Main » Discussion » Computer Technology News/Discussion » New reply
    Alert
    You are about to bump an old thread. This is usually a very bad idea. Please think about what you are about to do before you press the Post button.
    New reply
    Post help

    Presentation

    [b]…[/b] — bold type
    [i]…[/i] — italic
    [u]…[/u] — underlined
    [s]…[/s] — strikethrough
    [code]…[/code] — code block
    [spoiler]…[/spoiler] — spoiler block
    [spoiler=…]…[/spoiler]
    [source]…[/source] — colorcoded block, assuming C#
    [source=…]…[/source] — colorcoded block, specific language[which?]
    [abbr=…]…[/abbr] — abbreviation
    [color=…]…[/color] — set text color
    [jest]…[/jest] — you're kidding
    [sarcasm]…[/sarcasm] — you're not kidding

    Links

    [img]http://…[/img] — insert image
    [url]http://…[/url]
    [url=http://…]…[/url]
    >>… — link to post by ID
    [user=##] — link to user's profile by ID

    Quotations

    [quote]…[/quote] — untitled quote
    [quote=…]…[/quote] — "Posted by …"
    [quote="…" id="…"]…[/quote] — ""Post by …" with link by post ID

    Embeds

    [youtube]…[/youtube] — video ID only please
    Thread review
    kode54 Fine, take over the DNS for all users, because clearly their infrastructure doesn't know shit. But let people like me do what we want, because I know a thing or two more than those shits. I run OpenWrt on my router, for fuck's sake.
    ‮strfry("emanresu") They are not. Besides, there's nothing wrong with phrases such as "null and void".

    I don't object. But DoH has nothing to do with this. It's a complete non-sequitur.

    Call it whatever you want, but it would solve the problem. To be clear here, I'm suggesting a solution like Certificate Transparency for DNS.
    CaptainJistuce
    Posted by sureanem
    Posted by CaptainJistuce
    Control of one's own computer is an actual and real issue. Consolidating one of the internet's core protocols into a handful of critical systems that take everything out when they fail is an actual and real issue. Poorly-engineered ideas being forced onto the populace because they were the pet project of someone with influence is an actual and real issue. Using the phrase "actual and real" is if it isn't a repetitive redundancy is an actual and real issue.

    It's not exactly redundant. If something is a real issue, it means it exists in the real world (e.g. not academic). If it's actual, it means it's a current issue that affects people. /nitpick

    Real and actual are synonyms. They mean the same thing.


    If you're opposed to consolidation, then why support OS DNS resolver? Under good conditions, everything works, and under bad conditions, each application having its own implementation of DNS means at least some of them will work.

    Jesus fucking Buddha in a handbasket to hell, are you genuinely this stupid?
    I meant MAYBE there should be a network of DNS servers, and we shouldn't all rely exclusively on three or four hosted by Cloudflare.


    Personally I think they should just fix decentralized DNS already. Put all the DNS records on a "blockchain," like git, have some trusted authority sign each "block". For NXDOMAIN results, require nonexistence proofs (see CA transparency). For legally mandated censorship, add in a new return code which explicitly says "censored," the returning of which triggers a few megabytes of random requests and the permanent blacklisting of the server. Require all servers to sign all responses, and submit such protocol violations to some central authority so they can be removed from the default list.

    lol blockchain
    ‮strfry("emanresu") I'll have to double-post, since editing my post would be rude now that it has been responded to.

    Posted by kode54
    The OS uses whatever DNS that the router tells it to. The router typically either tells it to use itself (as a caching DNS proxy), or use the upstream supplied DNS servers.

    Yes, but alas, in most cases this is the wrong behavior. The ISP upstream is in 99% of cases horribly broken. Garbage in, garbage out.

