* Posts by Keith Langmead

280 publicly visible posts • joined 8 Mar 2007


Comms watchdog to probe errors that left Brits unable to make emergency calls

Keith Langmead

Government expectations

I love the comment from the government reported by the BBC - "The government has said it took BT nearly three hours to alert ministers to the problems it was experiencing."

which seems like a typical non-technical failure to grasp the idea of priorities. If the issue started at 08:30 on Sunday I'd take a wild guess that the only relevant BT staff working (either actively or on call) would be the engineers, and they'd be busy trying to fix the problem. They're engineers, so they're sure as hell not gonna be calling Whitehall who likely can't contribute anything practical to fixing the issue, they'll just be updating their immediately line managers. I imagine you'll have to go up a few levels of management (none of whom would be actively working on a Sunday morning, so possibly not immediately contactable) before you reach someone with the authority to speak direct to the government on behalf of BT. They don't indicate whether any status pages or similar were updated with information, but that's presumably more likely to happen in the short term, than finding someone willing and senior enough to place the call, especially when initially they'd likely have zero information to pass on anyway.

Standard "I can speak to you about the issue, or I can fix the issue... I can't do both".

Ex-Twitter sextet sues Elon Musk for 'stiffing' them on severance

Keith Langmead

"Here in the UK there is a further step or two to this...the next generation that inherits it, flogs it off to the national trust for peanuts, because they are nothing like their great great grandparents,"

Or more often, flog it for peanuts to the National Trust to avoid the crippling costs of maintaining the property + grounds, plus future costs from inheritance tax for the future generations... but with an agreement thay they retain use of the property on n many days per year for the next few hundred years. So someone else pays to maintain the place, and they get to rock up occasionally and get the benefits of the property for things like weddings, massive parties etc like they still owned it.

Search the web at least once every two years or risk losing your Google account

Keith Langmead

Re: Our internal analysis...

Yeah, as much as I'm sure they'd love that additional 2FA info, and will encourage people to use 2FA for security reasons, I can't imagine they'll ever force people to adopt it. At least not while there's nothing preventing a user searching Google or viewing Youtube without actually logging in with their Google credentials, as many would just put up with the less customised UI of both when not logged in, and Google would likely end up losing more juicy user data than they gained.

Student requested access to research data. And waited. And waited. And then hacked to get root

Keith Langmead

Re: In Code We Trust

Yeah, bet that's a mistake you've not made since! :) Been there, done that, got the t-shirt. Gotten into the habit these days of logging into the machine as local admin rather than domain admin to do a disjoin, that way there's no chance of doing it without knowing what the current local admin password is.

Windows 11 puts 'disgusting' Remote Mailslots protocol out of its misery

Keith Langmead

Re: Net Send was disgusting.

Oh yes. At Uni in the late 90s we had a lab full of Sun terminals. Someone knocked up a script which would rlogin to a random terminal and play water drop audio file. Looped with a random time delay, and you'd periodically hear a drip sound coming from a random part of the room. And of course since Telnet was still a thing and security wasn't, you could connect (with an appropriate SOC login obviously) from anywhere in the world to confuse whoever happened to be in there at the time. Ahhh, fun times.

Keith Langmead

Re: The trouble is…

Surely search for and run "Startup Apps", scroll down to the entry for Teams, toggle Off.

Yes, Samsung 'fakes' its smartphone Moon photos – who cares?

Keith Langmead

Once this becomes standard our lizard overlords will be able to move freely on our side of the moon once more, safe from any intrepid photographer trying to capture their nefarious schemes. Think you've spotted something fishy on the moon? Take a photo to prove it to everyone... nope, just a normal picture of the moon!

Microsoft makes Outlook Mac native email app a freebie

Keith Langmead

Re: Client not worth paying for

Considering the latest version of Outlook for Mac doesn't support Exchange mailboxes (365 / Outlook.com fine, but no on-prem Exchange) and just shows Exchange under "Coming Soon" rather than a supported type, I think it's a bit true. You have to switch/revert to Legacy Outlook to configure an Exchange mailbox.

If your DNS queries LoOk liKE tHIs, it's not a ransom note, it's a security improvement

Keith Langmead

Re: Effective DNS Cache Size

There wouldn't be any impact on the cache size, as those permutations wouldn't be getting stored.

If Google needed to query the record for www.theregister.com then it would make the query for www.tHeRegistER.cOm, the auth DNS for theregister.com would receive that request, see that www.tHeRegistER.cOm = www.theregister.com, and reply with the answer while maintaining the ID number and case of the requested domain. Once received Google would then update its cache for www.theregister.com.

It doesn't need separate cache entries for theregister.com, tHeRegister.Com, TherEgISter.coM etc as they're all the same domain when stored in case-insensitive format. The case sensitivity is only used within the queries between Google and the Auth DNS servers, not in storage.

Microsoft feels the need, the need for speed in Teams

Keith Langmead

Re: Ditch

And as an added bonus it becomes WAY easier to control how long the meeting goes on for. For instance you can decide the meeting will only last 40 minutes, or perhaps 80 minutes etc. Or if it's gone a bit rambling at the end, rather than having to make excuses to leave you just don't re-join after the next disconnection.

Keith Langmead

Re: Pricey

"that you have to create a "Team" in two steps, and wait fifteen minutes between step one and step two would be funny if it wasn't so sad."

Sounds about right. Replication time for any changes in 365 always seems to be awful. Make a change to fix a user's problem, wait a few minutes and try again... still broken. OK, wait 60 minutes... still broken. Right, so did the thing I tried not work, or has it not replicated yet? Try again the next day... working!

Twitter begs some staff to come back, says they were laid off accidentally

Keith Langmead

Re: More proof

That and lots of previously inactive Twitter users logging in purely to post what their new Mastodon address is, and hunt through the people they follow to find out what their new addresses are to follow them there as well... not like that's precisely what I did last night after not posting on Twitter in ages. :)

PowerShell pusher to log off from Microsoft: Write-Host "Bye bye, Jeffrey Snover"

Keith Langmead

Re: "Admins don't want command line interfaces"

Personally I want both! Yeah I know, wanting my cake and eating it. :)

For something I'm unfamiliar with or don't touch very often the GUI is always king, having the ability click around the UI until I find what I'm looking for (because invariably I know what it is, I just can't remember what they call it)... and crucially a fully functioning GUI, not the half arsed Exchange GUI where you can only view a subset of the information.

But for regular tasks and automation command line and scripts win out every time, both in speed, and also when scripted in consistency since you can ensure the exact same options are selected every single time.

Microsoft updates Edge's Internet Explorer mode

Keith Langmead

Updating their other apps to no longer require IE

I wonder if they'll finally fix the issue with the "view it in a web browser" option in Outlook which only works with IE! Specifically, that option generates and then calls a .mht file rather than a standard html file, but Edge/Chrome/Firefox don't support that file type. So by default it'll open in IE regardless of what your system default is, and even if you change that default for that one file type it still doesn't work since the chosen browser can't render the page. I could almost forgive them if it was only older Outlook versions with the issue, but last time I checked people with the latest 365 builds still reported the same behaviour. And of course even if you still have IE, these days plenty of emails can't be viewed as they pull info from the website, and that in term redirects you to a page telling you IE isn't supported. Apparently Chrome used to have a experimental option to make it work, but that's since been removed.

Microsoft backtracks on lack of easy Windows browser choice

Keith Langmead

Re: Customer Enhancement Programme

Absolutely true. Standard procedure seems to be :

1) Roll out new "feature" that no one has asked for.

2) Receive masses of negative feedback from the testing community reporting that it breaks stuff / doesn't work / is incompatible with existing and commonly used apps/hardware.

3) Ignore the feedback through a few rounds of testing.

4) Release the update (aka force it on everyone) with the "feature" unchanged.

5) Receive even more negative feedback from normal users for the same reasons that were given by the testers.

6) Pretend this is the first time they've been made aware of the issue and rush to create a fix.

Rinse and repeat.

How legacy IPv6 addresses can spoil your network privacy

Keith Langmead

Re: Underwhelming

Yeah hardly earth shattering, at least based on that explanation of the "vulnerability" in the article. Surely in terms of risk, this is no more than the difference you currently get in a NAT IPv4 setup between whether you have a dynamic IP address allocation from the ISP or a static IP address, and no one's suggesting that having a static IP address is a terrible thing that should be avoided at all costs. Plus, in order to take advantage of it, you as the attacker need access not just to a site/service that the victim connects to, but one that more than one of their devices including the vulnerable TV in this example connects to. All that just to know that the connection you saw yesterday came from a device on the same network as you're seeing today, but not necessarily the same actual device.

A tiny typo in an automated email to thousands of customers turns out to be a big problem for legal

Keith Langmead

Wary of ALT-S

With old age and repeated bad experiences I've developed caution regarding blindly hitting Alt-S only to realise I hadn't included something... or worse.

Gotten into the habit these days of leaving the address fields empty until the very end (or even emptying them and re-adding the addresses for replies) for important emails, just so I get those few extra seconds after I finish writing the email and then set who it's going to to realise what if anything needs changing before I hit send. Has saved me multiple times.

Amazon India execs questioned after sellers allegedly use site to smuggle marijuana

Keith Langmead

Re: So, at what point

"and how is the AI statistical analysis supposed to recognise it?"

Quite easily, simply insert the standard amount of governmental lack of knowledge of a topic, add a chorus of "you employ lots of very clever people, so you MUST be able to find a way", and then ignore any replies from those same "clever people" when they point out the thing isn't actually possible/practical.

It's the same process as we see from our Home Office demanding the tech companies both 1) keep everyone 100% secure online, and 2) allow the authorities full access to that same data.

Navigating without GPS is one thing – so let's jam it and see what happens to our warship

Keith Langmead

Re: I guess I'm too much of a navigation geek...

So long as you remember that while most people generalise that the sun rises in the east and sets in the west, that's only true at around this time of year and March (eg the equinox). June/July for instance it can be closer to rising in the NE and setting NW.

Actually had to explain that to a friend on holiday in July when working out which path to take, as while I think they knew it in a factual sense, they'd never needed to think of it in a practical sense. Me on the other hand... years of trying to photograph sunrises/sunsets and planning when to be in certain locations has made me very aware of that fact. The suncalc website is probably my favourite website... after thereg of course. ;)

Without that knowledge it's fine if you're just after rough "head in a vaguely northern direction", but not so useful if you need more precision.

Monitoring is simple enough – green means everything's fine. But getting to that point can be a whole other ball game

Keith Langmead

"The leader of that team then said the problem was as the alert was an email, they get too many of them etc"

IMHO that's one of the most critical things with any monitoring setup I've worked with, getting the dependencies setup correctly to reflect reality, and preventing those receiving the alerts from being flooded with alerts.

Eg if you have :

Firewall > Switch > HV Server > Virtual Server > various services on the server

all being monitored, where if something breaks and stops working then everything to the right of it will also be down, you only want to be alerted to the most critical item that's down on the left, otherwise for instance while you're scanning through the alerts for services on a VM that are showing as down, you can easily miss that the Firewall in front of it all has stopped responding. Off the back of that you need to have an understanding of how the infrastructure fits together, which services rely on each other etc.

At a basic level monitoring's simple, but once you start digging into it it can become a minefield.

Tolerating failure: From happy accidents to serious screwups … Time to look at getting it wrong, er, correctly

Keith Langmead

“Principle of Least Access”

Aside from the obvious security benefits, my favourite side effect of a properly laid out “Principle of Least Access” is it can sometimes make tracking down the source of an issue much faster. Had a customer suffer from a randomware attack in the past, and being able to quickly say :

"OK, content in folders A, E and F have been encrypted, but not the other folders. Which user or users only has access to that specific set of folders? Focus our investigation on their machines so we can find the culprit, get it disconnected from the network, and get the borked data recovered from backup".

Not the only way to track things down, but sometimes you get lucky and can either immediately identify the infected machine, or at least massively narrow down the scope of the search.

Keith Langmead

Re: Fixing errors

"Another policy was to tell the operators that, if they made a mistake, to talk about it and they would not get in to trouble."

Absolutely, making an honest mistake shouldn't get you in trouble, but trying to cover one up should.

Stack Overflow acquired for $1.8bn by Prosus (no, me neither)

Keith Langmead

Re: Just StackOverflow?

