
Perhaps a little bit of both?? ;)

Nathan - my apologies if I have offended you, because that was not my
intention....just trying to lighten the mood a little.

Mark

On Thu, Jan 11, 2018 at 3:23 PM, Nathan O'Brennan <plugaz at codezilla.xyz>
wrote:

>
> Wow, this group is viscous. Remind me never again to post *any* form of
> opinion.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/06184467/attachment.html>

From eric.oyen at icloud.com  Thu Jan 11 16:17:59 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Thu, 11 Jan 2018 16:17:59 -0700
Subject: =?windows-1252?Q?Re=3A_Post_=3A_INTEL=92S_SECURITY_FLAW_IS_NO_FL?=
 =?windows-1252?Q?AW?=
In-Reply-To: <CACS_G9xzxHPdb6_pgH9eFzeoraztDoVOXZ7qR7AKNu1dyGs0iw@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CACS_G9xzxHPdb6_pgH9eFzeoraztDoVOXZ7qR7AKNu1dyGs0iw@mail.gmail.com>
Message-ID: <1E203570-89A3-40AC-BE8C-49347991F4E0@icloud.com>

The management engine has it's own issues, including not allowing non-signed software to be installed or executed (read the FSF article for further details).

-eric
from the central offices of the Technomage Guild, the "just the facts, Ma'am" Dept.

On Jan 11, 2018, at 8:47 AM, Stephen Partington wrote:

> Something to consider is the the meltdown and spectre flaws are entirely seperate than the management engine. Which has known vulnerabilities. 
> 
> On Jan 11, 2018 8:41 AM, <techlists at phpcoderusa.com> wrote:
> 
> 
> While this article may not be factual, it is completely within the realm of possibilities. This is a huge problem and there may be HUGE consequences.
> 
> What I'd like to know is how these issues persisted for over 20 years without detection.  I assume Intel, AMD and the other chip manufactures have some really smart people on staff.  Given that, how did these issues, that are basic to the CPU functionality, become built in without detection (or functionality left out).  How is it that some guy reading the CPU manual discovered he could trick the CPU into spilling it's cache so he can have access to other programs data.  How is it that under certain circumstances Kernel memory can be accessed giving away the store.
> 
> I've read these issues may have persisted as far back as 1995.  How does that happen?  How does an army of engineers miss this for 23 years?  How do you explain that?
> 
> That means lots of people came and went.  There should have been lots of QA... for 23 years.
> 
> How does this happen?  Only two ways I can see 1) sloppy work, or 2) intentionally.
> 
> We all know that every phone call and electronic message is stored in Government warehouse(s).  We have all heard that it is possible to function our cellular phones remotely so others can spy on us. And there is much more....
> 
> If this was done for the Gov.  Maybe it was done for national security -- not meant to be used against U.S.citizens.  Maybe it was done (if intentional) to give the Gov the ability to spy on our adversaries.  Maybe it started out innocently.
> 
> The bottom line is we have a HUGE problem that will take years to work though.   And we have a HUGE question of how did this persist for 23 years without detection?
> 
> 
> 
> On 2018-01-10 22:03, Steve Litt wrote:
> On Wed, 10 Jan 2018 09:39:54 -0700
> techlists at phpcoderusa.com wrote:
> 
> Hi,
> 
> Who knows if this is true, however here it is:
> 
> https://www.reddit.com/r/CBTS_Stream/comments/7pb7pv/intels_security_flaw_is_no_flaw/?st=jc9a2mp7&sh=7ef2e2c1
> 
> I would hope people smart enough and possessing enough knowledge of
> logic to program computers would have the smarts and logic not to pass
> along "information" like this, even with the "who knows if this is
> true" disclaimer. I didn't see one reference to a remotely credible
> source, and I saw an obvious political agenda in both the article and
> the comments.
> 
> I went up the URL to https://www.reddit.com/r/CBTS_Stream/ and still
> saw nothing but drivel from wannabe poser internet journalists making
> up unsupported pseudo-speculations. No different from the tabloids at
> the checkout line, except probably less credible.
> 
> Passing along a URL to a sewer site like this is a disservice to all,
> and lowers your credibility, "who knows if this is true" not
> withstanding. I hope nobody passes this further, because it's almost
> certainly just plain bullshit.
> 
> SteveT
> 
> Steve Litt
> December 2017 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/710aab15/attachment.html>

From plug-discussion at stcaz.net  Thu Jan 11 18:42:26 2018
From: plug-discussion at stcaz.net (Joseph Sinclair)
Date: Thu, 11 Jan 2018 18:42:26 -0700
Subject: =?UTF-8?Q?Re:_Post_:_INTEL=e2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
Message-ID: <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>

There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
A few points to consider:
1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.

Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.

A bit of inside-baseball here:
Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
Those are places where we can cut gate count or speed up execution.
Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
You get faster execution without any added cost and without breaking existing code.
That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.


P.S.
That reddit article is utter garbage.
Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.

On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
> This is basic stuff.  Kernel memory must be segregated and each
> application's memory must be segregated.  These are the basics of CPU
> functionality.  That is why I find theses issues perplexing. And it
> leads me to one basic question.  If these problems persisted since 1995,
> how could these issue go undetected until recently when multiple
> separate groups discovered these flows?  AND is it possible others have
> found and used these flaws for their own gain? 
> 
> No matter what happened, politics, accident... etc We have a HUGE
> problem.  Even if there were CPUs that were not vulnerable, it would
> take years to replace all computers that are publicly facing.  In the
> mean time there are some seriously evil people / groups / countries that
> will be looking into how they can use theses chip bugs / vulnerabilities
> / features... to further their goals.  
> 
>>From what I can tell the solution is to use software - the kernel to fix
> or patch the shortcomings of these CPUs.  A software patch to fix
> hardware.  This is very scary.  A software patch can be removed and / or
> replaced, leaving the host vulnerable.   
> 
> On 2018-01-11 10:10, Mark Phillips wrote:
> 
>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet. 
>>
>> Mark 
>>
>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>
>> Signals intelligence is believed to have been birthed in 1904.  
>>
>> But exploiting hardware isn't new. For military, police, or criminal intentions. 
>>
>> You work at Intel Mark? Lol 
>>
>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>
>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials! 
>>
>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
>>
>> Mark 
>>
>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>
>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>
>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>
>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>
>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>
>> Rusty
>>
>> -----Original Message-----
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> Sent: Thursday, January 11, 2018 8:42 AM
>> To: Main PLUG discussion list
>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>
>> ...
>>
>> I've read these issues may have persisted as far back as 1995.  How does
>> that happen?  How does an army of engineers miss this for 23 years?  How
>> do you explain that?
>>
>> That means lots of people came and went.  There should have been lots of
>> QA... for 23 years.
>>
>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>> intentionally.
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss 
> 
> Links:
> ------
> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/808e0789/attachment.sig>

From plugaz at codezilla.xyz  Thu Jan 11 19:11:35 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Thu, 11 Jan 2018 19:11:35 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W_-_Or_any_other_post_for_that_matter?=
In-Reply-To: <CAEqej2Nu-QxDA-iyha9Ns9=shpB6GWX=GQRY8LGVfrhoEyenuw@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <20180111161656.7c81970b@mydesk.domain.cxm>
 <2ae9634bb8373b44816f75accb74150e@codezilla.xyz>
 <CAEqej2Nu-QxDA-iyha9Ns9=shpB6GWX=GQRY8LGVfrhoEyenuw@mail.gmail.com>
Message-ID: <3f7f1d88dd48fd5e83813c4bfc1302e7@codezilla.xyz>

lol, spell check is no match for my vocabulary! 

I meant brutal. This group can be brutal. 

On 2018-01-11 15:59, Mark Phillips wrote:

> Hmmm....viscous, as in we are all a little dense? or vicious as in brutal? Perhaps a little bit of both?? ;) 
> 
> Nathan - my apologies if I have offended you, because that was not my intention....just trying to lighten the mood a little. 
> 
> Mark  
> 
> On Thu, Jan 11, 2018 at 3:23 PM, Nathan O'Brennan <plugaz at codezilla.xyz> wrote:
> 
>> Wow, this group is viscous. Remind me never again to post *any* form of opinion.
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

 

Links:
------
[1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/8370fc85/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x241A8881.asc
Type: application/pgp-keys
Size: 1723 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/8370fc85/attachment.key>

From retro64xyz at gmail.com  Thu Jan 11 19:24:19 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Thu, 11 Jan 2018 19:24:19 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
Message-ID: <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>

Thanks Joe. 

You should blog an article about this cuz that was the best explanation for the issue I have read so far. 

> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
> 
> There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
> A few points to consider:
> 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
> 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
> 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
> 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
> 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
> 
> Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
> We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
> Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
> I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
> 
> A bit of inside-baseball here:
> Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
> Those are places where we can cut gate count or speed up execution.
> Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
> My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
> It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
> You get faster execution without any added cost and without breaking existing code.
> That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
> That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
> 
> 
> P.S.
> That reddit article is utter garbage.
> Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
> The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
> The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
> Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
> As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
> 
>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>> This is basic stuff.  Kernel memory must be segregated and each
>> application's memory must be segregated.  These are the basics of CPU
>> functionality.  That is why I find theses issues perplexing. And it
>> leads me to one basic question.  If these problems persisted since 1995,
>> how could these issue go undetected until recently when multiple
>> separate groups discovered these flows?  AND is it possible others have
>> found and used these flaws for their own gain? 
>> 
>> No matter what happened, politics, accident... etc We have a HUGE
>> problem.  Even if there were CPUs that were not vulnerable, it would
>> take years to replace all computers that are publicly facing.  In the
>> mean time there are some seriously evil people / groups / countries that
>> will be looking into how they can use theses chip bugs / vulnerabilities
>> / features... to further their goals.  
>> 
>>> From what I can tell the solution is to use software - the kernel to fix
>> or patch the shortcomings of these CPUs.  A software patch to fix
>> hardware.  This is very scary.  A software patch can be removed and / or
>> replaced, leaving the host vulnerable.   
>> 
>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>> 
>>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet. 
>>> 
>>> Mark 
>>> 
>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>> 
>>> Signals intelligence is believed to have been birthed in 1904.  
>>> 
>>> But exploiting hardware isn't new. For military, police, or criminal intentions. 
>>> 
>>> You work at Intel Mark? Lol 
>>> 
>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>> 
>>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials! 
>>> 
>>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
>>> 
>>> Mark 
>>> 
>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>> 
>>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>> 
>>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>> 
>>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>> 
>>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>> 
>>> Rusty
>>> 
>>> -----Original Message-----
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>>> Sent: Thursday, January 11, 2018 8:42 AM
>>> To: Main PLUG discussion list
>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>> 
>>> ...
>>> 
>>> I've read these issues may have persisted as far back as 1995.  How does
>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>> do you explain that?
>>> 
>>> That means lots of people came and went.  There should have been lots of
>>> QA... for 23 years.
>>> 
>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>> intentionally.
>>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss 
>> 
>> Links:
>> ------
>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From cryptworks at gmail.com  Thu Jan 11 20:08:12 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Thu, 11 Jan 2018 20:08:12 -0700
Subject: LVMCache Google Slide deck Link
Message-ID: <CACS_G9xF20VRAcJfezFsOnVG-tV5J_REfN9ANys6fVVCcYOV9Q@mail.gmail.com>

https://docs.google.com/presentation/d/1O4GParMvzSODGh2e4yduAOmp7GMW-xSNuoatcvM5Df4/edit?usp=sharing


-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180111/1b2e8ce0/attachment.html>

From slitt at troubleshooters.com  Thu Jan 11 22:12:15 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Fri, 12 Jan 2018 00:12:15 -0500
Subject: Post : =?UTF-8?B?SU5URUzigJlT?= SECURITY FLAW IS NO FLAW
In-Reply-To: <DC61175A-7BFD-427F-B088-3A25C2A75094@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <DC61175A-7BFD-427F-B088-3A25C2A75094@gmail.com>
Message-ID: <20180112001215.733dc4d1@mydesk.domain.cxm>

On Thu, 11 Jan 2018 10:29:33 -0700
Aaron Jones <retro64xyz at gmail.com> wrote:

> We had a silent helicopter we used in Vietnam to tap wires in
> cambodia. 
> 
> We tapped wires miles under water during the cold war. 

[snip]

> 
> But you don't believe someone could be tasked with purposefully
> adding a back door to some code 20 years ago during some fab work?
> 
> Just to get that straight?

Speaking just for myself: I never said I disbelieved that this flaw was
could have been inserted deliberately. Accident, deliberate, I'd
believe either.

What *I* said was not to pass on rumors foisted by articles with not a
shred of reference, assigning blame for these flaws to specific
politicians, without any evidence.
 
SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

From plug-discussion at stcaz.net  Fri Jan 12 00:18:45 2018
From: plug-discussion at stcaz.net (Joseph Sinclair)
Date: Fri, 12 Jan 2018 00:18:45 -0700
Subject: =?UTF-8?Q?Re:_Post_:_INTEL=e2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
Message-ID: <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>

Feel free to repost anywhere.  I don't have a blog site I use; so no real place to post a full article...

On 2018-01-11 07:24 PM, Aaron Jones wrote:
> Thanks Joe. 
> 
> You should blog an article about this cuz that was the best explanation for the issue I have read so far. 
> 
>> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
>>
>> There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
>> A few points to consider:
>> 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
>> 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
>> 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
>> 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
>> 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
>>
>> Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
>> We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
>> Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
>> I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
>>
>> A bit of inside-baseball here:
>> Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
>> Those are places where we can cut gate count or speed up execution.
>> Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
>> My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
>> It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
>> You get faster execution without any added cost and without breaking existing code.
>> That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
>> That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
>>
>>
>> P.S.
>> That reddit article is utter garbage.
>> Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
>> The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
>> The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
>> Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
>> As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
>>
>>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>>> This is basic stuff.  Kernel memory must be segregated and each
>>> application's memory must be segregated.  These are the basics of CPU
>>> functionality.  That is why I find theses issues perplexing. And it
>>> leads me to one basic question.  If these problems persisted since 1995,
>>> how could these issue go undetected until recently when multiple
>>> separate groups discovered these flows?  AND is it possible others have
>>> found and used these flaws for their own gain? 
>>>
>>> No matter what happened, politics, accident... etc We have a HUGE
>>> problem.  Even if there were CPUs that were not vulnerable, it would
>>> take years to replace all computers that are publicly facing.  In the
>>> mean time there are some seriously evil people / groups / countries that
>>> will be looking into how they can use theses chip bugs / vulnerabilities
>>> / features... to further their goals.  
>>>
>>>> From what I can tell the solution is to use software - the kernel to fix
>>> or patch the shortcomings of these CPUs.  A software patch to fix
>>> hardware.  This is very scary.  A software patch can be removed and / or
>>> replaced, leaving the host vulnerable.   
>>>
>>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>>>
>>>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet. 
>>>>
>>>> Mark 
>>>>
>>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>>>
>>>> Signals intelligence is believed to have been birthed in 1904.  
>>>>
>>>> But exploiting hardware isn't new. For military, police, or criminal intentions. 
>>>>
>>>> You work at Intel Mark? Lol 
>>>>
>>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>>>
>>>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials! 
>>>>
>>>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday. 
>>>>
>>>> Mark 
>>>>
>>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>>>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>>>
>>>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>>>
>>>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>>>
>>>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>>>
>>>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>>>
>>>> Rusty
>>>>
>>>> -----Original Message-----
>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>>>> Sent: Thursday, January 11, 2018 8:42 AM
>>>> To: Main PLUG discussion list
>>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>>>
>>>> ...
>>>>
>>>> I've read these issues may have persisted as far back as 1995.  How does
>>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>>> do you explain that?
>>>>
>>>> That means lots of people came and went.  There should have been lots of
>>>> QA... for 23 years.
>>>>
>>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>>> intentionally.
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss 
>>>
>>> Links:
>>> ------
>>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/7061921a/attachment.sig>

From cryptworks at gmail.com  Fri Jan 12 00:29:30 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Fri, 12 Jan 2018 00:29:30 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CACS_G9yBdiMwEMMPSRxEs2nshs2yneWZ6o+6AAnaYaOP9CNufg@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <CACS_G9yBdiMwEMMPSRxEs2nshs2yneWZ6o+6AAnaYaOP9CNufg@mail.gmail.com>
Message-ID: <CACS_G9zftzVs8xZjxXnzfAvGrbC7jd-P67ynPjtSEBr_SprYzA@mail.gmail.com>

Yes. There were a couple of details I wanted but was not finding. Thank
you.

On Jan 11, 2018 7:24 PM, "Aaron Jones" <retro64xyz at gmail.com> wrote:

Thanks Joe.

You should blog an article about this cuz that was the best explanation for
the issue I have read so far.

> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net>
wrote:
>
> There seems to be a lot of confusion surrounding the recently disclosed
CPU hardware issues...
> A few points to consider:
> 1) This is a cache timing attack using speculative execution (a key
performance feature in the hardware) that exposes data (i.e. it's not an
exploit to "take over" a system); it can only read memory, and only VERY
slowly, while thrashing the heck out of the CPU.
> 2) Abusing speculative execution is literally something nobody thought of
doing until a few years ago.
> 3) The researchers spent an immense amount of time figuring out tactics
that worked, time no hardware design engineer would ever have had
available, assuming that engineer even had the knowledge to do the coding
required (hint: they don't).
> 4) Exploiting these flaws is HARD.  It requires native code execution,
careful and highly skilled coding, specific targeting of the memory to be
read, and a lot of time on the target machine without tripping alarms due
to CPU use.
> 5) The major concern here is things like VM farms because this allows
untrusted code in a guest to (very slowly) read memory from the host or
other guests.  It's possible to use in other contexts, but the cost/benefit
balance is pretty bad; desktops and other targets are far easier to exploit
with well-known and widely used "social" hacks.
>
> Lacking the full detail, I would venture that this *type* of exploit is
possible (in some form) for every Intel CPU since the original Pentium PRO
which introduced speculative execution to the Intel architecture.
> We don't need to replace hardware, fortunately, this specific set of
tactics can be mitigated by having the Kernel (along with microcode, aka
firmware) set flags in the CPU to force a full context switch in the
specific situations identified by the researchers.
> Yes, mitigation slows down execution a bit; basically the IPC for Intel
chips now roughly matches the IPC for AMD chips which always forced the
context switch (due to a different design balance).
> I would venture that this flaw is actually caused by Intel having such a
heavy focus to achieve (and maintain) higher IPC levels than AMD, and
cutting a (seemingly benign) corner to accomplish that.
>
> A bit of inside-baseball here:
> Every digital design engineer looks for what we call "don't cares"
segments of the boolean map where the logic value has no impact on the
"correctness" of the result.
> Those are places where we can cut gate count or speed up execution.
> Avoiding a context switch in a CPU with the Intel design for 3 layer
caching is one of those areas where "don't cares" can show up.
> My gut feel is that the Intel engineers saw an opportunity to retain
"correct" execution of code while speeding up speculative execution by
skipping the context switch until it was actually necessary (e.g. the
speculative branch became "live").
> It is exactly the kind of thing I can see a really smart engineer doing
because, without future knowledge, it's actually the right thing to do.
> You get faster execution without any added cost and without breaking
existing code.
> That, in retrospect, was a mistake that allowed a very sophisticated
attacker to read a few bits of unauthorized memory in a very sneaky manner.
> That someone, a decade or two after the design arose, discovered a way to
misuse that design isn't a sign of malice or malpractice; it's a sign that
security researchers are getting REALLY good at finding unexpected ways to
use hardware design against security.
>
>
> P.S.
> That reddit article is utter garbage.
> Yes, there is, on some motherboards, a Management Engine which is a
*separate* CPU, is mostly present only on "business" and server
motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and
others have been warning about that particular bit of hardware for a long
time.
> The ME has valuable functionality that makes sense for servers
especially, and for business-owned machines in general (mostly remote
system management, particularly lights-out management).
> The ME was added to the system at the request of business customers so
they could remotely access machines owned by the business (even if turned
off) and either manage their servers or ensure the main O/S and
applications were kept in compliance with policy on desktops.
> Every motherboard I've seen with an ME (and only some have one) can
disable the ME; usually with a jumper or switch on the board.
> As I understand things it was actually government buyers who demanded the
ability to disable the ME (originally it couldn't be disabled), because
government agencies are targets far more often than they are attackers.
>
>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>> This is basic stuff.  Kernel memory must be segregated and each
>> application's memory must be segregated.  These are the basics of CPU
>> functionality.  That is why I find theses issues perplexing. And it
>> leads me to one basic question.  If these problems persisted since 1995,
>> how could these issue go undetected until recently when multiple
>> separate groups discovered these flows?  AND is it possible others have
>> found and used these flaws for their own gain?
>>
>> No matter what happened, politics, accident... etc We have a HUGE
>> problem.  Even if there were CPUs that were not vulnerable, it would
>> take years to replace all computers that are publicly facing.  In the
>> mean time there are some seriously evil people / groups / countries that
>> will be looking into how they can use theses chip bugs / vulnerabilities
>> / features... to further their goals.
>>
>>> From what I can tell the solution is to use software - the kernel to fix
>> or patch the shortcomings of these CPUs.  A software patch to fix
>> hardware.  This is very scary.  A software patch can be removed and / or
>> replaced, leaving the host vulnerable.
>>
>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>>
>>> No, I don't work at Intel. I am, however, not a believer in all the
government conspiracy theories floating around the Internet.
>>>
>>> Mark
>>>
>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com>
wrote:
>>>
>>> Signals intelligence is believed to have been birthed in 1904.
>>>
>>> But exploiting hardware isn't new. For military, police, or criminal
intentions.
>>>
>>> You work at Intel Mark? Lol
>>>
>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:
>>>
>>> There is no conspiracy here. 23 years ago no one thought about attack
vectors and how to take over machines. It is only recently that we are all
sensitized to this problem. Even though the tech world is sensitized to the
nature of exploits, companies still ship brand new products (e.g. Nest,
cars, etc.) that can be exploited by almost anyone. It was only recently
that router and switch companies stopped using admin and admin as login
credentials!
>>>
>>> Your argument that these new CPU exploits are a government conspiracy
can be applied to any potential exploit discovered today in a piece of code
written yesterday.
>>>
>>> Mark
>>>
>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <
Rusty.Carruth at smartm.com> wrote:
>>> As mentioned earlier, I've done my share of ... um, looking for flaws
in design of operating systems back when I was in college.  (What, 1976?)
>>>
>>> We discovered some bad flaws in the design of the <redacted>.  How long
had the Univac been around?  I don't know, but a while.  Unless someone
with WAY too much time on their hands is actively seeking ways around
stuff, there's only so much 'bug' you can find. (and, actually, you really
need more than one person involved (partially so someone can ask the
'right' stupid question :-))
>>>
>>> Doesn't take malice or sloppiness, and I will say being a
publicly-traded company makes it very hard to spend the time required to
even start on the hacking required (Being publically-traded makes your
owner effectively insane, since your owner is actually many people, all
with different and often diametrically opposing goals for the company).
>>>
>>> Anyway, tell you what - go read the Intel hardware docs and see if you
can find the info needed to put together to see the bug.  And this with
prior knowledge of where to look.
>>>
>>> I will say that this doesn't excuse much, but realize that being a
public company drives you insane ;-)
>>>
>>> Rusty
>>>
>>> -----Original Message-----
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
Behalf Of techlists at phpcoderusa.com
>>> Sent: Thursday, January 11, 2018 8:42 AM
>>> To: Main PLUG discussion list
>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>>
>>> ...
>>>
>>> I've read these issues may have persisted as far back as 1995.  How does
>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>> do you explain that?
>>>
>>> That means lots of people came and went.  There should have been lots of
>>> QA... for 23 years.
>>>
>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>> intentionally.
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> Links:
>> ------
>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/5eff10ee/attachment.html>

From retro64xyz at gmail.com  Fri Jan 12 03:53:54 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Fri, 12 Jan 2018 03:53:54 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <CACS_G9zftzVs8xZjxXnzfAvGrbC7jd-P67ynPjtSEBr_SprYzA@mail.gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <CACS_G9yBdiMwEMMPSRxEs2nshs2yneWZ6o+6AAnaYaOP9CNufg@mail.gmail.com>
 <CACS_G9zftzVs8xZjxXnzfAvGrbC7jd-P67ynPjtSEBr_SprYzA@mail.gmail.com>
Message-ID: <D64287FA-B0C8-4A45-89FB-87F90FCC274C@gmail.com>

https://www.airspacemag.com/military-aviation/air-americas-black-helicopter-24960500/

This article says they flew Laos to NV. But I swear the first time I heard this story the teller said Cambodia. The pilot on this did a really cool writeup I can’t find any more about his experience. 

I would like to have a decibel comparison between the new silent blackhawk and the loach-p. Silent being relative.

> On Jan 12, 2018, at 12:29 AM, Stephen Partington <cryptworks at gmail.com> wrote:
> 
> Yes. There were a couple of details I wanted but was not finding. Thank you. 
> 
> On Jan 11, 2018 7:24 PM, "Aaron Jones" <retro64xyz at gmail.com> wrote:
> Thanks Joe.
> 
> You should blog an article about this cuz that was the best explanation for the issue I have read so far.
> 
> > On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
> >
> > There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
> > A few points to consider:
> > 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
> > 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
> > 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
> > 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
> > 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
> >
> > Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
> > We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
> > Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
> > I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
> >
> > A bit of inside-baseball here:
> > Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
> > Those are places where we can cut gate count or speed up execution.
> > Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
> > My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
> > It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
> > You get faster execution without any added cost and without breaking existing code.
> > That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
> > That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
> >
> >
> > P.S.
> > That reddit article is utter garbage.
> > Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
> > The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
> > The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
> > Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
> > As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
> >
> >> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
> >> This is basic stuff.  Kernel memory must be segregated and each
> >> application's memory must be segregated.  These are the basics of CPU
> >> functionality.  That is why I find theses issues perplexing. And it
> >> leads me to one basic question.  If these problems persisted since 1995,
> >> how could these issue go undetected until recently when multiple
> >> separate groups discovered these flows?  AND is it possible others have
> >> found and used these flaws for their own gain?
> >>
> >> No matter what happened, politics, accident... etc We have a HUGE
> >> problem.  Even if there were CPUs that were not vulnerable, it would
> >> take years to replace all computers that are publicly facing.  In the
> >> mean time there are some seriously evil people / groups / countries that
> >> will be looking into how they can use theses chip bugs / vulnerabilities
> >> / features... to further their goals.
> >>
> >>> From what I can tell the solution is to use software - the kernel to fix
> >> or patch the shortcomings of these CPUs.  A software patch to fix
> >> hardware.  This is very scary.  A software patch can be removed and / or
> >> replaced, leaving the host vulnerable.
> >>
> >>> On 2018-01-11 10:10, Mark Phillips wrote:
> >>>
> >>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
> >>>
> >>> Mark
> >>>
> >>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
> >>>
> >>> Signals intelligence is believed to have been birthed in 1904.
> >>>
> >>> But exploiting hardware isn't new. For military, police, or criminal intentions.
> >>>
> >>> You work at Intel Mark? Lol
> >>>
> >>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
> >>>
> >>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
> >>>
> >>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday.
> >>>
> >>> Mark
> >>>
> >>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
> >>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
> >>>
> >>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
> >>>
> >>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
> >>>
> >>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
> >>>
> >>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
> >>>
> >>> Rusty
> >>>
> >>> -----Original Message-----
> >>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
> >>> Sent: Thursday, January 11, 2018 8:42 AM
> >>> To: Main PLUG discussion list
> >>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
> >>>
> >>> ...
> >>>
> >>> I've read these issues may have persisted as far back as 1995.  How does
> >>> that happen?  How does an army of engineers miss this for 23 years?  How
> >>> do you explain that?
> >>>
> >>> That means lots of people came and went.  There should have been lots of
> >>> QA... for 23 years.
> >>>
> >>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
> >>> intentionally.
> >>>
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> >>
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >> Links:
> >> ------
> >> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/0b01999a/attachment.html>

From eric.oyen at icloud.com  Fri Jan 12 04:40:57 2018
From: eric.oyen at icloud.com (Eric Oyen)
Date: Fri, 12 Jan 2018 04:40:57 -0700
Subject: =?windows-1252?Q?Re=3A_Post_=3A_INTEL=92S_SECURITY_FLAW_IS_NO_FL?=
 =?windows-1252?Q?AW?=
In-Reply-To: <D64287FA-B0C8-4A45-89FB-87F90FCC274C@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <CACS_G9yBdiMwEMMPSRxEs2nshs2yneWZ6o+6AAnaYaOP9CNufg@mail.gmail.com>
 <CACS_G9zftzVs8xZjxXnzfAvGrbC7jd-P67ynPjtSEBr_SprYzA@mail.gmail.com>
 <D64287FA-B0C8-4A45-89FB-87F90FCC274C@gmail.com>
Message-ID: <FDD531DD-02C5-4A3D-9026-9505F9D67549@icloud.com>

hah! with my ears, I don't care how bloody silent they make the things, I can still hear those blades slicing the air at 5 miles.

-eric
from the central offices of the Technomage Guild, Sensors Dept.

On Jan 12, 2018, at 3:53 AM, Aaron Jones wrote:

> https://www.airspacemag.com/military-aviation/air-americas-black-helicopter-24960500/
> 
> This article says they flew Laos to NV. But I swear the first time I heard this story the teller said Cambodia. The pilot on this did a really cool writeup I can’t find any more about his experience. 
> 
> I would like to have a decibel comparison between the new silent blackhawk and the loach-p. Silent being relative.
> 
> On Jan 12, 2018, at 12:29 AM, Stephen Partington <cryptworks at gmail.com> wrote:
> 
>> Yes. There were a couple of details I wanted but was not finding. Thank you. 
>> 
>> On Jan 11, 2018 7:24 PM, "Aaron Jones" <retro64xyz at gmail.com> wrote:
>> Thanks Joe.
>> 
>> You should blog an article about this cuz that was the best explanation for the issue I have read so far.
>> 
>> > On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
>> >
>> > There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
>> > A few points to consider:
>> > 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
>> > 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
>> > 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
>> > 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
>> > 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
>> >
>> > Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
>> > We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
>> > Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
>> > I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
>> >
>> > A bit of inside-baseball here:
>> > Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
>> > Those are places where we can cut gate count or speed up execution.
>> > Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
>> > My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
>> > It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
>> > You get faster execution without any added cost and without breaking existing code.
>> > That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
>> > That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
>> >
>> >
>> > P.S.
>> > That reddit article is utter garbage.
>> > Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
>> > The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
>> > The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
>> > Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
>> > As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
>> >
>> >> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>> >> This is basic stuff.  Kernel memory must be segregated and each
>> >> application's memory must be segregated.  These are the basics of CPU
>> >> functionality.  That is why I find theses issues perplexing. And it
>> >> leads me to one basic question.  If these problems persisted since 1995,
>> >> how could these issue go undetected until recently when multiple
>> >> separate groups discovered these flows?  AND is it possible others have
>> >> found and used these flaws for their own gain?
>> >>
>> >> No matter what happened, politics, accident... etc We have a HUGE
>> >> problem.  Even if there were CPUs that were not vulnerable, it would
>> >> take years to replace all computers that are publicly facing.  In the
>> >> mean time there are some seriously evil people / groups / countries that
>> >> will be looking into how they can use theses chip bugs / vulnerabilities
>> >> / features... to further their goals.
>> >>
>> >>> From what I can tell the solution is to use software - the kernel to fix
>> >> or patch the shortcomings of these CPUs.  A software patch to fix
>> >> hardware.  This is very scary.  A software patch can be removed and / or
>> >> replaced, leaving the host vulnerable.
>> >>
>> >>> On 2018-01-11 10:10, Mark Phillips wrote:
>> >>>
>> >>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
>> >>>
>> >>> Mark
>> >>>
>> >>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>> >>>
>> >>> Signals intelligence is believed to have been birthed in 1904.
>> >>>
>> >>> But exploiting hardware isn't new. For military, police, or criminal intentions.
>> >>>
>> >>> You work at Intel Mark? Lol
>> >>>
>> >>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>> >>>
>> >>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
>> >>>
>> >>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday.
>> >>>
>> >>> Mark
>> >>>
>> >>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>> >>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>> >>>
>> >>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>> >>>
>> >>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>> >>>
>> >>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>> >>>
>> >>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>> >>>
>> >>> Rusty
>> >>>
>> >>> -----Original Message-----
>> >>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> >>> Sent: Thursday, January 11, 2018 8:42 AM
>> >>> To: Main PLUG discussion list
>> >>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>> >>>
>> >>> ...
>> >>>
>> >>> I've read these issues may have persisted as far back as 1995.  How does
>> >>> that happen?  How does an army of engineers miss this for 23 years?  How
>> >>> do you explain that?
>> >>>
>> >>> That means lots of people came and went.  There should have been lots of
>> >>> QA... for 23 years.
>> >>>
>> >>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>> >>> intentionally.
>> >>>
>> >>> ---------------------------------------------------
>> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >>> To subscribe, unsubscribe, or to change your mail settings:
>> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> >>
>> >>> ---------------------------------------------------
>> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >>> To subscribe, unsubscribe, or to change your mail settings:
>> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> >>
>> >> ---------------------------------------------------
>> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >> To subscribe, unsubscribe, or to change your mail settings:
>> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> >> ---------------------------------------------------
>> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >> To subscribe, unsubscribe, or to change your mail settings:
>> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >>
>> >> Links:
>> >> ------
>> >> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------
>> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> >> To subscribe, unsubscribe, or to change your mail settings:
>> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >>
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/22ab3d50/attachment.html>

From techlists at phpcoderusa.com  Fri Jan 12 09:09:01 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Fri, 12 Jan 2018 09:09:01 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
Message-ID: <7cd94a2bcaa3f51e66355dbc131e6f99@phpcoderusa.com>


What you point out is great in a sterile / lab environment, but not in 
the wild.  I am hoping the courts will find the chip manufactures liable 
for not doing more QA.  These chips are used in banking, government, all 
sorts of business, and by consumers.  We have become so dependent on 
computers that I venture to say if you took 90% of them away people 
would die -- the supply chain would fail and there would be total chaos.

It is MY opinion that the chip manufactures have a fiduciary 
responsibility to produce chips free of default, or at least free of 
default to the degree of Meltdown and Spectre.

Just like auto manufactures have a fiduciary responsibility to produce 
cars that cannot be hacked or go crazy and crash. Personally I do not 
understand why cars need computers and especially why they need to be 
connected to the Internet.

As for stockholders they probably will lose their shirts.  Just think it 
might have cost just a few pennies per CPU to find and eradicate these 
issues before they became a problem.  Would you be willing to pay a few 
more dollars per CPU to not have this issue, I would.

AND I still think this is much larger than anyone wants to say. Patching 
hardware with software is an exploit waiting to happen.

I assure you the Russians, Chinese, North Koreans, and possibly all the 
members of the UN are looking at ways to use these CPU weaknesses 
against us, not to mention every black hat in the world.




On 2018-01-11 18:42, Joseph Sinclair wrote:
> There seems to be a lot of confusion surrounding the recently
> disclosed CPU hardware issues...
> A few points to consider:
> 1) This is a cache timing attack using speculative execution (a key
> performance feature in the hardware) that exposes data (i.e. it's not
> an exploit to "take over" a system); it can only read memory, and only
> VERY slowly, while thrashing the heck out of the CPU.
> 2) Abusing speculative execution is literally something nobody thought
> of doing until a few years ago.
> 3) The researchers spent an immense amount of time figuring out
> tactics that worked, time no hardware design engineer would ever have
> had available, assuming that engineer even had the knowledge to do the
> coding required (hint: they don't).
> 4) Exploiting these flaws is HARD.  It requires native code execution,
> careful and highly skilled coding, specific targeting of the memory to
> be read, and a lot of time on the target machine without tripping
> alarms due to CPU use.
> 5) The major concern here is things like VM farms because this allows
> untrusted code in a guest to (very slowly) read memory from the host
> or other guests.  It's possible to use in other contexts, but the
> cost/benefit balance is pretty bad; desktops and other targets are far
> easier to exploit with well-known and widely used "social" hacks.
> 
> Lacking the full detail, I would venture that this *type* of exploit
> is possible (in some form) for every Intel CPU since the original
> Pentium PRO which introduced speculative execution to the Intel
> architecture.
> We don't need to replace hardware, fortunately, this specific set of
> tactics can be mitigated by having the Kernel (along with microcode,
> aka firmware) set flags in the CPU to force a full context switch in
> the specific situations identified by the researchers.
> Yes, mitigation slows down execution a bit; basically the IPC for
> Intel chips now roughly matches the IPC for AMD chips which always
> forced the context switch (due to a different design balance).
> I would venture that this flaw is actually caused by Intel having such
> a heavy focus to achieve (and maintain) higher IPC levels than AMD,
> and cutting a (seemingly benign) corner to accomplish that.
> 
> A bit of inside-baseball here:
> Every digital design engineer looks for what we call "don't cares"
> segments of the boolean map where the logic value has no impact on the
> "correctness" of the result.
> Those are places where we can cut gate count or speed up execution.
> Avoiding a context switch in a CPU with the Intel design for 3 layer
> caching is one of those areas where "don't cares" can show up.
> My gut feel is that the Intel engineers saw an opportunity to retain
> "correct" execution of code while speeding up speculative execution by
> skipping the context switch until it was actually necessary (e.g. the
> speculative branch became "live").
> It is exactly the kind of thing I can see a really smart engineer
> doing because, without future knowledge, it's actually the right thing
> to do.
> You get faster execution without any added cost and without breaking
> existing code.
> That, in retrospect, was a mistake that allowed a very sophisticated
> attacker to read a few bits of unauthorized memory in a very sneaky
> manner.
> That someone, a decade or two after the design arose, discovered a way
> to misuse that design isn't a sign of malice or malpractice; it's a
> sign that security researchers are getting REALLY good at finding
> unexpected ways to use hardware design against security.
> 
> 
> P.S.
> That reddit article is utter garbage.
> Yes, there is, on some motherboards, a Management Engine which is a
> *separate* CPU, is mostly present only on "business" and server
> motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF
> and others have been warning about that particular bit of hardware for
> a long time.
> The ME has valuable functionality that makes sense for servers
> especially, and for business-owned machines in general (mostly remote
> system management, particularly lights-out management).
> The ME was added to the system at the request of business customers so
> they could remotely access machines owned by the business (even if
> turned off) and either manage their servers or ensure the main O/S and
> applications were kept in compliance with policy on desktops.
> Every motherboard I've seen with an ME (and only some have one) can
> disable the ME; usually with a jumper or switch on the board.
> As I understand things it was actually government buyers who demanded
> the ability to disable the ME (originally it couldn't be disabled),
> because government agencies are targets far more often than they are
> attackers.
> 
> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>> This is basic stuff.  Kernel memory must be segregated and each
>> application's memory must be segregated.  These are the basics of CPU
>> functionality.  That is why I find theses issues perplexing. And it
>> leads me to one basic question.  If these problems persisted since 
>> 1995,
>> how could these issue go undetected until recently when multiple
>> separate groups discovered these flows?  AND is it possible others 
>> have
>> found and used these flaws for their own gain?
>> 
>> No matter what happened, politics, accident... etc We have a HUGE
>> problem.  Even if there were CPUs that were not vulnerable, it would
>> take years to replace all computers that are publicly facing.  In the
>> mean time there are some seriously evil people / groups / countries 
>> that
>> will be looking into how they can use theses chip bugs / 
>> vulnerabilities
>> / features... to further their goals.
>> 
>>> From what I can tell the solution is to use software - the kernel to 
>>> fix
>> or patch the shortcomings of these CPUs.  A software patch to fix
>> hardware.  This is very scary.  A software patch can be removed and / 
>> or
>> replaced, leaving the host vulnerable.
>> 
>> On 2018-01-11 10:10, Mark Phillips wrote:
>> 
>>> No, I don't work at Intel. I am, however, not a believer in all the 
>>> government conspiracy theories floating around the Internet.
>>> 
>>> Mark
>>> 
>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> 
>>> wrote:
>>> 
>>> Signals intelligence is believed to have been birthed in 1904.
>>> 
>>> But exploiting hardware isn't new. For military, police, or criminal 
>>> intentions.
>>> 
>>> You work at Intel Mark? Lol
>>> 
>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips 
>>> <mark at phillipsmarketing.biz> wrote:
>>> 
>>> There is no conspiracy here. 23 years ago no one thought about attack 
>>> vectors and how to take over machines. It is only recently that we 
>>> are all sensitized to this problem. Even though the tech world is 
>>> sensitized to the nature of exploits, companies still ship brand new 
>>> products (e.g. Nest, cars, etc.) that can be exploited by almost 
>>> anyone. It was only recently that router and switch companies stopped 
>>> using admin and admin as login credentials!
>>> 
>>> Your argument that these new CPU exploits are a government conspiracy 
>>> can be applied to any potential exploit discovered today in a piece 
>>> of code written yesterday.
>>> 
>>> Mark
>>> 
>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty 
>>> <Rusty.Carruth at smartm.com> wrote:
>>> As mentioned earlier, I've done my share of ... um, looking for flaws 
>>> in design of operating systems back when I was in college.  (What, 
>>> 1976?)
>>> 
>>> We discovered some bad flaws in the design of the <redacted>.  How 
>>> long had the Univac been around?  I don't know, but a while.  Unless 
>>> someone with WAY too much time on their hands is actively seeking 
>>> ways around stuff, there's only so much 'bug' you can find. (and, 
>>> actually, you really need more than one person involved (partially so 
>>> someone can ask the 'right' stupid question :-))
>>> 
>>> Doesn't take malice or sloppiness, and I will say being a 
>>> publicly-traded company makes it very hard to spend the time required 
>>> to even start on the hacking required (Being publically-traded makes 
>>> your owner effectively insane, since your owner is actually many 
>>> people, all with different and often diametrically opposing goals for 
>>> the company).
>>> 
>>> Anyway, tell you what - go read the Intel hardware docs and see if 
>>> you can find the info needed to put together to see the bug.  And 
>>> this with prior knowledge of where to look.
>>> 
>>> I will say that this doesn't excuse much, but realize that being a 
>>> public company drives you insane ;-)
>>> 
>>> Rusty
>>> 
>>> -----Original Message-----
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] 
>>> On Behalf Of techlists at phpcoderusa.com
>>> Sent: Thursday, January 11, 2018 8:42 AM
>>> To: Main PLUG discussion list
>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>> 
>>> ...
>>> 
>>> I've read these issues may have persisted as far back as 1995.  How 
>>> does
>>> that happen?  How does an army of engineers miss this for 23 years?  
>>> How
>>> do you explain that?
>>> 
>>> That means lots of people came and went.  There should have been lots 
>>> of
>>> QA... for 23 years.
>>> 
>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>> intentionally.
>>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> 
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> Links:
>> ------
>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
>> 
>> 
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> 
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From bmike1 at gmail.com  Fri Jan 12 13:39:31 2018
From: bmike1 at gmail.com (Michael)
Date: Fri, 12 Jan 2018 15:39:31 -0500
Subject: Burn image to external drive
Message-ID: <CAFRvunLbQomN9RxoCGJ39vZLR-q6WK5vhaoDQVM-0XfV3FX3aQ@mail.gmail.com>

Well,my DVD burner died and all I could get to replace it was an external
drive. I need to reburn my OS image to disk. How do I do it?

-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/f6bddd98/attachment.html>

From mhgraham at crow202.org  Fri Jan 12 13:56:58 2018
From: mhgraham at crow202.org (Matt Graham)
Date: Fri, 12 Jan 2018 13:56:58 -0700
Subject: Burn image to external drive
In-Reply-To: <CAFRvunLbQomN9RxoCGJ39vZLR-q6WK5vhaoDQVM-0XfV3FX3aQ@mail.gmail.com>
References: <CAFRvunLbQomN9RxoCGJ39vZLR-q6WK5vhaoDQVM-0XfV3FX3aQ@mail.gmail.com>
Message-ID: <0af57c518d3faf7bd416a81b8d11d932@crow202.org>

On 2018-01-12 13:39, Michael wrote:
> Well, my DVD burner died and all I could get to replace it was an
> external drive. I need to reburn my OS image to disk. How do I do it?

If you meant "an external DVD+-RW drive", then if it's USB, it'll just 
show up as a SCSI device as normal.  Plug it in and you can use 
cdrecord/growisofs/k3b to burn a disc the way you did previously.

If you meant "an external hard disk", then you remember that any x86 
that can boot from a USB device can boot from an ISO image that's been 
dd'ed to a USB device.  Plug the disk in, then figure out which device 
node it is.  I'll call it /dev/sdX here.  Then "dd 
if=my_install_image.iso of=/dev/sdX bs=32k".  Then make sure "USB" is 
above "hard disk" in the BIOS boot order.

-- 
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.

From plugaz at codezilla.xyz  Fri Jan 12 14:09:53 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Fri, 12 Jan 2018 14:09:53 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>
Message-ID: <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>


Would SELinux protect in any way against either of these 
vulnerabilities?


On 2018-01-12 00:18, Joseph Sinclair wrote:
> Feel free to repost anywhere.  I don't have a blog site I use; so no
> real place to post a full article...
> 
> On 2018-01-11 07:24 PM, Aaron Jones wrote:
>> Thanks Joe.
>> 
>> You should blog an article about this cuz that was the best 
>> explanation for the issue I have read so far.
>> 
>>> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair 
>>> <plug-discussion at stcaz.net> wrote:
>>> 
>>> There seems to be a lot of confusion surrounding the recently 
>>> disclosed CPU hardware issues...
>>> A few points to consider:
>>> 1) This is a cache timing attack using speculative execution (a key 
>>> performance feature in the hardware) that exposes data (i.e. it's not 
>>> an exploit to "take over" a system); it can only read memory, and 
>>> only VERY slowly, while thrashing the heck out of the CPU.
>>> 2) Abusing speculative execution is literally something nobody 
>>> thought of doing until a few years ago.
>>> 3) The researchers spent an immense amount of time figuring out 
>>> tactics that worked, time no hardware design engineer would ever have 
>>> had available, assuming that engineer even had the knowledge to do 
>>> the coding required (hint: they don't).
>>> 4) Exploiting these flaws is HARD.  It requires native code 
>>> execution, careful and highly skilled coding, specific targeting of 
>>> the memory to be read, and a lot of time on the target machine 
>>> without tripping alarms due to CPU use.
>>> 5) The major concern here is things like VM farms because this allows 
>>> untrusted code in a guest to (very slowly) read memory from the host 
>>> or other guests.  It's possible to use in other contexts, but the 
>>> cost/benefit balance is pretty bad; desktops and other targets are 
>>> far easier to exploit with well-known and widely used "social" hacks.
>>> 
>>> Lacking the full detail, I would venture that this *type* of exploit 
>>> is possible (in some form) for every Intel CPU since the original 
>>> Pentium PRO which introduced speculative execution to the Intel 
>>> architecture.
>>> We don't need to replace hardware, fortunately, this specific set of 
>>> tactics can be mitigated by having the Kernel (along with microcode, 
>>> aka firmware) set flags in the CPU to force a full context switch in 
>>> the specific situations identified by the researchers.
>>> Yes, mitigation slows down execution a bit; basically the IPC for 
>>> Intel chips now roughly matches the IPC for AMD chips which always 
>>> forced the context switch (due to a different design balance).
>>> I would venture that this flaw is actually caused by Intel having 
>>> such a heavy focus to achieve (and maintain) higher IPC levels than 
>>> AMD, and cutting a (seemingly benign) corner to accomplish that.
>>> 
>>> A bit of inside-baseball here:
>>> Every digital design engineer looks for what we call "don't cares"  
>>> segments of the boolean map where the logic value has no impact on 
>>> the "correctness" of the result.
>>> Those are places where we can cut gate count or speed up execution.
>>> Avoiding a context switch in a CPU with the Intel design for 3 layer 
>>> caching is one of those areas where "don't cares" can show up.
>>> My gut feel is that the Intel engineers saw an opportunity to retain 
>>> "correct" execution of code while speeding up speculative execution 
>>> by skipping the context switch until it was actually necessary (e.g. 
>>> the speculative branch became "live").
>>> It is exactly the kind of thing I can see a really smart engineer 
>>> doing because, without future knowledge, it's actually the right 
>>> thing to do.
>>> You get faster execution without any added cost and without breaking 
>>> existing code.
>>> That, in retrospect, was a mistake that allowed a very sophisticated 
>>> attacker to read a few bits of unauthorized memory in a very sneaky 
>>> manner.
>>> That someone, a decade or two after the design arose, discovered a 
>>> way to misuse that design isn't a sign of malice or malpractice; it's 
>>> a sign that security researchers are getting REALLY good at finding 
>>> unexpected ways to use hardware design against security.
>>> 
>>> 
>>> P.S.
>>> That reddit article is utter garbage.
>>> Yes, there is, on some motherboards, a Management Engine which is a 
>>> *separate* CPU, is mostly present only on "business" and server 
>>> motherboards, and has NOTHING TO DO WITH the recent exploits.  The 
>>> FSF and others have been warning about that particular bit of 
>>> hardware for a long time.
>>> The ME has valuable functionality that makes sense for servers 
>>> especially, and for business-owned machines in general (mostly remote 
>>> system management, particularly lights-out management).
>>> The ME was added to the system at the request of business customers 
>>> so they could remotely access machines owned by the business (even if 
>>> turned off) and either manage their servers or ensure the main O/S 
>>> and applications were kept in compliance with policy on desktops.
>>> Every motherboard I've seen with an ME (and only some have one) can 
>>> disable the ME; usually with a jumper or switch on the board.
>>> As I understand things it was actually government buyers who demanded 
>>> the ability to disable the ME (originally it couldn't be disabled), 
>>> because government agencies are targets far more often than they are 
>>> attackers.
>>> 
>>>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>>>> This is basic stuff.  Kernel memory must be segregated and each
>>>> application's memory must be segregated.  These are the basics of 
>>>> CPU
>>>> functionality.  That is why I find theses issues perplexing. And it
>>>> leads me to one basic question.  If these problems persisted since 
>>>> 1995,
>>>> how could these issue go undetected until recently when multiple
>>>> separate groups discovered these flows?  AND is it possible others 
>>>> have
>>>> found and used these flaws for their own gain?
>>>> 
>>>> No matter what happened, politics, accident... etc We have a HUGE
>>>> problem.  Even if there were CPUs that were not vulnerable, it would
>>>> take years to replace all computers that are publicly facing.  In 
>>>> the
>>>> mean time there are some seriously evil people / groups / countries 
>>>> that
>>>> will be looking into how they can use theses chip bugs / 
>>>> vulnerabilities
>>>> / features... to further their goals.
>>>> 
>>>>> From what I can tell the solution is to use software - the kernel 
>>>>> to fix
>>>> or patch the shortcomings of these CPUs.  A software patch to fix
>>>> hardware.  This is very scary.  A software patch can be removed and 
>>>> / or
>>>> replaced, leaving the host vulnerable.
>>>> 
>>>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>>>> 
>>>>> No, I don't work at Intel. I am, however, not a believer in all the 
>>>>> government conspiracy theories floating around the Internet.
>>>>> 
>>>>> Mark
>>>>> 
>>>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> 
>>>>> wrote:
>>>>> 
>>>>> Signals intelligence is believed to have been birthed in 1904.
>>>>> 
>>>>> But exploiting hardware isn't new. For military, police, or 
>>>>> criminal intentions.
>>>>> 
>>>>> You work at Intel Mark? Lol
>>>>> 
>>>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips 
>>>>> <mark at phillipsmarketing.biz> wrote:
>>>>> 
>>>>> There is no conspiracy here. 23 years ago no one thought about 
>>>>> attack vectors and how to take over machines. It is only recently 
>>>>> that we are all sensitized to this problem. Even though the tech 
>>>>> world is sensitized to the nature of exploits, companies still ship 
>>>>> brand new products (e.g. Nest, cars, etc.) that can be exploited by 
>>>>> almost anyone. It was only recently that router and switch 
>>>>> companies stopped using admin and admin as login credentials!
>>>>> 
>>>>> Your argument that these new CPU exploits are a government 
>>>>> conspiracy can be applied to any potential exploit discovered today 
>>>>> in a piece of code written yesterday.
>>>>> 
>>>>> Mark
>>>>> 
>>>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty 
>>>>> <Rusty.Carruth at smartm.com> wrote:
>>>>> As mentioned earlier, I've done my share of ... um, looking for 
>>>>> flaws in design of operating systems back when I was in college.  
>>>>> (What, 1976?)
>>>>> 
>>>>> We discovered some bad flaws in the design of the <redacted>.  How 
>>>>> long had the Univac been around?  I don't know, but a while.  
>>>>> Unless someone with WAY too much time on their hands is actively 
>>>>> seeking ways around stuff, there's only so much 'bug' you can find. 
>>>>> (and, actually, you really need more than one person involved 
>>>>> (partially so someone can ask the 'right' stupid question :-))
>>>>> 
>>>>> Doesn't take malice or sloppiness, and I will say being a 
>>>>> publicly-traded company makes it very hard to spend the time 
>>>>> required to even start on the hacking required (Being 
>>>>> publically-traded makes your owner effectively insane, since your 
>>>>> owner is actually many people, all with different and often 
>>>>> diametrically opposing goals for the company).
>>>>> 
>>>>> Anyway, tell you what - go read the Intel hardware docs and see if 
>>>>> you can find the info needed to put together to see the bug.  And 
>>>>> this with prior knowledge of where to look.
>>>>> 
>>>>> I will say that this doesn't excuse much, but realize that being a 
>>>>> public company drives you insane ;-)
>>>>> 
>>>>> Rusty
>>>>> 
>>>>> -----Original Message-----
>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] 
>>>>> On Behalf Of techlists at phpcoderusa.com
>>>>> Sent: Thursday, January 11, 2018 8:42 AM
>>>>> To: Main PLUG discussion list
>>>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>>>> 
>>>>> ...
>>>>> 
>>>>> I've read these issues may have persisted as far back as 1995.  How 
>>>>> does
>>>>> that happen?  How does an army of engineers miss this for 23 years? 
>>>>>  How
>>>>> do you explain that?
>>>>> 
>>>>> That means lots of people came and went.  There should have been 
>>>>> lots of
>>>>> QA... for 23 years.
>>>>> 
>>>>> How does this happen?  Only two ways I can see 1) sloppy work, or 
>>>>> 2)
>>>>> intentionally.
>>>>> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x241A8881.asc
Type: application/pgp-keys
Size: 1723 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/7cbf7c3d/attachment.key>

From retro64xyz at gmail.com  Fri Jan 12 15:54:57 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Fri, 12 Jan 2018 15:54:57 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>
 <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>
Message-ID: <C33047DB-FB90-44CE-A4CC-5CC342E840FD@gmail.com>

I am fairly sure selinux does not have any protection against this. 

> On Jan 12, 2018, at 2:09 PM, Nathan O'Brennan <plugaz at codezilla.xyz> wrote:
> 
> 
> Would SELinux protect in any way against either of these vulnerabilities?
> 
> 
>> On 2018-01-12 00:18, Joseph Sinclair wrote:
>> Feel free to repost anywhere.  I don't have a blog site I use; so no
>> real place to post a full article...
>>> On 2018-01-11 07:24 PM, Aaron Jones wrote:
>>> Thanks Joe.
>>> You should blog an article about this cuz that was the best explanation for the issue I have read so far.
>>>> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
>>>> There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
>>>> A few points to consider:
>>>> 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
>>>> 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
>>>> 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
>>>> 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
>>>> 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
>>>> Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
>>>> We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
>>>> Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
>>>> I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
>>>> A bit of inside-baseball here:
>>>> Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
>>>> Those are places where we can cut gate count or speed up execution.
>>>> Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
>>>> My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
>>>> It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
>>>> You get faster execution without any added cost and without breaking existing code.
>>>> That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
>>>> That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
>>>> P.S.
>>>> That reddit article is utter garbage.
>>>> Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
>>>> The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
>>>> The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
>>>> Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
>>>> As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
>>>>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>>>>> This is basic stuff.  Kernel memory must be segregated and each
>>>>> application's memory must be segregated.  These are the basics of CPU
>>>>> functionality.  That is why I find theses issues perplexing. And it
>>>>> leads me to one basic question.  If these problems persisted since 1995,
>>>>> how could these issue go undetected until recently when multiple
>>>>> separate groups discovered these flows?  AND is it possible others have
>>>>> found and used these flaws for their own gain?
>>>>> No matter what happened, politics, accident... etc We have a HUGE
>>>>> problem.  Even if there were CPUs that were not vulnerable, it would
>>>>> take years to replace all computers that are publicly facing.  In the
>>>>> mean time there are some seriously evil people / groups / countries that
>>>>> will be looking into how they can use theses chip bugs / vulnerabilities
>>>>> / features... to further their goals.
>>>>>> From what I can tell the solution is to use software - the kernel to fix
>>>>> or patch the shortcomings of these CPUs.  A software patch to fix
>>>>> hardware.  This is very scary.  A software patch can be removed and / or
>>>>> replaced, leaving the host vulnerable.
>>>>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>>>>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
>>>>>> Mark
>>>>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>>>>> Signals intelligence is believed to have been birthed in 1904.
>>>>>> But exploiting hardware isn't new. For military, police, or criminal intentions.
>>>>>> You work at Intel Mark? Lol
>>>>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>>>>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
>>>>>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday.
>>>>>> Mark
>>>>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>>>>>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>>>>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>>>>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>>>>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>>>>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>>>>> Rusty
>>>>>> -----Original Message-----
>>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>>>>>> Sent: Thursday, January 11, 2018 8:42 AM
>>>>>> To: Main PLUG discussion list
>>>>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>>>>> ...
>>>>>> I've read these issues may have persisted as far back as 1995.  How does
>>>>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>>>>> do you explain that?
>>>>>> That means lots of people came and went.  There should have been lots of
>>>>>> QA... for 23 years.
>>>>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>>>>> intentionally.
> <0x241A8881.asc>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

From retro64xyz at gmail.com  Fri Jan 12 16:14:10 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Fri, 12 Jan 2018 16:14:10 -0700
Subject: =?utf-8?Q?Re:_Post_:_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLAW?=
In-Reply-To: <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>
 <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>
Message-ID: <732F89AC-D94D-4F15-9036-2388D5509F05@gmail.com>

http://www.dw.com/en/new-security-flaw-detected-in-intel-hardware/a-42122823

New flaw in intel amt. again

Also. The new fix for spdctre and meltdown causes uncontrolled reboots in some haswell and broadwell processors. 


> On Jan 12, 2018, at 2:09 PM, Nathan O'Brennan <plugaz at codezilla.xyz> wrote:
> 
> 
> Would SELinux protect in any way against either of these vulnerabilities?
> 
> 
>> On 2018-01-12 00:18, Joseph Sinclair wrote:
>> Feel free to repost anywhere.  I don't have a blog site I use; so no
>> real place to post a full article...
>>> On 2018-01-11 07:24 PM, Aaron Jones wrote:
>>> Thanks Joe.
>>> You should blog an article about this cuz that was the best explanation for the issue I have read so far.
>>>> On Jan 11, 2018, at 6:42 PM, Joseph Sinclair <plug-discussion at stcaz.net> wrote:
>>>> There seems to be a lot of confusion surrounding the recently disclosed CPU hardware issues...
>>>> A few points to consider:
>>>> 1) This is a cache timing attack using speculative execution (a key performance feature in the hardware) that exposes data (i.e. it's not an exploit to "take over" a system); it can only read memory, and only VERY slowly, while thrashing the heck out of the CPU.
>>>> 2) Abusing speculative execution is literally something nobody thought of doing until a few years ago.
>>>> 3) The researchers spent an immense amount of time figuring out tactics that worked, time no hardware design engineer would ever have had available, assuming that engineer even had the knowledge to do the coding required (hint: they don't).
>>>> 4) Exploiting these flaws is HARD.  It requires native code execution, careful and highly skilled coding, specific targeting of the memory to be read, and a lot of time on the target machine without tripping alarms due to CPU use.
>>>> 5) The major concern here is things like VM farms because this allows untrusted code in a guest to (very slowly) read memory from the host or other guests.  It's possible to use in other contexts, but the cost/benefit balance is pretty bad; desktops and other targets are far easier to exploit with well-known and widely used "social" hacks.
>>>> Lacking the full detail, I would venture that this *type* of exploit is possible (in some form) for every Intel CPU since the original Pentium PRO which introduced speculative execution to the Intel architecture.
>>>> We don't need to replace hardware, fortunately, this specific set of tactics can be mitigated by having the Kernel (along with microcode, aka firmware) set flags in the CPU to force a full context switch in the specific situations identified by the researchers.
>>>> Yes, mitigation slows down execution a bit; basically the IPC for Intel chips now roughly matches the IPC for AMD chips which always forced the context switch (due to a different design balance).
>>>> I would venture that this flaw is actually caused by Intel having such a heavy focus to achieve (and maintain) higher IPC levels than AMD, and cutting a (seemingly benign) corner to accomplish that.
>>>> A bit of inside-baseball here:
>>>> Every digital design engineer looks for what we call "don't cares"  segments of the boolean map where the logic value has no impact on the "correctness" of the result.
>>>> Those are places where we can cut gate count or speed up execution.
>>>> Avoiding a context switch in a CPU with the Intel design for 3 layer caching is one of those areas where "don't cares" can show up.
>>>> My gut feel is that the Intel engineers saw an opportunity to retain "correct" execution of code while speeding up speculative execution by skipping the context switch until it was actually necessary (e.g. the speculative branch became "live").
>>>> It is exactly the kind of thing I can see a really smart engineer doing because, without future knowledge, it's actually the right thing to do.
>>>> You get faster execution without any added cost and without breaking existing code.
>>>> That, in retrospect, was a mistake that allowed a very sophisticated attacker to read a few bits of unauthorized memory in a very sneaky manner.
>>>> That someone, a decade or two after the design arose, discovered a way to misuse that design isn't a sign of malice or malpractice; it's a sign that security researchers are getting REALLY good at finding unexpected ways to use hardware design against security.
>>>> P.S.
>>>> That reddit article is utter garbage.
>>>> Yes, there is, on some motherboards, a Management Engine which is a *separate* CPU, is mostly present only on "business" and server motherboards, and has NOTHING TO DO WITH the recent exploits.  The FSF and others have been warning about that particular bit of hardware for a long time.
>>>> The ME has valuable functionality that makes sense for servers especially, and for business-owned machines in general (mostly remote system management, particularly lights-out management).
>>>> The ME was added to the system at the request of business customers so they could remotely access machines owned by the business (even if turned off) and either manage their servers or ensure the main O/S and applications were kept in compliance with policy on desktops.
>>>> Every motherboard I've seen with an ME (and only some have one) can disable the ME; usually with a jumper or switch on the board.
>>>> As I understand things it was actually government buyers who demanded the ability to disable the ME (originally it couldn't be disabled), because government agencies are targets far more often than they are attackers.
>>>>> On 2018-01-11 10:36 AM, techlists at phpcoderusa.com wrote:
>>>>> This is basic stuff.  Kernel memory must be segregated and each
>>>>> application's memory must be segregated.  These are the basics of CPU
>>>>> functionality.  That is why I find theses issues perplexing. And it
>>>>> leads me to one basic question.  If these problems persisted since 1995,
>>>>> how could these issue go undetected until recently when multiple
>>>>> separate groups discovered these flows?  AND is it possible others have
>>>>> found and used these flaws for their own gain?
>>>>> No matter what happened, politics, accident... etc We have a HUGE
>>>>> problem.  Even if there were CPUs that were not vulnerable, it would
>>>>> take years to replace all computers that are publicly facing.  In the
>>>>> mean time there are some seriously evil people / groups / countries that
>>>>> will be looking into how they can use theses chip bugs / vulnerabilities
>>>>> / features... to further their goals.
>>>>>> From what I can tell the solution is to use software - the kernel to fix
>>>>> or patch the shortcomings of these CPUs.  A software patch to fix
>>>>> hardware.  This is very scary.  A software patch can be removed and / or
>>>>> replaced, leaving the host vulnerable.
>>>>>> On 2018-01-11 10:10, Mark Phillips wrote:
>>>>>> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
>>>>>> Mark
>>>>>> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
>>>>>> Signals intelligence is believed to have been birthed in 1904.
>>>>>> But exploiting hardware isn't new. For military, police, or criminal intentions.
>>>>>> You work at Intel Mark? Lol
>>>>>> On Jan 11, 2018, at 9:11 AM, Mark Phillips <mark at phillipsmarketing.biz> wrote:
>>>>>> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
>>>>>> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday.
>>>>>> Mark
>>>>>> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <Rusty.Carruth at smartm.com> wrote:
>>>>>> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college.  (What, 1976?)
>>>>>> We discovered some bad flaws in the design of the <redacted>.  How long had the Univac been around?  I don't know, but a while.  Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>>>>>> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>>>>>> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug.  And this with prior knowledge of where to look.
>>>>>> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>>>>>> Rusty
>>>>>> -----Original Message-----
>>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>>>>>> Sent: Thursday, January 11, 2018 8:42 AM
>>>>>> To: Main PLUG discussion list
>>>>>> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>>>>>> ...
>>>>>> I've read these issues may have persisted as far back as 1995.  How does
>>>>>> that happen?  How does an army of engineers miss this for 23 years?  How
>>>>>> do you explain that?
>>>>>> That means lots of people came and went.  There should have been lots of
>>>>>> QA... for 23 years.
>>>>>> How does this happen?  Only two ways I can see 1) sloppy work, or 2)
>>>>>> intentionally.
> <0x241A8881.asc>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/e98bfc7f/attachment.html>

From plugaz at codezilla.xyz  Fri Jan 12 17:32:41 2018
From: plugaz at codezilla.xyz (Nathan O'Brennan)
Date: Fri, 12 Jan 2018 17:32:41 -0700
Subject: =?UTF-8?Q?Re=3A_Post_=3A_INTEL=E2=80=99S_SECURITY_FLAW_IS_NO_FLA?=
 =?UTF-8?Q?W?=
In-Reply-To: <732F89AC-D94D-4F15-9036-2388D5509F05@gmail.com>
References: <e9b88b2bfb475bcdf14fb1dd0b6bbc85@phpcoderusa.com>
 <20180111000358.4592442b@mydesk.domain.cxm>
 <1b93cf5ba951530d4a1aed28a87abbb5@phpcoderusa.com>
 <CO2PR04MB2311B6F4555DBF1EF93A5E8C9D160@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CAEqej2P+bjfGwAFKMFuWuYgsOciwJrWw6f0ZDNQgzQTbL0b69g@mail.gmail.com>
 <63D55323-B50A-493A-BE6D-DCB9D7FA9AC4@gmail.com>
 <CAEqej2PuEVn4TntzTpPyw6MiRH=_PHcRDaFvESZiYDmfT7G46Q@mail.gmail.com>
 <7820ffa052c1a6a00d6d1ef2330f92ec@phpcoderusa.com>
 <784a30bb-ab26-5592-0383-6742ed9cc03e@stcaz.net>
 <56D43456-E4C4-4112-AA37-C6C8C2AA1F8B@gmail.com>
 <d925e15f-0b43-a971-a85b-b8e4195e3886@stcaz.net>
 <0856d5bf808bdeec1781d0c16bb437a1@codezilla.xyz>
 <732F89AC-D94D-4F15-9036-2388D5509F05@gmail.com>
Message-ID: <9eb6943094a1a51b85fb25bb353e3232@codezilla.xyz>

The part I find really scary with all of this, as Keith is saying, we
are fixing hardware with software, meaning someone can "unpatch" the
change. 

I don't believe that processor microcode can be "unpatched" nor can it
easily be patched again to undo what was done. 

However, what I see as the real issue with all of this is the microcode
updates allow software developers to choose whether or not they take
advantage of the new IBPB, IBRS, STIBP, and or the retpoline changes. 

What this means is going forward we are at the mercy of the developers
to believe they made the right choice, if they even had a clue to begin
with. (by that I mean a developer wasn't a noob, or didn't use some
point and click development tool). 

Remember the days when you could download a virus creation tool that
would allow you to make some selections and it would spit out an .exe
that would crash a system and made a world full of script kiddies happy?
I see something similar to that coming for this. Someone will build a
tool to check if X particular piece of code is protected and using
memory the way it should be or not. 

Until compilers get updated, and we have some visual confirmation or
something that the running code has been recompiled with the new
compiler that enforces use of these new microcode instructions, we're
kind of screwed. 

I didn't have a whole lot of trust in Microsoft before, and now I really
don't. I think they will use this to their advantage to force people to
upgrade to 10 (notice they said "a few win 10 workloads" but "most" win
7 and 8 workloads?)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/67ee8452/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x241A8881.asc
Type: application/pgp-keys
Size: 1723 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180112/67ee8452/attachment.key>

From plug-announce at lists.phxlinux.org  Sun Jan 14 15:39:25 2018
From: plug-announce at lists.phxlinux.org (PLUG Announcements)
Date: Sun, 14 Jan 2018 15:39:25 -0700
Subject: Free/Open Source Stammtisch and resume review night this Tues January
 16th
Message-ID: <mailman.289.1515969566.304.plug-announce@lists.phxlinux.org>

*Wikipedia describes a Stammtisch as:*
A Stammtisch (German: "regulars table") is an informal group meeting 
held on a regular basis, and also the usually large, often round table 
around which the group meets. A Stammtisch is not a structured meeting, 
but rather a friendly get-together.

Or in other words, /we get together at a restaurant and talk/.  It's fun!

We will have a resume review night before Stammtisch. The job event 
starts at 6pm, Stammtisch starts at the normal 7pm time.
We have quarterly job events before Stammtisch ( January, April, July, 
October ). Resume review nights ( January and July ): bring your resume 
and questions for review by tech industry veterans. We can help with 
content, display and editing. Job networking nights ( April and October 
): we encourage engineers from groups that are hiring and hiring 
managers to attend. The goal is for prospective candidates to learn 
about the company and the actual job and for the team to have a chance 
to meet prospective candidates.

*We'll be meeting at Boulders On Southern at 7pm on Tuesday for the 
Free/Open Source Software Stammtisch.

*
Please come and join us for some good conversation over good food and 
drinks, both of which are optional... Friends and family are all 
welcome. Come see where the conversation leads this time, it doesn't 
just stick exclusively with Free Software and Linux.  Us geeks are 
interested in all sorts of things, so the conversation always leads to a 
good time. If you have any problems, feel free to bring in your machine 
and we'll see what we can do to fix your problem...

Boulders on Southern Located on the north side of Southern about 1/4 
mile east of Alma School

1010 W Southern Ave (Map 
<https://www.google.com/maps/place/1010+W+Southern+Ave,+Poca+Fiesta+Shopping+Center,+Mesa,+AZ+85210/@33.3932915,-111.8529252,17z/data=%214m2%213m1%211s0x872ba803d054a6cf:0x312604cf48a3871e>)
Mesa, Arizona 85210 	Map to Boulder on Southern 
<https://goo.gl/maps/zPKH1UtPLfk>

For more info Click Here 
<http://phxlinux.org/meetings/17-free-software-stammtisch-east-valley.html>: 


See you there,
Brian Cluff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180114/cb338c39/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: map2.png
Type: image/png
Size: 13467 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180114/cb338c39/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eolfclmbobiddoba.png
Type: image/png
Size: 26243 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180114/cb338c39/attachment-0001.png>
-------------- next part --------------
_______________________________________________
PLUG-announce mailing list  -  PLUG-announce at lists.phxlinux.org
http://lists.phxlinux.org/mailman/listinfo/plug-announce
PLUG Website at http://plug.phoenix.az.us

From steveb7 at gmail.com  Mon Jan 15 19:57:00 2018
From: steveb7 at gmail.com (Steve B)
Date: Mon, 15 Jan 2018 19:57:00 -0700
Subject: Hosted Netflow collector/analyzer
Message-ID: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>

Are there any Mikrotik users on the list? I'm interested in gaining some
additional info about my network traffic and am looking for a Netflow
collector/analyzer SaaS. Polygraph.io was mentioned at a previous MUM and
they are both Mikrotik friendly and have a very intuitive UI. However, they
don't accept residential/enthusiast clients.

Is anyone here on the list familiar with a company that offers this type of
service for non-commercial businesses or for the SOHO market?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180115/3ebf1716/attachment.html>

From herminio.hernandezjr at gmail.com  Mon Jan 15 20:26:31 2018
From: herminio.hernandezjr at gmail.com (Herminio Hernandez, Jr.)
Date: Mon, 15 Jan 2018 20:26:31 -0700
Subject: Hosted Netflow collector/analyzer
In-Reply-To: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>
References: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>
Message-ID: <CAJRA9dw7zpm8w8=q5Mt6NPzRje4nyRJKWA-083g6yta5SFZ8pw@mail.gmail.com>

ntop is a great tool of netflow collecting

https://www.ntop.org/

On Mon, Jan 15, 2018 at 7:57 PM, Steve B <steveb7 at gmail.com> wrote:

> Are there any Mikrotik users on the list? I'm interested in gaining some
> additional info about my network traffic and am looking for a Netflow
> collector/analyzer SaaS. Polygraph.io was mentioned at a previous MUM and
> they are both Mikrotik friendly and have a very intuitive UI. However, they
> don't accept residential/enthusiast clients.
>
> Is anyone here on the list familiar with a company that offers this type
> of service for non-commercial businesses or for the SOHO market?
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180115/51fe7a0f/attachment.html>

From phil.waclawski at mesacc.edu  Tue Jan 16 00:51:49 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Tue, 16 Jan 2018 00:51:49 -0700
Subject: Hosted Netflow collector/analyzer
In-Reply-To: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>
References: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>
Message-ID: <CALrwmXmMRRhYqgrVEVRdtYsB6CiX1nRGuUO+23pyx9qe7UrQzA@mail.gmail.com>

I just recently had a friend help me set up my mikrotik, still not had a
lot of time to go back in and tinker with it yet,
Phil W

On Mon, Jan 15, 2018 at 7:57 PM, Steve B <steveb7 at gmail.com> wrote:

> Are there any Mikrotik users on the list? I'm interested in gaining some
> additional info about my network traffic and am looking for a Netflow
> collector/analyzer SaaS. Polygraph.io was mentioned at a previous MUM and
> they are both Mikrotik friendly and have a very intuitive UI. However, they
> don't accept residential/enthusiast clients.
>
> Is anyone here on the list familiar with a company that offers this type
> of service for non-commercial businesses or for the SOHO market?
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180116/97d26ff1/attachment.html>

From michael at butash.net  Tue Jan 16 17:37:06 2018
From: michael at butash.net (Michael Butash)
Date: Tue, 16 Jan 2018 17:37:06 -0700
Subject: Hosted Netflow collector/analyzer
In-Reply-To: <CAJRA9dw7zpm8w8=q5Mt6NPzRje4nyRJKWA-083g6yta5SFZ8pw@mail.gmail.com>
References: <CAAHWJ+5RkiH0KR8nvhrg0mU9QErFF7wLEoa58_4Mo4p9t2qgtw@mail.gmail.com>
 <CAJRA9dw7zpm8w8=q5Mt6NPzRje4nyRJKWA-083g6yta5SFZ8pw@mail.gmail.com>
Message-ID: <CADWnDsu3jmfHwHFV+nyNpeNMbaG1mjPSgUXfNmDj9g-nSzYfgA@mail.gmail.com>

Agree here, I'd fire up ntop for small load clients and myself occasionally
to grab netflow off my home gateway when weird things happen.  You could
always run in a cloud like digitalocean, but don't know of anyone doing
hosted/saas solutions for any netflow tools.  I'm interested in feedback
here too if you find something...

*Good* + affordable netflow tools I find are sorely lacking out there, even
ntop (2.x) is steering netflow to be a cost feature, so you're stuck with
old (and somewhat broken/unstable) ntop 1.x.  There is flowtools and some
others, but any time I looked at them, they required more elbow-grease than
I was willing to commit to for personal use and/or customer implementations.

-mb

On Mon, Jan 15, 2018 at 8:26 PM, Herminio Hernandez, Jr. <
herminio.hernandezjr at gmail.com> wrote:

> ntop is a great tool of netflow collecting
>
> https://www.ntop.org/
>
> On Mon, Jan 15, 2018 at 7:57 PM, Steve B <steveb7 at gmail.com> wrote:
>
>> Are there any Mikrotik users on the list? I'm interested in gaining some
>> additional info about my network traffic and am looking for a Netflow
>> collector/analyzer SaaS. Polygraph.io was mentioned at a previous MUM and
>> they are both Mikrotik friendly and have a very intuitive UI. However, they
>> don't accept residential/enthusiast clients.
>>
>> Is anyone here on the list familiar with a company that offers this type
>> of service for non-commercial businesses or for the SOHO market?
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180116/b8b69292/attachment.html>

From plug-announce at lists.phxlinux.org  Wed Jan 17 20:55:48 2018
From: plug-announce at lists.phxlinux.org (PLUG Announcements)
Date: Wed, 17 Jan 2018 20:55:48 -0700
Subject: PLUG's Security Meeting Tomorrow (Thurs January 18th) On It's New
 Night!
Message-ID: <mailman.290.1516247750.304.plug-announce@lists.phxlinux.org>


  *PLUG *Security Meeting

Meets on the*3rd Thursday of every month*, starting at 7pm.
For more information see: 
https://phxlinux.org/index.php/meetings/20-plug-security.html

------------------------------------------------------------------------


  Please note that this meeting has been permanently moved to the _3rd
  Thursday_ of the month.  The start time and location remain unchanged.


Please take note that the security meeting is moving to a new day 
starting this month.  It will no longer be held on the second Tuesday 
and will *from now on be held on the 3rd Thursday.  So this month's 
meeting will be on the 18th of January.*

*This month's Topic:*
Please come join the Phoenix Linux Users Group at their Security Session 
and watch Aaron Jones tell us all the security related craziness that 
happened over 2017. We will be discussing major breaches, attacks, legal 
events, and all number of events from 2017. This is a round up of the 
biggest events to rock the cyber security world over the past year. We 
will attempt to explain the how for many of these events and the what in 
relation to actions we can take in 2018 to better protect ourselves. 
Hope to see you there!

If you would like to see Aaron's presentation on the 2016 security year 
end review you can see it here: https://youtu.be/8a1J6qF37_I

The meeting will start at 7pm at The Desert Breeze Substation. People 
start arriving as early as 6pm, so if you would like to help setup 
and/or chat for a while, feel free to arrive a little early.
*Meeting Location*:
Desert Breeze Substation
251 North Desert Breeze Blvd West
Chandler, AZ 85226

The Desert Breeze Substation is on Chandler Blvd and Desert Breeze Blvd, 
which is half way between McClintock and Rural.  It is very close
to both the south 202 and 101 freeways.  Public transportation is
available into the late hours.
	<https://www.google.com/maps/place/251+Desert+Breeze+Blvd+W,+Chandler,+AZ+85226/@33.3076899,-111.9220921,17z/data=%214m5%213m4%211s0x872b06cdd50c43c7:0x7d3e9c66bdb7f8a2%218m2%213d33.3070191%214d-111.9193025?hl=en>

See the meeting information on our web site 
<http://phxlinux.org/index.php/meetings/20-plug-security.html> for more 
information.

See you there,
Brian Cluff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180117/2f1a63a2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: infhiipekjnknkhl.png
Type: image/png
Size: 38453 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180117/2f1a63a2/attachment.png>
-------------- next part --------------
_______________________________________________
PLUG-announce mailing list  -  PLUG-announce at lists.phxlinux.org
http://lists.phxlinux.org/mailman/listinfo/plug-announce
PLUG Website at http://plug.phoenix.az.us

From joe at actionline.com  Thu Jan 18 20:05:27 2018
From: joe at actionline.com (joe at actionline.com)
Date: Thu, 18 Jan 2018 20:05:27 -0700
Subject: OT: How to set up an android tablet without a Google account? 
Message-ID: <21d10cbd042bd7601d4dccb6b9886728.squirrel@box945.bluehost.com>

How can I set up an android tablet (Nexus7) with
a couple of apps installed but without being on
a Google account?

I purchased a Nexus 7 tablet for someone on which
I have installed a couple of apps that work offline
but I set it up using my own personal Google account.

How can I delete all of my personal information
and make this tablet work without it being on my
Google account?




From cryptworks at gmail.com  Thu Jan 18 21:16:13 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Thu, 18 Jan 2018 21:16:13 -0700
Subject: OT: How to set up an android tablet without a Google account?
In-Reply-To: <CACS_G9z50xBR--quL3Wd7uVisACH8gmROkr=rho=jpPbDEzo6A@mail.gmail.com>
References: <21d10cbd042bd7601d4dccb6b9886728.squirrel@box945.bluehost.com>
 <CACS_G9w=L1hGbJbTazjU0va-7Ho2=YPA5gPQbe5=Dh18WsJKLw@mail.gmail.com>
 <CACS_G9z50xBR--quL3Wd7uVisACH8gmROkr=rho=jpPbDEzo6A@mail.gmail.com>
Message-ID: <CACS_G9xQ_sOFpJYN0ekhGhFtoqiMfKa9LP9KdMRd8YNGD1zzHg@mail.gmail.com>

F-droid is your best bet. I also would suggest maybe lineageOS to bring it
much more current than stock. If desired you won't even have Google apps or
the Google play store.

On Jan 18, 2018 8:41 PM, <joe at actionline.com> wrote:

How can I set up an android tablet (Nexus7) with
a couple of apps installed but without being on
a Google account?

I purchased a Nexus 7 tablet for someone on which
I have installed a couple of apps that work offline
but I set it up using my own personal Google account.

How can I delete all of my personal information
and make this tablet work without it being on my
Google account?



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180118/c0260509/attachment.html>

From mhgraham at crow202.org  Fri Jan 19 11:34:17 2018
From: mhgraham at crow202.org (Matt Graham)
Date: Fri, 19 Jan 2018 11:34:17 -0700
Subject: OT: How to set up an android tablet without a Google
 =?UTF-8?Q?account=3F?=
In-Reply-To: <CACS_G9xQ_sOFpJYN0ekhGhFtoqiMfKa9LP9KdMRd8YNGD1zzHg@mail.gmail.com>
References: <21d10cbd042bd7601d4dccb6b9886728.squirrel@box945.bluehost.com>
 <CACS_G9w=L1hGbJbTazjU0va-7Ho2=YPA5gPQbe5=Dh18WsJKLw@mail.gmail.com>
 <CACS_G9z50xBR--quL3Wd7uVisACH8gmROkr=rho=jpPbDEzo6A@mail.gmail.com>
 <CACS_G9xQ_sOFpJYN0ekhGhFtoqiMfKa9LP9KdMRd8YNGD1zzHg@mail.gmail.com>
Message-ID: <65309e35e618631680810b9c7c2da7cb@crow202.org>

> On Jan 18, 2018 8:41 PM, <joe at actionline.com> wrote:
>> I purchased a Nexus 7 tablet for someone [...]
>> but I set it up using my own personal Google account.
>> How can I delete all of my personal information
>> and make this tablet work without it being on my
>> Google account?

Settings->Backup and Reset->Factory data reset will do that.  That'll 
also wipe out everything else you've done though.  It might be possible 
to add another account, then delete your account, but they might have 
left "delete account" out of the interface.

>> How can I set up an android tablet (Nexus7) with
>> a couple of apps installed but without being on
>> a Google account?

Don't set one up in the first place.  This was possible in older 
versions of Android, not sure if it's mandatory on newer ones.

Stephen Partington wrote:
> F-droid is your best bet. I also would suggest maybe lineageOS
> to bring it much more current than stock. If desired you won't
> even have Google apps or the Google play store.

http://f-droid.org/ has a bunch of open source Android applications of 
varying quality, but will probably not help Joe remove the google 
account.  LineageOS is only relevant if you want to replace the entire 
OS on the tablet.  That's probably not what Joe wants if a non-technical 
user is going to be using this tablet.  (At least installing LineageOS 
on a Nexus device should be much easier than installing it on some 
phones.)

-- 
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.

From cryptworks at gmail.com  Fri Jan 19 11:49:24 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Fri, 19 Jan 2018 11:49:24 -0700
Subject: OT: How to set up an android tablet without a Google account?
In-Reply-To: <65309e35e618631680810b9c7c2da7cb@crow202.org>
References: <21d10cbd042bd7601d4dccb6b9886728.squirrel@box945.bluehost.com>
 <CACS_G9w=L1hGbJbTazjU0va-7Ho2=YPA5gPQbe5=Dh18WsJKLw@mail.gmail.com>
 <CACS_G9z50xBR--quL3Wd7uVisACH8gmROkr=rho=jpPbDEzo6A@mail.gmail.com>
 <CACS_G9xQ_sOFpJYN0ekhGhFtoqiMfKa9LP9KdMRd8YNGD1zzHg@mail.gmail.com>
 <65309e35e618631680810b9c7c2da7cb@crow202.org>
Message-ID: <CACS_G9x_3dZJq=e+uTKOk1pGH8ivAREfpHDS=wmjavFBYzNarw@mail.gmail.com>

Once set up Lineage is actually very much a normal Android experience and i
have set up devices for non technical users before. but it would be very
much what one of us would do to set up the device for a friend/customer.

I have done something very much like this with my Nexus7

On Fri, Jan 19, 2018 at 11:34 AM, Matt Graham <mhgraham at crow202.org> wrote:

> On Jan 18, 2018 8:41 PM, <joe at actionline.com> wrote:
>>
>>> I purchased a Nexus 7 tablet for someone [...]
>>> but I set it up using my own personal Google account.
>>> How can I delete all of my personal information
>>> and make this tablet work without it being on my
>>> Google account?
>>>
>>
> Settings->Backup and Reset->Factory data reset will do that.  That'll also
> wipe out everything else you've done though.  It might be possible to add
> another account, then delete your account, but they might have left "delete
> account" out of the interface.
>
> How can I set up an android tablet (Nexus7) with
>>> a couple of apps installed but without being on
>>> a Google account?
>>>
>>
> Don't set one up in the first place.  This was possible in older versions
> of Android, not sure if it's mandatory on newer ones.
>
> Stephen Partington wrote:
>
>> F-droid is your best bet. I also would suggest maybe lineageOS
>> to bring it much more current than stock. If desired you won't
>> even have Google apps or the Google play store.
>>
>
> http://f-droid.org/ has a bunch of open source Android applications of
> varying quality, but will probably not help Joe remove the google account.
> LineageOS is only relevant if you want to replace the entire OS on the
> tablet.  That's probably not what Joe wants if a non-technical user is
> going to be using this tablet.  (At least installing LineageOS on a Nexus
> device should be much easier than installing it on some phones.)
>
> --
> Crow202 Blog: http://crow202.org/wordpress
> There is no Darkness in Eternity
> But only Light too dim for us to see.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180119/abad69d3/attachment.html>

From trent.shipley at gmail.com  Fri Jan 19 21:59:31 2018
From: trent.shipley at gmail.com (trent shipley)
Date: Fri, 19 Jan 2018 20:59:31 -0800
Subject: Trent's projects
Message-ID: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>

At present I am working through an introduction to R and an introduction to
Haskell. Both are fun, but Haskell is more fun--and harder.

I'm about a quarter of the way through each textbook.

I'm also in DES's Vocational Rehab, because I have three disabilities, two
master's degrees, and work as a telephone customer service representative
for low wages. My vocational rehab coach wants me to start contributing to
an opensource project ASAP. I'd like to contribute to Frege (Haskell for
the JVM) but it will be weeks before I can finish the Haskell book, and
then I'd still be a newbie. The most advanced training I have is a
community college certificate of completion in computer programming, so I'm
not that sophisticated or experienced a programmer. I am having trouble
convincing my worker that making a meaningful contribution to an opensource
project is actually a daunting proposition in most cases. Is anybody
looking for an entry-level contributor to an opensource project?

Anyway, there are opensource projects I'd like to work on.  One is
extending and documenting Frege (https://github.com/Frege/frege). They want
Haskell plugins translated into Frege+Java. The project, unfortunately,
seems moribund. No matter, maybe it would be possible to "borrow" directly
from the GHC after going over a compiler textbook with exercises.  Of
course, what one would REALLY want would be a JIT Frege compiler, and I
have a feeling you won't get that by slavishly translating the GHC.

The other, rather harder, project I want to work on is translating, then
modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation
Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas
of what I want to do with a functional language that is a spreadsheet.  I
want to target the JVM, and write most of the compiler/interpreter in a
functional language. I'd use Frege + Java but Frege isn't nearly mature
enough. I expect that if I ever do it, I'll use Kotlin + Java.

That implies that future projects are going to be learning to write
compilers and learning to code in Kotlin.

How might someone with the equivalent of an AA in CIS (not CS) emphasizing
programming get competent at (human) reading and (human) writing of
lexers-parsers-compilers-linkers? What are prerequisites.

Does anyone have favorite compiler textbooks? Any compiler textbooks they
really hate?


Regards,

Trent Shipley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180119/e00d4d71/attachment.html>

From techlists at phpcoderusa.com  Sat Jan 20 08:54:08 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sat, 20 Jan 2018 08:54:08 -0700
Subject: Trent's projects
In-Reply-To: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
Message-ID: <177a16d597d4a1a556e3c1aa0258fb9b@phpcoderusa.com>

I've worked with developers who had a degree and those who did not have
a degree.  It is really all about the person - their natural ability and
how they apply themselves. 

If you understand database normalization, control structures
(if/while/switch/etc), and OOP you should be able to get started with
almost any programming language, so I would not worry about your
education level.  

The first question is, do you have the natural talent to be a developer.
 Let me frame it this way.  If I decided I wanted to be a pro baseball
player I would have to ask myself if I had the raw talent.  I do not so
it would be a waste of my time and anyone helping me.  Could be fun
though. 

If you want to develop those programming muscles you need to program. 
This will lead to deeper learning and understanding of programming in
general and the specific language and  project you are involved in.  

Don't listen to the naysayers.  They know nothing about you or what you
are capable of.  History is full of people who blossomed and did great
things.  People who had been labeled as someone who would not accomplish
anything let alone great things.  

Follow your own course.   

On 2018-01-19 21:59, trent shipley wrote:

> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder. 
> 
> I'm about a quarter of the way through each textbook. 
> 
> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project? 
> 
> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://github.com/Frege/frege). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC. 
> 
> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java.  
> 
> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin. 
> 
> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites. 
> 
> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate? 
> 
> Regards, 
> 
> Trent Shipley 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180120/a619fc58/attachment.html>

From newsletters at thetoolwiz.com  Sat Jan 20 14:18:32 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Sat, 20 Jan 2018 21:18:32 +0000 (UTC)
Subject: Trent's projects
In-Reply-To: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
Message-ID: <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>

Back in the 80’s there was a library I used that I really loved. The author was clearly dedicated to supporting it and was very active on their discussion forum, and was constantly helping people fix problems they had with the code. (It was a ‘C’ library.) He was constantly releasing updates at a pace that I’d feel challlenged to keep up with.

I went to a Software Developer’s Conference and this company had a booth, so I swung by to meet the guy. I turns out he was quite disabled. He reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said, and I didn’t ask. There was also a close buddy of his there who I guess was his “caregiver” of sorts. Sadly, this guy appeared quite drunk most of the time. I suspect he may have been an alcoholic, which must have been quite frustrating to the software guy. (Unless he had some disability himself, but at the evening parties where I saw him, he was going through beers pretty quickly.)

Like Hawking, here was a brilliant mind trapped inside of a dysfunction body, and he discovered that software was a great way to keep himself occupied and engaged in the world. Not to mention that because this was a fairly popular library, it brought in a nice steady income for these two fellows. 

It’s not uncommon to find disabled people who’ve accumulated lots of academic creds. In this case, I’d say it’s more a reflection that there’s a sharp mind trapped in a dysfunctional body doing its best to keep itself occupied in a positive way.

The failure here is probbably on the part of the not-so-sharp minds trapped in fully-functional bodies who probably see their jobs in supporting these people (as “case workers” and “coaches”) as little more than pacifiers, keeping folks like Trent modestly occupied and engaged enough so they’re not much of a bother to them. That would infuriate the hell out of me if I were disabled.

Software is a perfect domain for lots of folks with physical disabilities to engage in because most of the activity around software is going on in our heads anyway.

I was quite shocked to find that the developer of that library was so extremely disabled that he couldn’t even talk and had extremely limited physical abilities. (I seem to recall he had some kind of beak or stick he wore on his head that let him tap on keys on the keyboard. This was pre-Windows before mice were in common use. His typing was very slow and labored. Yet he managed to write all of that software and help people online and everything anybody else would do. He was just very slow at it, although in the end that didn’t matter in the least.)

That said, find a project you like that’s in a direction you want to learn more about, and just take it on.

If you can take classes that help you learn, all the better. Don’t worry about your academic background. However, it would be good to have a few core Comp Sci courses under your belt.

It bothers me that our educational system has become somewhat bifurcated, in that it’s teaching core Comp Sci topics as part of a larger educational curriculum but ignoring them at the other end where they’re starting by teaching “coding” and never go very deep with the theory.

People need to be able to learn core Comp Sci subjects without being encumbered with all the other crap required to get a Bachelor’s Degree. Unfortunately, AA degrees are just the first 2 years of a BS program, and they only include about 1/2 of the core CS material.

What’s preventing this from happening is a shift in the industry from hiring people with core competencies to hiring people who’ve mastered superficial skills — you don’t need core competencies to become highly facile with runtime libraries that allow you to crank out code really fast.

But all of that code you end up cranking out may not be structured very well because you have no underlying core competencies! This is what people are totally missing, thanks in large part to those who’ve risen in the ranks without the core competencies and therefor are competely blind to their value.

(“Hey, I’ve never had a compiler construction course, and that hasn’t hurt my performance over the years!” Well, this person probably never had anybody with any background in compiler construction or finite automata theory look at their code where that stuff would have helped them and pointed out how horribly it was structured and how hard it is to maintain.)

You don’t recognize that some particular task requires things taught in a basic data structures course, or you don’t see the algorithmic complexity of something you’re building because you never had an analysis of algorithms class. With no formal set theory background, you don’t have any grounding in how to write efficient SQL queries. With no formal language theory background taught in a compiler construction course, you have no understanding of tokenizing and parsing streams of input data.

This lack of foundational background does not prevent you from writing code. It simply prevents you from recognizing various tasks as belonging to a larger set of already recognized and well-understood tasks that have been studied and their various structures and dynamics carved out for them to adapt as a “best practice”.

The one class that probably had the most relevant impact on my professional life was called “Discrete Math Structures”. It was the most boring and seemingly irrelevant class I had in college. But it ended up being the basis of most of the work I’ve been involved with throughout my career. It was all about “counting”. You’d think, “what a boring-ass topic!” Perhaps, but what I learned there forms the foundation of just about everything I’ve ever done in programming.

The point is, when you attack programming from the coding-side — mastering a language and libraries rather than fundamentals — you never really learn the fundamentals, other than a little by osmosis.

I used to get hired by people who said, “Oh, you’ve got a Computer Science degree. You can learn anything!” and they didn’t give a rip what languages or libraries I knew. Today it’s just the opposite. People want to know how fast you can hit the ground running with their particular “stack” and they tend to hire people who have the LEAST TO LEARN. Then they wonder why their code base is big and fat and slow and hard as hell to maintain, and why their development schedules seem to stretch out to oblivion.

If you can take some core Comp Sci courses without having to be enrolled in a BS program, I encourage you to do that. Even just one a semester. there are only a handful (6-8) and they’ll make a huge difference in your ability to learn new stuff going forward. THIS is the “core” of Comp Sci — not the rest of the crap you have to take to get your degree, like Sociology, Psych, and English Lit.

Spend some time learning these core competencies and you’ll find yourself far better for it down the road. That approach won’t get you a degree, but you will find it much easier to approach new langauges and platforms and come up to speed faster. 

Because in the end, everything in the software world really is based on some core foundational theories and disciplines. For example, every imperative programming language is structured the same, and if you understand compiler theory, they pretty much all look and work alike. 

They didn’t teach parallel programming, multi-threading, and stuff like that when I was in college, but they probably do today.  That would be a great class to take if you’re trying to learn something like Haskell and how to leverage the use of highly distributed parallel processors, even if they’re arrays of CPUs on GPU chips. 

I believe it’s not so much your familiarity with the language and run-time libraries that get you ahead, but rather the underlying theories that the languages are usually based upon that inform a lot of your decisions in these cases.

So, yes, pick an open-source project to work on and focus on something concrete, like R or Haskell or whatever. But spend some time learning the foundations upon which those technologies are built.

-David Schwartz



> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com> wrote:
> 
> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder.
> 
> I'm about a quarter of the way through each textbook.
> 
> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project?
> 
> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZrrYKskBoDse0NQhf-2FhO68A1Z4BXmqM-2F5GtXeKjNCj2m_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bkpZh1NatGpYcKhzJQyVVX3Bgul2h5xnUmTKqktLSu9tY4pFgN5ybMbCxX6whvhKfd-2BQDRwbKGfTfggemIG3QydNoRn-2F2UEknUvTfv-2FbgO8zEVmaoGtcqoWaUG5lVYPmjxeXp1kQDR1wNSidmGOX6Kvk-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZrrYKskBoDse0NQhf-2FhO68A1Z4BXmqM-2F5GtXeKjNCj2m_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bklcKKwDlslJLD3Bbl0L9y-2BGVAJffINqR-2BFCrdgX0ZQ-2F5t4n1-2FcdKMA-2FN00F7ATDbhC-2FjOco29ITd-2Fi0HuN2fJdtDsckJBiWX4yTuRHx9mNRrnUn8w8qk2PjcYi2nOwpsSAhWtA5NN44jJLqynJGEf9g-3D>). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC.
> 
> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java. 
> 
> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin.
> 
> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites.
> 
> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate?
> 
> 
> Regards,
> 
> Trent Shipley
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bkvi7UI5hkMBf5rdsNvJB78ZIyhFSEsPRtvrp9A1y9ky5-2BrdiZYuWlyKtaZ7x-2F7ElTeKc8MkWoe3r8-2BqfFbR2AqTFOlR8e7-2FyPybOT861LxB2Idvbu5HSKPe10fELjw0RROfmM-2FCmMkY34mugovRIkVk-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180120/801f8b3d/attachment.html>

From retro64xyz at gmail.com  Sat Jan 20 19:21:13 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Sat, 20 Jan 2018 19:21:13 -0700
Subject: Trent's projects
In-Reply-To: <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
Message-ID: <954A97D0-A777-4C5D-82B7-DAA274BF168A@gmail.com>

Im too sick to be coherent but just do it. Even if all you do is write documentation or fix misspelled words. Get started. First step of millions miles journey or something. 

> On Jan 20, 2018, at 2:18 PM, David Schwartz <newsletters at thetoolwiz.com> wrote:
> 
> Back in the 80’s there was a library I used that I really loved. The author was clearly dedicated to supporting it and was very active on their discussion forum, and was constantly helping people fix problems they had with the code. (It was a ‘C’ library.) He was constantly releasing updates at a pace that I’d feel challlenged to keep up with.
> 
> I went to a Software Developer’s Conference and this company had a booth, so I swung by to meet the guy. I turns out he was quite disabled. He reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said, and I didn’t ask. There was also a close buddy of his there who I guess was his “caregiver” of sorts. Sadly, this guy appeared quite drunk most of the time. I suspect he may have been an alcoholic, which must have been quite frustrating to the software guy. (Unless he had some disability himself, but at the evening parties where I saw him, he was going through beers pretty quickly.)
> 
> Like Hawking, here was a brilliant mind trapped inside of a dysfunction body, and he discovered that software was a great way to keep himself occupied and engaged in the world. Not to mention that because this was a fairly popular library, it brought in a nice steady income for these two fellows. 
> 
> It’s not uncommon to find disabled people who’ve accumulated lots of academic creds. In this case, I’d say it’s more a reflection that there’s a sharp mind trapped in a dysfunctional body doing its best to keep itself occupied in a positive way.
> 
> The failure here is probbably on the part of the not-so-sharp minds trapped in fully-functional bodies who probably see their jobs in supporting these people (as “case workers” and “coaches”) as little more than pacifiers, keeping folks like Trent modestly occupied and engaged enough so they’re not much of a bother to them. That would infuriate the hell out of me if I were disabled.
> 
> Software is a perfect domain for lots of folks with physical disabilities to engage in because most of the activity around software is going on in our heads anyway.
> 
> I was quite shocked to find that the developer of that library was so extremely disabled that he couldn’t even talk and had extremely limited physical abilities. (I seem to recall he had some kind of beak or stick he wore on his head that let him tap on keys on the keyboard. This was pre-Windows before mice were in common use. His typing was very slow and labored. Yet he managed to write all of that software and help people online and everything anybody else would do. He was just very slow at it, although in the end that didn’t matter in the least.)
> 
> That said, find a project you like that’s in a direction you want to learn more about, and just take it on.
> 
> If you can take classes that help you learn, all the better. Don’t worry about your academic background. However, it would be good to have a few core Comp Sci courses under your belt.
> 
> It bothers me that our educational system has become somewhat bifurcated, in that it’s teaching core Comp Sci topics as part of a larger educational curriculum but ignoring them at the other end where they’re starting by teaching “coding” and never go very deep with the theory.
> 
> People need to be able to learn core Comp Sci subjects without being encumbered with all the other crap required to get a Bachelor’s Degree. Unfortunately, AA degrees are just the first 2 years of a BS program, and they only include about 1/2 of the core CS material.
> 
> What’s preventing this from happening is a shift in the industry from hiring people with core competencies to hiring people who’ve mastered superficial skills — you don’t need core competencies to become highly facile with runtime libraries that allow you to crank out code really fast.
> 
> But all of that code you end up cranking out may not be structured very well because you have no underlying core competencies! This is what people are totally missing, thanks in large part to those who’ve risen in the ranks without the core competencies and therefor are competely blind to their value.
> 
> (“Hey, I’ve never had a compiler construction course, and that hasn’t hurt my performance over the years!” Well, this person probably never had anybody with any background in compiler construction or finite automata theory look at their code where that stuff would have helped them and pointed out how horribly it was structured and how hard it is to maintain.)
> 
> You don’t recognize that some particular task requires things taught in a basic data structures course, or you don’t see the algorithmic complexity of something you’re building because you never had an analysis of algorithms class. With no formal set theory background, you don’t have any grounding in how to write efficient SQL queries. With no formal language theory background taught in a compiler construction course, you have no understanding of tokenizing and parsing streams of input data.
> 
> This lack of foundational background does not prevent you from writing code. It simply prevents you from recognizing various tasks as belonging to a larger set of already recognized and well-understood tasks that have been studied and their various structures and dynamics carved out for them to adapt as a “best practice”.
> 
> The one class that probably had the most relevant impact on my professional life was called “Discrete Math Structures”. It was the most boring and seemingly irrelevant class I had in college. But it ended up being the basis of most of the work I’ve been involved with throughout my career. It was all about “counting”. You’d think, “what a boring-ass topic!” Perhaps, but what I learned there forms the foundation of just about everything I’ve ever done in programming.
> 
> The point is, when you attack programming from the coding-side — mastering a language and libraries rather than fundamentals — you never really learn the fundamentals, other than a little by osmosis.
> 
> I used to get hired by people who said, “Oh, you’ve got a Computer Science degree. You can learn anything!” and they didn’t give a rip what languages or libraries I knew. Today it’s just the opposite. People want to know how fast you can hit the ground running with their particular “stack” and they tend to hire people who have the LEAST TO LEARN. Then they wonder why their code base is big and fat and slow and hard as hell to maintain, and why their development schedules seem to stretch out to oblivion.
> 
> If you can take some core Comp Sci courses without having to be enrolled in a BS program, I encourage you to do that. Even just one a semester. there are only a handful (6-8) and they’ll make a huge difference in your ability to learn new stuff going forward. THIS is the “core” of Comp Sci — not the rest of the crap you have to take to get your degree, like Sociology, Psych, and English Lit.
> 
> Spend some time learning these core competencies and you’ll find yourself far better for it down the road. That approach won’t get you a degree, but you will find it much easier to approach new langauges and platforms and come up to speed faster. 
> 
> Because in the end, everything in the software world really is based on some core foundational theories and disciplines. For example, every imperative programming language is structured the same, and if you understand compiler theory, they pretty much all look and work alike. 
> 
> They didn’t teach parallel programming, multi-threading, and stuff like that when I was in college, but they probably do today.  That would be a great class to take if you’re trying to learn something like Haskell and how to leverage the use of highly distributed parallel processors, even if they’re arrays of CPUs on GPU chips. 
> 
> I believe it’s not so much your familiarity with the language and run-time libraries that get you ahead, but rather the underlying theories that the languages are usually based upon that inform a lot of your decisions in these cases.
> 
> So, yes, pick an open-source project to work on and focus on something concrete, like R or Haskell or whatever. But spend some time learning the foundations upon which those technologies are built.
> 
> -David Schwartz
> 
> 
> 
>> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com> wrote:
>> 
>> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder.
>> 
>> I'm about a quarter of the way through each textbook.
>> 
>> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project?
>> 
>> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://github.com/Frege/frege). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC.
>> 
>> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java. 
>> 
>> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin.
>> 
>> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites.
>> 
>> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate?
>> 
>> 
>> Regards,
>> 
>> Trent Shipley
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180120/c191f3b1/attachment.html>

From techlists at phpcoderusa.com  Sun Jan 21 08:43:12 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sun, 21 Jan 2018 08:43:12 -0700
Subject: Trent's projects
In-Reply-To: <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
Message-ID: <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>

I'm intrigued by your comments that one needs a computer science
foundation to be more effective as a programmer. 

In this article
[http://fortune.com/2015/09/01/computer-science-degree/], it is reported
that a start up CEO says  "He prefers people who have an innate passion
and talent for coding in the first place.".  I think I understand how to
determine if someone has passion... But how do we determine if someone
has " talent for coding"?

There seems to be two camps.  One camp believes you need CS training. 
The other says you need exposure to current technologies and exposure to
working in a team.  Maybe both are correct?

Your thoughts?

On 2018-01-20 14:18, David Schwartz wrote:

> Back in the 80's there was a library I used that I really loved. The author was clearly dedicated to supporting it and was very active on their discussion forum, and was constantly helping people fix problems they had with the code. (It was a 'C' library.) He was constantly releasing updates at a pace that I'd feel challlenged to keep up with. 
> 
> I went to a Software Developer's Conference and this company had a booth, so I swung by to meet the guy. I turns out he was quite disabled. He reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said, and I didn't ask. There was also a close buddy of his there who I guess was his "caregiver" of sorts. Sadly, this guy appeared quite drunk most of the time. I suspect he may have been an alcoholic, which must have been quite frustrating to the software guy. (Unless he had some disability himself, but at the evening parties where I saw him, he was going through beers pretty quickly.) 
> 
> Like Hawking, here was a brilliant mind trapped inside of a dysfunction body, and he discovered that software was a great way to keep himself occupied and engaged in the world. Not to mention that because this was a fairly popular library, it brought in a nice steady income for these two fellows.  
> 
> It's not uncommon to find disabled people who've accumulated lots of academic creds. In this case, I'd say it's more a reflection that there's a sharp mind trapped in a dysfunctional body doing its best to keep itself occupied in a positive way. 
> 
> The failure here is probbably on the part of the not-so-sharp minds trapped in fully-functional bodies who probably see their jobs in supporting these people (as "case workers" and "coaches") as little more than pacifiers, keeping folks like Trent modestly occupied and engaged enough so they're not much of a bother to them. That would infuriate the hell out of me if I were disabled. 
> 
> Software is a perfect domain for lots of folks with physical disabilities to engage in because most of the activity around software is going on in our heads anyway. 
> 
> I was quite shocked to find that the developer of that library was so extremely disabled that he couldn't even talk and had extremely limited physical abilities. (I seem to recall he had some kind of beak or stick he wore on his head that let him tap on keys on the keyboard. This was pre-Windows before mice were in common use. His typing was very slow and labored. Yet he managed to write all of that software and help people online and everything anybody else would do. He was just very slow at it, although in the end that didn't matter in the least.) 
> 
> That said, find a project you like that's in a direction you want to learn more about, and just take it on. 
> 
> If you can take classes that help you learn, all the better. Don't worry about your academic background. However, it would be good to have a few core Comp Sci courses under your belt. 
> 
> It bothers me that our educational system has become somewhat bifurcated, in that it's teaching core Comp Sci topics as part of a larger educational curriculum but ignoring them at the other end where they're starting by teaching "coding" and never go very deep with the theory. 
> 
> People need to be able to learn core Comp Sci subjects without being encumbered with all the other crap required to get a Bachelor's Degree. Unfortunately, AA degrees are just the first 2 years of a BS program, and they only include about 1/2 of the core CS material. 
> 
> What's preventing this from happening is a shift in the industry from hiring people with core competencies to hiring people who've mastered superficial skills -- you don't need core competencies to become highly facile with runtime libraries that allow you to crank out code really fast. 
> 
> But all of that code you end up cranking out may not be structured very well because you have no underlying core competencies! This is what people are totally missing, thanks in large part to those who've risen in the ranks without the core competencies and therefor are competely blind to their value. 
> 
> ("Hey, I've never had a compiler construction course, and that hasn't hurt my performance over the years!" Well, this person probably never had anybody with any background in compiler construction or finite automata theory look at their code where that stuff would have helped them and pointed out how horribly it was structured and how hard it is to maintain.) 
> 
> You don't recognize that some particular task requires things taught in a basic data structures course, or you don't see the algorithmic complexity of something you're building because you never had an analysis of algorithms class. With no formal set theory background, you don't have any grounding in how to write efficient SQL queries. With no formal language theory background taught in a compiler construction course, you have no understanding of tokenizing and parsing streams of input data. 
> 
> This lack of foundational background does not prevent you from writing code. It simply prevents you from recognizing various tasks as belonging to a larger set of already recognized and well-understood tasks that have been studied and their various structures and dynamics carved out for them to adapt as a "best practice". 
> 
> The one class that probably had the most relevant impact on my professional life was called "Discrete Math Structures". It was the most boring and seemingly irrelevant class I had in college. But it ended up being the basis of most of the work I've been involved with throughout my career. It was all about "counting". You'd think, "what a boring-ass topic!" Perhaps, but what I learned there forms the foundation of just about everything I've ever done in programming. 
> 
> The point is, when you attack programming from the coding-side -- mastering a language and libraries rather than fundamentals -- you never really learn the fundamentals, other than a little by osmosis. 
> 
> I used to get hired by people who said, "Oh, you've got a Computer Science degree. You can learn anything!" and they didn't give a rip what languages or libraries I knew. Today it's just the opposite. People want to know how fast you can hit the ground running with their particular "stack" and they tend to hire people who have the LEAST TO LEARN. Then they wonder why their code base is big and fat and slow and hard as hell to maintain, and why their development schedules seem to stretch out to oblivion. 
> 
> If you can take some core Comp Sci courses without having to be enrolled in a BS program, I encourage you to do that. Even just one a semester. there are only a handful (6-8) and they'll make a huge difference in your ability to learn new stuff going forward. THIS is the "core" of Comp Sci -- not the rest of the crap you have to take to get your degree, like Sociology, Psych, and English Lit. 
> 
> Spend some time learning these core competencies and you'll find yourself far better for it down the road. That approach won't get you a degree, but you will find it much easier to approach new langauges and platforms and come up to speed faster.  
> 
> Because in the end, everything in the software world really is based on some core foundational theories and disciplines. For example, every imperative programming language is structured the same, and if you understand compiler theory, they pretty much all look and work alike.  
> 
> They didn't teach parallel programming, multi-threading, and stuff like that when I was in college, but they probably do today.  That would be a great class to take if you're trying to learn something like Haskell and how to leverage the use of highly distributed parallel processors, even if they're arrays of CPUs on GPU chips.  
> 
> I believe it's not so much your familiarity with the language and run-time libraries that get you ahead, but rather the underlying theories that the languages are usually based upon that inform a lot of your decisions in these cases.
> 
> So, yes, pick an open-source project to work on and focus on something concrete, like R or Haskell or whatever. But spend some time learning the foundations upon which those technologies are built. 
> 
> -David Schwartz 
> 
>> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com> wrote: 
>> 
>> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder. 
>> 
>> I'm about a quarter of the way through each textbook. 
>> 
>> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project? 
>> 
>> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://github.com/Frege/frege [1]). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC. 
>> 
>> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java.  
>> 
>> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin. 
>> 
>> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites. 
>> 
>> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate? 
>> 
>> Regards, 
>> 
>> Trent Shipley ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
 

Links:
------
[1]
https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZrrYKskBoDse0NQhf-2FhO68A1Z4BXmqM-2F5GtXeKjNCj2m_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bkjYTFRf21b4-2BZSDHPXSDWg7igh4IQilbRmKSCjqEXClz6ExdyQ05r36dWmr4LxVKmj1eYWW4YRx5U-2FHP2-2F2GfJ5RNEH02eiQYN7og9MM5iWNir7-2FGbQQFzhtJZkLt8Ui7nDIb-2BcF79bScwL89-2Fqb99g-3D
[2]
https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bklWNhPauFwW9c3vKFcMs1u3nHaPxI42vouRZUOBclcX7Rm6zva-2BDOCMx7v6R-2Be01s-2FT-2BkK6OqWynhb76FQxtUnOoKCPAgYCTACQoreTrmXr-2BA1doYVHWQX7dZUuuk324jTm2tZAmlN3Cr8AAyel0zlw-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/a7abcf67/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/a7abcf67/attachment.gif>

From cryptworks at gmail.com  Sun Jan 21 08:55:17 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sun, 21 Jan 2018 08:55:17 -0700
Subject: Trent's projects
In-Reply-To: <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
Message-ID: <CACS_G9yEzS4AR_VP03Cp_4dvDdT6RXLmtZdhFwmKHztOorBfJQ@mail.gmail.com>

I see value in both. For me the passion/talent comes when someone thinks to
write something to do something that they want done. Opposed to just
looking for someone or something to do it for you.

On Jan 21, 2018 8:43 AM, <techlists at phpcoderusa.com> wrote:

> I'm intrigued by your comments that one needs a computer science
> foundation to be more effective as a programmer.
>
> In this article [http://fortune.com/2015/09/01/computer-science-degree/],
> it is reported that a start up CEO says  "He prefers people who have an
> innate passion and talent for coding in the first place.".  I think I
> understand how to determine if someone has passion... But how do we
> determine if someone has " talent for coding"?
>
> There seems to be two camps.  One camp believes you need CS training.  The
> other says you need exposure to current technologies and exposure to
> working in a team.  Maybe both are correct?
>
> Your thoughts?
>
>
>
> On 2018-01-20 14:18, David Schwartz wrote:
>
> Back in the 80's there was a library I used that I really loved. The
> author was clearly dedicated to supporting it and was very active on their
> discussion forum, and was constantly helping people fix problems they had
> with the code. (It was a 'C' library.) He was constantly releasing updates
> at a pace that I'd feel challlenged to keep up with.
>
> I went to a Software Developer's Conference and this company had a booth,
> so I swung by to meet the guy. I turns out he was quite disabled. He
> reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said,
> and I didn't ask. There was also a close buddy of his there who I guess was
> his "caregiver" of sorts. Sadly, this guy appeared quite drunk most of the
> time. I suspect he may have been an alcoholic, which must have been quite
> frustrating to the software guy. (Unless he had some disability himself,
> but at the evening parties where I saw him, he was going through beers
> pretty quickly.)
>
> Like Hawking, here was a brilliant mind trapped inside of a dysfunction
> body, and he discovered that software was a great way to keep himself
> occupied and engaged in the world. Not to mention that because this was a
> fairly popular library, it brought in a nice steady income for these two
> fellows.
>
> It's not uncommon to find disabled people who've accumulated lots of
> academic creds. In this case, I'd say it's more a reflection that there's a
> sharp mind trapped in a dysfunctional body doing its best to keep itself
> occupied in a positive way.
>
> The failure here is probbably on the part of the not-so-sharp minds
> trapped in fully-functional bodies who probably see their jobs in
> supporting these people (as "case workers" and "coaches") as little more
> than pacifiers, keeping folks like Trent modestly occupied and engaged
> enough so they're not much of a bother to them. That would infuriate the
> hell out of me if I were disabled.
>
> Software is a perfect domain for lots of folks with physical disabilities
> to engage in because most of the activity around software is going on in
> our heads anyway.
>
> I was quite shocked to find that the developer of that library was so
> extremely disabled that he couldn't even talk and had extremely limited
> physical abilities. (I seem to recall he had some kind of beak or stick he
> wore on his head that let him tap on keys on the keyboard. This was
> pre-Windows before mice were in common use. His typing was very slow and
> labored. Yet he managed to write all of that software and help people
> online and everything anybody else would do. He was just very slow at it,
> although in the end that didn't matter in the least.)
>
> That said, find a project you like that's in a direction you want to learn
> more about, and just take it on.
>
> If you can take classes that help you learn, all the better. Don't worry
> about your academic background. However, it would be good to have a few
> core Comp Sci courses under your belt.
>
> It bothers me that our educational system has become somewhat bifurcated,
> in that it's teaching core Comp Sci topics as part of a larger educational
> curriculum but ignoring them at the other end where they're starting by
> teaching "coding" and never go very deep with the theory.
>
> People need to be able to learn core Comp Sci subjects without being
> encumbered with all the other crap required to get a Bachelor's Degree.
> Unfortunately, AA degrees are just the first 2 years of a BS program, and
> they only include about 1/2 of the core CS material.
>
> What's preventing this from happening is a shift in the industry from
> hiring people with core competencies to hiring people who've mastered
> superficial skills — you don't need core competencies to become highly
> facile with runtime libraries that allow you to crank out code really fast.
>
> But all of that code you end up cranking out may not be structured very
> well because you have no underlying core competencies! This is what people
> are totally missing, thanks in large part to those who've risen in the
> ranks without the core competencies and therefor are competely blind to
> their value.
>
> ("Hey, I've never had a compiler construction course, and that hasn't hurt
> my performance over the years!" Well, this person probably never had
> anybody with any background in compiler construction or finite automata
> theory look at their code where that stuff would have helped them and
> pointed out how horribly it was structured and how hard it is to maintain.)
>
> You don't recognize that some particular task requires things taught in a
> basic data structures course, or you don't see the algorithmic complexity
> of something you're building because you never had an analysis of
> algorithms class. With no formal set theory background, you don't have any
> grounding in how to write efficient SQL queries. With no formal language
> theory background taught in a compiler construction course, you have no
> understanding of tokenizing and parsing streams of input data.
>
> This lack of foundational background does not prevent you from writing
> code. It simply prevents you from recognizing various tasks as belonging to
> a larger set of already recognized and well-understood tasks that have been
> studied and their various structures and dynamics carved out for them to
> adapt as a "best practice".
>
> The one class that probably had the most relevant impact on my
> professional life was called "Discrete Math Structures". It was the most
> boring and seemingly irrelevant class I had in college. But it ended up
> being the basis of most of the work I've been involved with throughout my
> career. It was all about "counting". You'd think, "what a boring-ass
> topic!" Perhaps, but what I learned there forms the foundation of just
> about everything I've ever done in programming.
>
> The point is, when you attack programming from the coding-side — mastering
> a language and libraries rather than fundamentals — you never really learn
> the fundamentals, other than a little by osmosis.
>
> I used to get hired by people who said, "Oh, you've got a Computer Science
> degree. You can learn anything!" and they didn't give a rip what languages
> or libraries I knew. Today it's just the opposite. People want to know how
> fast you can hit the ground running with their particular "stack" and they
> tend to hire people who have the LEAST TO LEARN. Then they wonder why their
> code base is big and fat and slow and hard as hell to maintain, and why
> their development schedules seem to stretch out to oblivion.
>
> If you can take some core Comp Sci courses without having to be enrolled
> in a BS program, I encourage you to do that. Even just one a semester.
> there are only a handful (6-8) and they'll make a huge difference in your
> ability to learn new stuff going forward. THIS is the "core" of Comp Sci —
> not the rest of the crap you have to take to get your degree, like
> Sociology, Psych, and English Lit.
>
> Spend some time learning these core competencies and you'll find yourself
> far better for it down the road. That approach won't get you a degree, but
> you will find it much easier to approach new langauges and platforms and
> come up to speed faster.
>
> Because in the end, everything in the software world really is based on
> some core foundational theories and disciplines. For example, every
> imperative programming language is structured the same, and if you
> understand compiler theory, they pretty much all look and work alike.
>
> They didn't teach parallel programming, multi-threading, and stuff like
> that when I was in college, but they probably do today.  That would be a
> great class to take if you're trying to learn something like Haskell and
> how to leverage the use of highly distributed parallel processors, even if
> they're arrays of CPUs on GPU chips.
>
> I believe it's not so much your familiarity with the language and run-time
> libraries that get you ahead, but rather the underlying theories that the
> languages are usually based upon that inform a lot of your decisions in
> these cases.
>
> So, yes, pick an open-source project to work on and focus on something
> concrete, like R or Haskell or whatever. But spend some time learning the
> foundations upon which those technologies are built.
>
> -David Schwartz
>
>
> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com>
> wrote:
> At present I am working through an introduction to R and an introduction
> to Haskell. Both are fun, but Haskell is more fun--and harder.
>
> I'm about a quarter of the way through each textbook.
>
> I'm also in DES's Vocational Rehab, because I have three disabilities, two
> master's degrees, and work as a telephone customer service representative
> for low wages. My vocational rehab coach wants me to start contributing to
> an opensource project ASAP. I'd like to contribute to Frege (Haskell for
> the JVM) but it will be weeks before I can finish the Haskell book, and
> then I'd still be a newbie. The most advanced training I have is a
> community college certificate of completion in computer programming, so I'm
> not that sophisticated or experienced a programmer. I am having trouble
> convincing my worker that making a meaningful contribution to an opensource
> project is actually a daunting proposition in most cases. Is anybody
> looking for an entry-level contributor to an opensource project?
>
> Anyway, there are opensource projects I'd like to work on.  One is
> extending and documenting Frege (https://github.com/Frege/frege
> <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZrrYKskBoDse0NQhf-2FhO68A1Z4BXmqM-2F5GtXeKjNCj2m_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bkjYTFRf21b4-2BZSDHPXSDWg7igh4IQilbRmKSCjqEXClz6ExdyQ05r36dWmr4LxVKmj1eYWW4YRx5U-2FHP2-2F2GfJ5RNEH02eiQYN7og9MM5iWNir7-2FGbQQFzhtJZkLt8Ui7nDIb-2BcF79bScwL89-2Fqb99g-3D>).
> They want Haskell plugins translated into Frege+Java. The project,
> unfortunately, seems moribund. No matter, maybe it would be possible to
> "borrow" directly from the GHC after going over a compiler textbook with
> exercises.  Of course, what one would REALLY want would be a JIT Frege
> compiler, and I have a feeling you won't get that by slavishly translating
> the GHC.
>
> The other, rather harder, project I want to work on is translating, then
> modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation
> Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas
> of what I want to do with a functional language that is a spreadsheet.  I
> want to target the JVM, and write most of the compiler/interpreter in a
> functional language. I'd use Frege + Java but Frege isn't nearly mature
> enough. I expect that if I ever do it, I'll use Kotlin + Java.
>
> That implies that future projects are going to be learning to write
> compilers and learning to code in Kotlin.
>
> How might someone with the equivalent of an AA in CIS (not CS) emphasizing
> programming get competent at (human) reading and (human) writing of
> lexers-parsers-compilers-linkers? What are prerequisites.
>
> Does anyone have favorite compiler textbooks? Any compiler textbooks they
> really hate?
>
>
> Regards,
>
> Trent Shipley
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeuezmM-2FbZmX-2FOxPb9DW3bklWNhPauFwW9c3vKFcMs1u3nHaPxI42vouRZUOBclcX7Rm6zva-2BDOCMx7v6R-2Be01s-2FT-2BkK6OqWynhb76FQxtUnOoKCPAgYCTACQoreTrmXr-2BA1doYVHWQX7dZUuuk324jTm2tZAmlN3Cr8AAyel0zlw-3D>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/2b1b3252/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/2b1b3252/attachment.gif>

From retro64xyz at gmail.com  Sun Jan 21 08:57:11 2018
From: retro64xyz at gmail.com (Aaron Jones)
Date: Sun, 21 Jan 2018 08:57:11 -0700
Subject: Trent's projects
In-Reply-To: <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
Message-ID: <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>

The whole “you will be spiritually predisposed to coding” is stupid. No one wants a computer science person on the team because having a team of ten developers who can write crappy boiler plate code is faster than 9 shitty programmers being chased around by a good developer. 

I have a website I work on that has a code base that is topping nearly 2gb and has to load over 986MB to load just the front page. 

For what? Well we have 60+ items in composer, we have jquery, we have endless numbers of libraries and plugins. Sometimes we load thousands of lines of code to do a single action that literally might be called on the rarest of second tuesdays on the new moon. 

This is the thought process of the brogrammer. 

Mission - Write to database
Tools - PHP and mysql
Method - use https://www.slimframework.com/ to develop internal api for working with db. Manage entire api using restful calls using slim. Requires all total several thousand lines of code and we have to make updates depending on changes in framework. 

My method -

Write a single sql update using prepared statements. Approximately 2 lines of code. Up time so far has been 100% with no code base changes in over a year. Azure restarted our db once but they emailed us about it so it doesn’t count. 

Real life example between brogrammer and someone who likes the unix method. But the brogrammer has a continued source of income. My method is essentially immutable. The shitty programmers can do maintenance, updates, and upgrades for life. They will be twiddling that code for years. Its an endless source of income. 

Why make good washers and dryers when we can make you buy a new washer and dryer everything 3-5 years. 

Thats the mindset of these companies. 

> On Jan 21, 2018, at 8:43 AM, techlists at phpcoderusa.com wrote:
> 
> I'm intrigued by your comments that one needs a computer science foundation to be more effective as a programmer.
> 
> In this article [http://fortune.com/2015/09/01/computer-science-degree/], it is reported that a start up CEO says  "He prefers people who have an innate passion and talent for coding in the first place.".  I think I understand how to determine if someone has passion... But how do we determine if someone has " talent for coding"?
> 
> There seems to be two camps.  One camp believes you need CS training.  The other says you need exposure to current technologies and exposure to working in a team.  Maybe both are correct?
> 
> Your thoughts?
> 
>  
> 
> 
>> On 2018-01-20 14:18, David Schwartz wrote:
>> 
>> Back in the 80's there was a library I used that I really loved. The author was clearly dedicated to supporting it and was very active on their discussion forum, and was constantly helping people fix problems they had with the code. (It was a 'C' library.) He was constantly releasing updates at a pace that I'd feel challlenged to keep up with.
>>  
>> I went to a Software Developer's Conference and this company had a booth, so I swung by to meet the guy. I turns out he was quite disabled. He reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said, and I didn't ask. There was also a close buddy of his there who I guess was his "caregiver" of sorts. Sadly, this guy appeared quite drunk most of the time. I suspect he may have been an alcoholic, which must have been quite frustrating to the software guy. (Unless he had some disability himself, but at the evening parties where I saw him, he was going through beers pretty quickly.)
>>  
>> Like Hawking, here was a brilliant mind trapped inside of a dysfunction body, and he discovered that software was a great way to keep himself occupied and engaged in the world. Not to mention that because this was a fairly popular library, it brought in a nice steady income for these two fellows. 
>>  
>> It's not uncommon to find disabled people who've accumulated lots of academic creds. In this case, I'd say it's more a reflection that there's a sharp mind trapped in a dysfunctional body doing its best to keep itself occupied in a positive way.
>>  
>> The failure here is probbably on the part of the not-so-sharp minds trapped in fully-functional bodies who probably see their jobs in supporting these people (as "case workers" and "coaches") as little more than pacifiers, keeping folks like Trent modestly occupied and engaged enough so they're not much of a bother to them. That would infuriate the hell out of me if I were disabled.
>>  
>> Software is a perfect domain for lots of folks with physical disabilities to engage in because most of the activity around software is going on in our heads anyway.
>>  
>> I was quite shocked to find that the developer of that library was so extremely disabled that he couldn't even talk and had extremely limited physical abilities. (I seem to recall he had some kind of beak or stick he wore on his head that let him tap on keys on the keyboard. This was pre-Windows before mice were in common use. His typing was very slow and labored. Yet he managed to write all of that software and help people online and everything anybody else would do. He was just very slow at it, although in the end that didn't matter in the least.)
>>  
>> That said, find a project you like that's in a direction you want to learn more about, and just take it on.
>>  
>> If you can take classes that help you learn, all the better. Don't worry about your academic background. However, it would be good to have a few core Comp Sci courses under your belt.
>>  
>> It bothers me that our educational system has become somewhat bifurcated, in that it's teaching core Comp Sci topics as part of a larger educational curriculum but ignoring them at the other end where they're starting by teaching "coding" and never go very deep with the theory.
>>  
>> People need to be able to learn core Comp Sci subjects without being encumbered with all the other crap required to get a Bachelor's Degree. Unfortunately, AA degrees are just the first 2 years of a BS program, and they only include about 1/2 of the core CS material.
>>  
>> What's preventing this from happening is a shift in the industry from hiring people with core competencies to hiring people who've mastered superficial skills — you don't need core competencies to become highly facile with runtime libraries that allow you to crank out code really fast.
>>  
>> But all of that code you end up cranking out may not be structured very well because you have no underlying core competencies! This is what people are totally missing, thanks in large part to those who've risen in the ranks without the core competencies and therefor are competely blind to their value.
>>  
>> ("Hey, I've never had a compiler construction course, and that hasn't hurt my performance over the years!" Well, this person probably never had anybody with any background in compiler construction or finite automata theory look at their code where that stuff would have helped them and pointed out how horribly it was structured and how hard it is to maintain.)
>>  
>> You don't recognize that some particular task requires things taught in a basic data structures course, or you don't see the algorithmic complexity of something you're building because you never had an analysis of algorithms class. With no formal set theory background, you don't have any grounding in how to write efficient SQL queries. With no formal language theory background taught in a compiler construction course, you have no understanding of tokenizing and parsing streams of input data.
>>  
>> This lack of foundational background does not prevent you from writing code. It simply prevents you from recognizing various tasks as belonging to a larger set of already recognized and well-understood tasks that have been studied and their various structures and dynamics carved out for them to adapt as a "best practice".
>>  
>> The one class that probably had the most relevant impact on my professional life was called "Discrete Math Structures". It was the most boring and seemingly irrelevant class I had in college. But it ended up being the basis of most of the work I've been involved with throughout my career. It was all about "counting". You'd think, "what a boring-ass topic!" Perhaps, but what I learned there forms the foundation of just about everything I've ever done in programming.
>>  
>> The point is, when you attack programming from the coding-side — mastering a language and libraries rather than fundamentals — you never really learn the fundamentals, other than a little by osmosis.
>>  
>> I used to get hired by people who said, "Oh, you've got a Computer Science degree. You can learn anything!" and they didn't give a rip what languages or libraries I knew. Today it's just the opposite. People want to know how fast you can hit the ground running with their particular "stack" and they tend to hire people who have the LEAST TO LEARN. Then they wonder why their code base is big and fat and slow and hard as hell to maintain, and why their development schedules seem to stretch out to oblivion.
>>  
>> If you can take some core Comp Sci courses without having to be enrolled in a BS program, I encourage you to do that. Even just one a semester. there are only a handful (6-8) and they'll make a huge difference in your ability to learn new stuff going forward. THIS is the "core" of Comp Sci — not the rest of the crap you have to take to get your degree, like Sociology, Psych, and English Lit.
>>  
>> Spend some time learning these core competencies and you'll find yourself far better for it down the road. That approach won't get you a degree, but you will find it much easier to approach new langauges and platforms and come up to speed faster. 
>>  
>> Because in the end, everything in the software world really is based on some core foundational theories and disciplines. For example, every imperative programming language is structured the same, and if you understand compiler theory, they pretty much all look and work alike. 
>>  
>> They didn't teach parallel programming, multi-threading, and stuff like that when I was in college, but they probably do today.  That would be a great class to take if you're trying to learn something like Haskell and how to leverage the use of highly distributed parallel processors, even if they're arrays of CPUs on GPU chips. 
>>  
>> I believe it's not so much your familiarity with the language and run-time libraries that get you ahead, but rather the underlying theories that the languages are usually based upon that inform a lot of your decisions in these cases.
>>  
>> So, yes, pick an open-source project to work on and focus on something concrete, like R or Haskell or whatever. But spend some time learning the foundations upon which those technologies are built.
>> 
>> -David Schwartz
>>  
>> 
>>> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com> wrote:
>>> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder.
>>>  
>>> I'm about a quarter of the way through each textbook.
>>>  
>>> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project?
>>>  
>>> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://github.com/Frege/frege). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC.
>>>  
>>> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java. 
>>>  
>>> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin.
>>>  
>>> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites.
>>>  
>>> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate?
>>>  
>>>  
>>> Regards,
>>>  
>>> Trent Shipley
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> <blocked.gif>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/a6a8a0be/attachment.html>

From mark at phillipsmarketing.biz  Sun Jan 21 10:29:21 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Sun, 21 Jan 2018 10:29:21 -0700
Subject: Trent's projects
In-Reply-To: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
Message-ID: <CAEqej2OLhrp4=kfofaC-DwkPoCDbuS3yB0P8A+OYfxOH38tNPA@mail.gmail.com>

Trent,

 Is anybody looking for an entry-level contributor to an opensource project?
>
> One way to get your feet wet in any open source project is to help with
the documentation. Download the code, and then go through the documentation
to see if it does what it is supposed to do. Are there new features that
work and no one documented them? Look at the projects road map to see what
the code is supposed to do. Trace through the code as it executes, read the
comments, and see if there are missing features. Add comments to the code
base as needed. Talk to the developers on IIRC or whatever channel they use
to get help and guidance.

Another way to get your feet wet is to fix bugs. Pick small ones, trace
through the code, and see if you can make the changes necessary to fix the
bug. Same comments as above - talk to the developers/community for this
project. You will quickly learn if you enjoy this aspect of development.
Read about testing code and how to make unit tests. Add some tests to the
code base. Let the community know you are here to help and learn at the
same time.

Both of these steps will require learning about lots of useful skills -
debugging, documenting, how the project works, making commits, working with
developers from afar.

If you find the developers of this project are not 1000% supportive of your
efforts, then find another project. The good projects need folks to do
these tasks, and they are a great way to introduce yourself to the
community, help the project, and make a name for yourself. If that
community does not value these tasks, then look for another one that does.
There are many out there who will.

Just my 2 cents.

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/286937db/attachment.html>

From andrewmcrobb at gmail.com  Sun Jan 21 10:55:21 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Sun, 21 Jan 2018 10:55:21 -0700
Subject: Computer Freezes When Waking Up [Linux Mint 18.3]
Message-ID: <CAH1v-qgrqELeBOfmzNbVPu6kNv0+Dpoe59Sf05+bCnNHFsZ_bQ@mail.gmail.com>

Hi everyone,

I recently upgraded my kernel to ver *4.13.0-26*, and updated my Intel
Microcode for the latest security fixes (*3.20180108.0~ubuntu16.04.2*) w/
some other updates revolving my Mint installation. It started happening
once after everything was upgraded. All my software seems to be working
fine after the updates. Virtualbox, Docker, FireFox, etc... For whatever
reason when my machine goes to sleep, and I attempt to wake it up. It
literally freezes on a frame of my applications reappearing (fadded) w/ the
desktop wallpaper behind them.

Has anyone had anything like this happen to them? -- I disabled the power
saving option to avoid this at the moment.

*Specs*
*Linux Mint:* 18.3 64x
*uname -a:* Linux andrew-desktop 4.13.0-26-generic #29~16.04.2-Ubuntu SMP
Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux



Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/465ea518/attachment.html>

From cryptworks at gmail.com  Sun Jan 21 11:12:57 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sun, 21 Jan 2018 11:12:57 -0700
Subject: Trent's projects
In-Reply-To: <CAEqej2OLhrp4=kfofaC-DwkPoCDbuS3yB0P8A+OYfxOH38tNPA@mail.gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <CAEqej2OLhrp4=kfofaC-DwkPoCDbuS3yB0P8A+OYfxOH38tNPA@mail.gmail.com>
Message-ID: <CACS_G9yJsExu3fnYv0qByopFh41x31A+6GpW_qZAQYzEBsk=DQ@mail.gmail.com>

I would second this in a big way.

On Jan 21, 2018 10:29 AM, "Mark Phillips" <mark at phillipsmarketing.biz>
wrote:

> Trent,
>
>  Is anybody looking for an entry-level contributor to an opensource
>> project?
>>
>> One way to get your feet wet in any open source project is to help with
> the documentation. Download the code, and then go through the documentation
> to see if it does what it is supposed to do. Are there new features that
> work and no one documented them? Look at the projects road map to see what
> the code is supposed to do. Trace through the code as it executes, read the
> comments, and see if there are missing features. Add comments to the code
> base as needed. Talk to the developers on IIRC or whatever channel they use
> to get help and guidance.
>
> Another way to get your feet wet is to fix bugs. Pick small ones, trace
> through the code, and see if you can make the changes necessary to fix the
> bug. Same comments as above - talk to the developers/community for this
> project. You will quickly learn if you enjoy this aspect of development.
> Read about testing code and how to make unit tests. Add some tests to the
> code base. Let the community know you are here to help and learn at the
> same time.
>
> Both of these steps will require learning about lots of useful skills -
> debugging, documenting, how the project works, making commits, working with
> developers from afar.
>
> If you find the developers of this project are not 1000% supportive of
> your efforts, then find another project. The good projects need folks to do
> these tasks, and they are a great way to introduce yourself to the
> community, help the project, and make a name for yourself. If that
> community does not value these tasks, then look for another one that does.
> There are many out there who will.
>
> Just my 2 cents.
>
> Mark
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/5dfb3815/attachment.html>

From michael at butash.net  Sun Jan 21 12:24:12 2018
From: michael at butash.net (Michael Butash)
Date: Sun, 21 Jan 2018 12:24:12 -0700
Subject: Computer Freezes When Waking Up [Linux Mint 18.3]
In-Reply-To: <CAH1v-qgrqELeBOfmzNbVPu6kNv0+Dpoe59Sf05+bCnNHFsZ_bQ@mail.gmail.com>
References: <CAH1v-qgrqELeBOfmzNbVPu6kNv0+Dpoe59Sf05+bCnNHFsZ_bQ@mail.gmail.com>
Message-ID: <CADWnDsuhFzaw_BrRGhnMWs8rVehAWmBKZLK84nv=p38UTuJrgA@mail.gmail.com>

Sounds like an acpi bug in the bios, or kernel toward your bios - see if
there's an update for it.  Anytime I've had suspend issues, it's almost
always a bios thing, particularly in Dell, or or kernel folks begrudgingly
write an exception to deal with popular, crappy hardware.

This issue single-handed holds back linux in general on laptop hardware as
every laptop is different, where the vendors usually write crappy windoze
code and drivers to work around their poor, non-standard bios'.

If you're using grub/legacy bios, might try EFI if it supports it.  Not
sure how much will follow through and plague you, but might prove better,
or at least more standard these days.  Dell is at least one that actually
*does* consider linux vs. the lenovo, toshiba, and hp's that still pretend
no one uses linux desktops.

-mb

On Sun, Jan 21, 2018 at 10:55 AM, Andrew McRobb <andrewmcrobb at gmail.com>
wrote:

> Hi everyone,
>
> I recently upgraded my kernel to ver *4.13.0-26*, and updated my Intel
> Microcode for the latest security fixes (*3.20180108.0~ubuntu16.04.2*) w/
> some other updates revolving my Mint installation. It started happening
> once after everything was upgraded. All my software seems to be working
> fine after the updates. Virtualbox, Docker, FireFox, etc... For whatever
> reason when my machine goes to sleep, and I attempt to wake it up. It
> literally freezes on a frame of my applications reappearing (fadded) w/ the
> desktop wallpaper behind them.
>
> Has anyone had anything like this happen to them? -- I disabled the power
> saving option to avoid this at the moment.
>
> *Specs*
> *Linux Mint:* 18.3 64x
> *uname -a:* Linux andrew-desktop 4.13.0-26-generic #29~16.04.2-Ubuntu SMP
> Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>
>
>
> Andrew McRobb
> Full-time Software Developer
> Part-time Freelancer
> mcrobb.info
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/373ece33/attachment.html>

From newsletters at thetoolwiz.com  Sun Jan 21 13:13:54 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Sun, 21 Jan 2018 20:13:54 +0000 (UTC)
Subject: Trent's projects
In-Reply-To: <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
Message-ID: <2B286F34-9569-4052-AF8C-E686C7B38CDD@thetoolwiz.com>

First thought: this is a terrible generalization. I don’t know who you’re talking about as I don’t identify with it at all.

Second, I’d have to say your view of things is more a reflection of the horrid “state-of-the-art” when it comes to web development.

You clearly weren’t around in the early years of Windows development. Every 9 months or so, Microsoft would come out with an update to their “official Windows API’ and in order to get “certified”, you had to spend a few grand and attend a week-long class in Redmond. I knew a lot of companies and developers who went bankrupt because it took most of that 9 months to absorb the changes and retool their skills and libraries. Then just as they were about to hit their stride, MS came out with another update.

Web development has been and still is at the same level of confusion / complexity / gnarliness that was present around the Windows 3.0 / 3.1 / 98 era. 

The difference is, in the case of Windows, there was exactly one team / organization driving development. It was fairly coherent (relatively speaking) as it didn’t go off in 400 different directions. Tool vendors were able to build things with some sense of continuity — at least MS felt strongly about preserving backward compatibility through their otherwise tumultuous updates.

In contrast, web development is totally incoherent. There are dozens if not hundreds of teams building frameworks in isolation, people extending them, other teams building tools based on whatever intermediate version they felt like using, and there’s often very little emphasis given to backward compatibility. Some toolset based on a given widget library could not use the next version of the same widget library because the people who wrote it made breaking changes.

So you’ve got layer upon layer of patches and workarounds and accumulated crap with stuff going through different translation layers to deal with libraries that are written in different languages and versions of languages, and nothing is compatible with anything else.

Then I’m guessing you’re trying to blame this state of affairs on people with comp sci backgrounds. 

No, this is what happens when you’ve got hundreds if not thousands of passionate people scattered around the world who may be predisposed to programming, who have no clue WTF they’re doing. All they know is they’re looking at a piece of software and they’re thinking, “Oh, wouldn’t it be nice if it did xx, yy, and zz? I think I’ll spend the weekend and add these features in!” They’re not coordinating with anybody, they don’t write any specs, they don’t check to see if there’s anything the core team is working on that might impact the work they’re doing, they don’t care about backward compatibility, they don’t care if anybody else might be working on the same things. 

It’s a totally narcissistic, self-focused approach to software development. And this is how most open-source software is developed.

You’re talking about the mechanics of social networks of programming teams here. Not Comp Sci.

It's completely unrelated to anything taught in school related to Comp Sci. 

It’s mostly a reflection of what happens with large, highly distributed, uncoordinated teams of developers with different skill levels.

This is a big reason I don’t do web development — you can practically start WW-III arguing about which widget framework is “best” today!

-David Schwartz



> On Jan 21, 2018, at 8:57 AM, Aaron Jones <retro64xyz at gmail.com> wrote:
> 
> The whole “you will be spiritually predisposed to coding” is stupid. No one wants a computer science person on the team because having a team of ten developers who can write crappy boiler plate code is faster than 9 shitty programmers being chased around by a good developer. 
> 
> I have a website I work on that has a code base that is topping nearly 2gb and has to load over 986MB to load just the front page. 
> 
> For what? Well we have 60+ items in composer, we have jquery, we have endless numbers of libraries and plugins. Sometimes we load thousands of lines of code to do a single action that literally might be called on the rarest of second tuesdays on the new moon. 
> 
> This is the thought process of the brogrammer. 
> 
> Mission - Write to database
> Tools - PHP and mysql
> Method - use https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZqqlTGWa0aUJepFGtYX2W1ctFTYDzTgqyqLOfjtxISAU_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBP8CNxe2xEO3Zq-2F4X7j-2BHud95tD4KCsrLhTfH58S-2FI6lUr35nskPmTGWxtwhNz-2B7abzv6eZKtmVFlU3p1D51DBNeIKhmJEZHok9YRjTTvk2bbpEXHLRLreaBQWfzDdJlA7pfjcc0-2Fab7DcChQyHhp6A-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZqqlTGWa0aUJepFGtYX2W1ctFTYDzTgqyqLOfjtxISAU_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBO757uSro4d0305E-2BTVFfRwKW87AYC64sKRgGS3FvzH5azztXVyO3Hz5dAo0rfQLCtvcMXVykA-2BaOKgJJB0bsLiK-2BYKD5HioR77YXD22jAkgs8z82vuHVamSb2-2BUb5t7agN58qXuBIgYN5f4YPaeat0-3D> to develop internal api for working with db. Manage entire api using restful calls using slim. Requires all total several thousand lines of code and we have to make updates depending on changes in framework. 
> 
> My method -
> 
> Write a single sql update using prepared statements. Approximately 2 lines of code. Up time so far has been 100% with no code base changes in over a year. Azure restarted our db once but they emailed us about it so it doesn’t count. 
> 
> Real life example between brogrammer and someone who likes the unix method. But the brogrammer has a continued source of income. My method is essentially immutable. The shitty programmers can do maintenance, updates, and upgrades for life. They will be twiddling that code for years. Its an endless source of income. 
> 
> Why make good washers and dryers when we can make you buy a new washer and dryer everything 3-5 years. 
> 
> Thats the mindset of these companies. 
> 
> On Jan 21, 2018, at 8:43 AM, techlists at phpcoderusa.com <mailto:techlists at phpcoderusa.com> wrote:
> 
>> I'm intrigued by your comments that one needs a computer science foundation to be more effective as a programmer.
>> 
>> In this article [https://u2206659.ct.sendgrid.net/wf/click?upn=xWjuCTUdfScKKuurZ1bDsMFLz3JUkoQJkrD6SxsXDXM8v9g7KJHMxD8FXKgtVwLP-2BGOc3bLbzdSyVLYPTbLJNA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBB4BylDVyNnOsRl0RTTsuRGbmkiYPSawHdqyF2xF1vwSydOKPl-2BretLiYzteHB-2BBXbR3USy-2BQYKJW-2BaC-2FlO1-2BnhmTFR-2FBTZS4IpmRtpdcMWlkMCDgdGHal7fuLleJbDIyG8ORlgUwAPB7hpS49mQLlU-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=xWjuCTUdfScKKuurZ1bDsMFLz3JUkoQJkrD6SxsXDXM8v9g7KJHMxD8FXKgtVwLP-2BGOc3bLbzdSyVLYPTbLJNA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBIePFY9-2Fpi6BC8ZqXrhM-2Fo7KrXnLvjLQ477dRqTN3YWzqyo4gWRy1cUfPVK12LpD3mT17qqPdnfTzkGcSyoDSwQ8G-2FcFpGhCem1PwTevV5xCjGtjXA4R8gsa2MInMAa4mj9faHtQF28yismlEWf9oG8-3D>], it is reported that a start up CEO says  "He prefers people who have an innate passion and talent for coding in the first place.".  I think I understand how to determine if someone has passion... But how do we determine if someone has " talent for coding"?
>> 
>> There seems to be two camps.  One camp believes you need CS training.  The other says you need exposure to current technologies and exposure to working in a team.  Maybe both are correct?
>> 
>> Your thoughts?
>> 
>>  
>> 
>> 
>> On 2018-01-20 14:18, David Schwartz wrote:
>> 
>>> Back in the 80's there was a library I used that I really loved. The author was clearly dedicated to supporting it and was very active on their discussion forum, and was constantly helping people fix problems they had with the code. (It was a 'C' library.) He was constantly releasing updates at a pace that I'd feel challlenged to keep up with.
>>>  
>>> I went to a Software Developer's Conference and this company had a booth, so I swung by to meet the guy. I turns out he was quite disabled. He reminded me of Stephen Hawking. He may have had ALS, I dunno. Nobody said, and I didn't ask. There was also a close buddy of his there who I guess was his "caregiver" of sorts. Sadly, this guy appeared quite drunk most of the time. I suspect he may have been an alcoholic, which must have been quite frustrating to the software guy. (Unless he had some disability himself, but at the evening parties where I saw him, he was going through beers pretty quickly.)
>>>  
>>> Like Hawking, here was a brilliant mind trapped inside of a dysfunction body, and he discovered that software was a great way to keep himself occupied and engaged in the world. Not to mention that because this was a fairly popular library, it brought in a nice steady income for these two fellows. 
>>>  
>>> It's not uncommon to find disabled people who've accumulated lots of academic creds. In this case, I'd say it's more a reflection that there's a sharp mind trapped in a dysfunctional body doing its best to keep itself occupied in a positive way.
>>>  
>>> The failure here is probbably on the part of the not-so-sharp minds trapped in fully-functional bodies who probably see their jobs in supporting these people (as "case workers" and "coaches") as little more than pacifiers, keeping folks like Trent modestly occupied and engaged enough so they're not much of a bother to them. That would infuriate the hell out of me if I were disabled.
>>>  
>>> Software is a perfect domain for lots of folks with physical disabilities to engage in because most of the activity around software is going on in our heads anyway.
>>>  
>>> I was quite shocked to find that the developer of that library was so extremely disabled that he couldn't even talk and had extremely limited physical abilities. (I seem to recall he had some kind of beak or stick he wore on his head that let him tap on keys on the keyboard. This was pre-Windows before mice were in common use. His typing was very slow and labored. Yet he managed to write all of that software and help people online and everything anybody else would do. He was just very slow at it, although in the end that didn't matter in the least.)
>>>  
>>> That said, find a project you like that's in a direction you want to learn more about, and just take it on.
>>>  
>>> If you can take classes that help you learn, all the better. Don't worry about your academic background. However, it would be good to have a few core Comp Sci courses under your belt.
>>>  
>>> It bothers me that our educational system has become somewhat bifurcated, in that it's teaching core Comp Sci topics as part of a larger educational curriculum but ignoring them at the other end where they're starting by teaching "coding" and never go very deep with the theory.
>>>  
>>> People need to be able to learn core Comp Sci subjects without being encumbered with all the other crap required to get a Bachelor's Degree. Unfortunately, AA degrees are just the first 2 years of a BS program, and they only include about 1/2 of the core CS material.
>>>  
>>> What's preventing this from happening is a shift in the industry from hiring people with core competencies to hiring people who've mastered superficial skills — you don't need core competencies to become highly facile with runtime libraries that allow you to crank out code really fast.
>>>  
>>> But all of that code you end up cranking out may not be structured very well because you have no underlying core competencies! This is what people are totally missing, thanks in large part to those who've risen in the ranks without the core competencies and therefor are competely blind to their value.
>>>  
>>> ("Hey, I've never had a compiler construction course, and that hasn't hurt my performance over the years!" Well, this person probably never had anybody with any background in compiler construction or finite automata theory look at their code where that stuff would have helped them and pointed out how horribly it was structured and how hard it is to maintain.)
>>>  
>>> You don't recognize that some particular task requires things taught in a basic data structures course, or you don't see the algorithmic complexity of something you're building because you never had an analysis of algorithms class. With no formal set theory background, you don't have any grounding in how to write efficient SQL queries. With no formal language theory background taught in a compiler construction course, you have no understanding of tokenizing and parsing streams of input data.
>>>  
>>> This lack of foundational background does not prevent you from writing code. It simply prevents you from recognizing various tasks as belonging to a larger set of already recognized and well-understood tasks that have been studied and their various structures and dynamics carved out for them to adapt as a "best practice".
>>>  
>>> The one class that probably had the most relevant impact on my professional life was called "Discrete Math Structures". It was the most boring and seemingly irrelevant class I had in college. But it ended up being the basis of most of the work I've been involved with throughout my career. It was all about "counting". You'd think, "what a boring-ass topic!" Perhaps, but what I learned there forms the foundation of just about everything I've ever done in programming.
>>>  
>>> The point is, when you attack programming from the coding-side — mastering a language and libraries rather than fundamentals — you never really learn the fundamentals, other than a little by osmosis.
>>>  
>>> I used to get hired by people who said, "Oh, you've got a Computer Science degree. You can learn anything!" and they didn't give a rip what languages or libraries I knew. Today it's just the opposite. People want to know how fast you can hit the ground running with their particular "stack" and they tend to hire people who have the LEAST TO LEARN. Then they wonder why their code base is big and fat and slow and hard as hell to maintain, and why their development schedules seem to stretch out to oblivion.
>>>  
>>> If you can take some core Comp Sci courses without having to be enrolled in a BS program, I encourage you to do that. Even just one a semester. there are only a handful (6-8) and they'll make a huge difference in your ability to learn new stuff going forward. THIS is the "core" of Comp Sci — not the rest of the crap you have to take to get your degree, like Sociology, Psych, and English Lit.
>>>  
>>> Spend some time learning these core competencies and you'll find yourself far better for it down the road. That approach won't get you a degree, but you will find it much easier to approach new langauges and platforms and come up to speed faster. 
>>>  
>>> Because in the end, everything in the software world really is based on some core foundational theories and disciplines. For example, every imperative programming language is structured the same, and if you understand compiler theory, they pretty much all look and work alike. 
>>>  
>>> They didn't teach parallel programming, multi-threading, and stuff like that when I was in college, but they probably do today.  That would be a great class to take if you're trying to learn something like Haskell and how to leverage the use of highly distributed parallel processors, even if they're arrays of CPUs on GPU chips. 
>>>  
>>> I believe it's not so much your familiarity with the language and run-time libraries that get you ahead, but rather the underlying theories that the languages are usually based upon that inform a lot of your decisions in these cases.
>>>  
>>> So, yes, pick an open-source project to work on and focus on something concrete, like R or Haskell or whatever. But spend some time learning the foundations upon which those technologies are built.
>>> 
>>> -David Schwartz
>>>  
>>> 
>>>> On Jan 19, 2018, at 9:59 PM, trent shipley <trent.shipley at gmail.com <mailto:trent.shipley at gmail.com>> wrote:
>>>> At present I am working through an introduction to R and an introduction to Haskell. Both are fun, but Haskell is more fun--and harder.
>>>>  
>>>> I'm about a quarter of the way through each textbook.
>>>>  
>>>> I'm also in DES's Vocational Rehab, because I have three disabilities, two master's degrees, and work as a telephone customer service representative for low wages. My vocational rehab coach wants me to start contributing to an opensource project ASAP. I'd like to contribute to Frege (Haskell for the JVM) but it will be weeks before I can finish the Haskell book, and then I'd still be a newbie. The most advanced training I have is a community college certificate of completion in computer programming, so I'm not that sophisticated or experienced a programmer. I am having trouble convincing my worker that making a meaningful contribution to an opensource project is actually a daunting proposition in most cases. Is anybody looking for an entry-level contributor to an opensource project?
>>>>  
>>>> Anyway, there are opensource projects I'd like to work on.  One is extending and documenting Frege (https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZrrYKskBoDse0NQhf-2FhO68A1Z4BXmqM-2F5GtXeKjNCj2m_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBEdYgZd-2Bdfh-2FOdOuXIoYLvBAddPJtRgj3MKgtDY8RJFaQ0z5qq32Vimpb-2FRqFYZ0svh7yKd2W9vmPKghC4cJ1WyzZt-2B-2FCp5eTBjNU3ehidLFlkbT8HG36p7rQZNH-2FNrUlR-2F9dzlpcRo2srZxVO5FfTQ-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZnnbK2LIZIfnojzH-2BPzZg719bV7hL2TJnC2UduzrwTqY24NOsBJ0ELU-2FzvheGWQXEwocwacVnFDMNIio1obmyvZdQqiIVyvfqA3msXdXK5jyrgfmwsymJtL51e-2BU5ZOjmqu-2BvEHMUYtVjWAMPfThOjJxHe4cMXk-2B76D-2BSd6wZzH7bRehWNjFx5uzzs-2FPgTlHPNPul0O2TJmnM2TLIA8NNR-2F98Nfib19D7Iexm2o3doPyNaZmkBMfpljAnw8zFxBbzs3wbkUuHZuqB-2FMtSzsY9JIGO1Cxt-2BtZ1Nr7pUWtgaD8eb87t36bh7xEExp0deTSdGVPTNjhAKgP6Lp-2FLU2BHvx3rh2u5juGqH2y16I8QMNoUSe5BaFQ-2B2DC1AtRRAYxS1kXUI9faE3BkPqfBzY6KIPnlH8-2BVM0kGfiE7yGMRXiDk-2FnTg-2FR4DeGZzGW435hAS7vUchDbz0gaX53udUuOzmF5J9Ou4TruHTsh2M9l5Rk-2B4Q5k1RL2jvYx-2Fv0fey-2FqkQ-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBNgY-2BP6l8qG4vkFccU0MZ9Pscn1kTpgJiLrJn15TWTADa5HYNU4Zd0t5CxiCglA1K3t5hTgnGqD8l4p3duoQYtn-2BMw-2FJUFd3yaW11-2BFgTwAbVDctBonSWzMiv9YJs-2BHvMil6xVHcSm1t3oVFUvs8I3Y-3D>). They want Haskell plugins translated into Frege+Java. The project, unfortunately, seems moribund. No matter, maybe it would be possible to "borrow" directly from the GHC after going over a compiler textbook with exercises.  Of course, what one would REALLY want would be a JIT Frege compiler, and I have a feeling you won't get that by slavishly translating the GHC.
>>>>  
>>>> The other, rather harder, project I want to work on is translating, then modifying and extending Peter Sestoft's Funcalc (Spreadsheet Implementation Technology: Basics and Extensions, 2014). I have some idiosyncratic ideas of what I want to do with a functional language that is a spreadsheet.  I want to target the JVM, and write most of the compiler/interpreter in a functional language. I'd use Frege + Java but Frege isn't nearly mature enough. I expect that if I ever do it, I'll use Kotlin + Java. 
>>>>  
>>>> That implies that future projects are going to be learning to write compilers and learning to code in Kotlin.
>>>>  
>>>> How might someone with the equivalent of an AA in CIS (not CS) emphasizing programming get competent at (human) reading and (human) writing of lexers-parsers-compilers-linkers? What are prerequisites.
>>>>  
>>>> Does anyone have favorite compiler textbooks? Any compiler textbooks they really hate?
>>>>  
>>>>  
>>>> Regards,
>>>>  
>>>> Trent Shipley
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org <mailto:PLUG-discuss at lists.phxlinux.org>
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBDwM9MAO5mUjAKs7-2BV8BOo5lkrFNM6wMWZmgRv-2B02ISv5XW43-2BQXW5MkOSr67ZE2uxRxH5wPxr1UnsnZ2ludjhZGu-2BZk1FKfCpCiRYCuRG5pSVyCdDE6dlWMCkNOeHw06fgCdUb7F4CdYk9AOh5XD0c-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=3cK2FVJjyu2N-2Bxco034fZnnbK2LIZIfnojzH-2BPzZg719bV7hL2TJnC2UduzrwTqYZF2CQy4oyGX15npmp9OZjGwFS2iGGT1EuXkaDuRTwq9OfZbMW7bEs8YIUu2yqjpQeteKyCTrd-2F0gacOaBOfSZmuHJinAhqOaGN-2FCdiN8LXM0sgqep-2FbesVB-2BFaFJF9dgT-2BbUrwcgDMMhSjMjEocNBe99OTt2Z8lJoJxdLXx1igMTfrQUHvRHOUY4NBcZdhDpQsls4dNFV83z90UyUpvxdELNLBmEUaQbJ5If3eJ79xKjeazq-2Fj5f7CtFCM7fym8B439R8DhrH-2FfcAVKgMEpMDW1r36NVh8Uulr0fYhBfBCxfUEKOCvTFbdaiGNOnfmbv-2FSfSwHnsT2l-2BKXl6ORWGJUI5ESQvz9NAk97T0SmY1R4mPQlnfssGqWn54jprF4ETWO3uZ77seiLqoNG8vkvASvVsVLhpT1khVLkh30hmOqvEgqQ4X3j-2FA0FNEXuYJ4smTqkP8EDDxQZOorJyymcIFU8kzQyNR6AoZBtmjpecwHY-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBOivAHKxc4Y7JM2AdmN7KQXQVOOvpWDRbrCFctGYFL6O-2FSdJCQAHNLr8iDzQN-2B1D-2Ff6N-2FKWI0fy37vn8iDlhjo-2F7nNNzqz459OtE7e8HFf-2FutETNuZUvZds5QDzYSLqzkKFmrd3BAe9fJPK-2BHfvp0h4-3D><blocked.gif>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org <mailto:PLUG-discuss at lists.phxlinux.org>
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBEtOCuNMNQNpF6kw43Z2cuLCzkq0BVnTsqjpxmXzDlCFIgNfOBrmACScPUwIg0opduIdySQjBK2mSnCkPF7SQxMprYwVfLKur0QSF6yVMLhsicb9hNFex93pTxF5t56tgiKluqXM6Naf7DLTLuy-2F1oM-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBFjgC7Awdm6DB2-2BBnu-2FKsBOA3yYPx8WfLJzRCL3ItNSksUcEPAV5eqby9fk-2BaUtjoD8CqqtnpfghDamps8hBJa03cwnsX7yJtx7ly-2FGxwWEWGEFr94Q4wUUx32NUY0-2BgUvEz14OOmPxjpZDsIxnHpBk-3D>---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org <mailto:PLUG-discuss at lists.phxlinux.org>
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBB-2FbMgM-2B7XVnAMXt5KpEjOF4DS0qdAIZl-2Bzx92uVsVXFTPRf82vP6qS1CgYCd4byEWRe4JiIaogvfdZgFAeZ8PXyWhKAI8qBPDCOoHRu2Q4BR-2BaaWAWbtPzhc6VskSlGOxfVRjOZ2f3VUfhZlpMCZc4-3D <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBNEzx1uZ3RiYeKskm9sf-2FDwG6Urt7W6Lq4WXZ7gEl3mJwyCPkQfw0gLJpZYfcHYmOdp77DH2QkWBjwmgnsNvc8ONGTUyFENeYmc32T658DV9vBZSwISMQlZEw1sq0oX1Nw8fC2oncai-2BCSnhuSqxtkc-3D>---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBerNnArQzm7nkySm38-2FNsQBCpDP5bmhYAa0vkHgdZ-2Fk1dN6T6ajWpyoFwGcRPEsLdbODYkG0SqEy2y-2F78Sks7IbEbgX6ZVt63wC-2Fq21a-2BbzXnQytnvohM8poUZmDubpBYy78Y4xZ-2Fmgjp74A4w5MyXH1UBUEtYxmo0N8hVxnGzpHA-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180121/21d3298b/attachment.html>

From slitt at troubleshooters.com  Tue Jan 23 01:11:58 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Tue, 23 Jan 2018 03:11:58 -0500
Subject: Trent's projects
In-Reply-To: <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
Message-ID: <20180123031158.4e5e3acb@mydesk.domain.cxm>

On Sun, 21 Jan 2018 08:57:11 -0700
Aaron Jones <retro64xyz at gmail.com> wrote:

> The whole “you will be spiritually predisposed to coding” is stupid.
> No one wants a computer science person on the team because having a
> team of ten developers who can write crappy boiler plate code is
> faster than 9 shitty programmers being chased around by a good
> developer. 
> 
> I have a website I work on that has a code base that is topping
> nearly 2gb and has to load over 986MB to load just the front page. 
> 
> For what? Well we have 60+ items in composer, we have jquery, we have
> endless numbers of libraries and plugins. Sometimes we load thousands
> of lines of code to do a single action that literally might be called
> on the rarest of second tuesdays on the new moon. 

Don't blame me (a programmer without a CompSci degree) for the bad
design of your company's website. Why don't you offer to rewrite that
website from scratch, and if they say no, walk away?

And please don't call me stupid. I am spiritually predisposed to
coding. No, I never coded any huge stuff like your website, but that's
because I didn't want to be involved with quagmires like that. I did,
however, sometimes make money doing a Perl quickie so that the big gala
Java application 6 months from completion for the previous year could
continue their monument to enterprise application development without
the customers bolting and bankrupting the place. And the Java Jockeys
thanked me for providing them a working system they could use as a
model and a focus for customer questioning.

Far as I know, Steve Wosniak didn't have a Comp Sci degree, nor did
Paul Allen. I *know* you're not calling them stupid. AFAIK, Linux was
just a student when he made the Linux kernel. He was you will be
spiritually predisposed to coding a long time before his degree.

Don't get me wrong: I'd have loved to learn the stuff my buddies with
both spiritual disposition and a Comp Sci degree know: The data
structures, the algorithms, the techniques are astouding. But in a
contest between someone spiritually predisposed to coding and a Comp
Sci grad in it for the money, I'd take the predisposed guy every time.

SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

From newsletters at thetoolwiz.com  Tue Jan 23 03:02:13 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Tue, 23 Jan 2018 10:02:13 +0000 (UTC)
Subject: Trent's projects
In-Reply-To: <20180123031158.4e5e3acb@mydesk.domain.cxm>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
Message-ID: <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>

The fallacy here is that a HS dropout who’s been building homes for 30 years could build a home as nice as any Architect just a couple of years out of school.

Perhaps. It goes on all around the world every day.

All Architects can pound nails. 

But most run-of-the-mill construction workers have no clue when it comes to structural dependencies, legal codes, how to choose a foundation appropriate for the ground and terroir, etc.

You guys keep conflating human psychology and behavior with acquisition of some mythical sort of “knowledge” that’s somehow learned through osmosis over time (or even instantly).

If you put a person with a passion for flowers in charge of an event, it should not surprize anybody that there might be an overabundance of flowers present.

It doesn’t matter if that person has a BS in Biology and a Master’s in Floral Design, or just grew up loving flowers.

If you tell them, “I want LOTS of beautiful flowers at the event!” you’re more than likely to get a FLOOD of flowers.

The end result will be a LOT different than someone like me who has zero interest in flowers and floral design, and who’ll solve the problem by picking arrangements from a catalog and setting them wherever I can find a place to put them down. If people happen to like what I did, it does not make me some kind of idiot savant, nor a “better choice” than someone skilled in the art.

If someone can teach a dog to do fancy tricks, there’s a tendency for people to grant the DOG lots of smarts.

But if that person can teach ANY dog to do fancy tricks, it probably means the TEACHER is the one with the smarts, not the dogs.

Unfortunately, this situation happens way too often in the programming world, and it gets way too much traction mostly because there’s a shortage of programmers. 

I’m not saying self-taught programmers aren’t smart, or that people with formal education never over-do things.

Rather, I think this is an utterly stupid thing to be discussing.

Here’s why in a nutshell:

If you decide to invest a half-million bucks into your dream home, are you going to be more inclined to: (a) hire an Architect to design it and then a General Contractor to build it; or (b) would you just scribble some ideas on a napkin (you don’t know how to make blueprints, do you?), then assemble a team of construction workers with 20+ years of experience cutting wood and pounding nails (assuming they must know as much as any decent Architect), hand them copies of your drawing, point them at your plot of land, and say, “Call me when you’ve finished!”?

Most smart people would choose (a). 

But it seems a lot of programmers think (b) is the smarter approach to avoid "over-engineering". (Only as long as it’s somebody else’s money. But if it’s THEIR OWN half-a-mil, I’m betting they’d go with (a).)

I would assert that the (b) group isn’t as likely to “over-engineer” a solution simply because they have FEW IF ANY solid “engineering” skills in their skillset in the first place. 

The house might not look any worse for the effort once it’s finished. 

But when the first hurricane blows through or the first RS-5 earthquake hits, the house collapses. 

Well, hey, at least the house didn’t suffer from “over-engineering”, right?

-David Schwartz



> On Jan 23, 2018, at 1:11 AM, Steve Litt <slitt at troubleshooters.com> wrote:
> 
> On Sun, 21 Jan 2018 08:57:11 -0700
> Aaron Jones <retro64xyz at gmail.com> wrote:
> 
>> The whole “you will be spiritually predisposed to coding” is stupid.
>> No one wants a computer science person on the team because having a
>> team of ten developers who can write crappy boiler plate code is
>> faster than 9 shitty programmers being chased around by a good
>> developer. 
>> 
>> I have a website I work on that has a code base that is topping
>> nearly 2gb and has to load over 986MB to load just the front page. 
>> 
>> For what? Well we have 60+ items in composer, we have jquery, we have
>> endless numbers of libraries and plugins. Sometimes we load thousands
>> of lines of code to do a single action that literally might be called
>> on the rarest of second tuesdays on the new moon. 
> 
> Don't blame me (a programmer without a CompSci degree) for the bad
> design of your company's website. Why don't you offer to rewrite that
> website from scratch, and if they say no, walk away?
> 
> And please don't call me stupid. I am spiritually predisposed to
> coding. No, I never coded any huge stuff like your website, but that's
> because I didn't want to be involved with quagmires like that. I did,
> however, sometimes make money doing a Perl quickie so that the big gala
> Java application 6 months from completion for the previous year could
> continue their monument to enterprise application development without
> the customers bolting and bankrupting the place. And the Java Jockeys
> thanked me for providing them a working system they could use as a
> model and a focus for customer questioning.
> 
> Far as I know, Steve Wosniak didn't have a Comp Sci degree, nor did
> Paul Allen. I *know* you're not calling them stupid. AFAIK, Linux was
> just a student when he made the Linux kernel. He was you will be
> spiritually predisposed to coding a long time before his degree.
> 
> Don't get me wrong: I'd have loved to learn the stuff my buddies with
> both spiritual disposition and a Comp Sci degree know: The data
> structures, the algorithms, the techniques are astouding. But in a
> contest between someone spiritually predisposed to coding and a Comp
> Sci grad in it for the money, I'd take the predisposed guy every time.
> 
> SteveT
> 
> Steve Litt
> January 2018 featured book: Troubleshooting: Why Bother?
> https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUb2P5Oq3MDnedSozkCrM5330ZLpaRgHiveIlA4KoFuHj_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLvTV6kRuVjnt0UhpzvbmCxCortMXj1VLlBDxpphKj1-2B354t8RrQdrF8dWtshGUAvc3LV59UcmAjRylqV-2B-2BFA1Q-2Fkzu0jd2D6swkVo7tchD5-2Fo4u4XUnaGLC4KvlfcGwH-2Ba4d4RnQTlVRKV-2FEU-2B33Niw-3D
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLkAaglna4Ozub4qZvPJp1HHAaOkV0llTwAh-2Fb43-2BlU0BWK23DEvsUhZHlD42oRoAEwM5MzUViL8u1XCSFzdlKWXdz9sP5bkJ6SzUT76-2Bllu6BR9KiI79NoSslnvfrz6DyEaRPKLENtS3Rl-2F63WAhfRI-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/e68efe5f/attachment.html>

From cryptworks at gmail.com  Tue Jan 23 07:11:32 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Tue, 23 Jan 2018 07:11:32 -0700
Subject: Trent's projects
In-Reply-To: <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
Message-ID: <CACS_G9wVWwTLknaGD1sKZ8hBTY_C1sxQ2q5QjiLiFKAXOQ+_jQ@mail.gmail.com>

​​
I see benefits of education and raw experience. And in the end, it will
depend on the individual and their drive to improve and learn.  do not
learn well in a classroom setting. but give me some research sources and a
problem to solve I will figure it out and be able to set it up and work
properly. I prefer It because coding for me is about as fun as watching
paint dry, and I was never into chip design and manufacture. When I was
considering an education those WERE my only options. neither seemed to make
sense in the end for what I wanted to do wich, was IT. By then I had been
using computers for a decade as a kid and figuring them out and I moved
into a support role that let me learn more and have made steps for
improvement since. And while I understand the rules to code and how to
gather the resources to do so I still hold off if I can because it is not
my passion or interest and I really only get into it when I am trying to
compile someone else's code for some purpose or adjusting a script for my
needs.

There are two things I have learned in the last 20+ years of working in IT
and technology.

Schooling is best for people who have no idea where to start in an industry
they have interest in. And there are some roles that strongly benefit from
a degree, and others that I feel require a degree. There are other roles
that lend themselves better to on the job training with supplementary
education (certification courses and the like).

But in the end, it really depends on the Individual, what they want to do,
and how they learn. No amount of experience or education will matter in
this.

PS this was a great discussion until we started getting personal and snide
to each other.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/cc8c4f3c/attachment.html>

From Rusty.Carruth at smartm.com  Tue Jan 23 08:52:31 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Tue, 23 Jan 2018 15:52:31 +0000
Subject: Trent's projects
In-Reply-To: <CACS_G9wVWwTLknaGD1sKZ8hBTY_C1sxQ2q5QjiLiFKAXOQ+_jQ@mail.gmail.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <CACS_G9wVWwTLknaGD1sKZ8hBTY_C1sxQ2q5QjiLiFKAXOQ+_jQ@mail.gmail.com>
Message-ID: <CO2PR04MB231167D44A8FEC56932B12069DE30@CO2PR04MB2311.namprd04.prod.outlook.com>

I’d like to gently disagree with this one statement, leaving the rest for others to worry about:

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Stephen Partington
Sent: Tuesday, January 23, 2018 7:12 AM
To: Main PLUG discussion list
Subject: Re: Trent's projects

​​….

Schooling is best for people who have no idea where to start in an industry they have interest in. And there are some roles that strongly benefit from a degree, and others that I feel require a degree. There are other roles that lend themselves better to on the job training with supplementary education (certification courses and the like).
…

First, a bit about me.

I was recently told ‘oh, just shut it off’.  They were referring to the fact that I’m always thinking, always problem solving.  They thought that was something I could turn off.  No, that’s something I am, not something I do.  So, I did all I could, which was keep it to myself.

When I started high school, I had my career all figured out – I was going in to electronics.  So, I took the most advanced electronics class they had in my high school.  (Now, by this time I’d already built a heathkit oscilloscope and other such things, so this class was… well, not very helpful)

I realized pretty quickly into the year that I needed to do other things to prepare myself for my career in electronics.  At that time, I was NOT interested in math, and in fact nobody in my math class would have considered me as a person to ask for help.

Well, I realized I needed to know math, so started to pay attention and such.  Ended up liking it.  Took ‘math analysis’ as a senior, which was an honors class.  Needed to do a project to get the honors grade, so I decided I’d write a program to do electronic music (ok, now remember this was, what 45 years ago?).  My teacher probably laughed at me for thinking I was going to do that…  Anyway, I didn’t even start on writing a program, but somehow that launched me into a deep interest in software development.

After that, I ended up at ASU in the math track for software.  (Long-ish story, won’t run down that rabbit trail today)

The first year, I took FORTRAN.  I already knew FORTRAN, so I taught myself C.

Guess what the next year was?  Yeah, C.  (Ok, the names may not be right, but the concept is true)  So I learned something else  (Might have been security hacking, don’t remember that’s too long ago)

A lot of what I learned was useful along the lines of what others have said – giving you a knowledge base of stuff to choose from (or even just a wider view?)  Much faster than I’d have gotten by flailing around on my own.

So not sure of my point any more.  Perhaps I’m saying that, for me, ‘schooling’ was (at least partly) about learning as much about my area of interest as possible as quickly as possible, and as a side benefit, getting that piece of paper (diploma) that would open up many possible positions (I’m amazed at how many places require a degree, even if you’ve been working 40 years in the field)..

(As it ended up, my primary interest areas were near-real-time and hardware/software interfacing.  Often on the same project ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/1a4f4b8e/attachment.html>

From andrewmcrobb at gmail.com  Tue Jan 23 09:19:54 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Tue, 23 Jan 2018 09:19:54 -0700
Subject: Computer Freezes When Waking Up [Linux Mint 18.3]
In-Reply-To: <CADWnDsuhFzaw_BrRGhnMWs8rVehAWmBKZLK84nv=p38UTuJrgA@mail.gmail.com>
References: <CAH1v-qgrqELeBOfmzNbVPu6kNv0+Dpoe59Sf05+bCnNHFsZ_bQ@mail.gmail.com>
 <CADWnDsuhFzaw_BrRGhnMWs8rVehAWmBKZLK84nv=p38UTuJrgA@mail.gmail.com>
Message-ID: <CAH1v-qiW9DRBJtz1kv_51OT0d2o6mjdsGGsRkMpPbM4_KmDOwA@mail.gmail.com>

Sorry for the delay. Haven't had time to sit down even... Anyway, seems
like they just pushed up some updates to the kernel and microcode. -- I'll
apply the updates now and post back, I've also noticed some other minor
things got borked now and then. Such as terminal not wanting to open (rare
times), and my Slack client unable to start anymore. -- I suppose that's
what I get for not waiting till the end of the month to apply updates. -___-

My computer isn't using legacy, and is custom built. So ACPI may sound like
the problem w/ the newer kernal. Worst case I'll see if disabling it would
solve my problem.

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Sun, Jan 21, 2018 at 12:24 PM, Michael Butash <michael at butash.net> wrote:

> Sounds like an acpi bug in the bios, or kernel toward your bios - see if
> there's an update for it.  Anytime I've had suspend issues, it's almost
> always a bios thing, particularly in Dell, or or kernel folks begrudgingly
> write an exception to deal with popular, crappy hardware.
>
> This issue single-handed holds back linux in general on laptop hardware as
> every laptop is different, where the vendors usually write crappy windoze
> code and drivers to work around their poor, non-standard bios'.
>
> If you're using grub/legacy bios, might try EFI if it supports it.  Not
> sure how much will follow through and plague you, but might prove better,
> or at least more standard these days.  Dell is at least one that actually
> *does* consider linux vs. the lenovo, toshiba, and hp's that still pretend
> no one uses linux desktops.
>
> -mb
>
> On Sun, Jan 21, 2018 at 10:55 AM, Andrew McRobb <andrewmcrobb at gmail.com>
> wrote:
>
>> Hi everyone,
>>
>> I recently upgraded my kernel to ver *4.13.0-26*, and updated my Intel
>> Microcode for the latest security fixes (*3.20180108.0~ubuntu16.04.2*)
>> w/ some other updates revolving my Mint installation. It started happening
>> once after everything was upgraded. All my software seems to be working
>> fine after the updates. Virtualbox, Docker, FireFox, etc... For whatever
>> reason when my machine goes to sleep, and I attempt to wake it up. It
>> literally freezes on a frame of my applications reappearing (fadded) w/ the
>> desktop wallpaper behind them.
>>
>> Has anyone had anything like this happen to them? -- I disabled the power
>> saving option to avoid this at the moment.
>>
>> *Specs*
>> *Linux Mint:* 18.3 64x
>> *uname -a:* Linux andrew-desktop 4.13.0-26-generic #29~16.04.2-Ubuntu
>> SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>>
>>
>>
>> Andrew McRobb
>> Full-time Software Developer
>> Part-time Freelancer
>> mcrobb.info
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/972f35cc/attachment.html>

From cryptworks at gmail.com  Tue Jan 23 09:19:40 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Tue, 23 Jan 2018 09:19:40 -0700
Subject: Trent's projects
In-Reply-To: <CO2PR04MB231167D44A8FEC56932B12069DE30@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <CACS_G9wVWwTLknaGD1sKZ8hBTY_C1sxQ2q5QjiLiFKAXOQ+_jQ@mail.gmail.com>
 <CO2PR04MB231167D44A8FEC56932B12069DE30@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <CACS_G9wetMKw68PTnXLm-X_cWJMauoVXniRKj2EWd9Ko0LZuPw@mail.gmail.com>

This to me suggests a exception to the norm. not a baseline for most.

On Tue, Jan 23, 2018 at 8:52 AM, Carruth, Rusty <Rusty.Carruth at smartm.com>
wrote:

> I’d like to gently disagree with this one statement, leaving the rest for
> others to worry about:
>
>
>
> *From:* PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] *On
> Behalf Of *Stephen Partington
> *Sent:* Tuesday, January 23, 2018 7:12 AM
> *To:* Main PLUG discussion list
> *Subject:* Re: Trent's projects
>
>
>
> ​​….
>
>
>
> Schooling is best for people who have no idea where to start in an
> industry they have interest in. And there are some roles that strongly
> benefit from a degree, and others that I feel require a degree. There are
> other roles that lend themselves better to on the job training with
> supplementary education (certification courses and the like).
>
> …
>
>
>
> First, a bit about me.
>
>
>
> I was recently told ‘oh, just shut it off’.  They were referring to the
> fact that I’m always thinking, always problem solving.  They thought that
> was something I could turn off.  No, that’s something I am, not something I
> do.  So, I did all I could, which was keep it to myself.
>
>
>
> When I started high school, I had my career all figured out – I was going
> in to electronics.  So, I took the most advanced electronics class they had
> in my high school.  (Now, by this time I’d already built a heathkit
> oscilloscope and other such things, so this class was… well, not very
> helpful)
>
>
>
> I realized pretty quickly into the year that I needed to do other things
> to prepare myself for my career in electronics.  At that time, I was NOT
> interested in math, and in fact nobody in my math class would have
> considered me as a person to ask for help.
>
>
>
> Well, I realized I needed to know math, so started to pay attention and
> such.  Ended up liking it.  Took ‘math analysis’ as a senior, which was an
> honors class.  Needed to do a project to get the honors grade, so I decided
> I’d write a program to do electronic music (ok, now remember this was, what
> 45 years ago?).  My teacher probably laughed at me for thinking I was going
> to do that…  Anyway, I didn’t even start on writing a program, but somehow
> that launched me into a deep interest in software development.
>
>
>
> After that, I ended up at ASU in the math track for software.  (Long-ish
> story, won’t run down that rabbit trail today)
>
>
>
> The first year, I took FORTRAN.  I already knew FORTRAN, so I taught
> myself C.
>
>
>
> Guess what the next year was?  Yeah, C.  (Ok, the names may not be right,
> but the concept is true)  So I learned something else  (Might have been
> security hacking, don’t remember that’s too long ago)
>
>
>
> A lot of what I learned was useful along the lines of what others have
> said – giving you a knowledge base of stuff to choose from (or even just a
> wider view?)  Much faster than I’d have gotten by flailing around on my own.
>
>
>
> So not sure of my point any more.  Perhaps I’m saying that, for me,
> ‘schooling’ was (at least partly) about learning as much about my area of
> interest as possible as quickly as possible, and as a side benefit, getting
> that piece of paper (diploma) that would open up many possible positions
> (I’m amazed at how many places require a degree, even if you’ve been
> working 40 years in the field)..
>
>
>
> (As it ended up, my primary interest areas were near-real-time and
> hardware/software interfacing.  Often on the same project ;-)
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/4eecfec5/attachment.html>

From techlists at phpcoderusa.com  Tue Jan 23 09:35:34 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Tue, 23 Jan 2018 09:35:34 -0700
Subject: Trent's projects
In-Reply-To: <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
Message-ID: <34468b09636851871c3f72d3bb83f58a@phpcoderusa.com>

Interesting premise David.  Most intriguing.  Basically what I take away
from your position is that without CS training one will be less capable
as a programmer. I can see your point and I have to ask, what about the
person who is a business programmer.  What about the xBase developers of
last century? Would they be better developers if they had a CS degree?
Or is good enough good enough? 

My father was in sheet metal.  He was also in the union.  He often spoke
of the changes in how skilled labor was becoming unskilled labor.  When
he started in the 50's he was an apprentice for 4 years and had to learn
all things sheet metal. He said things had changed to the point where
someone with little training was taught to do only part of the trade and
was limited in what they could do. 

In my lifetime I watched a man deliver milk to my house.  He made a
living doing so.  Today you have to buy your own milk and transport it
home.  I also recall men delivering ice for the old iceboxes.  Yes I am
old.... 

Until recently I had not thought about the CS / non-CS developer.  I
have however thought a lot about natural raw talent and how much of that
I might have.  I was introduced to the hedgehog concept about 15 years
ago -
http://99u.com/workbook/35591/find-your-hedgehog-youll-find-your-purpose
The concept is that each of us has at least one natural talent that
makes us predisposed to being rather good at that one or two things.  

When others ask me about becoming a programmer I refer them to the
hedgehog concept and ask them to determine if programming is really for
them.   

I know for certain what I was genetically encoded to do and I think it
is a good idea for each of us to explore the hedgehog concept to
determine what we are genetically encoded to do.     

As for bloated code and websites and how much code must be processed,
that is here to stay.  That is a modern reality.  I like writing code on
the iron.  It is fast and uses limited resources.  That is not the
reality of today's PHP programmer.  Drupal, Joomla, and Magento are
resource hogs.  Magento 2 is especially a resource hog.  I am seeing a
trend of  specialized hosting houses that specialize in just one web
app. These arrangements are expensive, on the order of $500 to $750 a
month to host one web app.  However from a business perspective it is a
great deal.  Let me explain.  In Drupal or Magento one who has the
knowledge of the particular webapp can modify the behavior of the app in
a fraction of the time it takes to modify raw code that is right on the
iron. So you load more code and spend more money to do so while spending
less on development.  That is the trade off.  

With modern hardware that includes powerful CPU's with lots of cores,
cheap RAM so you can have a lot for little, and SSD that make everything
fast we can make that trade off where the web app is hungry and still
have great performance.  

I think David makes a good point that better training in the hands of
the capable, predisposed developer makes for an optimized developer. 
The other question is - is good enough, good enough?  I had a friend who
received an MIS degree (Not as CS degree).  The MIS degree required 21
units of programming classes, and two of those were analysis and design.
 That is 5 programming classes plus the analysis and design classes.  My
friend went to work for Arthur Andersen as a COBOL programmer.  They
gave him 6 weeks of classroom training before he was assign to a team to
start programming. 

The question is was his training good enough for what Arthur Andersen
wanted him to do?

On 2018-01-23 03:02, David Schwartz wrote:

> The fallacy here is that a HS dropout who's been building homes for 30 years could build a home as nice as any Architect just a couple of years out of school. 
> 
> Perhaps. It goes on all around the world every day. 
> 
> All Architects can pound nails. 
> 
> But most run-of-the-mill construction workers have no clue when it comes to structural dependencies, legal codes, how to choose a foundation appropriate for the ground and terroir, etc. 
> 
> You guys keep conflating human psychology and behavior with acquisition of some mythical sort of "knowledge" that's somehow learned through osmosis over time (or even instantly). 
> 
> If you put a person with a passion for flowers in charge of an event, it should not surprize anybody that there might be an overabundance of flowers present. 
> 
> It doesn't matter if that person has a BS in Biology and a Master's in Floral Design, or just grew up loving flowers. 
> 
> If you tell them, "I want LOTS of beautiful flowers at the event!" you're more than likely to get a FLOOD of flowers. 
> 
> The end result will be a LOT different than someone like me who has zero interest in flowers and floral design, and who'll solve the problem by picking arrangements from a catalog and setting them wherever I can find a place to put them down. If people happen to like what I did, it does not make me some kind of idiot savant, nor a "better choice" than someone skilled in the art. 
> 
> If someone can teach a dog to do fancy tricks, there's a tendency for people to grant the DOG lots of smarts. 
> 
> But if that person can teach ANY dog to do fancy tricks, it probably means the TEACHER is the one with the smarts, not the dogs. 
> 
> Unfortunately, this situation happens way too often in the programming world, and it gets way too much traction mostly because there's a shortage of programmers. 
> 
> I'm not saying self-taught programmers aren't smart, or that people with formal education never over-do things. 
> 
> Rather, I think this is an utterly stupid thing to be discussing. 
> 
> Here's why in a nutshell: 
> 
> If you decide to invest a half-million bucks into your dream home, are you going to be more inclined to: (a) hire an Architect to design it and then a General Contractor to build it; or (b) would you just scribble some ideas on a napkin (you don't know how to make blueprints, do you?), then assemble a team of construction workers with 20+ years of experience cutting wood and pounding nails (assuming they must know as much as any decent Architect), hand them copies of your drawing, point them at your plot of land, and say, "Call me when you've finished!"? 
> 
> Most smart people would choose (a). 
> 
> But it seems a lot of programmers think (b) is the smarter approach to avoid "over-engineering". (Only as long as it's somebody else's money. But if it's THEIR OWN half-a-mil, I'm betting they'd go with (a).) 
> 
> I would assert that the (b) group isn't as likely to "over-engineer" a solution simply because they have FEW IF ANY solid "engineering" skills in their skillset in the first place. 
> 
> The house might not look any worse for the effort once it's finished. 
> 
> But when the first hurricane blows through or the first RS-5 earthquake hits, the house collapses. 
> 
> Well, hey, at least the house didn't suffer from "over-engineering", right? 
> 
> -David Schwartz 
> 
> On Jan 23, 2018, at 1:11 AM, Steve Litt <slitt at troubleshooters.com> wrote: 
> 
> On Sun, 21 Jan 2018 08:57:11 -0700 Aaron Jones <retro64xyz at gmail.com> wrote: 
> 
> The whole "you will be spiritually predisposed to coding" is stupid. No one wants a computer science person on the team because having a team of ten developers who can write crappy boiler plate code is faster than 9 shitty programmers being chased around by a good developer. 
> 
> I have a website I work on that has a code base that is topping nearly 2gb and has to load over 986MB to load just the front page. 
> 
> For what? Well we have 60+ items in composer, we have jquery, we have endless numbers of libraries and plugins. Sometimes we load thousands of lines of code to do a single action that literally might be called on the rarest of second tuesdays on the new moon. 
> 
> Don't blame me (a programmer without a CompSci degree) for the bad design of your company's website. Why don't you offer to rewrite that website from scratch, and if they say no, walk away? 
> 
> And please don't call me stupid. I am spiritually predisposed to coding. No, I never coded any huge stuff like your website, but that's because I didn't want to be involved with quagmires like that. I did, however, sometimes make money doing a Perl quickie so that the big gala Java application 6 months from completion for the previous year could continue their monument to enterprise application development without the customers bolting and bankrupting the place. And the Java Jockeys thanked me for providing them a working system they could use as a model and a focus for customer questioning. 
> 
> Far as I know, Steve Wosniak didn't have a Comp Sci degree, nor did Paul Allen. I KNOW you're not calling them stupid. AFAIK, Linux was just a student when he made the Linux kernel. He was you will be spiritually predisposed to coding a long time before his degree. 
> 
> Don't get me wrong: I'd have loved to learn the stuff my buddies with both spiritual disposition and a Comp Sci degree know: The data structures, the algorithms, the techniques are astouding. But in a contest between someone spiritually predisposed to coding and a Comp Sci grad in it for the money, I'd take the predisposed guy every time. 
> 
> SteveT 
> 
> Steve Litt January 2018 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb [1] --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1]
https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUb2P5Oq3MDnedSozkCrM5330ZLpaRgHiveIlA4KoFuHj_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLrrMdUXuTjZe7ZynYY1WI1C9JPZEagh7CSgLabUfdZsA7b1FD2uoKSsIlgEIcmmF3CCwGA4Qx3e6VrWZsmrWtUe8R1fMI-2F6T8qyGQEtH5hojFK82Pa7uJFtMKQynwBo5vZucYpeth6q0rEjdxQ2Rojg-3D
[2]
https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLiakQVA3mlgpvrOEMaT2mCztCiXXnFYMNKSwktvU6IgaQCYVRlUejArboKJBvtPOS-2FypMeRSCa8fUEqgJJvIPAxunUR-2FtFP9Orxy8PsTlYdWKCYVb0vELhNfswZloHgUjWkTXTWksaZH8G5abL7oMEM-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/9f39ecc5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/9f39ecc5/attachment.gif>

From michael at butash.net  Tue Jan 23 10:25:38 2018
From: michael at butash.net (Michael Butash)
Date: Tue, 23 Jan 2018 10:25:38 -0700
Subject: Computer Freezes When Waking Up [Linux Mint 18.3]
In-Reply-To: <CAH1v-qiW9DRBJtz1kv_51OT0d2o6mjdsGGsRkMpPbM4_KmDOwA@mail.gmail.com>
References: <CAH1v-qgrqELeBOfmzNbVPu6kNv0+Dpoe59Sf05+bCnNHFsZ_bQ@mail.gmail.com>
 <CADWnDsuhFzaw_BrRGhnMWs8rVehAWmBKZLK84nv=p38UTuJrgA@mail.gmail.com>
 <CAH1v-qiW9DRBJtz1kv_51OT0d2o6mjdsGGsRkMpPbM4_KmDOwA@mail.gmail.com>
Message-ID: <CADWnDsssgt8zfnjX5jTvi2eXMFEHZRBVrPuoF49czhPXUKiusA@mail.gmail.com>

Old days I'd normally say disabling ACPI to force older APM function as a
*solution*, but I think doing so you'll loose a lot of power management
features the kernel needs these days probably expects for modern hardware
to keep it sustainable for use.  I can see power usage being a problem
without s-states and such (gpu switching, dynamic cpu throttling) long term
when your battery only lasts a half hour.

I've been fighting this some with my dell laptop trying to use a
thunderbolt/usb-c dock, trying to find a perfect "working" combo of crappy
dell bios firmware vs. dock firmware vs. kernel vs. kernel microcode vs.
gpu driver vs. crappy usb ethernet in the dock that none want to play
nicely with each other from release to release.  Dell fixes bios/dock
firmware, kernel fixes something, breaks one of the others, gpu is
dependent on older kernels and break things with newer, mutate pattern for
next bios/firmware release, round and round...

Needless to say, I just wish they'd figure this out after 20 fscking years
of laptop atrocities in power management from like, every vendor,
constantly.  This doesn't seem it should be that hard.

-mb

On Tue, Jan 23, 2018 at 9:19 AM, Andrew McRobb <andrewmcrobb at gmail.com>
wrote:

> Sorry for the delay. Haven't had time to sit down even... Anyway, seems
> like they just pushed up some updates to the kernel and microcode. -- I'll
> apply the updates now and post back, I've also noticed some other minor
> things got borked now and then. Such as terminal not wanting to open (rare
> times), and my Slack client unable to start anymore. -- I suppose that's
> what I get for not waiting till the end of the month to apply updates. -___-
>
> My computer isn't using legacy, and is custom built. So ACPI may sound
> like the problem w/ the newer kernal. Worst case I'll see if disabling it
> would solve my problem.
>
> Andrew McRobb
> Full-time Software Developer
> Part-time Freelancer
> mcrobb.info
>
> On Sun, Jan 21, 2018 at 12:24 PM, Michael Butash <michael at butash.net>
> wrote:
>
>> Sounds like an acpi bug in the bios, or kernel toward your bios - see if
>> there's an update for it.  Anytime I've had suspend issues, it's almost
>> always a bios thing, particularly in Dell, or or kernel folks begrudgingly
>> write an exception to deal with popular, crappy hardware.
>>
>> This issue single-handed holds back linux in general on laptop hardware
>> as every laptop is different, where the vendors usually write crappy
>> windoze code and drivers to work around their poor, non-standard bios'.
>>
>> If you're using grub/legacy bios, might try EFI if it supports it.  Not
>> sure how much will follow through and plague you, but might prove better,
>> or at least more standard these days.  Dell is at least one that actually
>> *does* consider linux vs. the lenovo, toshiba, and hp's that still pretend
>> no one uses linux desktops.
>>
>> -mb
>>
>> On Sun, Jan 21, 2018 at 10:55 AM, Andrew McRobb <andrewmcrobb at gmail.com>
>> wrote:
>>
>>> Hi everyone,
>>>
>>> I recently upgraded my kernel to ver *4.13.0-26*, and updated my Intel
>>> Microcode for the latest security fixes (*3.20180108.0~ubuntu16.04.2*)
>>> w/ some other updates revolving my Mint installation. It started happening
>>> once after everything was upgraded. All my software seems to be working
>>> fine after the updates. Virtualbox, Docker, FireFox, etc... For whatever
>>> reason when my machine goes to sleep, and I attempt to wake it up. It
>>> literally freezes on a frame of my applications reappearing (fadded) w/ the
>>> desktop wallpaper behind them.
>>>
>>> Has anyone had anything like this happen to them? -- I disabled the
>>> power saving option to avoid this at the moment.
>>>
>>> *Specs*
>>> *Linux Mint:* 18.3 64x
>>> *uname -a:* Linux andrew-desktop 4.13.0-26-generic #29~16.04.2-Ubuntu
>>> SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>>
>>>
>>> Andrew McRobb
>>> Full-time Software Developer
>>> Part-time Freelancer
>>> mcrobb.info
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/8973a544/attachment.html>

From slitt at troubleshooters.com  Tue Jan 23 11:07:06 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Tue, 23 Jan 2018 13:07:06 -0500
Subject: Trent's projects
In-Reply-To: <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
Message-ID: <20180123130706.5e3551e2@mydesk.domain.cxm>

On Tue, 23 Jan 2018 10:02:13 +0000 (UTC)
David Schwartz <newsletters at thetoolwiz.com> wrote:

> The fallacy here is that a HS dropout who’s been building homes for
> 30 years could build a home as nice as any Architect just a couple of
> years out of school.

That's not the fallacy. Nobody said anything about high school
dropouts. What was being discussed were people who love to code. My
experience tells me most of these people are college grads, although
non Comp-Sci degrees. For whatever reason, a lot seem to ride bicycles
and/or play musical instruments. I've known only one HS dropout who was
a programmer. The comparison here is NOT between average HS dropouts
and people with relevant engineering degrees.

The other thing is, a software product is a very different thing than a
building.

[snip]
> 
> But most run-of-the-mill construction workers have no clue when it
> comes to structural dependencies, legal codes, how to choose a
> foundation appropriate for the ground and terroir, etc.

When I was an electrician's helper, I was busy learning the codes. And
the journeymen I helped sure nuf knew the national and local codes. But
that's not even the issue. The issue is, the set of buildings resemble
each other an order of magnitude or so more than the set of computer
programs. There are no equations for a foundation: There's no
foundation in a computer program: They're not made of concrete.

IIRC there are about 13 security rules you need to follow if your code
is heavily exposed on the net. Most are fairly obvious: Sanitize all
user input, set all pointers on declaration, prevent arrays from
overrunning their bounds, don't try to access out of scope variables.
One doesn't need a college degree to know and understand these rules.

> 
> You guys keep conflating human psychology and behavior with
> acquisition of some mythical sort of “knowledge” that’s somehow
> learned through osmosis over time (or even instantly).

I haven't seen anyone in this thread make such a conflation. What *has*
been said is that people who really like to code code, and that very
soon in their career they read books, read websites, read other peoples'
code, engage in discussions, to gain their knowledge. There's nothing
mythical about it, and it's done by extreme interest and putting in the
time, not by osmosis.

=-=-=

I'd like to return to the concept of "run of the mill construction
workers", specifically, the "run of the mill" part. Let's discuss "run
of the mill" Comp-Sci grads, because as a rule they're not like the
people on this list.

Once I advertised a position as my assistant programming a substantial
part of a medical management package. Entry level: I'd teach em. We got
several Comp-Sci grads from UCLA, and also several students and recent
Associate Degree folks from Santa Monica Community College. I gave them
all the exact same test: Pseudo-code a program to take an input file,
capitalize all characters, and output to an output file. You have 1/2
hour.

About 1/2 of the Santa Monica College people substantially completed
the test within a half hour. Exactly one UCLA comp-sci grad
substantially completed the test. Most of the UCLA grads bogged down
after 2 or 3 lines of pseudocode.

In the interviews, the UCLA people glibly buzzworded, enumerated the
languages they knew, and boasted of writing compilers. But when asked
to deliver, they couldn't produce a bare bones proof of concept of the
algorithm basic to most back end processing. These were run of the mill
comp-sci grads.

Let's leave run of the mill people out of the discussion. Folks who
love to code self-select themselves out of the run of the mill category.

SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

From Rusty.Carruth at smartm.com  Tue Jan 23 11:24:30 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Tue, 23 Jan 2018 18:24:30 +0000
Subject: Trent's projects
In-Reply-To: <20180123130706.5e3551e2@mydesk.domain.cxm>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <20180123130706.5e3551e2@mydesk.domain.cxm>
Message-ID: <CO2PR04MB2311C2F646B5BEAF67E38C209DE30@CO2PR04MB2311.namprd04.prod.outlook.com>

Wow!  That's all I have to say.  Well, ok, no I'll say a bit more.



-----Original Message-----
From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Steve Litt

Snip/chop/mangle/spindle/fold/mutilate/...

> I'd like to return to the concept of "run of the mill construction
> workers", specifically, the "run of the mill" part. Let's discuss "run
> of the mill" Comp-Sci grads, because as a rule they're not like the
> people on this list.

You're probably right there...

> Once I advertised a position as my assistant programming a substantial
> part of a medical management package. Entry level: I'd teach em. We got
> several Comp-Sci grads from UCLA, and also several students and recent
> Associate Degree folks from Santa Monica Community College. I gave them
> all the exact same test: Pseudo-code a program to take an input file,
> capitalize all characters, and output to an output file. You have 1/2
> hour.

They needed half an hour????  Really???  Goodness!!!!  (pick my mouth up off the floor!)

Read a line. 
For each character in line 
   if char is lowercase make uppercase; 
   print char;
print ""
repeat until eof

15 seconds - ok, maybe 30 since I went back and reformatted it to be prettier.  Take 30 seconds to a minute, maybe 2, if you want something closer to a real programming language (like, an actual test - of course, I'd probably just use 'toupper' on every character and be done with it!)

Ok, yes, I've been doing software for, what, 40 years?  But, half an hour????  AAHHHH (runs screaming from building! :-)

After writing the following, even with the elapsed time, I'm STILL shocked about someone needing half an hour.  Wow.

> About 1/2 of the Santa Monica College people substantially completed
> the test within a half hour. Exactly one UCLA comp-sci grad
> substantially completed the test. Most of the UCLA grads bogged down
> after 2 or 3 lines of pseudocode.

> In the interviews, the UCLA people glibly buzzworded, enumerated the
> languages they knew, and boasted of writing compilers. But when asked
> to deliver, they couldn't produce a bare bones proof of concept of the
> algorithm basic to most back end processing. These were run of the mill
> comp-sci grads.

I probably shouldn't mention it, but I know of a person who admitted to me that he.. um.. PADS his resume.  He knows how to spell something, so he's close enough to knowing it.  (OK, that's not exactly what he said or how he implemented it, but close enough).  Good thing for him I didn't know that before he got hired...

For the record, NO, most people don't pad their resume.  OR, if they do, you don't want them working for/with you.

(As an aside - don't do that.  Once a person learns that your resume cannot be trusted, they will let hiring managers know that your resume isn't trustworthy - and in fact most of the people who know you know that and will NOT be an asset to you when you try to get a job where they work.  Saw that happen...)

> Let's leave run of the mill people out of the discussion. Folks who
> love to code self-select themselves out of the run of the mill category.

This is something I'm realizing as I get older.  The folks that I thought were 'normal' were actually probably in the top 10% (or better).  And they were almost all in the 'self-select' category...  (to be honest,  I can't think of a single 'normal' person who belongs in the 'exceptional' group who WASN'T in the self-select group...)



From slitt at troubleshooters.com  Tue Jan 23 12:00:48 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Tue, 23 Jan 2018 14:00:48 -0500
Subject: Trent's projects
In-Reply-To: <CO2PR04MB2311C2F646B5BEAF67E38C209DE30@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <20180123130706.5e3551e2@mydesk.domain.cxm>
 <CO2PR04MB2311C2F646B5BEAF67E38C209DE30@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <20180123140048.02dcf097@mydesk.domain.cxm>

On Tue, 23 Jan 2018 18:24:30 +0000
"Carruth, Rusty" <Rusty.Carruth at smartm.com> wrote:


> > Once I advertised a position as my assistant programming a
> > substantial part of a medical management package. Entry level: I'd
> > teach em. We got several Comp-Sci grads from UCLA, and also several
> > students and recent Associate Degree folks from Santa Monica
> > Community College. I gave them all the exact same test: Pseudo-code
> > a program to take an input file, capitalize all characters, and
> > output to an output file. You have 1/2 hour.  
> 
> They needed half an hour????  Really???  Goodness!!!!  (pick my mouth
> up off the floor!)
> 
> Read a line. 
> For each character in line 
>    if char is lowercase make uppercase; 
>    print char;
> print ""
> repeat until eof

LOL, well, you needed to open the input file and create the output file
at the beginning, and close both files at the end, but yeah, that's
it. .

> 15 seconds - ok, maybe 30 since I went back and reformatted it to be
> prettier.  Take 30 seconds to a minute, maybe 2, if you want
> something closer to a real programming language (like, an actual test
> - of course, I'd probably just use 'toupper' on every character and
> be done with it!)
> 
> Ok, yes, I've been doing software for, what, 40 years?  But, half an
> hour????  AAHHHH (runs screaming from building! :-)

I chose 1/2 hour as an amount of time in which any fool could figure
out how to write the program. I was more concerned with ability to
think things through than quickness, so I gave them a ridiculously long
time limit. Little did I know :-)

The first 2 or 3 who failed to get it done in 30 minutes, I figured,
well, they're stupid fakers. But as more and more results confirmed the
first ones, I had to change my mind on the capabilities of people who
would apply for an entry level programming position. As I remember, the
quickest solution was 20 minutes, by a UCLA grad who *wasn't* "run of
the mill", I offered her the job almost instantly, but she rejected the
minute salary I offered.

SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

From trent.shipley at gmail.com  Tue Jan 23 18:39:17 2018
From: trent.shipley at gmail.com (trent shipley)
Date: Wed, 24 Jan 2018 01:39:17 +0000
Subject: Learning to compile
Message-ID: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>

Since my other thread degenerated into a "school bad, school good" flame
war, I thought I would try again.

I have little academic OR practical background with programming.

I want to write a couple of compilers.

The compilers are for functional languages.

I would PREFER to write the compilers with functional languages (1, a
Haskell to JVM compiler mostly in Haskell with with some Java, 2,
Funcalc--a pedagogical spreadsheet in Kotlin.)

I'm pretty good at learning computer languages, and so far teaching myself
Haskell has failed to produce insurmountable obstacles.

But programming compilers is supposed to be HARD, and very much indebted to
theory (as in, things they DO teach in school).

I have no money for school, (and whether school produces better coders or
not, I LIKE school, but that's irrelevant due to the money problem.)

Is it possible to teach yourself to write compilers in an imperative
language? If so how?
Having learned to write compilers with imperative languages, how do you
convert to writing compilers in functional languages (for example, given
Haskell [thought by many to be hard], writing lexer-parser-compilers is
considered easy)?


Regards,


Trent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/6d6c422f/attachment.html>

From mylinux at cox.net  Tue Jan 23 19:14:32 2018
From: mylinux at cox.net (mike enriquez)
Date: Tue, 23 Jan 2018 19:14:32 -0700
Subject: test
Message-ID: <b7980c1f-18f8-df92-d0a7-b4587e6ac4ed@cox.net>

This is a test please pay no attention to this.


From daniel at genericinbox.com  Tue Jan 23 20:17:52 2018
From: daniel at genericinbox.com (Daniel Stasinski)
Date: Tue, 23 Jan 2018 20:17:52 -0700
Subject: Learning to compile
In-Reply-To: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
Message-ID: <CAL_oeF3HgUJw6UWDTpPf0ek1MB8ThiZJxy6Tv8XJdcbcrefpYQ@mail.gmail.com>

On Tue, Jan 23, 2018 at 6:39 PM, trent shipley <trent.shipley at gmail.com>
wrote:

> Is it possible to teach yourself to write compilers in an imperative
> language? If so how?
> Having learned to write compilers with imperative languages, how do you
> convert to writing compilers in functional languages (for example, given
> Haskell [thought by many to be hard], writing lexer-parser-compilers is
> considered easy)?
>

That is exactly how the TIny C Compiler project was started...
https://bellard.org/tcc/

*Daniel P. Stasinski*
daniel at GenericInbox.com
I 💛✞
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180123/0171cea9/attachment.html>

From mailinglists at mattcrews.com  Wed Jan 24 06:21:45 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 24 Jan 2018 08:21:45 -0500
Subject: test
In-Reply-To: <b7980c1f-18f8-df92-d0a7-b4587e6ac4ed@cox.net>
References: <b7980c1f-18f8-df92-d0a7-b4587e6ac4ed@cox.net>
Message-ID: <HpdL_x2GuSi9TRMz01CYxloTxd3hBsJ-_40yF5SjxZFgZC-pLyhDr_8mA9ietZvFrZ1CEKaB6r6DbEDwSdSCn2Z7UqHBWaG--TOzgxBaT-Q=@mattcrews.com>

-------- Original Message --------
 On January 23, 2018 7:14 PM, mike enriquez <mylinux at cox.net> wrote:
>This is a test please pay no attention to this.

Welcome to the list!

From mailinglists at mattcrews.com  Wed Jan 24 06:24:32 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 24 Jan 2018 08:24:32 -0500
Subject: Meltdown and Spectre - What to do about it
In-Reply-To: <13994e1d-e09f-ae8f-1526-cd71176cca5a@snaptek.com>
References: <3f681513284f3532600715e3425734cd@phpcoderusa.com>
 <F713F5BB-2337-4383-B695-C2AEC0F1064F@thetoolwiz.com>
 <5AD793C1-A84C-4A46-B156-3A349330BC7D@icloud.com>
 <CDCD7913-8987-42B2-8AA2-31C7807EBF57@gmail.com>
 <CAEqej2ME5TuWYoAt2_PU+1A2FLd+MvOcP_Fbuk7ESj+CdmfANg@mail.gmail.com>
 <CACS_G9x30gyDMG_OgqMW6HbrX3pqrG38KfcNfFaqMuTGfQXP6Q@mail.gmail.com>
 <alpine.DEB.2.11.1801091903070.14234@post>
 <c4257efe-ce30-eaeb-d8dd-78ff90894d67@snaptek.com>
 <13994e1d-e09f-ae8f-1526-cd71176cca5a@snaptek.com>
Message-ID: <Nq4OqX38C2uoiSxNl2ks2qKR-Cnn7myItX70_Y2yFw_jupxt7e-7hQ93aaPNaxjiMGaTfdXI_oWhfwLxdgrzLBplK1Q0AcrXDwrAn9tPmeU=@mattcrews.com>

-------- Original Message --------
 On January 11, 2018 12:44 PM, Brian Cluff <brian at snaptek.com> wrote:

>The Intel microcode that you need to update to go along with the
> previous patches just hit.
>https://usn.ubuntu.com/usn/usn-3531-1/

It appears that Intel is saying do not install the microcode updates at this time, or any other patch for Meltdown and Spectre. At least for certain CPUs. They appear to cause reboot issues.

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

Should come as no surprise that Linus Torvalds is not particularly happy with the quality of these patches.

From Rusty.Carruth at smartm.com  Wed Jan 24 08:24:25 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Wed, 24 Jan 2018 15:24:25 +0000
Subject: Learning to compile
In-Reply-To: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
Message-ID: <CO2PR04MB2311B66E5435E362917FD3169DE20@CO2PR04MB2311.namprd04.prod.outlook.com>

Something they may or may not teach in school – take a good look at YACC and LEX (Flex/Bison in the open source world, IIRC).  They can help a lot in parsing the tokens.

(At one point, after having written YACLP (Yet Another Command Language Parser), I realized that it would probably make more sense to use LEX/YACC (Flex/Bison) than to keep writing tokenizers and such…  Especially since the intention had been that you could enter the commands either on the command line and also run them like a pre-written program.  Never got the whole system finished, so don’t know if it DOES make more sense or not (from a practical point of view after having tried it out)…)

There may also be some good books.  I know I have a couple of books from my school days which cover various aspects of ‘language translation’.  I’ll try to remember to look for them tonight.  Don’t remember if they were any good, though.

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of trent shipley
Sent: Tuesday, January 23, 2018 6:39 PM
To: Main PLUG discussion list
Subject: Learning to compile
…

I have no money for school, (and whether school produces better coders or not, I LIKE school, but that's irrelevant due to the money problem.)

Is it possible to teach yourself to write compilers in an imperative language? If so how?
…
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/61785be4/attachment.html>

From cryptworks at gmail.com  Wed Jan 24 08:43:27 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Wed, 24 Jan 2018 08:43:27 -0700
Subject: Learning to compile
In-Reply-To: <CO2PR04MB2311B66E5435E362917FD3169DE20@CO2PR04MB2311.namprd04.prod.outlook.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
 <CO2PR04MB2311B66E5435E362917FD3169DE20@CO2PR04MB2311.namprd04.prod.outlook.com>
Message-ID: <CACS_G9zFJQr56inMHL4Nx4i9VyP+fEEocbeg-WeG_CFv8UG6Cw@mail.gmail.com>

Some things to look for are online. For example, MIT has a ton of work
online for free, https://ocw.mit.edu/index.htm

On Wed, Jan 24, 2018 at 8:24 AM, Carruth, Rusty <Rusty.Carruth at smartm.com>
wrote:

> Something they may or may not teach in school – take a good look at YACC
> and LEX (Flex/Bison in the open source world, IIRC).  They can help a lot
> in parsing the tokens.
>
>
>
> (At one point, after having written YACLP (Yet Another Command Language
> Parser), I realized that it would probably make more sense to use LEX/YACC
> (Flex/Bison) than to keep writing tokenizers and such…  Especially since
> the intention had been that you could enter the commands either on the
> command line and also run them like a pre-written program.  Never got the
> whole system finished, so don’t know if it DOES make more sense or not
> (from a practical point of view after having tried it out)…)
>
>
>
> There may also be some good books.  I know I have a couple of books from
> my school days which cover various aspects of ‘language translation’.  I’ll
> try to remember to look for them tonight.  Don’t remember if they were any
> good, though.
>
>
>
> *From:* PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] *On
> Behalf Of *trent shipley
> *Sent:* Tuesday, January 23, 2018 6:39 PM
> *To:* Main PLUG discussion list
> *Subject:* Learning to compile
>
> …
>
>
>
> I have no money for school, (and whether school produces better coders or
> not, I LIKE school, but that's irrelevant due to the money problem.)
>
>
>
> Is it possible to teach yourself to write compilers in an imperative
> language? If so how?
>
> …
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/0315c6e9/attachment.html>

From eric.cope at gmail.com  Wed Jan 24 09:42:17 2018
From: eric.cope at gmail.com (Eric Cope)
Date: Wed, 24 Jan 2018 09:42:17 -0700
Subject: Learning to compile
In-Reply-To: <CACS_G9zFJQr56inMHL4Nx4i9VyP+fEEocbeg-WeG_CFv8UG6Cw@mail.gmail.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
 <CO2PR04MB2311B66E5435E362917FD3169DE20@CO2PR04MB2311.namprd04.prod.outlook.com>
 <CACS_G9zFJQr56inMHL4Nx4i9VyP+fEEocbeg-WeG_CFv8UG6Cw@mail.gmail.com>
Message-ID: <CA+KsXZQnv+du0fW=56SKJvBEHG0jJj+=0N5o=UpEsWVbwSLLuQ@mail.gmail.com>

Hi Trent,
I've been listening to the dialog for a bit and thought I would weigh in...

You've stated you are new to programming in general, but want to learn.
You've also expressed interest in compilers, asking where to start to write
compilers. You also want to use this new skill as a possible new career.

I applaud your efforts, however I suggest you rethink your strategy. You've
selected what is arguably the hardest field within programming. Not only do
you have to know computer architecture and instruction sets, you have to
know parsing, lexing, optimization, etc. on top of all of the details of
programming. Very smart people spend 10 years doing this with focused
specialized instruction from people who know this stuff.

Here are my recommendations:
1) identify an entry level programming position you are interested in (web
dev is a decent choice).
2) Identify the skills and languages you need to get into that position.
2a) learning basic programming skills in PHP or Python is far easier and
faster than C/C++. The online manuals are fantastic, Stackoverflow is
filled with great Q&A.
3) get entry level job.
4) identify the next level of programming you want to learn (not compilers
yet!) and repeat steps 1-3.

By the 3rd or 4th iteration, you may be ready for compiler design, or
realize that there are other fun aspects of the field and pursue those as
well (embedded firmware, IoT, etc).

I hope that helps.

Eric



On Wed, Jan 24, 2018 at 8:43 AM, Stephen Partington <cryptworks at gmail.com>
wrote:

> Some things to look for are online. For example, MIT has a ton of work
> online for free, https://ocw.mit.edu/index.htm
>
> On Wed, Jan 24, 2018 at 8:24 AM, Carruth, Rusty <Rusty.Carruth at smartm.com>
> wrote:
>
>> Something they may or may not teach in school – take a good look at YACC
>> and LEX (Flex/Bison in the open source world, IIRC).  They can help a lot
>> in parsing the tokens.
>>
>>
>>
>> (At one point, after having written YACLP (Yet Another Command Language
>> Parser), I realized that it would probably make more sense to use LEX/YACC
>> (Flex/Bison) than to keep writing tokenizers and such…  Especially since
>> the intention had been that you could enter the commands either on the
>> command line and also run them like a pre-written program.  Never got the
>> whole system finished, so don’t know if it DOES make more sense or not
>> (from a practical point of view after having tried it out)…)
>>
>>
>>
>> There may also be some good books.  I know I have a couple of books from
>> my school days which cover various aspects of ‘language translation’.  I’ll
>> try to remember to look for them tonight.  Don’t remember if they were any
>> good, though.
>>
>>
>>
>> *From:* PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] *On
>> Behalf Of *trent shipley
>> *Sent:* Tuesday, January 23, 2018 6:39 PM
>> *To:* Main PLUG discussion list
>> *Subject:* Learning to compile
>>
>> …
>>
>>
>>
>> I have no money for school, (and whether school produces better coders or
>> not, I LIKE school, but that's irrelevant due to the money problem.)
>>
>>
>>
>> Is it possible to teach yourself to write compilers in an imperative
>> language? If so how?
>>
>> …
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/a774dd98/attachment.html>

From andrewmcrobb at gmail.com  Wed Jan 24 11:19:40 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Wed, 24 Jan 2018 11:19:40 -0700
Subject: Learning to compile
In-Reply-To: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
Message-ID: <CAH1v-qgqrLEZ-6MYBE4CkfLSSrLWmc8r5JAguSwXh8nSYRfXuA@mail.gmail.com>

I may not be the best one to talk, but writing a compiler in something like
Java/Haskell sounds like it would be incredibility slow if you wanted to
get some real world usage out of it. If you already know some Java, why not
take a dive into a real lower level language like C/C++ already? -- C/C++
have been used to write a lot of compilers/interpreters. Speaking of, check
out Bisqwit's video on writing a compiler.

https://www.youtube.com/watch?v=eF9qWbuQLuw&t=652s

If half way in that video already feels like it's a little too much to
handle, perhaps you are not ready. -- No offense. I've tried to taken a
nose dive attempting to write a MMO game from scratch and got burned from
it pretty quickly after I realized how evolve you really must be. Just
don't want you to waste your time, if it could be spent doing something
more practical. Otherwise, if you can sit through the hole video and
understand how to interpreter into xyz language, by all means go ahead and
mess around, and do some Googling around on the Internet. There are 100s
examples out there how to make interpreters/compilers.

I also had this book at one point, if the hole project still interests you:
https://www.amazon.com/Compilers-Principles-Techniques-Tools-2nd/dp/0321486811/ref=sr_1_2?ie=UTF8&qid=1516817947&sr=8-2&keywords=compiler

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Tue, Jan 23, 2018 at 6:39 PM, trent shipley <trent.shipley at gmail.com>
wrote:

> Since my other thread degenerated into a "school bad, school good" flame
> war, I thought I would try again.
>
> I have little academic OR practical background with programming.
>
> I want to write a couple of compilers.
>
> The compilers are for functional languages.
>
> I would PREFER to write the compilers with functional languages (1, a
> Haskell to JVM compiler mostly in Haskell with with some Java, 2,
> Funcalc--a pedagogical spreadsheet in Kotlin.)
>
> I'm pretty good at learning computer languages, and so far teaching myself
> Haskell has failed to produce insurmountable obstacles.
>
> But programming compilers is supposed to be HARD, and very much indebted
> to theory (as in, things they DO teach in school).
>
> I have no money for school, (and whether school produces better coders or
> not, I LIKE school, but that's irrelevant due to the money problem.)
>
> Is it possible to teach yourself to write compilers in an imperative
> language? If so how?
> Having learned to write compilers with imperative languages, how do you
> convert to writing compilers in functional languages (for example, given
> Haskell [thought by many to be hard], writing lexer-parser-compilers is
> considered easy)?
>
>
> Regards,
>
>
> Trent.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/3b1a182a/attachment.html>

From newsletters at thetoolwiz.com  Wed Jan 24 11:47:40 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Wed, 24 Jan 2018 18:47:40 +0000 (UTC)
Subject: Learning to compile
In-Reply-To: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
Message-ID: <5C8528BD-B13B-4CF4-A7D5-0E000F5E593D@thetoolwiz.com>

What’s your top priority?

Learning how to write compilers?

Or learning something that will lead to gainful employment, growth, and income?

There’s very little call for people who write compilers today. As an academic exercise, that’s fine. Just don’t expect it to lead to employment any time soon.

Also, writing a compiler in a functional language is ill-advised. Compilers need to be FAST! That means using C or some other compiled language.

This is a relatively mature field as far as tools go. Lex and Yacc have been around since the 80s, and they’re still the go-to tools for anybody who wants to build a lexer and parser. There have been some “better mousetraps” over the years, but the companies who put them out have disappeared since the competition for compilers has dried up.

Microsoft, Oracle/Sun (Java), and Apple (Objective-C, Swift) pretty much dominate the market for “captive” compilers.

There are also the open-source ones that you’ll find on every Linux machine: php, perl, gnu c/c++, etc.

Learn to program in something people are paying for, like R.

C# and Java programmers seem to be a dime a dozen as the market is flooded with foreigners.

Depending on your organizational skills, you might also want to look into DevOps. It’s a very broad subject and you’ll work with several different languages and tools, some with very strange names like chef and puppet.

DevOps is not an area you’re likely to find any specific classes in, although it’s a growing field, especially in terms of managing things in the cloud.

But there are several good books on the topic. Search Amazon to see what’s there.