    The sensible default is to fix the error in the 99% of cases and have the 1% pull a manual override ("Yes, my router isn't misconfigured"), not the other way around.
    kode54 The OS uses whatever DNS that the router tells it to. The router typically either tells it to use itself (as a caching DNS proxy), or use the upstream supplied DNS servers. I stopped using per-system overrides ages ago, as I find it much easier just to tell my router to Do What I Want. I Do Not Want my OS or my browser overriding that without my permission.
    CaptainJistuce Control of one's own computer is an actual and real issue. Consolidating one of the internet's core protocols into a handful of critical systems that take everything out when they fail is an actual and real issue. Poorly-engineered ideas being forced onto the populace because they were the pet project of someone with influence is an actual and real issue. Using the phrase "actual and real" is if it isn't a repetitive redundancy is an actual and real issue.
    ‮strfry("emanresu") What's it mean then? DNS censorship is an actual and real issue, and relying on the OS settings which are nearly always misconfigured is a disaster in 99% of cases. I don't get when it ever would make sense to do it. It's as stupid as "OS proxy settings," and people haven't taken those seriously for many years now.
    CaptainJistuce Madness does not mean size.
    ‮strfry("emanresu")
    Posted by tomman
    https://yro.slashdot.org/story/19/11/18/1929229/microsoft-announces-plan-to-support-doh-in-windows
    of course they're going to take away the "customize DNS settings" dialogs!

    I don't follow. Does this say anywhere in the article explicitly, or is it just your inference?
    If so, that would be the end of users casually choosing to bypass censorship, like in Turkey when they spray-painted "8.8.8.8" on public places.

    I guess we will have no choice but to rely on browser makers to override static system DNS then.

    (Tomman's paradox: If a system hardcodes DoH, is it justifiable for an individual application to fall back to application-level classic UDP DNS?)

    Posted by tomman
    letting web browser makers bring the madness of an OS on top of your OS.

    Isn't this something that should be described in the past tense? Firefox has about as many MLOC as the Linux kernel.
    kode54 But I already apply DoT across my whole network, pulling from Quad 9, and capturing all outbound TCP/UDP port 53 requests and NATing them to my router's DNS server.
    tomman Microsoft is going all-in with D'OH!:
    https://yro.slashdot.org/story/19/11/18/1929229/microsoft-announces-plan-to-support-doh-in-windows

    At least they're going to support it the only true way: system-wide.
    As it should have been since the very beginning, instead of letting web browser makers bring the madness of an OS on top of your OS.

    I still believe D'OH! is a terrible idea, but since noone is willing to take DoT seriously, this sounds like a fair compromise. But only for as long as MS allows us to turn it off and fall back to ordinary, DANGER MINES unencrypted DNS servers (like the one you should be already running at home for adblocking purposes, and which can implement DoT/D'OH! under the hood, if you wish), because we users are too dumb for our own safety, of course they're going to take away the "customize DNS settings" dialogs!

    Too bad it's already late for web browsers, short of perma-banning Chrome and Firefox on premises because we can't rely on them obeying user choices, for the very same reasons.
    Nicholas Steel https://devblogs.microsoft.com/directx/porting-directx-12-games-to-windows-7/
    To better support game developers at larger scales, we are publishing the following resources to allow game developers to run their DirectX 12 games on Windows 7.


    Microsoft is now supporting DX12 on Windows 7...
    tomman As you already know, I've been using a ol' repurposed PC as a makeshift TV since late 2015. Nothing weird about this - thousands of randoms around the world do the same (we've been in this "smart TV" biz well before Samsung and friends started brainwashing the masses with their anything-but-smart panels).

    What is weird is my specific setup and its... oddities. My specific box is a IBM Thinkcentre M50 (Type 8188, variant -KS5 which seems to be a Latam-specific build), and those are from a era back when IBM actually assembled Real Computers Built Tough™®. Seriously, those office pizzaboxes were designed to last anything short of a nuclear/EMP blast. Servicing those is a joy: no screws on the most commonly replaced parts (drives, top cover), BIOS and device driver updates for up to 4 years after the machine hit the streets, and they're pretty much unbrickable. Mine was assembled in Mexico, with a motherboard also assembled in Mexico (with a bunch of Foxconn parts from China), and with the finest Japanese capacitors that money can buy - every single cap inside is the good stuff: Nichicon, Rubycon and Sanyo. My specimen came to life in Tijuana in late '03, and originally belonged to my cousin since January 2004 - he mistreated this machine so badly I'm actually surprised it still survives to this date (has been in my hands since 2014 or so). Even the original Predesktop Area (including the Windows restore partition as those machines never shipped with CDs of any kind) is intact! (there is a neat tool called fiesta which can be used to backup and restore the HPA contents; I've successfully moved mine to a 250GB HDD from its long-failed stock 80GB WD drive). Hell, these even shipped with first-gen SATA ports! (a rarity in 2003, where PATA was still king, unwilling to leave the throne for 3 more years to come)

