* Posts by Steve Foster

768 posts • joined 10 Oct 2007

Page:

Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle

Steve Foster

The certificates for Nationwide do not have any intermediate CAs, so should not be affected.

I can't obviously identify whether it's EV or not (how does one tell these days?).

Email seems lost in the post? You might be a Tsohost customer

Steve Foster

Re: SFU

Same here. They've been spamming my servers for months, and I finally got fed up of playing whack-a-mole, and started firewalling their ranges outright. The spam volume has dropped like a stone.

Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5

Steve Foster

Re: 07/07/2020 13:04:41 - ( 2911) 250-SIZE 20971520

That's my server announcing that email of up to 20MB will be accepted.

That seems like a reasonable limit in the modern world - not too small to interfere with normal traffic, not too big to choke the server.

IME, the UCE that does get through actually tends to be quite small (well below that 20MB limit) - it's not often that junk comes with huge attachments.

Steve Foster

Re: Something about motes and beams...

Other [genuine] email from MS servers comes through ok, so I don't think it's TLS-related (though it's a good thought).

And even if MS did want to only transmit over TLS, their servers should end the conversation cleanly with QUIT, not just drop the connection.

Mostly, it's their hypocrisy that peeves me.

Steve Foster
FAIL

Something about motes and beams...

...it'd be nice if they could stop the silly DoS crap originating from some of their *.outbound.protection.outlook.com servers.

Stuff like this, where they just connect and then drop the connection over and over:

07/07/2020 13:04:41 - ( 2911) EHLO GBR01-LO2-obe.outbound.protection.outlook.com

07/07/2020 13:04:41 - ( 2911) 250-Welcome, mail-lo2gbr01lp2055.outbound.protection.outlook.com [104.47.21.55], pleased to meet you

07/07/2020 13:04:41 - ( 2911) 250-AUTH=LOGIN

07/07/2020 13:04:41 - ( 2911) 250-AUTH LOGIN

07/07/2020 13:04:41 - ( 2911) 250-SIZE 20971520

07/07/2020 13:04:41 - ( 2911) 250-ETRN

07/07/2020 13:04:41 - ( 2911) 250 HELP

07/07/2020 13:04:41 - ( 2911) Error: [10054] Connection reset by peer

Steve Foster
Thumb Up

Re: That much downtime?

Given the frequency with which all the cloud services like to go TITSUP, I'd say 265 is probably about right.

Keep it Together, Microsoft: New mode for vid-chat app Teams reminds everyone why Zoom rules the roost

Steve Foster
Trollface

Keep my Camera on?

What camera?

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

Steve Foster

404 error?

A recent feature added to Brave is an option to automatically try the Wayback Machine for 404 errors - could it be that Barclays had "misplaced" their JS and the browser auto-tried to "fix" the 404?

Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services

Steve Foster
Facepalm

Re: It is happening now

Yes, really. AFAIK, fail2ban doesn't run on Windows Server (though I expect there are fail2ban-like ports/substitutes/wannabes available).

Steve Foster

Re: It is happening now

As it happens, fail2ban isn't an option on the software I'm using, though that might change.

And I always have a momentary brain freeze when I see "fail2ban" (what use is a tool that fails to ban? oh, wait, upgrade failures to banned)

Steve Foster
WTF?

Re: It is happening now

It certainly is.

The number of attempts to log in to my email servers via SMTP, 2ry SMTP, IMAP and POP3 are through the roof.

In the past, it would be the same IP trying over and over (though there's still plenty of that), but it's now also common to see an IP try once and then disappear. And lots of those IPs are part of cloud providers networks.

Not only that, but the spam is also coming from an increasing range of IP addresses.

I've had to further reduce the limit on failed login attempts, as well as begin firewall blocking of IP ranges wholesale.

Not so nice, we investigated them twice: EU opens double whammy of inquiries into Apple's biz practices

Steve Foster

Re: I don’t quite understand this

More like 3rd-party manufacturers being obliged to sell their accessories (eg tyres, wiper blades, seat covers, fluffy dice, etc) for Ford vehicles through Ford dealers, and pay Ford a hefty fee for the privilege.

Or, say, music companies being forced to sell their music (to be played in a Ford vehicle) through Ford dealers, and again, paying Ford a hefty fee for the privilege.

In Hancock's half-hour, Dido Harding offers hollow laughs: Cake distracts test-and-trace boss at UK COVID-19 briefing

Steve Foster
Facepalm

World-Beating? Oh no, it isn't...

...oh yes, it is: it's the worst in the world. Even with the stiff competition from the likes of Bolsonaro!

Bloke rolls up to KFC drive-thru riding horse-drawn cart only to be told: Neigh

Steve Foster

WTF?

