* Posts by Griffo

144 publicly visible posts • joined 23 Feb 2015


Datacenter fire suppression system wasn't tested for years, then BOOM


Had the same thing!

We had the exact same thing happen, except in our case it was during the handover from the supplier. He was demonstrating the yellow "disable" button by pressing it.. and boom off it went.

We had to clear out the 20+ story building and basically it was shut down for the day until the floor was sufficiently vented.

Thanks for fixing the computer lab. Now tell us why we shouldn’t expel you?


Sometimes interpreted correctly

Back when I worked for CSC (now DXC) we had a junior engineer start with us fresh out of uni. Two weeks in, he hacked the payroll system, but took that information and how he did it to the new head of infosec. A week later he was no longer a shit-kicker but was a junior infosec analyst. Correct reaction from management there.

Time Lords decree an end to leap seconds before risky attempt to reverse time


Re: Cop Out

Yes probably one of my customers. We still run nightly batch processes on AIX and i-Series for most of them.

Stop us if you've heard this one before: Exchange Server zero-days actively exploited


Or is it?

There's actually a bit of conjecture in the infosec forums on whether this is in fact a real vulnerability, or just new malware that exploits an existing vulnerability that was patched 6 months ago... watch this space I guess.

Fortinet says it’s all about the security ASICs



I remember a similar pitch from Alteon. Remember them? Great technology, had a few bugs but was a great packet mangling ASIC.

Then Nortel bought them. Remember them?

Alarm raised after Microsoft wins data-encoding patent


Always been so

The day they granted the infamous patent for a TV guide in a grid format, they should have been disbanded.

Microsoft extends security updates for Windows and SQL Server 2012 and 2008


Buyer Beware

When Microsoft talks about Extended Security Updates, the really do mean Security Updates. Do not be fooled into thinking this means "Support".

We had the fun and joy where a bunch of 2008 servers that had been migrated to Azure became unmanageable because while 2008 has Security Updates, that does not mean that Microsoft guarantees their own products will confinue to support it. In this case, one of the Azure Product managers decided to drop 2008 support as is no longer on MS's supported OS list. Mull that for a minute.

It also doesn't mean 3rd parties will support it either - you may find your backup or AV vendor no longer provides support either.

In short - just take the pain now and upgrade to a supported platform.

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows


Re: As much as I like to dump on microsoft a pile...

By default the printer spooler needs to run on at least one DC in every domain. It controls the printer queue cleanup.

From the MS documentation:

"On a domain controller, the installation of the DC role adds a thread to the spooler service that is responsible for performing print pruning – removing the stale print queue objects from the Active Directory. If the spooler service is not running on at least one DC in each site, then the AD has no means to remove old queues that no longer exist"

So while most orgs will have dedicated file/print servers, the service will be running on at least one DC.

Micro Focus shares up almost 30% as revenue decline less than expected in fiscal 2020


Additional Revenue

I wonder which bucket they are writing audit fines to? They seem to have been on a bit of a COBOL licensing audit spree lately. I'm sure that helps fill the coffers.

Remind us again, why work for AWS? Petty Amazon sues marketing veep after he defects to Google Cloud


He's a Marketing Guy

C'mon AWS. It's not like he's an engineer or product manager who knows stuff in intimate detail. He's a marketing guy who is whiteboard-deep in his knowledge of products engineering.

Watchdog slams Pentagon for failing – for a third time – to migrate US military to IPv6


I dunno what the issue is. I mean, sure, Android doesn't support DHCPv6, Cisco gear still has major memory leaks with their DHCPv6 implementation, there's no hostname registration in DHCPv6 so you have to chase down MAC addresses and hope the client registered themselves in DNS.. It's just so easy to administer.

Microsoft attempts to up its Teams game with new features while locked-down folk flock to rival Zoom... warts and all


Re: Been four years

Ive seen all these features on the internal Microsoft dogfood version for at least 6 months. So they were always coming, they've just been pushed ahead of schedule

As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC


Re: "Rush"

And they knew about for quite a while before it went public. For a so called "security" company they did a completely crap job at managing this super basic flaw.

Microsoft Surface users baffled after investing in kit that throttles itself to the point of passing out


C'mon Ed.

If you're gonna explain that "The issue is most likely caused by a CPU feature called BD PROCHOT, which stands for bi-directional PROCHOT. " you might want to explain what PROCHOT is too.

Xbox daddy bakes bread with 4,000-year-old Egyptian yeast


Re: I'd eat it

You CAN keep a strain of pure yeasts. What do you think all brewers do?

Years ago when I used to make beer every weekend in 100L lots, I was right into yeast cultivation. Using some fairly basic gear (a magnetic stirrer, some flasks, agar plates, innoculation loops) it's pretty simple to isolate a single yeast strain, grow it, and grow it in a starter. It was a "thing" to isolate yeast from well known beers.

Operation Desert Sh!tstorm: Routine test shoots down military's top-secret internets


Mirror ain't backup

I went out to visit a new client to get an overview of their infrastructure, and to perform a quick health check. This was a largish architecture firm, I think they had about 200 architects, designers etc.

Their "backup" system comprised of the owner pulling out 1/2 of a mirrored set of disks each night. He'd take it home, then bring it back in the morning and let it re-sync.



I spent a month trying to convince him that that this was a recipe for disaster and that he needed to spend a relatively small amount ($5k or so) on a backup system. He refused, and we pretty much parted ways.

Fast forward 3 months, he calls us in tears. All his data was gone. Every client drawing ever produced had gone "poof" one morning when he plugged the disk back in and things didn't go well.

I didn't give him much time, asked him how expensive that $5k backup system sounded now, and told him to go try ring someone else. I have zero regret in refusing to help him.

Captec saps tech from Aleutia to put its tiny PCs back to work


Talk About an Own Goal

Lots of options in that space

These run pfsense or similar with ease. I'm pushing 100mbit over an Opensec VPN with the CPU barely moving. My internet connection is the limit.


Never let something so flimsy as a locked door to the computer room stand in the way of an auditor on the warpath


I had something similar happen

Back in the early naughties, one of our cusotmers was a name-brand diamond reseller, who was at the time setting up an early B2B diamond marketplace, hosted on our kit.

Given the size of any potential fraud, they sent in a set of security auditors to check out our setup. All good, I spent the day with them in our datacenter which was at the time pretty advanced. Think guards behind bullet proof doors, multiple man traps etc.

Problem was, on the second day, I was badly delayed due to a car accident (mine!) and turned up around 3 hours late. At this point I found the auditors had

a) convinced the guard to let them in seeing as "they were here yesterday"

b) used a boot disk and snagged a copy of the SAM DB from the NT4 severs

c) scampered with that file to try their hand with l0phtcrack to try to break any weak passwords

Needless to say, we failed the audit.

How much open source is too much when it's in Microsoft's clutches? Eclipse Foundation boss sounds note of alarm



It's all about providing more tools to enable Devops on Azure cloud. That's all. They want a reliable well established code and packaging source to encourage more automated / serverless / devop oriented workloads on Azure.

We dunno what's worse: Hackers ransacked Citrix for FIVE months, or that Equifax was picked to help mop up the mess


Talk About an Own Goal

I'm just going to leave this here..


Uber driver drove sleeping woman miles away from home to 'up the fare'. Now he's facing years in the clink for kidnapping, fraud


Re: Are you kidding?

Have you ever tried to contact Uber support to lodge a complain against a driver?

Despite what they "advertise" they make it almost impossible, and generally always side with the driver. They are a nightmare. I can totally believe that they would have ignored prior complaints.

Packet switching pickle prompts potential pecuniary problems


Once became an accidental peer

One time in the early 2000's we screwed up the BGP config on our edge routers. We'd just installed a bunch of 155MB/s links to various ISP's for redundancy. At the time in the wonderful land down under, flat rate links were pretty much impossible to buy, so we were on metered connections.

Unfortunately due to our screw up, we became a peer between the ISP's and started paying for the privilege of shuffling packets between the ISP's. We ran up $40k in traffic charges before someone noticed that the traffic seemed pretty heavy for a couple of routers with nothing behind them yet...

Don't mean to alarm you, but Boeing has built an unmanned fighter jet called 'Loyal Wingman'


But we can afford more of them

I assumed the Bizjet engine choice was one of cost and practicality. They'd be cheaper (remember, sending into harms way where they wouldn't risk a pilot may = higher losses), easier to service, have much faster turn-around times, and much longer work cycles before overhaul. It may not pull the G's and be able to maneuver like a proper fighter, but I assume the thinking is more along the lines of "the clone war army" than the small handful of jedi.

New claim dogs Oracle: After $11m of sales, I was unfairly axed before next big deal – because I am a 64yo woman



While I have no doubt that Oracle and a bunch of munts who have screwed over their staff, $11m over 6 years is a pretty low figure for an enterprise sales reps. With the amount that Oracle pay their sellers i'd expect them carry at least $5m in target per year,

Cut open a tauntaun, this JEDI is frozen! US court halts lawsuit over biggest military cloud deal since the Death Star


Who feels sorry for Oracle? No Really

Oracle's just upset that nobody want to use their shit cloud that can only provide 2012 level basic IaaS services. I think Gartner recently rated it as having "minimum viable features".

I fact I just found it and I quote:

"Oracle's second-generation product, named Oracle Cloud Infrastructure (OCI), was launched in November 2016. A year-and-a-half later, however, Gartner says it "remains a bare-bones 'minimum viable product,' and it is arguably too minimal to be viable for a broad range of common cloud IaaS use cases.""

Apple solemnly agrees to pay France $570m in back taxes, turns to camera, gives us a wink


Transactional Tax

Is this another reason for countries to look more seriously at shifting to transactional taxes?

Tax the transaction, in the country it's made, at the time the transaction is made. The ability to funnel transactions to low-tax jurisdictions could be severely curtailed if not stopped entirely.

Lawyers' secure email network goes down, firm says it'll take 2 weeks to restore


Stab in the dark guess

Lost a server or storage group.

Discovered backup junk

Recovering emails from a journal, which means that it needs to process every mail, decide whether to restore it, and insert it back into the users (now empty) mailbox.

DDoS sueball, felonious fonts, leaky Android file manager, blundering building security, etc etc


Re: Es file explorer [alternative app (fast NAS access)]

Not as full featured - but free - AndSMB provides both SMBv2 and SMBv3 support.

Cray will realise 'substantial' loss. But Shasta minute, folks, big iron market will pick up


Talk About an Own Goal

Lets hope that the Cray Shasta is more successful than the Alteon product of the same name.

You were told to clean up our systems, not delete 8,000 crucial files


Lost all a CIO's emails during an Exchange Migration

I once had to complete an AD and Exchange migration for a company. I don't recall the reason why exactly, but they needed to move to a new AD so a full migration was necessary.

When I configured the new Exchange environment, I set up some basic policies - you know, like remove all mail from the Deleted Items folder after 30 days etc.

A week or so after the migration was completed, I got an urgent "please explain" email from the CIO, he wanted to know why I was so incompetent that I had managed to lose all his emails.

Naturally I went straight to the logs to see that yes all X number of items had copied across, so I went to question him as to what emails he was referring to. At which point I learnt that he, no shit, stored every single email he wanted to come back to in the 'Deleted Items' folder. On their previous server they had no policies so they stayed there until he deleted them a second time. I never could get my head around his logic that this was a good place to store them..

Anyway, luckily I still had a PST of his old mailbox, so disaster was averted. But what a muppet.

Um, I'm not that Gary, American man tells Ryanair after being sent other Gary's flight itinerary


I've often had the same

I too have the "curse" of an email address that many people seem to think is theirs. Mostly, it's easy to correct, but memorable is a software company that kept sending me the software license key for their wares. I spent maybe 2 years forwarding it back to their support department before someone with more than one brain-cell picked up the ticket and actually fixed it.

Suunto settles scary scuba screwup for $50m: 'Faulty' dive computer hardware and software put explorers in peril


Re: Isn't that what the watches with the numbered bezels are for?

Or even better, learn ratio deco. 10 seconds of mental calcs will tell you if your dive computer is close to the mark or miles off.

Also, anyone who relies on the AI reading for tank pressure and doesn't check their SPG is asking for trouble.

It's a worrying trend in diving. Too many people "ride the computer" and have no idea how to actually calculate their remaining NDL or know what to do if they do enter deco. I blame PADI

Microsoft sysadmin hired for fake NetWare skills keeps job despite twitchy trigger finger


I too was unleashed untrained on a Netware 3.11 network. I was given the admin doc and the SYSADMIN password and unleashed. I didn't even know what IPX was for gods sake.

Somehow, I survived, although I do think I had about 6 weekends of major rebuilds due to earlier poor planning decisions. Name everything the same and everything would work just fine come Monday morning.

It's raining drones, but just one specimen: DJI's Matrice 200 quadcopter


Re: Bah!


