* Posts by The Vociferous Time Waster

619 publicly visible posts • joined 16 Jun 2009


Criminals go full Viking on CloudNordic, wipe all servers and customer data

The Vociferous Time Waster

Design for failure

Organisations using third parties should always design for failure and assume stuff like this can and indeed will happen. All your eggs in a single vendor basket is a recipe for a CIO on the chopping block.

Google toys with internet air-gap for some staff PCs

The Vociferous Time Waster

I guess it depends on the job role

I have worked in various organisations - from payment providers which are extremely secure, to those elsewhere which are achingly insecure. Internet access is given as standard nowadays in most organisations on a default allow basis. This is a massive change from when I started out and most organisations were on a default disallow basis - you had specific sites allowed if they were relevant to your role. Much of this change comes from the massively lower cost of internet transit - no need to be precious about people on YouTube or Netflix if it doesn't cost much or you won't hit your ISDN dialup capacity. The genie is out of the bottle for user systems. For non user systems, servers etc, the default should always be specific allowed flows only.

The Vociferous Time Waster

Re: Don't give them a default route

That's fairly standard practice these days - quite a lot of large organisations either don't advertise a default route to the Internet or have only recently started doing so. The private CA sanctioned man in the middle - or SSL inspection as it's euphemistically called - is also pretty common. You can't really trust your browser to only have legit CAs in it, especially if it's managed by someone else.

'There has never been a realistic plan' for UK's £11B Emergency Services Network

The Vociferous Time Waster

Only 11Bn?

That's small fry, the current government can waste far more far quicker if it sets its mind to it. Take the 37Bn on the test and trace spreadsheet. My only question is who in government trousered the ill gotten gains from this white elephant? Who is going to get a job handed to them when they are inevitably given their P45 next year?

Tech execs turn to drink and drugs as job losses mount

The Vociferous Time Waster


Aderall and other amphetamine based drugs are prescribed for ADHD and other neurodivergence. I wonder what it is about tech that attracts people who have trouble controlling their focus, he asks rhetorically.

Capita has 'evidence' customer data was stolen in digital burglary

The Vociferous Time Waster


Having worked there this is not surprising at all. I was once told in a performance meeting that I wouldn't get rewarded for doing a good job because they only paid people for an OK job; the reason being that customers only paid for an OK job so Capita only aims to do just enough to avoid being sued.

To improve security, consider how the aviation world stopped blaming pilots

The Vociferous Time Waster

No blame culture in aviation

Y'all never watched Sully?

Defunct comms link connected to nothing at a fire station – for 15 years

The Vociferous Time Waster

Analogue switch off

I am involved in the project to move off analogue lines in a large English city council. Suffice to say that there are a lot of lines that have been billed for quite some time that are not used for anything even remotely useful.

Most Londoners would quit before they give up working from home

The Vociferous Time Waster

But why?

Why live in London if you work from home?

Terminal downgrade saves the day after a client/server heist

The Vociferous Time Waster


I was doing a server and client upgrade at a small automotive company which included a VPN to connect them to their new owner's head office. We had a very busy weekend reimagine PCs and swapping out servers and migrating data - tested everything and got completed by mid afternoon Sunday feeling really good about ourselves.

Come Monday we were on floor walk to make sure users could log on and get started - teaching them the art of the three fingered Microsoft Salute (they had moved from Win98 to XP so had never had to log in with CTRL-ALT-DEL before). All was going well until in walks Maureen from accounts.

She may not have been called Maureen, but you know the type. Been swapping the tapes for decades without ever checking if a backup has actually run.

She looked at the teletubby desktop background and the green start button and immediately announced that she couldn't use it because she hadn't been trained on it so we would have to put it all back to how it was. She marched off to speak to her boss. At this point I had the bright idea to switch the desktop theme to "windows classic" and put the picture of her grandchildren back on her desktop and told her that we had downgraded her machine so it was how it used to be. She mastered the three finger salute to 'get past the new security software' and was logged in and working in minutes. She even bragged that she had special treatment because she was so important as accounts needed to be able to run 'special applications'.

