* Posts by storner

120 posts • joined 25 May 2011


Don't rush to adopt QUIC – it's a slog to make it faster than TCP


Patience, my dear

TCP has evolved over some 40-50 years. I suppose QUIC will eventually deliver on their performance promises, but sure isn't going to be a simple quic-fix ;-)

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?


Focus on detection, not prevention

Requiring that normal software customers must verify the integrity of software distributed via official channels is completely impossible.

Get some detection systems instead and keep an eye out for behaviour that indicates a compromise. That will catch not only supplychain attacks, but also any other kind of attack.

BOFH: They say you either love it or you hate it. We can confirm you're going to hate it


Incredibly sloppy BOFH's

Going on holiday without securing Mission Central with bank-vault level locks and auto-firing machine guns/cattle prods? Serves them well to have their machines encrypted.

The world is chaos but my Zoom background is control-freak perfection

Big Brother

Show'em where I live? No way!

My webcam has one of those slide-to-cover-the-lens plastic things. It is never open. And as I work with IT security, it is for "security reasons".

Icon should be obvious.

Pyjama bottoms crew, listen up: In 2022 we'll still be at home


Re: Be careful what you wish for

Then go BYOD - even more savings for the company beancounters, yay!

Seriously, with my company going all-in on Microsoft 365 solutions and other SaaS stuff, it is quite rare that I actually need my company laptop for work. Even the company VPN connection is rarely needed.

A trip to the dole queue: CEO of $2bn Bay Area tech biz says he was fired for taking LSD before company meeting


I see a trend here

"Alcohol-fuelled Danish film directed by Thomas Vinterberg takes the top prize for non-English language film at the Academy Awards"


(Too obvious an icon, sorry...)

Greenland's elections just bolstered China's tech world domination plan


Indeed. And greenlanders - including the winning IA party - really would like to separate from Denmark and gain independence. That costs a lot, so at some point they'll have to decide between independence and mining, or remaining part of the Kingdom of Denmark and keeping the RME's buried beneath Kvanefjell.

But keeping the chinese out of the loop would probably be a good idea.

Two ransomware strains target VMware’s ESXI hypervisor through stolen vCenter creds


Hopefully nobody has vCenter directly on the Internet.

But most compromises these days happen when people read mail and click "Open" when they should have clicked "Delete" instead. And then the attack comes from your internal network.

A Microsoft bork at the heart of The Oracle? Whatever next?


Re: What do they expect with a consumer version

Even worse, a display sign controller should *never* have Internet access.

Death Becomes It: Who put the Blue in the Blue Screen of Death?


Re: And with W10

Load constantly at 1.0 after 1087 days of uptime? That'll be the Bitcoin miner that was installed by a hacker because you haven't patched the thing in 3 years!

Takes from the taxpayer, gives to the old – by squishing a bug in Thatcherite benefits system


Oh the joys of data formats

Somewhat along the lines of this story...

Every danish citizen has a unique identity-number issued at birth. System was designed in the 1960's, so obviously had to carefully consider how much data to store - meaning they ended up with a number including the date of birth in the DDMMYY format: DDMMYY-NNNN, the last 4 digits being a sequence number.

Except it wasn't quite a sequence number, because some bright fellow decided that it would be nice to distinguish between men and women, so the last digit is odd for men and even for women. (You can guess how the transgenders feel about that). Another bright fellow discovered that in 1960 they actually had grandparents born in the 1800's, so the first digit of the sequence number was used to encode the century: 0-4 if you were born in the 1900's, and 5-9 for the old people from the 1800's. Guess how that worked once year 2000 turned up, and we still had some people alive from the 1800's.

As the final twist, the sequence number also acted as a checksum of the entire identity number, with each digit multiplied by a specific factor, added together, and the sum had to be divisible by 11. Bizarre, and with the additional "feature" that you can only have about 250 people born on any one day. This wasn't really a problem until people started arriving from countries where you really don't care much about when you were born, so a third bright fellow decided that if the date of birth was unknown, assume Jan 1st of a year that seems plausible. Guess what happened when a surge of asylum seekers arrived one day...

So the checksumming was abandoned. But the identity number is used by every single public and private sector business, so quite a bit of scrambling when they had to remove that check from the customer entry forms.

Public sector IT disasters - you cannot make them up, they are for real.

Confessions at a Christmas do: 'That time I took down an entire neighbourhood'


Rubbish. Pure Unix tradition is to keep commands short - that's why the "delete" command is "rm".

For the equivalent of this story, "rm" should delete all files. Why bother with this asterisk thing? That'll teach the newbies a lesson!

World+dog share in collective panic attack as Google slides off the face of the internet


Re: Ain't those Cloud services supposed to be up 100% of the time?

Supposed to? Yes.

Did Google/AWS/Microsoft/Oracle/RedHat promise that they would be? No.

Are they? Apparently not.

A 1970s magic trick: Take a card, any card, out of the deck and watch the IBM System/370 plunge into a death spiral


Perfection is reached - not when there is nothing more to add, but when there is nothing more to take away.

