* Posts by Greem

96 publicly visible posts • joined 30 Apr 2007


Capita Education Services accidentally spaffs email addresses in Helpdesk snafu


Smells like ServiceNow

That INC0000000 format smells very much like ServiceNow to me. Looks like someone within Capita created an assignment group and managed to attach a workflow to it that did the Bad Stuff. SN is very powerful but it's just soooooo easy to get the workflows doing all sorts of hilarity*

No doubt some junior underling will be getting beaten round the head as a result, ignoring the structural and procedural issues that caused them to do it.

*as did a colleague some years ago when we implemented/suffered SN at work, and they managed to make a workflow auto-update all tickets with an incoming email action, which then triggered the incoming email action and updated all tickets, etc etc...

Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server


Re: enable DANE

This is not a solution to the issue at hand; whilst it has use in other contexts, it will not in any way prevent your system from the bug that's been patched today (unless you've found something that hasn't been discussed).

Mitigation if you cannot patch: do not offer TLS to connecting hosts at that prevents the vulnerable code path being hit*. Additionally, Heiko has provided additional mitigation on the exim-users mailing list which prevents acceptance (and writing to spool) of messages with 'dangerous' SNI values.

*this is not recommended, but is a quick and dirty hack while you patch/wait for updates.

As one Microsoft Windows product hauls itself out of the grave, others tumble in



...could really do with concentrating on their Oreo codebase and working out why Swift 2+ devices never go into deep sleep. I've gone from having a phone that lasts all day with moderate usage to one that lasts about 12 hours between charges.

Exim-ergency! Unix mailer has RCE, DoS vulnerabilities


Having only recently switched on inbound chunking at $workplace, I turned it off again on Saturday afternoon after seeing PP's email to exim-announce.

Appreciable effort: almost nil.

The biggest risk here is for all the long-term installs which carry the same config file over and over, thus accepting config defaults each time for new features when they update. Hopefully (fingers crossed) there isn't a blitz of compromises to come...

Microsoft and Facebook's transatlantic cable completed


It's happened before

In the late 90s I went to a networking conference at which the skipper of a C&W (I think) cable laying ship gave us a very entertaining lecture about the various superlatives, stresses and challenges involved in putting fibres in the ocean.

Repairing broken cables involved dragging miles of cable to the surface, slicing it into two pieces and looking which side the light came from, then repeating this on the broken side until light was found again, then splicing in a new section.

He ended with a tale of being tasked to locate and repair a cable near the Canary Islands.This was something like 3 miles under water, so they put down a grapple and towed across where the cable should be. After snagging something, they lifted it and committed the slice... only to find light on both sides.

Oops. Wrong one.

They were called rather rapidly with a report of another cable failure, which they graciously fixed before doing the one they were supposed to do.

Not an exact science as someone else said!

Uni of Manchester IT director resigns after chopping 68 people


Ab-so-bloody-lutely right

I made my way up the ladder across a number of jobs - school technician, university networking, commercial sector sysadmin & net eng, senior role of that one (management!), sideways move after a takeover into a 'roving specialist' role which I loved, then back into higher ed as a technical manager because that is "the thing to do" as you get older.

After years of not being allowed to recruit to replace leavers/movers I had less than half the team I'd had and became acutely aware of the fact that I (a) didn't have time to do the paperwork and (b) hated doing it. I became "The Peter Principle" in person.

Thankfully due to a wise senior manager I got moved into another team, no management responsibility, now I can do tech work again and enjoy it. I have no intention of ever being in management again.

I do feel sorry for my colleagues in Manchester though.

SpaceX: launch, check. Landing? Needs work


Re: Just Read the Instructions

Indeed it is; Musk & SpaceX have been pretty open about the naming of their two drone ships as a tribute to Banks.


Musk explained on Twitter...

"As mentioned before, ship landings are needed for high velocity missions. Altitude & distance don't mean much for orbit. All about speed."

"Ship landings are not needed for flexibility or to save fuel costs. Just not physically possible to return to launch site"

"If speed at stage separation > ~6000 km/hr. With a ship, no need to zero out lateral velocity, so can stage at up to ~9000 km/h."

So he's being very open about it - they can get better staging if they don't have to do a turn-about to go home, and having the target zone at sea means less damage if things go wrong.

TalkTalk hired BAE Systems' infosec bods before THAT hack



Small sample size I know, but of five folks I know who are TT customers, three are off to Virgin Media, one to Sky and the other is undecided.

Apparently they got a very good offer from Virgin when they said they were currently with TT (the one moving to Sky is not in a cabled area).

I am NOT a PC repair man. I will NOT get your iPad working


We've all been there

When I'd just got together with my now wife we were both invited to a house warming party by a friend of hers. I dutifully rolled up for the first time to a new (to me) town, knowing nobody, and being generally referred to at the party as her "new bloke". There were lots of interesting new people to talk to, and lots of beer being drunk.