UK govt says contractors should challenge IR35 status via self-assessment

The Vociferous Time Waster


For fear of getting them wrong and either being challenged by HMRC or Contractors it seems that most companies are taking the loophole of not working with PSCs and only engaging through umbrella as a standard policy. This means there is no assessment to challenge.

The Vociferous Time Waster

Re: boom for offshore consultancies

Of course it helps if your wife's family owns one of those large Indian firms.

How important are tech and other contractors to UK? PM candidate promises tax review if elected

The Vociferous Time Waster

This is about risk and cost.

This is not something that will help contractors. The main disadvantage of the current rules is that the risk sits with the client, not the contractor as it used to. This means that previously companies could pay someone a rate and offer a contract that suggested outside IR35 but then if HMRC disagreed it was the contractor on the hook. Now the client is on the hook if they haven't done the assessment correctly. Their only way to mitigate this risk is to move away from PSCs and go umbrella but that has proven to be expensive - I don't pay more tax in an umbrella, the client does because my rate went up to reflect their choice so I take home the same amount each month.

Gov.uk has already started to erode this a bit by discretely changing the rules so the risk can be shoved back onto the contractor if it is found that they misled the client on the IR35 assessment. Any review will be a further erosion of the responsibility of the client as those risks are shifted back onto the contractor. As for how HMRC interprets things, they have proven to be a law unto themselves when it comes to how the rules are interpreted. I can imagine they would be happiest if the contractor paid taxes like an employee and had all the risk while the clients would like to pay rates that are more in line with permies.

Be careful where you install software, and who installs it

The Vociferous Time Waster

Sadly missed

My current contract has scheduled tasks and processes that still run under the user account of a guy who died two years ago at the start of the pandemic. His user account has gradually and very carefully had privileges removed so it's basically a service account now it can't be deactivated because nobody really knows how many important things run under that user account.

I am reminded of GNU Terry Pratchett.

A character catastrophe for a joker working his last day

The Vociferous Time Waster

get-aduser | set-aduser

I spent some time at a well known retail client a few years ago and we got a similarly unplanned lunch break when one of the service desk guys wrote a small script to change user passwords using powershell. As he was not a developer he completely bypassed user input sanitisation and error handling and basically strung the get-aduser commandlet (which gets user objects) and the set-aduser commandlet (which changes attributes, for example the password) together with a variable instead of a pipe.

At some time before lunch he ran his script and, as it was taking a bit of time to run, scuttled off to lunch. Over his hour lunch break those of us who ate at our desks started getting the 'windows needs your current credentials' message pop up on our computers inviting us to lock and unlock our desktops.

What had transpired, it seems, is that he had fallen victim to a classic faux pas - the get-aduser commandlet will assume, if you do not specify a filter, that you want every user object. "get-aduser jsmith" will return the object matching that name whereas "get-aduser" on its own will return an object containing every user object in the director (unless the command is scoped in another way). Fortunately for our hero he had scoped the command to an OU that was UK head office only and didn't extend to international users, store users, or more importantly the service accounts upon which the business ran. Around 3000 people had their passwords reset and it took quite a while to fix the issue. As everyone had their password set the same they couldn't just tell people that the password was "ChangeMe123" because that meant that anyone could access any account. The passwords had to all be reset again to something unique to the user (DoB and NI number I recall) so that it could be communicated widely. There was then the 2 day password retention rule that prevented anyone changing their password for a couple of days afterwards.

Contractors argue umbrella companies need improved regulation, not outright ban

The Vociferous Time Waster

Two options

Companies should either hire people directly (fixed term or permie contracts) or use contractors that are proper contractors and treat them as such (not disguised employees/umbrella/inside IR35). If you are a contractor you provide a service and don’t have a manager or go to team meetings or have your hours and location of work dictated to you. Fixed term and perm get the benefits. If companies hire a contractor and then treat them like an employee they should be liable for the tax and benefits of an employee.

Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email fail

The Vociferous Time Waster

Former UK trade minister and current Conservative MP Dr. Liam Fox

"Former UK trade minister and current Conservative MP Dr. Liam Fox"

I think you'll find that his actual title is "The disgraced former defence secretary, Dr Liam Fox" - it's a well worn title with a proud history of Tory defence secretaries who have been disgraced.

Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'

The Vociferous Time Waster

Re: And the problem is?

But what about if parents aren’t tackling these issues. Or if the parents themselves want to do some research?

India's peak IT body tells outsourcers to check contract cancellation fine print while Coronavirus reigns

The Vociferous Time Waster

I for one...

I for one can't help but laugh.

NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off

The Vociferous Time Waster

wrong model

If you want to get your data out then AWS is the wrong model. It's great for ingesting data, processing it and then returning targeted information based on that data (reporting and visualisation etc) but just as somewhere to store it for repeated access it sucks ass.

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle

The Vociferous Time Waster


it's not like anyone would abuse emergency powers...

UK government puts IR35 tax reforms on hold for a year in wake of coronavirus crisis

The Vociferous Time Waster

Too late for many

The deplorable conduct by many companies will leave them struggling to recruit now no matter what the terms. I will be checking offpayroll.org.uk before any contract from now on.

Capita hops on UK's years-late, billions-over-budget Emergency Services Network to keep legacy system alive

The Vociferous Time Waster


Is it wise to give Crapita anything given that they are circling the train with a share price falling through the floor?

HMRC claims victory in another IR35 dispute to sting Nationwide contractor for nearly £75k in back taxes

The Vociferous Time Waster

Offset his holiday pay

Surely if gov.uk have declared this person an employee then there are large amounts of holiday pay and other benefits, not to mention a hefty redundancy payment.

Can't have it both ways - or employees might soon find that they too are being taxed as an employee but treated like a contractor.

It's happening, tech contractors: UK.gov is pushing IR35 off-payroll rules to private sector in Finance Bill

The Vociferous Time Waster

No probs

I’ll just have to put my day rate up a bit.

Get in line, USA: Sweden reopens Assange rape allegations probe

The Vociferous Time Waster

Obviously that’s bollocks but do you think you have sources for any of it?

Brit Parliament online orifice overwhelmed by Brexit bashers

The Vociferous Time Waster

Never attribute to malice what can be explained by incompetence.

Site has been up and down like Boris' Y fronts.

Dead LAN's hand: IT staff 'locked out' of data center's core switch after the only bloke who could log into it dies

The Vociferous Time Waster

Further advice...

Don’t use dell network kit anywhere important.

F5 Networks buys into open source, hands over $670m for Nginx! Double Nginx! Infinity Nginx!

The Vociferous Time Waster

Re: Help!

or even further back to IIS!

Amazon may finally get its hands on .amazon after world's DNS overseer loses patience

The Vociferous Time Waster

Re: Can of worms or Pandora's box is about to be opened...

Really? The place that just over 30 years ago was where the www was invented and you begrudge them a TLD?

The Vociferous Time Waster

Re: Can of worms or Pandora's box is about to be opened...

Root zone will get pretty bloated.

Yelp-for-MAGAs app maker is warned there are holes in its code. Does it A. Just fix the problem, or B. Threaten to call the FBI, too?

The Vociferous Time Waster


People who are usually not that great with critical thinking found to be not that great with technology, bears also found to do their business in the woods.

I say, that sucks! Crooks are harnessing hoovers to clean out parking meters in Chelsea

The Vociferous Time Waster

They are...

They are Dyson with trouble.

Coat etc.

Want a bit of privacy? Got a USB stick? Welcome to TAILS 3.12

The Vociferous Time Waster

Re: An ARM version might be more useful...

An SD image for raspberry pi would be good - the zero W is about ten bucks so you could make a reasonably priced burner computer.

Techie basks in praise for restoring workforce email (by stopping his scripting sh!tshow)

The Vociferous Time Waster

Powershell is dangerous in the hands of some...

At a place I worked as a contractor there was a low level server ops guy, let's call him John Smith, and he wrote a very simple script to change passwords. I don't quite know how his script was more efficient that the one line of powershell that it ran but then he was a very low level person, the type who tend to do the stuff that nobody can be bothered to script because they can't script clicking on the next box.

So the script that "John" wrote basically took a username and changed the password. I would hazard a guess that it basically did:

Get-ADUser $user | Set-ADAccountPassword -NewPassword "Changeme123!"

OK, so there were some other options in there as well but you get the gist.

Anyway, "John' runs this script using his privileged account (let's him do desktop stuff like change passwords) and it seems to hang. He goes off to lunch.

At this point it's worth noting that in the line of powershell above if $user is null then Get-ADUser will get every user object in the domain and pipe all of them to the password change applet. It hadn't hung, it was just a little busy.

While "John" was off at lunch the rest of the IT department realised that they were unable to reach stuff, many had locked their desktops while eating their own supermarket "own brand" sandwiches at their desk and when they tried to unlock their desktops found that their passwords were no longer valid.

Later in the incident room it became apparent that "John" was responsible however he not only managed to retain his job but eventually managed to move sideways (and slightly down) into the desktop team.

Expired cert... Really? #O2down meltdown shows we should fear bungles and bugs more than hackers

The Vociferous Time Waster

Painter's 2nd Law of IT

If an IT organisation has to manage something that can expire and must be renewed then it follows that it shall, at some point expire without having been renewed.

£10k offer to leave firm ASAP is not blackmail, Capita told by judge

The Vociferous Time Waster

Re: Not Blackmail?

I was once sacked for gross misconduct (very weak case) but given full redundancy payout and notice if I agreed not to appeal. Was even guaranteed a pre agreed reference.

Boss regrets pointing finger at chilled out techie who finished upgrade early

The Vociferous Time Waster

Re: Oh so familiar

Particularly domain names and hosting stuff - I spend a good few months in an old job (2007 - sub prime mortgage lender) identifying all the various domain names owned by present and former sales or IT directors and getting them transferred into one company account. The main company website nearly went because the domain was registered as a personal registration to the original sales director when the company started up and had never been transferred - he left nearly a year before my work started.

Mikrotik routers pwned en masse, send network data to mysterious box

The Vociferous Time Waster


Many organisations use the same set of SNMP strings across the business. If you manage to compromise it for one device then you stand to compromise it for everything.

Microsoft gives Windows 10 a name, throws folks a bone

The Vociferous Time Waster

To be fair each new version of office seems to lack that feature.

YouTuber cements head inside microwave oven

The Vociferous Time Waster

Also that assumes he hasn’t already fouled the gene pool.

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?

The Vociferous Time Waster


And this is why there are Brummie dumbasses prepared to cement their heads into a microwave to make some YouTube dollar.

Munich council: To hell with Linux, we're going full Windows in 2020

The Vociferous Time Waster

Next year...

Next year is the year of Linux on the desktop.

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

The Vociferous Time Waster

Re: Plenty of blame to go around

Let's not forget Thatcher2.0's role in intelligence hacking whilst Home Secretary.

Male escort forgot pregnancy protection, scores data protection instead

The Vociferous Time Waster

Layer 8

Failures of contraception are more often failure at the user level than the hardware level. Most of them can be 100% effective if done correctly but split condoms, failure to withdraw, missed pills and messed up rhythm dates are all just user error.

Shooting org demands answers from Met Police over gun owner blab

The Vociferous Time Waster

Re: Guns and kids

Sounds like the sort of childhood that isn't allows these days.

The Vociferous Time Waster

Tell that to Brendan Cox

It was a stolen .22 rifle that was used on his wife.

Boss swore by 'For Dummies' book about an OS his org didn't run

The Vociferous Time Waster


I would have pretended to refer to the For Dummies book to find the fix for added troll.

UK to block Kodi pirates in real-time: Saturday kick-off

The Vociferous Time Waster

Re: Technically very easy

(Yes, if you use a VPN you are effectively using a different routing table)