Fixed wing for the power-loss, no-crater win.

Tell that to the people on JT610

British Airways: If you're feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims


Poor Handling

One of my co-workers had their data slurped via this attack. He had to cancel his card obviously, but luckily BA sent him a nice email with a free offer to a 12 month subscription for a credit monitoring that would look for attempts to leverage the information that was stolen.

Only issue was.. the offer was only valid for UK residents. So basically, if you used BA, got hacked, and were not a UK resident, then they effectively said "screw you".

RIP Paul Allen: Microsoft cofounder billionaire dies at 65 after facing third bout with cancer


Say what you will

I know on this site that a large portion of the participants are Microsoft haters. But you have to admit that the founders have been some of the most philanthropic people in history. Compare that to Bezos or Ellison or Zuch who horde their billions like some modern age Scrooge McDuck.

Vale Allen.

Using Microsoft's Dynamics 365 Finance and Operations? Using Skype? Not for long!


Backwards Compatibility

Say what you will about MS, they are normally overly focused on software backwards compatibility. Often to their own commercial detriment. I wonder if a security flaw with the old authentication method was found that forced their hand.

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security


It would be great

It would be great if MS actually enabled this technology on all their partner portals as well. You know, the ones that let us modify customers products and subscriptions and get into their tenancies.

There's been a few cases of partners credentials being hacked - to date mostly so people can spin up Azure for free crypto, however the fact that most of these portals still cannot enable 2FA is criminal.

Official: Google Chrome 69 kills off the World Wide Web (in URLs)



So after years and years of teaching users to check the full URL.. Google decide to start obfuscating it so they can turn it into another search bar with zero thought about the repercussions. Guess it's back to Firefox then.

You want how much?! Israel opts not to renew its Office 365 vows


Re: £££££££££££

Because after decades of Government IT departments providing shit IT solutions on spaghetti architecture that was always N-5 revisions new, they probably decided that outsourcing part of their stack to the vendor to keep evergreen probably makes a lot of sense.

Microsoft to pay new bounties for identity services holes


I doubt there's any BV code in there

From what I understand AAD was a ground up clean sheet modern directory written specifically for multi-tenant web scale identity requirements. Compatibility with Windows AD obhects was added afterwards, and AD services have been slowly bolted on, but again are clean room implementations. I doubt there's much if any code in AAD taken from Windows AD.

Telstra reveals radical restructure plan


It's wasn't a lack of courage

I think you forget the arrogant, combatant, pigheaded, monopolistic beast that was Telstra back when NBN was announced. Do you not remember when Telstra submitted a 1 page response to the original NBN tender? NBNCo was constructed in part to FORCE Telstra to separate into infra and retail businesses because Telstra refused to and was totally happy being the vertically integrated communications monopoly provider.

Australia, Solomon Islands to ink Huawei-free cable contract today


This government and Internet Services Provision?

If the NBN is anything to go by, the poor Solomons are Fv(ked for the next 20 years.

The current governments "Faster Cheaper more reliable" NBN re-design has been nothing but an unmitigated disaster that's going to take another $50B and 10 years to re-build once completed.

SAP hopes to blow the doors off Salesforce with a block of C/4HANA


Hells No

As someone who is subjected daily to using SAP's current "best of breed" CRM Online solution.. I pity the fool that even looks at their new CRM offering. SAP wouldn't understand modern dynamic sales processes if their future depended on it.

NAB mainframe turns its TOESUP* after power outage, offline 7 hours


UPS upgrades

Inside word is they were undertaking a UPS upgrade and it went wrong.. apparently it caused a set of rolling failures which took some time to untangle.


Re: Also Broke BNZ in New Zealand

Actually knowing a little about the NAB's datacenters, power setup and mainframes, this is not an everyday failure. They have several layers of power redundancy at their main Knox DC and their new secondary facility is state of the art.

OK, this time it's for real: The last available IPv4 address block has gone


Plenty of poorly used blocks left

I used to work at CSC, and at the time we owned 20.x. I owned 20.254. I see that they actually handed it back - good on them. But there are still other /8's around that really should be given back - such as 19, 28 and 56.net

Java-aaaargh! Google faces $9bn copyright bill after Oracle scores 'fair use' court appeal win


What about S3

It seems every second player / device in the storage space offers and S3 compatible interface for data storage. Does this mean Amazon could go sue OpenStack and all the others?