* Posts by Adam JC

296 publicly visible posts • joined 2 Nov 2012

Page:

BT misses deadline for removing Huawei from network core

Adam JC

Given OFCOM's track record, they have about as much spine as a jellyfish so I doubt we'll see any actual fines being issued any time soon.

How to deorbit the Chromebook... and repurpose it for innovators

Adam JC
Mushroom

Two types

There are two types of people.

1) Those yet to deploy Chromebooks to an organisation

2) Those who wouldn't piss on a Chromebook if it were to spontaneously combust.

How hard is your network really, comms watchdog asks telcos

Adam JC

Re: Power backup

Even if they supplied a small UPS to 'vulnerable' folks, it's still only as good as the battery lasts. 3-5 years and it'll need replacing and I'll be damned if there's any way of monitoring these small units for failure beforehand. I honestly can't see a 'one size fits all' type solution to it.

NASA's Psyche spacecraft beams back a 'Hello' from 10 million miles away

Adam JC

Hold on, so NASA can get two-way communication with a fricking laser over 10 MILLION miles away on a moving target, but I can't get enough mobile phone reception to even make a call, living within 5 miles of a major city centre!? :-(

Progress towards 'Gigabit Europe' is slow, with UK also lagging

Adam JC

Re: "42% of users stated their current internet was sufficient for their needs"

Yeah, I have 1000/220 FTTP at home and I frequently upload/download huge VMDK's and VHD's to test stuff for hours on end and barely notice any drop on the upload or the download to be fair.

Adam JC

Re: "42% of users stated their current internet was sufficient for their needs"

Contention definitely does exist on the Openreach FTTP network. They use GPON and splitters to deliver FTTP, so you're likely to be plopped onto a splitter with a 32:1 contention and the current GPON tech tops out at 2.5Gbps downstream and 1.24Gbps upstream. So in reality, all it takes is two/three properties connected to the same splitter to saturate the underlying GPON network and start to notice reductions in speed. This doesn't take into account what the OLT port is actually being fed at the head-end either (I don't know what Openreach feed each OLT with, presumably 10Gbps but could be lower).

A lot of alt-nets use GPON as well, there's no XGS-GPON so 10G speeds via Openreach are out of the question currently but I think we can all agree that's mostly overkill for residential usage :-)

Millions of smart meters will brick it when 2G and 3G turns off

Adam JC

Re: No corruption here.

This is legitimate actually.

If they have to interrupt your gas/electricity supply for any reason whatsoever, they are obligated to make sure your boiler still functions and fires back up okay.

Switch to hit the fan as BT begins prep ahead of analog phone sunset

Adam JC

Re: Plug into back of broadband hub

FritzBox's look like something straight out of Smyth's toystore, but once you look past their cartoonish exterior they actually have some seriously versatile (And quite frankly, downright impressive) features!

Adam JC

Sounds suspiciously like a SIP to POTS gateway (e.g an FXS/FXO device) to turn SIP into POTS.

Adam JC

BT PCP's

All green FTTC PCP's have a UPS in them - What's not set in stone is whether they're in good serviceable/working order though... (Russian roulette, probably!).

Our power went out at work and our leased line continued to work for an hour (As long as the power outage lasted) and our FTTC/VDSL VRRP failover circuit remained online for the full hour, so our local PCP's UPS did the job :-) YMMV of course.

'Strictly limit' remote desktop – unless you like catching BianLian ransomware

Adam JC

Re: Passwords

DirectAccess is a marvellous invention, but unfortunately the fact it requires a /29 WAN subnet catches a fair few out and is a major stumbling block. Thankfully OpenVPN with split tunnelling is extremely simple (And free!) to set up, so we usually go with that - or a 'BOVPN/Branch Office VPN' where a /29 isn't possible. The BOVPN doesn't require any software and is completely seamless, which works great for thin clients.

Microsoft OneDrive a willing and eager 'ransomware double agent'

Adam JC

S1 / Zero Trust

"Unfortunately, it still didn't stop shadow copies from being deleted because the local OneDrive executable is on an allow list."

I'm not sure how S1 works, but with ThreatLocker even if an EXE is approved, it is still 'Ringfenced' in what it can read/write to. I just checked our policy definitions for OneDrive.exe and it's only allowed to access *:\Users\%username%\OneDrive\* but nothing outside that folder. I'd be surprised if S1 didnt have similar features, so could have been stopped if the S1 environment was configured correctly - Just a thought.

Secondary thought - It requires initial exploit anyway, so would hopefully be stopped by the EDR at point of entry. Having said that, Zero-days are a thing so anything is possible.

Never mind room temperature, LK-99 slammed as 'not a superconductor at all'

Adam JC

Disappointingly (almost) inevitable

This has happened before several times, but this *REALLY* seemed to gain a huge amount of traction on social media and news outlets, much more than anything else I can remember off the top of my head.

This makes the disappointment even greater when it's eventually debunked, alas, there at least appears to have been another successful fusion experiment - https://www.newscientist.com/article/2386288-nuclear-fusion-breakthrough-is-cheap-clean-energy-finally-here/ (Looks like paywall, but it's not!)

Gave us all a bit of hope for a while though I guess :-)

Microsoft’s Dublin DC power plant gets the, er, green light

Adam JC

Re: No SMR?

If it's good enough for the NRC I can't imagine the criteria will be all that different for anywhere else.I think it would be hard to argue an SMR would be less eco than a whacking great big gas turbine power station burning natural gas. Rolls Royce's SMR design is only a year or so away from being approved by the Office for Nuclear Regulation in the UK so it's not outside the realms of possibility.

Just to put it into perspective, a single SMR can provude 470MW, almost two and a half times the requirement for this DC so could also supplement the local grid in times of load fluctuations if needs be.

Adam JC

No SMR?

I can't believe they didn't take the opportunity for a Nuclear SMR considering they've just been greenlit, would be a damn site more 'eco' than this, requiring no fossil fuels whatsoever. (Nuclear waste aside ofc).

Also I couldn't help but spot this:

"Microsoft has also received permission to run more than 150 diesel generators at the site" - 150? That seems like an incredibly large quantity of smaller generators. Anyone 'in the know' - Any idea why they didn't opt for fewer, larger capacity generators?

BT CEO Jansen confirms he's quitting within 12 months

Adam JC

Re: FTTP via BT Retail

EE supply FTTP through the Openreach network, so if you're unable to get it either the buildout hasn't finished yet, or BT's absolute shambles of a records database isn't up to date.

Worth giving them a call if you can see the CBT on the telegraph pole outside your house :-)

Comms watchdog to probe errors that left Brits unable to make emergency calls

Adam JC

Obligatory IT Crowd Reference

I wonder if the emergency services could still be reached via... "0118 999 881 999 119 725 … [long pause..] 3" :-)

https://youtu.be/HWc3WY3fuZU - For those of you not familiar. (Shame on you!)

Microsoft rethinks death sentence for Windows Mail and Calendar apps

Adam JC

No more '365 Apps for Business' needed then..?

Is this the equivalent in functionality to the full-fat 365 Outlook or is it a severely crippled version for home users? I highly doubt they'd shoot themselves in the foot and allow the same functionality as the (currently) paid-for Outlook bundled with Apps for Business/Business Standard/Business Premium.

UK watchdog won't block Openreach’s discount fiber pricing

Adam JC

Re: Well then compete...

It's an orderable product for any Openreach wholesale ISP. The only place we've ever provisioned one is for ourselves in-house as a VRRP failover for a 1Gbps leased line if I'm honest, the big jump in cost over 1000/115 is prohibitive for most people and doesn't make sense. When you can get a 1G/1G leased line for ~£320+VAT in most areas a leased line is an easier sell with the extra SLA offered.

Adam JC

Re: Well then compete...

There is actually a 1000/225 tier available (Wholesale, anyway) but it's 4x the price of 1000/110 (Again, wholesale pricing here) - Unsurprising move from BT Wholesale, heh.

Microsoft disarms push notification bombers with number matching in Authenticator

Adam JC

Re: Security vs Convenience

I'm actually all for number-matching over the previous 'Approve / Reject' style prompt.

It's only 2 digits, not 6 and it completely removes the possibility of someone inadvertently jabbing 'Approve' without bothering to engage their brain. I can't see any argument against it to be honest, it now means if someone's 365 credentials are compromised, the number prompt has to be retrieved from the end-user by the attacker as well which hugely complicates the process.

Microsoft decides it will be the one to choose which secure login method you use

Adam JC

While I'm always quick to jump on the bandwagon, I have to chip in here.. Biometric data is stored on the local device, it's never broadcast off the device. This is why you can't reset biometric login methods using Azure/Entra but can clear the data and re-enroll if needs be.

UK emergency services take DIY approach amid 12-year wait for comms upgrade

Adam JC

Re: 5G though?

Virtual Private Mobile Networks over existing infrastructure has been around for donkeys years in the form of private APN's. Hell, I can spin up a bunch of SIM cards on a private APN in about 10 minutes flat using my shiny control panel and some ready-to-activate SIM's.

Extensive 5G coverage is nowhere near as straightforward as 4G due to the different bands used in 5G (700MHz & 3.4GHz to 3.6GHz), which is why Tetra runs on 410 to 430 MHz. (Low bandwidth, but great for coverage). Finding a happy medium on a countrywide scale can be tricky, but 5G is certainly not the answer outside of city centres (And even then, anyone who's tried to use 5G in a city centre will tell you, it's still a joke..)

No more feature updates for Windows 10 – current version is final

Adam JC

FYI you can add a registry key in to force all the right-click context menu items (Which you can incorporate into InTune!) - This is per-user:

- HKEY_CURRENT_USER\SOFTWARE\CLASSES\CLSID

- Create a key called '{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}'

- Create another key called 'InprocServer32'

- Blank out the REG_ZS subkey

Voila! On reboot, the machine will have the full context menu items :-)

CAN do attitude: How thieves steal cars using network bus

Adam JC

Re: Out-of-Context Quotation / Cui Bono?

After reading it back, I really ought to have worded it differently so that's my mistake - apologies.

I I read a lot about the JD situation and it's one of the biggest pushes behind the 'right to repair' movement. Hearing stories of tractors and farm machinery some worth well into 6-figures being stuck in 'limp mode' without going back to a JD dealership to be 'reset' is absolutely disgusting.

I can't help but fear we're going to hear more and more stories like this crop up as things get more advanced in automotive technology. I since read another article (Or may have been a comment on here actually) about someone removing a radar sensor on the front of a car to access the CAN interface with the same attack vector in mind. It's pretty clear they need to add some two-way authentication/encryption/validation to the system and can't rely on security by obscurity as it's clear that isn't the case any more!

We support a lot of local small independent garages and recently had to get our 2020 Citroen Despatch serviced. Turns out the servicing record is 'all digital' (No service book any more!) -Nearest main dealer is ~30 miles away and wants over £600 for an interim service... Local independent garage says access to the digital service book system is free *although* purposely difficult to access as an independent, so they advised purchasing a paper service book and stamping it the old-fashioned way (So we did!).

Lastly, this point you mentioned sticks out for me:

* Computerized-everything increases the ease with which manufacturers can implement buyer-attractive features (profiles by keyfob which auto-set seat adjustments, mirror adjustments, music, etc.)

Pretty sure it's BMW who announced recently 'options as a subscription' - As in, heated seats? Sure, that can be remotely activated for £10/mo. Cruise control? Sure! +£15/mo.

That's a slippery slope, but a sign of the times with every manufacturer on the planet dipping their toe into the subscription based model I guess.

Adam JC

Re: Why

You stripped the second half of my statement which completely takes it out of context.. (The important bit where I say it's required to **alert the driver by a warning on the dash/infotainment** ) -

That's the bit that requires the CAN interface, not so much the bulb being blown rather the signal to the infotainment/dash display.

Adam JC

Re: Why

Fun fact, the 'clicky' noise from most modern(ish) cars is produced by a little speaker behind the dash, not the relays :-)

Adam JC

Re: Why

It may shock you, but modern cars are fairly more complicated than your 1939 plymouth.

For starters, I doubt it had:

Laser/Matrix LED headlights

Xenon-type/Self levelling headlights

At it's most basic level, CANBUS is required to detect a faulty incandescent bulb and alert the driver by a warning on the dash/infotainment. At a much more advanced level, the headlights need to link to the steering sensor, the chassis/suspension sensors, accelerometers (For example, headlights that adjust on the fly whilst driving to allow you to see around sweeping corners better), or with matrix/LED headlights need to communicate with a sensor on the back of the rear-view mirror cluster so they can automatically adjust to stop dazzling drivers coming the other way or turn on automatically when it gets dark.

There are plenty of reasons for a CAN interface to exist in a headlight in 2023, it's not about cost savings it's about providing extra features that weren't possible before. It could be argued as to whether they're necessary or even useful, but they do exist in some vehicles regardless.

With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi

Adam JC

Requirements to execute

"Also, the attacker needs to: be able to directly communicate with the victim's device via the Wi-Fi network"

So...

Scenario 1 - An SSID protected by WPA2/3 - They either need to crack the WPA-PSK before getting onto the network in the first place to execute the attack or

Scenario 2 - 'Guest/Public' WiFi - No WPA2/3 - I can't remember the last time I observed a public/open WiFi network that didn't isolate each wireless client from each other, either via on-AP subnetting or client isolation so would be much trickier in practice.

Sounds like it's not an easy fix though.. and once fixed it could have a fairly significant performance impact/overhead.

Parts of UK booted offline as Virgin Media suffers massive broadband outage

Adam JC

Re: Raging Tweet...

You can't have full IP/VRRP failover with another provider - The internet doesn't work that way.

They had a leased line from the sounds of it, which has actual SLA's attached to it. Even with VRRP failover via a completely different circuit with the same carrier (Copper-based SoGEA or L2TP/IPSEC tunnel over LTE), if the entire AS number of the goddamn ISP disappears of the internet isn't going to help. Sure you can hook up some random 'backup' circuit for basic emergency internet access, but it's not the same as your actual IP range failing over. (Which again, if the entire AS went dark, still couldn't have failed over to another provider).

IT phone home: How to run up a $20K bill in two days and get away with it by blaming Cisco

Adam JC

4G Faux Pas

I thought I'd help my sister out whilst moving house and give her one of our LTE emergency backup routers and my Netflix login so she could keep herself occupied before her broadband went in.

Provisioned an AYCE/Unlimited data SIM.. preconfigured the WiFI, handed it over on a Friday after work - That was my good deed for the week done!

Fast forward to the following Tuesday and I spot an e-mail alert about one of our SIMS going over quota... by something ridiculous like 1042%

Yep.. forgot to attach the correct tarriff when provisioning the SIM. It had 1GB of inclusive data and she had been slamming 4K Netflix the entire time.. £800 odd later in overage charges I very quickly learnt my lesson there :-)

The worst bit? We have an automatic data bar feature but I didn't bother to tick that either.. Story of my life :-)

Used EV car batteries find new life storing solar power in California

Adam JC

Re: Nonstandard units

Quicks maths:

Article says 1300 used EV batteries. Let's *ASSUME* they were ALL Tesla power packs (The article doesn't clearly say to be fair - but bear with...)

- 1300x 85kWh Tesla power packs = 110,500kWh/110.5mWh capacity

- 85kWh packs are rated for ~125KW continuous output (They can peak higher, but let's remain conservative/realistic)

- 125KW x 1300 = 162.5MW continuous output

After a quick Google, apparently it takes ~1MWh to power ~750 homes, so theoretically this arrangement could power 82,875 'average' US homes for an hour. Admittedly an awful lot of assumptions here but makes for interesting reading.

Uncle Sam greenlights first commercial nuclear small modular reactor design

Adam JC

'Carbon-neutral'

I haven't seen this mentioned anywhere before, but is it feasible to install an SMR (Or several) on-board a huge shipping container or cruise ship? Shipping accounts for ~3% of global emissions so seems logical to replace the dirty, heavy oil they burn with something like this although I doubt the financials of fitting an SMR to a ship compares to cheap-as-hell heavy fuel.

Global network outage hits Microsoft: Azure, Teams, Outlook all down

Adam JC

Couldn't have come at a worse time..

Considering we got an email from our CSP provider giving us the absolutely brilliant news that Microsoft are jacking up ALL their 365 CSP prices (Bar Azure..) by ~9% on April 1st 2023 in the UK (I WISH this was an April fool).

That'll be the second price increase in less than 6 months, makes it extremely hard for those MSP's selling month-to-month to give any kind of customer reassurance to pricing whatsoever, as Microsoft have also said they'll be re-evaluating their pricing based on USD/GBP fluctuation every 6 months and the cynic in me seriously doubts this means prices will drop at any point, even if the USD/GBP rate reflects this!

Twitter data dump: 200m+ account database now free to download

Adam JC

Re: Uh-huh, right

Top tip - Use temp-mail.org for a disposal e-mail. :-)

Cleaner ignored 'do not use tap' sign, destroyed phone systems ... and the entire building

Adam JC

Re: Concrete dust = Kryptonite

It's not an obvious gaping hole in the drive, but almost every drive you've ever handled almost certainly had a very tiny hole on it somewhere with a small foam-filter inside the drive to filter particles from the incoming air. The newer helium drives are obviously airtight/sealed, but not your run-of-the-mill spinning rust :-)

iFixit stabs batteries – for science – so you don't have to

Adam JC

Re: Fruit Rollup?

How did you NOT have one of these in your lunchbox at some point as a child!?!

https://www.tesco.com/groceries/en-GB/products/309188051

Croatian EV maker Rimac claims 412km/h speed record

Adam JC

I think you forgot the joke icon, amigo!

tsoHost pulls plug on Gridhost service with just 45 days' notice

Adam JC

Re: "tsoHost ceased to offer telephone support in July"

"Is Godaddy aiming to close tsohost down?"

Let's be honest, I think we can all agree they'd be doing the lords work there..

If you're still on Windows 7/8.1, it's time to say goodbye to Google Chrome

Adam JC

'The Big 2025 Switch Off'

Is anyone else wondering whether Microsoft will pull a Win7 and push the 2025 Win10 EOL forward significantly?! As another commenter said, with the way the economy is at the moment and sub-15% Windows 11 mass-market deployment stats being banded about, it really isn't that long in the grand scheme of things and I can see a lot of Win10 installs still being in existence.

More than 4 in 10 PCs still can't upgrade to Windows 11

Adam JC

Hesitancy to update

I think I speak for most MSP's when I say, we'd be a damn site keener to roll out and deploy/upgrade to Win11 if it didn't still feel like it was in public beta....

Amazon has repackaged surveillance capitalism as reality TV

Adam JC

Re: Apathy is the problem

FYI every NVR/DVR I've ever seen (And even standalone cameras) have a 'privacy mask' option where you can black out overlapping property boundaries. Most installers don't even know about it :-)

We've done a few installs where the neighbours got all uppity (And fair enough) as it overlooked their garden(s). After privacy masking it (It just shows black squares over their garden) and showing them the image once we were done, it was enough to quash any concerns!

Adam JC

Re: Limits

Actually, every single CCTV system I've installed over the past 13 years has a 'privacy mask' option to block out unintended areas over privacy concerns (Think neighbours garden, for instance) so that's a moot point.

I just checked and the Ring has this functionality too, so yeah - If I had one of these pointing at my front door I'd be contacting the owner and requesting to see proof it had been masked/excluded from recording and motion detection personally.

Adam JC
Devil

Re: IoT privacy

I've read it, looks like a load of shit to me

Adam JC

'Ringfence'

Problem is, by 'ringfencing' the Ring doorbell, you're left with a £200 paperweight which isn't able to fulfill all the promised magical things it was intended for.

Amazon have you over a barrel here, even if they forced everyone tomorrow to re-sign the EULA/T's and C's to explicitly state they reserve the right to share your footage with whomever their heart desires, I can almost guarantee at least 50% of their customer base would probably (begrudgingly) smash the 'Accept' button so as not to turn their expensive doorbell into a stupid one. As far as I know, there's no way to hack these things to use a third-party service, thus Amazon's cloud-based wizardry is a complete necessity for it to actually function.

Australian wasps threaten another passenger plane, with help from COVID-19

Adam JC

Aircraft systems & resilience

I was always under the impression all vital aircraft systems were operated in pairs for resilience in case one failed or malfunctioned and provided erroneous data. I would have thought that such a critical system as this would have two fitted if one were to become inoperable, shirley?

Cloud and datacenters start to feel the slowdown amid spiking energy costs

Adam JC
Pint

Extended server lifespan

"All the big cloud players have recently extended the life of their servers in order to save on procurement costs. Microsoft announced this month it was extending the life of its machines by two years"

OVH: "Two years? Hold my beer"

PCIe 7.0 pegged to arrive in 2025 with speeds of 512 GBps

Adam JC

Re: And, as with anything, faster means hotter

I am not even remotely qualified to understand optical transistors, but can't help but think two things..

1) Doesn't an optical signal have to be converted back to a digital signal at some point?

2) A PCB is full of corners and bends - does an optical signal *actually* improve latency and bandwidth over the same trajectory?

Zero trust? Not yet a must for most IT departments

Adam JC

Re: Not as easy as it looks

That's the entire point of Zero Trust.. you have to put your faith in SOMETHING to perform it. It's installed on all endpoints and all server(s), has the ability to allow an application to run, but 'ringfencing' it's capability to run outside it's own environment/sandbox.

For instance, you can allow 'Sage_Accounts_v27.8_Update.exe' to launch & communicate with the necessary Sage IP addresses, for acrtivation, etc - To write to the C:\Program Files\Sage\* directory but block it from doing anything outside those specific parameters. Traffic, whether encrypted or not encrypted, is only allowed out if you explicitly allow it.

It's no different to implicitly trusting Sophos, ESET, Webroot, et al - With the same role, except ZT functions in a completely different manner.

Adam JC

Re: Not as easy as it looks

Have just rolled out zero trust (ThreatLocker) to around 480 endpoints consisting of around ~30 clients as a 'litmus test'. (MSP).

The 'learning period' for the software, whilst it scans frequently used software and behaviour coupled with preparation, and working with the vendor is absolutely essential. It's incredibly logical to configure no matter the platform and it's not quite as scary as most sysadmins think. Once you've got a set of baseline policies, most can be applied across your entire client-base and the more you do, the larger the definitions and policies for ZT get and the slicker it becomes.

Already in the first month we've caught 7x attempted cryptolocker infections that *MAY* have been caught by Sophos Intercept X previously, but TL definitely did. Most ZT solutions incorporate some sort of auto-elevation by policy, to allow software like Office, Sage, LOB software, etc to obtain temporary elevation without having to make people local admin, so it's an added bonus for our helpdesk.

Page: