* Posts by Tim Brown 1

328 publicly visible posts • joined 10 Jun 2009


OVH says some customer data and configs can’t be recovered after fire, some seems to be OK, plenty is safe

Tim Brown 1

So SBG4 was undamaged where my server is

But the reconnecting of servers has gone up from the initial estimate of today the 15th to "a gradual restart" on the 22nd, so 2 weeks downtime for a building that "wasn't damaged"


OVH data centre destroyed by fire in Strasbourg – all services unavailable

Tim Brown 1

Re: Bad Timing

The eventual cause and response to the fire will be interesting but I expect it will be several months down the line.

Tim Brown 1

Well I think I backed up everything

Well I think I backed up everything to AWS but now the login page to AWS has sent me an email to login and my email server is in OVH Strasbourg (though in SBG4 so hopefully safe).

Disaster recovery never works quite right, sigh.

Windows 10 to force you to use Edge, even if it isn't default browser

Tim Brown 1

Microsoft points gun at own foot and pulls the trigger.

Nuff said.

Britain ignores booze guidelines – heads for the pub

Tim Brown 1

Re: No safe level of anything

Dammit we're all going to die!!!!!

(someday )

Do your best to enjoy life while you can and if you're making yourself ill or hurting others in the process you're probably doing it wrong.

You can't ignore Spectre. Look, it's pressing its nose against your screen

Tim Brown 1

Re: croky

This means JavaScript in the browser can sniff out secrets from the kernel and other tabs. There are PoC exploits for this out there.p

Does it really? I mean really? Care to link to one of those proof of concepts?

If Javascript is able to do that then first and foremost it's a bug in the browser code and nothing to do with Spectre.

Spectre, as I understand it can only be exploited by code with root privileges on one virtual machine to attempt to grab info from another.

Tim Brown 1

Unecessarily alarmist

The biggest weakness in any organisation is always going to be the human element. The "password on a post-it note" syndrome.

Why bother going to the immense time and trouble of developing speculative Spectre exploits to harvest random data when you could just honey-trap a senior executive who has all the access you need?

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

Tim Brown 1

What I'm wondering is...

How many people took advantage of the message to have a last end-of-the-world shag and will we see a mini baby-boom in nine months time? :)

Mozilla offers sysadmins a Policy Engine for roll-your-own Firefox installs

Tim Brown 1


when the last Firefox release I'm ever going to use is 56

WordPress 4.9: This one's for you, developers!

Tim Brown 1

Firefox 57: Good news? It's nippy. Bad news? It'll also trash your add-ons

Tim Brown 1

If you don't have a GPU...

Most of my browsing is done on an old crappy laptop that sits next to my sofa and only has integrated graphics rather than a GPU.

For years I ran Opera on it until they threw themselves over a cliff by moving to webkit and dropping most of the customisation stuff that I loved. That's when I moved to Firefox as I discovered textensions that allowed me to set it up just the way I wanted.

It seems plenty fast enough for me (especially with Adblock dropping all the crap that really slows most pages down). So no I won't be upgrading this machine any time soon.

I might give it a go on my gaming / work machine, which does have a nice fast GPU. But then again, Firefox already zips along on that machine anyway, so I'm not sure there's a point.

OVH data centres go TITSUP: Power supply blunders blamed

Tim Brown 1

Re: Still Down 8 Hours later

The CEO has just tweeted an update (Thursday, 09 November 2017, 17:53PM), lots of issues still

Il reste encore en panne: (the following are still not working)

2100 serveurs dédié

1500 instances PCI

25000 VPS

300 hosts PCC

Tim Brown 1

Re: Still Down 8 Hours later

At least the status monitor is showing presumably valid info now. When I looked at it shortly after power to the datacentre had been restored it was showing all machines up when they clearly weren't

Tim Brown 1

Re: "trying to restart generators"

There was an article a while back (I think it might have been one of the on-call ones or maybe during the big Ba snafu recently) about the perils of testing your disaster recovery systems in live environments. Who wants to be the one who admits to crippling a datacentre because their failover testing failed!

I had my own mini problem with this outage, since my recovery plan relied on OVH not losing ALL connectivity throughout Europe...

Tim Brown 1

Back up now but...

The CEO has just tweeted his explanation of the incident


Claims it was two unconnected major incidents, one power failure and one optical fibre control f*ckup. Though how he expects anyone to believe that the first didn't lead to the second I've no idea.

And as for their 'failover' system, I tried to use it to move an IP address from the datacentre with the power failure to an unaffected one, but the move task just got stuck in their API, The move task is still there, with no way i can see to delete it, so now I may have problems at some unspecified time in the future if the move does eventually happen when I don't want it to.

Smart? Don't ThinQ so! Hacked robo-vacuum could spy on your home

Tim Brown 1


Darling, why does the new vacuum cleaner keep following me into the bathroom?

Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta

Tim Brown 1

For some reason...

I always seem to misread Windows 10 Fail creators update.

Microsoft's Surface Pro 2017, unhinged: Luxury fondleslab that's good...

Tim Brown 1

Those TV ads

Never mind the price, I wouldn't buy one simply because of those cringingly bad TV ads that have people gushing about how the Surface enables them to do stuff.

I only hope the people in those ads were paid a hell of a lot of money to make up for the shame.

Can the last person watching desktop video please turn out the light?

Tim Brown 1

Hate autoplay videos?

Two simple steps

1) Use Firefox

2) Set 'media.autoplay.enabled' to 'false' in about:config

Never be plagued by autoplay videos again (though you can still watch any you wish to, by manually clicking play).

Four techies flummoxed for hours by flickering 'E' on monitor

Tim Brown 1

1200-baud modem???

What I woudn't have given for a 1200-baud modem!

I had to do overnight support for vital banking systems using a portable teletype machine, which, if it worked at all, could only manage 300baud, spitting out text a letter at a time on to thermal paper with the consistency of that shiny bog roll cheap hotels used to use.

The Telegraph has killed Prince Philip

Tim Brown 1

Re: it would never have happened in my day!

Replying to myself, this story made me all nostalgic and posted this pic on twitter:


Tim Brown 1

it would never have happened in my day!

I worked there starting in 1995 shortly after the Telegraph had launched (in November 1994) the UK's (World's?) first daily news website as Electronic Telegraph.

At the time, we did nightly updates taking copy from the print edition to put online. Each edition was produced by just three people to start with. On the nights I was on shift, one of my tasks was to check through the whole update for problems before putting it live.

I never, ever let any problems slip through...

and never ever had to race back to Canary Wharf in the middle of the night to fix things....


Oh and coincidentally, the original deskspace for the site on the 11th floor of One Canada Square was right next to obituaries!

Cabinet Office minister Gummer loses seat as Tory gamble backfires

Tim Brown 1

Re: What a mess...

"I can't say I agree with Corbyn on lots of subjects but I do respect the fact that he seems to believe in certain principles."

This, so much this. Blair and then Cameron were all about spin and message. May is an outright liar, so it's refreshing to have someone that has principles and will say the same thing next week as he said last week. He's also someone who believes in talking rather than dropping bombs on people. I hope we get more politicians of conviction on the back of this

UK PM Theresa May's response to terror attacks 'shortsighted'

Tim Brown 1

Re: Hold the horses

Have a downvote for putting Michael Gove and the concept of wisdom in the same sentence!

Amazon's Alexa is worst receptionist ever: Crazy exes, stalkers' calls put through automatically

Tim Brown 1

Alexa, why have you locked the front door?

I've checked the weather, Tim. There's a risk of thunderstorms. Thunderstorms are dangerous. It's not safe for you to go out.

Microsoft Azure capacity woes hit UK customers. Yes, you read that right

Tim Brown 1

Definition of Cloud Computing customers

We're too stingy to pay for our own systems experts we prefer to just shout at people when things go wrong,

Fire fighters get grinding on London man’s trapped genitalia

Tim Brown 1


He might have been better going to a jeweller? Aren't they used to getting stuck rings off?

In all seriousness, one of their miniature cutters would surely have done the job :)

It's 30 years ago: IBM's final battle with reality

Tim Brown 1

The UK had the best tech for personal computers at the time

For PCs during that period, in pure tech terms , Acorn's ARM machines running RISC-OS were way ahead of offerings from anyone else and prior to that the BBC micro (built by Acorn).

It's just such a shame that Acorn lacked any international marketing savvy then.

Creators Update gives Windows 10 a bit of an Edge, but some old annoyances remain

Tim Brown 1

"Windows 10, designed to make you appreciate our earlier work"

I'm staying with Windows 7.

I need an ISP that offers IPv6. Virgin Media: Whatevs, nerd

Tim Brown 1

Re: Am I the only one...

IPv6 is badly designed and thought out. It could have been made backwards compatible with IPv4 which would have ensured a smooth and orderly adoption but the 'designers' thought they could do 'better' with the result that it has had to be dragged kicking and screaming into the world and twenty years on it's still ignored by many.

See https://cr.yp.to/djbdns/ipv6mess.html for a detailed analysis of how the IPv6 designers got it so horribly wrong.

WordPress fixed god-mode zero day without disclosing the problem

Tim Brown 1

Re: Comments

I'll just point out that the various plugins to disable the API only do so for unauthorised users, so if you install one then you need to log out from the admin panel to see it in action, otherwise the API will still return any info you request.

I really, really wish they'd just kept all this shit as a plugin though, which is where it belongs.

Tim Brown 1

Re: And...

Thanks, I have now found https://wordpress.org/plugins/disable-json-api/ which has been updated to disable the whole REST API for unauthorised users.

But I can't get my head around why the Wordpress developers haven't made this isn't the default state, If individual users have a use for the API then fine they could switch it on. But then again I don't see the argument for moving the API into core in the first place, rather than leaving it as an addon (where it started life). To me it smacks of a "look at us aren't we clever for doing this" type of thing, rather than something that is genuinely useful to most people.

There are all sorts of things you could build on top of the API, but I'm suggest that for 99% of them you'd be better off doing it a different way.

Tim Brown 1


If you think the API is a good idea, just append


to any Wordpress blog base URL running 4.7 or greater and see the some of the information it's happy to offer up by default without any authorisation.

Tim Brown 1


I just had a look at the details of the bug. It was found in the new REST API that Wordpress enabled by default for the first time in 4.7.0

When I read the patchnotes for 4.7.0 I sighed inwardly at having a new API which I had no interest in using currently, enabled by default and I looked for a way to turn it off. It seemed that there was no easy way to disable it and the documentation I found cautioned against doing so anyway as the API is apparently used by unspecified core routines

Here's a quote from someone on StackOverflow:

"The REST API is not really a security issue, but I suppose some could surface in the future. It's much more important to look at Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex

As of WordPress 4.7, the filter provided in core for disabling the REST API (via functions.php) was removed because the API is in core now. There is no official option to disable the API as some core functionality depends on it. So if you disable the API, you may see breakage because by default the API core and is available for use by themes and plugins and other sites."

(I bet the author of that reply feels pretty stupid about that first sentence now!)

The whole thing is just an accident waiting to happen. I shall look again at ways to turn off this unwanted API.

Penguins force-fed root: Cruel security flaw found in systemd v228

Tim Brown 1

use sysvinit instead

"Unfortunately, it is by now impossible to avoid this abomination if you have to stick with a major distribution".

I hate the philosophy of systemd too, but it's still fairly straightforward to run the current Debian release using sysvinit instead.

I switched all my servers back to sysvinit when I discovered that during a standard reboot systemd was shutting down logging to syslog BEFORE all applications had been cleanly shutdown, thus important messages were lost. For instance, If you just went by syslog it would appear as though Mysql had crashed and not been shut down cleanly.

Anyway a guide to switching back to sysvinit here, it's very simple:


IPv4 is OVER. Really. So quit relying on it in new protocols, sheesh

Tim Brown 1

Exhaustion? and yet...

The major dedicated server supplier I use is still happy to provide 16 free IPv4 addresses with even its low end servers (with justification of course).

Docker user? Haven't patched Dirty COW yet? Got bad news for you

Tim Brown 1

I told you so...

When all the hype about Docker started I had a look at it and timely security updates was something that put me off the whole thing. That and the layer upon layer of the filesystem structure with seemingly no easy way to merge redundant layers was frankly a little psychotic (it may be better now, I haven't checked).

No means no: Windows 10 nagware's red X will stop update – Microsoft

Tim Brown 1

In other news...

The EU has decided to get Microsoft to design some nagware to get the British Government to invoke Article 50.

An EU spokesman said "We're seriously fed up that the British PM keeps clicking 'not just now thanks' on the reminders we've sent him so far"

Austrians are most likely to bare all on beaches

Tim Brown 1

Tech story because?

Or is the only tech relevance that this was a press release by a travel company with a website?

British cops to film you with 59k body-worn cameras by end of year

Tim Brown 1

You're under arrest! Now if you'll just sign this consent form...

How long before we get one or more dedicated TV channels for the footage? Channel 5 are 75% of the way there already!

123-reg email goes TITSUP

Tim Brown 1

Hotmail/Outlook/Windows Live Mail or whatever they are calling it this week is also titsup at the moment.

Yahoo! shows! off! for! suitors! by! diving! into! red! ink!

Tim Brown 1

It's tough at the top

Presumably, as the results were "in line with our expectations" the CEO and the rest of the management fat-cats will be taking home their six-figure bonuses and seven-figure salaries as usual then, which probably goes a long way to explaining the loss...

BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles

Tim Brown 1

Re: Not so funny.

I have a house in rural France and around here nobody seems to have heard or care about H&S rules.

It's common to see people working on steeply pitched roofs without any safety equipment whatsoever.

There's one old boy who works on his own with a van and a long ladder repairing roof tiles. He was at a house across from me last year and it made me feel quite queasy to see him going up on the roof all on his own, even climbing the ladder one-handed as he held on to a stack of new tiles on his shoulder with the other.

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

Tim Brown 1

The problem with blockchain tech...

is that there is no concept of archiving. So to properly verify the current entries you need the whole blockchain which just keeps growing and growing.

Unless that is, you have some sort of central authority to sign and publish checkpoints in the chain periodically.

Apple's fruitless rootless security broken by code that fits in a tweet

Tim Brown 1

Re: Software updates

Yep, Apple need to get off their high-horse. All they've effectively done is create a super-super user. It doesn't make root problems magically go away, it just moves the target.

Meanwhile, slightly offtopic, but try checking the details of an HTTPS certificate in mobile Safari... and you can't.

Your unpatchable, insecure Android mobe will feel right at home in the Internet of Stuff era

Tim Brown 1

kernel version?

I just checked both my recent Android devices (one of which is a fully patched Nexus 7, running Marshmellow) and both are running a Linux kernel version 3.4.x, so why is kernel 3.10 mentioned?

Is this bug related to Android version or Linux kernel?

HTC teases yet another make-or-break comeback flagship

Tim Brown 1

Re: Suicidal HTC?

Have to agree there.

Not being a fan of the massive phablet, I was happy to snap up an HTC one mini 2 last year at a bargain price since it apparently wasn't a popular model, but I'm very happy with it. But the rumoured design just leaves me cold.

SSL's DROWN not as bad as Heartbleed, still a security ship wreck

Tim Brown 1

Is TLS vulnerable or not?

My understanding is that TLS was a 'rebranding' of SSL when it got to v3.1 (i.e. TLS v1.0 = SSLv3.1) . However reports often seem to mix the terms as we have in this story ( "An attacker can exploit support for the obsolete SSLv2 protocol – which modern clients have phased out but is still supported by many servers – to decrypt TLS connections.")

So in simple terms is my TLSv1.2 connection vulnerable simply because the server still supports SSLv2 (even if I'm not using it) or only if my connection is actually SSLv2?

And if I'm confused (as an experienced IT person) what hope does the average user have?

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

Tim Brown 1

It's the nature of security consultants to big-up the problem

Not that I'm complacent, I patch the Linux servers I manage at least every week.

However security consultants like to make the latest bug sound like the end of the world, when really it isn't and isn't anywhere near. Well-managed servers will get patched in a timely fashion, some badly managed servers will get deservedly bitten, need to be rebuilt, and in the process we may get to learn who the IT-incompetent companies are (I'm looking at you Talk-Talk).

The world will keep turning and a few more cowboys will go to the wall.

When asked 'What's a .CNT file?' there's a polite way to answer

Tim Brown 1

Re: What's a .cnt?

"Oh yeah, and what about the man page on "ln" which eschews the usual unix idiom and waffles so effectively that no-one can figure out which comes first: the file name or the link name. man pages are a cowpat in the field of technical documentation."

I don't know what Man page you were looking at but on Debian 8.3 man ln starts:


ln - make links between files


ln [OPTION]... [-T] TARGET LINK_NAME (1st form)

Then goes on to list the variations and what each option does. Pretty clear to me.