Eventually someone I'd never met before asked me if I was her "new bloke", and went on to ask if I could have a look at his laptop. I told him I'd just go get my invoice book out of the car; I have *never* seen such an indignant, offended reaction in my entire life. Apparently that was a dreadfully rude thing to say - but he never did bring his laptop, and I continued getting happily drunk :)

Reply-all email lightning storm STRIKES TWICE at Cisco


Oh, the memories

In $former_job in commercial web hosting, customers had the ability to create simple mailing lists. One of them ran a mailing list for a large, disparate charity organisation - and also ran several of said organisation's branch mail systems.

For some unknown (still) reason, they used Microsoft's SBS product with the dumbest POP3 receiver code I ever saw. The following happened:

1. Mail gets sent to list

2. Mail gets expanded to recipients

3. Mail goes to one of the aforementioned SBS POP3 connector widget, which looks at the incoming message and thinks 'this isn't for one of my addresses, it's been sent to some-list@some-domain...'

4. SBS POP3 widget sends message to mailing list

5. GOTO 1.

The list had thousands of subscribers. I lost count how many of these SBS machines were involved - at least 4 - but the resulting storm saw our customer attempt to claim £250k in damages from us for lost business! The last I knew about it, they'd backed down and as far as I know it never got to court.

Hilarious at the time, but the aftermath was bloody irritating.

Cameron: Get those saucy websites off Blighty's public Wi-Fi


Existing legislation

I would have expected that the existing legislation around obscenity would be used if someone were to be found watching porn in a public place.


Slippery Slops?

Of course, you weren't watching that in public, were you?

Apple and Samsung mobile monsters: 'We only eat RAW CASH'


The old adage rings true again...

...being that in order to make a few hundred thousand dollars, you need to start with a few million.

Mystery X-37B robot spaceplane returns to orbit on Tuesday


Re: Death Star construction

Any Fule Know you don't build a Death Star from Meccano, you build it from Lego!

Revealed: ITU's deep packet snooping standard leaks online


Re: "malicious traffic identification"

And yes, I was largely agreeing with Chris there.


Re: "malicious traffic identification"

That's known in the business as BCP38 - see http://tools.ietf.org/html/bcp38 - and is a perennial discussion point amongst network operators. Given that BCP38 is now 12 and a half years old, and bits of it are older than that, the likelihood of it being applied across the board is unlikely.

The complexity of modern networks can result in it being technically difficult (although not impossible) to completely validate source addresses within networks for which the kit is "authoritative". Responsible network operators know this and apply BCP38 quite strictly, but they are far outnumbered by network operators who don't even know what BCP38 is. Sadly.

Interestingly if it was applied absolutely religiously it would make spoofed (D)DoS attacks almost impossible. That's a far more laudable aim than cleaning up firewall logs...

LOHAN's mighty orb launch live NOW



Oops. Flight 1 comes to a soggy end about 3km off the Sussex coast...

Long-suffering Virgin Media victims see no end to vid PURGATORY


All fine and dandy here...

...except I experienced dreadful network performance a couple of years which went on for months. As someone who works on Da Intarwebz and has some experience of networking I was able to show that the uplink from the cable head end was saturated from 6pm to 12pm, and the problem arrived when the local University term started.

After a few fruitless "please provide us with ping tests" and "go to speedtest.net" conversations with VM CS I contacted @virginmedia on Twitter. BOOM - open, honest, frank and clear explanation of the problem, entirely agreeing with me.

It still took several weeks to be resolved, but that's network provisioning for you. And I did quite nicely out of my complaint, ta very much. Haven't had a single problem since.



Spent many an hour...

...playing this in multi-player mode. Loved it.

Geek moments.



I heard on the radio a few months ago that due to a demonstration traffic was being "redirected along the A302" in central London. Seemed somehow quite fitting.

UPS death in Pulsant data centre knocks out websites



The company I used to work for had data centres all over the UK. One of them had a prolonged outage starting in the small hours of the morning (for which I was on call) because a capacitor on the HV side of one UPS had physically exploded, taking the HV side of the adjacent redundant controller with it; one had an extended outage when a static switch melted during a routine test causing a complete loss of power to the distribution panels; one had a shortish outage (but long startup) after an electrician accidentally dislodged a cut-out lug at the top of a distribution panel and shorted two phases together in said panel causing the UPS to shut down (they don't like having phases crossed!); another had a planned run on generator curtailed because the building's owner had just finished bricking up the inlet vent for the generator (without notifying anyone) resulting in the local fire service decreeing that said generator was now a fire risk and had to be shutdown.

Then I moved jobs, a new UPS got installed at $newjob, and it transpired someone had got an RMS calculation back to front and said UPS was therefore only 70% capable of full load and kept going into bypass. It got made bigger, and then controllers kept failing.

Since I moved offices to over a mile away, it hasn't barfed. Coincidence?

Los Alamos fires BLOODY BIG MAGNET



Where's my bloody pen? I'm sure I put it down here somewhere...

Airport bomb Twitter joker in second fine appeal bid



Poppy, and as they say round here, cock.

Aircraft doors open outwards. The pressure inside the cabin far exceeds that outside when at height, which is how the windows and doors can blow outwards if they fail.

The impossibility of opening them is caused by the control systems, which can be disarmed in an emergency. Opening the doors in flight is a little-used technique to clear cabin smoke, but there are several things in place that have to be turned off to allow it to happen. Mr Lemmeouttahere, being pissed, would have found those things quite tricky.

Back in legal land, the airport authorities deemed the tweet to be unthreatening, as did South Yorkshire Police - but they had to hand it on to the CPS as a matter of course. It was only when they got hold of it that the anti-terror folks got in on the act.

Fraud baron forced henchmen into S&M orgies to prove loyalty – cops

Paris Hilton


...they're all now in the care of the Department of Correction. Which doesn't sound like punishment for the main perp, does it?

HTC Sensation XE



Does it have CiQ preinstalled?

Punters even more dissatisfied by Virgin Media's package


Happy Punter

Been with NTL/VM for nearly 10 years. In all that time we've had precisely one bit of shonky service, in Oct 2010 when the local students arrived our broadband became practically unusable of an evening.

Being a networky type, I already had some monitoring in place. Firstly they came out and replaced the old cable modem (which apparently shouldn't have been working since they upped the signal strength for 50Mbps services) as it kept rebooting, and that sort-of solved things until the students arrived. Then it went pear-shaped from 6pm to midnight.

I tweeted about it. Their support guys from Twitter were bloody brilliant - I sent them some graphs, and their reply was "you're absolutely right, your head end is oversubscribed, we're fixing it in 6 weeks". True to their word, they did - and offered me a substantial reduction on my bill. I cashed it in for a TiVo instead (which has also been excellent).

It would have been better if there was no problem at all, but one service outage in 9 years is pretty good.

Oh, and we recently ported a BT number over to them. Absolutely, totally, completely pain-free.

Yep, happy punter.

‘We know where dark matter is hiding’ claim boffins


It was...

...but an MP walked by, and it disappeared. They're well-known for bending the fabric of space-time, doncha know.

NetApp faces probe into Syrian spooks' use of its storage kit


Finger pointing

It was them -> <- meht saw tI!

Threesome ends in arrest as wife struck by pair of TVs



Never let your left hand know what your right hand is doing, and vice-versa.

Email and compliance: How not to blow the storage budget?

Big Brother

Policy, schmolicy

The term "compliance" is bandied about in data lifecycle management briefings and product notes like confetti at a wedding. However... The first question organisations (or individuals) need to ask is a completely non-technical one:

With *what* are we expected to be compliant?

Internal policies?

Industry "Best practice"?

Statutory law?

Also there's a trade-off, particularly for the public sector - the need to ensure that Data Protection laws are followed (that is, only keeping what is necessary particularly pertaining to individuals) but at the same time ensuring that this does not make Freedom of Information requests impossible to fulfil. You might find that statutory law means some piece of data has to kept for 7 years, but if it isn't going to be used (and pertains to an individual) it should not be retained. What a dilemma.

And when that FOI request arrives, all this data has to be produced, at which point the individual is likely to ask *why* you were keeping it.

So, before thinking about the technicalities, think about the reality - what do we need to keep, why, and for how long?

Apple loses bid to trademark 'multi-touch'



Hey, Mr Anonymous Coward, let's see whether you actually read TFA...

Google - Android Market.

Apple - App Store

Amazon - Appstore

I think you'll find that Apple's beef is with Amazon, not Google. OK, so the Android Market begins with A, but that's where the titular resemblance ends.

Rogue toilet takes out Norfolk server



mount -t vfat -o debug,flush,sink

Mine's the one with the USB stick in the pocket.

Hunt: Online file-sharing is a 'direct assault on freedoms'


Never forget





This is doomed to fail from the outset - determining what is "infringing material" is all but impossible in any automated system. The FP rate will be *enormous*.

Al Gore wants to borrow your Facebook and Twitter accounts



"how will you ever know that your mates on Facebook or the celebs you follow on Twitter are really care about these things"

How do you know that the attractive, personable, 20-something couple who approach you in the street about environmental activism really care about these things when they're often getting paid for it? Come to that, if the subject comes up in the pub, how do you *actually* know that your friend really cares, rather than simply being a sheep?

DNS hijack hits The Register: All well



Their server is also running mod_frontpage. 1337 5ki11z indeed.

Film studios thrash BT in Newzbin site-block test case



Newzbin3? 4? 5? 1337?

SpaceX goes to court as US rocket wars begin



...one failure and the whole anarcho-military-aerospace-industrial-government complex will come down on them like a ton of deorbiting ESA space truck debris.

Gatwick Airport security swoops on 3-inch rifle



It was just a diversion. They do this so some dodgy bastard can nick small items like mobile phones from the trays... Thankyou, Heathrow security, for diverting my attention last year and letting some light-fingered member of staff (or a passer-by) walk off with my phone.

Apple tightens rules for iPad news delivery

Big Brother

"pro" and "consumer"...

'What is next? Apple telling their customers that they can only get software for their Mac or Mac Book from iTunes also?'

How long until you have to pay top whack for Mac OSX Pro which will allow you to install "other" software, ie. not downloaded from iTunes? Not too long now given the OSX App Store's launch.

We poor "home" or "consumer" folks will have to make do with the App Store, and Apple will take a cut from every download. Want to install your own software from DVD or CD? Pay the cut up front on your OS costs.

Hrm. Believable, isn't it?

ISPs under pressure to control online porn


Parenting Fail?

I'm sure I'm not the only reader of El Reg who's simultaneously a parent and a technically literate Internet user. As an experienced hosting and network engineer of almost 15 years, and a parent for 7, I can see quite clearly that:

* most readers of El Reg know that a global filtering system is doomed to fail. False positives only have to happen once (or worse, more than that) to drive a bus through the whole argument. False negatives are even worse.

* most parents are perfectly responsible for their own children.

* too many Daily Fail readers and their ilk big up the "THINK OF THE CHILDREN" so loudly that those parents who aren't technically savvy get taken along, because explaining the technical difficulties behind such a scheme in terms they understand is very, very difficult - it's far easier to follow the soundbites.

As a parent, my main worry when my kids get a bit older isn't that they'll stumble across some porn when using the Internet at home (and remember, kids, The Internet is rather more than just The World Wide Web). It's that they'll be exposed to something using a mobile phone by a friend. I just hope that they'll be comfortable enough to talk about it to me when they do, and let me deal with it rather than some "parent by proxy" system which kids can work around.

To cap it all, a pair of technical question (which you should write to your MP to ask): Who would be responsible for the system, and how would they enforce it in multi-occupant properties? You know - family homes, with multiple age ranges?

I think a less sensationalist approach to the whole issue by all concerned would work wonders, personally.

Microsoft steers OEMs away from putting Phone 7 on Tablets



"Everyone needs tablets and they need them now and they need the OS to be cheap, and better still, open source."

*Everyone*? Really? I'm doing OK without, kthxbye.

Jobsian fondle-slab in SEXY FILTHGRAM CRACKDOWN


Shepshed Dynamo

Play at a ground called the Dovecote, on Butt Hole Lane... always raises a smile :)


Iowa police mugshot exposes world's worst tattoo



Would be a much better phrase for a numpty like that (Thanks, Neal)

WTF worm makes Twitterers declare goat lust


And there was I...

...assuming someone had resurrected goatse. But no, this is far less shocking. What a disappointment.

Tory MP's email fail stirs up bloggo-fury


"I would say this counts as SPAM."

SPAM is a trademark of Hormel, Inc, and has nothing to do with UBE/UCE. Nor does it have anything to do with representative government, and in fact I'm going to lobby my MP through 38 Degrees to ban it because it's horrid. That is all.

Avro Vulcan - The Owners' Workshop Manual

Thumb Up

Profits, profits...

...let's hope the publishers pass some of the profits over to XH558's owners, or the book is all we'll have. If anyone reading this article thinks they'd like to support the VTTS Trust, go here:


and give them lots of lovely money to keep 558 flying!

HTC HD mini

Thumb Up

I bought one of these

...in Hong Kong during the "nobody can fly to Europe" days, to replace a Touch Pro that the numpties at Heathrow T3 security managed to make me lose. I wanted a Desire but couldn't find one.

I like it. It's taken me a few days to get used to the capacitative screen - I've been a stylus/keyboard user for years - but it does exactly what I want it to. I do find that HTC Peep manages to hog the CPU a bit on large updates, but I can live with that.

Only problem I have right now is that I can't find a case to fit it into...

Oh, and it cost rather less than £320.

UK air-traffic offers flying-car-style safety gizmo


My other half

...used to work for NATS. Her boss was the same person mentioned in this article.

Not interesting, I know, but then most comments aren't are they?

FreeBSD version 8.0 lands


Binary Compatibility

...with Fedora 10. The release which goes EOL next week. Useful!