* Posts by The Vociferous Time Waster

611 posts • joined 16 Jun 2009


Be careful where you install software, and who installs it

The Vociferous Time Waster

Sadly missed

My current contract has scheduled tasks and processes that still run under the user account of a guy who died two years ago at the start of the pandemic. His user account has gradually and very carefully had privileges removed so it's basically a service account now it can't be deactivated because nobody really knows how many important things run under that user account.

I am reminded of GNU Terry Pratchett.

A character catastrophe for a joker working his last day

The Vociferous Time Waster

get-aduser | set-aduser

I spent some time at a well known retail client a few years ago and we got a similarly unplanned lunch break when one of the service desk guys wrote a small script to change user passwords using powershell. As he was not a developer he completely bypassed user input sanitisation and error handling and basically strung the get-aduser commandlet (which gets user objects) and the set-aduser commandlet (which changes attributes, for example the password) together with a variable instead of a pipe.

At some time before lunch he ran his script and, as it was taking a bit of time to run, scuttled off to lunch. Over his hour lunch break those of us who ate at our desks started getting the 'windows needs your current credentials' message pop up on our computers inviting us to lock and unlock our desktops.

What had transpired, it seems, is that he had fallen victim to a classic faux pas - the get-aduser commandlet will assume, if you do not specify a filter, that you want every user object. "get-aduser jsmith" will return the object matching that name whereas "get-aduser" on its own will return an object containing every user object in the director (unless the command is scoped in another way). Fortunately for our hero he had scoped the command to an OU that was UK head office only and didn't extend to international users, store users, or more importantly the service accounts upon which the business ran. Around 3000 people had their passwords reset and it took quite a while to fix the issue. As everyone had their password set the same they couldn't just tell people that the password was "ChangeMe123" because that meant that anyone could access any account. The passwords had to all be reset again to something unique to the user (DoB and NI number I recall) so that it could be communicated widely. There was then the 2 day password retention rule that prevented anyone changing their password for a couple of days afterwards.

Contractors argue umbrella companies need improved regulation, not outright ban

The Vociferous Time Waster

Two options

Companies should either hire people directly (fixed term or permie contracts) or use contractors that are proper contractors and treat them as such (not disguised employees/umbrella/inside IR35). If you are a contractor you provide a service and don’t have a manager or go to team meetings or have your hours and location of work dictated to you. Fixed term and perm get the benefits. If companies hire a contractor and then treat them like an employee they should be liable for the tax and benefits of an employee.

Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email fail

The Vociferous Time Waster

Former UK trade minister and current Conservative MP Dr. Liam Fox

"Former UK trade minister and current Conservative MP Dr. Liam Fox"

I think you'll find that his actual title is "The disgraced former defence secretary, Dr Liam Fox" - it's a well worn title with a proud history of Tory defence secretaries who have been disgraced.

Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'

The Vociferous Time Waster

Re: And the problem is?

But what about if parents aren’t tackling these issues. Or if the parents themselves want to do some research?

India's peak IT body tells outsourcers to check contract cancellation fine print while Coronavirus reigns

The Vociferous Time Waster

I for one...

I for one can't help but laugh.

NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off

The Vociferous Time Waster

wrong model

If you want to get your data out then AWS is the wrong model. It's great for ingesting data, processing it and then returning targeted information based on that data (reporting and visualisation etc) but just as somewhere to store it for repeated access it sucks ass.

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle

The Vociferous Time Waster


it's not like anyone would abuse emergency powers...

UK government puts IR35 tax reforms on hold for a year in wake of coronavirus crisis

The Vociferous Time Waster

Too late for many

The deplorable conduct by many companies will leave them struggling to recruit now no matter what the terms. I will be checking offpayroll.org.uk before any contract from now on.

Capita hops on UK's years-late, billions-over-budget Emergency Services Network to keep legacy system alive

The Vociferous Time Waster


Is it wise to give Crapita anything given that they are circling the train with a share price falling through the floor?

HMRC claims victory in another IR35 dispute to sting Nationwide contractor for nearly £75k in back taxes

The Vociferous Time Waster

Offset his holiday pay

Surely if gov.uk have declared this person an employee then there are large amounts of holiday pay and other benefits, not to mention a hefty redundancy payment.

Can't have it both ways - or employees might soon find that they too are being taxed as an employee but treated like a contractor.

It's happening, tech contractors: UK.gov is pushing IR35 off-payroll rules to private sector in Finance Bill

The Vociferous Time Waster

No probs

I’ll just have to put my day rate up a bit.

Get in line, USA: Sweden reopens Assange rape allegations probe

The Vociferous Time Waster

Obviously that’s bollocks but do you think you have sources for any of it?

Brit Parliament online orifice overwhelmed by Brexit bashers

The Vociferous Time Waster

Never attribute to malice what can be explained by incompetence.

Site has been up and down like Boris' Y fronts.

Dead LAN's hand: IT staff 'locked out' of data center's core switch after the only bloke who could log into it dies

The Vociferous Time Waster

Further advice...

Don’t use dell network kit anywhere important.

F5 Networks buys into open source, hands over $670m for Nginx! Double Nginx! Infinity Nginx!

The Vociferous Time Waster

Re: Help!

or even further back to IIS!

Amazon may finally get its hands on .amazon after world's DNS overseer loses patience

The Vociferous Time Waster

Re: Can of worms or Pandora's box is about to be opened...

Really? The place that just over 30 years ago was where the www was invented and you begrudge them a TLD?

The Vociferous Time Waster

Re: Can of worms or Pandora's box is about to be opened...

Root zone will get pretty bloated.

Yelp-for-MAGAs app maker is warned there are holes in its code. Does it A. Just fix the problem, or B. Threaten to call the FBI, too?

The Vociferous Time Waster


People who are usually not that great with critical thinking found to be not that great with technology, bears also found to do their business in the woods.

I say, that sucks! Crooks are harnessing hoovers to clean out parking meters in Chelsea

The Vociferous Time Waster

They are...

They are Dyson with trouble.

Coat etc.

Want a bit of privacy? Got a USB stick? Welcome to TAILS 3.12

The Vociferous Time Waster

Re: An ARM version might be more useful...

An SD image for raspberry pi would be good - the zero W is about ten bucks so you could make a reasonably priced burner computer.

Techie basks in praise for restoring workforce email (by stopping his scripting sh!tshow)

The Vociferous Time Waster

Powershell is dangerous in the hands of some...

At a place I worked as a contractor there was a low level server ops guy, let's call him John Smith, and he wrote a very simple script to change passwords. I don't quite know how his script was more efficient that the one line of powershell that it ran but then he was a very low level person, the type who tend to do the stuff that nobody can be bothered to script because they can't script clicking on the next box.

So the script that "John" wrote basically took a username and changed the password. I would hazard a guess that it basically did:

Get-ADUser $user | Set-ADAccountPassword -NewPassword "Changeme123!"

OK, so there were some other options in there as well but you get the gist.

Anyway, "John' runs this script using his privileged account (let's him do desktop stuff like change passwords) and it seems to hang. He goes off to lunch.

At this point it's worth noting that in the line of powershell above if $user is null then Get-ADUser will get every user object in the domain and pipe all of them to the password change applet. It hadn't hung, it was just a little busy.

While "John" was off at lunch the rest of the IT department realised that they were unable to reach stuff, many had locked their desktops while eating their own supermarket "own brand" sandwiches at their desk and when they tried to unlock their desktops found that their passwords were no longer valid.

Later in the incident room it became apparent that "John" was responsible however he not only managed to retain his job but eventually managed to move sideways (and slightly down) into the desktop team.

Expired cert... Really? #O2down meltdown shows we should fear bungles and bugs more than hackers

The Vociferous Time Waster

Painter's 2nd Law of IT

If an IT organisation has to manage something that can expire and must be renewed then it follows that it shall, at some point expire without having been renewed.

£10k offer to leave firm ASAP is not blackmail, Capita told by judge

The Vociferous Time Waster

Re: Not Blackmail?

I was once sacked for gross misconduct (very weak case) but given full redundancy payout and notice if I agreed not to appeal. Was even guaranteed a pre agreed reference.

Boss regrets pointing finger at chilled out techie who finished upgrade early

The Vociferous Time Waster

Re: Oh so familiar

Particularly domain names and hosting stuff - I spend a good few months in an old job (2007 - sub prime mortgage lender) identifying all the various domain names owned by present and former sales or IT directors and getting them transferred into one company account. The main company website nearly went because the domain was registered as a personal registration to the original sales director when the company started up and had never been transferred - he left nearly a year before my work started.

Mikrotik routers pwned en masse, send network data to mysterious box

The Vociferous Time Waster


Many organisations use the same set of SNMP strings across the business. If you manage to compromise it for one device then you stand to compromise it for everything.

Microsoft gives Windows 10 a name, throws folks a bone

The Vociferous Time Waster

To be fair each new version of office seems to lack that feature.

YouTuber cements head inside microwave oven

The Vociferous Time Waster

Also that assumes he hasn’t already fouled the gene pool.

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?

The Vociferous Time Waster


And this is why there are Brummie dumbasses prepared to cement their heads into a microwave to make some YouTube dollar.

Munich council: To hell with Linux, we're going full Windows in 2020

The Vociferous Time Waster

Next year...

Next year is the year of Linux on the desktop.

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

The Vociferous Time Waster

Re: Plenty of blame to go around

Let's not forget Thatcher2.0's role in intelligence hacking whilst Home Secretary.

Male escort forgot pregnancy protection, scores data protection instead

The Vociferous Time Waster

Layer 8

Failures of contraception are more often failure at the user level than the hardware level. Most of them can be 100% effective if done correctly but split condoms, failure to withdraw, missed pills and messed up rhythm dates are all just user error.

Shooting org demands answers from Met Police over gun owner blab

The Vociferous Time Waster

Re: Guns and kids

Sounds like the sort of childhood that isn't allows these days.

The Vociferous Time Waster

Tell that to Brendan Cox

It was a stolen .22 rifle that was used on his wife.

Boss swore by 'For Dummies' book about an OS his org didn't run

The Vociferous Time Waster


I would have pretended to refer to the For Dummies book to find the fix for added troll.

UK to block Kodi pirates in real-time: Saturday kick-off

The Vociferous Time Waster

Re: Technically very easy

(Yes, if you use a VPN you are effectively using a different routing table)

The Vociferous Time Waster

Re: Lazy-arsed, slovenly journalism.

And they aren't "hackers", they're "crackers" goddamit.

Don Quixote

The Vociferous Time Waster

Technically very easy

Given the short block periods a false positive isn't that much of a problem and you don't even need to block the game from the start. Just wait for the game to start and watch for spikes in streaming content then advertise a route to null0 into your network. Drop the route after 90 mins and wait for the next game.

It is more effective to drop traffic during the match than before because if you do it before the punters have time to find an alternative - watching it legally becomes a lot more attractive when you have missed the end of a few games.

The significance here is the fact it is IP rather than host name blocking - it's a blunter tool but harder to circumvent because you can use an alternate DNS provider but you can't use a different routing table.

Friday security roundup: Secret Service laptop bungle, hackers win prizes, websites leak

The Vociferous Time Waster

Re: Permission

Sure, Streaky, you know more about security than the USSS.

UK.gov gears up for IR35 private sector crackdown – say industry folk

The Vociferous Time Waster

Tax isn't taxing

Make me pay more tax and I will just up my rates. Someone will pay.

Prisoners' 'innovative' anti-IMSI catcher defence was ... er, tinfoil

The Vociferous Time Waster


If only prisons could be surrounded by a high, earthed, metal mesh. Some sort of fence should do the trick.

Macs don't get viruses? Hahaha, ha... seriously though, that Word doc could be malware

The Vociferous Time Waster

Re: Macs do get viruses

"Now I get to play with Hex Dumps all afternoon,"

So stare at them and wish you had been to college?

How the NYE leap second clocked Cloudflare – and how a single character fixed it

The Vociferous Time Waster

Re: the code was updated to check if rttMAX was equal to or less than zero

DST (and indeed timezones) are not a change to the time, just a change to the way that the time is displayed; for the reason you mentioned and many more. The US and many other places change their DST on differing dates and many places don't do it at all.

Time is expressed in UTC, which is essentially very similar to Greenwich Mean Time. Daylight saving in the UK (BST; British Summer Time) is simply a display of UTC+1 so the systems comparing time clocks would still store and compare UTC to UTC. The difference with a leap second is that it is actually a change to UTC.

When "the clocks change" normally it is just the function of displaying the clock rather than the internal clock that changes except in these very rare and specific cases.

The Vociferous Time Waster

Re: the code was updated to check if rttMAX was equal to or less than zero

DST (and indeed timezones) are not a change to the time, just a change to the way that the time is displayed; for the reason you mentioned and many more. The US and many other places change their DST on differing dates and many places don't do it at all.

Time is expressed in UTC, which is essentially very similar to Greenwich Mean Time. Daylight saving in the UK (BST; British Summer Time) is simply a display of UTC+1 so the systems comparing time clocks would still store and compare UTC to UTC. The difference with a leap second is that it is actually a change to UTC.

London's Winter Wonderland URGENTLY seeks Windows 10 desk support

The Vociferous Time Waster


All you folks talking about 800 a day rates are dreaming - you can pick up Windows support chimps really cheaply so you don't have to pay more than £150 for one. You don't even need to pay VAT as they don't earn enough to be VAT registered. No matter how good you think you are there is a paper MCSE who will undercut you.

Murdoch's 21st Century Fox agrees £18.5bn Sky takeover deal

The Vociferous Time Waster


Let's not forget these scumbags are really who you voted into power in June.

Plastic fiver: 28 years' work, saves acres of cotton... may have killed less than ONE cow*

The Vociferous Time Waster

Re: Fewer

Obvious troll is obvious.

Less than 1 cow because cow becomes an uncountable mass rather than countable objects when cow < 1

Just like you have fewer loaves of bread but less bread if discussing a portion of one loaf.

And fewer slices of either.

The Vociferous Time Waster

The thing is

I only eat animals because they're MADE OUT OF FOOD!

The Vociferous Time Waster

Re: Edible?

They did die of old age - too old and they get a bit tough to eat.



Biting the hand that feeds IT © 1998–2022