Sunday, October 28, 2018

AIX Redux



Oh, good. Now IBM can turn RH into AIX while simultaneously suffocating whatever will be left of Redhat's staff with IBM's crushing, indifferent, incompetent bureaucracy.

This is what we call a lose - lose situation. Well, except for the president of Redhat, of course. Jim Whitehurst just got rich.

https://www.businessinsider.com/ibm-is-reportedly-nearing-a-deal-to-acquire-redhat-the-software-company-valued-at-20-billion-2018-10

IBM has struck a deal to acquire cloud software company Red Hat for $34 billion.

IBM will pay $190 per share for the software company, which it described as the world's leading provider of open source cloud software, a more than 60% premium to Red Hat's closing stock price of $116.68 on Friday. Shares traded upwards of $175 in June, but disappointing earnings combined with a volatile market had seen the price drop sharply.


Monday, October 22, 2018

What's Misssing?

Notice a difference between these two screenshots?




That's right, the one on the top (Firefox 62.0.3 64-bit running on Linux Mint 18) has a media play button.

The one on the bottom (Google Chrome Version 70.0.3538.67 64-bit also running on Mint) does not.

Why is that, do you suppose? Last week, prior to Chrome 70 being released the button was there.

Maybe it's just me, but it seems a bit sloppy for a new browser release to break who knows how many sites with a bug like this. Or, maybe it's just Google continuing to try to protect us from Evil Flash.

Admittedly, Flash is evil, but so is inadvertently preventing content from being viewed. Or "vertently" blocking content. With Google it's sometimes hard to tell.

Whatever, it's irritating.

But at least Firefox works.

A quick (Google) search turned up no explanations for the button omission in Chrome 70. I'd report it to Google's Customer Support Center, but...

Oh, wait: they don't have one.

Oh well, at least Firefox works.


Monday, October 15, 2018

Linksys EA-6350 Home Router

So, I needed a new router for my home network. I have about 45 IP addresses in the house/home office: IOT devices, APs, home entertainment, laptops, file servers, etc. etc., and my current router was showing some performance issues dealing with it all.

Also, being the cheap bastard that I am, I naturally was looking for an inexpensive option. The search led me to the Linksys EA6350 on Amazon. $79.97 at the time of purchase.

The router arrived, was set up and running inside of 30 minutes. So far, not bad. Quad-core CPU seems to be able to handle the traffic nicely.

The next day, for whatever reason, I decided to do a port scan on my WAN IP address.

WTF? Port 80 is open to the world.

I browsed through the router's web-based firmware interface, and guess what? There is no way that this router will allow you to block specific ports. Like port 80, for example.

It just hangs out there, open to the world, apparently expecting you to trust that whatever firewall that came packaged with the EA6350 will keep all the bad actors at bay.

I was curious what the Linksys support people had to say about this, so I initiated what turned out to be a level-2 escalation in order to get a technical assessment on why port 80 was non-blockable for this router.

The answer came back in the form of a phone call from a Linksys support engineer. Yes, an actual call! Admitedly, the guy sounded like he *really* really didn't want to be having that conversation with me in which he tried to explain why a Linksys router could not block individual ports, much less port 80.

But we had the conversation.

He sounded embarrassed. I imagine sounded a bit irritated. I told him that I had already purchased a Netgear R7800 router because you can install dd-wrt on it. He said, "Good!"

I said, "Right!".

Stupid, unnecessary waste of time and money, but the whole episode was educational. I guess.

A router that can't block individual ports. What were they thinking?


Thursday, January 25, 2018

Google's Timeline

I was reading an article on Slashdot yesterday in which the author claimed that Google had lost its innovative edge and was now focused purely on "chasing the consumer". Being Slashdot, most of the commenters agreed. One  particular comment mentioned something I had not heard of before: Google Timeline. You can access it by going to

https://www.google.com/maps/timeline?pb

To my surprise, I found 428 places that I have apparently visited in the past 5 years, all presented in a nice browsable Google map interface.


I take a nice, long motorcycle ride each summer, frequently heading up from Santa Fe, NM to British Colombia or Alaska, and it sure looked like all the places I'd been were on the map. Digging a bit deeper, I began to realize that there was a lot more fine-grained data there. For example, one day in August 2106 my riding partner and I decided to take a float plane ride from the harbor at Victoria, BC.


There was a lot of detailed data preserved and available via Google's map interface: travel time for each link, distances, restaurants stopped at, hotels, and geotagged photos taken along the way.

I suppose we all know that Google collects data from your Android phone, but I was still surprised at how much they had collected, and how cohesive it was. I decided to look around to find if anybody had done a study to determine how much data Google collects from Android phones. Someone had: the people at Quartz had just published a study on this very subject. From the article:


Quartz was able to capture transmissions of Location History information on three phones from different manufacturers, running various recent versions of Android. To accomplish this, we created a portable internet-connected wifi network that could eavesdrop and forward all of the transmissions that the devices connected to it broadcast and received. None of the devices had SIM cards inserted. We walked around urban areas; shopping centers; and into stores, restaurants, and bars. The rig recorded every relevant network request made by the Google Pixel 2, Samsung Galaxy S8, and Moto Z Droid that we were carrying.



  • According to our analysis of the phones’ transmissions, this is just some of the information that gets periodically sent to Google’s servers when Location History is enabled:
  • A list of types of movements that your phone thinks you could be doing, by likelihood. (e.g. walking: 51%, onBicycle: 4%, inRailVehicle: 3%)
  • The barometric pressure
  • Whether or not you’re connected to wifi
  • The MAC address—which is a unique identifier—of the wifi access point you’re connected to
  • The MAC address, signal strength, and frequency of every nearby wifi access point
  • The MAC address, identifier, type, and two measures of signal strength of every nearby Bluetooth beacon
  • The charge level of your phone battery and whether or not your phone is charging
  • The voltage of your battery
  • The GPS coordinates of your phone and the accuracy of those coordinates
  • The GPS elevation and the accuracy of that

That's a lot of data, and I'm guessing that Google hasn't thrown any of it away. As the Quartz article points out, whether or not to allow Google to collect location data from your phone is optional, but as the article also points out, Google makes it sound like Google services such as Maps and Assistant won't be nearly as useful to the user if you don't opt in.

So, let's pause for a moment and consider some of the implications of getting your Google account hack.

No wonder all the bad guys on NCIS use burner phones.