Yeah I was wondering the same thing. To my understanding Stack Exchange Inc is the company, Stack Overflow is just one of many sites they run on various topics.

So for instance does the purchase include Server Fault, or Super User etc? If not then presumably if they do screw up Stack Overflow you'll just find another new forum appearing with Stack Exchange to replace it.

That Salesforce outage: Global DNS downfall started by one engineer trying a quick fix

Keith Langmead

Re: wth is it with always dns?

In my experience it's most often non-technical people including management who suggest "it'll be the DNS", often because that's the one technical thing they've heard of and they want to sound like they know what they're talking about.

Certainly among my colleagues whenever we refer to "it's always DNS" we're not seriously suggesting that it is, we're taking the piss out of former bosses who insisted that may be the cause of any issue.

Keith Langmead

Re: "We have taken action with that particular employee"

May also depend on whether they tracked down the engineer at fault (eg they were keeping their head down and hoping to avoid blame), or the engineer immediately put their hand up and admitted they were the cause of the fault.

Assuming they were otherwise competent at their job, IMHO someone who will admit to their mistakes rather than trying to cover their tracks is someone it's worth keeping around. Their replacement could be of the cover their tracks variety, and that could lead to even worse issues when something goes wrong.

Crane horror Reg reader uses his severed finger to unlock Samsung Galaxy phone

Keith Langmead

Re: It would have been more interesting...

Yeah I was thinking the same thing. Surely any tech checking if the finger is real/alive has less to do with knowing the exact characteristics of a live vs dead/fake finger, and more about detecting more than just the finger print so it can then detect the difference when that state changes. Otherwise you also have to get into the realm of deciding what the acceptable range of values should be to cover everyone, since one person may naturally have much warmer or much colder fingers than someone else. So since he had access to the phone and setup the dead finger as being valid, when he then used it the phone obviously unlocked because it was a perfect match.

Makes me think of Nick Fury in Winter Soldier, where he'd previously already registered his dead eye so he had a backup in case someone removed his official working eye scan from the system.

Don't cross the team tasked with policing the surfing habits of California's teens

Keith Langmead

Re: High-level manglement can be just as much a nuisance as unions

And a huge waste of time. Those "old-timey suit wearers" have likely never needed to learn how to type, so why would they start now? If you're a < 10 WPM one finger typist who can afford to pay someone else who can do the same thing at least 10x as fast then why wouldn't you? In situations like that you want systems which streamline things like dictation etc to make your current workflow faster, not binning it all and trying to learn a completely new skill while dealing with a massive drop in productivity.

Ah, you know what? Keep your crappy space station, we're gonna try to make our own, Russia tells world

Keith Langmead

I think you're right. Competition even when friendly can be a good thing. I also think moving away from the current "all our eggs in one basket" situation might not be such a bad thing either.

Keith Langmead

Re: Keep your crappy space station, we're gonna try to make our own

... in fact, forget the space station!

Keith Langmead

Re: It does have a finite life

"The ISS has been one of the greatest achievements anyone has achieved. We should work for a replacement - but it should not be decommissioned before a replacement is actually in place."

Or perhaps design the replacement such that it's initially an extension of the ISS rather than starting entirely from scratch in a separate location. Use the ISS as basecamp until you've built enough of the new structure to allow that to take over, essentially treating the ISS as a building site porta cabin, with the aim to ensure the new extension can eventually run entirely independently from the ISS. Then one day once it's completed the deconstruction of the old ISS can happen and the two separated from each other.

PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report

Keith Langmead

"You're right about legacy apploications but things need to be seriously old to cause that sort of problem."

Sage Payroll, current versions. So not a small company or a niche product, and not really a legacy app. It STILL doesn't handle UAC properly so to install an update for it you need to be logged in as an admin user. If you attempt to install the update as a normal user and enter the admin credentials via UAC you find part way through the install it breaks out of the elevated security context and back to the user context... which doesn't have permission to do the update so the update crashes and often hoses your Sage Payroll installation.

Microsoft lines its UserVoice forums up against the wall, readies firing squad of '1st party solutions'

Keith Langmead

Deleting old content

"A wholesale dumping of the data without a migration would seem foolish at best. The company does, however, have form in such matters."

Yep, see the Technet Gallery as a prime example. A brief time spent as a read-only site, before being completely deleted with all the submitted content binned off. Yes, they have (or are in the process of... it's not cleared from their site) migrated all the MS provided scripts over to Github, but realistically it was the user submitted scripts on there which were actually worthwhile but those have simply been deleted. All because they say that since they don't own those scripts they can't move them over... true, but MS could have just left the Gallery as a read-only resource for a few years rather than months.

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Keith Langmead

Re: Who knew data centres were tinder boxes?

Not necessarily once personnel were evacuated. While at college I did work experience at a large company with a massive mainframe + couple of minis, the place was like a rabbit's warren of kit. The guy showing us the room explained about the halon system and pointed at the alarm and warning lights, and we were told that if those went off 1) there was a fire, and 2) we have a certain number of seconds to get out of that room before the halon turned on. Not it would turn on once we left, rather it was turning on in n seconds (60 I think) and we REALLY didn't want to be in there when it did!

Nominet boardroom battle may already be over as campaign to oust management hits critical milestone

Keith Langmead

"publicbenefit.uk has a list of those in support of change, 8 of them have fewer than 20 names which seems an odd choice from a simple cost-benefit viewpoint. Are there additional factors involved?"

What it doesn't show is how long they've been members. I'd bet many of those with only a few domains are old members, eg companies who previously did a lot more domain business but have since perhaps wound things down, or changed direction, but maintain membership since it allows them to keep direct control of their domains. Hell, could well be a bunch of old nerds who've partially retired but like to keep a hand in the game for their own use and perhaps that of friends and family, for whom £100 a year to maintain the status quo is a small price to pay. And they're likely also the types who'd be all over a vote like this.

Missing GOV.UK web link potentially cost taxpayers £50m as civil servants are forced to shuffle paper forms

Keith Langmead

Empire building

Call me suspicious, but I wonder if the department heads responsible for the online form are also those responsible for processing the physical one... department heads who are responsible for a large number of staff to process those forms justifying large salaries for management. In which case they may not feel such a pressing urge to fix that glitch before now since it would mean less staff required, department size reduces, less managers required etc. Nah, can't be, I'm sure all civil service management operate purely for the greater good of the nation and not person interest.

Keith Langmead

Re: I'm still mystified

Problem with MS is their two annoying habits of :

1) putting pages relating to the current version of a product at a path that doesn't include the version number, and then changing it when the next version is released so you end up with broken links if the page was found while still the latest version.

2) Deciding that because they no longer officially support something that the pages for it are no longer required so binning them off... cos as we know text storage is expensive and MS have limited storage capacity.

I've gotten into the habit of saving useful pages to pdf/onenote rather than just saving the link, just in case, which has saved me when dealing with old systems several times now.

(oh and it also annoys me how often they post information without bothering to mention which version of the product they're talking about, or even including some kind of published date so you can work it out.)

Family wrongly accused of uploading pedo material to Facebook – after US-EU date confusion in IP address log

Keith Langmead

Re: Bring back VMS Standard Date/Time...

So in a sorted list you're fine browsing through the entires in :













order? Also saying that dates are stored using a date/time variable ignores that that also has conversion issues, unless the system 1) knows which date system the source system used, or 2) the date variable uses the ISO format for consistency, which causes all kinds of issues as anyone who's experienced working with dates in SQL can attest.

No, boss, I'm not playing Minecraft. Minecraft is where I run VMs on the desktop now

Keith Langmead

Nested minecraft

"The virtual machine apparently runs well enough to play Minecraft"

If you can run Minecraft with the VM, the obvious next step is building a virtual computer within the virtual minecraft, then install minecraft on that...

Cornwall councillor suggests authority paid £2m for Oracle licences that no one used on contract originally worth £4m

Keith Langmead

Re: Byzantine Oracle licensing

Same with MS licensing. MS insist you must have correct licensing, yet refuse to confirm whether what you have is correct and direct you to one of their licensing partners. Licensing partners will advise, but also refuse to warrant that what they've told you is correct and that you're properly licensed.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

Keith Langmead

Re: 404 error?

Yep, "That's fixed it for now, we'll download a copy of the files to our web server and repoint things later... anyone fancy a celebratory pint?", and of course "later" never happened.

Dumpster diving to revive a crashing NetWare server? It was acceptable in the '90s

Keith Langmead

Re: A long time ago

Or worse... when that poor sod is you and other than recognising the bodge as your own handywork, you've no idea of why you did it and how it works! :)

That's the main reason I always document my work. Finding undocumented things done by others is annoying, but when it's something you did yourself and you now can't remember what/why it was done... that's just downright embarrasing.

Real-time tragedy: Dumb deletion leaves librarian red-faced and fails to nix teenage kicks on the school network

Keith Langmead

I remember doing similar in my Uni days on the library catalog machines. They all run Libertas which was from memory was a simple text based Unix system allowing you to search for books, so black and white screens, basic etc, but also rarely used by students. If you knew how you could break out of it and get to the shell to access other systems via telnet. So while students queued up for access to a PC, those of us in the know would grab one of those machines out of sight of the librarians, and use it to access things like BBS, MUD, and Unix based email.

Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...

Keith Langmead

No one needs End to End encryption!

Not sure what the issue is here, everyone knows that there's no legitimate need for end to end encryption online. That's what the UK government keeps telling us (along with governments around the world) to justify banning us from using it / back dooring its implementation, so it must be true right?

You've duked it out with OS/2 – but how to deal with these troublesome users? Nukem

Keith Langmead

Re: Timing is off..

Yeah I remember OS/2 Warp being shown off at the Computer Shopper Show in 1994, with loads of PCs available for people to have a go on.

What really let it down was they'd clearly made no effort to tune the machines to work at their peak on those machines, so they performed really badly. A friend actually bought a copy and installed it at home on a slightly lessor spec machine than they had, and once he'd taken the time to actually ensure the correct drivers etc were installed had it running way better than the ones they had on display.

Now Internet Society told to halt controversial .org sale… by its own advisory council: 'You misread the community mindset around dot-org'

Keith Langmead

Re: Corruption

No, I get an idea from a meme... I then checked elsewhere online to confirm the figures were correct (couldn't re-find the meme yesterday, so those figures posted were based on published stats I found not the original meme).

Keith Langmead

Re: Corruption

As a meme I saw recently pointed out, for an American earning $50k their taxes contribute $36 to food stamps and $6 to other social safety net programs, but they also contribute $6,000 to corporate subsidies. Anyone complaining about the first two and not the last one isn't against socialism, they're against poor people.

Instagram influencer fools followers into thinking Ikea photoshoot was Bali holiday

Keith Langmead

Re: Insta-what?

Or more accurately a mobile phone photo sharing site. You can only post to it via mobile/android tablet (dunno if iPad can), so if you want to do any post processing on your computer you have to then transfer it to mobile to post.

El Reg presents: Your one-step guide on where not to store electronic mail

Keith Langmead

Re: Deleted

The Recover Deleted Items option in Outlook (for recovering a message that's been "permanently deleted" but still within Exchange's protection period) only lets you see the Subject line, date, to/from details of a message, so you have to restore it in order to view the content. Wish they'd apply the same to the Deleted Items folder!

I believe with an Exchange setup you can already set it at server level to clear older items from all users' deleted items, so they can't override it... but of course you need to combine it with ensuring all staff know that 1) email shouldn't be "stored" there, and 2) anyone ignoring rule 1 WILL find those messages have disappeared in due course. Plus having management buy in that it's needed and not just IT being nasty, for instance showing how many gigs are taken up by Deleted Items, and the money that costs in terms of Exchange server storage and backup capacity.

Please tell us why you're not securing yourselves, UK.gov asks businesses

Keith Langmead

Re: Small biz

I think the marketing departments of many of the "cloud" providers need to take some responsibility for this. They sell their services to small companies as being easy and quick fixes, and leave out the limitations of what they offer. I've heard several small companies state that they have "offsite backups", only to find that they're simply using one of the cloud sync services. Have to explain to them that no that isn't a backup, and provides no protection if for instance their data is encrypted, or a file is overwritten, since that'll be synced as well and many of the services only keep the most recent version of a file.