"shouty nose sherbet" - v gd!
"Turtley unaffected" - well over the line; I shall be writing to my MP about this outrage!
Posts by Tom Paine
2193 posts • joined 19 Aug 2008
Page:
Space Force turtle expert uncovers $1.2m Cape Canaveral cocaine haul
NCSC chief: Ransomware is more of a threat to Britain than hostile nations' spies
Cuffed: Ukraine police collar six Clop ransomware gang suspects in joint raids with South Korean cops
Excuse me, what just happened? Resilience is tough when your failure is due to a 'sequence of events that was almost impossible to foresee'
Bless you: Yep, it's IBM's new name for tech services spinoff and totally not a hayfever medicine
OVH founder says UPS fixed up day before blaze is early suspect as source of data centre destruction
Friday 12th March 2021 19:15 GMT
Re: No excuse
"...as safe as they could be, consistent with the provider's business model."
OVH were only starting to become an option last time I looked for hosting, what, a decade or so back but IIRC they were always a budget provider. Low margin business with a huge capital cost equals considerable effort to shave costs where possible. Nothing wrong with that as long as customers are aware that to some extent you get what you pay for.
Friday 12th March 2021 18:57 GMT
Fuel
The bit that slightly puzzles me is that there was enough flammable material to burn, once the source UPS had finished oxidising itself. Presumably the main fuel supply would be the plastic insulation on network and power cables, and obviously a DC will have a lot of both; then there are the little plastic trim panels on the front of servers, the handles of hot-swap PSUs and suchlike... but what else is there? Perhaps there's a tools cabinet with some ABS toolboxes or parts tidies... the wheels and grippy "rubber" mats on trolleys... cyanoacrylic light fittings? Does the material chip packages are formed from burn? Genuinely interested. I guess no-one here's got any personal experience of major DC fires because they seem to be so rare.
Another Windows 10 patch that breaks printers ups ante to full-on Blue Screen of Death
Friday 12th March 2021 18:56 GMT
Re: "in some apps"?
Had a text from my nearly-80 year old Dad yesterday. I'm copying this directly from my phone:
"I have bought an old vcr machinre to watch videos* on but have no leads to connect to the tv. Don't suppose you have any spare ones?"
(I have no idea what TV they have nowadays -- not been able to visit them for almost 3y, long story, but in normal times they visit me en-route for rellies three or four times a year -- and of course he'll have no idea what any of the sockets on the back of either appliance are anyway, so...)
Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge
Robinhood plays Sheriff of Nottingham as it pauses GameStop, AMC, BlackBerry etc stock sales, gets sued
Thursday 28th January 2021 22:40 GMT 
Nope
...an insurgency against the financial establishment and the status quo.
Some of them (most of them, maybe) see it that way, and the general public are buying that line; but the majority of those insurgents are in the process of losing their shirts. It's called "pump and dump" for a reason. The regulators' single most important function is to maintain the operation of orderly markets. This has not been an orderly market. The "ha ha, some hedgies have blown up" angle has left a lot of small investors holding wildly overvalued stock. The next trading day or two are not going to be pretty.
Anyone else here old enough to remember when BBC2's Money Programme ran a fantasy share buying game with four random amateur investors? Before long, whatever they tipped on Sunday night was shooting up on Monday morning, regardless of fundamentals, just because it'd been tipped. The segment was hastily cancelled.
Boss behind 'reset' of delayed, overbudget Emergency Services Network shifts to new 'digital' Cabinet Office role
Wednesday 13th January 2021 17:12 GMT
I can picture the scene...
"The cabinet office is a ratsnest of warring fiefdoms, seething with distrust and mad policy ideas from undersocialised wonks. What could we do to make it even worse?"
"How about... /Digital Cabinet/. Quick, get the Trusted Providers on the phone!"
(With apologies to @SirBonar on Twitter)
Fail, because if it's not already, it soon will be.
US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents
Friday 8th January 2021 19:51 GMT 
Ummm
Could have accessed sealed cases against Russian hackers? Yeah... yeah, there's that, too. From an espionage PoV, cases relating directly to intelligence matters would be another obvious target, ditto those against "politically exposed persons", especially those towards the top of the tree. Less obviously, all sorts of other cases could be useful for an attacker, for all manner of purposes, from blackmail, to getting better knowledge of investigator TTP (and therefore how to escape detection),.. I'm sure there are plenty of other use cases.
Whilst the "surgical strike" type attack is very rare, there's a big pressure to extract metadata ASAP to enable other analysts to ID material to exfiltrate. Trade-off between increased chance of detection if trying to exfiltrate petabytes, vs hanging around so long that they're discovered via other means (ie., the discovery of the SolarWinds trojan.) Must make for interesting discussions in whichever war rooms they have those debates.
United States Congress stormed by violent followers of defeated president, Biden win confirmation halted
Thursday 7th January 2021 00:33 GMT
Excellent post
Just to say thanks for not shying away from stuff that splatters, even when there's no obvious IT angle. This is why El Reg is still here whilst a myiad of other attempts at technology news sites have come and gone (or survived as a brand whilst the editorial teams were swept out like a dead mouse left overnight on the kitchen floor by a very proud puss.)
Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again
Google reveals version control plus not expecting zero as a value caused Gmail to take an inconvenient early holiday
US Government Accountability Office dumps sack of coal on NASA's desk over Moon mission naughtiness
Friday 18th December 2020 23:36 GMT
Re: Infinite loop
Given the unprepared and somewhat unpredictable mechanical properties of the lunar surface and regolith, how long a run on consecutive successful landings would you want to see before you got on one yourself? Obviously if a landing leg pad hits a rock, or they happen to hit an area with soft, loosely compacted topsoil, or.. various other things, and it tips over on landing, it's a TLV,TLC accident.
'Long-standing vulns' in 5G protocols open the door for attacks on smartphone users
Friday 18th December 2020 11:51 GMT 
Astonishing
So the absolute latest and greatest mobile phone network technology, the one that (along with IPv6) was going to allow absolutely ubiquitous embedded systems in anything that moves (and a lot of things that don't move, or don't move after they've been bolted / screwed / nailed / welded into place),.. that technology... has well-known, long-standing weaknesses in the protocols and architecture? You could knock me down with a feather. It's almost as if the designers, architects and research engineers were subconsciously making sure there'd be a need for designers, architects and engineers to develop 6G at some point. Or something.
US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor
Friday 18th December 2020 02:21 GMT
"full rebuild"
Perhaps they had enough canned lateral movement tools that, although they only had bandwidth to properly turn over (say) a dozen of the 18,000 and exfiltrate crown jewels, they were able to implant stealthy persistence agents elsewhere in those victims' networks. So, does "total rebuild" refer to every server in every customer org? Or "all the things"? (How about switches and routers? How about printers? How about bootkits -- shouldn't they chuck all hardware into skips the day after cutting over to the perfect replica of the entire network to known-good replacements?
And even that won't give assurance; supposing the restore data from backup step includes another downloader stage that's missed from AV?
Sometimes I'm very grateful for being unemployed. First when I wake up at 7:10am and remember I can have another 4h in bed if I want, and second when I remember what hell I'd be going thru rn of I was still at anywhere I worked on the last 8 years.
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks
Wednesday 16th December 2020 18:44 GMT 
Pedant's corner
"..hackers, had penetrated FireEye's servers and made off with its crown jewels: the tools it uses to test other companies’ defenses. Armed with those penetration tools, hackers could potentially identify which of their methods will pass FireEye's gaze undetected."
No. The tools will be things like scanners, exploit frameworks and standalone exploits for vulnerabilities, which they use to find and exploit those vulns in their pentest customers' networks. They don't have anything (directly) to do with FireEye spotting other attackers in action.
45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware
CentOS project changes focus, no more rebuild of Red Hat Enterprise Linux – you'll have to flow with the Stream
Crooks posing as COVID-19 'cold chain' company phished EU for vaccine intel, says IBM
Thursday 3rd December 2020 19:39 GMT
Off the top of my head:
- nicking email or other docs that can be selectively leaked to give the impression the vaccine's unsafe, or was stolen from Russia, or contains Bill Gates' famous microchips or whatever.
- straightforward industrial espionage
- blackmail attacks
- to compromise part of the pharmaceutical industry via the supply chain for the same motives as anyone else attacks pharma targets (fraud, theft, blackmail etc); nothing to do with SARS-Cov-2 per se, it just happens to be what's going on RN so that's the angle they're using
- straightforward financial fraud or theft ("Hi this is China FreezerCo Inc, pls remit payment for latest deliveries in bitcoin to: ... ")
No doubt experts can suggest several others
Thursday 3rd December 2020 19:32 GMT
"Unusual"
...it would be unusual for an attack impersonating a Chinese company to originate in the West.
If you were planning a false flag op, wouldn't you twamt to pick an org least likely to be suspected to be a front? Nothing particularly secure about Chinese commercial IT ops, in terms of security. You'd need to know the language and some of the culture, of course...
*strokes chin, steeples fingers, reaches for the metaphorical bong
IBM warns staff across the business of fresh 45-day redundancy consultations
Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell
Sunday 11th October 2020 13:48 GMT 
Round and round we go...
This may be a good time to note that Microsoft is planning to deliver an offline-capable version of Office toward the end of next year.
It's with astonishing innovation like this that Microsoft keeps driving technology forward to hithertoo undreamed-of heights. Next they'll be planning an AD that is physically located **in your actual offices!** Imagine how cool that will be!
NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'
Friday 25th September 2020 05:48 GMT
Two questions
1. Why does the Android version, at least, refuse to run without location services running? I leave GPS, WiFi triangulation and whatever other skullduggery is available for apps that want to know where I am. It shouldn't need location. How come? And why has that not been mentioned before? As I'm definitely a bit of a weirdo for turning it off, presumably 99.9% of Android users don't realise it's happening. What is the data used for? Does it ever leave my device? Why should I trust the a seers, in these circs?
Damn, that's six questions already.
2. What defences does it have against griefer attacks? Eg kids loitering near their school staff room, then falsely telling the app they have tested positove. There are probably others.
It's IPO week and one of Wall Street's own is raising the spectre of a stock market crash
Here comes an AI that can predict hurricane strength. Don't worry, NASA made it so it probably actually works
Thursday 3rd September 2020 19:43 GMT
"AI"? What Reg said
(when Brian asked of he was on the JPF)
A lot of very clever meteorologists and modellers have spent a huge amount of time on the major models (and indeed the kinornones); ECMWF, GFS, UKMet, HWRF and the others that do a bit less well. The idea that ""AI"" will provide the magic pixie dust that can accurately predict RI 60h ahead or get track error down to 50 miles at 120 hours is ... Fantasy.
* GIYF
As Amazon pulls union-buster job ads, workers describe a 'Mad Max' atmosphere – unsafe, bullying, abusive
Thursday 3rd September 2020 19:34 GMT
The best thing about boycotting Amazon and buying direct is that you'll usually get quicker service and better customer service. (For me that's mostly tools and consumables from the likes of Screwfix, ToolStation, IronmongeryDirect and such, but I've bought direct from eg. Evolution (compound mitre saw for £150? Yes please! And when I buggered up assembly through my own stupidity, the phone support from Yorkshire was *outstanding*) ...
Amazon are the C word, plural.
Global network controlled by erratic billionaire Qracks down on Qanon Qranks
You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS
One does not simply repurpose an entire internet constellation for sat-nav, but UK might have a go anyway
They've only gone and bloody done it! NASA, SpaceX send two fellas off to the International Space Station
Windows Terminal hits the big 1.0: Fit for production?
Microsoft announces official Windows package manager. 'Not a package manager' users snap back
Saturday 23rd May 2020 00:04 GMT
"Still to come..."
the current preview is limited to installation; it does not even have a remove option for packages. It does not auto-update packages or even have any mechanism to update them, and there is no specific dependency management.
Oh, come ON, Microsoft - pulling this sort of nonsense, presumably in the name of agile, is getting silly now. This is pre-alpha. "As a Windows users, I need to be able to update packages". A package maager that can't update or uninstall isn't a usable package manager, any more than an aeroplane that can take off but can't land except in a ball of flames isn't really ready to fly. Neither is this.
To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it
Thursday 21st May 2020 21:56 GMT
Not bad
20% is a pretty good hit rate for a first-pass phishing test (I've run a couple in my time, using commercial services.) The first place we did it started with something like 45% click thru, from memory. Got it down below 10% after a year. Of course, there'll always be someone, sooner or later, which is why it doesn't matter if they give away a password, because they're all using hardware token 2fa. Right kids?
EDIT: Mildly surprised they were able to send realistic looking phish from a fake domain via GApps
TensorBlow? Data boffins struggle with GPU shortage in Google Cloud, opposition offers to help out coders
We dunno what's more wild: This vid of Japan's probe bouncing off an asteroid to collect a sample – or that the rock was sun-burnt
20 years deep into a '2-year' mission: How ESA keeps Cluster flying
Second-wave dotcom Uber-investor Softbank forecasts gargantuan losses as world economy faces slump
Tuesday 14th April 2020 20:54 GMT 
Prospects for the global economy
"...the worst recession since the 1930s will hit the global economy, which could shrink by 3 per cent during 2020..."
The OBR's -35% scenario for the UK economy looks much more likely to be typical of the impact worldwide. Bear in mind the UK is able to borrow at a scale unavailable to many other European countries, let alone the RotW, which theoretically enables otherwise bust UK firms to keep the lights on until the bright new dawn of tomorrow when they can call back all their furloughed staff and call all their old customers to let them know the firm's back in business.)
The Return Of The World As We Knew It is now scheduled for early 2022, according to the vaccine-monger on PM this evening. Actually -- she spoke enthusiastically of being able to produce "hundreds of millions of doses" by "the end of next year", but (with everyone needing at least two shots, and it being by definition a worldwide problem and all) that's an order of magnitude less than will be needed. Let's be generous and assume they can churn out 10x the doses three months later, so "normality" returns around Q2-22.
