Re: Mail Storm
Have a pint for using the correct exchange cluster terminology
266 posts • joined 24 Jun 2008
Wish I could retell my tail of epic face palm, with no specifics massive escalation by a customer, threatening to pull contract see us in court etc. With an equally rapid climbdown once root cause of their admin didn't rtfm, grok the permitted request rates or understand what an amplification attack was, was identified.
nah its just your prejudice based on social conditioning and fear of things you dont understand
During my "goth" phase as a teen families would cross the street to avoid the scary looking person dressed in black scowling (doing nothing and wanting nothing to do with anyone), usually into crowds of alchopop fuelled tracksuit clad teens who became known as chavs causing trouble in town centre.
Similar thing happened when i shaved my head (fund raiser for charity) i went from long haired hairy biker looking bloke to skinhead thug and the reaction was telling, especially people assuming i was pro brexit and anti migrant (couldn't be further from the truth)
fact is you cant judge a book by its cover
That said if any one knocks on my door and isnt delivering something i ordered then they are cold calling and i automatically dont care and send on way dont even bother to look at the face to know i dont want it lol
Also if you want to recreate the "look" its one part stubbing toe, 2 parts trying to remember pi to 60 decimal places, with a smidge of docile cow vacant thousand mile stare added for additional intensity, its a fine line to walk so you dont look like your severely constipated
World beating or beaten by the World...
The problem with clinging to rose-tinted World views is that they probably thought it was as simple as boffins in sheds, "we had that clockwork radio bayliss guy (ripped off and died without adequet compensation for his invention), Dyson and sinclair, just need to harness some British pluck with plenty of spunk" said the guy leading that circle jerk of ineffective handling
I just became a reseller to avoid this chod, enom.com provides my registrar services, and provides the registrar services for most of the remaining uk isps that 1and1 or gimpdaddy hasnt gobbled up, if thats too much hassle, have nothing bad to say about netcetera as either an isp or a registrar
Once had an edict from on high that all software the University I worked at produced "World class" software, given that the majority of "dev" work was reskinning 3rd party software to look like it sort of followed the bullshit mongers style guide I had a simple solution...
I created a class in pseudo code so it would be applied as a pattern to all dev work, the class was called World, and had a single getter which returned the version number. At which point all our software was world class...
My solution here for World beating is to call the class galaxy, Tyvm that's an exorbitant consultancy fee I'm missing out on
Pretty much as title, that or "Smart" products for dumb people.
Smart TV, dumber than a £30 dongle, touch screen fridge 3 year old tablet attached to a bigger panel, a smart fridge in my book, is energy effcient and has decent climate control and comes with an integrated tablet holder, like one you get for your dashboard in your car.
Still as apple proved there is a market for dumb devices for dumber people.
That's the av industry for you, of course it will do more than intended and if your core skill is detecting code that hides or behaves differently depending on environment then I would be surprised if the good code didn't copy tricks and strategy from bad code.
I expect trend will claim it was debug code used to mock up whql status for dev reasons and an honest mistake, honest guv
“This type of access could only occur because ADT failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses,”
And just how would adt or anyone be able to define household email addresses??? Sure you could write them on order form but you would always need the ability to change or add them. Is this so different from net connected baby monitors running default passwords and not just annother case of people having to face up to the need admin any net connected device they add to their home??
While I have sympathy for the victims in so much that it happened, its just another I.D.I.o.T* leak just a particularly sleezy one. While the alarms were probably phone home to base station monitored verities, the owners if not adt should audit the defaults and at the very least change the admin password. If it was a cloudy portal then adt really should force account reviews every month at login, literally login confirm n number of people should have access to cams locks etc. No different to how access to key safes is conducted.
*Insecure Defaults on IoT
500m shit thin clients, cat5 and 100mb connectivity to lan and some proof on concept java app masquerading as production
11.5bn consultants, consultants for the consultants, consultants for the consultant's consultants, junkets, a flashy powerpoint with the word progress in increasingly bigger and bolder varients of comic sans, an nhs owned version of comic sans, brand consultants, golfing based fact finding retreats, additional layers of organisational abstraction (management), and 2 sets of wheels for the big execs mac pro idiot box (destined for bottom drawer of the chest of drawers salvaged from the titanic said exec signed off on as it really tied the room together for the 5 days a year they show up for lunch)
Try looking up what trading standards consider a rouge trader, then look at the gap in legislation between the same practices and how they can be dealt with online vs offline.
