* Posts by Brad Ackerman

300 publicly visible posts • joined 25 Aug 2008

Page:

OpenDylan sheds some parentheses in 2025.1 update

Brad Ackerman

Meanwhile, the big advantage of Clojure over Java is that it has fewer parentheses. LISPs are awesome that way.

Microsoft is about to retire default outbound access for VMs in Azure

Brad Ackerman

Re: Doomed

Azure Virtual Network Manager is the solution for giving developers a subscription with owner permissions; it applies security rules at the management group level (one above subscription and they're nestable). Set that up and nothing they do will permit their RDP endpoint to accept traffic from the internet.

(I work for Team Blue, but they're not paying me nearly enough to comment for work.)

Huawei chair says the future of comms is fiber-to-the-room, which China has and the rest of us don’t

Brad Ackerman
Mushroom

Re: Going beyond 10Gb/s requires fiber for now

If someone were to make a sufficiently high order commitment to the silicon vendors, they could get 25 or 40GBASE-T into production; by "sufficiently high" I mean Amazon/Google/Microsoft/Facebook/Tencent/etc, and none of these are interested in building an AP1000 unit just to power a single data center's PHYs. Except for out of band management, none of the above are going to put anything slower than 40G in a cloud server and for current server SKUs I have my doubts about speeds slower than 100G being worth the trouble. So Cat8 will cost you a ridiculous amount of money to install because of the extra difficulty and you'll never be able to use it beyond 10G, so if you were thinking about it for 10GbE length reasons you'd just run OM4 instead.

The one known use case for better than 10G between rooms at home is not caring which your NAS is in.

Brad Ackerman

Re: An eventuality..

There were plenty of 100B-SX line cards shipped when that was a thing. Intelligence agencies liked it because every transmission line is an antenna and it's easier to prove that nobody can pull bits off your fiber from the other side of SR 123, but their easy availability at my local recyclers seems to imply they had use beyond classified systems. STP cable has been easily available for decades and is more than adequate to mitigate that attack, so these days copper is usual, but fiber is still preferred in some applications at or below 1G.

Brad Ackerman

Re: FTTR? Really?

Windows Update takes forever even when plugged into an Ethernet port in a Microsoft building.

Europe slams online tat bazaar AliExpress for dodging obligation to stop dodgy traders

Brad Ackerman

I'd buy some of their lawn decorations if I had a lawn to put them on, but given that the enforcers of the Wassenaar Arrangement have had their sense of humor surgically extracted I'd want to have export-control solicitors on retainer before having clicked the buy button.

https://www.aliexpress.us/item/3256808773726461.html

Brad Ackerman
Devil

Re: Isn’t selling cheap tat the entire point here?

Google's selling a bill of goods to advertisers rather than cheap tat to consumers, but you could argue that both count as "utter crap".

Brad Ackerman

Re: Great !

I wouldn't complain if the injectable bleach and keyboard-walk-themed purveyors of 16TB UHS-II microSDXC cards went away, but those of us in Festung Amerika need our sources for modern sunscreen formulations since the FDA is still sandbagging it despite Congress having very bipartisanly told them to knock it off multiple times. Melanoma is bad enough without the government preventing you from doing the thing that makes it less likely.

/e/ OS 3.0: Slightly less clunky, slightly more private

Brad Ackerman

Re: The most important question

Time for some more consumer protection law updates. The EU did mandatory data export, so there's no reason they can't mandate MFA standards. (I'm assuming EU and other countries that implement their laws since as we all know consumer protection in leftpondia is even more limited than the bassackwards banking system.)

Brit space sector struggles to compete with £90K graduate banking salaries

Brad Ackerman

Re: > banker salary in London

Why do you think council tax is banded? It's a handout to owners of £100M townhouses without needing to make that explicit.

Brad Ackerman

Re: > banker salary in London

Wrong; in Germany and Austria housing is ordered from the factory all the time. Which is why it's substantially cheaper and of higher quality than any in English-speaking countries.

Brad Ackerman

Re: > banker salary in London

The policy of the UK government ever since the Town and Country Planning Act 1947 has been to discourage the construction of housing (obviously only when it can't be banned entirely). Parliament and local councils don't want housing to be affordable; they want it to be limited, which is why planning permission for building housing is entirely discretionary rather than ministerial.

Spy school dropout: GCHQ intern jailed for swiping classified data

Brad Ackerman

Re: Minority report

Psychological screening, theoretically. Although it's a pretty big mystery how Robert Hanssen was hired by the FBI despite obviously being a raging ass.

Brad Ackerman
Mushroom

Re: "a wannabe-criminal or a complete fucking idiot"

Those actions should all be audited, and ideally will require explicit privilege elevation rather than being on someone's standard user ID all the time. Certainly if GCHQ is following NCSC guidance, they would be audited.

Brad Ackerman

Re: "Signing" The Official Secrets Act

If the job description doesn't explicitly state that it requires a security clearance (which therefore requires citizenship), employers would rather not see that CV and may bin on sight, just as if you'd included a photo.

Need for speed? CityFibre punts 5.5 Gbps symmetrical broadband at ISPs

Brad Ackerman

Re: I would be happy...

I don't think I've ever seen such an asymmetrical service offered in the US. The choices are always fibre at 1000/1000 or 100/100, or cable at no more than 40 upstream.

Pentagon declares war on 'outdated' software buying, opens fire on open source

Brad Ackerman
Trollface

Re: There are three urgent priorities here.

Any USG employees with Bics are bringing their own. The standard USG writing implement is provided by Skilcraft and represents the state of the art in anti-pilfering technology. Supply rooms aren't emptied overnight by amoral GS-15s—mostly because they're never stocked in the first place, but also because Skilcraft pens suck so hard that nobody in their right mind would consider taking one home with them.

Good luck to DoD if they try to operate without French and German smart cards, though.

Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower

Brad Ackerman

Re: "What was the plan, showing her his big iron?"

Her rack may or may not be impressive, but his big iron is certainly a microcomputer if he needs to compensate that much.

Artist formerly known as Indian Business Machines pledges $150B for US ops, R&D

Brad Ackerman

Re: You forgot the important bit

I can get you that $100M as soon as you wire $5M to this Cayman Islands bank account so I can pay transfer fees.

Brad Ackerman

At least Taiwan is an ally and will be until Trump decides to go further than he's ever gone to bat for the PRC.

Duolingo jumps aboard the 'AI-first' train, will phase out contractors

Brad Ackerman
Holmes

If they wanted cost savings, they'd focus on highly-paid people who are unlikely to be doing a better job than a potted ficus. So how much are they going to save by replacing the CEO with ChatGPT?

Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Brad Ackerman
Facepalm

LZH?

The 1990s called; they want their archive format back.

Guess what happens when ransomware fiends find 'insurance' 'policy' in your files

Brad Ackerman

The existing statutory authorities for sanctions should suffice. In the UK, the Foreign Secretary can designate ransomware groups under e.g., the Russia (Sanctions) (EU Exit) Regulations 2019 and Cyber (Sanctions) (EU Exit) Regulations 2020.

Malware in Lisp? Now you're just being cruel

Brad Ackerman

Re: Lisp is in an amazing number of places

PDF is based on PostScript but isn't Turing-complete (at least if one doesn't count the JavaScript that's allowed to be added to non-PDF/A documents).

Cybersecurity not the hiring-'em-like-hotcakes role it once was

Brad Ackerman

Re: Being young and experienced again

You can get a sysadmin who also does desktop provided that the workload is appropriate for one FTE. I've done that (and storage and networks) in the distant past. What you can't do is get it for less than entry wage at McDonald's.

If you've only got 30 users, by all means find a good MSP and let them handle everything that doesn't require in-person presence.

Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet

Brad Ackerman

If it would have been solved by basic security practices (in this case, using PAWs for administrative access), it's not that sophisticated.

Type-safe C-killer Delphi hits 30, but a replacement has risen

Brad Ackerman

Re: A colleague of mine uses Delphi/Lazarus

MLs also require declaration before use, and it's pretty much always a good thing.

How to leave the submarine cable cutters all at sea – go Swedish

Brad Ackerman
FAIL

Re: Worrying

Why would the weakest US president in history (excluding Harrison for obvious reasons) suddenly grow a spine and start sending Ukraine all the things, especially when he's busy trying to wreck American manufacturing? Biden was far too timid, but if you're looking for putting the war to an end it won't come from the MAGA faction.

The unlicensed OneDrive free ride ends this month

Brad Ackerman

Re: As much as tape has often been the bane of my life...

If you've got 100 TB to store and your on-premises servers are already in a class 8 datacenter, LTO-9 may make sense. I agree 100% about the lack of storage management; very few organizations that need to hire librarians are aware of that fact, and even the ones that are don't hire enough.

Documents that aren't personal should be stored in SharePoint folders instead of OneDrive.

(I'm a Microsoft employee but have no connection to or knowledge of M365 pricing or really almost anything that isn't public. If I had been offered Azure Blob Storage archive tier1 in Government Top Secret ten years ago when I had LTO-4 libraries, you bet I'd have been camping out in the procurement people's offices until they let me click the buy button.)

1 Or the AWS/GCP/OCI/IBM Cloud equivalent. I left that position in 2013, when Amazon had just signed the first classified cloud computing contract with CIA and Microsoft was still calling it Windows Azure.2

2 For reasons I still don't understand, it has been a low single-digit number of days since I've seen the phrase "Windows Azure" used in a production system, and it needs to stop.

After China's Salt Typhoon, the reconstruction starts now

Brad Ackerman
Boffin

Re: Verizon...

Are those percentages weighted somehow? I care a lot more about one internet-exposed domain controller than I do about a thousand servers a month behind on a patch for a vulnerability that is unexploitable as configured, but the metrics dashboard may view things differently.

Infosys founder calls for 70-hour work week – again – claiming it creates jobs

Brad Ackerman

Re: His maths is not very good is it...

That's the lump of labour fallacy, which is and has always been bogus.If you believed it, you'd like this guy; making everyone work 70-hour weeks would cut total productivity in half, so the employees who used to be producing 40 hours of output are now producing (if we're generous) 20, thus requiring double the FTEs to produce the same results. But can his margins survive a doubling of personnel costs, never mind what happens when quality takes a nosedive?

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Brad Ackerman
Childcatcher

Joke aside, the US generally has crap labour law, but the discrimination bits are sufficiently resembling adequate that if you attach a photo to a resume it's going directly to the circular file. Unless your job is in the performing arts, what you look like is utterly irrelevant for anything a résumé should be used for.

US senators propose law to require bare minimum security standards

Brad Ackerman
Mushroom

Re: Bad joke

NIST appears to be taking its sweet time. They haven't posted the slides and recording from the last 800-63 webinar (August 2024), and they opened a second round of comments for issues that could easily be left to an addendum later and certainly shouldn't justify delaying the changes from being finalized (especially the explicit ban on periodic password rotation).

Icon for what needs to be done to whomever came up with the idea of periodic password rotation in the first place and the people who've kept it going in the US government even though we've known as long as information security classification has existed that if you don't want the password on a Post-It note underneath the keyboard, it needs to be memorized. In Minecraft.

Brad Ackerman

They'd rather someone who hops the fence not be able to actually be inside the security perimeter. I'd guess our beady-eyed friends would be fine with a sally port, but then you have to potentially staff it locally rather than being remotely monitored from your security desk, and they do like to trap people inside.

Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000

Brad Ackerman
Holmes

Re: World record?

It would theoretically get to a googol in a few years, but by that point the Russian Federation will have officially taken its place in the dustbin of history.

Musk's $1M election lottery raises serious legal concerns, says Pennsylvania governor

Brad Ackerman
Mushroom

The great uMthondo we Sizwe, who is famous for not paying his bills, doesn't know how to write a check? Inconceivable!

Icon because USAF should've done it to his security clearance a long time ago.

AWS boss: Don't want to come back to the office? Go work somewhere else

Brad Ackerman

You can have WFH when you pry it from my cold, dead hands?

