Posts by Alistair

Alpha Bet

As in the first bet?

with a google of cash?

Just watch out for someone (hmmmmmmm Zuck?) spinning up an Omegabet.

(dear lord the wordplay available with that ........)

its time.

Lester, go visit Trevor. Hell, I'll drive out there and deal with the gubernatalia if need be. It really wont take 2 years to get this done.

Simple proof that the FBI can't decypher *anything*

They can't figure out that they're too damned cheap.

which is why they want back doors.

which really indicates a problem, since if they can't figure *that* out......... what else are they missing?

These polls reveal something important.

That the vast majority of us commentards are sick, twisted individuals.

Have a beer to celebrate.

Truecrypt and veracrypt

Hopefully whomever picks the code up makes the same assurances about integrity - the reason the originators stayed out of the public eye was that anonymity supposedly kept the TLA's from hunting them down and forcing a compromise into the code.... *cough* (thus the paranoia when they left the project). If you can lever it around and get elevated privileges in winders with the TrueCrypt client then well.......... Perhaps there original team saw an exploit in the wild that used those holes, and didn't know where to go with it, panicked and ran?

LUKs has the advantage in my case of keeping several volumes, different passwords, different requirements - and additionally - I am able to hand off unique passwords to (boss/coworker/wife/lawyer) so that in the event of [BUS->] (me) they have some hope of recovering my work, but I can contain who gets to see which bits. As I get it bitlocker can do the (alternate password) bit but can't do "volume" level encryption, it must do the entire disk.

Cloudy with a chance of MLOS

I have a mess of issues with "public cloud" - mostly to do with security issues and mitigation processes. However the single biggest issue in getting from point a to point b is that automation *has* to come into the equation. Part and parcel with automation of application deployment is that "standard deployment" is typically specific to a vendor - so you have to build your deployment tools around a vendor stream - and when you have 40 or 50 software vendors in the feed line it can get *disgustingly* difficult to harmonize your installations to not trip over one another. I've built cfengine kit to deploy *dozens* of apps in a *reasonably* automated fashion (LDAP would have made my life soooo much easier) but regularly get "but our specialist application that needs that wants it installed HERE, not there" (and I've 100% satisfied that set of issues with path functionality on linux, hpux and aix) what gets me *most* about some vendors is how when putting software into a *nix environment they completely and utterly ignore posix standards, os vendor standards and general best practices by assuming that the application will a) run as root, b) own the entire host from top to bottom and c) get to choose its own ports UIDs and GUIDs.

Cloud, by the way, in my books, is nothing but a buzzword for "really damned good automation that works". But even then the automation can still suck.

(why, yes, I *am* arguing with a vendor about what they said in the sales pitch versus what their field engineers are trying to do in my datacentre right now, thanks)

I'm sorry the post is already filled

We outsourced it to china as they said they could do it cheaper,

Perfect pic for the article

Something chose the wrong day to quit.

tivoli && exchange && DLs && OOO messages

Exchange hosts configured to use tivoli to send users notifications when the mail server instance was about to go down.

Exchange not configured to ignore DL's in the 'active user' list.

Queue MS patching at 3 am. 5 days before christmas when about 30% of the folks are already on holidays.

2:45 am. notification sent ....

Poor bugger who started that one had to defer the actual patching for three weeks since the server(s) in scope were too busy delivering the sh!tstorm to shut down, and the next day started a "seasonal change freeze"

Bezos

Will be spending a *whole* lot of money before *anything* launches from there - Major overhaul required for just about every system there.

This is a decent *idea*

Sadly manglement and legal pitbulls will get hold of it and turn it into dataminable "historical data" for "reference" and "analysis"

a) mac addresses *can* be altered at the device. End of Line.

The above statement makes the software as proposed INVALID. What more can be said? as a legal tool this is now invalid. Now, don't get me wrong - it makes it possible to *locate a specific mac* if that mac is active - I get that -

i) find missing hardware that was (lost/stolen/dropped off a cliff)

ii) find (runaway teen/missing small that has phone/altzheimer patient carrying panic device etc, heck even stolen cars)

iii) give insurance companies (are you hearing yet?) SOMETHING to recoup losses on stolen devices ... (I suspect this will be the lever that will be applied to make my original proposition occur)

are all possible, but the consequent data:

i) which mac addresses were at what location at what times on which date

ii) which mac addresses were connected to known networks (are you hearing yet) at which location at what time on which day.

iii) what (dramatic event) ensued within x time of y event when the above devices were connected to THAT network.....

(i.e you are developing a data pool that will result in witch hunts hours after (dramatic event)s occur that will trash the civil liberties of a substantial number of innocents.)

I think that the data usage, tracking of said data, and resisting compilation of that data must be written into the baseline proposition before we let the authorities start running this anywhere.

And good luck on the patent front - I've no less that three utilities that do precisely this.

Simple enough

If admin creds are getting stolen you have issues with your admins not keeping things tidy. If your admins have these issues, I don't wanna know what else is going down the toilet.

I've had a couple of days where security has called me because I've been WFH, gone out for lunch and had to pop on to sort a quick issue, usually from a hotspot - this pops a bell in the VPN logs. How hard is that? Is this not a starting point? I can imagine that an admin loosing control of a laptop/work desktop is one thing ...... I suspect it would get *me* at least *fired* if I got some sort of viral infection on my work laptop.

application development and security

I'm sorry DAM. I've been an SA - specifically tasked with *doing the new stuff* for 12 years - I've met in that time exactly 3 developers that gave one rats a$$ about security - Typically I'm the one jumping up and down and waving security policy documents around and screaming at idiots that try to 777 entire data stores. Given the latest flock of DEVOPS twats I'm meeting -- most of whom have less than 5 years in IT, I'm feeling like I'm drowning. I DO tend to blame it on "developers trying to do everything" - mind you I'll agree that its typically because the demands of management include "give us new $hiney $hiney for < last weeks coffee budget"

And I've found the that the only way to get 'maintenance' done is to let the 3P pen testers red flag all the "This version might be active in your environment and might be vulnerable" items - it at least gets us outage windows to do things to fix issues. Even if we're updated past "this version" and don't even have "this application" installed.

Its getting worse rather than better as we start rolling out "application in a box" appliances. Jesus murphy.

'taterza

Given that the rest of the pizza is constructed correctly - Potatoes work.

That one doesn't look like it has bacon. One *must* have bacon.

Dunno bout this one

From the diagram that lidar has a blind spot almost worse than the average meatsacks.

"I'll just keep this log safe while those devs are chasing their tails"

<even if I don't have a UK mailing addy handy>

crapple announces

My only issue with crapple announcing *anything* is the three week change freeze at work around the announcement.

interesting. We ended up with legislation

Electronics things have to be recycled. In fact, we now pay (on certain items) a pre loaded recycling fee for this. And... we have to *take* the recyclables on which we pay this pre loaded fee *to* the recycler.

Recycling around here is apparently *very* good business. (Yes it includes computers -- ODDLY - only when bought by an individual person - if you have a GST # you don't pay the fee, since you are thus a company)

*blink* *blink*

And I'll guarantee that those things we do this with STILL end up getting broken down by 10 year old kids in a garbage dump in china.