* Posts by Brad Ackerman

273 publicly visible posts • joined 25 Aug 2008

Page:

The unlicensed OneDrive free ride ends this month

Brad Ackerman

Re: As much as tape has often been the bane of my life...

If you've got 100 TB to store and your on-premises servers are already in a class 8 datacenter, LTO-9 may make sense. I agree 100% about the lack of storage management; very few organizations that need to hire librarians are aware of that fact, and even the ones that are don't hire enough.

Documents that aren't personal should be stored in SharePoint folders instead of OneDrive.

(I'm a Microsoft employee but have no connection to or knowledge of M365 pricing or really almost anything that isn't public. If I had been offered Azure Blob Storage archive tier1 in Government Top Secret ten years ago when I had LTO-4 libraries, you bet I'd have been camping out in the procurement people's offices until they let me click the buy button.)

1 Or the AWS/GCP/OCI/IBM Cloud equivalent. I left that position in 2013, when Amazon had just signed the first classified cloud computing contract with CIA and Microsoft was still calling it Windows Azure.2

2 For reasons I still don't understand, it has been a low single-digit number of days since I've seen the phrase "Windows Azure" used in a production system, and it needs to stop.

After China's Salt Typhoon, the reconstruction starts now

Brad Ackerman
Boffin

Re: Verizon...

Are those percentages weighted somehow? I care a lot more about one internet-exposed domain controller than I do about a thousand servers a month behind on a patch for a vulnerability that is unexploitable as configured, but the metrics dashboard may view things differently.

Infosys founder calls for 70-hour work week – again – claiming it creates jobs

Brad Ackerman

Re: His maths is not very good is it...

That's the lump of labour fallacy, which is and has always been bogus.If you believed it, you'd like this guy; making everyone work 70-hour weeks would cut total productivity in half, so the employees who used to be producing 40 hours of output are now producing (if we're generous) 20, thus requiring double the FTEs to produce the same results. But can his margins survive a doubling of personnel costs, never mind what happens when quality takes a nosedive?

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Brad Ackerman
Childcatcher

Joke aside, the US generally has crap labour law, but the discrimination bits are sufficiently resembling adequate that if you attach a photo to a resume it's going directly to the circular file. Unless your job is in the performing arts, what you look like is utterly irrelevant for anything a résumé should be used for.

US senators propose law to require bare minimum security standards

Brad Ackerman
Mushroom

Re: Bad joke

NIST appears to be taking its sweet time. They haven't posted the slides and recording from the last 800-63 webinar (August 2024), and they opened a second round of comments for issues that could easily be left to an addendum later and certainly shouldn't justify delaying the changes from being finalized (especially the explicit ban on periodic password rotation).

Icon for what needs to be done to whomever came up with the idea of periodic password rotation in the first place and the people who've kept it going in the US government even though we've known as long as information security classification has existed that if you don't want the password on a Post-It note underneath the keyboard, it needs to be memorized. In Minecraft.

Brad Ackerman

They'd rather someone who hops the fence not be able to actually be inside the security perimeter. I'd guess our beady-eyed friends would be fine with a sally port, but then you have to potentially staff it locally rather than being remotely monitored from your security desk, and they do like to trap people inside.

Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000

Brad Ackerman
Holmes

Re: World record?

It would theoretically get to a googol in a few years, but by that point the Russian Federation will have officially taken its place in the dustbin of history.

Musk's $1M election lottery raises serious legal concerns, says Pennsylvania governor

Brad Ackerman
Mushroom

The great uMthondo we Sizwe, who is famous for not paying his bills, doesn't know how to write a check? Inconceivable!

Icon because USAF should've done it to his security clearance a long time ago.

AWS boss: Don't want to come back to the office? Go work somewhere else

Brad Ackerman

You can have WFH when you pry it from my cold, dead hands?

Your proposal is acceptable, Matt. And as an employee of one of your competitors, thank you for helping to make sure our recruiters have a healthy candidate pool.

Would banning ransomware insurance stop the scourge?

Brad Ackerman

Re: Make the board responsible

Buybacks function the same as dividends; they're just preferred because the shareholders are only taxed when they sell the stock. If you want to make boards accountable, banning multiple-class stocks would be more useful.

Brad Ackerman
FAIL

Re: Never

We already allow C-suites of billion dollar companies to run them into the ground in hundreds of different ways. What's so sacred about allowing C-suites to run their companies into the ground with the help of the FSB?

We don't allow Nike to assassinate people trying to buy their latest intentionally supply-limited sneaker to make it appear even more desirable; allowing them to fund the Russian invasion of Ukraine or the North Korean nuclear weapons program is no different.

Brad Ackerman

Re: i guess she's saying that law enforcement is pathetic

One should certainly expect the US government to be working on both; and when POTUS considers the work to be at an acceptable state, you'll know.

Brad Ackerman

Re: I've been saying this ever since I first heard of ransomware insurance

That's $10M of the company's money for (maybe) a decryption tool plus more money than they've got (personally) and five or ten years as a guest of the Bureau of Prisons for conspiracy to finance a designated entity. And if the US administration catches a clue, all ransomware operators will be so designated immediately upon discovery that they exist. (If for some reason one of them consists of US persons, they just need to prove their location to OFAC and the designation will be withdrawn. They'll immediately be charged with all the 1030 violations, but they won't be a designated entity anymore.)

The people who need surgery will get it. The casino will stay closed and the executives will face a shareholder lawsuit for neglect of duty, but they'll happily take that over jail and personal fines.

Brad Ackerman

Re: Also ban cryptocurrency

It happens more often than you'd think. The Mexican cartels had cash boxes custom made for HSBC's teller windows, and the bank knew since at least 2008. OFAC dicked around until 2012, HSBC eventually paid $2.5B, which although several times their money-laundering profits apparently wasn't enough because they keep getting fined for control deficiencies. Time for DoJ and CPS to get off their asses and put the CEO/CLO/CFO in jail. A few billion dollars of someone else's money may not get bankers' attention, but a few years at FCI Ray Brook or HM Prison Wormwood Scrubs definitely will.

Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts plot

Brad Ackerman
Mushroom

I'm wondering about GRC. A lot of large organizations' systems flag certificates that expire in less than 90 days, which would make those findings less than useless with those.

Brad Ackerman

If you're terminating TLS at the application servers, each one is going to need a copy of the same certificate. Generate on one (or even elsewhere) and rsync to the rest. If you're terminating at the load balancer, perhaps you can reencrypt with longer-lived certificates, but ideally you'd use IPsec and/or MACsec instead.

FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds

Brad Ackerman
Boffin

It's just pointless because they can just use botnets located somewhere else, which wouldn't inconvenience MSS and 3PLA at all but would greatly inconvenience legitimate actors.

Brad Ackerman

Re: Make paying ransom a crime.

Halting State, Charles Stross; but that was straight espionage, not financial crimes. On the gripping hand, the two categories should be harder to tell apart.

WhatsApp still working on making View Once chats actually disappear for all

Brad Ackerman
Mushroom

Re: Disappearing privacy

It's useful for sending messages to someone you trust to not themselves disclose them; it makes sure that they don't remain on the recipient's device to be retrieved later by a third party. (Assuming that the messages to be disappeared were properly stored in the client, anyhow.)

Icon because it's the only way to be sure.

So you paid a ransom demand … and now the decryptor doesn't work

Brad Ackerman

Re: Backups!

Then had a ransomware backup strategy meeting where IT proudly talked about their 'airgapped' backup solution. Which turned out to be a product named (something like) 'Air-gap' which wasn't actually air-gapped at all.

An airgap is just a connection with unusually high latency (as Ed Skoudis said). The details matter, as Iran found out.

If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM

Brad Ackerman

Re: and the like is doomed

And the goal of the streaming services and providers of “purchased’ video (if they can take it away at their pleasure, it’s a rental) is to lock you into their clients—to force ads to be displayed and tracking data to be exfiltrated, to make it harder to buy/rent from a different provider, and probably a few other reasons that don’t come to mind at the moment.

Google's ex-CEO U-turns after saying staff 'going home early' killed winning

Brad Ackerman
Holmes

Re: Yep yep, the priviledged attitude

And the best startups tend to be fully remote — even the hardware ones.

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Brad Ackerman

Re: Justice

Part 5 of the Investigatory Powers Act 2016 already allows intelligence agencies to apply for a warrant to conduct equipment interference (i.e., CNA); no additional statutory authority is required for government agencies to conduct cyberspace or kinetic operations against ransomware operators.

FBI encourages LockBit victims to step right up for free decryption keys

Brad Ackerman
Holmes

Criminals lie? Inconceivable!

Not a Genius move: Resurrecting war hero Alan Turing as your 'chief AI officer'

Brad Ackerman
Holmes

Re: Erm...

I can't tell you anything about the UK, but in the US it would be publicity rights — usually in California or Tennessee if it comes to actually filing a lawsuit, neither of which would presumably be available to the Turing estate (should it even exist).

IANAL, IANYL, &c&c&c.

Beijing issues list of approved CPUs – with no Intel or AMD

Brad Ackerman
Stop

Re: The Financial Times piece put the deadline at 2027.

A lot of people inside Intel would need to know about such a deal; the odds of nobody deciding to guarantee their own freedom by being the first to drop a dime to OFAC would be less than zero.

Brad Ackerman
Holmes

Re: Those Chinese Linux distributions are still Linux, right?

Instead of GNU, Linus could easily have used the open source 4.4BSD-Lite userland.

And then get dragged into lawsuits which weren't resolved until 1994.

IBM lifts lid on latest bid to halt mainframe skill slips

Brad Ackerman

Re: Encourage z/OS and z/VM on Hercules

(insert Padme meme here)

Brad Ackerman

Re: Encourage z/OS and z/VM on Hercules

IBM used to have a cheap (~$100/year) license for z/OS for personal use (ZD&T Learner's Edition) but now it's totally memory holed from the documentation. That's both easy and necessary for the stated goals, and they can't be bothered.

Ransomware payment ban: Wrong idea at the wrong time

Brad Ackerman

Re: Hospitals

Why would a ransomware gang give you the ability to decrypt your data once they've got your money? It happens from time to time, but so does winning after dropping all your money on 00 at the roulette wheel.

Formal ban on ransomware payments? Asking orgs nicely to not cough up ain't working

Brad Ackerman
Mushroom

Re: A simpler solution…

Existing sanctions would be more than adequate when combined with requiring affirmative identification of the recipient of cryptocurrency transfers and correcting any lack of whistleblower commission. If you can identify the recipient and it’s a sanctioned entity, the transfer has to be blocked. If you lie about it and the US takes an interest, say hello to several years of prison1 for everyone who signed off on that transaction; and probably several more people who didn’t directly participate, but commit misprision by deleting communications about it.

The odds of any cryptocurrency industry surviving a regime with that level of AML enforcement border on nonexistent; but if cryptocurrency can find a legal use2 and environmental concerns are addressed with a carbon tax, it should be allowed to continue existing.

1 Conspiracy to fund a sanctioned entity is a big-boy federal offence, so state parole policies do not apply. You serve the sentence you get, and by “several years” I'm assuming your C-suite has no previous record and the gratuity paid to attackers isn’t more than a megabuck. More money is more jail, possibly getting into double-digit years — not that it’s likely to happen more than once with a 10% whistleblower commission.

2 Stranger things have happened.

FBI develops decryptor for BlackCat ransomware, seizes gang's website

Brad Ackerman

Re: Sophisticated and Prolific Cybercriminals

If someone from Russia or North Korea drops a dime, State would either need a license from OFAC to pay the reward or have internal procedures comparable to getting a license; so "may" is correct.

Musk tells advertisers to 'go f**k' themselves as $44B X gamble spirals into chaos

Brad Ackerman

Re: Delusional narcissist

The house speaker is 3rd in line to the presidency. What would happen if someone filled that role who was ineligible to be president and the president & VP both became unable to fill the roles? Would it skip past them to the next in line?

Yes. The order of succession is statutory; the requirement to be a citizen from birth is constitutional.

X's legal eagles swoop on Media Matters over antisemitic content row

Brad Ackerman

Re: I assume that the eagles have been paid up front

These aren't top lawyers. Musk has retained biglaw for the suits he's defending, but this one is too dumb for them to risk their reputation on even if they were to be paid in advance.

This suit was filed by some political hacks whose sole qualification is having worked for the Texas AG/SG offices and not yet having been disbarred.

HP sued over use of forfeited 401(k) retirement contributions

Brad Ackerman
FAIL

Also, only matching 4% is incredibly weak. They're probably paying under market since their employees apparently don't mind the 3 year vest and 4% match.

Ex-GCHQ software dev jailed for stabbing NSA staffer

Brad Ackerman
Mushroom

Re: Stabby stab

Let's ban motorcycles, cars and trucks! Won't all y'all think of the children?

Banning Chelsea tractors would be a quick win. Cars need a weight tax. But what's needed for safety in the US (unless leftpondia has seen a recent influx of monster trucks) are German driving education requirements, actual safety standards that consider people outside of the vehicle (this one is in progress, but slowly), and a fsckton of bollards.

GNOME developer proposes removing the X11 session

Brad Ackerman
Holmes

If IBM's or Canonical's customers care, they'll put some FTEs on DE X11 support. I hope they do that until the accessibility and screensharing issues with Wayland are resolved, but it's not surprising that nobody wants to touch a katamari anymore unless they're being paid.

CDW data to be leaked next week after negotiations with LockBit break down

Brad Ackerman
Facepalm

Re: General question

The ransomware group has the data. It's already been released and legal liability has been incurred. The choice is strictly whether or not to provide a gratuity to them and potentially win a long vacation at His Majesty's pleasure.

Bombshell biography: Fearing nuclear war, Musk blocked Starlink to stymie Ukraine attack on Russia

Brad Ackerman
Holmes

Re: So Musk has blood on his hands

Oryx has photos of all the assets they count so it would be easy to eliminate decoys. But yes, both sides are using them; albeit cardboard isn't AFAIK used for that. (They're wooden or inflatable; cardboard is used for drones, however.)

Pity the story from WWII about the UK dropping a wooden bomb on a group of wooden German decoys is likely fake.

The Pentagon has the worst IT helpdesk in the US govt

Brad Ackerman

Re: Money is funny that way

Some people don't know how much lower DoD contractor salaries are. Some would prefer to work for the government, but the DoD component can't get a waiver to hire a separating servicemember. Some have family or other reasons to stay in the DC area.

Apple security boss faces iPads-for-gun-permits bribery charge... again

Brad Ackerman
Holmes

The ability to give special privileges to your friends is the best-case explanation of why may-issue CCW regimes are in place in the US. You'll know an American jurisdiction is serious about gun control when there is an objective licensing process that applies equally to all, and someone who needs otherwise-illegal firearms for their job (whether it's police officers or private-sector workers) has to check them out of their employer's armory at the start of their shift and check them back in at the end.

OpenZFS 2.2 is nearly here, and ZFSBootMenu 2.2 already is

Brad Ackerman
Boffin

Re: ZFS... pls explain

To enlarge a ZFS pool by replacing drives, you need to replace each drive in a zvol with a larger one. Assuming your zvol is composed of one or more 2-wide mirrors, you would add the new drive to a mirror, wait for resilvering to complete, drop one of the two existing drives from that mirror, and repeat for the other. Here, you created a new 1-wide mirror, which is indeed a pain to recover from and not an uncommon error (especially when attempting to add a cache disk).

If you don't actually have any free drive bays, you can use an external dock to resilver the new drive or YOLO drop one of the existing mirror drives to add the new drive in its place.

Dan Langille has written up this procedure on his blog.

CISA boss says US alliance with Ukraine over past year is closer than Five Eyes

Brad Ackerman
Devil

khat?

That's an interesting crop of the photo; I can't decide if the pun is intended or not.

AWS: IPv4 addresses cost too much, so you’re going to pay

Brad Ackerman

Amazon buys IPv4 blocks at auction or in private sales that track auction prices just like the rest of us who aren't the US DoD.

World's most internetty firm tries life off the net, and it's sillier than it seems

Brad Ackerman
Devil

What Google is doing here is what Microsoft already does (and I assume Google and Amazon) for privileged access—a locked-down computer with only specified applications/websites allowed. If you need something that's not available in that list, you can open a remote desktop session to a less restricted system or use your phone or other laptop.

Goodbye Azure AD, Entra the drag on your time and money

Brad Ackerman

IBM systems never stopped having planars.

Google HR hounds threaten 'next steps' for slackers not coming in 3 days a week

Brad Ackerman
Holmes

Of course there's a substitute for 'coming together in person'

Working on your local airport's flight line is a great substitute, assuming you've got a takeoff at least every minute or two. A data center might work, but you'll probably need a boom box pumping out something unmusical to ensure you can't hear yourself think.

If your employer wants productivity, they'll let you work from home or provide a private office. (Or both. Both is perfectly cromulent.)

US Air Force AI drone 'killed operator, attacked comms towers in simulation'

Brad Ackerman
Boffin

I have been Roland, Beowulf, Achilles, Gilgamesh; and I seem to have left my coat aboard UESC Marathon.

Dyson moans about state of UK science and tech, forgets to suck up his own mess

Brad Ackerman
WTF?

Re: Pay

Everything's backwards in the US - the more you make, the less you pay for healthcare.

Fancy trying the granddaddy of Windows NT for free? Now's your chance

Brad Ackerman
Meh

Re: Kernel design

The stupidly short MAX_PATH is correctable with a registry setting; I have no idea why it's not turned on by default at least in 2022, but I'm not particularly wise in the ways of WNT heavy wizardry. (I'm a MS employee, but my attempts to parse the os.2020 repository typically end in a headache.)

Page: