Posts by J. Cook

An anonymous Coward wrote:

thought it was funny, for the people who thought it didn't pass the bar, c'mon they're all good stories, let's not set the bar too high or people will maybe think twice about writing theirs for fear of being 'not good enough'

It's tricky to set the bar at just the right height- too low, and people step over it. Too high, and you hit their kidneys instead of the groin. /rimshot

*wanders off to start a week off early*

Indeed; there have been more than a few stories published on this site about rouge sysadmins screwing over their former employers after getting walked out the door for whatever reason (usually things that would have been major "DO NOT HIRE" flags, or things that could have been corrected early before they were allowed to fester).

Re: Not everybody appreciates the cleaners - especially robot ones !

Paging Admiral Stabby to the port side airlock. Admiral Stabby, please make your way to the port side airlock.

(Yes, there is an entire set of posts on Tumblr about the adventures of Stabby, who started out as an enlisted robot and worked it's way up to admiral by several heroic (and hilarious) feats.)

Re: Wait, what? Did I miss something?

At this point Babymetal are considerably more metal than Metallica

THIS. SO VERY MUCH THIS.

(for the uninitiated, imagine a girl's J-pop band getting into a tryst with the likes of oh, say, White Zombie, or Megadeth, or similar. Babymetal would be the love child born of that tryst.

(and they are damned good.)

Re: I still think it was done by a Russian technician

@bombastic bob: I am in (rare) agreement with you. (On a side note, I think I saw a crate or two of wolly underthings addressed to hell over in the shipping department. :) )

Re: Secure erase

The "Secure Erase" leverages the on-controller encryption of drives that are compliant with the ATA6 command set (SATA and (IIRC) Ultra-ATA100/133 IDE drives), which is also why it's a 20 second drive wipe instead of a physical overwrite- the data is stored encrypted, and the secure erase command tells the drive controller to generate a new key which renders the bits on the platters into garbage, because you can't recover the encryption key.

The ATA controller has to support allowing the command (a great many don't!), and older drives don't understand the command anyway, so for wiping drives I usually go with my old standby of a 4 or 5 pass random fill with DBAN and a blanking pass at the end; (although even that's overkill; a single random pass and blanking ought to be fine for 95% of purposes. If you are paranoid, you should probably shred the drive anyway, which I generally prefer a trip to an underpopulated area with a nice backstop, and populate the drive with a series of dents and holes from rifles and other firearms. :) )

Re: No, this has nothing to do with the US First Amendment, freedom of speech

It's this simple: If anyone wants to provide a potentially lethal ANYTHING to anybody in the USA by ANY means, then that thing is subject to the law, be they local, state or federal. That is all. This issue will be sorted out at those levels, not at the level of the US Constitution.

...So does this mean that we have to fill out a crap-load of paperwork for such things as:

A shovel (https://abc13.com/man-beaten-with-shovel-while-he-slept-has-died/3432807/ , auto-playing video)

A kitchen knife (oh wait, that's also illegal in the UK.)

A screwdriver (Not the alcoholic kind, either)

A crowbar (Paging Gordon Freeman to the white telephone), especially beefy ones)

Just saying.

Re: I've always preferred ..

@Loud Speaker:

That's probably a combination of an IBM-ism, glue code to give the ol' dinosaur a 'modern' web access portal, and (willful) ignorance on the developer's part to modern standards. :)

I use a password manager for my own use; my work team at [RedactedCo] use a shared password manager web application.

Re: Talos says Remcos is a Remote Access Trojan (RAT)

Is the the same Cisco that impliments SSL decryption on its switches, through the use of fake PKI certs. Basically implimenting a man-in-the-middle attack.The client browser has to be configered to accept such fake certs and not just the Cisco ones.

Your links points to the Firepower module, which is nominally installed at the edge of a network (think firewall, or IDS/IPS). It's not something that they throw in on every single switch they sell- you have to ask for it. (and pay extra for it!)

Cisco also has such functionality on their Web Security Appliance (aka Ironport); the intention for installing these devices is that you generate a CA class certificate (subordinate issuer) from your enterprise's private CA, install *that* certificate into the WSA or Firepower, and configure a group policy or some other method to have your clients automatically trust that certificate (which they should if they already trust the issuing CA), and you should be almost fine. You'll certainly run into exceptions, like Java applets and scripting that don't leverage the OS's trusted certificate store, for starters, but by and large the end user won't notice or care, because It Just Works.

Re: This needs some input from the DVLR

"hey look, you press a button and the front windows go up and down".

Now I have the guys from Bad Obsession (Youtube "Project Binky") doing the "windows go up! Windows go down!" gag. :)

Re: How to lie with statistics?

When consumers were willing to pay for service above what Sprint offered, Sonic was formed to take up that slack.

Which is also why laws got put on the books to keep Google Fiber out of a bunch of US cities, and lock out municipalities from offering internet access as a service as well, ignoring the fact that a lot of munis have put their own infrastructure in because the telcos either wanted too much, or flat out refused.

My area is served by exactly two companies: the local telco (centurylink *spits*) and the local cable company (Cox *spits again*) Neither company appears to want to invest in running fiber to households or even to neighborhoods, with last mile being high bandwidth copper.

When we heard that Google was thinking of using our area for a fiber rollout, we were ecstatic- $70/month for gigabit internet? head and shoulders above what the cable company could provide (while they offer 'gigabit' service, it's almost double what google offers, it's shared with everyone else on the line, it's not guaranteed, and there's still that pesky 1 TB/month data cap. Oh, and it's not symetrical. uploads are throttled to 20 Mbit.)

Re: Double-Edged Sword of Progress

@Jay Lenovo: I see what you did there with your username. :)

Maybe we'll get lucky and it'll be a benign AI with a cuddly avatar, like PDCL or something.

But probably not. It'll probably be Skynet.

To quote a famous dinosaur movie: "Your scientists were so preoccupied with whether they could, they didn't stop to think if they should"

Re: "a publicly usable statement"

Probably empty platitudes and hot,smelly air out of some PR flak's bum.

*grabs coat and walks briskly out the door*

Re: A Computer

Considering how damned heavy the 550s are, I expect these to be a three-person lift for each part of a fully populated machine.

(needs a 'big iron' or POWERlifter icon. :) )

Re: Space rover

Ian Emery wrote:

I look forwards to seeing someone riding a suitably upscaled version to work one morning.

That would be awesome, but a) work would be over before I got there unless I did some major re-design/upgrades on the powertrain; and b) not sure if it's street legal.

Re: Visa

I'm not saying that Verified by Visa sucked, but it could take the chrome off a trailer hitch. SMS as second factor is... a touch more secure than that. (to make a clothing comparison, VbV was a string bikini, and SMS2 is at least a jacket or a thick t-shirt.)

and TBH, 2FA is a pain in the butt no matter how you slice it, but it's one of those 'how much risk can we accept' things.

Re: @AC (and @ShelLuser)

We have users lock themselves out all the time at [RedactedCo]; they log in on a different workstation using one password, forget to log out of it, log in on a different workstation, change their password, and wonder why they keep getting locked out regularly.

as far as escalating timeouts, the built-in mechanism for Active Directory that handles lockouts only gives a threshold (# of bad passwords in a certain time period) and a duration of lockout that has to occur before it automatically unlocks you.

We've looked at a couple self-service applications, but a lot of them want to install a GINA on every single machine in the environment, and some others are... dodgy at best.

Re: Things I wont Work With

... or at least survive some of the reactions, if I remember that chapter correctly.