Posts by Mike007 343 publicly visible posts • joined 11 Jun 2009
I am curious what the most advanced semiconductor that can be made with "US technology" actually is... considering as far as I am aware they haven't developed any new technology in this area in decades... there is a reason everyone making modern chips uses Dutch technology, not even US companies use US technology...
There were some interesting things like the OS reporting as either Windows 7 or windows 10 test edition which raised an eyebrow, because I'd just make my malware only run on Windows home or pro and it would never get detected by their scanners... but not enough interesting material for a whole talk.
We use a program called ScreenConnect (not using its new name!) to access client devices. One of the features is the ability to install the client by sending a link to an exe file which auto installs everything.
We had a client working in a clandestine project and we set up a separate silo for the computers on the project. Then I noticed we had a "ghost" computer showing up on the system under that companies details. Windows 7 with the iffiest looking desktop ever. It came online and registered itself then disappeared.
We had a 3 hour long all-hands meeting trying to figure out how we had been compromised. Then someone tried re-sending the install link to the client, and a second ghost computer showed up. It seems the o364 email filtering has an antivirus scan that involves spinning up a VM and executing the file...
Most Brits find broadband outages to be almost as annoying as someone jumping a queue? If it is that annoying how come so few people are willing to spend an extra £5/month on a decent ISP?
I hope people working from home on the cheapest ISP they can find get their wages docked for hours not working...
(Of course some people might have an issue with their line they can't get Openreach to fix, but most of the outages people complain about are either a crap ISP because it is 50p/year cheaper than a decent one or WiFi issues caused by a crap WiFi router at the opposite end of the house because they don't want to buy a whole home WiFi system)
And this "MOT" will be conducted by someone who declares your computer too insecure to connect to the internet, because your Linux system failed the "windows security centre has no warnings" check.
So you install windows, and it still fails because there is an exclamation mark saying you don't have OneDrive backup enabled...
As someone who covers first line support on a helpdesk as part of my job, I can confirm that email is not 99.99% reliable.
For example there was that time office364 decided that the provider we used to host the images for email signatures was bad and our clients started contacting us saying their internal emails were going to the spam folder... Followed by asking why we weren't replying, because Microsoft was totally blocking our replies for the same reason without even sending them to spam.
We have had many people email us, we reply, then 2 weeks later they email in asking if we got their email because they haven't had a reply. We tell users to phone us if they haven't had a reply from a human confirming we got their message within 45 minutes during office hours.
The company has received 2 formal complaints from users against the helpdesk staff in the 2 years I have been working there. One was against me for not replying to someone. The ticket system recorded my replies, the logs showed they had gone to spam...
The problem with the post office is that are in the wrong industry. When they fuck up and and destroy people's lives they have to pay compensation...
Fujitsu on the other hand are in the IT industry. They wont have to pay a penny, after all there is no warranty that the software will work and liability is capped at the cost of a license. Industry standard practice!
This is such a problem that Microsoft has added a secondary bin. When you delete from deleted items you can still go in to this secondary bin to recover it.
The problem is that when you go to the main deleted items folder on the web it puts a notification banner at the top to click on to access the secondary one. Instead of hiding it from the user and forcing them to go via the IT department if they want to fuck with that folder...
Tip for voice menus where they prompt with a vague "please tell me your problem" then hope you say one of the magic keywords so it can respond to that word with an irrelevant suggestion... Try saying "I want to speak to someone" (if that fails then "customer support" is more universal, but I always try the first one first because it is more satisfying when it works)
Client Helpdesk: I have detected an error on startup. Please assist.
Helpdesk Helpdesk: Please reboot.
*Client disconnected*
Client Helpdesk: I have detected an error on startup. Please assist.
Helpdesk Helpdesk: Please reboot. This resolved the issue last time.
*Client disconnected*
Client Helpdesk: I have detected an error on startup. Please assist.
Helpdesk Helpdesk: Please reboot. This has resolved the issue multiple times in the past.
*Client disconnected*
There are benefits to every build starting out from a known clean system. Before I migrated all of my projects to docker build environments I would frequently come back to a project from 6 months ago and find it no longer builds because of some change I made to my dev machine to accommodate another project...
Presumably for the NHS email platform they only actually need basics? Or do the NHS buy full desktop office licenses for users at private companies* just because they have an NHS email address...?
*which is what all of the hospitals and surgeries and pharmacies using NHS email addresses are...
I am called Michael Jones. At my university one year there were 10 of us enrolled (it varied each year as people came and left).
It didn't help that login username, email address, and name in the system all had to have numbers added to the end and were treated independently. I was MJones on the domain, Michael.Jones-1 for my email, and my name was on the system as Michael Jones (2). Mine was the most rational, others had for example a username of MJJones (adding a middle initial), an email of Michael.Jones-5 and a name of "Michael Jones (7)" or whatever.
I do wonder how it really compares to self hosted.
10% of the world down for a few hours at the same time is more newsworthy than 50% of companies having 1 day outages at different times for different reasons spread across the year.
When an outage hits a smaller company they rarely have the ability to get back online in a couple of hours.
"In this case the problem was almost certainly a training set deficient in pictures of Black people. Training sets tend to mostly have people"
Unfortunately not. Although that is also an issue.
Training sets did historically have fewer black people, which any competent company should be aware of and rectify these days... however even if you have an equal number of black and white people you will still get worse results for black people due to the lower contrast. My understanding is that you need to bias it the other way and have more black people than white in order to get similar accuracy.
The company I currently work for does some robotics stuff and as such has had several PCBs manufactured over the years. Previously my boss used UK suppliers because he wanted fast turnaround times, cost about £100 per board for a delivery time of 3-4 weeks.
When I started working here I mentioned that I had gotten a PCB made in China as part of a hobby project and I paid £20 for 5 boards with a delivery time of just over a week... the company now gets all of its PCBs made in China. We only do small volume one-off projects so we prefer to assemble them ourselves, but if we wanted them to the Chinese supplier will pick and place all of the components and it'll still be here faster and cheaper than a bare PCB from a local supplier.
> I personally accept beer as a deposit.
Do you return the beer in the same condition it was deposited with you, or does it undergo biological processing before being returned to the user?
Of course if it's fosters then it doesn't matter, they won't taste the difference.
"Software downloaded with privileged access is not tracked for license compliance and life-cycle management, and NASA does not have a consistent, Agency-wide process for limiting privileged access or using "least privilege" permissions, which gives users only the software permissions necessary for their job."
what is "privileged access" in the context of downloading software? Regular users have Administrator access on their workstations...?
Salts are used in hashes to prevent the same password hashing to the same value for 2 users. LastPass does not hash the passwords.
LastPass encrypts the passwords with a unique key, so they can be decrypted again (which hashes prevent). The unique keys are what prevent rainbow tables working.
Had a user who when asked their password so we could log in to their account gave Password3. Next time I needed to log in they had changed it, told me it was Password4. A while later we needed to log in to a random user to test something and I suggested trying Password5. It worked.
Jump forward a few months. A users account has been compromised and used to send phishing emails to clients. Guess which user.
In my defence, I did flag it up and in fact gave that user as an example when arguing against forced password changes.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