I've never been much interested in burgers, even before there was a McDonald's on every damn corner, so have never consumed any of their "offerings" (though I have been inside their premises occasionally in the company of others who did partake). I'm much more partial to pizza, though I'm aware that's almost certainly even worse for me in health terms.

Indeed, thinking about it, I wonder what the effect on the nations' waistlines might have been had the government instructed all takeaway food outlets to close for the duration of the lockdown! (I know I'd have eaten less pizza, for a start)

EU aviation wonks give all-electric training aeroplane the green light – but noob pilots only have 50 mins before they have to land it

Steve Foster

Boost from Solar?

Can't tell from the picture, but as this is primarily aimed at training and therefore probably mostly daytime flight, it seems like an obvious opportunity to cover the upper wing surfaces with solar panels to boost capacity/range.

Lettuce Encrypt, Encrypt We Must: Hobby projects change name after Let's Encrypt fires off trademark complaints

Steve Foster

US "defend your rights" Requirement?

Is the ISRG based in the US? Doesn't the US have some requirements for folks to "defend-it-or-lose-it" on various IP "rights"?

BoJo looks to jumpstart UK economy with £6k taxpayer-funded incentive for Brits to buy electric cars – report

Steve Foster

Re: That's sure to jump start Tesla sales...

"Black Cab"'s are now Chinese (LTI got bought out - by Geely, IIRC).

Morgan's numbers are so low as to be a rounding error on a rounding error. Aston Martin isn't significant either. And of course, Land Rover is Indian now (being owned by Tata), although still built here.

The Nissan Leaf is currently assembled in Sunderland.

Steve Foster

Re: Restructure the Market

"Complicated to administer and police."

Not really, it just goes into the VAT regime, which is the motor trade's problem. HMRC (at least the Excise portion) have traditionally been fairly effective on that front (some notable issues aside).

"Just keep knocking up the taxes on petrol and diesel and you'd achieve the same effect."

Well, that ought to be happening too. The difficulty in doing so is that it's pretty damn visible to taxpayers, so the governments of the day (of whatever flavour) tend not to be overly keen on doing so.

Steve Foster

Re: Restructure the Market

"Sure, provided you're comfortable with punishing the poorest who are least able to avoid your new taxes. I'm not completely sure I am."

By and large, I would expect that the poorest are not actually buying new cars at all, so pushing up the cost of ICE isn't likely to affect them (at least, not directly).

[Road charging is] "completely incompatible with privacy."

Not necessarily. You could certainly make it so if you wanted to do so (and I can see that there are some who would like to do so). However, the EU countries using road charging seem to be doing so without major problems, and without (AFAIK) totally compromising privacy. I don't see why we could not do likewise (non-functional public bodies notwithstanding).

Steve Foster

Re: This does not happen

Maybe because of the modern obsession with the [XYZ]aaS subscription model?

Of course, it's possible that eventually all the existing schemes will disappear, and you'll pay for the "fill" on a PAYG basis just like the existing ICE model.

Steve Foster

Re: Restructure the Market

Exactly. Fuel duty is going to dry up as a source of income. That's another reason that VED needs to be restructured (allowing EVs to pay nothing really is not a viable option).

If you want to encourage the switch from oil to EV, in a gradual way and not have a mad rush to switch at the last minute, forcing the price of ICE up and EV down is necessary. Doing so in a clearly defined manner that is affordable and doesn't simply introduce further problems down the road seems like the logical thing to do.

I agree that road charging is probably required, and that's not necessarily a bad thing if implemented sensibly (eg we ensure a contribution from foreign vehicles using our infrastructure that way).

Steve Foster

Re: Restructure the Market

VED is such a mess right now (with multiple differing schemes) that it just seems sensible to bundle fixing it in with larger changes.

While I get your point about the seriously wealthy not caring one way or another (as you say, the VED is almost immaterial to them), you do want it overall to be as fair as possible, and to be constructively arranged (even if it's principally "virtue signalling").

At the moment, the effective message of the various schemes is "hang on to your old diesel"!

Steve Foster

Re: Free parking for electric cars

Removing the cost of using the existing infrastructure from electric vehicles is ultimately self-defeating (the country cannot afford to give up those forms of income in the long-term).

Plus, such discounts are generally regressive, as the current price differential between petrol/diesel cars and the EV equivalent is such that EV purchases are mostly made by the wealthiest (ie those who can most afford to pay for the infrastructure are the ones least in need of such discounts).