-David Schwartz



> On Jan 23, 2018, at 6:39 PM, trent shipley <trent.shipley at gmail.com> wrote:
> 
> Since my other thread degenerated into a "school bad, school good" flame war, I thought I would try again.
> 
> I have little academic OR practical background with programming.
> 
> I want to write a couple of compilers.
> 
> The compilers are for functional languages.
> 
> I would PREFER to write the compilers with functional languages (1, a Haskell to JVM compiler mostly in Haskell with with some Java, 2, Funcalc--a pedagogical spreadsheet in Kotlin.)
> 
> I'm pretty good at learning computer languages, and so far teaching myself Haskell has failed to produce insurmountable obstacles.
> 
> But programming compilers is supposed to be HARD, and very much indebted to theory (as in, things they DO teach in school).
> 
> I have no money for school, (and whether school produces better coders or not, I LIKE school, but that's irrelevant due to the money problem.)
> 
> Is it possible to teach yourself to write compilers in an imperative language? If so how?
> Having learned to write compilers with imperative languages, how do you convert to writing compilers in functional languages (for example, given Haskell [thought by many to be hard], writing lexer-parser-compilers is considered easy)?
> 
> 
> Regards,
> 
> 
> Trent.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeBVHMx0wN6b-2BJcb5U-2FoKKAzeIOevgtlsqG1BN39iUGZHyBB7VmdD6K9HoJgRgmpXCgCPZGstKng0Rft5uC7Uu4HleWObAoV9NXJS3yI1aQVNWIXC48BAKzrwE3HxIXnRp4d6q2q7hcKK-2BrQdcTrROS1MAXebNDMdW25eUOvQ-2Fe4c-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/7b9bda59/attachment.html>

From andrewmcrobb at gmail.com  Wed Jan 24 11:56:45 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Wed, 24 Jan 2018 11:56:45 -0700
Subject: Learning to compile
In-Reply-To: <5C8528BD-B13B-4CF4-A7D5-0E000F5E593D@thetoolwiz.com>
References: <CAEFLyb+6LF10oGHM3TqvJCHaoouuXqBYNC8hq2dtix+Hx6yc9A@mail.gmail.com>
 <5C8528BD-B13B-4CF4-A7D5-0E000F5E593D@thetoolwiz.com>
Message-ID: <CAH1v-qjxxeyDvNCXLdKzZ8Nw2Ac2PR5gqDhydT4mwMN8cxnYtA@mail.gmail.com>

P.S If anything I would recommend learning networking... If I was going to
say do something practical, assuming your networking knowledge is somewhat
limited.

1. Learn to write and run a simple HTTP server.
2. Install it on a AWS server or get a Digital Ocean droplet.
3. Learn to create firewall permissions.
4. Run A/B tests. How well did it perform? What can you do to make it
better from a networking/software prospective?
5. Go back to the drawing board and repeat.

Once I first got into programming, I barely knew networking. This was the
thing that bit me in the butt more than often, and at the time getting a
server you can run your own software wasn't cheap. And a lot of
software/programs these days require you to know how to set stuff like this
up, since it's in way more demand. Node.js, Erlang, Go to name a few that
are very server/networking oriented languages.

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Wed, Jan 24, 2018 at 11:47 AM, David Schwartz <newsletters at thetoolwiz.com
> wrote:

> What’s your top priority?
>
> Learning how to write compilers?
>
> Or learning something that will lead to gainful employment, growth, and
> income?
>
> There’s very little call for people who write compilers today. As an
> academic exercise, that’s fine. Just don’t expect it to lead to employment
> any time soon.
>
> Also, writing a compiler in a functional language is ill-advised.
> Compilers need to be FAST! That means using C or some other compiled
> language.
>
> This is a relatively mature field as far as tools go. Lex and Yacc have
> been around since the 80s, and they’re still the go-to tools for anybody
> who wants to build a lexer and parser. There have been some “better
> mousetraps” over the years, but the companies who put them out have
> disappeared since the competition for compilers has dried up.
>
> Microsoft, Oracle/Sun (Java), and Apple (Objective-C, Swift) pretty much
> dominate the market for “captive” compilers.
>
> There are also the open-source ones that you’ll find on every Linux
> machine: php, perl, gnu c/c++, etc.
>
> Learn to program in something people are paying for, like R.
>
> C# and Java programmers seem to be a dime a dozen as the market is flooded
> with foreigners.
>
> Depending on your organizational skills, you might also want to look into
> DevOps. It’s a very broad subject and you’ll work with several different
> languages and tools, some with very strange names like chef and puppet.
>
> DevOps is not an area you’re likely to find any specific classes in,
> although it’s a growing field, especially in terms of managing things in
> the cloud.
>
> But there are several good books on the topic. Search Amazon to see what’s
> there.
>
> -David Schwartz
>
> On Jan 23, 2018, at 6:39 PM, trent shipley <trent.shipley at gmail.com>
> wrote:
>
> Since my other thread degenerated into a “school bad, school good” flame
> war, I thought I would try again.
>
> I have little academic OR practical background with programming.
>
> I want to write a couple of compilers.
>
> The compilers are for functional languages.
>
> I would PREFER to write the compilers with functional languages (1, a
> Haskell to JVM compiler mostly in Haskell with with some Java, 2,
> Funcalc--a pedagogical spreadsheet in Kotlin.)
>
> I'm pretty good at learning computer languages, and so far teaching myself
> Haskell has failed to produce insurmountable obstacles.
>
> But programming compilers is supposed to be HARD, and very much indebted
> to theory (as in, things they DO teach in school).
>
> I have no money for school, (and whether school produces better coders or
> not, I LIKE school, but that's irrelevant due to the money problem.)
>
> Is it possible to teach yourself to write compilers in an imperative
> language? If so how? Having learned to write compilers with imperative
> languages, how do you convert to writing compilers in functional languages
> (for example, given Haskell [thought by many to be hard], writing
> lexer-parser-compilers is considered easy)?
>
> Regards,
>
> Trent. --------------------------------------------------- PLUG-discuss
> mailing list – PLUG-discuss at lists.phxlinux.org To subscribe, unsubscribe,
> or to change your mail settings: http://lists.phxlinux.org/
> mailman/listinfo/plug-discuss
> <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeBVHMx0wN6b-2BJcb5U-2FoKKA9OB8FoKIlTeQYAJYvvZgO-2F8Ph9ynNAvP8cZ0pNiboDO4FHHa6xa-2FlolvK2cfrk7f-2BhLKeoWpsjqkdqK-2B05T6za3S43mSOvH1DAI582vDRNRiQ-2B5Ns9l5XZSNWeF5Iw1b3zqHdq6or1afg9-2BUEULUpE-3D>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/ad1f6b08/attachment.html>

From plug at SonoranZen.com  Wed Jan 24 12:04:15 2018
From: plug at SonoranZen.com (AZ Pete)
Date: Wed, 24 Jan 2018 12:04:15 -0700
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net Neutrality
In-Reply-To: <mailman.1000.1516816911.1364.privacy@vortex.com>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
Message-ID: <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>

Thought I'd share this with the group. If anyone has friends/relatives that don't understand net neutrality have them watch this youTube video.

I think it explains it perfectly for the layman.

Peter



-------- Forwarded Message --------

	

	

	

	

	

Burger King Trolled Customers to Perfectly Explain Net Neutrality

https://motherboard.vice.com/en_us/article/a3nmze/burger-king-net-neutrality-ad

[VIDEO]: https://youtu.be/ltzy5vRmN8Q

   	Burger King created a "fast lane" for Whoppers in the
	commercial, which allowed customers who paid more to get their
	burger faster.  Without the net neutrality rules that the
	Federal Communications Commission repealed last year, internet
	companies could charge customers more for faster access to
	certain online content, just like the Whopper fast lane. They
	could prioritize some content over others (chicken sandwiches
	over Whoppers, for example) and throttle service on content
	for some users (very, very slowly handing over the bag).
	Look, I'm not one to gush over brands, and at the end of the
	day Burger King's goal is to appeal to woke millennials so it
	can sell more burgers. But it created a really useful PSA in
	the process, which also points viewers to an online petition
	where they can protest the change in the law.  Oh, and in case
	you missed it, there's even a dig at FCC Chair Ajit Pai at the
	end.

  - - -



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/4de96500/attachment.html>

From eric.cope at gmail.com  Wed Jan 24 13:02:07 2018
From: eric.cope at gmail.com (Eric Cope)
Date: Wed, 24 Jan 2018 13:02:07 -0700
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net
 Neutrality
In-Reply-To: <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
 <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
Message-ID: <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>

I think this is a great example of why net nuetrality is so bad.

We aren't choosing from "the fast lane for everybody" vs "the slow lane for
everybody and the fast lane for those who pay".
We are choosing between "the slow lane for everybody" vs "the slow lane for
everybody and the fast lane for those who pay".

The former is how you drive innovation. You let those who an afford the
luxury buy it, and as it matures, its finds its way into regular consumer's
hands.

Let the flaming begin.

Eric


On Wed, Jan 24, 2018 at 12:04 PM, AZ Pete <plug at sonoranzen.com> wrote:

> Thought I'd share this with the group. If anyone has friends/relatives
> that don't understand net neutrality have them watch this youTube video.
>
> I think it explains it perfectly for the layman.
>
> Peter
>
>
> -------- Forwarded Message --------
>
>
>
>
>
>
>
>
>
>
> Burger King Trolled Customers to Perfectly Explain Net Neutrality
>
> https://motherboard.vice.com/en_us/article/a3nmze/burger-king-net-neutrality-ad
>
> [VIDEO]: https://youtu.be/ltzy5vRmN8Q
>
>   	Burger King created a "fast lane" for Whoppers in the
> 	commercial, which allowed customers who paid more to get their
> 	burger faster.  Without the net neutrality rules that the
> 	Federal Communications Commission repealed last year, internet
> 	companies could charge customers more for faster access to
> 	certain online content, just like the Whopper fast lane. They
> 	could prioritize some content over others (chicken sandwiches
> 	over Whoppers, for example) and throttle service on content
> 	for some users (very, very slowly handing over the bag).
> 	Look, I'm not one to gush over brands, and at the end of the
> 	day Burger King's goal is to appeal to woke millennials so it
> 	can sell more burgers. But it created a really useful PSA in
> 	the process, which also points viewers to an online petition
> 	where they can protest the change in the law.  Oh, and in case
> 	you missed it, there's even a dig at FCC Chair Ajit Pai at the
> 	end.
>
>  - - -
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/2b2f11ec/attachment.html>

From PLUGd at LuftHans.com  Wed Jan 24 13:15:13 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Wed, 24 Jan 2018 20:15:13 +0000 (UTC)
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net
 Neutrality
In-Reply-To: <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
 <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
 <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801242009030.282@post>

Am 24. Jan, 2018 schwätzte Eric Cope so:

moin moin Eric,

we're choosing between "I paid for Internet access" and "Only if we decide
you can have it."

Netflix gets a bad rap for using lots of bandwidth. That's crap.

Netflix uses zero bandwidth. Netflix customers use the bandwidth and they
are paying their ISPs to get it.

I'm paying for whole Internet access, not just "Only if we decide you can
have it" Internet access.

ciao,

der.hans

> I think this is a great example of why net nuetrality is so bad.
>
> We aren't choosing from "the fast lane for everybody" vs "the slow lane for
> everybody and the fast lane for those who pay".
> We are choosing between "the slow lane for everybody" vs "the slow lane for
> everybody and the fast lane for those who pay".
>
> The former is how you drive innovation. You let those who an afford the
> luxury buy it, and as it matures, its finds its way into regular consumer's
> hands.
>
> Let the flaming begin.
>
> Eric
>
>
> On Wed, Jan 24, 2018 at 12:04 PM, AZ Pete <plug at sonoranzen.com> wrote:
>
>> Thought I'd share this with the group. If anyone has friends/relatives
>> that don't understand net neutrality have them watch this youTube video.
>>
>> I think it explains it perfectly for the layman.
>>
>> Peter
>>
>>
>> -------- Forwarded Message --------
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Burger King Trolled Customers to Perfectly Explain Net Neutrality
>>
>> https://motherboard.vice.com/en_us/article/a3nmze/burger-king-net-neutrality-ad
>>
>> [VIDEO]: https://youtu.be/ltzy5vRmN8Q
>>
>>   	Burger King created a "fast lane" for Whoppers in the
>> 	commercial, which allowed customers who paid more to get their
>> 	burger faster.  Without the net neutrality rules that the
>> 	Federal Communications Commission repealed last year, internet
>> 	companies could charge customers more for faster access to
>> 	certain online content, just like the Whopper fast lane. They
>> 	could prioritize some content over others (chicken sandwiches
>> 	over Whoppers, for example) and throttle service on content
>> 	for some users (very, very slowly handing over the bag).
>> 	Look, I'm not one to gush over brands, and at the end of the
>> 	day Burger King's goal is to appeal to woke millennials so it
>> 	can sell more burgers. But it created a really useful PSA in
>> 	the process, which also points viewers to an online petition
>> 	where they can protest the change in the law.  Oh, and in case
>> 	you missed it, there's even a dig at FCC Chair Ajit Pai at the
>> 	end.
>>
>>  - - -
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  Very frankly, I am opposed to people being programmed by others.
#    -- Fred Rogers, aka Mr. Rogers (1928-2003)

From Rusty.Carruth at smartm.com  Wed Jan 24 13:20:15 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Wed, 24 Jan 2018 20:20:15 +0000
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net
 Neutrality
In-Reply-To: <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
 <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
 <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
Message-ID: <CO2PR04MB23117A67086059FFFE88F0C49DE20@CO2PR04MB2311.namprd04.prod.outlook.com>

Clearly, there are strongly held opinions on both sides of this debate.  And those on each side believe they have logical reasons for their stand.

We’ve been there, flamed that.  Most of where you stand seems to come from a few assumptions about ‘how things should be’.

I’d rather not re-hash all that fun we’ve been through before.  Eric, I’d like us to agree to disagree.  I believe I have valid technical reasons for why net non-neutrality is so bad, you have what you believe are valid technical reasons for the other conclusion.  I am pretty sure you cannot change my mind, and I’m betting that I won’t change your mind my way.

Probably because the conclusion we both came to was mostly affected by NON-technical considerations.  IMHO, of course.

In any case, I disagree with Eric, as you all may remember.

Let’s all just take a deep breath and go do something constructive now, rather than going down the same old rabbit trail.  (Put another way – please, let’s not get into YAFW! (Yet Another Flame War or whatever you wish to call it…))

Thank you, and all those electrons which would have been needlessly excited thank you also. ☺

Rusty

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Eric Cope
Sent: Wednesday, January 24, 2018 1:02 PM
To: Main PLUG discussion list
Subject: Re: OT: Burger King Trolled Customers to Perfectly Explain Net Neutrality

I think this is a great example of why net nuetrality is so bad.

We aren't choosing from "the fast lane for everybody" vs "the slow lane for everybody and the fast lane for those who pay".
We are choosing between "the slow lane for everybody" vs "the slow lane for everybody and the fast lane for those who pay".

The former is how you drive innovation. You let those who an afford the luxury buy it, and as it matures, its finds its way into regular consumer's hands.

Let the flaming begin.

Eric


On Wed, Jan 24, 2018 at 12:04 PM, AZ Pete <plug at sonoranzen.com<mailto:plug at sonoranzen.com>> wrote:

Thought I'd share this with the group. If anyone has friends/relatives that don't understand net neutrality have them watch this youTube video.

I think it explains it perfectly for the layman.

Peter


-------- Forwarded Message --------





Burger King Trolled Customers to Perfectly Explain Net Neutrality

https://motherboard.vice.com/en_us/article/a3nmze/burger-king-net-neutrality-ad



[VIDEO]: https://youtu.be/ltzy5vRmN8Q



        Burger King created a "fast lane" for Whoppers in the

        commercial, which allowed customers who paid more to get their

        burger faster.  Without the net neutrality rules that the

        Federal Communications Commission repealed last year, internet

        companies could charge customers more for faster access to

        certain online content, just like the Whopper fast lane. They

        could prioritize some content over others (chicken sandwiches

        over Whoppers, for example) and throttle service on content

        for some users (very, very slowly handing over the bag).

        Look, I'm not one to gush over brands, and at the end of the

        day Burger King's goal is to appeal to woke millennials so it

        can sell more burgers. But it created a really useful PSA in

        the process, which also points viewers to an online petition

        where they can protest the change in the law.  Oh, and in case

        you missed it, there's even a dig at FCC Chair Ajit Pai at the

        end.



 - - -







---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org<mailto:PLUG-discuss at lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/495c2042/attachment.html>

From mailinglists at mattcrews.com  Wed Jan 24 16:17:28 2018
From: mailinglists at mattcrews.com (Matthew Crews)
Date: Wed, 24 Jan 2018 18:17:28 -0500
Subject: Installing and Updating Programs from Source
Message-ID: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>

Hey all, this is a relatively newbish question.

I'm comfortable with downloading and installing the source code to a program that I want to use, compile it, and use "make install" to install. That is the easy part.

Here's the hard part for me. What are the best practices for doing so?
-Is there a specific subfolder I should be installing compiled programs to? IE /opt instead of /usr/bin ?
-Is there a way to specify the subfolder?
-Is there an easy way to uninstall said programs when I am ready to do so?
-What is the best way to keep said programs up to date when a new version is available?

For the record, I am using Debian Stretch. Would it be better to take a program I want and make a .deb so that I can use dpkg or apt?

Cheers.

​Sent from ProtonMail, Swiss-based encrypted email.
​

From andrewmcrobb at gmail.com  Wed Jan 24 16:59:11 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Wed, 24 Jan 2018 16:59:11 -0700
Subject: Installing and Updating Programs from Source
In-Reply-To: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>
References: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>
Message-ID: <CAH1v-qhOoB0F1+PEEdUa_eMh8Nq5bAF1JPprJs3zbDd8Rz=Aug@mail.gmail.com>

The only real edge case is when for some reason the package you want to use
is extremely outdated or borked. e.g: I use FreeSwitch on CentOS, but the
package manager's plugins don't work correctly unless I build from source
and teak some parameters for my liking.

Is there a specific subfolder I should be installing compiled programs to?
> IE /opt instead of /usr/bin ?


No, usually somewhere that's easy for you to remember where it is when your
done is fine. Heck /tmp folder is fine, if it's small enough.

Is there a way to specify the subfolder?

If you mean by downloading it, most cases only where you put the source
code. Unless you mean the installation part, most of the time no, unless
the devs added a method inside their 'make install' for you to do this. But
even then if you are hell bent on where your program lives, you can use
symlinks.

Is there an easy way to uninstall said programs when I am ready to do so?


Sometimes the downloaded makefiles will have a "uninstall" command. If not,
it's best to consult the source of the program's website or, author or
community.

What is the best way to keep said programs up to date when a new version is
> available?
>

Depends on the circumstance, if building from source. Lot of the times you
can safely clone/download the code again and rebuild it and install it, but
sometimes you may need to unistall and re-install the program. Hence why
most people like to depend on package managers.

Would it be better to take a program I want and make a .deb so that I can
> use dpkg or apt?


IMHO, seems like you would be giving yourself more overhead if you are
using it for one machine and one machine only. But if you have a cluster
running on the same OS, making a .deb wouldn't be a bad idea, since it
would save you time in the long run.

Someone may have a better answer to these, but this is just from my
experience.

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Wed, Jan 24, 2018 at 4:17 PM, Matthew Crews <mailinglists at mattcrews.com>
wrote:

> Hey all, this is a relatively newbish question.
>
> I'm comfortable with downloading and installing the source code to a
> program that I want to use, compile it, and use "make install" to install.
> That is the easy part.
>
> Here's the hard part for me. What are the best practices for doing so?
> -Is there a specific subfolder I should be installing compiled programs
> to? IE /opt instead of /usr/bin ?
> -Is there a way to specify the subfolder?
> -Is there an easy way to uninstall said programs when I am ready to do so?
> -What is the best way to keep said programs up to date when a new version
> is available?
>
> For the record, I am using Debian Stretch. Would it be better to take a
> program I want and make a .deb so that I can use dpkg or apt?
>
> Cheers.
>
> ​Sent from ProtonMail, Swiss-based encrypted email.
> ​
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/08227109/attachment.html>

From michael at butash.net  Wed Jan 24 17:09:39 2018
From: michael at butash.net (Michael Butash)
Date: Wed, 24 Jan 2018 17:09:39 -0700
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net
 Neutrality
In-Reply-To: <alpine.DEB.2.11.1801242009030.282@post>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
 <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
 <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
 <alpine.DEB.2.11.1801242009030.282@post>
Message-ID: <CADWnDsvZvXeWbyRDW0oZmm1VeLcJgKFAPdvC_WT1nvTw_8A4Lg@mail.gmail.com>

Interesting part to the whole net neutrality thing, companies are already
working around the system regardless.

Cox for instance provide local connections directly or to a service to
other companies that peer to Netflix, Youtube, Amazon, Hulu, and other
bandwidth hogs, so they dump your traffic out to them over n x 100gb
connections locally already to save the whole queuing problems vs. sending
you to Internet via LA as normal.  It doesn't mean Cox won't continue to
raise your internet rate as cable subscriptions fall off, but orgs like
netflix and google are already fairly insulated in the matter with
solutions in place.

Your worst-case scenario is Comcast or other ill-intentioned MSP buys Cox,
and imposes their established limitations.  Their customers are already
beaten down for 10 years of metered internet, and they're far worse than
ours here.  Cox already uses (rebranded) Comcast Xfiniti as their entire
new video platform, so why not.

I miss the old Cox that used to run Usenet alt.binary warez feeds.

-mb

On Wed, Jan 24, 2018 at 1:15 PM, der.hans <PLUGd at lufthans.com> wrote:

> Am 24. Jan, 2018 schwätzte Eric Cope so:
>
> moin moin Eric,
>
> we're choosing between "I paid for Internet access" and "Only if we decide
> you can have it."
>
> Netflix gets a bad rap for using lots of bandwidth. That's crap.
>
> Netflix uses zero bandwidth. Netflix customers use the bandwidth and they
> are paying their ISPs to get it.
>
> I'm paying for whole Internet access, not just "Only if we decide you can
> have it" Internet access.
>
> ciao,
>
> der.hans
>
> I think this is a great example of why net nuetrality is so bad.
>>
>> We aren't choosing from "the fast lane for everybody" vs "the slow lane
>> for
>> everybody and the fast lane for those who pay".
>> We are choosing between "the slow lane for everybody" vs "the slow lane
>> for
>> everybody and the fast lane for those who pay".
>>
>> The former is how you drive innovation. You let those who an afford the
>> luxury buy it, and as it matures, its finds its way into regular
>> consumer's
>> hands.
>>
>> Let the flaming begin.
>>
>> Eric
>>
>>
>> On Wed, Jan 24, 2018 at 12:04 PM, AZ Pete <plug at sonoranzen.com> wrote:
>>
>> Thought I'd share this with the group. If anyone has friends/relatives
>>> that don't understand net neutrality have them watch this youTube video.
>>>
>>> I think it explains it perfectly for the layman.
>>>
>>> Peter
>>>
>>>
>>> -------- Forwarded Message --------
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Burger King Trolled Customers to Perfectly Explain Net Neutrality
>>>
>>> https://motherboard.vice.com/en_us/article/a3nmze/burger-kin
>>> g-net-neutrality-ad
>>>
>>> [VIDEO]: https://youtu.be/ltzy5vRmN8Q
>>>
>>>         Burger King created a "fast lane" for Whoppers in the
>>>         commercial, which allowed customers who paid more to get their
>>>         burger faster.  Without the net neutrality rules that the
>>>         Federal Communications Commission repealed last year, internet
>>>         companies could charge customers more for faster access to
>>>         certain online content, just like the Whopper fast lane. They
>>>         could prioritize some content over others (chicken sandwiches
>>>         over Whoppers, for example) and throttle service on content
>>>         for some users (very, very slowly handing over the bag).
>>>         Look, I'm not one to gush over brands, and at the end of the
>>>         day Burger King's goal is to appeal to woke millennials so it
>>>         can sell more burgers. But it created a really useful PSA in
>>>         the process, which also points viewers to an online petition
>>>         where they can protest the change in the law.  Oh, and in case
>>>         you missed it, there's even a dig at FCC Chair Ajit Pai at the
>>>         end.
>>>
>>>  - - -
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  Very frankly, I am opposed to people being programmed by others.
> #    -- Fred Rogers, aka Mr. Rogers (1928-2003)
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180124/9f40e522/attachment.html>

From slitt at troubleshooters.com  Wed Jan 24 23:25:46 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Thu, 25 Jan 2018 01:25:46 -0500
Subject: OT: Burger King Trolled Customers to Perfectly Explain Net
 Neutrality
In-Reply-To: <CADWnDsvZvXeWbyRDW0oZmm1VeLcJgKFAPdvC_WT1nvTw_8A4Lg@mail.gmail.com>
References: <mailman.1000.1516816911.1364.privacy@vortex.com>
 <f2293fd8-4d3a-8023-f641-25596f8c8b70@SonoranZen.com>
 <CA+KsXZS0_GuWa676D0m8+bz0Bo3hiGmP4vm9OjDmRAu47qpk1A@mail.gmail.com>
 <alpine.DEB.2.11.1801242009030.282@post>
 <CADWnDsvZvXeWbyRDW0oZmm1VeLcJgKFAPdvC_WT1nvTw_8A4Lg@mail.gmail.com>
Message-ID: <20180125012546.57ff1000@mydesk.domain.cxm>

On Wed, 24 Jan 2018 17:09:39 -0700
Michael Butash <michael at butash.net> wrote:

> Interesting part to the whole net neutrality thing, companies are
> already working around the system regardless.

[snip]
 
> Your worst-case scenario is Comcast or other ill-intentioned MSP buys
> Cox, and imposes their established limitations. 

Your worst-case scenario is that your new business, which provides an
innovative new internet service, competes with the inferior offerings
of comcast, spectrum, etc. So they throttle your service to the point of
unusability. You're a startup, so you can't afford the zillions to
bribe them into providing decent bandwidth.

Second worst case is that your provider, instead of building out their
infrastructure like they'd certainly do if they had more than 1 or 2
competitors in each neighborhood, they'll throttle everyone and then
sell less throttled Internet for twice the price. So you can choose
between a steep price increase, or stuttering and stumbling along with
something resembling 1998 dialup.

The free marketeers criticizing net neutrality forget that there's no
bandwidth marketplace. Most houses have a choice of 1 or 2 wired
internet providers, and I think 2 satellite providers with the long
latencies and upload through a telephone line. Many households are
lucky to have one alternative that can provide bandwidth, quickness
and reliability necessary for 2018. This is not a marketplace, it's an
oligopoly, and we all know what happens in oligopoly situations without
government imposed rules. It's not a free market if it's not a market
at all.

SteveT

From mhgraham at crow202.org  Thu Jan 25 09:00:26 2018
From: mhgraham at crow202.org (Matt Graham)
Date: Thu, 25 Jan 2018 09:00:26 -0700
Subject: Installing and Updating Programs from Source
In-Reply-To: <CAH1v-qhOoB0F1+PEEdUa_eMh8Nq5bAF1JPprJs3zbDd8Rz=Aug@mail.gmail.com>
References: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>
 <CAH1v-qhOoB0F1+PEEdUa_eMh8Nq5bAF1JPprJs3zbDd8Rz=Aug@mail.gmail.com>
Message-ID: <05a2f5cb4e47f15982bf4ed403f44032@crow202.org>

On 2018-01-24 16:59, Andrew McRobb wrote:
>> Is there a specific subfolder I should be installing compiled 
>> programs
>> to? IE /opt instead of /usr/bin ?

Things that are compiled from source are usually put in /usr/local , 
because your distro's package manager will leave that directory and its 
subdirectories alone.  /opt is usually for binary packages like Android 
Studio or Orrible.

>> Is there a way to specify the subfolder?
> If you mean by downloading it, most cases only where you put the
> source code. Unless you mean the installation part, most of the time
> no

What?  Everything that's built with autotools (which is almost every 
project that's larger than a toy) has the --prefix= option.  This 
defaults to /usr/local/ but you can set it to anything you like.  You'd 
set it to /usr/ to install the stuff alongside all the system packages.  
Well-behaved packages put their binaries in $PREFIX/bin , libraries in 
$PREFIX/lib , documentation in $PREFIX/share/doc , etcetera.

> But even then if you are hell bent on where your program
> lives, you can use symlinks.

If your program depends on libraries, and those libraries are installed 
in a non-standard place, you may need to add that place to 
/etc/ld.so.conf and rerun ldconfig before the program will run.

-- 
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.

From briend at gmail.com  Thu Jan 25 09:12:06 2018
From: briend at gmail.com (Brien Dieterle)
Date: Thu, 25 Jan 2018 09:12:06 -0700
Subject: Installing and Updating Programs from Source
In-Reply-To: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>
References: <zs4V_P3GUDEVQuKI46w_GTvEUp2xXKdPt-915ZOUZ3fF23v4orN6OkpxYrjVaqUlvwiQsKz8-VVBqmoX_lMtW4MB-7PwPxTihgyJ196Z7RM=@mattcrews.com>
Message-ID: <CAA_SwrnTefeZeUkXCyp93zU9NXWp0_2OM_iciWAdeNSvSFv2rg@mail.gmail.com>

You might want to try checkinstall, which solves a lot of the problems of
uninstalling, etc:

https://wiki.debian.org/CheckInstall

On Wed, Jan 24, 2018 at 4:17 PM, Matthew Crews <mailinglists at mattcrews.com>
wrote:

> Hey all, this is a relatively newbish question.
>
> I'm comfortable with downloading and installing the source code to a
> program that I want to use, compile it, and use "make install" to install.
> That is the easy part.
>
> Here's the hard part for me. What are the best practices for doing so?
> -Is there a specific subfolder I should be installing compiled programs
> to? IE /opt instead of /usr/bin ?
> -Is there a way to specify the subfolder?
> -Is there an easy way to uninstall said programs when I am ready to do so?
> -What is the best way to keep said programs up to date when a new version
> is available?
>
> For the record, I am using Debian Stretch. Would it be better to take a
> program I want and make a .deb so that I can use dpkg or apt?
>
> Cheers.
>
> ​Sent from ProtonMail, Swiss-based encrypted email.
> ​
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180125/aa512f12/attachment.html>

From techlists at phpcoderusa.com  Sat Jan 27 07:49:09 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sat, 27 Jan 2018 07:49:09 -0700
Subject: Trent's projects
In-Reply-To: <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
Message-ID: <b142454883069900f376055caedba0ce@phpcoderusa.com>

I happened upon this YouTube video that talks about this very subject. 

https://www.youtube.com/watch?v=_FioceDs7JA 

On 2018-01-23 03:02, David Schwartz wrote:

> The fallacy here is that a HS dropout who's been building homes for 30 years could build a home as nice as any Architect just a couple of years out of school. 
> 
> Perhaps. It goes on all around the world every day. 
> 
> All Architects can pound nails. 
> 
> But most run-of-the-mill construction workers have no clue when it comes to structural dependencies, legal codes, how to choose a foundation appropriate for the ground and terroir, etc. 
> 
> You guys keep conflating human psychology and behavior with acquisition of some mythical sort of "knowledge" that's somehow learned through osmosis over time (or even instantly). 
> 
> If you put a person with a passion for flowers in charge of an event, it should not surprize anybody that there might be an overabundance of flowers present. 
> 
> It doesn't matter if that person has a BS in Biology and a Master's in Floral Design, or just grew up loving flowers. 
> 
> If you tell them, "I want LOTS of beautiful flowers at the event!" you're more than likely to get a FLOOD of flowers. 
> 
> The end result will be a LOT different than someone like me who has zero interest in flowers and floral design, and who'll solve the problem by picking arrangements from a catalog and setting them wherever I can find a place to put them down. If people happen to like what I did, it does not make me some kind of idiot savant, nor a "better choice" than someone skilled in the art. 
> 
> If someone can teach a dog to do fancy tricks, there's a tendency for people to grant the DOG lots of smarts. 
> 
> But if that person can teach ANY dog to do fancy tricks, it probably means the TEACHER is the one with the smarts, not the dogs. 
> 
> Unfortunately, this situation happens way too often in the programming world, and it gets way too much traction mostly because there's a shortage of programmers. 
> 
> I'm not saying self-taught programmers aren't smart, or that people with formal education never over-do things. 
> 
> Rather, I think this is an utterly stupid thing to be discussing. 
> 
> Here's why in a nutshell: 
> 
> If you decide to invest a half-million bucks into your dream home, are you going to be more inclined to: (a) hire an Architect to design it and then a General Contractor to build it; or (b) would you just scribble some ideas on a napkin (you don't know how to make blueprints, do you?), then assemble a team of construction workers with 20+ years of experience cutting wood and pounding nails (assuming they must know as much as any decent Architect), hand them copies of your drawing, point them at your plot of land, and say, "Call me when you've finished!"? 
> 
> Most smart people would choose (a). 
> 
> But it seems a lot of programmers think (b) is the smarter approach to avoid "over-engineering". (Only as long as it's somebody else's money. But if it's THEIR OWN half-a-mil, I'm betting they'd go with (a).) 
> 
> I would assert that the (b) group isn't as likely to "over-engineer" a solution simply because they have FEW IF ANY solid "engineering" skills in their skillset in the first place. 
> 
> The house might not look any worse for the effort once it's finished. 
> 
> But when the first hurricane blows through or the first RS-5 earthquake hits, the house collapses. 
> 
> Well, hey, at least the house didn't suffer from "over-engineering", right? 
> 
> -David Schwartz 
> 
> On Jan 23, 2018, at 1:11 AM, Steve Litt <slitt at troubleshooters.com> wrote: 
> 
> On Sun, 21 Jan 2018 08:57:11 -0700 Aaron Jones <retro64xyz at gmail.com> wrote: 
> 
> The whole "you will be spiritually predisposed to coding" is stupid. No one wants a computer science person on the team because having a team of ten developers who can write crappy boiler plate code is faster than 9 shitty programmers being chased around by a good developer. 
> 
> I have a website I work on that has a code base that is topping nearly 2gb and has to load over 986MB to load just the front page. 
> 
> For what? Well we have 60+ items in composer, we have jquery, we have endless numbers of libraries and plugins. Sometimes we load thousands of lines of code to do a single action that literally might be called on the rarest of second tuesdays on the new moon. 
> 
> Don't blame me (a programmer without a CompSci degree) for the bad design of your company's website. Why don't you offer to rewrite that website from scratch, and if they say no, walk away? 
> 
> And please don't call me stupid. I am spiritually predisposed to coding. No, I never coded any huge stuff like your website, but that's because I didn't want to be involved with quagmires like that. I did, however, sometimes make money doing a Perl quickie so that the big gala Java application 6 months from completion for the previous year could continue their monument to enterprise application development without the customers bolting and bankrupting the place. And the Java Jockeys thanked me for providing them a working system they could use as a model and a focus for customer questioning. 
> 
> Far as I know, Steve Wosniak didn't have a Comp Sci degree, nor did Paul Allen. I KNOW you're not calling them stupid. AFAIK, Linux was just a student when he made the Linux kernel. He was you will be spiritually predisposed to coding a long time before his degree. 
> 
> Don't get me wrong: I'd have loved to learn the stuff my buddies with both spiritual disposition and a Comp Sci degree know: The data structures, the algorithms, the techniques are astouding. But in a contest between someone spiritually predisposed to coding and a Comp Sci grad in it for the money, I'd take the predisposed guy every time. 
> 
> SteveT 
> 
> Steve Litt January 2018 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb [1] --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss 

Links:
------
[1]
https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUb2P5Oq3MDnedSozkCrM5330ZLpaRgHiveIlA4KoFuHj_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLrrMdUXuTjZe7ZynYY1WI1C9JPZEagh7CSgLabUfdZsA7b1FD2uoKSsIlgEIcmmF3CCwGA4Qx3e6VrWZsmrWtUe8R1fMI-2F6T8qyGQEtH5hojFK82Pa7uJFtMKQynwBo5vZucYpeth6q0rEjdxQ2Rojg-3D
[2]
https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBeKNfMhxm5Cjsi1nmzHE5XLiakQVA3mlgpvrOEMaT2mCztCiXXnFYMNKSwktvU6IgaQCYVRlUejArboKJBvtPOS-2FypMeRSCa8fUEqgJJvIPAxunUR-2FtFP9Orxy8PsTlYdWKCYVb0vELhNfswZloHgUjWkTXTWksaZH8G5abL7oMEM-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/5d6e9231/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/5d6e9231/attachment.gif>

From bmike1 at gmail.com  Sat Jan 27 07:53:04 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 09:53:04 -0500
Subject: hardware error
Message-ID: <CAFRvun+Ki_bCBPLTtmOXVxpiR7tAHXiHnJAR00NC=CRQuxAm0g@mail.gmail.com>

I turned the laptop on this morning and logged in. After the os loaded it
was as if a key got stuck. So i did a hard reboot and after the login
screen appeared nothing would type and the mouse no longer works. Is there
anything I can do to fix it?

-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/f86df2f0/attachment.html>

From techlists at phpcoderusa.com  Sat Jan 27 07:54:04 2018
From: techlists at phpcoderusa.com (techlists at phpcoderusa.com)
Date: Sat, 27 Jan 2018 07:54:04 -0700
Subject: CS graduates vs no degree
Message-ID: <e7e7fcd362eef3d6baf5c26ddd42e174@phpcoderusa.com>

Another video. 

https://www.youtube.com/watch?v=nOQ7wrolG2c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/e96e5af2/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 08:01:02 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 10:01:02 -0500
Subject: hardware error
In-Reply-To: <CAFRvun+Ki_bCBPLTtmOXVxpiR7tAHXiHnJAR00NC=CRQuxAm0g@mail.gmail.com>
References: <CAFRvun+Ki_bCBPLTtmOXVxpiR7tAHXiHnJAR00NC=CRQuxAm0g@mail.gmail.com>
Message-ID: <CAFRvunKXsVwCds1U=TeUPEuiMmC5o5=uVUP-McsmAPL48wrhyA@mail.gmail.com>

well... when I try to type things the key gets stuck or the mouse and
keyboard don't work

On Sat, Jan 27, 2018 at 9:53 AM, Michael <bmike1 at gmail.com> wrote:

> I turned the laptop on this morning and logged in. After the os loaded it
> was as if a key got stuck. So i did a hard reboot and after the login
> screen appeared nothing would type and the mouse no longer works. Is there
> anything I can do to fix it?
>
> --
> :-)~MIKE~(-:
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/24b798c2/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 10:44:19 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 12:44:19 -0500
Subject: What is the best printer for the price?
Message-ID: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>

I can get HP or Canon.
HP:
CM2320
CP2025
Canon color image class:
LBP7200C
LBP7200Cd
LBP7200CN
LBP7200Cdn
LBP7210Cdn
LBP7600C
LBP7660Cdn
LBP7680Cx
8350Cdn
MF8380Cdw
MF8580Cdw

-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/bcf83caf/attachment.html>

From andrewmcrobb at gmail.com  Sat Jan 27 13:51:43 2018
From: andrewmcrobb at gmail.com (Andrew McRobb)
Date: Sat, 27 Jan 2018 13:51:43 -0700
Subject: hardware error
In-Reply-To: <CAFRvunKXsVwCds1U=TeUPEuiMmC5o5=uVUP-McsmAPL48wrhyA@mail.gmail.com>
References: <CAFRvun+Ki_bCBPLTtmOXVxpiR7tAHXiHnJAR00NC=CRQuxAm0g@mail.gmail.com>
 <CAFRvunKXsVwCds1U=TeUPEuiMmC5o5=uVUP-McsmAPL48wrhyA@mail.gmail.com>
Message-ID: <CAH1v-qgQCc7j-vqixEJadicFuXqJHfLHZteiAt5AFYEvHiuM8g@mail.gmail.com>

Hard to say. What sort of laptop are we talking about? -- Are you able to
get into BIOs at least?

Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info

On Sat, Jan 27, 2018 at 8:01 AM, Michael <bmike1 at gmail.com> wrote:

> well... when I try to type things the key gets stuck or the mouse and
> keyboard don't work
>
> On Sat, Jan 27, 2018 at 9:53 AM, Michael <bmike1 at gmail.com> wrote:
>
>> I turned the laptop on this morning and logged in. After the os loaded it
>> was as if a key got stuck. So i did a hard reboot and after the login
>> screen appeared nothing would type and the mouse no longer works. Is there
>> anything I can do to fix it?
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/742c1396/attachment.html>

From newsletters at thetoolwiz.com  Sat Jan 27 14:00:25 2018
From: newsletters at thetoolwiz.com (David Schwartz)
Date: Sat, 27 Jan 2018 21:00:25 +0000 (UTC)
Subject: Trent's projects
In-Reply-To: <20180123130706.5e3551e2@mydesk.domain.cxm>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <20180123130706.5e3551e2@mydesk.domain.cxm>
Message-ID: <08B53802-FFF7-469B-878F-BC985CEA29D3@thetoolwiz.com>

Well, I’m not going to argue with you over an analogy.

I believe there’s value in having a solid theoretical foundation in this field. “Programming” is distinct from “software design,” and people with less of that foundation in their background have to rely on things that are entirely based in their own personal experiences when it comes to DESIGN. 

The way things evolve in this industry is that people tend to be hired for their strengths, not because of their overal abilities. Over 10-15 years they’ve become bona fide experts at a few things. That is, their experience has become narrower, not broader. If you never studied compiler construction or formal language theory, for example, you’re not likely to get a job that depends on that knowledge. After many years, you’ll have gained a ton of experience and specific expertise, but very unlikely to have been exposed to these things you never had.

I guess I’m thinking of this because I recently saw a post from a guy who said he wanted to learn about how to write compilers, and asked if people could suggest how to learn about desiging compilers for functional languages, USING a function language. You could tell the guy that maybe a function language could be used to build a recursive-descent parser, but not a table-driven parser. Unfortunately, he doesn’t have the distinctions to get what you’re saying. 

The classic use of lex and yacc to build a table-driven parser rely on C or C++, unless they’ve been ported to another language that interests you. But you still have to write a dictionary of lexemes to give to lex, as well as a grammer to give to yacc. Grammars are based on formal language and automata theories. Again, it’s impossible to explain this to somebody who has no exposure to it at all. I can’t even answer his question intelligently.

What I will say is this:

I’ve interviewed enough people in my time that I think I’ve noticed a pattern. I’m curious what you guys think.

The higher the GPA, the less such people seem able to do out-of-the-box or even off-the-cuff thinking.

I think my overall GPA was 2.76 and in my major it was a little lower (because of required math classes I really didn’t like or find stimulating). I was bored out of my mind most of the time, and I spent a lot of time playing with other things.  

I’d prefer to hire people with similar GPAs and avoid those with 3.4 and higher, since they can’t seem to figure out how to break out of a paper bag given a few nominal restrictions. (Yes, it’s a generalization, but that’s what I’ve found.)

What got me hired at Intel, my first job out of college, was a paper I was encouraged to write and present as a “student entry” at a local ACM Conference about work I was doing in the Psych Dept related to the (real-time) control software I’d maintained for my junior and senior years. In hindsight, it was roughly the equivalent of a Master’s Thesis in Computer Science, a field for which ASU didn’t even have a CS major at the time! I was the only person Intel hired from ASU that year, even though they interviewed almost 50 people. 

Ironically, the recruiting folks at ASU wouldn’t even let me sign up for an interview with Intel! I literally had to show up and shove my resume into the hands of one of the recruiters when he came out of his interview room in order to get an interview.

-David Schwartz



> On Jan 23, 2018, at 11:07 AM, Steve Litt <slitt at troubleshooters.com> wrote:
> 
> On Tue, 23 Jan 2018 10:02:13 +0000 (UTC)
> David Schwartz <newsletters at thetoolwiz.com> wrote:
> 
>> The fallacy here is that a HS dropout who’s been building homes for
>> 30 years could build a home as nice as any Architect just a couple of
>> years out of school.
> 
> That's not the fallacy. Nobody said anything about high school
> dropouts. What was being discussed were people who love to code. My
> experience tells me most of these people are college grads, although
> non Comp-Sci degrees. For whatever reason, a lot seem to ride bicycles
> and/or play musical instruments. I've known only one HS dropout who was
> a programmer. The comparison here is NOT between average HS dropouts
> and people with relevant engineering degrees.
> 
> The other thing is, a software product is a very different thing than a
> building.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/a047e4b1/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 14:19:41 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 16:19:41 -0500
Subject: hardware error
In-Reply-To: <CAH1v-qgQCc7j-vqixEJadicFuXqJHfLHZteiAt5AFYEvHiuM8g@mail.gmail.com>
References: <CAFRvun+Ki_bCBPLTtmOXVxpiR7tAHXiHnJAR00NC=CRQuxAm0g@mail.gmail.com>
 <CAFRvunKXsVwCds1U=TeUPEuiMmC5o5=uVUP-McsmAPL48wrhyA@mail.gmail.com>
 <CAH1v-qgQCc7j-vqixEJadicFuXqJHfLHZteiAt5AFYEvHiuM8g@mail.gmail.com>
Message-ID: <CAFRvunKT-==4Ndq7j8hJWe3S3B+NS3X4RmS93s9mYykefQFYDQ@mail.gmail.com>

It is a lenovo. I went into bios and tried resetting it to default but that
didn't help a bit. It opens the screen asking which os to load (sometimes)
then it asks for a password. Then the os icon pops up (Linux MInt) as the
os loads and finally it asks for the password again (all normal). The muse
pad does not work and the keyboard is sometimes completely dead and when it
is not one of the keys is stuck on. I figured out to try the wireless mouse
and so I clicked the on-screen keyboard option which allows me to log in.
But when I get to the os I can't press a button because it will be stuck on
if I do so. As a last resort I will get a wireless keyboard/mouse and just
do my best not to hit a button.... or else is there a way to deactivate the
mouse from the os?

On Sat, Jan 27, 2018 at 3:51 PM, Andrew McRobb <andrewmcrobb at gmail.com>
wrote:

> Hard to say. What sort of laptop are we talking about? -- Are you able to
> get into BIOs at least?
>
> Andrew McRobb
> Full-time Software Developer
> Part-time Freelancer
> mcrobb.info
>
> On Sat, Jan 27, 2018 at 8:01 AM, Michael <bmike1 at gmail.com> wrote:
>
>> well... when I try to type things the key gets stuck or the mouse and
>> keyboard don't work
>>
>> On Sat, Jan 27, 2018 at 9:53 AM, Michael <bmike1 at gmail.com> wrote:
>>
>>> I turned the laptop on this morning and logged in. After the os loaded
>>> it was as if a key got stuck. So i did a hard reboot and after the login
>>> screen appeared nothing would type and the mouse no longer works. Is there
>>> anything I can do to fix it?
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/89c17687/attachment.html>

From cryptworks at gmail.com  Sat Jan 27 14:54:00 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sat, 27 Jan 2018 14:54:00 -0700
Subject: What is the best printer for the price?
In-Reply-To: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
Message-ID: <CACS_G9woZRZFaagd+tXSgCFb=PoziZj5LHmDFL4+fwsC9zAL4g@mail.gmail.com>

what do you want it to do. and what is your price point?

On Sat, Jan 27, 2018 at 10:44 AM, Michael <bmike1 at gmail.com> wrote:

> I can get HP or Canon.
> HP:
> CM2320
> CP2025
> Canon color image class:
> LBP7200C
> LBP7200Cd
> LBP7200CN
> LBP7200Cdn
> LBP7210Cdn
> LBP7600C
> LBP7660Cdn
> LBP7680Cx
> 8350Cdn
> MF8380Cdw
> MF8580Cdw
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/a6ef78c5/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 15:08:07 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 17:08:07 -0500
Subject: What is the best printer for the price?
In-Reply-To: <CACS_G9woZRZFaagd+tXSgCFb=PoziZj5LHmDFL4+fwsC9zAL4g@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CACS_G9woZRZFaagd+tXSgCFb=PoziZj5LHmDFL4+fwsC9zAL4g@mail.gmail.com>
Message-ID: <CAFRvun+2FwW2NJgJu-8D6QAsqT1mZHH_+dPcnnHtkH3aPXfGcA@mail.gmail.com>

just a business machine....
price point- best quality for as cheap

On Sat, Jan 27, 2018 at 4:54 PM, Stephen Partington <cryptworks at gmail.com>
wrote:

> what do you want it to do. and what is your price point?
>
> On Sat, Jan 27, 2018 at 10:44 AM, Michael <bmike1 at gmail.com> wrote:
>
>> I can get HP or Canon.
>> HP:
>> CM2320
>> CP2025
>> Canon color image class:
>> LBP7200C
>> LBP7200Cd
>> LBP7200CN
>> LBP7200Cdn
>> LBP7210Cdn
>> LBP7600C
>> LBP7660Cdn
>> LBP7680Cx
>> 8350Cdn
>> MF8380Cdw
>> MF8580Cdw
>>
>> --
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/1d6c4708/attachment.html>

From mark at phillipsmarketing.biz  Sat Jan 27 15:52:46 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Sat, 27 Jan 2018 15:52:46 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
Message-ID: <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>

I just tried to open my KeePass2 database with KeePassX, and got the error
message - Wrong signature.

I keep my database on Dropbox and a key file on my hard drive. When I used
KeePassX to access the database on Dropbox, it did not show up in the file
finder until I selected all files. The database is .kdbx. I entered the
location of the database key file when prompted, and then entered my
password. That is when I go the error message.

Are these two programs compatible, or am I stuck with the Windows/wine for
my existing password repository?

I looked at the import options for KeePassX, and all I see are KeePassX
(xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.

Thanks!

Mark

On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:

> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop I
> have the file saved in the directory that NextCloud syncs and then have
> KeePass2Android also grab it from Nextcloud. Works great.
>
> Ted
>
> On 01/02/2018 01:13 PM, der.hans wrote:
>
> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>
> moin moin Mark,
>
> I sync my files manually. Last I looked KeePassX still didn't have a
> viable sync option. A sync tool was probably the plugin I considered.
>
> Missing features include a tool for syncing files, a tool for exporting
> password sets and a use anywhere random stringerator.
>
> All easy to work around for an individual, but the sync features would
> help a lot of team use.
>
> ciao,
>
> der.hans
>
> I forgot to add that I also use KeePass2Android, and I forget how the two
> stay synchronized. But it works well.
>
> Maybe I will download the two, KeePassX and KeePassDroid, and see if they
> can read my KeePass2 database.
>
> Mark
>
> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
> <dev at snitselaar.org>
> wrote:
>
> On Tue Jan 02 18, Carruth, Rusty wrote:
>
> My only interaction with the KeePas* suite resulted in not being able to
> read the database after an upgrade/update/something.
>
> I don’t remember which it was (2, x, whatever).  The machine is at home.
> I’ll have to look, but I’m hoping we’ll get some reaction and info that
> maybe will point to a solution for me as well…
>
>
>
> There is an action in the database menu to import a keepass 1 format
> database. Perhaps the issue was that. I have a vague recollection of
> running into that at some point.
>
>
>
>
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
> <plug-discuss-bounces at lists.phxlinux.org>] On
> Behalf Of Mark Phillips
> Sent: Tuesday, January 02, 2018 9:50 AM
> To: Main PLUG discussion list
> Subject: KeePass2 versus KeePassX
>
> Happy New Year to everyone!!
>
> I have been using KeePass2 on my Ubuntu machine for over 10 years
> (through wine), and I just discovered KeePassX as a native application. I
> use Keepass2 primarily as a password backup, as I also use LastPass with
> the chrome extension for my day to day password manager.
>
> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>
> I found in one post that the differences that the database files are
> binary compatible. (https://superuser.com/questio
> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
> confirm this?
>
> The only other difference (other that GUI related stuff) is that KeePass2
> has plugins and KeePassX does not. I am not using any plugins now. Are
> there any that you think are really valuable to have, and would be a
> reason
> not to switch?
>
> Should I switch to KeePassX? I am assuming I can get rid of wine and save
> some disk space, and run a native application instead of a wine
> application.
>
> Thanks!
>
> Mark
>
>
>
> ---------------------------------------------------
>
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/7e2130e0/attachment.html>

From mark at phillipsmarketing.biz  Sat Jan 27 15:55:21 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Sat, 27 Jan 2018 15:55:21 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
Message-ID: <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>

Never mind...I found this project which converts KeePass2 files to KeePassX
files. https://github.com/dvorka/keepass2-to-keepassx

Not sure I want to trust the process, as I would have no idea how to make
sure "something wasn't lost in the translation."

Mark

On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> I just tried to open my KeePass2 database with KeePassX, and got the error
> message - Wrong signature.
>
> I keep my database on Dropbox and a key file on my hard drive. When I used
> KeePassX to access the database on Dropbox, it did not show up in the file
> finder until I selected all files. The database is .kdbx. I entered the
> location of the database key file when prompted, and then entered my
> password. That is when I go the error message.
>
> Are these two programs compatible, or am I stuck with the Windows/wine for
> my existing password repository?
>
> I looked at the import options for KeePassX, and all I see are KeePassX
> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>
> Thanks!
>
> Mark
>
> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>
>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop
>> I have the file saved in the directory that NextCloud syncs and then have
>> KeePass2Android also grab it from Nextcloud. Works great.
>>
>> Ted
>>
>> On 01/02/2018 01:13 PM, der.hans wrote:
>>
>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>
>> moin moin Mark,
>>
>> I sync my files manually. Last I looked KeePassX still didn't have a
>> viable sync option. A sync tool was probably the plugin I considered.
>>
>> Missing features include a tool for syncing files, a tool for exporting
>> password sets and a use anywhere random stringerator.
>>
>> All easy to work around for an individual, but the sync features would
>> help a lot of team use.
>>
>> ciao,
>>
>> der.hans
>>
>> I forgot to add that I also use KeePass2Android, and I forget how the two
>> stay synchronized. But it works well.
>>
>> Maybe I will download the two, KeePassX and KeePassDroid, and see if they
>> can read my KeePass2 database.
>>
>> Mark
>>
>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>> <dev at snitselaar.org>
>> wrote:
>>
>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>
>> My only interaction with the KeePas* suite resulted in not being able to
>> read the database after an upgrade/update/something.
>>
>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>> maybe will point to a solution for me as well…
>>
>>
>>
>> There is an action in the database menu to import a keepass 1 format
>> database. Perhaps the issue was that. I have a vague recollection of
>> running into that at some point.
>>
>>
>>
>>
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>> <plug-discuss-bounces at lists.phxlinux.org>] On
>> Behalf Of Mark Phillips
>> Sent: Tuesday, January 02, 2018 9:50 AM
>> To: Main PLUG discussion list
>> Subject: KeePass2 versus KeePassX
>>
>> Happy New Year to everyone!!
>>
>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>> (through wine), and I just discovered KeePassX as a native application. I
>> use Keepass2 primarily as a password backup, as I also use LastPass with
>> the chrome extension for my day to day password manager.
>>
>> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>>
>> I found in one post that the differences that the database files are
>> binary compatible. (https://superuser.com/questio
>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
>> confirm this?
>>
>> The only other difference (other that GUI related stuff) is that KeePass2
>> has plugins and KeePassX does not. I am not using any plugins now. Are
>> there any that you think are really valuable to have, and would be a
>> reason
>> not to switch?
>>
>> Should I switch to KeePassX? I am assuming I can get rid of wine and save
>> some disk space, and run a native application instead of a wine
>> application.
>>
>> Thanks!
>>
>> Mark
>>
>>
>>
>> ---------------------------------------------------
>>
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/ab569029/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 17:45:01 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 19:45:01 -0500
Subject: I now am on a Chromebook trying to d/l Libre Office
Message-ID: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>

How do I run libreoffice on a Chromebook?

-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/61ae3c94/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 18:04:38 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 20:04:38 -0500
Subject: What is the best printer for the price?
In-Reply-To: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
Message-ID: <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>

these are the printers the cartridges will work with

On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com> wrote:

> I can get HP or Canon.
> HP:
> CM2320
> CP2025
> Canon color image class:
> LBP7200C
> LBP7200Cd
> LBP7200CN
> LBP7200Cdn
> LBP7210Cdn
> LBP7600C
> LBP7660Cdn
> LBP7680Cx
> 8350Cdn
> MF8380Cdw
> MF8580Cdw
>
> --
> :-)~MIKE~(-:
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/fce204db/attachment.html>

From cryptworks at gmail.com  Sat Jan 27 18:48:17 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sat, 27 Jan 2018 18:48:17 -0700
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
Message-ID: <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>

​hack it or install linux. or find someone that does collabora online.

Chromebooks are BROWSER dedicated machines.​

On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com> wrote:

> How do I run libreoffice on a Chromebook?
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/b554429d/attachment.html>

From brian at snaptek.com  Sat Jan 27 18:49:49 2018
From: brian at snaptek.com (Brian Cluff)
Date: Sat, 27 Jan 2018 18:49:49 -0700
Subject: What is the best printer for the price?
In-Reply-To: <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
Message-ID: <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>

Look for printers with at least all the features you want.  Then look at 
the yield you get per cartridge and divide that by the cartridges price 
and eliminate the most expensive yields.  Keep in mind that the more 
expensive cartridges can be the cheapest ones if the yield is high.
Then check the printers that are left and see if their cartridges 
require chips and if so has it been reverse engineered.  You want to 
make sure that 3rd party cartridges are available.  If there aren't any, 
the printer manufacturer can decide when your printer is obsolete, so 
eliminate those too.  Lean towards cartridges that aren't chipped at 
all; you don't want the manufacturer to sue the 3rd party guys and make 
your future supply go away... not to mention shame on them for chipping 
the carts in the first place.
Lastly check to make sure that there aren't any weird hoops you need to 
jump through to make it work on Linux.

Once you've gone through all that, pick the best one left... or the 
prettiest one... whatever tickles your fancy.

Brian Cluff


On 01/27/2018 06:04 PM, Michael wrote:
> these are the printers the cartridges will work with
>
> On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com 
> <mailto:bmike1 at gmail.com>> wrote:
>
>     I can get HP or Canon.
>     HP:
>     CM2320
>     CP2025
>     Canon color image class:
>     LBP7200C
>     LBP7200Cd
>     LBP7200CN
>     LBP7200Cdn
>     LBP7210Cdn
>     LBP7600C
>     LBP7660Cdn
>     LBP7680Cx
>     8350Cdn
>     MF8380Cdw
>     MF8580Cdw
>
>     -- 
>     :-)~MIKE~(-:
>
>
>
>
> -- 
> :-)~MIKE~(-:
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/c2ee9794/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 19:21:39 2018
From: bmike1 at gmail.com (Michael)
Date: Sat, 27 Jan 2018 21:21:39 -0500
Subject: What is the best printer for the price?
In-Reply-To: <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
 <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>
Message-ID: <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>

thankssss guys

On Sat, Jan 27, 2018 at 8:49 PM, Brian Cluff <brian at snaptek.com> wrote:

> Look for printers with at least all the features you want.  Then look at
> the yield you get per cartridge and divide that by the cartridges price and
> eliminate the most expensive yields.  Keep in mind that the more expensive
> cartridges can be the cheapest ones if the yield is high.
> Then check the printers that are left and see if their cartridges require
> chips and if so has it been reverse engineered.  You want to make sure that
> 3rd party cartridges are available.  If there aren't any, the printer
> manufacturer can decide when your printer is obsolete, so eliminate those
> too.  Lean towards cartridges that aren't chipped at all; you don't want
> the manufacturer to sue the 3rd party guys and make your future supply go
> away... not to mention shame on them for chipping the carts in the first
> place.
> Lastly check to make sure that there aren't any weird hoops you need to
> jump through to make it work on Linux.
>
> Once you've gone through all that, pick the best one left... or the
> prettiest one... whatever tickles your fancy.
>
> Brian Cluff
>
>
>
> On 01/27/2018 06:04 PM, Michael wrote:
>
> these are the printers the cartridges will work with
>
> On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com> wrote:
>
>> I can get HP or Canon.
>> HP:
>> CM2320
>> CP2025
>> Canon color image class:
>> LBP7200C
>> LBP7200Cd
>> LBP7200CN
>> LBP7200Cdn
>> LBP7210Cdn
>> LBP7600C
>> LBP7660Cdn
>> LBP7680Cx
>> 8350Cdn
>> MF8380Cdw
>> MF8580Cdw
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/39a9f8c2/attachment.html>

From cryptworks at gmail.com  Sat Jan 27 19:32:13 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sat, 27 Jan 2018 19:32:13 -0700
Subject: What is the best printer for the price?
In-Reply-To: <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
 <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>
 <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>
Message-ID: <CACS_G9wmuT=RWtmBFpSAH0fH_X0Q8ewJmoKf1B3XHNh5k+FpXA@mail.gmail.com>

I have for work/office Brother printers are very good value


On Sat, Jan 27, 2018 at 7:21 PM, Michael <bmike1 at gmail.com> wrote:

> thankssss guys
>
> On Sat, Jan 27, 2018 at 8:49 PM, Brian Cluff <brian at snaptek.com> wrote:
>
>> Look for printers with at least all the features you want.  Then look at
>> the yield you get per cartridge and divide that by the cartridges price and
>> eliminate the most expensive yields.  Keep in mind that the more expensive
>> cartridges can be the cheapest ones if the yield is high.
>> Then check the printers that are left and see if their cartridges require
>> chips and if so has it been reverse engineered.  You want to make sure that
>> 3rd party cartridges are available.  If there aren't any, the printer
>> manufacturer can decide when your printer is obsolete, so eliminate those
>> too.  Lean towards cartridges that aren't chipped at all; you don't want
>> the manufacturer to sue the 3rd party guys and make your future supply go
>> away... not to mention shame on them for chipping the carts in the first
>> place.
>> Lastly check to make sure that there aren't any weird hoops you need to
>> jump through to make it work on Linux.
>>
>> Once you've gone through all that, pick the best one left... or the
>> prettiest one... whatever tickles your fancy.
>>
>> Brian Cluff
>>
>>
>>
>> On 01/27/2018 06:04 PM, Michael wrote:
>>
>> these are the printers the cartridges will work with
>>
>> On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com> wrote:
>>
>>> I can get HP or Canon.
>>> HP:
>>> CM2320
>>> CP2025
>>> Canon color image class:
>>> LBP7200C
>>> LBP7200Cd
>>> LBP7200CN
>>> LBP7200Cdn
>>> LBP7210Cdn
>>> LBP7600C
>>> LBP7660Cdn
>>> LBP7680Cx
>>> 8350Cdn
>>> MF8380Cdw
>>> MF8580Cdw
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/7dbee2dc/attachment.html>

From daniel at genericinbox.com  Sat Jan 27 19:38:32 2018
From: daniel at genericinbox.com (Daniel Stasinski)
Date: Sat, 27 Jan 2018 19:38:32 -0700
Subject: What is the best printer for the price?
In-Reply-To: <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
 <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>
 <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>
Message-ID: <CAL_oeF3QxuLh=YwyqU=EobvrkGCgs-cWJCDPoopmOF2XG+hFYw@mail.gmail.com>

Just as an aside, avoid printers that have the ink nozzles built in.  When
the nozzles clog, there is a self-cleaning feature but you can burn through
an entire cartridge doing the clean.

*Daniel P. Stasinski*
daniel at GenericInbox.com
I 💛✞

On Sat, Jan 27, 2018 at 7:21 PM, Michael <bmike1 at gmail.com> wrote:

> thankssss guys
>
> On Sat, Jan 27, 2018 at 8:49 PM, Brian Cluff <brian at snaptek.com> wrote:
>
>> Look for printers with at least all the features you want.  Then look at
>> the yield you get per cartridge and divide that by the cartridges price and
>> eliminate the most expensive yields.  Keep in mind that the more expensive
>> cartridges can be the cheapest ones if the yield is high.
>> Then check the printers that are left and see if their cartridges require
>> chips and if so has it been reverse engineered.  You want to make sure that
>> 3rd party cartridges are available.  If there aren't any, the printer
>> manufacturer can decide when your printer is obsolete, so eliminate those
>> too.  Lean towards cartridges that aren't chipped at all; you don't want
>> the manufacturer to sue the 3rd party guys and make your future supply go
>> away... not to mention shame on them for chipping the carts in the first
>> place.
>> Lastly check to make sure that there aren't any weird hoops you need to
>> jump through to make it work on Linux.
>>
>> Once you've gone through all that, pick the best one left... or the
>> prettiest one... whatever tickles your fancy.
>>
>> Brian Cluff
>>
>>
>>
>> On 01/27/2018 06:04 PM, Michael wrote:
>>
>> these are the printers the cartridges will work with
>>
>> On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com> wrote:
>>
>>> I can get HP or Canon.
>>> HP:
>>> CM2320
>>> CP2025
>>> Canon color image class:
>>> LBP7200C
>>> LBP7200Cd
>>> LBP7200CN
>>> LBP7200Cdn
>>> LBP7210Cdn
>>> LBP7600C
>>> LBP7660Cdn
>>> LBP7680Cx
>>> 8350Cdn
>>> MF8380Cdw
>>> MF8580Cdw
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/a91fbec3/attachment.html>

From phil.waclawski at mesacc.edu  Sat Jan 27 21:12:47 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Sat, 27 Jan 2018 21:12:47 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
Message-ID: <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>

There should be a keepass2 option for your OS, that is what I install and
use on Kubuntu, and I know it is fully compatible with the windows keepass2.

Phil W

On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> Never mind...I found this project which converts KeePass2 files to
> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>
> Not sure I want to trust the process, as I would have no idea how to make
> sure "something wasn't lost in the translation."
>
> Mark
>
> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <mark at phillipsmarketing.biz
> > wrote:
>
>> I just tried to open my KeePass2 database with KeePassX, and got the
>> error message - Wrong signature.
>>
>> I keep my database on Dropbox and a key file on my hard drive. When I
>> used KeePassX to access the database on Dropbox, it did not show up in the
>> file finder until I selected all files. The database is .kdbx. I entered
>> the location of the database key file when prompted, and then entered my
>> password. That is when I go the error message.
>>
>> Are these two programs compatible, or am I stuck with the Windows/wine
>> for my existing password repository?
>>
>> I looked at the import options for KeePassX, and all I see are KeePassX
>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>
>> Thanks!
>>
>> Mark
>>
>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>
>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop
>>> I have the file saved in the directory that NextCloud syncs and then have
>>> KeePass2Android also grab it from Nextcloud. Works great.
>>>
>>> Ted
>>>
>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>
>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>
>>> moin moin Mark,
>>>
>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>> viable sync option. A sync tool was probably the plugin I considered.
>>>
>>> Missing features include a tool for syncing files, a tool for exporting
>>> password sets and a use anywhere random stringerator.
>>>
>>> All easy to work around for an individual, but the sync features would
>>> help a lot of team use.
>>>
>>> ciao,
>>>
>>> der.hans
>>>
>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>> two
>>> stay synchronized. But it works well.
>>>
>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>> they
>>> can read my KeePass2 database.
>>>
>>> Mark
>>>
>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>> <dev at snitselaar.org>
>>> wrote:
>>>
>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>
>>> My only interaction with the KeePas* suite resulted in not being able to
>>> read the database after an upgrade/update/something.
>>>
>>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>>> maybe will point to a solution for me as well…
>>>
>>>
>>>
>>> There is an action in the database menu to import a keepass 1 format
>>> database. Perhaps the issue was that. I have a vague recollection of
>>> running into that at some point.
>>>
>>>
>>>
>>>
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>> Behalf Of Mark Phillips
>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>> To: Main PLUG discussion list
>>> Subject: KeePass2 versus KeePassX
>>>
>>> Happy New Year to everyone!!
>>>
>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>> (through wine), and I just discovered KeePassX as a native application.
>>> I
>>> use Keepass2 primarily as a password backup, as I also use LastPass with
>>> the chrome extension for my day to day password manager.
>>>
>>> I have a couple of questions about moving from KeePass2/wine to
>>> KeePassX.
>>>
>>> I found in one post that the differences that the database files are
>>> binary compatible. (https://superuser.com/questio
>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>> anyone
>>> confirm this?
>>>
>>> The only other difference (other that GUI related stuff) is that
>>> KeePass2
>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>> there any that you think are really valuable to have, and would be a
>>> reason
>>> not to switch?
>>>
>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>> save
>>> some disk space, and run a native application instead of a wine
>>> application.
>>>
>>> Thanks!
>>>
>>> Mark
>>>
>>>
>>>
>>> ---------------------------------------------------
>>>
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/0970218a/attachment.html>

From phil.waclawski at mesacc.edu  Sat Jan 27 21:14:33 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Sat, 27 Jan 2018 21:14:33 -0700
Subject: What is the best printer for the price?
In-Reply-To: <CAL_oeF3QxuLh=YwyqU=EobvrkGCgs-cWJCDPoopmOF2XG+hFYw@mail.gmail.com>
References: <CAFRvunKEsHnp3_8m00tKeo=74brmjZMbp0u9S63_5+bnd6mJ+Q@mail.gmail.com>
 <CAFRvunLy9jn9WRYRp8y+ZXUtsi5nxy=1Dd4KCpYTG4urdv7Z1Q@mail.gmail.com>
 <c2f7030d-3bfb-fc8b-f90f-0a99df5976af@snaptek.com>
 <CAFRvunJHNvJ7VTmGMG78cD39xNUxO9pGk02DNhdDH8SQfVHAkw@mail.gmail.com>
 <CAL_oeF3QxuLh=YwyqU=EobvrkGCgs-cWJCDPoopmOF2XG+hFYw@mail.gmail.com>
Message-ID: <CALrwmX=YY1DG9K1sPMNKbvnn_HfgWiOmg+BkGYNu9+KEF4J4yw@mail.gmail.com>

Considering how dry it is here in Aridzona, unless you do a lot of printing
or print several times a week, I'd go for a laser printer. I've had too
many of those ink cartridges dry up before I can print enough to make them
useful.

Phil W

On Sat, Jan 27, 2018 at 7:38 PM, Daniel Stasinski <daniel at genericinbox.com>
wrote:

>
> Just as an aside, avoid printers that have the ink nozzles built in.  When
> the nozzles clog, there is a self-cleaning feature but you can burn through
> an entire cartridge doing the clean.
>
> *Daniel P. Stasinski*
> daniel at GenericInbox.com
> I 💛✞
>
> On Sat, Jan 27, 2018 at 7:21 PM, Michael <bmike1 at gmail.com> wrote:
>
>> thankssss guys
>>
>> On Sat, Jan 27, 2018 at 8:49 PM, Brian Cluff <brian at snaptek.com> wrote:
>>
>>> Look for printers with at least all the features you want.  Then look at
>>> the yield you get per cartridge and divide that by the cartridges price and
>>> eliminate the most expensive yields.  Keep in mind that the more expensive
>>> cartridges can be the cheapest ones if the yield is high.
>>> Then check the printers that are left and see if their cartridges
>>> require chips and if so has it been reverse engineered.  You want to make
>>> sure that 3rd party cartridges are available.  If there aren't any, the
>>> printer manufacturer can decide when your printer is obsolete, so eliminate
>>> those too.  Lean towards cartridges that aren't chipped at all; you don't
>>> want the manufacturer to sue the 3rd party guys and make your future supply
>>> go away... not to mention shame on them for chipping the carts in the first
>>> place.
>>> Lastly check to make sure that there aren't any weird hoops you need to
>>> jump through to make it work on Linux.
>>>
>>> Once you've gone through all that, pick the best one left... or the
>>> prettiest one... whatever tickles your fancy.
>>>
>>> Brian Cluff
>>>
>>>
>>>
>>> On 01/27/2018 06:04 PM, Michael wrote:
>>>
>>> these are the printers the cartridges will work with
>>>
>>> On Sat, Jan 27, 2018 at 12:44 PM, Michael <bmike1 at gmail.com> wrote:
>>>
>>>> I can get HP or Canon.
>>>> HP:
>>>> CM2320
>>>> CP2025
>>>> Canon color image class:
>>>> LBP7200C
>>>> LBP7200Cd
>>>> LBP7200CN
>>>> LBP7200Cdn
>>>> LBP7210Cdn
>>>> LBP7600C
>>>> LBP7660Cdn
>>>> LBP7680Cx
>>>> 8350Cdn
>>>> MF8380Cdw
>>>> MF8580Cdw
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>
>>>
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/599be012/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 22:25:57 2018
From: bmike1 at gmail.com (Michael)
Date: Sun, 28 Jan 2018 00:25:57 -0500
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
 <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
Message-ID: <CAFRvunKX8EDgn3xsYR-q-tZm46x7ZA97dXmysCwFDWO6N_HM-w@mail.gmail.com>

because it is a browser machine is why I recommended it to my lady. I sure
wish my machine's hardware didn't decide to die. I think it strange that
both the mouse and keyboaed died at the same time.

On Sat, Jan 27, 2018 at 8:48 PM, Stephen Partington <cryptworks at gmail.com>
wrote:

> ​hack it or install linux. or find someone that does collabora online.
>
> Chromebooks are BROWSER dedicated machines.​
>
> On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com> wrote:
>
>> How do I run libreoffice on a Chromebook?
>>
>> --
>> :-)~MIKE~(-:
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/2cebecac/attachment.html>

From bmike1 at gmail.com  Sat Jan 27 22:29:22 2018
From: bmike1 at gmail.com (Michael)
Date: Sun, 28 Jan 2018 00:29:22 -0500
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CAFRvunKX8EDgn3xsYR-q-tZm46x7ZA97dXmysCwFDWO6N_HM-w@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
 <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
 <CAFRvunKX8EDgn3xsYR-q-tZm46x7ZA97dXmysCwFDWO6N_HM-w@mail.gmail.com>
Message-ID: <CAFRvunL7Jyyx6BvCV_jdvum+MYdqZ4gABRoB5LNZdiE_11jnBQ@mail.gmail.com>

How do I install linux on it? I thought the hd made it useless for anything

On Sun, Jan 28, 2018 at 12:25 AM, Michael <bmike1 at gmail.com> wrote:

> because it is a browser machine is why I recommended it to my lady. I sure
> wish my machine's hardware didn't decide to die. I think it strange that
> both the mouse and keyboaed died at the same time.
>
> On Sat, Jan 27, 2018 at 8:48 PM, Stephen Partington <cryptworks at gmail.com>
> wrote:
>
>> ​hack it or install linux. or find someone that does collabora online.
>>
>> Chromebooks are BROWSER dedicated machines.​
>>
>> On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com> wrote:
>>
>>> How do I run libreoffice on a Chromebook?
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> :-)~MIKE~(-:
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/1396812f/attachment.html>

From toddc at azloco.com  Sat Jan 27 22:35:28 2018
From: toddc at azloco.com (Todd Cole)
Date: Sat, 27 Jan 2018 22:35:28 -0700
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CAFRvunL7Jyyx6BvCV_jdvum+MYdqZ4gABRoB5LNZdiE_11jnBQ@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
 <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
 <CAFRvunKX8EDgn3xsYR-q-tZm46x7ZA97dXmysCwFDWO6N_HM-w@mail.gmail.com>
 <CAFRvunL7Jyyx6BvCV_jdvum+MYdqZ4gABRoB5LNZdiE_11jnBQ@mail.gmail.com>
Message-ID: <CAEEgqr=-KBcp-6WEqzB7CaxpZuwSneFZ8guj2YwQAicDR8qPgg@mail.gmail.com>

might try booting it to a live distro to eliminate software issues if it
works ........

On Sat, Jan 27, 2018 at 10:29 PM, Michael <bmike1 at gmail.com> wrote:

> How do I install linux on it? I thought the hd made it useless for
> anything
>
> On Sun, Jan 28, 2018 at 12:25 AM, Michael <bmike1 at gmail.com> wrote:
>
>> because it is a browser machine is why I recommended it to my lady. I
>> sure wish my machine's hardware didn't decide to die. I think it strange
>> that both the mouse and keyboaed died at the same time.
>>
>> On Sat, Jan 27, 2018 at 8:48 PM, Stephen Partington <cryptworks at gmail.com
>> > wrote:
>>
>>> ​hack it or install linux. or find someone that does collabora online.
>>>
>>> Chromebooks are BROWSER dedicated machines.​
>>>
>>> On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com> wrote:
>>>
>>>> How do I run libreoffice on a Chromebook?
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> A mouse trap, placed on top of your alarm clock, will prevent you from
>>> rolling over and going back to sleep after you hit the snooze button.
>>>
>>> Stephen
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
Todd Cole
Ubuntu Arizona Team
4605 S PRIEST DR LOT 3
TEMPE AZ  85282-6507
toddc at azloco.com
602-677-9402
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/85d09d2a/attachment.html>

From cryptworks at gmail.com  Sat Jan 27 22:35:24 2018
From: cryptworks at gmail.com (Stephen Partington)
Date: Sat, 27 Jan 2018 22:35:24 -0700
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CAFRvunL7Jyyx6BvCV_jdvum+MYdqZ4gABRoB5LNZdiE_11jnBQ@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
 <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
 <CAFRvunKX8EDgn3xsYR-q-tZm46x7ZA97dXmysCwFDWO6N_HM-w@mail.gmail.com>
 <CAFRvunL7Jyyx6BvCV_jdvum+MYdqZ4gABRoB5LNZdiE_11jnBQ@mail.gmail.com>
Message-ID: <CACS_G9w4XsCGQnaVN5rp+GRg7vbLzBkHg2SVABfNG3mcUVOXKA@mail.gmail.com>

well if it is like most laptops the mouse is connected to the keyboard. so
if the keyboard goes then so does the mouse.

PS look up crouton. It is your path to Linux on the chromebook.

On Sat, Jan 27, 2018 at 10:29 PM, Michael <bmike1 at gmail.com> wrote:

> How do I install linux on it? I thought the hd made it useless for
> anything
>
> On Sun, Jan 28, 2018 at 12:25 AM, Michael <bmike1 at gmail.com> wrote:
>
>> because it is a browser machine is why I recommended it to my lady. I
>> sure wish my machine's hardware didn't decide to die. I think it strange
>> that both the mouse and keyboaed died at the same time.
>>
>> On Sat, Jan 27, 2018 at 8:48 PM, Stephen Partington <cryptworks at gmail.com
>> > wrote:
>>
>>> ​hack it or install linux. or find someone that does collabora online.
>>>
>>> Chromebooks are BROWSER dedicated machines.​
>>>
>>> On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com> wrote:
>>>
>>>> How do I run libreoffice on a Chromebook?
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> A mouse trap, placed on top of your alarm clock, will prevent you from
>>> rolling over and going back to sleep after you hit the snooze button.
>>>
>>> Stephen
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> :-)~MIKE~(-:
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180127/3a4b6e97/attachment.html>

From mark at phillipsmarketing.biz  Sun Jan 28 13:50:30 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Sun, 28 Jan 2018 13:50:30 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
Message-ID: <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>

The keepass2 is from the Ubuntu repository. I believe it is the windows
version as it runs in wine, and the ui looks very windows.

Mark

On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu> wrote:

> There should be a keepass2 option for your OS, that is what I install and
> use on Kubuntu, and I know it is fully compatible with the windows keepass2.
>
> Phil W
>
> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <mark at phillipsmarketing.biz
> > wrote:
>
>> Never mind...I found this project which converts KeePass2 files to
>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>
>> Not sure I want to trust the process, as I would have no idea how to make
>> sure "something wasn't lost in the translation."
>>
>> Mark
>>
>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>> error message - Wrong signature.
>>>
>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>> file finder until I selected all files. The database is .kdbx. I entered
>>> the location of the database key file when prompted, and then entered my
>>> password. That is when I go the error message.
>>>
>>> Are these two programs compatible, or am I stuck with the Windows/wine
>>> for my existing password repository?
>>>
>>> I looked at the import options for KeePassX, and all I see are KeePassX
>>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>
>>> Thanks!
>>>
>>> Mark
>>>
>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>
>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>
>>>> Ted
>>>>
>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>
>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>
>>>> moin moin Mark,
>>>>
>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>> viable sync option. A sync tool was probably the plugin I considered.
>>>>
>>>> Missing features include a tool for syncing files, a tool for exporting
>>>> password sets and a use anywhere random stringerator.
>>>>
>>>> All easy to work around for an individual, but the sync features would
>>>> help a lot of team use.
>>>>
>>>> ciao,
>>>>
>>>> der.hans
>>>>
>>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>>> two
>>>> stay synchronized. But it works well.
>>>>
>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>> they
>>>> can read my KeePass2 database.
>>>>
>>>> Mark
>>>>
>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>>> <dev at snitselaar.org>
>>>> wrote:
>>>>
>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>
>>>> My only interaction with the KeePas* suite resulted in not being able
>>>> to
>>>> read the database after an upgrade/update/something.
>>>>
>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>> home.
>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>>>> maybe will point to a solution for me as well…
>>>>
>>>>
>>>>
>>>> There is an action in the database menu to import a keepass 1 format
>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>> running into that at some point.
>>>>
>>>>
>>>>
>>>>
>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>> Behalf Of Mark Phillips
>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>> To: Main PLUG discussion list
>>>> Subject: KeePass2 versus KeePassX
>>>>
>>>> Happy New Year to everyone!!
>>>>
>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>> (through wine), and I just discovered KeePassX as a native application.
>>>> I
>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>> with
>>>> the chrome extension for my day to day password manager.
>>>>
>>>> I have a couple of questions about moving from KeePass2/wine to
>>>> KeePassX.
>>>>
>>>> I found in one post that the differences that the database files are
>>>> binary compatible. (https://superuser.com/questio
>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>> anyone
>>>> confirm this?
>>>>
>>>> The only other difference (other that GUI related stuff) is that
>>>> KeePass2
>>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>>> there any that you think are really valuable to have, and would be a
>>>> reason
>>>> not to switch?
>>>>
>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>> save
>>>> some disk space, and run a native application instead of a wine
>>>> application.
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>>
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/e8da608b/attachment.html>

From phil.waclawski at mesacc.edu  Sun Jan 28 16:06:03 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Sun, 28 Jan 2018 16:06:03 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
Message-ID: <CALrwmXkT3t3CB6+u4PoztGngThqVbTKK6Ov=tGrQEoOVPZcPWw@mail.gmail.com>

It installs mono, as it does need some of the C# type stuff, but it does
not appear to need wine at all.
Phil Waclawski

On Sun, Jan 28, 2018 at 1:50 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> The keepass2 is from the Ubuntu repository. I believe it is the windows
> version as it runs in wine, and the ui looks very windows.
>
> Mark
>
> On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
> wrote:
>
>> There should be a keepass2 option for your OS, that is what I install and
>> use on Kubuntu, and I know it is fully compatible with the windows keepass2.
>>
>> Phil W
>>
>> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> Never mind...I found this project which converts KeePass2 files to
>>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>>
>>> Not sure I want to trust the process, as I would have no idea how to
>>> make sure "something wasn't lost in the translation."
>>>
>>> Mark
>>>
>>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>>> mark at phillipsmarketing.biz> wrote:
>>>
>>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>>> error message - Wrong signature.
>>>>
>>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>>> file finder until I selected all files. The database is .kdbx. I entered
>>>> the location of the database key file when prompted, and then entered my
>>>> password. That is when I go the error message.
>>>>
>>>> Are these two programs compatible, or am I stuck with the Windows/wine
>>>> for my existing password repository?
>>>>
>>>> I looked at the import options for KeePassX, and all I see are KeePassX
>>>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>>
>>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>>
>>>>> Ted
>>>>>
>>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>>
>>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>>
>>>>> moin moin Mark,
>>>>>
>>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>>> viable sync option. A sync tool was probably the plugin I considered.
>>>>>
>>>>> Missing features include a tool for syncing files, a tool for
>>>>> exporting
>>>>> password sets and a use anywhere random stringerator.
>>>>>
>>>>> All easy to work around for an individual, but the sync features would
>>>>> help a lot of team use.
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>>
>>>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>>>> two
>>>>> stay synchronized. But it works well.
>>>>>
>>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>>> they
>>>>> can read my KeePass2 database.
>>>>>
>>>>> Mark
>>>>>
>>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>>>> <dev at snitselaar.org>
>>>>> wrote:
>>>>>
>>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>>
>>>>> My only interaction with the KeePas* suite resulted in not being able
>>>>> to
>>>>> read the database after an upgrade/update/something.
>>>>>
>>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>>> home.
>>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>>> that
>>>>> maybe will point to a solution for me as well…
>>>>>
>>>>>
>>>>>
>>>>> There is an action in the database menu to import a keepass 1 format
>>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>>> running into that at some point.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>>> Behalf Of Mark Phillips
>>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>>> To: Main PLUG discussion list
>>>>> Subject: KeePass2 versus KeePassX
>>>>>
>>>>> Happy New Year to everyone!!
>>>>>
>>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>>> (through wine), and I just discovered KeePassX as a native
>>>>> application. I
>>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>>> with
>>>>> the chrome extension for my day to day password manager.
>>>>>
>>>>> I have a couple of questions about moving from KeePass2/wine to
>>>>> KeePassX.
>>>>>
>>>>> I found in one post that the differences that the database files are
>>>>> binary compatible. (https://superuser.com/questio
>>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>>> anyone
>>>>> confirm this?
>>>>>
>>>>> The only other difference (other that GUI related stuff) is that
>>>>> KeePass2
>>>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>>>> there any that you think are really valuable to have, and would be a
>>>>> reason
>>>>> not to switch?
>>>>>
>>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>>> save
>>>>> some disk space, and run a native application instead of a wine
>>>>> application.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Mark
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>>
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/4897d832/attachment.html>

From phil.waclawski at mesacc.edu  Sun Jan 28 16:10:11 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Sun, 28 Jan 2018 16:10:11 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
Message-ID: <CALrwmX=Ffd1qj99gpw9tQN9yA34A5g+e6apK2MU2235MPok7DQ@mail.gmail.com>

I just checked, and  you are right, it is the .exe version, but when I run
it I do not find any wine process in the ps -ef list.

Very weird,
Phil Waclawski

On Sun, Jan 28, 2018 at 1:50 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> The keepass2 is from the Ubuntu repository. I believe it is the windows
> version as it runs in wine, and the ui looks very windows.
>
> Mark
>
> On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
> wrote:
>
>> There should be a keepass2 option for your OS, that is what I install and
>> use on Kubuntu, and I know it is fully compatible with the windows keepass2.
>>
>> Phil W
>>
>> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> Never mind...I found this project which converts KeePass2 files to
>>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>>
>>> Not sure I want to trust the process, as I would have no idea how to
>>> make sure "something wasn't lost in the translation."
>>>
>>> Mark
>>>
>>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>>> mark at phillipsmarketing.biz> wrote:
>>>
>>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>>> error message - Wrong signature.
>>>>
>>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>>> file finder until I selected all files. The database is .kdbx. I entered
>>>> the location of the database key file when prompted, and then entered my
>>>> password. That is when I go the error message.
>>>>
>>>> Are these two programs compatible, or am I stuck with the Windows/wine
>>>> for my existing password repository?
>>>>
>>>> I looked at the import options for KeePassX, and all I see are KeePassX
>>>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>>
>>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>>
>>>>> Ted
>>>>>
>>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>>
>>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>>
>>>>> moin moin Mark,
>>>>>
>>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>>> viable sync option. A sync tool was probably the plugin I considered.
>>>>>
>>>>> Missing features include a tool for syncing files, a tool for
>>>>> exporting
>>>>> password sets and a use anywhere random stringerator.
>>>>>
>>>>> All easy to work around for an individual, but the sync features would
>>>>> help a lot of team use.
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>>
>>>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>>>> two
>>>>> stay synchronized. But it works well.
>>>>>
>>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>>> they
>>>>> can read my KeePass2 database.
>>>>>
>>>>> Mark
>>>>>
>>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>>>> <dev at snitselaar.org>
>>>>> wrote:
>>>>>
>>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>>
>>>>> My only interaction with the KeePas* suite resulted in not being able
>>>>> to
>>>>> read the database after an upgrade/update/something.
>>>>>
>>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>>> home.
>>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>>> that
>>>>> maybe will point to a solution for me as well…
>>>>>
>>>>>
>>>>>
>>>>> There is an action in the database menu to import a keepass 1 format
>>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>>> running into that at some point.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>>> Behalf Of Mark Phillips
>>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>>> To: Main PLUG discussion list
>>>>> Subject: KeePass2 versus KeePassX
>>>>>
>>>>> Happy New Year to everyone!!
>>>>>
>>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>>> (through wine), and I just discovered KeePassX as a native
>>>>> application. I
>>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>>> with
>>>>> the chrome extension for my day to day password manager.
>>>>>
>>>>> I have a couple of questions about moving from KeePass2/wine to
>>>>> KeePassX.
>>>>>
>>>>> I found in one post that the differences that the database files are
>>>>> binary compatible. (https://superuser.com/questio
>>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>>> anyone
>>>>> confirm this?
>>>>>
>>>>> The only other difference (other that GUI related stuff) is that
>>>>> KeePass2
>>>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>>>> there any that you think are really valuable to have, and would be a
>>>>> reason
>>>>> not to switch?
>>>>>
>>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>>> save
>>>>> some disk space, and run a native application instead of a wine
>>>>> application.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Mark
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>>
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/7b39c7d4/attachment.html>

From phil.waclawski at mesacc.edu  Sun Jan 28 16:11:01 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Sun, 28 Jan 2018 16:11:01 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
Message-ID: <CALrwmXkc=KDx98+wCQC_c4T02bQGbURs4hhzX9fHtEpA_Zcp4Q@mail.gmail.com>

I just checked, and  you are right, it is the KeePass.exe version, but when
I run it I do not find any wine process in the ps -ef list.

Very weird,
Phil Waclawski

On Sun, Jan 28, 2018 at 1:50 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> The keepass2 is from the Ubuntu repository. I believe it is the windows
> version as it runs in wine, and the ui looks very windows.
>
> Mark
>
> On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
> wrote:
>
>> There should be a keepass2 option for your OS, that is what I install and
>> use on Kubuntu, and I know it is fully compatible with the windows keepass2.
>>
>> Phil W
>>
>> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> Never mind...I found this project which converts KeePass2 files to
>>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>>
>>> Not sure I want to trust the process, as I would have no idea how to
>>> make sure "something wasn't lost in the translation."
>>>
>>> Mark
>>>
>>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>>> mark at phillipsmarketing.biz> wrote:
>>>
>>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>>> error message - Wrong signature.
>>>>
>>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>>> file finder until I selected all files. The database is .kdbx. I entered
>>>> the location of the database key file when prompted, and then entered my
>>>> password. That is when I go the error message.
>>>>
>>>> Are these two programs compatible, or am I stuck with the Windows/wine
>>>> for my existing password repository?
>>>>
>>>> I looked at the import options for KeePassX, and all I see are KeePassX
>>>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>>
>>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>>
>>>>> Ted
>>>>>
>>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>>
>>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>>
>>>>> moin moin Mark,
>>>>>
>>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>>> viable sync option. A sync tool was probably the plugin I considered.
>>>>>
>>>>> Missing features include a tool for syncing files, a tool for
>>>>> exporting
>>>>> password sets and a use anywhere random stringerator.
>>>>>
>>>>> All easy to work around for an individual, but the sync features would
>>>>> help a lot of team use.
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>>
>>>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>>>> two
>>>>> stay synchronized. But it works well.
>>>>>
>>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>>> they
>>>>> can read my KeePass2 database.
>>>>>
>>>>> Mark
>>>>>
>>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>>>> <dev at snitselaar.org>
>>>>> wrote:
>>>>>
>>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>>
>>>>> My only interaction with the KeePas* suite resulted in not being able
>>>>> to
>>>>> read the database after an upgrade/update/something.
>>>>>
>>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>>> home.
>>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>>> that
>>>>> maybe will point to a solution for me as well…
>>>>>
>>>>>
>>>>>
>>>>> There is an action in the database menu to import a keepass 1 format
>>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>>> running into that at some point.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>>> Behalf Of Mark Phillips
>>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>>> To: Main PLUG discussion list
>>>>> Subject: KeePass2 versus KeePassX
>>>>>
>>>>> Happy New Year to everyone!!
>>>>>
>>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>>> (through wine), and I just discovered KeePassX as a native
>>>>> application. I
>>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>>> with
>>>>> the chrome extension for my day to day password manager.
>>>>>
>>>>> I have a couple of questions about moving from KeePass2/wine to
>>>>> KeePassX.
>>>>>
>>>>> I found in one post that the differences that the database files are
>>>>> binary compatible. (https://superuser.com/questio
>>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>>> anyone
>>>>> confirm this?
>>>>>
>>>>> The only other difference (other that GUI related stuff) is that
>>>>> KeePass2
>>>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>>>> there any that you think are really valuable to have, and would be a
>>>>> reason
>>>>> not to switch?
>>>>>
>>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>>> save
>>>>> some disk space, and run a native application instead of a wine
>>>>> application.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Mark
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>>
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/7b7dea33/attachment.html>

From mark at phillipsmarketing.biz  Sun Jan 28 16:21:22 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Sun, 28 Jan 2018 16:21:22 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CALrwmXkc=KDx98+wCQC_c4T02bQGbURs4hhzX9fHtEpA_Zcp4Q@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
 <CALrwmXkc=KDx98+wCQC_c4T02bQGbURs4hhzX9fHtEpA_Zcp4Q@mail.gmail.com>
Message-ID: <CAEqej2MGEx2dV_kXvhruj=GtE=K_2HVvc9NnBQGCyCWvdGrKzw@mail.gmail.com>

Since it is a .exe, I just assumed it ran under wine. It also looks like a
Windows app. I could be wrong.

Thanks!

Mark

On Jan 28, 2018 4:11 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu> wrote:

> I just checked, and  you are right, it is the KeePass.exe version, but
> when I run it I do not find any wine process in the ps -ef list.
>
> Very weird,
> Phil Waclawski
>
> On Sun, Jan 28, 2018 at 1:50 PM, Mark Phillips <mark at phillipsmarketing.biz
> > wrote:
>
>> The keepass2 is from the Ubuntu repository. I believe it is the windows
>> version as it runs in wine, and the ui looks very windows.
>>
>> Mark
>>
>> On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
>> wrote:
>>
>>> There should be a keepass2 option for your OS, that is what I install
>>> and use on Kubuntu, and I know it is fully compatible with the windows
>>> keepass2.
>>>
>>> Phil W
>>>
>>> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <
>>> mark at phillipsmarketing.biz> wrote:
>>>
>>>> Never mind...I found this project which converts KeePass2 files to
>>>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>>>
>>>> Not sure I want to trust the process, as I would have no idea how to
>>>> make sure "something wasn't lost in the translation."
>>>>
>>>> Mark
>>>>
>>>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>>>> mark at phillipsmarketing.biz> wrote:
>>>>
>>>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>>>> error message - Wrong signature.
>>>>>
>>>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>>>> file finder until I selected all files. The database is .kdbx. I entered
>>>>> the location of the database key file when prompted, and then entered my
>>>>> password. That is when I go the error message.
>>>>>
>>>>> Are these two programs compatible, or am I stuck with the Windows/wine
>>>>> for my existing password repository?
>>>>>
>>>>> I looked at the import options for KeePassX, and all I see are
>>>>> KeePassX (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Mark
>>>>>
>>>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>>>
>>>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>>>
>>>>>> Ted
>>>>>>
>>>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>>>
>>>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>>>
>>>>>> moin moin Mark,
>>>>>>
>>>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>>>> viable sync option. A sync tool was probably the plugin I considered.
>>>>>>
>>>>>> Missing features include a tool for syncing files, a tool for
>>>>>> exporting
>>>>>> password sets and a use anywhere random stringerator.
>>>>>>
>>>>>> All easy to work around for an individual, but the sync features
>>>>>> would
>>>>>> help a lot of team use.
>>>>>>
>>>>>> ciao,
>>>>>>
>>>>>> der.hans
>>>>>>
>>>>>> I forgot to add that I also use KeePass2Android, and I forget how the
>>>>>> two
>>>>>> stay synchronized. But it works well.
>>>>>>
>>>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>>>> they
>>>>>> can read my KeePass2 database.
>>>>>>
>>>>>> Mark
>>>>>>
>>>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar
>>>>>> <dev at snitselaar.org> <dev at snitselaar.org>
>>>>>> wrote:
>>>>>>
>>>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>>>
>>>>>> My only interaction with the KeePas* suite resulted in not being able
>>>>>> to
>>>>>> read the database after an upgrade/update/something.
>>>>>>
>>>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>>>> home.
>>>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>>>> that
>>>>>> maybe will point to a solution for me as well…
>>>>>>
>>>>>>
>>>>>>
>>>>>> There is an action in the database menu to import a keepass 1 format
>>>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>>>> running into that at some point.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>>>> Behalf Of Mark Phillips
>>>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>>>> To: Main PLUG discussion list
>>>>>> Subject: KeePass2 versus KeePassX
>>>>>>
>>>>>> Happy New Year to everyone!!
>>>>>>
>>>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>>>> (through wine), and I just discovered KeePassX as a native
>>>>>> application. I
>>>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>>>> with
>>>>>> the chrome extension for my day to day password manager.
>>>>>>
>>>>>> I have a couple of questions about moving from KeePass2/wine to
>>>>>> KeePassX.
>>>>>>
>>>>>> I found in one post that the differences that the database files are
>>>>>> binary compatible. (https://superuser.com/questio
>>>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>>>> anyone
>>>>>> confirm this?
>>>>>>
>>>>>> The only other difference (other that GUI related stuff) is that
>>>>>> KeePass2
>>>>>> has plugins and KeePassX does not. I am not using any plugins now.
>>>>>> Are
>>>>>> there any that you think are really valuable to have, and would be a
>>>>>> reason
>>>>>> not to switch?
>>>>>>
>>>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>>>> save
>>>>>> some disk space, and run a native application instead of a wine
>>>>>> application.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>>
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/31910b0f/attachment.html>

From mmarch at gmail.com  Sun Jan 28 17:20:15 2018
From: mmarch at gmail.com (Michael March)
Date: Mon, 29 Jan 2018 00:20:15 +0000
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2MGEx2dV_kXvhruj=GtE=K_2HVvc9NnBQGCyCWvdGrKzw@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
 <CALrwmXkc=KDx98+wCQC_c4T02bQGbURs4hhzX9fHtEpA_Zcp4Q@mail.gmail.com>
 <CAEqej2MGEx2dV_kXvhruj=GtE=K_2HVvc9NnBQGCyCWvdGrKzw@mail.gmail.com>
Message-ID: <CAPp6JpnypjKi_=XrwVbO7WnygcHzKqdqN0TTexNo=yLXJpyD0A@mail.gmail.com>

FWIW I've been using 1Password for my family (four people) and it has
worked well, especially for sharing passwords.

The command line abilities are pretty top notch too.

On Sun, Jan 28, 2018 at 4:21 PM Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> Since it is a .exe, I just assumed it ran under wine. It also looks like a
> Windows app. I could be wrong.
>
> Thanks!
>
> Mark
>
> On Jan 28, 2018 4:11 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
> wrote:
>
>> I just checked, and  you are right, it is the KeePass.exe version, but
>> when I run it I do not find any wine process in the ps -ef list.
>>
>> Very weird,
>> Phil Waclawski
>>
>> On Sun, Jan 28, 2018 at 1:50 PM, Mark Phillips <
>> mark at phillipsmarketing.biz> wrote:
>>
>>> The keepass2 is from the Ubuntu repository. I believe it is the windows
>>> version as it runs in wine, and the ui looks very windows.
>>>
>>> Mark
>>>
>>> On Jan 27, 2018 9:12 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
>>> wrote:
>>>
>>>> There should be a keepass2 option for your OS, that is what I install
>>>> and use on Kubuntu, and I know it is fully compatible with the windows
>>>> keepass2.
>>>>
>>>> Phil W
>>>>
>>>> On Sat, Jan 27, 2018 at 3:55 PM, Mark Phillips <
>>>> mark at phillipsmarketing.biz> wrote:
>>>>
>>>>> Never mind...I found this project which converts KeePass2 files to
>>>>> KeePassX files. https://github.com/dvorka/keepass2-to-keepassx
>>>>>
>>>>> Not sure I want to trust the process, as I would have no idea how to
>>>>> make sure "something wasn't lost in the translation."
>>>>>
>>>>> Mark
>>>>>
>>>>> On Sat, Jan 27, 2018 at 3:52 PM, Mark Phillips <
>>>>> mark at phillipsmarketing.biz> wrote:
>>>>>
>>>>>> I just tried to open my KeePass2 database with KeePassX, and got the
>>>>>> error message - Wrong signature.
>>>>>>
>>>>>> I keep my database on Dropbox and a key file on my hard drive. When I
>>>>>> used KeePassX to access the database on Dropbox, it did not show up in the
>>>>>> file finder until I selected all files. The database is .kdbx. I entered
>>>>>> the location of the database key file when prompted, and then entered my
>>>>>> password. That is when I go the error message.
>>>>>>
>>>>>> Are these two programs compatible, or am I stuck with the
>>>>>> Windows/wine for my existing password repository?
>>>>>>
>>>>>> I looked at the import options for KeePassX, and all I see are
>>>>>> KeePassX (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> Mark
>>>>>>
>>>>>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>>>>>
>>>>>>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu
>>>>>>> Desktop I have the file saved in the directory that NextCloud syncs and
>>>>>>> then have KeePass2Android also grab it from Nextcloud. Works great.
>>>>>>>
>>>>>>> Ted
>>>>>>>
>>>>>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>>>>>
>>>>>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>>>>>
>>>>>>> moin moin Mark,
>>>>>>>
>>>>>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>>>>>> viable sync option. A sync tool was probably the plugin I
>>>>>>> considered.
>>>>>>>
>>>>>>> Missing features include a tool for syncing files, a tool for
>>>>>>> exporting
>>>>>>> password sets and a use anywhere random stringerator.
>>>>>>>
>>>>>>> All easy to work around for an individual, but the sync features
>>>>>>> would
>>>>>>> help a lot of team use.
>>>>>>>
>>>>>>> ciao,
>>>>>>>
>>>>>>> der.hans
>>>>>>>
>>>>>>> I forgot to add that I also use KeePass2Android, and I forget how
>>>>>>> the two
>>>>>>> stay synchronized. But it works well.
>>>>>>>
>>>>>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if
>>>>>>> they
>>>>>>> can read my KeePass2 database.
>>>>>>>
>>>>>>> Mark
>>>>>>>
>>>>>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar
>>>>>>> <dev at snitselaar.org> <dev at snitselaar.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>>>>>
>>>>>>> My only interaction with the KeePas* suite resulted in not being
>>>>>>> able to
>>>>>>> read the database after an upgrade/update/something.
>>>>>>>
>>>>>>> I don’t remember which it was (2, x, whatever).  The machine is at
>>>>>>> home.
>>>>>>> I’ll have to look, but I’m hoping we’ll get some reaction and info
>>>>>>> that
>>>>>>> maybe will point to a solution for me as well…
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> There is an action in the database menu to import a keepass 1 format
>>>>>>> database. Perhaps the issue was that. I have a vague recollection of
>>>>>>> running into that at some point.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>>>>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>>>>>> Behalf Of Mark Phillips
>>>>>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>>>>>> To: Main PLUG discussion list
>>>>>>> Subject: KeePass2 versus KeePassX
>>>>>>>
>>>>>>> Happy New Year to everyone!!
>>>>>>>
>>>>>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>>>>>> (through wine), and I just discovered KeePassX as a native
>>>>>>> application. I
>>>>>>> use Keepass2 primarily as a password backup, as I also use LastPass
>>>>>>> with
>>>>>>> the chrome extension for my day to day password manager.
>>>>>>>
>>>>>>> I have a couple of questions about moving from KeePass2/wine to
>>>>>>> KeePassX.
>>>>>>>
>>>>>>> I found in one post that the differences that the database files are
>>>>>>> binary compatible. (https://superuser.com/questio
>>>>>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can
>>>>>>> anyone
>>>>>>> confirm this?
>>>>>>>
>>>>>>> The only other difference (other that GUI related stuff) is that
>>>>>>> KeePass2
>>>>>>> has plugins and KeePassX does not. I am not using any plugins now.
>>>>>>> Are
>>>>>>> there any that you think are really valuable to have, and would be a
>>>>>>> reason
>>>>>>> not to switch?
>>>>>>>
>>>>>>> Should I switch to KeePassX? I am assuming I can get rid of wine and
>>>>>>> save
>>>>>>> some disk space, and run a native application instead of a wine
>>>>>>> application.
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Mark
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>>
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Michael F. March ----- mmarch at gmail.com
Ph: (415) 894-9269 ---- Fax: (602) 792-0370
Twitter: cowmix -------------- Skype: Cowmix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180129/b4c58c1c/attachment.html>

From michael at butash.net  Sun Jan 28 19:16:51 2018
From: michael at butash.net (Michael Butash)
Date: Sun, 28 Jan 2018 19:16:51 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CALrwmXkT3t3CB6+u4PoztGngThqVbTKK6Ov=tGrQEoOVPZcPWw@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
 <CALrwmXkT3t3CB6+u4PoztGngThqVbTKK6Ov=tGrQEoOVPZcPWw@mail.gmail.com>
Message-ID: <CADWnDssK8NjeU=Q_rEd=sw=BKMvhQW_B7B_jHoormMATrVAJcA@mail.gmail.com>

I tried to use keepass for a while, but it was buggy, particularly the mono
vermin.  I learned what mono was, and why to hate it.  If you have more
than one monitor, you learn it's utterly stupid when it comes to
screen/context awareness in linux.

I used keepassx, for a while it was good.  I had issues nfs mounting and
sharing the file, which I took to synchronizing a file as the only sane
approach, but I began to treat everything as a revision, which in itself
was problematic.  After a while too many updates across disparate systems
became too much.

Then I went for lastpass years ago, but since citrix bought them, I have
issues with them as a company and their security.  They suck as a company,
another "too big to fail" imho, and I anger the fact they bought the
company I like.  I feel I need to divest.

I'm interested in a something that can be multi-master authoritative for
passwords, cloud-based makes sense as a travel, but otherwise presents
challenges for security, who is really authoritative, and other.

I lean toward standing up a cloud service, or at least storage to do it.
Something NOT commercial utterly goddamn preferable.

-mb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180128/fe44cae2/attachment.html>

From mark at phillipsmarketing.biz  Mon Jan 29 07:51:01 2018
From: mark at phillipsmarketing.biz (Mark Phillips)
Date: Mon, 29 Jan 2018 07:51:01 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <CADWnDssK8NjeU=Q_rEd=sw=BKMvhQW_B7B_jHoormMATrVAJcA@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <CAEqej2OYOyw-qTDqOyXL0TMowVa_2UEFAze_Sf_5iO7uA+a45g@mail.gmail.com>
 <CALrwmXnHOZnYEhjWbfVgz=OVcoegWO7eAirAftbp+gTYfC__Vg@mail.gmail.com>
 <CAEqej2NT4MKKD2kNrPrvKkjqZpN6vb62prm=7mC5iycCgiEOaw@mail.gmail.com>
 <CALrwmXkT3t3CB6+u4PoztGngThqVbTKK6Ov=tGrQEoOVPZcPWw@mail.gmail.com>
 <CADWnDssK8NjeU=Q_rEd=sw=BKMvhQW_B7B_jHoormMATrVAJcA@mail.gmail.com>
Message-ID: <CAEqej2OR9F81cRbBFKet1D5=ySSD+FjzH8y-_ioK_TvE404WAQ@mail.gmail.com>

I use LastPass and have found it works well. Sharing passwords has a few
issues (not very intuitive), but for the most part works.

I keep KeePass2 synchronized with Dropbox, but I use a long login password
with a key file, which is only on the local machine (Linux, Windows,
Android). Haven't had any buggy issues in the past 5 years.

I also keep a plain text file on my local machine as a back up in case the
above two fail.

Mark

On Sun, Jan 28, 2018 at 7:16 PM, Michael Butash <michael at butash.net> wrote:

> I tried to use keepass for a while, but it was buggy, particularly the
> mono vermin.  I learned what mono was, and why to hate it.  If you have
> more than one monitor, you learn it's utterly stupid when it comes to
> screen/context awareness in linux.
>
> I used keepassx, for a while it was good.  I had issues nfs mounting and
> sharing the file, which I took to synchronizing a file as the only sane
> approach, but I began to treat everything as a revision, which in itself
> was problematic.  After a while too many updates across disparate systems
> became too much.
>
> Then I went for lastpass years ago, but since citrix bought them, I have
> issues with them as a company and their security.  They suck as a company,
> another "too big to fail" imho, and I anger the fact they bought the
> company I like.  I feel I need to divest.
>
> I'm interested in a something that can be multi-master authoritative for
> passwords, cloud-based makes sense as a travel, but otherwise presents
> challenges for security, who is really authoritative, and other.
>
> I lean toward standing up a cloud service, or at least storage to do it.
> Something NOT commercial utterly goddamn preferable.
>
> -mb
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180129/ca79744b/attachment.html>

From Rusty.Carruth at smartm.com  Mon Jan 29 08:54:27 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Mon, 29 Jan 2018 15:54:27 +0000
Subject: Trent's projects
In-Reply-To: <08B53802-FFF7-469B-878F-BC985CEA29D3@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <20180123130706.5e3551e2@mydesk.domain.cxm>
 <08B53802-FFF7-469B-878F-BC985CEA29D3@thetoolwiz.com>
Message-ID: <CO2PR04MB2311D0B8149FA8AE5822A8E49DE50@CO2PR04MB2311.namprd04.prod.outlook.com>

I believe I am an exception to the 2.4GPA ‘rule’.  And I have a few other minor nits.  See below.

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of David Schwartz
Sent: Saturday, January 27, 2018 2:00 PM
To: Main PLUG discussion list
Subject: Re: Trent's projects

> Well, I’m not going to argue with you over an analogy.

> I believe there’s value in having a solid theoretical foundation in this field. “Programming” is distinct from “software design,” and people with less of that foundation in their background have to rely on things that are entirely based in their own personal experiences when it comes to DESIGN.

…

> I guess I’m thinking of this because I recently saw a post from a guy who said he wanted to learn about how to write compilers, and asked if people could suggest how to learn about desiging compilers for functional languages, USING a function language. You could tell the guy that maybe a function language could be used to build a recursive-descent parser, but not a table-driven parser. Unfortunately, he doesn’t have the distinctions to get what you’re saying.

Well, he may or he may not.  Having taken all that stuff in college lo these many years ago, I know what you’re saying.  However, that doesn’t mean that a good teacher couldn’t explain those 2 different kinds of parsers in a relatively short time, if the person being instructed has the ability but not the training.

> The classic use of lex and yacc to build a table-driven parser rely on C or C++, unless they’ve been ported to another language that interests you. But you still have to write a dictionary of lexemes to give to lex, as well as a grammer to give to yacc. Grammars are based on formal language and automata theories. Again, it’s impossible to explain this to somebody who has no exposure to it at all. I can’t even answer his question intelligently.

I disagree that this is impossible to explain to someone with no exposure.  Harder, since no explanation is needed (hopefully!) to someone who already knows about those things, but I don’t think it should be assumed to be impossible.



Ok, that’s my nits.  Here’s my ‘I think I’m an exception’ (assuming it’s a valid ‘rule’)

> What I will say is this:

> I’ve interviewed enough people in my time that I think I’ve noticed a pattern. I’m curious what you guys think.

> The higher the GPA, the less such people seem able to do out-of-the-box or even off-the-cuff thinking.

I’ll agree that many people with PhD’s seem to be so focused on their tiny area of specialty that they don’t even REALIZE they are in the paper bag, much less have any CHANCE of getting out of it!  Now, I don’t think that all people with PhD’s are like that, as I think my father was another exception to that generality.

> I’d prefer to hire people with similar GPAs and avoid those with 3.4 and higher, since they can’t seem to figure out how to break out of a paper bag given a few nominal restrictions. (Yes, it’s a generalization, but that’s what I’ve found.)

Well, that might, on the average, get you an averagely-good person.  I know of 2 people who I consider quite good.  I don’t know what their GPA was, but one of these people didn’t graduate from college (because he got a job and decided to stop going to school).

And I had a pretty high GPA, and I consider myself a fairly good out of the box/off-the-cuff thinker and problem solver (I’m still amazed that it took someone more than 30 seconds to write pseudo-code to convert all lowercase to uppercase in a file!  Took me 5 (seconds), but then I forgot to explicitly open the file..oops).  And I know of a company (ok, 2, as I think of it) that explicitly ONLY hire people with higher IQs as measured by whatever method they happen to be using (or, if you prefer, you can submit to an interview where they ask you to solve programming problems and watch how you think).  I passed the entry gates at both places (didn’t end up taking either job, oh well), but one of those places was very well-known and I think have a reputation for doing ‘smart’ stuff (and, no, this is NOT an attempt to sneak in the company name that I work for, since I already said I didn’t take the job at either of those places clearly I can’t be working there ;-)

In any case, I’d be interested to hear from people who know me well enough to know if I am indeed a counter-example (or maybe they know others who are)…

> What got me hired at Intel, my first job out of college, was a paper I was encouraged to write and present as a “student entry” at a local ACM Conference about work I was doing in the Psych Dept related to the (real-time) control software I’d maintained for my junior and senior years. In hindsight, it was roughly the equivalent of a Master’s Thesis in Computer Science, a field for which ASU didn’t even have a CS major at the time! I was the only person Intel hired from ASU that year, even though they interviewed almost 50 people.

> Ironically, the recruiting folks at ASU wouldn’t even let me sign up for an interview with Intel! I literally had to show up and shove my resume into the hands of one of the recruiters when he came out of his interview room in order to get an interview.
Yeah, that last bit proves that the hiring process at most places stinks and is NOT designed to get the best candidate from ALL applicants.    Sometimes they just want some filters to remove people so they don’t have to spend weeks (which feel like years) reading all the resumes to find the one gem in 1,000 or more…

Rusty
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180129/a9647498/attachment.html>

From Rusty.Carruth at smartm.com  Mon Jan 29 08:58:45 2018
From: Rusty.Carruth at smartm.com (Carruth, Rusty)
Date: Mon, 29 Jan 2018 15:58:45 +0000
Subject: I now am on a Chromebook trying to d/l Libre Office
In-Reply-To: <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
References: <CAFRvunKrDgUMoXeNasWd9ALcyR6n501Pr8C_JHOZyvuXj0r-eA@mail.gmail.com>
 <CACS_G9zsg3hQt_4b22c4rDW1y8gXH-rOmRw=T36sVnhPfkXV+Q@mail.gmail.com>
Message-ID: <CO2PR04MB2311277EAED4F6A46FBEB8609DE50@CO2PR04MB2311.namprd04.prod.outlook.com>

Or use that chroot-based thingy that lets you run an entire copy of Linux underneath the chrome os.  I forget what it’s called, sorry. Chrost? No, there you go – crouton.  It worked for me.  Switching between Linux and Chrome is a bit weird, but it works, I tried it myself.  (I probably just didn’t find the right majik incantation ;-)

Rusty

From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of Stephen Partington
Sent: Saturday, January 27, 2018 6:48 PM
To: Main PLUG discussion list
Subject: Re: I now am on a Chromebook trying to d/l Libre Office

​hack it or install linux. or find someone that does collabora online.

Chromebooks are BROWSER dedicated machines.​

On Sat, Jan 27, 2018 at 5:45 PM, Michael <bmike1 at gmail.com<mailto:bmike1 at gmail.com>> wrote:
How do I run libreoffice on a Chromebook?

--
:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org<mailto:PLUG-discuss at lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180129/589e38ad/attachment.html>

From PLUGd at LuftHans.com  Mon Jan 29 09:17:17 2018
From: PLUGd at LuftHans.com (der.hans)
Date: Mon, 29 Jan 2018 16:17:17 +0000 (UTC)
Subject: KeePass2 versus KeePassX
In-Reply-To: <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1801291555390.282@post>

Am 27. Jan, 2018 schwätzte Mark Phillips so:

moin moin,

KeePassX uses the KeePass2.x file format. It's supposed to be compatable.

I haven't ever used KeePass2 directly, so can't speak to actual usage vs
theory.

I did just try KeePassXC ( I was recently reminded about it from an EFF
guide ). The KeePassXC fork is getting better maintenance than KeePassX
and has added some excellent features.

It allows generating a random string from anywhere in the UI, so it's now
easier to have random strings for email addresses and security questions.

The random generator also has a multi-word passphrase option, which will
be much easier for security questions that might have to be answered over
the phone.

KeePassXC has a merge option for merging in changes from another database
file.

I still don't see a way to sync out or export a sub-set of keys, but you
can drag and drop accounts from one DB to another. Drag and drop moves it,
but <ctrl><shift> drag and drop copies.

Still not near as functional as it should be, but makes it much easier to
keep files in sync.

ciao,

der.hans

> I just tried to open my KeePass2 database with KeePassX, and got the error
> message - Wrong signature.
>
> I keep my database on Dropbox and a key file on my hard drive. When I used
> KeePassX to access the database on Dropbox, it did not show up in the file
> finder until I selected all files. The database is .kdbx. I entered the
> location of the database key file when prompted, and then entered my
> password. That is when I go the error message.
>
> Are these two programs compatible, or am I stuck with the Windows/wine for
> my existing password repository?
>
> I looked at the import options for KeePassX, and all I see are KeePassX
> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>
> Thanks!
>
> Mark
>
> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>
>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop I
>> have the file saved in the directory that NextCloud syncs and then have
>> KeePass2Android also grab it from Nextcloud. Works great.
>>
>> Ted
>>
>> On 01/02/2018 01:13 PM, der.hans wrote:
>>
>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>
>> moin moin Mark,
>>
>> I sync my files manually. Last I looked KeePassX still didn't have a
>> viable sync option. A sync tool was probably the plugin I considered.
>>
>> Missing features include a tool for syncing files, a tool for exporting
>> password sets and a use anywhere random stringerator.
>>
>> All easy to work around for an individual, but the sync features would
>> help a lot of team use.
>>
>> ciao,
>>
>> der.hans
>>
>> I forgot to add that I also use KeePass2Android, and I forget how the two
>> stay synchronized. But it works well.
>>
>> Maybe I will download the two, KeePassX and KeePassDroid, and see if they
>> can read my KeePass2 database.
>>
>> Mark
>>
>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>> <dev at snitselaar.org>
>> wrote:
>>
>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>
>> My only interaction with the KeePas* suite resulted in not being able to
>> read the database after an upgrade/update/something.
>>
>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>> maybe will point to a solution for me as well…
>>
>>
>>
>> There is an action in the database menu to import a keepass 1 format
>> database. Perhaps the issue was that. I have a vague recollection of
>> running into that at some point.
>>
>>
>>
>>
>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>> <plug-discuss-bounces at lists.phxlinux.org>] On
>> Behalf Of Mark Phillips
>> Sent: Tuesday, January 02, 2018 9:50 AM
>> To: Main PLUG discussion list
>> Subject: KeePass2 versus KeePassX
>>
>> Happy New Year to everyone!!
>>
>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>> (through wine), and I just discovered KeePassX as a native application. I
>> use Keepass2 primarily as a password backup, as I also use LastPass with
>> the chrome extension for my day to day password manager.
>>
>> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>>
>> I found in one post that the differences that the database files are
>> binary compatible. (https://superuser.com/questio
>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
>> confirm this?
>>
>> The only other difference (other that GUI related stuff) is that KeePass2
>> has plugins and KeePassX does not. I am not using any plugins now. Are
>> there any that you think are really valuable to have, and would be a
>> reason
>> not to switch?
>>
>> Should I switch to KeePassX? I am assuming I can get rid of wine and save
>> some disk space, and run a native application instead of a wine
>> application.
>>
>> Thanks!
>>
>> Mark
>>
>>
>>
>> ---------------------------------------------------
>>
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>

-- 
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  Your email is being read by hundreds of uptight agents
#  who never saw the humor in Dr. Strangelove. -- Mark Russell

From toddc at azloco.com  Mon Jan 29 09:45:12 2018
From: toddc at azloco.com (Todd Cole)
Date: Mon, 29 Jan 2018 09:45:12 -0700
Subject: KeePass2 versus KeePassX
In-Reply-To: <alpine.DEB.2.11.1801291555390.282@post>
References: <CAEqej2PmdZOZMxbbucxBSdKs8ytKjLFBJ_hCv1Uwkb2-Da+Y+w@mail.gmail.com>
 <CO2PR04MB2311711D47C0F1109AA263819D190@CO2PR04MB2311.namprd04.prod.outlook.com>
 <20180102183620.ielocnq7mgud4bwm@cantor>
 <CAEqej2O2T20AV0jBER2v=q-24XkBiHBaLaM9sQh_++FmdqfZ1g@mail.gmail.com>
 <alpine.DEB.2.11.1801021902420.14234@post>
 <7789a591-ff52-fb95-d859-2d03d4fe9eaf@gould.cx>
 <CAEqej2OjkdPuKCS0xBkExA9ASjkPfpHNEnrMq2giRmaSeRjz3Q@mail.gmail.com>
 <alpine.DEB.2.11.1801291555390.282@post>
Message-ID: <CAEEgqrk+T-Q7TsuC1ufvez_dxpUBUmXQ9Ddjv6XhfYCdY4WXdQ@mail.gmail.com>

I have used KeepassX V2 on ubuntu 16.04 for almost a year, I did use it
with the old database for a few weeks then migrated using the included
upgrade tool

I also keep the database in my nextcloud account so it stays in sync across
all my computers. I have seen usb drives used----BACKUP your DB
http://ubuntuhandbook.org/index.php/2015/12/install-keepassx-2-0-in-ubuntu-16-04-15-10-14-04/

On Mon, Jan 29, 2018 at 9:17 AM, der.hans <PLUGd at lufthans.com> wrote:

> Am 27. Jan, 2018 schwätzte Mark Phillips so:
>
> moin moin,
>
> KeePassX uses the KeePass2.x file format. It's supposed to be compatable.
>
> I haven't ever used KeePass2 directly, so can't speak to actual usage vs
> theory.
>
> I did just try KeePassXC ( I was recently reminded about it from an EFF
> guide ). The KeePassXC fork is getting better maintenance than KeePassX
> and has added some excellent features.
>
> It allows generating a random string from anywhere in the UI, so it's now
> easier to have random strings for email addresses and security questions.
>
> The random generator also has a multi-word passphrase option, which will
> be much easier for security questions that might have to be answered over
> the phone.
>
> KeePassXC has a merge option for merging in changes from another database
> file.
>
> I still don't see a way to sync out or export a sub-set of keys, but you
> can drag and drop accounts from one DB to another. Drag and drop moves it,
> but <ctrl><shift> drag and drop copies.
>
> Still not near as functional as it should be, but makes it much easier to
> keep files in sync.
>
> ciao,
>
> der.hans
>
> I just tried to open my KeePass2 database with KeePassX, and got the error
>> message - Wrong signature.
>>
>> I keep my database on Dropbox and a key file on my hard drive. When I used
>> KeePassX to access the database on Dropbox, it did not show up in the file
>> finder until I selected all files. The database is .kdbx. I entered the
>> location of the database key file when prompted, and then entered my
>> password. That is when I go the error message.
>>
>> Are these two programs compatible, or am I stuck with the Windows/wine for
>> my existing password repository?
>>
>> I looked at the import options for KeePassX, and all I see are KeePassX
>> (xml), PWManager (pwm), or KWallwet (xml). Nothing for KeepPass2.
>>
>> Thanks!
>>
>> Mark
>>
>> On Tue, Jan 2, 2018 at 6:13 PM, Ted Gould <ted at gould.cx> wrote:
>>
>> I use KeePassXC (via the snap) and KeePass2Android. On my Ubuntu Desktop I
>>> have the file saved in the directory that NextCloud syncs and then have
>>> KeePass2Android also grab it from Nextcloud. Works great.
>>>
>>> Ted
>>>
>>> On 01/02/2018 01:13 PM, der.hans wrote:
>>>
>>> Am 02. Jan, 2018 schwätzte Mark Phillips so:
>>>
>>> moin moin Mark,
>>>
>>> I sync my files manually. Last I looked KeePassX still didn't have a
>>> viable sync option. A sync tool was probably the plugin I considered.
>>>
>>> Missing features include a tool for syncing files, a tool for exporting
>>> password sets and a use anywhere random stringerator.
>>>
>>> All easy to work around for an individual, but the sync features would
>>> help a lot of team use.
>>>
>>> ciao,
>>>
>>> der.hans
>>>
>>> I forgot to add that I also use KeePass2Android, and I forget how the two
>>> stay synchronized. But it works well.
>>>
>>> Maybe I will download the two, KeePassX and KeePassDroid, and see if they
>>> can read my KeePass2 database.
>>>
>>> Mark
>>>
>>> On Tue, Jan 2, 2018 at 11:36 AM, Jerry Snitselaar <dev at snitselaar.org>
>>> <dev at snitselaar.org>
>>> wrote:
>>>
>>> On Tue Jan 02 18, Carruth, Rusty wrote:
>>>
>>> My only interaction with the KeePas* suite resulted in not being able to
>>> read the database after an upgrade/update/something.
>>>
>>> I don’t remember which it was (2, x, whatever).  The machine is at home.
>>> I’ll have to look, but I’m hoping we’ll get some reaction and info that
>>> maybe will point to a solution for me as well…
>>>
>>>
>>>
>>> There is an action in the database menu to import a keepass 1 format
>>> database. Perhaps the issue was that. I have a vague recollection of
>>> running into that at some point.
>>>
>>>
>>>
>>>
>>> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org
>>> <plug-discuss-bounces at lists.phxlinux.org>] On
>>> Behalf Of Mark Phillips
>>> Sent: Tuesday, January 02, 2018 9:50 AM
>>> To: Main PLUG discussion list
>>> Subject: KeePass2 versus KeePassX
>>>
>>> Happy New Year to everyone!!
>>>
>>> I have been using KeePass2 on my Ubuntu machine for over 10 years
>>> (through wine), and I just discovered KeePassX as a native application. I
>>> use Keepass2 primarily as a password backup, as I also use LastPass with
>>> the chrome extension for my day to day password manager.
>>>
>>> I have a couple of questions about moving from KeePass2/wine to KeePassX.
>>>
>>> I found in one post that the differences that the database files are
>>> binary compatible. (https://superuser.com/questio
>>> ns/878902/whats-the-difference-between-keepass-and-keepassx). Can anyone
>>> confirm this?
>>>
>>> The only other difference (other that GUI related stuff) is that KeePass2
>>> has plugins and KeePassX does not. I am not using any plugins now. Are
>>> there any that you think are really valuable to have, and would be a
>>> reason
>>> not to switch?
>>>
>>> Should I switch to KeePassX? I am assuming I can get rid of wine and save
>>> some disk space, and run a native application instead of a wine
>>> application.
>>>
>>> Thanks!
>>>
>>> Mark
>>>
>>>
>>>
>>> ---------------------------------------------------
>>>
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>
> --
> #  https://www.LuftHans.com   https://www.PhxLinux.org
> #  Your email is being read by hundreds of uptight agents
> #  who never saw the humor in Dr. Strangelove. -- Mark Russell
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
Todd Cole
Ubuntu Arizona Team
4605 S PRIEST DR LOT 3
TEMPE AZ  85282-6507
toddc at azloco.com
602-677-9402
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180129/ab3e7d8b/attachment.html>

From slitt at troubleshooters.com  Mon Jan 29 09:55:53 2018
From: slitt at troubleshooters.com (Steve Litt)
Date: Mon, 29 Jan 2018 11:55:53 -0500
Subject: GPA to performance relationship: was Trent's projects
In-Reply-To: <08B53802-FFF7-469B-878F-BC985CEA29D3@thetoolwiz.com>
References: <CAEFLybJK1q6-n0cJz7hizKVXNbds6mZQvX2TF5UMLiTY8Y5JTg@mail.gmail.com>
 <60D74E2D-F9C2-453B-BE26-5CC5C2579D9D@thetoolwiz.com>
 <2f96f363e89040c7c4943f370c5065fb@phpcoderusa.com>
 <29AD9110-3C18-4E4D-AE50-8228071C0361@gmail.com>
 <20180123031158.4e5e3acb@mydesk.domain.cxm>
 <9C4305A2-980E-460A-AD2C-B58A99A70B6F@thetoolwiz.com>
 <20180123130706.5e3551e2@mydesk.domain.cxm>
 <08B53802-FFF7-469B-878F-BC985CEA29D3@thetoolwiz.com>
Message-ID: <20180129115553.6c42107b@mydesk.domain.cxm>

On Sat, 27 Jan 2018 21:00:25 +0000 (UTC)
David Schwartz <newsletters at thetoolwiz.com> wrote:


> What I will say is this:
> 
> I’ve interviewed enough people in my time that I think I’ve noticed a
> pattern. I’m curious what you guys think.
> 
> The higher the GPA, the less such people seem able to do
> out-of-the-box or even off-the-cuff thinking.

There's enough anecdotal evidence of what you observed that it's
acquired a proverb:

=========================================================
"The A students become college professors, and the B students work for
the C students."
=========================================================

> 
> I think my overall GPA was 2.76 and in my major it was a little lower
> (because of required math classes I really didn’t like or find
> stimulating). I was bored out of my mind most of the time, and I
> spent a lot of time playing with other things. 

You just implicated a possible CAUSE for what you've observed: A zero
sum relationship between grades and learning. You could have buckled
down and gotten a 3.9, but curiosity caused you to hack, thereby
becoming a much better programmer.

<prejudice> Most 4 year colleges promote a zero sum between learning
and grades. My belief is that they do this to justify their existence:
If prospective students thought the subject matter was easy enough to
do it themselves (Read Wirth's "Algorithms and Data Structures" and
analyze it in a study group, for instance), they'd never get a student. 

As opposed to community colleges, which just want to get the student
ready for the marketplace. When I learned programming at Santa Monica
Community College, it was so easy to get an A that I did all sorts of
special projects and still had a 4.0.</prejudice>

Long before Santa Monica College, I was a BSEE major (and grad) at
Illinois Institute of Technology (I think about 2.5 GPA). In the dorm,
I got a big old capacitor, charged it up, and discharged it on peoples'
doorknobs, making a loud pop and sending sparks 8 inches out. One guy,
with much better grades than mine, asked in awe "What is that thing?"
When I said a capacitor, he couldn't understand, and I finally had to go
through the math to show him how a capacitor could store a given amount
of charge at a given amount of voltage. Finally I got him to understand
that a capacitor is more than two parallel lines on a paper: It's a
physical thing that can do some pretty interesting stuff.

My friend in the preceding paragraph was in it for the money. He didn't
mess around with radios, or dream of doing strange logic with nand
gates, or make spark gaps. When he turned 17, he had to figure out what
to do with his life, and electrical engineering seemed as good as
anything. With his excellent grades, I'm sure he did just fine. But I
wouldn't expect anything earth-shaking.

 
> 
> I’d prefer to hire people with similar GPAs and avoid those with 3.4
> and higher, since they can’t seem to figure out how to break out of a
> paper bag given a few nominal restrictions. (Yes, it’s a
> generalization, but that’s what I’ve found.)

If one assumes that the generalization is mostly true, it's still
prudent to look at factors that cause both great grades and paper bag
breakout. In my opinion, if a person went to an easy school (like Santa
Monica College, or perhaps a 4 year equivalent), then there was no
tradeoff and he might be excellent. If he graduated at an advanced age
(above 28,for instance), it's likely he's a great technologist who went
back to school to learn the theoretical underpinnings whose lack were
bottlenecking him. Also, maybe the guy's just a plain genius who can go
to the most confusing college and still get straight A's combined with
spectacular projects. In those three situations, you'd be missing a
good candidate to reject because he's over 3.4, even though in general
you just might be right.
 
SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

From phil.waclawski at mesacc.edu  Tue Jan 30 00:06:28 2018
From: phil.waclawski at mesacc.edu (Phil Waclawski)
Date: Tue, 30 Jan 2018 00:06:28 -0700
Subject: Fwd: Web Developer Position
In-Reply-To: <CANM3fO27Moy8MXwOX+aAqfO37TvsWgVSsssAYttChLQkk-yafA@mail.gmail.com>
References: <CANM3fO27Moy8MXwOX+aAqfO37TvsWgVSsssAYttChLQkk-yafA@mail.gmail.com>
Message-ID: <CALrwmXnHU49tK1p_63A-uWuC0Sq=rmrA31O4028z0abLLPER8g@mail.gmail.com>

If you know anyone who may be interested, here is a word press position.

Phil W.
---------- Forwarded message ----------
From: Kyle Narducci <kyle at motiontactic.com>
Date: Mon, Jan 29, 2018 at 10:15 PM
Subject: Web Developer Position
To: phillip.paul.waclawski at mesacc.edu


Hi Phillip,

My name is Kyle Narducci and I lead Motion Tactic, a web design and
development agency in Tempe. I am reaching out to promote a job opportunity
at my company for a full-time web developer. We are looking for somebody
with WordPress custom code experience. Here is the link to the job
description for you to share: https://motiontactic.com/work-with-us/. We
build custom WordPress websites for organizations and non-profits. We are a
small team of 4, but are growing and in need of another developer. So if
you know of anybody you can refer, I would greatly appreciate that!

Thank you,
Kyle Narducci

-- 
- *Kyle Narducci*
*Partner *at Motion Tactic
480-459-8045 <(480)%20459-8045>
www.motiontactic.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180130/76e35762/attachment.html>