Currently lot of court ordered actions available to use against traders with a physical presence, bugger all for warehouses with 100+ front accounts on amazon and ebay, and as the warehouse "isnt" the trader best that can be done is the account gets suspended and possibly if the stock is dangerous enough a seizure of goods, suspect the ability to get a court order now allows for related accounts to be searched for as well
Oompa Loompas are an endangered species there just aren't enough of them in the wild or captivity to actually check what ads are being served, just enough to check that money is coming in faster than its going out, and just when is the perfect time to kill a service which has started to gain enough traction to have other businesses based around it...
Yeah because adding laws to trading standards giving them the same powers they have offline online is such a regulatory burden, those poor bootleggers will have to go out early on cold mornings and goto deserted markets to sell there kevin clean boxers, extension leads you can touch live contacts in and toys covered in carcinogenic paint....
I personally think this should be the sum total of IT education in schools that and a minimum typing speed of 10 wpm. Kids that want to code will do what everyone else who codes does find the language specs read experiment understand, those that don't think share point is a really neat idea and dream of management positions
Flummoxed my eldests teacher by asking what the point of teaching cursive writing, wouldn't typing be a better use of their time, when my children live in a world where if they have to slum it and communicate in an analog manner it will be in block capitals...
the debugging and ability to have a pretty decent (no worse than workbench but thats a low bar) query runner for mysql swung it for me, along with the wordpress extension makes it less braindamaging to support, at least i dont have to learn the bodge that is wordpress and its obsession with no forward progress incase it breaks a 10 year old abandoned plugin some gimp's blog with 20 unique visitors ever (15 are bots) relies on, while i could do all of that in npp its just a cleaner and less clunky experience in vscode, same is true with dealing with json xml and increasingly js files.
But then like i said before as soon as im dealing with the more operational aspects of my jobs npp is my goto editor
Or just middle click the icon if your keyboard adverse works with any taskbar icon unless there is a hard coded only one process is allowed mutex of similar method, currently have 6 vscode windows open....
Although i suspect this isnt the multi window solution people are looking for and instead want the abysmal photo shop/gimp floating tool box chod which i hate with a passion, even full fat vs i set all panels to auto hide and pin open only if i have to, is also why i dislike 4k monitors i like my windows maximised and desktop icons auto arranged lol and maximised windows looks stupid on that high a resolution/30"+ screen
I use both daily, NPP has been great for years but for general code editing vscode does it better, for example i support some friends wordpress based sites whilst i have used npp as a php "ide" the extensions for xdebug for vscode work better and have actually been finished unlike the npp one which has languished half done for over a decade.
As for missing features im yet to find anything show stopping and the real big win for me is common keyboard shortcuts regardless of what OS im using, im yet to find a 1:1 replacement for npp on linux desktop for example, and have often run it with wine, now i just install vscode and it doesnt matter what platform im working on, it also has much better git integration than npp.
What i have found is that i have developed a rather organic work flow using NPP for manipulating log and config files and vscode for code things, if the text area is white im working on config/logs if its (out of box config) black then its code, surprisingly useful when i wear about 20 different hats a day....
Depends on the telemetry, reporting operating environment system specs can be useful if you have ever run into bugs caused by the abysmal intel integrated display drivers or similar crappy driver issues (the ones direct from intel are the least buggy, the OEM whitelabeled versions dished out by vendors tend to be a few versions behind or broken but do display the oh so important company logo for half a second as you hammer "Next"), and data like that i have no issues with being collected and analysed its no different to what the ECU does in most modern cars and if it helps recreate a weird bug or let you see the correlation then its useful.
The rest of "telemetry" is doublespeak for behavioural surveillance, how long did you spend looking for the option in the menu, which button is pressed most often, what is the most used feature buried in a menu, how long was the window in focus, what percentage of users are skipping upgrades, how often does a term related to program appear in a search query string, and out of that list the only thing i can see a legit use for is the one to do with upgrades skipped, everything else can and should be done with small focus groups, not a co-opted userbase, especially for the likes of piriform who used to make good (enough) software, got annoying with pro version nag screens, then were acquired and now just ape the AV industry and hide whole sale data capture and snooping as utility (Im looking at you CCleaner!)
Discovered it wasn't hard to avoid eclipse if you learn how to compile and link from command line then it was a simple job of wrapping in a script and just calling that from editor of choice
Lot to be learned from the .Net microframework build targets for ways to implement an essentially environment agnostic build
Visual Studio Code isn't bad as a substitute on Linux, but it doesn't come close to the real Visual Studio.
No, nor is it trying too, it has however increasingly taking over from notepad++ (or insert dominant text editor of choice for platform of choice if it has a gui) for me for code editing and inspection, which has led to an intresting "organic" work flow for me notepad++ for config files and system settings, vscode for code/json/xml editing, now have a visual cue for what im doing white text area = config, black text area = code, although that might change as im getting increasingly irritated by a lack of decent git integration in NPP, and i must say i love having a portable set of keyboard shortcuts between platforms.
oh and mapping *.config files to open in vscode is a good idea if you dont want to wait for a solution to load and check its caches when you want to change an appsetting....
