I used to work with a guy who used to work for one of the big shipping / delivery companies in the US, before he started working in IT. He always told us that if a package can't survive a six foot drop to concrete, it is not packed well enough, and will likely arrive damaged. He also told us that adding a "Fragile" sticker to the box almost guarantees that it will be damaged.
Posts by usbac
471 publicly visible posts • joined 4 Oct 2010
Tired techie botched preventative maintenance he soon learned wasn't needed
WINE 10 is still not an emulator, but Windows apps won't know the difference
Re: How well is Windows Recall supported?
I have a bunch of IP cameras around the place. I bought my first Foscam based on the reputation that "Foscams are great cameras". Once I realized that you needed a proprietary Chinese app to configure them, it went right back to the vendor. All of my other cameras can be configured easily through a browser.
Coder wrote a bug so bad security guards wanted a word when he arrived at work
America's drinking water systems have a hard-to-swallow cybersecurity problem
Trump's pick to run the FCC has told us what he plans: TikTok ban, space broadband, and Section 230 reform
I agree with the OP. I pay a few bucks tax every month on my ISP bill to help subsidize rural broadband. I don't mind too much, since I'm a rural broadband customer too. Let's face it, the person who's connection I helping to subsidize will mostly be using their connection to post on Fecesbook, buy tat from Amazon, and use Google search. Why shouldn't Meta, Amazon, and Alphabet, be chipping in a little too?
Sysadmin shock as Windows Server 2025 installs itself after update labeling error
It's not so much "Developer teams appear to be getting more and more incompetent when it comes to testing", but the bean counters in management getting rid of all of the software testers to save money. After all, customers will report all of the problems, why pay for testing?
In most cases, it's not like we have a choice not to use their crap software, and they know it!
Vivaldi gives its browser a buffing, adds a dashboard
Feature phones all the rage as parents try to shield kids from harm
Post Office CEO tells inquiry: Leadership was in 'dream world' over Horizon scandal
Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
SpaceX faces $663K FAA fine for Musk's alleged launch impatience
Deadbeat dad faked his own death by hacking government databases
Re: Is it hacking?
That's the problem when you don't think your plan through completely. He thought faking his death would be a great idea, until he discovered how hard it is going to be to live while being "dead".
I'm willing to bet that he never considered the repercussions of his "death" until after the fact, and resorted to all of the criminal behaviors to get by without an identity.
DEF CON badge disagreement gets physical as firmware dev removed from event stage
Re: Hang on a sec...
There are machines that can flash memory or microcontroller chips right on the tape. You can actually order the chips pre-flashed from most of the larger IC vendors. You just need to send them the image files.
This way the pick-and-place machines can stuff already programmed chips. The code is in the chip before they even go into the reflow oven.
Devices with insecure SSH services are everywhere, say infosec duo
CrowdStrike unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help'
Re: Blame where blame's due
As I understand it, there was no way to stop this update from being installed. It was considered so important, that it bypassed settings that customers had in place to delay updates.
When a vendor pushes updates in the "background" that you have little ability to stop or delay, what are you supposed to do? In this case, choose a better vendor would have been an option, I guess?
I posted this before in another thread:
I had a family member that was a lawyer tell me that (in the US at least) "you can't sign away your right to sue for negligence". I was asking about the waivers like what are added to contracts for risky activities. He explained that you can ALWAYS sue for negligence. I would think in this case with Crowd Strike, it could certainly be argued that this was negligence.
Keep in mind that Delta mentioned "Gross Negligence". Those are the key words that override any contract terms. Delta's lawyers know what they are doing!
Microsoft Dynamics 365 called out for 'worker surveillance'
Re: Expectations
My dad used to have the same issue (before he retied). He was an independent claims adjuster for insurance companies. He was frequently having to explain his travel time bills.
We are out west, and the companies that were based out of the east coast were usually the ones he had trouble with. He would get questions like: "How are you billing us 13 hours of travel time when the town is in the same state?" His answer would be: "The small town is 400 miles away!"
So, even people from the US don't understand how big the US is. Especially out west here.
Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
Re: Insecure by default
I was really pissed (after a couple of support calls with Microsoft) to find out that they don't check SPF records and DKIM between tenants. So if a spammer is another MS customer (or a customer has a tenancy taken over by miscreants) the email flies past part of your security.
They really are first class idiots!
Southwest latest to aim at electric air taxi dream with Archer partnership
"The eVTOLs are seen as an emissions-free alternative to passenger transportation to and from airports."
Where does all of the electricity come from? How about the impact of manufacturing and supporting the vehicle?
Any time I see "emission-free" I usually assume it is some kind of greenwashing...
We've banned Chinese telco kit and drones. Next: Mountain bikes?
Re: "its fleet of DJI drones"
Most drones these days use your cell phone or tablet to control certain functions while the drone in in the air. I think the fear is that with the cell phone connected to the internet all the time, the drone software can be uploading information to the PRC through the phone's link.
The drone has GPS location information. All it needs to do is send imagery from the drone along with GPS location info, and you have fairly decent intelligence.
systemd 256.1: Now slightly less likely to delete /home
Google guru roasts useless phishing tests, calls for fire drill-style overhaul
Re: Not sure if it's possible
The most commonly used corporate email client, MS Outlook goes out of it's way to hide the real URL. It's almost like Microsoft is trying to encourage phishing.
What should I expect from a company that doesn't even support checking SPF records between their O365 tenants!
Wow, the reality distortion field in slly-con valley must be strong!
So, according to Google, the best way to stay safe is:
1. Use un-phishable credentials (they don't exist).
2. Make sure to use systems and software without any security vulnerabilities (good luck).
I didn't know that defending against phishing was so simple...
HR expert says biz leaders scared RTO mandates lead to staff attrition
Re: And HR make up the rules!
Time to find a better company to work for.
Years ago, when my mother died, the CEO of the company I was working for came to see me and said "I'm so sorry to hear about your mom. Take whatever time you need". Maybe it was because he lost his father in a plane crash about 10 years before, and was very understanding. Either way, there are decent companies out there. They may not pay as well as some of the big soulless corporations, but there is more to life than money.
Transport watchdog's patience wears thin as Tesla Autopilot remedies may not be enough
The problem is that none of these enhancements to driver attention monitoring solves the real problem with this level of driver assistance (not actual "auto pilot", despite what Musk is trying to sell). The problem is that it takes time for the driver to react, and on roads and highways, that time just isn't there.
In aircraft autopilot works very well because there is much more time to react to an autopilot disengagement. You are typically not 1-2 seconds from colliding with something or someone when autopilot disengages. If you are, then you have big problems. Also, with aircraft, pilots are trained in human factors, and we understand how to handle the handover from automation to human control. Normal drivers are not trained for any of this, and reading a Tesla owners manual is not proper training.
Software support chap survived breaking his customer
The eight-bit Z80 is dead. Long live the 16-bit Z80!
Help! My mouse climbed a wall and now it doesn't work right
GM shared our driving data with insurers without consent, lawsuit claims
The question is, will these modern spymobiles even run if a person removes the radio unit?
I have a 2010 Chevrolet vehicle, and I removed the the RF transceiver from the OnStar radio unit. I did this soon after buying the vehicle, and I haven't had any issues in the years since.
I only use the dealership for things like recalls, and never for any other repairs. Mostly, I do my own work on my cars.
My other car is a 2013 Chrysler product, and it does not have any kind of radio unit in it. Only a GPS receiver for the nav system that is not enabled because I would not pay the ransom fee for the option.
I keep thinking I will need to buy a replacement vehicle or two before I retire, but I won't have anything that is "connected". Maybe I'm out of luck, and will have to keep these forever? Maybe some friendly car hackers will have patched software for these new cars that allow the removal of the radio transceiver?
I don't count on any government rules to stop this nonsense. It looks like the feds are actually encouraging more privacy violations with their requirements for driver monitoring.
I used to laugh when I saw retirees driving 30+ year old cars. Now I see the point.
US Equal Employment agency says Workday AI hiring bias case should continue
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely
Re: "application software to remotely control compatible locks"
Good luck with that.
We installed a gate at the front fence that has a VOIP door phone and an electronic lock. All done with my own systems, no cloud connected BS.
We did this mostly to deter door-to-door scammers sales people. We get tones of solar energy scammers these days for some reason. It also deters porch pirates, although that has never been an issue in our neighborhood.
There is a clear sign on the gate that says "To unlock this gate, use the code from the shipping label, or press the CALL button". If they press the CALL button, it rings all of the phones in the house, and we can press a key to unlock the gate. They can enter the 4 digit code on the door phone keypad also.
The results have been a mixed bag depending on the courier. So far the best has been Amazon's Prime delivery people. We set up the gate code in our account, and never a problem with them. With FedEx, once they got used to the setup, no problems either. UPS is still a problem. They just toss the package over the gate. This is a problem because the gate opens in, and when they leave heavy packages there, no one else can open the gate. Not sure what to do about that one.
USPS is the worst. They just leave a tag in the mailbox now, and we have to drive to the post office during business hours to retrieve our packages. I usually try not to order from anyone that uses USPS for shipment anymore.
It's been no problem for the utility people (gas and electric). I called each company and gave them a code, and they come and read the meters just fine.
It's sure gotten rid of the scammers.
Change Healthcare faces second ransomware dilemma weeks after ALPHV attack
Re: Let that be a lesson
Many years ago, I posted the idea of paying a ransom being a criminal offense. I got down-voted heavily on that comment. I also received tons of criticism followed by all kinds of pathetic reasons why companies need to be able to pay ransoms.
I'm glad everyone is starting to see the reasons why this just has to be the case.
Iowa sysadmin pleads guilty to 33-year identity theft of former coworker
How a single buck bought bragging rights in the battle to port Windows 95 to NT
Re: Windoze NEVER worked well.
I remember the DPS Perception Video Recorder cards. They were awesome in their day. The fact that they recorded directly to a SCSI drive, bypassing the system bus was genius. It made desktop video editing possible before PCs were really powerful enough.
I remember the driver would do all kinds of cool stuff. You could access the video storage drive as another drive letter. It would also make directories available with each video frame as a separate image file (Targa, if I remember correctly).
We used Newtek Lightwave to render 3D animation directly to the PVR drive, then we could print it to 1" Type-C video tape through the analog video outputs.
Very expensive stuff back in the day. Now, a budget smart phone blows it away!
Re: Windoze NEVER worked well.
In those days, for a server you used Novell Netware. Servers ran for years without reboots. You could even patch it without rebooting.
Some server hardware at the time would allow hardware replacement without rebooting. I once replaced a network card without rebooting the server. You go to the command line, unload the network driver, pull the NIC and replace it, then go back to the command line, and load the driver for the new card.
I once was called in to work on a server that was showing an uptime of over 6 years!
Majority of Americans now use ad blockers
"I am constantly surprised by friends who don't even know that ad-blockers exist."
I was recently visiting a friend of mine that works in IT. He has his own company, staff and all. We went into his office for him to show me a web page with some neat new piece of gear. He opened his browser, did a quick search, and then went to a site with the piece of equipment. He starts grumbling at how long the page is taking to load. Once it loads, it's so full of adds and other crap that the item we are looking at is barley visible.
I asked him: "Is this what the internet looks like now?" He looks at me puzzled. I then asked: "Don't you run an add blocker?" He answers: "What's an add blocker?"
I sat down at his desk and installed uBlock for him. Once he started browsing again, it was like a revelation. I told him "Don't you know that many of these adds contain malware and trackers?"
I guess the difference is that I work in IT security, and he works more on the engineering side. Still, I was really surprised.
It was a bit of a revelation for me to see what the modern internet looks like without an add blocker. I've bee using one for over ten years now. It's the first thing I do when installing a new browser.
Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue?
Re: Wrong approach
It seems to me that hospitals and doctors clinics operated just fine for many decades before the internet came into common usage.
I remember my parents and grandparents being treated at hospitals back in the 70s with successful outcomes. I was very young back then, but I don't remember the doctors saying "I'm sorry son, I can't treat you family members because this thing called 'The Internet' doesn't exist yet". My memory may be a little fuzzy, but I don't remember hearing anything like that?
My grandmother was a nurse. She received her training in the Navy during WWII. I don't remember her ever saying "If only we had The Internet, I could have saved all of these people..."
Re: Wrong approach
As much as I detest the idea of more government intrusion into our lives, it's far past the time to license software developers just like civil engineers and other professionals. Cyber security needs to be a big part of their licensing process (exam/training/etc.)
If someone needs to be licensed to design a bridge or a building, why aren't software developers required to do the same. I would argue that software is now often as life-critical as buildings and bridges.
Time to examine the anatomy of the British Library ransomware nightmare
Re: "Too old to be safe, too expensive in time and money to replace"
I think the OP was making a point about getting off of this hamster wheel of constant patching/upgrading to chase security vulnerabilities. Software should not have zero-day vulnerabilities. If software was properly developed and tested, the admin you mentioned would not have had to watch for constant patches. The fact that the admin missed patch number 532 on software that was released six months ago, should never be a consideration.
This mentality of "Does it compile? Great, release it. We can always patch it later..." is why we are where we are. The software industry is the only industry where you can knowingly release a dangerous and defective product, and have zero liability for it. All I'm asking for is that the software take some responsibility for their product. They won't until they are forced to.
Re: "Too old to be safe, too expensive in time and money to replace"
Many, many years ago, before getting back into IT, I worked in the insurance industry (claims side). You would be surprised how many subject matter experts are employed by insurance companies. Especially in industries where they write policies. I once met a fire investigator that worked for an insurance company. He was very competent. He had been a fire marshal and investigator for the fire department for nearly 30 years.
Re: "Too old to be safe, too expensive in time and money to replace"
I agree with the OP above.
We also need to stop software companies from waiving liability for the security of their software. If someone sells a defective coffee machine that burns down a bunch of people's homes, they will get sued, possibly out of existence. It should be the same with software. If your software has a vulnerability that causes a data breach, you've done the equivalent of burning down someone's home. You should be just as liable as the appliance manufacturer.
Software vulnerability analysis should be an area of increased investment. Maybe this is the one place where AI might actually be useful?
We need something like an Underwriters Laboratories for software. Once software companies can't waive liability in their EULA anymore, they will need to insure against it. UL came about due to insurance company requirements for issuing product liability policies.
Job interview descended into sweary shouting match, candidate got the gig anyway
Many years ago at a managed services company, we were interviewing for a new IT support tech. The question I would ask each candidate was: "you have a PC that is not connecting to the network, what do you check first?
We got all kinds of answers. One candidate even said that he would re-compile the drivers from source. Another talked about removing all of the drivers and cleaning up the registry. After days of interviews, we had a candidate that said "I would make sure that the network cable is plugged in". He got the job. George was an awesome tech, and a really intelligent person. We later found out that he authored several books. He also played guitar in a hard rock band on the weekends (you would never guess).
Boeing paper trail goes cold over door plug blowout
Re: Why aren't these people facing jail time?
Maybe not. Aloha Airlines turned one of their 737's into a convertible at 24,000 ft, and managed to land it okay (less one flight attendant, unfortunately).
Also, United flight 811 had a door failure between Honolulu and Auckland. They lost nine people in the incident, but the 747 made it back in mostly one piece.
Airliners can take a lot of abuse, and still be able to return for landing.
Apple's had it with Epic's app store shenanigans, terminates dev account
Year of Linux on the desktop creeps closer as market share rises a little
Re: Repeat after me:
I want to start out by saying that I detest Microsoft. They are the root of all evil in the universe as far as I'm concerned (or maybe Google?).
I'm in the process of migrating everything in my private side of IT away from anything Microsoft. The few remaining Windows PCs here at the house still run Windows 7, and only for a couple of pieces of software that I don't have Linux replacements for (and before anyone says "but you can use...", no I can not).
That said, I've used Outlook at work (mostly) but also at home for about 25 years. I've recently tried Thunderbird as a replacement for Outlook. It was dreadful. I also tried BetterBird, which is considerably better than Thunderbird in my opinion. Neither of them are all that great. I spent a week trying every open source email client out there, and chose BetterBird. It is sort of tolerable at best. I could spend the whole morning listing all of the problems/shortcomings/bugs I've run into with it.
As terrible as the new versions of Outlook are, (this is painful to write) none of the open source email clients can replace it.
Copilot pane as annoying as Clippy may pop up in Windows 11
I figured all along that this is the reason that they are shoving this down everyone's throat.
It's why we are now seeing all of this AI crap everywhere. A while back a bunch of large investors were told that AI is the future by some hucksters trying make a quick buck, and they all jumped in head first with billions of dollars. Now, even though no one really wants any of this, they have to show "adoption rates" to justify investing other people's money in this nonsense.