"shouty nose sherbet" - v gd!
"Turtley unaffected" - well over the line; I shall be writing to my MP about this outrage!
2193 posts • joined 19 Aug 2008
"...as safe as they could be, consistent with the provider's business model."
OVH were only starting to become an option last time I looked for hosting, what, a decade or so back but IIRC they were always a budget provider. Low margin business with a huge capital cost equals considerable effort to shave costs where possible. Nothing wrong with that as long as customers are aware that to some extent you get what you pay for.
The bit that slightly puzzles me is that there was enough flammable material to burn, once the source UPS had finished oxidising itself. Presumably the main fuel supply would be the plastic insulation on network and power cables, and obviously a DC will have a lot of both; then there are the little plastic trim panels on the front of servers, the handles of hot-swap PSUs and suchlike... but what else is there? Perhaps there's a tools cabinet with some ABS toolboxes or parts tidies... the wheels and grippy "rubber" mats on trolleys... cyanoacrylic light fittings? Does the material chip packages are formed from burn? Genuinely interested. I guess no-one here's got any personal experience of major DC fires because they seem to be so rare.
Had a text from my nearly-80 year old Dad yesterday. I'm copying this directly from my phone:
"I have bought an old vcr machinre to watch videos* on but have no leads to connect to the tv. Don't suppose you have any spare ones?"
(I have no idea what TV they have nowadays -- not been able to visit them for almost 3y, long story, but in normal times they visit me en-route for rellies three or four times a year -- and of course he'll have no idea what any of the sockets on the back of either appliance are anyway, so...)
...an insurgency against the financial establishment and the status quo.
Some of them (most of them, maybe) see it that way, and the general public are buying that line; but the majority of those insurgents are in the process of losing their shirts. It's called "pump and dump" for a reason. The regulators' single most important function is to maintain the operation of orderly markets. This has not been an orderly market. The "ha ha, some hedgies have blown up" angle has left a lot of small investors holding wildly overvalued stock. The next trading day or two are not going to be pretty.
Anyone else here old enough to remember when BBC2's Money Programme ran a fantasy share buying game with four random amateur investors? Before long, whatever they tipped on Sunday night was shooting up on Monday morning, regardless of fundamentals, just because it'd been tipped. The segment was hastily cancelled.
"The cabinet office is a ratsnest of warring fiefdoms, seething with distrust and mad policy ideas from undersocialised wonks. What could we do to make it even worse?"
"How about... /Digital Cabinet/. Quick, get the Trusted Providers on the phone!"
(With apologies to @SirBonar on Twitter)
Fail, because if it's not already, it soon will be.
Could have accessed sealed cases against Russian hackers? Yeah... yeah, there's that, too. From an espionage PoV, cases relating directly to intelligence matters would be another obvious target, ditto those against "politically exposed persons", especially those towards the top of the tree. Less obviously, all sorts of other cases could be useful for an attacker, for all manner of purposes, from blackmail, to getting better knowledge of investigator TTP (and therefore how to escape detection),.. I'm sure there are plenty of other use cases.
Whilst the "surgical strike" type attack is very rare, there's a big pressure to extract metadata ASAP to enable other analysts to ID material to exfiltrate. Trade-off between increased chance of detection if trying to exfiltrate petabytes, vs hanging around so long that they're discovered via other means (ie., the discovery of the SolarWinds trojan.) Must make for interesting discussions in whichever war rooms they have those debates.
Just to say thanks for not shying away from stuff that splatters, even when there's no obvious IT angle. This is why El Reg is still here whilst a myiad of other attempts at technology news sites have come and gone (or survived as a brand whilst the editorial teams were swept out like a dead mouse left overnight on the kitchen floor by a very proud puss.)
Given the unprepared and somewhat unpredictable mechanical properties of the lunar surface and regolith, how long a run on consecutive successful landings would you want to see before you got on one yourself? Obviously if a landing leg pad hits a rock, or they happen to hit an area with soft, loosely compacted topsoil, or.. various other things, and it tips over on landing, it's a TLV,TLC accident.
So the absolute latest and greatest mobile phone network technology, the one that (along with IPv6) was going to allow absolutely ubiquitous embedded systems in anything that moves (and a lot of things that don't move, or don't move after they've been bolted / screwed / nailed / welded into place),.. that technology... has well-known, long-standing weaknesses in the protocols and architecture? You could knock me down with a feather. It's almost as if the designers, architects and research engineers were subconsciously making sure there'd be a need for designers, architects and engineers to develop 6G at some point. Or something.
Perhaps they had enough canned lateral movement tools that, although they only had bandwidth to properly turn over (say) a dozen of the 18,000 and exfiltrate crown jewels, they were able to implant stealthy persistence agents elsewhere in those victims' networks. So, does "total rebuild" refer to every server in every customer org? Or "all the things"? (How about switches and routers? How about printers? How about bootkits -- shouldn't they chuck all hardware into skips the day after cutting over to the perfect replica of the entire network to known-good replacements?
And even that won't give assurance; supposing the restore data from backup step includes another downloader stage that's missed from AV?
Sometimes I'm very grateful for being unemployed. First when I wake up at 7:10am and remember I can have another 4h in bed if I want, and second when I remember what hell I'd be going thru rn of I was still at anywhere I worked on the last 8 years.
"..hackers, had penetrated FireEye's servers and made off with its crown jewels: the tools it uses to test other companies’ defenses. Armed with those penetration tools, hackers could potentially identify which of their methods will pass FireEye's gaze undetected."
No. The tools will be things like scanners, exploit frameworks and standalone exploits for vulnerabilities, which they use to find and exploit those vulns in their pentest customers' networks. They don't have anything (directly) to do with FireEye spotting other attackers in action.
Off the top of my head:
- nicking email or other docs that can be selectively leaked to give the impression the vaccine's unsafe, or was stolen from Russia, or contains Bill Gates' famous microchips or whatever.
- straightforward industrial espionage
- blackmail attacks
- to compromise part of the pharmaceutical industry via the supply chain for the same motives as anyone else attacks pharma targets (fraud, theft, blackmail etc); nothing to do with SARS-Cov-2 per se, it just happens to be what's going on RN so that's the angle they're using
- straightforward financial fraud or theft ("Hi this is China FreezerCo Inc, pls remit payment for latest deliveries in bitcoin to: ... ")
No doubt experts can suggest several others
...it would be unusual for an attack impersonating a Chinese company to originate in the West.
If you were planning a false flag op, wouldn't you twamt to pick an org least likely to be suspected to be a front? Nothing particularly secure about Chinese commercial IT ops, in terms of security. You'd need to know the language and some of the culture, of course...
*strokes chin, steeples fingers, reaches for the metaphorical bong
This may be a good time to note that Microsoft is planning to deliver an offline-capable version of Office toward the end of next year.
It's with astonishing innovation like this that Microsoft keeps driving technology forward to hithertoo undreamed-of heights. Next they'll be planning an AD that is physically located **in your actual offices!** Imagine how cool that will be!
1. Why does the Android version, at least, refuse to run without location services running? I leave GPS, WiFi triangulation and whatever other skullduggery is available for apps that want to know where I am. It shouldn't need location. How come? And why has that not been mentioned before? As I'm definitely a bit of a weirdo for turning it off, presumably 99.9% of Android users don't realise it's happening. What is the data used for? Does it ever leave my device? Why should I trust the a seers, in these circs?
Damn, that's six questions already.
2. What defences does it have against griefer attacks? Eg kids loitering near their school staff room, then falsely telling the app they have tested positove. There are probably others.
(when Brian asked of he was on the JPF)
A lot of very clever meteorologists and modellers have spent a huge amount of time on the major models (and indeed the kinornones); ECMWF, GFS, UKMet, HWRF and the others that do a bit less well. The idea that ""AI"" will provide the magic pixie dust that can accurately predict RI 60h ahead or get track error down to 50 miles at 120 hours is ... Fantasy.
The best thing about boycotting Amazon and buying direct is that you'll usually get quicker service and better customer service. (For me that's mostly tools and consumables from the likes of Screwfix, ToolStation, IronmongeryDirect and such, but I've bought direct from eg. Evolution (compound mitre saw for £150? Yes please! And when I buggered up assembly through my own stupidity, the phone support from Yorkshire was *outstanding*) ...
Amazon are the C word, plural.
the current preview is limited to installation; it does not even have a remove option for packages. It does not auto-update packages or even have any mechanism to update them, and there is no specific dependency management.
Oh, come ON, Microsoft - pulling this sort of nonsense, presumably in the name of agile, is getting silly now. This is pre-alpha. "As a Windows users, I need to be able to update packages". A package maager that can't update or uninstall isn't a usable package manager, any more than an aeroplane that can take off but can't land except in a ball of flames isn't really ready to fly. Neither is this.
20% is a pretty good hit rate for a first-pass phishing test (I've run a couple in my time, using commercial services.) The first place we did it started with something like 45% click thru, from memory. Got it down below 10% after a year. Of course, there'll always be someone, sooner or later, which is why it doesn't matter if they give away a password, because they're all using hardware token 2fa. Right kids?
EDIT: Mildly surprised they were able to send realistic looking phish from a fake domain via GApps
"...the worst recession since the 1930s will hit the global economy, which could shrink by 3 per cent during 2020..."
The OBR's -35% scenario for the UK economy looks much more likely to be typical of the impact worldwide. Bear in mind the UK is able to borrow at a scale unavailable to many other European countries, let alone the RotW, which theoretically enables otherwise bust UK firms to keep the lights on until the bright new dawn of tomorrow when they can call back all their furloughed staff and call all their old customers to let them know the firm's back in business.)
The Return Of The World As We Knew It is now scheduled for early 2022, according to the vaccine-monger on PM this evening. Actually -- she spoke enthusiastically of being able to produce "hundreds of millions of doses" by "the end of next year", but (with everyone needing at least two shots, and it being by definition a worldwide problem and all) that's an order of magnitude less than will be needed. Let's be generous and assume they can churn out 10x the doses three months later, so "normality" returns around Q2-22.
Biting the hand that feeds IT © 1998–2021