Your proposal is acceptable, Matt. And as an employee of one of your competitors, thank you for helping to make sure our recruiters have a healthy candidate pool.

Would banning ransomware insurance stop the scourge?

Brad Ackerman

Re: Make the board responsible

Buybacks function the same as dividends; they're just preferred because the shareholders are only taxed when they sell the stock. If you want to make boards accountable, banning multiple-class stocks would be more useful.

Brad Ackerman
FAIL

Re: Never

We already allow C-suites of billion dollar companies to run them into the ground in hundreds of different ways. What's so sacred about allowing C-suites to run their companies into the ground with the help of the FSB?

We don't allow Nike to assassinate people trying to buy their latest intentionally supply-limited sneaker to make it appear even more desirable; allowing them to fund the Russian invasion of Ukraine or the North Korean nuclear weapons program is no different.

Brad Ackerman

Re: i guess she's saying that law enforcement is pathetic

One should certainly expect the US government to be working on both; and when POTUS considers the work to be at an acceptable state, you'll know.

Brad Ackerman

Re: Also ban cryptocurrency

It happens more often than you'd think. The Mexican cartels had cash boxes custom made for HSBC's teller windows, and the bank knew since at least 2008. OFAC dicked around until 2012, HSBC eventually paid $2.5B, which although several times their money-laundering profits apparently wasn't enough because they keep getting fined for control deficiencies. Time for DoJ and CPS to get off their asses and put the CEO/CLO/CFO in jail. A few billion dollars of someone else's money may not get bankers' attention, but a few years at FCI Ray Brook or HM Prison Wormwood Scrubs definitely will.

Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts plot

Brad Ackerman
Mushroom

I'm wondering about GRC. A lot of large organizations' systems flag certificates that expire in less than 90 days, which would make those findings less than useless with those.

Brad Ackerman

If you're terminating TLS at the application servers, each one is going to need a copy of the same certificate. Generate on one (or even elsewhere) and rsync to the rest. If you're terminating at the load balancer, perhaps you can reencrypt with longer-lived certificates, but ideally you'd use IPsec and/or MACsec instead.

FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds

Brad Ackerman
Boffin

It's just pointless because they can just use botnets located somewhere else, which wouldn't inconvenience MSS and 3PLA at all but would greatly inconvenience legitimate actors.

Brad Ackerman

Re: Make paying ransom a crime.

Halting State, Charles Stross; but that was straight espionage, not financial crimes. On the gripping hand, the two categories should be harder to tell apart.

WhatsApp still working on making View Once chats actually disappear for all

Brad Ackerman
Mushroom

Re: Disappearing privacy

It's useful for sending messages to someone you trust to not themselves disclose them; it makes sure that they don't remain on the recipient's device to be retrieved later by a third party. (Assuming that the messages to be disappeared were properly stored in the client, anyhow.)

Icon because it's the only way to be sure.

So you paid a ransom demand … and now the decryptor doesn't work

Brad Ackerman

Re: Backups!

Then had a ransomware backup strategy meeting where IT proudly talked about their 'airgapped' backup solution. Which turned out to be a product named (something like) 'Air-gap' which wasn't actually air-gapped at all.

An airgap is just a connection with unusually high latency (as Ed Skoudis said). The details matter, as Iran found out.

If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM

Brad Ackerman

Re: and the like is doomed

And the goal of the streaming services and providers of “purchased’ video (if they can take it away at their pleasure, it’s a rental) is to lock you into their clients—to force ads to be displayed and tracking data to be exfiltrated, to make it harder to buy/rent from a different provider, and probably a few other reasons that don’t come to mind at the moment.

Google's ex-CEO U-turns after saying staff 'going home early' killed winning

Brad Ackerman
Holmes

Re: Yep yep, the priviledged attitude

And the best startups tend to be fully remote — even the hardware ones.

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Brad Ackerman

Re: Justice

Part 5 of the Investigatory Powers Act 2016 already allows intelligence agencies to apply for a warrant to conduct equipment interference (i.e., CNA); no additional statutory authority is required for government agencies to conduct cyberspace or kinetic operations against ransomware operators.

Page: