Posts by Brad Ackerman

Re: Doomed

Azure Virtual Network Manager is the solution for giving developers a subscription with owner permissions; it applies security rules at the management group level (one above subscription and they're nestable). Set that up and nothing they do will permit their RDP endpoint to accept traffic from the internet.

(I work for Team Blue, but they're not paying me nearly enough to comment for work.)

I'd buy some of their lawn decorations if I had a lawn to put them on, but given that the enforcers of the Wassenaar Arrangement have had their sense of humor surgically extracted I'd want to have export-control solicitors on retainer before having clicked the buy button.

https://www.aliexpress.us/item/3256808773726461.html

Re: The most important question

Time for some more consumer protection law updates. The EU did mandatory data export, so there's no reason they can't mandate MFA standards. (I'm assuming EU and other countries that implement their laws since as we all know consumer protection in leftpondia is even more limited than the bassackwards banking system.)

Re: > banker salary in London

Why do you think council tax is banded? It's a handout to owners of £100M townhouses without needing to make that explicit.

Re: Minority report

Psychological screening, theoretically. Although it's a pretty big mystery how Robert Hanssen was hired by the FBI despite obviously being a raging ass.

Re: I would be happy...

I don't think I've ever seen such an asymmetrical service offered in the US. The choices are always fibre at 1000/1000 or 100/100, or cable at no more than 40 upstream.

Re: "What was the plan, showing her his big iron?"

Her rack may or may not be impressive, but his big iron is certainly a microcomputer if he needs to compensate that much.

Re: You forgot the important bit

I can get you that $100M as soon as you wire $5M to this Cayman Islands bank account so I can pay transfer fees.

The existing statutory authorities for sanctions should suffice. In the UK, the Foreign Secretary can designate ransomware groups under e.g., the Russia (Sanctions) (EU Exit) Regulations 2019 and Cyber (Sanctions) (EU Exit) Regulations 2020.

Re: Lisp is in an amazing number of places

PDF is based on PostScript but isn't Turing-complete (at least if one doesn't count the JavaScript that's allowed to be added to non-PDF/A documents).

Re: Being young and experienced again

You can get a sysadmin who also does desktop provided that the workload is appropriate for one FTE. I've done that (and storage and networks) in the distant past. What you can't do is get it for less than entry wage at McDonald's.

If you've only got 30 users, by all means find a good MSP and let them handle everything that doesn't require in-person presence.

If it would have been solved by basic security practices (in this case, using PAWs for administrative access), it's not that sophisticated.

Re: A colleague of mine uses Delphi/Lazarus

MLs also require declaration before use, and it's pretty much always a good thing.

Re: As much as tape has often been the bane of my life...

If you've got 100 TB to store and your on-premises servers are already in a class 8 datacenter, LTO-9 may make sense. I agree 100% about the lack of storage management; very few organizations that need to hire librarians are aware of that fact, and even the ones that are don't hire enough.

Documents that aren't personal should be stored in SharePoint folders instead of OneDrive.

(I'm a Microsoft employee but have no connection to or knowledge of M365 pricing or really almost anything that isn't public. If I had been offered Azure Blob Storage archive tier¹ in Government Top Secret ten years ago when I had LTO-4 libraries, you bet I'd have been camping out in the procurement people's offices until they let me click the buy button.)

¹ Or the AWS/GCP/OCI/IBM Cloud equivalent. I left that position in 2013, when Amazon had just signed the first classified cloud computing contract with CIA and Microsoft was still calling it Windows Azure.²

² For reasons I still don't understand, it has been a low single-digit number of days since I've seen the phrase "Windows Azure" used in a production system, and it needs to stop.

Re: His maths is not very good is it...

That's the lump of labour fallacy, which is and has always been bogus.If you believed it, you'd like this guy; making everyone work 70-hour weeks would cut total productivity in half, so the employees who used to be producing 40 hours of output are now producing (if we're generous) 20, thus requiring double the FTEs to produce the same results. But can his margins survive a doubling of personnel costs, never mind what happens when quality takes a nosedive?

Re: Make the board responsible

Buybacks function the same as dividends; they're just preferred because the shareholders are only taxed when they sell the stock. If you want to make boards accountable, banning multiple-class stocks would be more useful.

Re: Backups!

Then had a ransomware backup strategy meeting where IT proudly talked about their 'airgapped' backup solution. Which turned out to be a product named (something like) 'Air-gap' which wasn't actually air-gapped at all.

An airgap is just a connection with unusually high latency (as Ed Skoudis said). The details matter, as Iran found out.

Re: and the like is doomed

And the goal of the streaming services and providers of “purchased’ video (if they can take it away at their pleasure, it’s a rental) is to lock you into their clients—to force ads to be displayed and tracking data to be exfiltrated, to make it harder to buy/rent from a different provider, and probably a few other reasons that don’t come to mind at the moment.

Re: Justice

Part 5 of the Investigatory Powers Act 2016 already allows intelligence agencies to apply for a warrant to conduct equipment interference (i.e., CNA); no additional statutory authority is required for government agencies to conduct cyberspace or kinetic operations against ransomware operators.