* Posts by Sixtysix

142 publicly visible posts • joined 28 Apr 2011


What says Internet of Things better than a Bluetooth-controlled smart candle?


Rule 34 (IoT)

Strange... my thoughts went there as well ;p

Internet of Trash...

What a terrible result from this year's Super Bowl. Can you believe it? Awful. Yes, we're talking about the tech ads


Re: did not watch

Yeah, the "fun" from Osi and even Jay Bell gets olld really fast - like within the first minute.

The BBC coverage REALLY SUX. Way too much time spent listening to drivel from their "celebs", Way too much time spent on analsis that the play by play and color (sorry - they are USA commentators) ALREADY did a good job explaining... and WAY too little actual football. Also: way too much time given overly simplified explainations of rules and calls: all that needs to be in a "beginners show" not in the ONLY coverage we get to watch.

And don't get me started on featuring the same games in both broadcasts - WTAF? Half-hearted coverage at best.

Next year I'm buying Game-Pass and putting up two fingers to Auntie.

Oh Deer! Poacher sentenced to 12 months of regular Bambi screenings in the cooler


Re: 'Murica never ceases...

@Timmy B

" I'd also like to see suicide removed form the stats as if you want to do that you'll find a different way. "

I can agree that there is an issue with including suicide, but actually most "other" forms of attempted terminal self harm:

- need a LOT more time between the thought and the action

- may require planning or things that are not immediately to hand

- are hard to complete when falling down drunk/under the influence/severely depressed

- typically seem more unpleaseant as they might involve "pain"

- have WAY better survival rates

As a consequence, the relative "ease" of terminal self harm by firearm increases the risk of actual follow through with the intent. Availability of firearms does seem to increase the likelihood of someone actually attempting suicide, so skews the figures - but sadly a proportion of suicide by firearm is directly responsible to availability of method.

Wombats literally sh!t bricks – and now boffins reckon they know how



Well played

'He must be stopped': Missouri candidate's children tell voters he's basically an asshat


Godwin's Law

It's not often that Godwin's Law shows up so obviously and repeatedly amongst comentards... but dear goodness! Today must be "special".

Can we stop? Please?

I know what you're thinking: Outsource or in-source IT security? I've worked both sides, so here's my advice...

IT Angle

Came for enlightenment...

..left wanting.

The "article" seem to mix up Enterpirse, SME, and SoHo terms, concerns, concepts and costs/wages at random, and the only point universal value was talking about the Cyber Essentials/Plus programme which is a reasonable starting point... but only to a point (I have issues with CE+ in an enterprise making rulings about how/what/when we should patch...).

Knowing Cyber is an issue: great start.

Making someone interal responsible: bare minimum.

Getting a competent assessment: Contract it out unless you have lots of in-house cyber sec skills

Fixing the holes you found: pick the best way you can afford

Ongoing: Make *sure* it's being maintained - internal/external/mix doesn't matter, but do re-assess regularly.

Unsure why you can't log into Office 365? So is Microsoft


Why I'm cautious...

Looking at O365 just now... and Office 16 and 19.

Whatever we go, I plan to keep Exchange in-house for foreseeable future.

My integration partner gets it... my MS Account Manager - not so much.

Yes, Americans, you can break anti-piracy DRM if you want to repair some of your kit – US govt


Reversing decisions...

Sounds like a job for an ex-FCC chairman...

Timing should work well.

Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking


30 Days....

... would usually be plenty.

In this case, 30 weeks would not be enough, and I suspect that most of these "thinglets" will never ever be patched/upgraded, and will become a zombie army for someone/thing.

Dearly hope that "we" can identify and block traffic from them in the future, or this is how the Internet will die :(

Which? That smart home camera? The one with the vulns? Really?


Which want to see

Because Which? really wants to see who buys it's recommended hardware.

And what better way to see, than to, really, literally, *see* them.

...mine's got the Tails/ToR installer in the hidden pocket...

Remember that lost memory stick from Heathrow Airport? The terrorist's wet dream? So does the ICO

Black Helicopters

The 2% - and not interested

Obviously Elites... except, D'Oh

How any org (that deals with secure information) can think not training staff in Information Security is a good idea these days beggars belief.

The REAL eyeopener was the ICO having a complete lack of interest in the "marked" files: WTF? Guess they assume that HMG / Police / GCQH will pick up the slack... ?

I do wonder if a head rolled.

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials


Re: Strong denials

Your comment on Strong Denial Standard is interesting as "They" ALL did deny strongly very fast. No waiting, no "we'll get back to you", absolutely not "no comment".

Unequivocal, immediate, clear, unprecedented denials.... and therefore rarer than rocking horse shit.

Colour me worried / intrigued by turn about...

Microsoft yanks the document-destroying Windows 10 October 2018 Update


Insiders - should be better than this

"As an Insider, it pains me. Beyond belief. — Abby Jane Hicks (@AbbyJaneHicks64"

Whilst I have tremendous respect for all those willing to put their main systems in the line of fire by working exclusively on the Insiders ring, I think Abby is not representing the majority of Insider Contributors well:

We were told to expect that StrangeEffects will be a regular occurrence.

We are clearly warned that BadThings might happen.

We are absolutely encouraged to keep backups.

At the same time I have a LOT of sympathy for Steven who has obviously backed out of Insider (as have I). Not sure about ninja and cats, but the lack of follow through is one of the reasons why my main machine and backup have been switched, and my input to the programme has been zero for some considerable time.

Black Helicopters

OneDrive - Re: Why even touch user folders?

I don't use OneDrive

I don't use a Microsoft Login

...Will I be safe, or selected for "extra" special deletion?


Never happier to be late...

...time to start switching off at the outlet!

Windows 10 1809: Now arriving on a desktop near you (if you want it)


I'd like to pass please Bob....

Quite - this remembering of C&P was one of the first things I turned off in whichever version of Office came with similar features.

Insecurity by rote.


LESS Pleasant? Than WHAT?

"Take it to the Edge"

"The Edge browser <...> nag screen at the start, suggesting users link their browser to their mobile device is, however, a bit less pleasant."

Dear heavens - "less pleasant" is FAR too light a roast for that nonsense!

I'd suggest "a step too far"...

Fancy that, Fancy Bear: LoJack anti-laptop theft tool caught phoning home to the Kremlin


I have trust issues...


Arbor <...> spokesperson said. "At this time, we do not believe that this has impacted any customers or partners,


No shit Sherlock? I think that's entirely the point - you won't know... and neither will the affected parties.

*THIS* is why I have trust issues: the AV companies have chosen not to flag it. For corporate compliance, the AV tools should flag EVERYTHING suspicious, and allow the Corporate administrator get to tick a box that says "We note and accept that install in our environment because..." NOT just ignore things that could be FAR from benign.

Attempt to clean up tech area has shocking effect on kit


Lights ON, lights OFF - Re: Ah, cleaning crews

Now, see, THAT story is where the "Hello darkness my old friend" reference might actually work. Or a Horatio Caine/CSi Miami type referfence...

You can try too hard you know ;p

Don't get THAT personal, says personalised cards firm Moonpig. Dick pics. They mean dick pics


LOVE the response from Funkypigeon!


Also: Nice to see competitors playing nicely together!

Eat my shorts, watchdog tells every city mayor in the US – FCC approves $2bn 5G telco windfall


This demonstration of USA politics...

...shows why allowing senior positions to be filled by appointment might not the best idea in the world.

Nepotism is bad enough, but from the outside (not based in Americas) these two appointments and the subsequent "works" look like deliberate sabotage - Pai seems to be working against the remit of his organisation? Certainly as his predecessors saw it!

But then I'd suggest that the whole "Presidential appointments..." routine/circus needs an overhaul!

Still holding out on Windows 10? Microsoft tempts upgrade with virtual desktop to Azure


Counterpoint to "No... No tinterested"

This is absolutely the future, and our like/dislike is probably irrelevant to the beancounters who *like* a predictable service cost they can scale at will... and a lack of Capital expenditure/sunk costs. Obvious ones anyway.

I manage a reasonable size infrastructure. and am *just* dragging along the project to transition from Win7 to Win10. Not because I want to - I'm in print more than once on that subject - but because I cannot afford to pay for support after 2020, and need best part of two years to plan/architect/build/rollout.

Although Win10 is - probably - the Last MS Desktop OS, managing local infrastructure is getting to be a pain filled exercise in futility, and MS are not helping with the configuration and upgrades on Win10. On a 1000+ machine estate, it's getting to be an exercise in choosing the right compromises for all involved, and compromise always sucks for some. Or all.

I've been talking for years about how "the phone in your pocket WILL BE your computer". THIS SERVICE OFFERING WILL FINALLY MAKE THAT REAL - once it's mature. Generic bluetooth screen & keyboard, dock your phone on corner, and connect to the Virtual desktop... mobile applications are obvious.

This, finally, will be the "Cloud" that the pundits have been talking about... and I'll be retiring right about stability/consumer price point. Five years I'm guessing!

Office 2019 lumbers to the stage once more as Microsoft promises future releases


Some interesting spin already

Expiring NDAs all around...

Comparing against their O365 offering which apparently offer the "most productive and most secure Office experience -with the lowest total cost of ownership for deployment and management," I'm torn.

O19 demands no further Infrastructure or Information Management changes to implement - O365 want oodles more bandwidth, and give a whole pile of new headaches to information management... but looks like it's (finally) going to be price competitive.

Thankfully the first complication is a simple one of "pays money and takes choice" - and the latter is SEP (someone else's problem), so I've asked the users which they want...

The answers are not fitting on a postcard...

You're alone in a room with the Windows 10 out-of-the-box apps. What do you do?


Take them round the back...

...and euthenise them.

With extreme prejudice.

EXTREME I said...

Oz government rushes its anti-crypto legislation into parliament


Politicians are not sufficiently educated to know they are being stupid

Crypto needs math literacy to understand. SERIOUS math. Not high/grade school, but University Major type math.

Without that background, (assumption - probably safe) politicians have to rely on "experts" to advise them, and they get to not only pick the experts who may not have the required math (assumption - reasonably safe), but the politicians will keep asking until they find an expert who supports what they want to hear (assumption - proven).

So there's no way to tell them it's impossible that they will listen to - they think those that are telling them "Not possible" are either i) hiding something, ii) have vested interests, iii) are being paid by the opposition, iv) are terrorists and shouldn't be listened to anyway as that's who they want to spy on...

Judge: Georgia's e-vote machines are awful – but go ahead and use them


Please, please, please, PLEASE

I know I shouldn't, but I can't help myself...

I actually, sadly, REALLY hope that this ends up as an object lesson in WHY IT WAS A BAD IDEA due to all the possible hacks being used wherever and however possible. With luck that will give results that have been OBVIOUSLY tampered with (preferably by millions of "extra" votes for an unlikely candidate) and rather than the rest of the world pointing and sniggering quietly, REAL ACTION results.

Also: not gonna hold my breath - they'll probably believe and defend the result whatever happens.

Sysadmin misses out on paycheck after student test runs amok


Re: Naming Schemes

One of our DBA has a degree in an unrelated field...

...our servers have genus names. Yes, in Latin. All plant related.

Cue some awkward meetings with pronunciation being *very* important.


Makes my errors look amateur...

Worst was realising at around midnight that my first application test run of my pride and joy - selecting jurors from electoral roll - had a fundamental flaw... and would keep selecting jurors forever as the test (have I reached EOF and do I have 20 jurors) was too specific. I leave that exercise...

Jumped in my car, drove 40 miles to office, pounded on random windows for 20 minutes until someone heard... and was told by the scary night shift operator that she'd assumed I'd made a balls up after it asked for the tape the third time and had killed it, and that she'd "deal with you in the morning".

Phew... sort of.

Trump shouldn't criticise the news media, says Amazon's Jeff Bezos


He's right...

...but it galls me to admit it.

The Reg takes the US government's insider threat training course


94% went to prison...

...so all the stats are rubbish then!

If you can assert that 94% went to prison, then that's of KNOWN bad actors.

Since it is impossible to quantify what you do not know, ALL these stats are snakeoil.

As seems to be usual course in the land of the free - we don't want you to realise what's really going on so we'll Blind You With Stats that will get quoted out of context and make things seem safe...

Pretty Much Every USA Election Campaign?


Re: Off topic...

"scroll to the bottom of the page to opt out, "

Would have been nice to make that snippet MUCH more visible.

Opting out in 3...2...1....

Do not adjust your set, er, browser: This is our new page-one design



Sadly we all know that whatever we say, realistically, nothing will change.

This change? Hate it with a passion - as been said, too many stock pictures, too much whitespace, and why put the classification and reporter on the "listing" - especially making so much of it.


I think it was wasted cash and cannot WAIT for text only/text rich version to come along.

Chromebooks gain faff-free access to Windows file shares via Samba


Not going to make a lot of difference?

Until everything is in the Cloud...

...and I suspect by then the MicroSoft CAL/licencing regime will have caught up to ensure they'll get a large slice of the savings that using a Chromebook would accrue.

Nvidia promises to shift graphics grunt work to the cloud, for a price



Probably be ready just in time for my retirement then...

Be able to ditch the desktop, and take a laptop on holiday... and then stay away without withdrawal symptoms while still enjoying the many (so, so many) games in my Steam and Origin Libraries without the heft of a tower case, 30"UHD, secondard screen, mechanical keyboard, gaming mouse, HOTAS set, custom switchbox, Streampad, surround sound.. Oh. Wait.

Yeah,maybe not complete lack of withdrawal as I huddle over a small screen clicklet kb and compact mouse. But I'll be somewhere sunny. That counts for a lot - and keeps the Mrs on-side too. Vital!

I can hope anyway.

2000 days and counting...

Email security crisis... What email security crisis?


Email is absolutely broken...

Having just been stunned by a trivial cross domain spoofing gotcha pointed out during a penetration test, we secured *our* domain vulnerability with SPF, but once we understood the mechanism could scarcely believe how trivial email spoofing is if you control DNS/RDNS.

Currently email servers take the message being received as "the truth". I suspect it would be better if rather than the message being delivered, a notification was delivered, and servers then had to decide if they were going to retrieved the message from the email server of record for the domain... but that's a whole new ball game. I suspect the folks that conceived email and the standards around it would be/are shaking their heads at the way things have gone.

No point holding my breath for a "fix" tho

Activists rattle tin to take UK's pr0n block to court


Fail proportion?


There is no way to win - either way we lose.

- If it (sort of, in any way) works, then we'll all lose ALL privacy on-line because you can guarantee that other categories of "sites/information" will be added and there'll be no way to be legally counter-culture (anonymously)

- If it fails, then they'll think up something worse, because they're "thinking of the children".

Here's news

- the children who "stumble" on on-line depravity will still stumble on the badly behaved site: no improvement

- the teenagers WILL find those sites that don't follow the rules, and THAT is where the predators will find them

- Mr Moderate Joe Public will discover TOR, VPN, and annonymizers, and suddenly GCHQ will have the devils own job sorting the real subversives from the heaps of end to end encoded smut...


Canny Brits are nuking the phone bundle


Re: Odd....

Never have bought a bundle...

...and all phones bar my first (a Nokia 3210) have been bought from either China direct, or via Amazon box shifters bulk reselling Chinese phones. Oh, and one via CEX (Huawei - still Chinese).

Had some amazing value, some great bargins, and some really dodgy batteries (still have to buy one a year for my early 8core android... that is still on Marshmallow). Saved a blind fortune comparatively.

Obviously not a phone snob :D

Microsoft tells volume customers they can stay on Windows 7... for a bit longer... for a fee


Re: I would consider 'Windows 9'

Oh joy - you mean the lack of control over updates persists in Enterprise versions?

Better warn the team...


"rebranded all their pubs as Ribbons"

The Ribbon. Bane of my life on a laptop.

Too little vertical estate, SO MUCH horizontal space... can I sling the ribbon onto the side?



Re: Divorcing Microsoft

Not only turns ON things you explicitly turned off, but REINSTALLS a whole pile of sh*t that I'd uninstalled, either directly (where allowed) or via powershell where not obvious.

I do not want crap "games", XBOX, Groove and other crap taking over my boot disk thank you.


Trainer regrets giving straight answer to staffer's odd question


Re: Giovanni sounds complicit

Yep - I've been guilty of a retrospective gulp or two...

No, eight characters, some capital letters and numbers is not a good password policy


Store all your passwords in your wallet...

I use https://www.passwordcard.org/en for (some) of my passwords.

I have an algorithm based on domain name (one letter and number of characters gives me a start point) that lets me work out/replicate where the password starts, which direction it goes (one of the 8 cardinal directions based on TLD) and how long it should be.

Do not need to use on my devices as I have my KeePass db, and don't use for all websites, but does let me access "throwaway" sites with a strong password, and access to my secondary email account which will allow (indirectly) access to primary email (and thence my KeePass backup) when I'm out and about/abroad/etc.

I have several copies... and don't care if other people see!

Windows 95 roars once more in the Microsoft round-up

Black Helicopters

Re: Encrypted Skype?

Yes, it appears they did...

And given where their home office resides, I'm suspicious of the claims of end to end given the way certain TLAs like to eavesdrop.

A third of London boroughs 'fess to running unsupported server software


Lies, damn lies and FOI

We ran a server 2003 instance until very recently, and I constantly got criticised for the "gross security risk" that represented.

This is WRONG for *some* use cases.

On a well designed infrastructure, it is more than possible to design the network operations in such a way that an older, but still critical, application can run on unsupported Hardware/OS/Application framework and etc. safely - if it is only used internally, and cannot reach/see the internet.

It takes effort and planning to ensure that it cannot be reached except as required to provide the "service" it exists to provide, and is only accessible by the clients and methods essential to that service... but that's why internal DNS, subnetting, VLANS, Reverse Proxies and Firewalls exist: to mitigate, control and contain risk.

So MUCH of my staff's time is wasted responding to FOI requests that are just used to sell my details to marketing droids... that I don't want to hear from (and no I don't want your white paper, didn't give you permission to store my details, so GDPR them off your contacts system, please, thank you and goodbye).

Everyone screams patch ASAP – but it takes most organizations a month to update their networks


Prioritise carefully

I won't allow patching without testing... except very occassionally on Internet connected devices/servers.

Everything else gets a test cycle.

That can be 1 day, more usually two weeks, sometimes longer.

We have a LOT of legacy systems and applications that really rely on a cobbled together patchwork - and that means some patches do get rejected.

About to find out what that means for Cyber Essential Plus - but whatever the outcome, business operation trumps potential risk.

I'm not for changing!

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy


Re: Bah!

If you follow some of the twitter and facebok posts on this conf, there are a LOT of stories from DefCon contributors basically saying unless you bring your own additional security hardware, anything mounted to the door is bypassable from ourside, or can be pushed out by 100lb weaklings.

I've been exposed to a whole new Amazon marketplace... of "essential" door security doodads!


Re: "Et tu Bruté"

Caeser Palace... Brute... stabbed in the back

The classics? Latin? Roman Emprire?

...Ohhhhh I get it.- look everyone! Look! See the troll in it's natural habitat: the Interwebs!