Posts by Lee D

I don't want to rain on your parade but weather or not you hide behind a clever pun, you're just precipitating the opportunity for cloud services to be seen as only a fair-weather solution.

I mean, come on, it's not all sun and rainbows in IT, I know, but coping with the floods of information coming into a business isn't easy...

Confiscation for the purposes of preservation of evidence would be okay, so long as it was all signed off and sealed properly.

Going into her Facebook account and pressing Delete or even adjusting the visibility? That's illegal tampering of evidence even if no "direct harm" was done by doing so.

Just pressing the buttons on a logged-in phone could be construed as such, as you then have NO idea what MIGHT have been in there before the tamperer got to the it - cop or bystander (and if it's a modern phone with encryption and flash, there may be no way to recover whatever you deleted, or even a way to tell that you deleted something).

It was deemed illegal to delete photos from the cameras, or even force photographers in public places to delete them by making a scary policeman do it themselves. This is exactly the same but happening immediately after a potential murder / attempted murder of a police officer (if there were genuinely at threat of death from the guy). It's a lot more serious.

Then what part does TLS itself actually play? Almost none.

It's like looking for a certain port-number, when what you're actually interested in is "is the same packet coming from thousands of different locations, simultaneously, in a spike, unannounced, and the follow-on transactions and replies never acted upon", etc. Not "what ciphers were enabled".

Re: Mandatory Age verification on porn sites that are not hosted in the UK?

"No problem. The referendum result abolished Abroad. The World now consists of Blighty, and some empty spaces on the map filled with mythical creatures".

And that's a problem how??

I refer you to the country known as the United States of America.

Re: Thinks Bubble

They stopped supporting the 386 in 2012, when the processor was released in 1985 and Linux in 1991. 2012 was 6 years after Intel actually ceased production.

The first chips to support 64-bit were in 2003 / 2004. Do you really have chips older than a K8 or Pentium 4 running around in active service? That's 13 years. That's not bad at all. You probably can't even buy the early 64-bit capable chips any more, and haven't been able to for years. Certain Atoms etc. were cheap for a reason - like buying Cyrix was, back in the day.

Seriously, all your stuff moved to 64-bit a decade ago. You can't honestly have been using more than 3-something GB in all that time either. That's some serious long-term support, and by the time they are actually removed (look at the timeline!) they'll be so old as to be unobtainable. Which is exactly their argument - how the hell do they test things if they can't build several compile-farm computers of them?

Nobody is stopping you, in several years time, running an old kernel or another distro and carrying on. But even Ubuntu LTS is only 5-or-so years at best, and they're not going to include it in the next one, so you have more than adequate warning.

Replacement machines to usurp any machine of this era are literally junk-heap material now.

Re: Photos?

Well. At least a padlock made of cheese would keep the lactose-intolerant away...

Re: Remember the days...

Indeed. I still have a drawer full of components labelled by their Maplin number because - when originally purchased - that was the easiest way to find their circuit diagrams and specifications. It was easier to keep their catalogue, and label by the Maplin number than try and remember or read the tiny writing on the chip / transistor / whatever.

Nowadays I don't stand a chance finding that kind of information, even in store for products they have on the shelves.

From what I can tell, they said "Oh, Dixons has gone bankrupt, maybe we should follow their business model and put overpriced tat out for a handful of idiots that don't know what they're buying, not stock anything of use to people who just need a quick cable or connector, fill the rest of the shop with toys, and then spend all the rest on pointless morons wandering around asking if you need help and by extension babysitting the local moron on the difference between a USB cable and a 220v power socket". Because that's basically exactly what they've done. And it's been about as successful for them as it was for Dixons.

I knew the writing was on the wall when I walked into a Maplins once and walked out again WITHOUT BUYING EVEN A SINGLE PIECE OF JUNK. My wife nearly had a heart attack. Seriously, I once picked up two Video Backer ISA cards in there in the reduced bin. I have no idea why to this day. But I bought and paid for them. When even those kinds of purchases stopped, it was game over for them.

One of the many reasons that I've never had a Dell on site that was purchased by me.

Nearest they got was a PowerEdge that I inherited briefly before retiring it in favour of a much more powerful, cheaper and smaller server.

Honestly, they phone me up - via various resellers - and I tell them where to go on the basis of the name alone.

And people say to me "Oh, so we're getting some new Dells or something, then" and I give them a look that explains why their answer is quite that bloody stupid.

I just spent 20 minutes looking for a blank piece of paper and a pen. And I'm in my office.

This is IT. We don't do paper. Unless it's at high-volume, double-sided, fold-and-stapled, and then given to someone else.

Google Keep has replaced Post-ITs

Email has replaced everything from purchase orders to stroppy emails.

Intranets have replaced everything from holiday forms to policy documents.

In fact, the only time I have to dig out paper (like now) is so that new users can write down their initial login details to get into all the above to access everything else.

Re: Bah.

I work for a school.

We were told, without much ceremony, that we needed to upgrade in order to continue making BACS payments. We upgraded. It wasn't hard.

As far as I know, nothing has changed as at least one of the finance machines is still on an older version and that's the one they actually pay BACS from (the others are all backups and secondary authorisations etc.). Never just blindly update without keeping the old system around for a while, just in case, that's my motto.

To be honest, I wouldn't be surprised if, when they flick the switch, lots more breaks than they ever intended and they are forced into another "extension", but we hadn't heard anything about this one actually happening and - to my knowledge - there's nothing actually happening differently at the moment.

It does make you wonder why something like BACS is still dependent on in-computer (and browser) support for things like TLS, however. You'd honestly think it would be better off as an app for various systems with its own root certificates and verification that can be updated independently of the underlying OS.

A TV ad costs £2000 minimum to air and might reach hundreds of thousands to millions of customers. As such, they can actually "fund" the TV channels that air them even if they cost £10,000 or more to produce, and still make profit for the person producing them.

And peak spots can cost £1,000,000 and up for 30 seconds of footage on a single channel.

Online advertising is several large orders of magnitude from anything like that, even video advertising, even splatted over the front page of something.

TV actually has a viable revenue stream, which is why there are so many TV channels - and still profiting despite there being so many competitors just one station up.

But online advertising on any single website? There's little to no value there.

Nope.

Counterfeit means you were passing it off as the original manufacturer's when it wasn't. "Imitated against". You're literally selling a "Sony" battery that's not been made by Sony, or whatever.

But after-market third-party compatible products (e.g. cheap batteries, chargers that don't try to pass themselves off as genuine Nokia or whatever) are a multi-billion dollar legal business worldwide.

They can't say their USB leads are "Lightning (R) cables" because that's trademark and counterfeit if they aren't, but they can say it's a cable compatible with an iPhone or whatever.

That's the reason that the whole "they can make a compatible product" thing is legal - it's a huge portion of worldwide trade to make cases, batteries accessories, replacements, etc. that AREN'T from the original manufacturer. Otherwise you could kiss goodbye to everything like universal remote controls, and say hello to 50cm cables that cost the earth.

Given that it costs a pittance even for a cheapy replacement screen, fitted properly, I can't see that their resale value would be in parts. A "genuine" piece of glass is basically indistinguishable (and, in a survey of 500+ iPads and iPhones that have come through my office, no less likely to break - Apple products really are shitty and crack with the slightest drop, yet I've thrown my Galaxy at the floor any number of times - with the dents to prove it).

My repairers also tell me that they are almost impossible to remove without damaging because of the glues and pressures used to put them in there in the first place. It's basically "smash it again and replace it entirely" when they need to do that (misalignments, etc.).

Nope, the second-hand value of a stolen iPhone adequately reflects their real value. Almost nothing. Find-my-iPhone, IMEI blocking, unable to disassemble, and people are incredibly suspicious of Apple products that don't cost the Earth (the biggest giveaway, really).

Re: Just get into the habit of setting up PXE-based WDS or SCCM

PXE = Preboot eXecution Environment (aka booting off the network)

WDS = Windows Deployment Services (aka installing Windows from the network)

SCCM = System something something Manager (google it! aka installing Windows and/or MSI software from the network).

But, to be honest, if you don't know that, that's part of the problem!

Basically, I press F12 when booting on a brand-new, fresh-disk machine (or an old dodgy one that has a software problem or needs updating), tell it to boot off the network instead of the local disk, and it then runs off and downloads, installs and sets up a Windows installation from nothing - including formatting disks, encrypting drives, joining the domain, installing software, etc.

And generally speaking, 20 minutes later, you have a working, ready-to-log-into full desktop machine with all your software and configuration on it, built to the exact same standard image as every other machine built the same way.

So when things mess up, catch viruses, have unexplained problems, lose their hard disk, or fresh machines come on site, you plug into the network, turn on, press F12 and twenty minutes later you have a room full of working systems indistinguishable from anything else you use on site, all ready for users to log onto.

If you haven't done it, and you work in the Windows side of IT, you are honestly wasting SO MUCH TIME by not having it that I would question competency.

Of course, other systems have equivalent services that do the same - I've done it for everything from DOS and Norton Ghost, to Linux via LTSP and/or Clonezilla imaging.

Re: Port Scan Licensing

Real world numbers?

Swamped, by orders of magnitude, by the sheer TCP traffic for the number of attempts to connect to port 22 (SSH) or 25 (SMTP) on a datacentre dedicated server on 100Mbps line, even when those ports are closed and have never offered a service.

Include port 80 and you're swamped by another order of magnitude as automated scans from virus-laden networks try to attack /phpmyadmin/admin.cgi or whatever, even if your site doesn't have any HTTP server running at all.

Passive port scans from security companies etc. don't even figure in the numbers. Even the automated port-80 bot scans (from Googlebot and a thousand and one genuine "research" bots) aren't worth bothering about.

But the junk trying to hit your SSH and/or send you spam swamps them all.

And in terms of bytes transferred, your genuine traffic on ANY service that you offer (even NTP pool membership, or a website, or an email server) will swamp them all.

TCP is quite an efficient protocol to shut down connections quickly, and you can have several thousand connection attempts in the same on-the-wire size of even the first few replies for a real HTTP response (i.e. someone visiting your website).

It's really not a factor to worry about, and nobody bothers to filter. Rate-limit? Possibly, but you've already received the packet by that point anyway. But nobody really bothers to filter out port scans on their upstream firewall, it's not worth the effort for the traffic you save.

What happened with the EU mandating a charging standard for phones?

Or are they going to leave it fifteen years and then look into a monopoly action against Apple costing more than it ever recovers, ala Microsoft vs EU?

Re: I'll have a go at translating that into English

Or:

"We trusted external data without thinking about the consequences"

Re: Weurd

You remind me of those people who used to crow about Macs "being more secure" and "not getting viruses".

Even if your anecdote is true, it's a single data point. Do you deal in Android phone repairs or support? Then it probably doesn't mean much that your group of friends don't KNOW they have a compromised Android phone.

And even if it's true - that doesn't mean you aren't vulnerable and/or that it can't come your way. The fact is that people don't use smartphones for visiting random web pages as much as they do their PC. But that one time you do, your phone is technically more vulnerable.

And, honestly, when was the last time you CHECKED your phone? I don't run on-access antivirus, ever, but I still occasionally give my PC a sweep through just to check that my "don't do stupid things" policy has kept me safe. When was the last time you did that on your phone? Virustotal has an app that might detect malicious apps, but detecting a compromised base OS is much more difficult and you might never know about it. Literally, if you don't look, then you can't see.

And, yes, I'm an Android smartphone user. I wouldn't touch anything else.

Re: Water cooled rack doors

I have seen many (and owned several) cars where the radiator hoses just pinged off or deteriorated to the point what it was quite likely if I hadn't checked. A hoseclip between you and disaster is really not what you want. Now, that's on a moving device, but I imagine rack doors aren't designed to never open either.

The biggest problem isn't the theory but the practice. The first idiot that "WD40's" a small section of the hinges will set the seed for the rubber to deteriorate rather rapidly (and catastrophically) in the next few months.

And though you can say "that shouldn't happen", when it does the results are catastrophic, affect a much wider range of kit than just that in the cabinet, and are maybe uninsurable.

Risk = probability (low) x effect (stupendously high).

To say that absence of that is negligent? Read the stories above where water-cooling with all the funds and impetus in the world causes more problems than it ever solves.

And what happens when the inlet water is colder than expected? Oh, dear, you have an untested scenario with possibly unknown consequences.

Re: I run an Outlander PHEV

"drive it away" is optional once you're inside the car with all the time in the world. Hell, you could just release the brake and tow it late at night, who's going to know?

Re: Mobile computing

Gosh, if only we could, e.g. put the radio outside the cage and join to it with a couple of wires? Then the encryption is behind the cage, and the radio is just a radio outside it.

I have ONE email account.

I have a domain with forwarding, that has extra filtering applied to it, then - if successful - the emails are then forwarded to my "real" email account.

I get a LOT more than 2 spam through to that end account (at a major mail provider) directly, despite never using that address for anything else, and even more from the domain addresses (which are all unique and traceable to their source).

My email account is about 10 years old, my domain is about 12, I've been online with one or two email addresses since 20-something years ago. I've always followed those rules. And I assure you, I get a LOT more than 2 spam on any given address, let alone direct to the end account, let alone all together.

Re: how long has this bug been around?

Web server? I should hope so. It's usually just a case of enabling it in Apache etc.

Your home? Probably not. Virgin haven't even tried to deploy IPv6 to normal homes yet, despite being DOCSIS 3 which mandates compatibility with it.

Wifi hotspot? See above.

3G/4G? IPv6 is mandated as part of those protocols. Probably more phones use it than they do IPv4 when connected direct to the cell network, rather than wireless.

I have an IPv6 website, email, etc. server. It's not a huge majority of traffic, but its definitely "there" and been working fine for years. Google servers prefer IPv6, for instance, so almost all GMail and Google traffic use it first, and I get IPv6 mail from Google all the time.

It's certainly not "untested". Hell, IPv4 was still finding problems DECADES after deployment (ping-of-death, Xmas-tree packets, ECN, you name it). But to suggest it should be "bug-free" even 20 years from now would be moronically stupid for such a thing.

Re: RE : Lego is an obvious health and safety risk in the office.

Calm down.

Banana?

Re: So is this rollup intended to resolve

Why would it affect anyone deploying en-masse?

WSUS? WDS Imaging? Slipstreaming?

What are you doing to be deploying plain Windows 7 that then needs all the updates that have been released for it to be applied before you can use it?

Home use, sure. But then how often are you reinstalling (and why?) and I refer you to the Slipstreaming part of the above.

Re: Swiss efficiency

Crossrail, really?

The project planned in the 1940's and still yet to happen?

It's easy to be "in-budget" when nobody remembers what the original budget even was.

It's easy to be "on-time" when you still haven't delivered anything and "on-time" is supposed to be 2017 (or actually 2018 now, possibly).

Literally, Crossrail is the entire antithesis of your counterpoint.

Precisely.

That's what we try to do with the extra-curricular clubs, etc. but it's hard when they've never been exposed to it before and you have limited time to cover anything like that. The irony is that the kids are proficient in all the usual software packages before they even start school, really, and can do all the things that "computing" purports to teach them.

We once rolled out the "game" TIS-100 to our club. It was eye-opening. The problem-solving skills to even start something like that aren't there, and despite being "gamified", it was almost impossible to get anything done (holding interest wasn't a problem - getting them to think in the right way was). The problem, as you say, it Googleability. There's little independent thought and the children's first reaction is "How did other people do it". There's an element of that to all programming, sure, we've all done the stackexchange / github lookup when we were after something. But to actually get that stuff from first principles, or understand it enough to modify it successfully, is alien to them.

Though the assistance I had when I was a child their age was minimal to nothing, even with all the resources and power available to them now for free, they aren't able to get close to the same kind of understanding. It's a slippery slope.