(Not sure where I read that, but it sounds good).

PC makers warn of battle for air freight capacity, will have to fight for cargo space with... the COVID-19 vaccine



Could someone hit them - hard - with a suitable cluebat? That airfreight capacity is needed for battling a *pandemic* FFS, so get out of that plane RIGHT NOW! In fact, if they had any decency they would sponsor the cost of flying the vaccine into a couple of 3rd world countries.

VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts


Re: Hang on...

First exploit requires that you are admin on a CLIENT machine running off the VMware host. It gives you control of the VMware host, so it is a break-out from the virtual machine to the host.

Second exploit raises your privileges on the host machine to admin.

Not on your Zoom, not on Teams, not Google Meet, not BlueJeans. WebEx, Skype and Houseparty make us itch. No, not FaceTime, not even Twitch


Have used it once during the past couple of months

A virtual friday-afternoon bar with some ex-colleagues. For work purposes, the camera stays off (hidden behind a slider, actually) - and since I am IT security, I have the "for security purposes" excuse if someone asks my why.

Panic in the mailroom: The perils of an operating system too smart for its own good


Re: One good thing about cheques

Cheques? How quaint ...

Banks here (Denmark) stopped accepting cheques for payment a couple of years ago. Nowadays, gift cards from shops are issued as credit cards. If you want to transfer cash we use cell phones and telephone numbers (not bank account numbers). We haven't gone all cash-less yet, but we're getting there. The Virus has sped things up somewhat, even among the greybeards.

IKEA Croydon (FYI: that's a place in outer London, not a type of DIY cabinet) likes things in pairs, from chimneys to bork


Installer bork

In the spirit of IKEA ("there is always one bit missing from the pack"): My guess is that the box only has one USB port, and the install media is still in it. So no way to attach mouse or keyboard to click "Continue".

It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine


Re: IP6 is the second thing I turn off

Remember that even if you are on a pure IPv4-only network, your systems will automatically get a link-local network address, and therefore can be exploited from a neighbour machine on the same LAN.

That long-awaited, super-hyped Apple launch: Watches, iPads... and one more thing. Oh, actually that's it


Touch ID ... ouch

Fingerprint authentication is so horribly broken - the guys at Talos tried it: https://blog.talosintelligence.com/2020/04/fingerprint-research.html

TL;DR version: All fingerprint systems can be bypassed with simple techniques. Two exceptions: Samsung's A70 cannot recognize any fingerprints, even valid ones. And the MS Windows implementation seems to work just fine.

You weren't hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It's far simpler than that


Re: re: dictionary and AD

As I understand, you can enable this kind of checking. https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-password-protection-is-now-generally-available/ba-p/377487

Yes it says "Azure AD", but it does offer the same for an on-premise (or at least hybrid) environment.

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why


"We have no indication ..." basically means "we didn't look for it".

The state of OpenPGP key servers: Kristian, can you renew my certificate? A month later: Kristian? Ten days later: Too late, it’s expired


If you get tired of doing something that others depend on, then you have *one* obligation

And that is to ensure an orderly transfer to another person or group.

There are a lot of one-man/woman open-source projects. An impressive number of them work very well - I ran one myself for 10 years. And I always knew that one day I would have to assign that duty to someone else. You really must plan ahead for when that day comes.

It could be 'five to ten years' before the world finally drags itself away from IPv4

Thumb Down

And just after IPv6 hits 50% adoption ...

people will stop running SSLv3 and TLSv1.0

Real-time tragedy: Dumb deletion leaves librarian red-faced and fails to nix teenage kicks on the school network


probably gopher

Those were the days...

Internet use up 40 per cent in San Francisco Bay Area – but you know what’s even higher? Yep, alcohol, weed use


Re: Makes sense

Not strong enough, I'm afraid. To kill off the corona kritters you need something around 85-90% proof, which is much higher than you'll get in any fine scottish malts.

And no, using two glasses instead of one won't do the trick. You are much better off just drinking them.

Brits may still be struck by Lightning, but EU lawmakers vote for bloc-wide common charging rules

Paris Hilton

Could someone explain what the problem is with Apple stuff?

My iPad chargers have a completely standard USB output, it's only the cable that has a Lightning connector on one end. So what's the fuss about chargers?

IMNSHO, standardizing wall plugs would make a lot more sense.

(Paris, because I'm sure she doesn't understand either --->)

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...


Re: So...

The difference is that going forward, these bugs will get fixed in Windows 10. Not so on Win 7.

But of course, the only secure computing device is one that is powered down, all cables unplugged and put inside a Farady cage...


Every day is patch day

Linux Weekly News lwn.net summarizes the security updates issued by various Linux distributions. There usually is a handful every day.

Intel teases NUC-leheads with new desktop-class graphics systems and a fast i9 CPU

Paris Hilton

Re: Too expensive

They do have one significant advantage: The WAF (Wife Acceptance Factor). It's the only kind of pc-style box permitted in the living room to power my media center (MythTV on Linux) - anything else was vetoed as too big/klunky/noisy/ugly.

For bonus points I replaced the minitower PC in the office at home with a second NUC. A bit pricey - sure, but much cheaper than an iMac.

Cheque out my mad metal frisbee skillz... oops. Lights out!


Re: Cheques still relevant... at leastt for someone

We're so digital here in DK that cheques can no longer be used. Card only, or cash (and I suspect that will disappear soon).

Space Force is go, go, go! Because we have a child as President of the United States

Black Helicopters

Actually - no, that will be *chinese* money. The US funds lots of government projects by selling state bonds, and China is one of the largest buyer of those.

Bon sang! French hospital contracts 6,000 PC-locking ransomware infection

Thumb Up

Have an up-vote on me.

Even to extortionists, some targets should be definitely off-limits: Hospitals, emergency services, Red Cross and others who are working hard to make sure the rest of humanity stays alive.

What happened to morals and the honest thiefs ...

The safest place to save your files is somewhere nobody will ever look


Okay, 'fess up

How many of us IT pro's do something similar - keep tons of files in odd places?

Personally, I tend to hoard all sorts of stuff in my Downloads folder - so much so that I have subdirectories there. Bloody annoying when working from home without my company laptop because this folder is not synchronized to OneDrive.

Linky revisited: How the evil French smart meter escaped Hell to taunt me


Re: I don't know why you think that

Surely it has to be a *french* company supplying the meters, so the engineers would have some interest in keeping them working ...

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks


Re: Not showing...

From the advisory linked to from the article:


Will an updated Windows Update offline scan file, Wsusscn2.cab, with this new security update be available?

No, an updated scan file will not be available until the next security release in October 2019.

Hold up, ace. Before you strap into Firefox's latest Test Pilot, ask yourself...


Re: As usual, with open source applications, you should ask yourself "where do the money come from?"

Why not? He only woke up at 11PM

Snoops can bypass iOS 13 lock screen to eyeball your address book. Apple hasn't fix it yet. Valid flaw? You decide


Low risk - hmm ...

I know of several people who store passwords in their contact lists. Anything from Facebook and Gmail to the PIN-code for their rately used credit card.

Yep it is a stupid idea and they should use a proper password manager, but changing habits from what you did back in the Nokia days is hard.

Here's a top tip: Don't trust the new person – block web domains less than a month old. They are bound to be dodgy


Re: How do you tell their age?

"block them in the browser and make you click through"

Ordinary users click on anything. It's a no-brainer (literally).

Bad news: Earth is not going to be walloped by asteroid 2006 QV89. Good news: Boffins have lost sight of it, so all hope is not yet lost


No wonder they cannot find it

It was a scout ship for the Klingons.

I don't have to save my work, it's in The Cloud. But Microsoft really must fix this files issue

Paris Hilton

Re: Lets step back a bit

I'm with you on that one - it is one of my favourite features of Notepad++ that you can open a new file, and it will automagically be saved somewhere in the bowels of the programs filespace until you do give it a proper filename yourself.

Now, where was that configuration file template - "New file 283" or 316 ...

--> Paris 'cause she never thinks about saving, only spending.

Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware


Re: And this ..

"curl | bash as root"

Used? Yes (by some)

Typical? Hell no!

Go fourth and multi-Pi: Raspberry Pi 4 lands today with quad 1.5GHz Arm Cortex-A72 CPU cores, up to 4GB RAM...


Re: Good stuff

Couldn't you do that with multiple VLAN's on the Ethernet interface?

Sex and drugs and auto-tune: What motivates a millennial perp?


Re: 30 Years Ago

Usenet existed more than 30 years ago. Tiny pictures were posted on alt.sex.pictures in uuencoded form split into multiple posts because the size of posts was limited to a few kB (yes, KILO bytes, not MB), so you had to download each post, strip off the headers and run it through uudecode before viewing a tiny 200x140 pixel image on your 640x480 16-color CGA screen.

Nowadays 12-year olds post selfie-porn on social media.

Yup, progress.

Planes, fails and automobiles: Overseas callout saved by gentle thrust of server CD tray


Ah the old push-out-the-cd-tray trick

Been there, done that. Sadly servers have no cd trays these days so, you have to rely on the labelling done by underpaid contractors <shudder>

DXC Technology seeks volunteers to take redundancy. No grads, apprentices, and 'quota carrying' sales folk


I only have two words for CSC/DXC employees:

Get out.

That's a hell of Huawei to run a business, Chinese giant scolds FedEx after internal files routed via America


No way. The Royal Mail equivalent around here (Denmark) takes minimum 5 days to deliver any letter or package. I suppose they need to ship them via GCHQ to make sure the t-shirts I ordered haven't been infested with some evil RFID chip...

They're clever enough not to have the rerouting show up on the tracking page, though.

(Yes I will go take my anti-paranoia pill now, don't worry).

We regret to inform you the massive asteroid NASA's all excited about probably won't hit Earth


Bugger ... I was planning to retire on June 16. Might as well cash in my pension plan right away.



Biting the hand that feeds IT © 1998–2021