VC Code is about the only MS product that intergrates correctly with GItHub......
MS dont own git, just github
Nothing correctly integrates with git, best you can hope for is a limited list of surprises to find and work around, linus wouldnt want to make it easy on anybody after all, its basically darwinism on the CLI
Possibly that said i would be just as likely to believe that they will hold back launch until there is suitable stock levels in distribution centres just to safe guard the PR wins they have had this far against PS5. Cant see iphone false scarcity to be a good look at christmas for what will by and large be gifts for kids, "here is your xbox iou card, now wait till easter till you can plug it in, thats your lot..."
When they launch they will want to ensure that any one with 5-600 quid in pocket has the ability to walk away with a new xbox thats in stock rather than a ps5, and given how the ps4 has dominated this generation MS will not let a chance to get a clear lead at the start of this refresh cycle slip them by.
LOL, yeah ok
Privacy grabs are a valid concern, getting paranoid and hysterical are the reasons why the general populous zone out and pay with data at any opportunity however, as its only the loony talking heads who warn of the inevitable, for every nefarious conspiracy there is a far more mundane profit generation for some soulless marketeer.
No more certainty than usual, if anything probably less certainty, phones that move regularly are safer bets to be genuine and in use, and certainly offer better data. Lockdown would look more like a mass upgrade and provider swap than anything else, as a phone at home, looks the same as your old one waiting for the battery to die with the old sim card in it shoved to back of your tech drawer....
they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.
Just means they have applied to put it into the app store, apple and google wont push out an OS tweak just for the NHS, as big a UK institution that is, its a fraction of a fraction of there global userbase, best they can hope for is that they get API access to the Google/iOS platform and then balls up the integration
Its such an obvious money maker for azure as well, all that happened here is that they killed the dev app service (not even the service plan) which freed up the temp domain, and followed the official docs of setting a cname up to mask the azurewebsites subdomain. You should be able to retain service subdomains after you delete the service like you can with IP addresses to prevent exactly this, anything above the free plans should allow you to reserve your domains for a nominal surcharge without having to jump to the vastly more expensive app service environment
I guess if we say phishing instead of social engineering then yeah maybe 20 years.
Although just about every film with hacking as an element of it since the mid 80's has involved social engineering (war games, hackers, sneakers, the matrix, existenz, oceans 11 etc.) , and that's not even including all the film noir/detective/crime films which involve impersonation to obtain desired plot outcomes, could be argued that the Italian job is 90mins of social engineering wrapped in a car chase and they hack the traffic lights!!
Put them in to self isolation, and offer them kebabs and ready meals to live on for 4 weeks, and measure there health, then repeat with an organic fruit and veg diet with a 5g transmitter at each corner of cell operating at 50x the signal gain than standard for a month, if they have responsibility of a minor, then vaccinate there spawn as well just to be sure while they are guests of her maj, then publish results showing 5 a day and 5g made them 20% healthier and that darling tarquin is just as naughty a hyperactive brat as he was before vaccination, along with there names, You out them so they become pariahs of there loongroups by being obvious false flag operatives, rinse and repeat, until everyone is educated.
Or just bring back stocks and throw fruit at them
white lists generally permit access/bypass of a system, where as a blacklist prohibits access/triggers additional scrutiny
But its VERY subjective and contextual, if your edge security stance is block everything and permit only from inside to out connections, then your white list would only contain known exemptions of permitted inbound connections.
So anyway explianed without prohibited words.
That said this is nonsense especially as its actually useful to visualise your ACL's and trusts defined by them as a strata/gradient i.e. (grey lists trusted with supervision/observation of behaviour) and thats a level of intuitive nuance missing from allow and deny, i suppose supervised might work in some context's but not many i.e. when its something like spam greylisting where what your really doing is verifying that the sender has a SMTP relay that follows the rules and behaves in an expected manner, i.e. retries after 5 mins, a delay list would be a better name, but doesnt really indicate any connotations of trust like white/grey/black list does to my mind.
When i worked in the vending industry my first project was writing the control stack for a card dispensing machine, so visitors could buy a RFID card, open an account and load credit onto card, but it could also refund excess credit by eating the returned card, and top up employees access cards. Everything went swimmingly with the dev hardware, but started to get calls as soon as the first production units were out in the wild, that cards were being issued once and eaten. Cue mass panic and fingers pointed at myself, one line by line code review later and demonstration with dev hardware that everything was in spec and we are scratching our heads...
Finally a production unit is returned to base and low and behold it does exactly what the customer described just ate cards instead of dispensing them, and even worse would also eat employee cards who were trying to top up there card to purchase in the canteen and from vending machines, so we pulled it to peices and finally found the problem we had the inverted output version of the rfid readers installed, this was where i discovered the sort of asshats i was working for, now the TD (teflon director, the most technical he ever got was measuring his parking space and distance between other vehicles) insisted that he and he alone was responsible for all parts orders as no one else could be trusted to get it right, so of course it was my fault, because i should query the card reader determine which model was put into the machine (even though the spec had been sealed and signed off before i started would only ever use this specific model of RFID reader) and handle accordingly, at least the bean to cup coffee machines we all had on our desks as dev kit was a literal perk of the job :)
Fb seem a bit desparate here, wonder what the real story is. Also find it hard to believe that a spyware manufacturers software doesn't phone home, so why not just release who was operating the server (Saudis I bet, going after zucks phone like bezos, seems like an all kit no trick mistake to look like your service emits from california, kinda next level "but I used 5 proxies" other APTs tend be a bit cleaner/better at stage managing evidence)
Surely if you run one of the many routing docker containers out there you could bodge a franken router out of this, that or I would just get a kick out of running virtualised juniper or hp network stacks on borg kit
Wonder how much the license to enable docker is, as I can't imagine many asa's will sell if its a better roi to run one of the more security focused containers on a switch than an appliance. I mean just being able to run openvpn cannibilizes the security plus sku on asa's and then you have no licensing issues to contend with either if you want to say increase your remote working capacity 10 fold...
Cisco just acquire and freeze the ui in time at point of acquisition, please dont update the UI cisco, i really dont want or need java or flash installed on my getting work done machine (and my cisco maintenance vm doesnt have any virtualised sound capabilities) just to be able to login to your crappy UI's that only work with specific combinations of internet explorer and JRE.
(Have some old ASA's needing java 6 and ie7 only use ssh but one of my underlings will not ssh to asa's after having a who me worthy spot of bother in the past, ucm servers (java7 for crappy serial console, flash for login 0_o).
Oh well at least i no longer have a skype for business servers which needed silverlight...
Why stop at brackets, let's make it case sensitive and un parse able if you use a tab instead 4 spaces, or a non power of 2 number of spaces, and for shits and giggles get rid of typewriter/teletyper hangovers, carriage return linebreak fuck it add new char called enter, ohh and get rid of ems as well because why should a monospaced capital M be a measuring unit
(Im only half serious with half of these points, only half expect half of the people who would get the joke would)
Never been happier to have ditched frontend for interesting backend stuff 8 years ago just as html5 sorta fell over the line, aftrr I have had to suffer the indignity of having to make a ui the other day, amazingly they made css worse, well done guys have a no hand clap from me.
Had a fun weekend and first half of week caused by an upstream package (a cron lib) changing from quarts style schedule strings (secs, mins, hours, days, months, years aka * * * * * *) to standard 5 variable cron strings.
As a mere user/admin of the vendors software I should have been able to pull the container image and build, but noooooo due in part to the updated cron libs dev using master as the release branch with a massive breaking change, instead of a tag meant new deploys were pulling in the wrong version and so failing to start, even though the vendors code was correct (for the old version) the way the packages were pulled in meant it was pot luck if it would work or not depending on if you had the correct package locally cached (yay random errors and works on my machine debugging on a vendors release!!). Sure i could say the dev of the cron lib is an asshat for releasing in such a way as to break existing code, but ensuring new projects have the new shiny, but really i dislike the assumption in the build process that i want the latest, and if the references mention the version to use, it should bloody well use that version, which is why you need a registry not a source control system for this to normalise releases, could care less if the git repo tags a release as "unicorn-rainbow-facemask-latest" as long as in the registry it knows its 1.0.0
This was despite the fact the vendor having what looked like an pegged version in its package references turned out to be more of a comment than an instruction. Ultimately i put this down to being a failing of the language/ecosystem than any given dev, git is not a package manager nor should it be used as such, but thats what it seems GO does, i mean seriously it makes me almost (almost) have a good thing to say about npm and bower.
Spot on sums up my feelings too, if i was feeling unkind and it was 20years ago i would probably dub it cscript.
I dislike its simplicity in error handling, php does a better job ffs and thats a very low bar, and im not to keen on the fairly obvious design cues taken from python either.
Same reason as php, free and millions of entry level articals to copy and paste from even if the canonical example are shown to be dangerously out of date, its easy for non programmers to pick up create gordian knots and be busy reinventing wheels.
when all you have is a hammer everything looks like nails...
Biting the hand that feeds IT © 1998–2020