    Troubleshooting those, on the other side, is a PITA. I stopped using mine as a TV tuner unit after the cableco fried anything that resembled a TV (and this included my TV tuner card), leaving me with CANTV-tier sat service. But I ended ditching that too after the Arduous March Everlasting Blackouts, so the machine has sat there idle, unplugged, devoid of any activity whatsoever. Even playing Sonic ROM hacks and refurbishing old WD Crapiar HDDs came to a screeching halt, as I couldn't afford to sacrifice yet another PC to the weaksauce of our memetic power grid, where words like "uptime" and "continuous service" are now officially verboten. Anyway, two days ago I plugged it to perform the HDD 2000-hour SMART selftest (long due!), and was greeted with a hang, then "PCI parity errors" from the (remnants of) TV tuner card. Cracked open the case, whack the card, bootingness restored, the Samsung HDD is still healthy, so off you go again.

    Fast forward to the next blackout. I had forgot to unplug the PC, so when the power restored, so did the machine. There goes the first oddity of these IBM boxes: when you plug them to the wall power, the PSU will kick on -full blast- after a few seconds, long enough to let the HDD(s) spin up, then shutdown again, waiting for someone to actually turn then on again. I've never understood the why of this (maybe it's a sort of self test on standby/cold power up?), but this is normal on all those boxes I've seen so far (and those IBMs were sold by the truckload over here - chances are your nearest bank branch or public office are still using a few of those!). Here is the key: the machine should shutdown after a few seconds of this! Except that... mine just stuck there. No video, no beeps, no nada!

    Tried all the following...
    - Unplug power, then replug: nothing.
    - Remove the CMOS battery: nothing.
    - Clear the CMOS using the jumper: the machine beeps several times when the jumper is set, but it just sits there with it removed
    - Remove all expansion cards: nothing.
    - Reseat the RAM: nothing (Trying to boot without RAM does cause the machine to beep endlessly, just as expected... but as soon as ONE DIMM is set... well, nothing!)
    - Unplug EVERYTHING (drives, cards) except for the PSU, some RAM, and the front panel button/LED board: NO-THING!

    Long short story: I ended taking apart the machine down to the frame for a good cleanup. And oh boy, that thing was DIRTY! Tons of dust (including the PSU, which has never been opened since it came out of the factory in November 2003, and was a totally disgusting mess, maybe even a fire hazard!). After painstakingly cleaning every single piece, replacing caked thermal paste, brushing every corner of the case, and reassembling everything, the machine came back to life at the first try! (Just to rule out any failed component, I reassembled and tested in stages: first motherboard+RAM, then AGP video card, the HDD+FDD cage, and finally everything else).

    So yeah, there is it: another good reminder that a straight cleanup every now and then can actually fix (and even prevent) boot issues. This is not the first time that dust bunnies prevent any of my machines to boot, but this IBM is particularly annoying with it.

    If you ever have to service any of these puppies (they make great retroboxes for W98/2K/XP stuff, and they run Linux rather well), here are some useful tips:

    - Inner plastic pieces are very brittle and thus prone to break after withstanding years of heat inside the case: this includes the PCI/AGP card lock handle thingy and the HDD tray. For the former, IBM engineers were ahead of you, and knew that their zero-tool solution would cause problems down the road, so they left conventional screw holes on the expansion bays - just get some loose screws from your head parts bin to secure your expansion cards. For the latter... well, this one is tough: more recent Lenovo boxes use very similar HDD trays, but don't waste your time with those, as they aren't compatible - these were made for slimmer rails and dropping a drive in one of those would do no good as there would be nothing securing the drive in place (plus those don't include the grounding tabs found on the old-style trays). A makeshift solution would be using spacers, from 3D-printed to ghetto-style solutions (I used cardboard!). The tray is not optional: there are no screw holes for securing HDDs on those drive cages! (surprisingly both the FDD and ODD cages DO have screw holes... and they're required!)

    - Watch out when removing the motherboard from the case! The correct way is to slide it towards the front of the system, then lift it up. This is due to another interesting design choice by IBM: they use a proprietary Socket 478 heatsink/fan mount (it uses a couple of screws to fasten a couple of "wings" that secure the heatsink unit in place). As you know, since the Socket 478 era the heatsink/fan mounts are separate from the socket, and (usually) user-replaceable. But what makes this IBM design really special is that not only they made custom-shaped pieces to leave space to some parts in the PCB, they also placed a "clamp" at the lower case to secure the entire assembly to the PC chassis! (this is why you can't simply lift the mobo from the case - trying it will end severely damaging everything: case, motherboard, humans). I haven't tested if this motherboard can accept stock Intel (or 3rd-party) heatsink mounts.

    - The motherboard is standard ATX fare, there is nothing proprietary there, except for the front panel connectors (power button, LEDs, USB ports, speaker). If you're planning to use one of those cases for a Frankenstein box (why not? They're far better than your generic Chinese junk, if you can withstand living with ONE HDD bay), get ready to rewire everything inside. IIRC IBM has all relevant pinouts documented on the Hardware Maintenance Manual for these. The speaker connector is 2-pin, but of a smaller pitch so you will need to solder a new connector, rather than just replacing the plastic jacket.

    - As for PSUs... getting modern replacements for these ATX units (which were state-of-the-art in 2003: SATA power plugs, elaborate input filters, passive PFC coils heavy as hell... y'know, the basic stuff that you would expect from any half-decent PSU nowadays) can be very tricky. These came with 230W units, which is not a lot of power, and even less if you're considering to pimp your rig (Prescotts, fancy AGP video cards, DVD burners, and high-performance SATA drives can easily overload your PSU). While these are standard ATX units (down to the pinouts and screw holes), if you ever see one in the flesh you will notice its funky shape (the "hump" is to house a bigass 10cm fan). The hump is not of concern, but the depth is: this one is no more than 10~12cm deep, while the standard ATX PSU is easily twice that. The case is simply too small for it! You WILL run into clearance issues with the ODD drive cage (also, modular PSUs are right out of the question). These are your options:
    + Get rid of the ODD drive cage, which means giving up CD/DVD drives. This may or may not be a big deal to you, depending on what uses you have planned for your rig (in my case, while I have went disc-less, I actually replaced it with a removable PATA bay, which takes one of the 5.25" slots, so clearly that's not an option).
    + Use "short-loader" ODDs (Lite-On made plenty of those). This may buy you like 5cm or so, which is not enough for most PSUs out there.
    + Find a "short-sized" ATX PSU. They DO exist, but they're usually gutless wonders. Don't waste your time.
    + Consider switching to a SFX PSU. They're small enough to fit within the depth restrictions, and if there are ATX-to-SFX mounting plates available (if you get your PSU from a reputable brand instead of buying a gasoline-soaked rag, chances are they will throw one for free in the box). This limits your power budget to <700W, but that's more than enough for an Emergency Extreme Edition Gallatin with a HD4670 and a couple of 10KRPM screamer HDDs (you won't be overclocking on the stock IBM mobo/BIOS anytime soon anyway). As a bonus you get some extra space inside which helps with cooling.

    - Cooling is a serious issue with those boxes, particularly around the FDD/HDD cage, which runs VERY HOT due to the cabling mess underneath (the ATX power harness, PATA/FDD ribbons, drive cage power cables, and SATA cables run under it, and with the RAM slots on bottom of THAT, this leaves no room for cooling there). While IBM provided the motherboard with 3 fan connectors, these were most likely intended for the tower systems, not for the desktop ones as these boxes have ZERO mounts for additional fans (WTF IBM!?!?!?!). This leaves HDDs very vulnerable to extreme heat (I've measured 65°C temps there, and that's on a room with plenty of air conditioning!), and it's THE most popular part to find failed on those. You need to get very creative to work around these constraints (hint: plastic and duct tape are your best friends... and of your HDD too!)

    - Speaking about cooling and monitoring, don't expect to control your fans from Linux anytime soon: the specific SMSC SuperI/O chip on this board will never be supported by lm-sensors, despite being similar to other chips from the same manufacturer and vintage. You will have to survive with the three fan settings on the IBM BIOS (Normal, Quiet, Jet Engine). FWIW, this chip IS supported by SpeedFan under Windows.

    - You can easily flash a new bootscreen using the official IBM/Phoenix BIOS update packages (it's all documented there). But the bootscreen will stop working for unknown reasons (instead all you get is the standard text mode boot messages). It certainly did stop working last time I switched video cards. You may try a reflash if this happens, but considering how long my IBM T120 panel takes to wake up over DVI (by the time it wakes after powering the PC, it's already on the GRUB boot menu), I didn't bother.

    - There is no room for a secondary HDD! Ditch the floppy, get a 5.25" adapter bracket, or even better, install hotswap bays in the ODD slots (for whatever reason you get two of them on the desktop chassis)

    - The AGP 8X slot in this thing only takes 1.5V cards. Universal cards will fit, but if it is a oldass 3.3V card, it will NOT work! Thankfully you can install HD3000/4000 cards on this thing (your PSU power budget allowing), assuming you're willing to endure ATi driver hell. The HD2000 series will work fine as long as you don't want to decode HD video on those because these first-gen UVD cards were garbage. Don't make the same mistake I made :/

    - This thing will gladly take up to 4x1GB DDR400 DIMMs. But not only there are no 64-bit Socket 478 CPUs (barring a couple of very specific OEM-only CPUs for IBM servers that you won't be finding outside eBay scalpers, and that most likely will never work on this BIOS due to missing microcode), the 865G chipset has a 4GB ceiling. Remember: you also have to factor in all other devices in your system eating some of that memory address space, including your video card (if you have one). My recommendation? 4x512MB or 2x1GB sticks (so you can take advantage of Dual Channel modes) and you're golden, but NO MORE. XP will scream on such a setup, and even Debian will run with a more than modest performance. Just don't ever try running a web browser on it...

    - If you add a sound card (highly recommended for any serious multimedia usage; the good ol' SB Live! is still a fine choice for these machines), don't forget to disable the built-in Analog Devices integrated audio codec.

    - This machine will run Windows 7 (I've tried it), but you may have troubles getting the video card drivers to work (at least in the case of a GeForce 6200; I'm not willing to endure more stages of the ATi driver hell so I haven't tried with the HD2600). You will want a video card inside anyway no matter the OS, as the integrated i865 video is nothing short of utter rotten garbage. Stick to XP+Linux (or your favorite *BSD).

    - If you ever have to get into the PSU, be aware that those are quality designs (no joking: for a measly 230W design they're HEAVY, which is often a good sign) which means that they're a PAIN to crack open! Mine came with a Hipro (now Chicony) PSU (which is considered among some PSU gurus by "almost God tier"), but these also shipped with ACBel and Lite-On PSUs), and tearing it apart is... well, not a joy:
    + Remove 5 screws: two at the bottom, and three at the front (two at the DC cables exit, one at the other side). Don't forget to break the cable tie holding the cable maze to the case (don't undo any of the other zip ties holding the maze together)
    + CAREFULLY and SLOWLY pry apart the two halves of the PSU case. The metal sheet is thick, but you can still get very hurt! Plus the fan (which is held with rubber posts instead of screws to minimize vibration) is SOLDERED to one of the many sub-PCBs inside the case. If you're feeling masochist you can cut the fan cables, but I strongly recommend to refrain from doing so.
    + Once the two case halves are separated, set the fan half aside. Now you will see a white plastic sheet (that's the isolator that any PSU should have, bar some gutless wonders). Under it, it's the main PCB, secured with 4 screws, one at each screw. The plastic sheet is affixed with the two screws towards the rear of the case. There is a corner cutout on the sheet exposing the 3rd screw, and the 4th and final one is UNDER the sheet. Remove those now.
    + With your third hand, try to unplug the power input cable that comes from the AC input filter board (which is right in front of the AC power socket). There is next to no room for your fingers in that highly crammed corner of the PCB, so be gentle! (Oh, if this is your first time, there is another cable tie that you must break) Even after unplugging it, you can't simply pull the main PCB as there is another wire coming from the PFC choke (?) SOLDERED to the PCB (WTF HIPRO, WHY?!?!??!). The best you can do is to carefully bend the case while wriggling the PCB until it sets free from the case. Take your time, as this is the single most frustrating step of the dissasembly!
    + Take your brush and evict all the dust bunnies! All 15 years of 'em! There is no need to remove the PFC choke or the input filter board, unless you really hate yourself or have a fourth and fifth hand.
    + To reassemble, do all steps in reverse. Reseating the plastic isolator sheet is the second next difficult step here: just push the goddamned thing HARD! Also, a helpful thing: you've noticed that the sheet has a screw hole for the 4th screw (the one you had to remove UNDER the sheet). The Hipro slaves at the China factory weren't lazy: leaving this hole alone and only screwing the PCB to the case on this point is intentional. DO NOT SCREW THE ISOLATOR SHEET HERE, otherwise you will NEVER be able to close the case as the fan goes here and will NEVER fit! The isolator needs to be free to slide under the fan (a long and thin plastic spudger may come helpful here).
    CaptainJistuce Honestly, the last XP patch looked like it only happened to get the camera so the media would listen when they said their spiel about state-level actors. I dunno on this one, it doesn't seem to be associated with any rant I can see.
    wertigon If they un-EOL XP they also need to un-EOL Win98 SE. So, not going to happen.

    Though why anyone would run Win98 connected to internet these days is beyond me. :)

    As for XP, at some time you need to stop supporting old versions. Since win7 there were few reasons left to use XP (or Vista for that matter; 7 was a straight upgrade from that), and those reasons are fewer and fewer as time goes on.

    You don't like it there's always ReactOS!
    ‮strfry("emanresu") You can (should, must) never back down, and that is a consequence of having one in the first place, so un-EOL ing XP won't happen.

    Good on them to still support it. I'd reckon all this "Windows 7 EOL" tripe is a hoax for the same reason.
    tomman If you're still using that old Thinkpad or Compaq Evo pizzabox that works with nothing but good ol' WinXP... be aware that there is yet another nasty vulnerability doing the rounds out there. But since the words "wormable" and "exploit" are involved, MS has yet again done the unthinkable: release a security patch for XP... in 2019! Remember: XP was EOL'd for good in 2014, but in the wake of the WannaCry disaster, MS had no option but to release a bunch of emergency patches in 2017 for the living zombie of this OS.

    https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
    https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

    This specific vulnerability does hit Remote Desktop / Terminal Server on all Windows versions up to Win7/2K8R2, but surprisingly not Windows 8.x/10. For W7, the patches are now available through the usual WU channels. For XP/2003, you have to source them from Windows Update Catalog. And for Vista... well, fuck you - why in the hell are you still using Vista!? XP has (mostly) legit excuses, at least.

    At this point, MS should just grow a pair and un-EOL XP. People is not going to stop using anytime soon, no matter what you try. It was a great OS, and it still has some potential left. But no, that does clash with their Spy Machine of Terrible Performance known as Windows 10.
    Nicholas Steel Microsoft finally corrected their article (https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in) with correct instructions on installing the Speculation Control Powershell package.

    Previously it was missing the Set-ExecutionPolicy and $SaveExecutionPolicy bits of the documentation for manual installation. So when you'd go to install it you'd get errors since you didn't have the right policy for installing scripts in effect. A lot of places which offer scripts to run, fail to provide this information and it's hard to google for if you don't quite know what to google.

    (Save current policy)
    $SaveExecutionPolicy = Get-ExecutionPolicy

    (Gain permission to install packages)
    PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

    (Restore original policy)
    PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
    CaptainJistuce
    Posted by Kawa
    This after the whole thing with the dates.
    It is easy to know what decade you're in, which makes it easy to correct.
    Also, new hardware uses the 13-bit week counter instead of the 10-bit one, and is good for a century and a half.
    ‮strfry("emanresu")
    Posted by funkyass
    you know what is a good time keeping source? GPS.

    Also pretty expensive. Would be cool to have a GPS watch one day though, hate having to constantly set it.
      Main » Discussion » Computer Technology News/Discussion » New reply
      Yes, it's an ad.