Steve Foster

There are several factors to consider:

a) the profits on the car sales (which definitely goes overseas),

b) the service-based UK car jobs (dealerships/showrooms, garages, logistics, etc),

c) the car financing profits (may/may not go overseas, depending on source),

d) avoiding reintroducing the pollution from cars (the air quality has improved massively during lockdown)

I'm not sure where the overall balance would sit, and how (or whether) you can actually value (d).

Steve Foster

Restructure the Market

My 2p...

1. Introduce a fossil fuel car VAT supplement, starting at 2%, ratcheting up by an additional 2 percentage points every year until it hits 20% - ie gradually double the VAT on any vehicle that is in any way powered by petrol or diesel.

2. Introduce an electric/AF car VAT discount, starting at 20%, ratcheting down by 2 percentage points every year until it's gone - ie remove the VAT for now, gradually reintroducing it. You could cap this at (say) £6k maximum if thought necessary.

3. Drop the existing EV grant.

4. Rework VED so that all vehicles are on the same scheme (there are currently 3 or 4 different ones running in parallel), such that:

a) all vehicles pay, b) those that pollute more pay more, and c) those that impose extra wear and tear on the network or consume extra capacity [think heavy and/or XL vehicles] pay even more. For example, a base VED of £50, plus a fossil fuel component tied to emissions [one element for each of CO2 and NOx, plus room to add others if we find further pollutants], plus a % "XL" levy (say, 50% extra for over 2 tonnes or L>4.5m or W>2m or H>1.5m, and 25% discount for "compact" cars [<1T or small enough to fit 2 in a standard parking space]). It's probably appropriate to implement this new VED with lower starting rates that are ratchetted up by fixed increments for a few years before switching to inflationary rises, to avoid huge overnight hikes for those currently enjoying negligible rate VED on older petrol/diesel vehicles.

OK Windows 10, we get it: You really do not want us to install this unsigned application. But 7 steps borders on ridiculous

Steve Foster
Devil

"deterrent to installation"

"It's a deterrent to installation for sure, but the whole rigmarole can largely be prevented by signing code with a certificate"

"It's a deterrent to installation for sure, but the whole rigmarole can largely be prevented by downloading with a real browser instead of Edge"

There, FTFY.

Contact-tracer spoofing is already happening – and it's dangerously simple to do

Steve Foster
Mushroom

Re: Eh...

Self-immolation, OTOH, might just do...

(obvious choice of icon)

Steve Foster

Re: Unhearing government

Indeed, if I get a call from my bank (to my mobile number), the first thing they do is ask me to answer security questions (something their own advice says is bad).

I always say no, and explain why (the explanation is for the benefit of the staff person calling *and* their trainers [who use the recordings of those calls :p]).

Steve Foster

Re: OT - Did I miss something? 301 moved permanently??

Over the weekend. As you say, a PITA.

7*7 = a simple equation for taking total control of multiple VMware-powered clouds

Steve Foster
Joke

Re: 42?

You mean ${6*9} surely!

Watch an oblivious Tesla Model 3 smash into an overturned truck on a highway 'while under Autopilot'

Steve Foster
Joke

Re: what is really scary

It's the lighthouses that won't get out of the way that'll really get hurt!

Publishers sue to shut down books-for-all Internet Archive for 'willful digital piracy on an industrial scale'

Steve Foster

Re: Unusually

As I understand it, publishers receive ongoing payments for works lent by libraries, not just the normal purchase price of the work (using some fancy formulae).

Assuming the former is accurate, then while the IA is probably pushing the envelope somewhat, as long as they're paying the lending fees apropos for the vastly increased lending, the publishers aren't actually losing out. Indeed, arguably, they're likely to benefit from the increased awareness of their product (more readers means more sales [ultimately]).

Of course, it would probably have been better if the IA and publishers could have come to a negotiated agreement before all this kicked off.

New TLD redirect?

Steve Foster
Facepalm

Re: Smartphone app

If both are available, and working, why not just leave visitors on whichever one they chose to use? (especially when you've previously received negative feedback about forced redirection)

Even worse are those sites that then drop you on some sort of "pick your region" landing page, when the URL you typed expressly contained the relevant region in the first place!

Steve Foster
WTF?

New TLD redirect?

Visiting the UK ElReg (.co.uk), I'm suddenly being forcibly redirected to the US (.com) site instead (yes, yes, I know, .com isn't solely US, but YKWIM).

Please, *please*, *please* turn that back off.

Surprise! That £339 world's first 'anti-5G' protection device is just a £5 USB drive with a nice sticker on it

Steve Foster
WTF?

Take Yer Pick...

"A Fool and his money are soon parted."

"There's a sucker born every minute."

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.", Albert Einstein

Highways England waves around £62m contract for National Traffic Information Service after brief chat with vendors

Steve Foster
FAIL

Re: Utterley Useless

Oh, and the distraction when they use the information displays for non-urgent messages (like "Red X Enforced" and "Don't Drink and Drive"), particularly ones that are "terminal inexactitudes".

Steve Foster
WTF?

While They're Tinkering

Please could we:

a) have public access to the traffic cameras back on (they've been "access denied" since the Coronavirus lockdown started), and

b) how about putting a certificate on www.trafficengland.com, so that it's secure?

Steve Foster

Re: Utterley Useless

You forgot the excessive use of the variable speed limit system when neither the traffic volume nor current conditions justify it (yes, there are times when it's needed, but it's quite obviously being used beyond that).

cmd.exe is dead, long live PowerShell: Microsoft leads aged command-line interpreter out into 'maintenance mode'

Steve Foster

Re: simple shit so much easier with cmd

I understand the idea of safe defaults, but disallowing local scripts to be run in a scripting engine as a baseline configuration really is going overboard.

Steve Foster

Re: simple shit so much easier with cmd

Critically, CMD.exe does not rely on the .Net Framework. Monad^HPoSh needs that.

It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims

Steve Foster

Stelios & EGM

This isn't the first time Stelios has forced an EGM to be held, as he does like to throw tantrums from time to time. He basically thinks he always knows better than the EasyJet board - sometimes he might be right, but trying to throw his weight [vis his large shareholding] around like this just makes him look petty and vindictive.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Steve Foster

Re: Urgently patch your publicly available, recursive DNS server

"You're missing the point of the attack."

No, I'm not. The point of the attack is to persuade one innocent DNS server to overload another innocent DNS server, thereby creating two victims, one of whom is misled into thinking the other is a culprit.

"The resolver at badguy.com is "misconfigured" on purpose--that is the attack."

I'm not talking about what the bad actor is doing at all. I'm talking about what the good actors can do.

Steve Foster

Re: Urgently patch your publicly available, recursive DNS server

Authoritative isn't the issue. Recursion is.

It's a recursive DNS server that's vulnerable, because it can be used to cause problems for other authoritative DNS servers (by generating multiple queries to resolve the one it received).

Best practice says that authoritative servers should be configured to only respond for their domains, and not to resolve other domains at all. Like that, they can't be used to propagate this attack.

Podcast Addict banned from Google Play Store because heaven forbid app somehow references COVID-19

Steve Foster

Publish Elsewhere?

Perhaps it's time for developers to ensure that they provide the installation APKs on their own website as well as via the Google Store, so that there's a way for users to obtain the latest versions even when Google muck things up^Hfail to scale again.

This has the useful benefit of allowing their software to be sourced by those who either don't have access to the Google Store (eg Huawei users) or who wish to avoid it (eg privacy advocates).

If you don't LARP, you'll cry: Armed fun police swoop to disarm knight-errant spotted patrolling Welsh parkland

Steve Foster
Joke

Re: "...society's untouchables..."

Of course, in the current environment of "social distancing", that's everybody.

Instead of looking at Wuhan, perhaps Donald should be investigating those nerdy DMs as the source of COVID-19?

Google says it'll pick up the tab – and stick it in a lovely colour-coded Chrome group

Steve Foster

Re: I thought I was a bit odd ...

And I'm the reverse - very few desktop icons, but lots of tabs in my browser. And I use multiple windows to organise the tabs - I've even experimented with using different browsers to do that.

Sky Broadband is not the UK's cheapest, growls ad watchdog

Steve Foster

Re: "As for their misleading adverts..."

The current "punishment" regime is useless - forbidding advertisers from running an advert that they aren't using/showing any more is a waste of time.

What might work is forbidding them from advertising at all for a while - perhaps on similar lines to the coronavirus fines, where the ban duration starts modest, but rapidly ratchets up for repeat offences (within defined limits and with a slow decay [like speeding points]).

Or maybe we should just go the whole hog and ban advertising entirely! (launch the "B" ark)

Microsoft doc formats are the bane of office suites on Linux, SoftMaker's Office 2021 beta may have a solution

Steve Foster

Of course, it was created by a bridge player (or official), who used Word because it's what they had available to them at the time, and they weren't a "computer expert" (and probably were someone's grandmother!).

And either they weren't clever enough to be able to do booklet printing of a simple paged document, or possibly the automatic booklet printing options we take for granted now might not have been there in the combination of Win95/Me + Word 95/97 that was probably around when it was first created (it might just have been in the WinXP + OfficeXP era - certainly that's what I was using when I first got my hands on a copy of the document in the mid-noughties), so they created a multi-column layout to achieve the same end.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020