Posts by Keith Langmead

"Here in the UK there is a further step or two to this...the next generation that inherits it, flogs it off to the national trust for peanuts, because they are nothing like their great great grandparents,"

Or more often, flog it for peanuts to the National Trust to avoid the crippling costs of maintaining the property + grounds, plus future costs from inheritance tax for the future generations... but with an agreement thay they retain use of the property on n many days per year for the next few hundred years. So someone else pays to maintain the place, and they get to rock up occasionally and get the benefits of the property for things like weddings, massive parties etc like they still owned it.

Re: Our internal analysis...

Yeah, as much as I'm sure they'd love that additional 2FA info, and will encourage people to use 2FA for security reasons, I can't imagine they'll ever force people to adopt it. At least not while there's nothing preventing a user searching Google or viewing Youtube without actually logging in with their Google credentials, as many would just put up with the less customised UI of both when not logged in, and Google would likely end up losing more juicy user data than they gained.

Re: In Code We Trust

Yeah, bet that's a mistake you've not made since! :) Been there, done that, got the t-shirt. Gotten into the habit these days of logging into the machine as local admin rather than domain admin to do a disjoin, that way there's no chance of doing it without knowing what the current local admin password is.

Re: Net Send was disgusting.

Oh yes. At Uni in the late 90s we had a lab full of Sun terminals. Someone knocked up a script which would rlogin to a random terminal and play water drop audio file. Looped with a random time delay, and you'd periodically hear a drip sound coming from a random part of the room. And of course since Telnet was still a thing and security wasn't, you could connect (with an appropriate SOC login obviously) from anywhere in the world to confuse whoever happened to be in there at the time. Ahhh, fun times.

Re: Client not worth paying for

Considering the latest version of Outlook for Mac doesn't support Exchange mailboxes (365 / Outlook.com fine, but no on-prem Exchange) and just shows Exchange under "Coming Soon" rather than a supported type, I think it's a bit true. You have to switch/revert to Legacy Outlook to configure an Exchange mailbox.

Re: Effective DNS Cache Size

There wouldn't be any impact on the cache size, as those permutations wouldn't be getting stored.

If Google needed to query the record for www.theregister.com then it would make the query for www.tHeRegistER.cOm, the auth DNS for theregister.com would receive that request, see that www.tHeRegistER.cOm = www.theregister.com, and reply with the answer while maintaining the ID number and case of the requested domain. Once received Google would then update its cache for www.theregister.com.

It doesn't need separate cache entries for theregister.com, tHeRegister.Com, TherEgISter.coM etc as they're all the same domain when stored in case-insensitive format. The case sensitivity is only used within the queries between Google and the Auth DNS servers, not in storage.

Re: Ditch

And as an added bonus it becomes WAY easier to control how long the meeting goes on for. For instance you can decide the meeting will only last 40 minutes, or perhaps 80 minutes etc. Or if it's gone a bit rambling at the end, rather than having to make excuses to leave you just don't re-join after the next disconnection.

Re: "Admins don't want command line interfaces"

Personally I want both! Yeah I know, wanting my cake and eating it. :)

For something I'm unfamiliar with or don't touch very often the GUI is always king, having the ability click around the UI until I find what I'm looking for (because invariably I know what it is, I just can't remember what they call it)... and crucially a fully functioning GUI, not the half arsed Exchange GUI where you can only view a subset of the information.

But for regular tasks and automation command line and scripts win out every time, both in speed, and also when scripted in consistency since you can ensure the exact same options are selected every single time.

Re: Customer Enhancement Programme

Absolutely true. Standard procedure seems to be :

1) Roll out new "feature" that no one has asked for.

2) Receive masses of negative feedback from the testing community reporting that it breaks stuff / doesn't work / is incompatible with existing and commonly used apps/hardware.

3) Ignore the feedback through a few rounds of testing.

4) Release the update (aka force it on everyone) with the "feature" unchanged.

5) Receive even more negative feedback from normal users for the same reasons that were given by the testers.

6) Pretend this is the first time they've been made aware of the issue and rush to create a fix.

Rinse and repeat.

Re: Underwhelming

Yeah hardly earth shattering, at least based on that explanation of the "vulnerability" in the article. Surely in terms of risk, this is no more than the difference you currently get in a NAT IPv4 setup between whether you have a dynamic IP address allocation from the ISP or a static IP address, and no one's suggesting that having a static IP address is a terrible thing that should be avoided at all costs. Plus, in order to take advantage of it, you as the attacker need access not just to a site/service that the victim connects to, but one that more than one of their devices including the vulnerable TV in this example connects to. All that just to know that the connection you saw yesterday came from a device on the same network as you're seeing today, but not necessarily the same actual device.

Re: So, at what point

"and how is the AI statistical analysis supposed to recognise it?"

Quite easily, simply insert the standard amount of governmental lack of knowledge of a topic, add a chorus of "you employ lots of very clever people, so you MUST be able to find a way", and then ignore any replies from those same "clever people" when they point out the thing isn't actually possible/practical.

It's the same process as we see from our Home Office demanding the tech companies both 1) keep everyone 100% secure online, and 2) allow the authorities full access to that same data.

Re: I guess I'm too much of a navigation geek...

So long as you remember that while most people generalise that the sun rises in the east and sets in the west, that's only true at around this time of year and March (eg the equinox). June/July for instance it can be closer to rising in the NE and setting NW.

Actually had to explain that to a friend on holiday in July when working out which path to take, as while I think they knew it in a factual sense, they'd never needed to think of it in a practical sense. Me on the other hand... years of trying to photograph sunrises/sunsets and planning when to be in certain locations has made me very aware of that fact. The suncalc website is probably my favourite website... after thereg of course. ;)

Without that knowledge it's fine if you're just after rough "head in a vaguely northern direction", but not so useful if you need more precision.

"The leader of that team then said the problem was as the alert was an email, they get too many of them etc"

IMHO that's one of the most critical things with any monitoring setup I've worked with, getting the dependencies setup correctly to reflect reality, and preventing those receiving the alerts from being flooded with alerts.

Eg if you have :

Firewall > Switch > HV Server > Virtual Server > various services on the server

all being monitored, where if something breaks and stops working then everything to the right of it will also be down, you only want to be alerted to the most critical item that's down on the left, otherwise for instance while you're scanning through the alerts for services on a VM that are showing as down, you can easily miss that the Firewall in front of it all has stopped responding. Off the back of that you need to have an understanding of how the infrastructure fits together, which services rely on each other etc.

At a basic level monitoring's simple, but once you start digging into it it can become a minefield.

Re: Just StackOverflow?

Yeah I was wondering the same thing. To my understanding Stack Exchange Inc is the company, Stack Overflow is just one of many sites they run on various topics.

So for instance does the purchase include Server Fault, or Super User etc? If not then presumably if they do screw up Stack Overflow you'll just find another new forum appearing with Stack Exchange to replace it.

Re: wth is it with always dns?

In my experience it's most often non-technical people including management who suggest "it'll be the DNS", often because that's the one technical thing they've heard of and they want to sound like they know what they're talking about.

Certainly among my colleagues whenever we refer to "it's always DNS" we're not seriously suggesting that it is, we're taking the piss out of former bosses who insisted that may be the cause of any issue.

Re: It would have been more interesting...

Yeah I was thinking the same thing. Surely any tech checking if the finger is real/alive has less to do with knowing the exact characteristics of a live vs dead/fake finger, and more about detecting more than just the finger print so it can then detect the difference when that state changes. Otherwise you also have to get into the realm of deciding what the acceptable range of values should be to cover everyone, since one person may naturally have much warmer or much colder fingers than someone else. So since he had access to the phone and setup the dead finger as being valid, when he then used it the phone obviously unlocked because it was a perfect match.

Makes me think of Nick Fury in Winter Soldier, where he'd previously already registered his dead eye so he had a backup in case someone removed his official working eye scan from the system.

Re: High-level manglement can be just as much a nuisance as unions

And a huge waste of time. Those "old-timey suit wearers" have likely never needed to learn how to type, so why would they start now? If you're a < 10 WPM one finger typist who can afford to pay someone else who can do the same thing at least 10x as fast then why wouldn't you? In situations like that you want systems which streamline things like dictation etc to make your current workflow faster, not binning it all and trying to learn a completely new skill while dealing with a massive drop in productivity.

I think you're right. Competition even when friendly can be a good thing. I also think moving away from the current "all our eggs in one basket" situation might not be such a bad thing either.

"You're right about legacy apploications but things need to be seriously old to cause that sort of problem."

Sage Payroll, current versions. So not a small company or a niche product, and not really a legacy app. It STILL doesn't handle UAC properly so to install an update for it you need to be logged in as an admin user. If you attempt to install the update as a normal user and enter the admin credentials via UAC you find part way through the install it breaks out of the elevated security context and back to the user context... which doesn't have permission to do the update so the update crashes and often hoses your Sage Payroll installation.

Re: Who knew data centres were tinder boxes?

Not necessarily once personnel were evacuated. While at college I did work experience at a large company with a massive mainframe + couple of minis, the place was like a rabbit's warren of kit. The guy showing us the room explained about the halon system and pointed at the alarm and warning lights, and we were told that if those went off 1) there was a fire, and 2) we have a certain number of seconds to get out of that room before the halon turned on. Not it would turn on once we left, rather it was turning on in n seconds (60 I think) and we REALLY didn't want to be in there when it did!

"publicbenefit.uk has a list of those in support of change, 8 of them have fewer than 20 names which seems an odd choice from a simple cost-benefit viewpoint. Are there additional factors involved?"

What it doesn't show is how long they've been members. I'd bet many of those with only a few domains are old members, eg companies who previously did a lot more domain business but have since perhaps wound things down, or changed direction, but maintain membership since it allows them to keep direct control of their domains. Hell, could well be a bunch of old nerds who've partially retired but like to keep a hand in the game for their own use and perhaps that of friends and family, for whom £100 a year to maintain the status quo is a small price to pay. And they're likely also the types who'd be all over a vote like this.

Re: Bring back VMS Standard Date/Time...

So in a sorted list you're fine browsing through the entires in :

April

August

December

February

January

July

June

March

May

November

October

September

order? Also saying that dates are stored using a date/time variable ignores that that also has conversion issues, unless the system 1) knows which date system the source system used, or 2) the date variable uses the ISO format for consistency, which causes all kinds of issues as anyone who's experienced working with dates in SQL can attest.

Re: Byzantine Oracle licensing

Same with MS licensing. MS insist you must have correct licensing, yet refuse to confirm whether what you have is correct and direct you to one of their licensing partners. Licensing partners will advise, but also refuse to warrant that what they've told you is correct and that you're properly licensed.

Re: 404 error?

Yep, "That's fixed it for now, we'll download a copy of the files to our web server and repoint things later... anyone fancy a celebratory pint?", and of course "later" never happened.

Re: A long time ago

Or worse... when that poor sod is you and other than recognising the bodge as your own handywork, you've no idea of why you did it and how it works! :)

That's the main reason I always document my work. Finding undocumented things done by others is annoying, but when it's something you did yourself and you now can't remember what/why it was done... that's just downright embarrasing.

I remember doing similar in my Uni days on the library catalog machines. They all run Libertas which was from memory was a simple text based Unix system allowing you to search for books, so black and white screens, basic etc, but also rarely used by students. If you knew how you could break out of it and get to the shell to access other systems via telnet. So while students queued up for access to a PC, those of us in the know would grab one of those machines out of sight of the librarians, and use it to access things like BBS, MUD, and Unix based email.

Re: Timing is off..

Yeah I remember OS/2 Warp being shown off at the Computer Shopper Show in 1994, with loads of PCs available for people to have a go on.

What really let it down was they'd clearly made no effort to tune the machines to work at their peak on those machines, so they performed really badly. A friend actually bought a copy and installed it at home on a slightly lessor spec machine than they had, and once he'd taken the time to actually ensure the correct drivers etc were installed had it running way better than the ones they had on display.

Re: Corruption

No, I get an idea from a meme... I then checked elsewhere online to confirm the figures were correct (couldn't re-find the meme yesterday, so those figures posted were based on published stats I found not the original meme).

Re: Insta-what?

Or more accurately a mobile phone photo sharing site. You can only post to it via mobile/android tablet (dunno if iPad can), so if you want to do any post processing on your computer you have to then transfer it to mobile to post.

Re: Deleted

The Recover Deleted Items option in Outlook (for recovering a message that's been "permanently deleted" but still within Exchange's protection period) only lets you see the Subject line, date, to/from details of a message, so you have to restore it in order to view the content. Wish they'd apply the same to the Deleted Items folder!

I believe with an Exchange setup you can already set it at server level to clear older items from all users' deleted items, so they can't override it... but of course you need to combine it with ensuring all staff know that 1) email shouldn't be "stored" there, and 2) anyone ignoring rule 1 WILL find those messages have disappeared in due course. Plus having management buy in that it's needed and not just IT being nasty, for instance showing how many gigs are taken up by Deleted Items, and the money that costs in terms of Exchange server storage and backup capacity.

Re: Small biz

I think the marketing departments of many of the "cloud" providers need to take some responsibility for this. They sell their services to small companies as being easy and quick fixes, and leave out the limitations of what they offer. I've heard several small companies state that they have "offsite backups", only to find that they're simply using one of the cloud sync services. Have to explain to them that no that isn't a backup, and provides no protection if for instance their data is encrypted, or a file is overwritten, since that'll be synced as well and many of the services only keep the most recent version of a file.