* Posts by Frozit

49 publicly visible posts • joined 27 Jan 2016

Don't turn it off and on again: Expired Cisco cert cripples vEdge SD-WAN kit


Certificates are... hard

Sadly, the certificate mechanism almost guarantees failure. You have this hard check, that one second before it works fine with no notification, one second after, it is borked.

You can code around it by adding in warnings and grace periods, but you know as well as I do that they will get ignored.

One solution is what Google does, have several massive wildcard certs that expire at short intervals. This forces them to keep the certificate process active, as opposed to once every 3 years... However, creating that cert is easy if you are certificate authority. Probably quite expensive if you have to pay for one.

We stood up a private certificate authority and forced everyone to use it in the development and test area. That did amazing things for getting developers to understand certificates. But I eventually had to make a "get out of jail free" cert that I based on the Google one. Explaining certs to the people hired as testers was sometimes rather difficult.... However, it still has the benefit of everyone knowing how to install a cert and what things look like when you have a cert failure.

Building your own private 5G is as easy as Wi-Fi


User friendly device.....

Holy. Read the user guide for the Sercomm.


I haven't read such a hardcore networking guide in many years. Nothing user friendly there. Made me feel warm and fuzzy, remembering mid 80s networking.

Nostalgic for VB? BASIC is anything but dead


DLL Hell.

The thing that killed VB or ActiveX/OCX was DLL Hell.

When some inexperienced people at Microsoft made the unfortunate decision to "enhance" MFC, they broke the C++ object model for MFC. And since MFC exposed C++ objects across the DLL boundary, and you can have only one version of a DLL loaded into an executable space, you would get 2 ActiveX objects needing different versions of the MFC dll. Leading to memory corruption and bad crashes.

This made anything you tried to do in the browser with ActiveX to be impossible. You had no idea what a different page would load in, or what got loaded in before your page.

ActiveX was a good way to expose complex code objects to light duty programmers. However, DLL Hell caused most product software houses to abandon it. It created continual, impossible to fix support problems.

You could avoid or contain the issues by making a VB executable, but given where the industry was going in the early 2000s, this was meaningless.

IBM researcher suing for age discrimination blames CEO Arvind Krishna for his ousting


Who wants to work for IBM?

The part that I never understand about these IBM stories is, who are they hiring?

The demand for technically savvy people is so high that who would work for IBM? Even in the 80s they didn't get the best, so who are they hiring today?

You've heard of HTTPS. Now get a load of HTTPA: Web services in verified remote trusted environments?


Not really sure why

Not really sure why or what perceived problem this is solving.

Not trusting the environment that the server is running in. This is not even on my top 10 list of concerns.

Looks to me like someone who has been focusing on the side channel issues with CPUs is trying to make the fact the server is now running in a fixed envinronment is something you seriously care about. Either they are so deep into the issue that they can't see anything else, or it is Intel trying to make new CPU versions "important".

Memo to scientists. Looking for intelligent life? Have you tried checking for worlds with a lot of industrial pollution?


Online Identity Authentication

Science Fiction has been exploring all of this for a long time. Which would be part of the problem if you were born after 1980. You haven't read all the scifi literature... (SciFi is the all about exploring what ifs. It is amusing how much computing was predicted, and how much wasn't...)

So, exploring this is good. The same things get invented/discussed over the years, and enhanced with current knowledge. This is how we advance.

Mall of duty: Black Ops. No, you're not a customer, you're just an ad audience metric


Systems that are installed and not monitored

When signs blow up, they are of course visible.

But all of these BORKage articles seem to be the low hanging fruit. Like, as IT professionals, are these systems high priority? Or pretty much the lowest priority.

If they fail, the business effect is minimal. To perform maintenance on them can be a pain, they might not even have a remote access connection. So of course they die, eventually.

A system that is not rebooted regularly will eventually experience an outage at an undesired time.

You can't spell 'electronics' without 'elect': The time for online democracy has come


Online Identity Authentication

The biggest hurdle is authentication of the voter identity.

This has been solved in the small by entities like banks to some degree. However, how many support calls per day are made for password resets, etc?

And remember, you have to solve this for EVERY voter. Sure, just about everyone here is savvy enough. But you know as well as I do, through the daily issues we deal with, that there exists nothing that solves for the general user.

Microsoft admits pandemic caused Azure ‘constraints’ and backlog of customer quota requests



I have been impressed for the most part in how well the sudden growth in demand has been handled.

If you think about what is actually happening, with everyone at home, it is pretty amazing.

I wonder if we were able to run an experiment of doing this each year in the past, when it would fail. I'm guessing not very far back in time.

Trello! It is me... you locked the door? User warns of single sign-on risk after barring self from own account


SSO is flawed

The concept of SSO in a business environment works fine.

As a personal choice, it fails. The basic flaw is if you link a bunch of external accounts to Facebook, Google, Microsoft or whatever is that if you lose that account for some reason, you have lost all your accounts.

There is a story about someone losing their Google account because they posted a bunch of smiley's in a Youtube comment. Exactly what was posted is up for debate, but the damage caused way outweighs the supposed crime.

Intel server chip shortages continue to bite: HPE warns of Xeon processor supply drought for the whole of 2020


How much of this is Specter/Meltdown/etc?

How much of this shortage is caused by the cloud demand for new generation side channel protected CPUs?

Do they truly exist yet?

Staffer representation on our board? LMAO! Good one, cackles Microsoft


Not a good idea

TBH, employee representation on the board of a large company is not a good idea. Certainly not within the current legal framework around boards and board membership.

Having been on boards (of small companies) for the last 20 years, there are things that are discussed at the board level that need to stay within that context and not be known outside of it. An employee representative would be under pressure to break that privacy.

This is like putting a union representative on a board. Brilliant. The union now has information on the other side of agreement negotiations. How well would that work?

I expect to to be flamed for this, but the legal reality is that this would only lead to grief.

We lose money on repairs, sobs penniless Apple, even though we charge y'all a fortune


Re: Lol

However, the IRS has stated that it goes after the little guys, because the big guys fight too hard. So don't expect the IRS to do anything about Apple.

Questions hang over Gatwick Airport after low level drone near-miss report


Re: No geofencing for me

so "No geofencing for me" means that you think you should be able to fly your drone anywhere. Like on an airport approach corridor? Remember this the next time you are flying.

And remember this when drones become a restricted item, and you need a license to buy one, etc. Because it is this "the rules don't apply to me" attitude that creates stronger rules.

Deja-wooo-oooh! Intel chips running Windows potentially vulnerable to scary Spectre variant


As the article states, this vulnerability is primarily a shared cloud issue. When the speculative execution engines were designed (circa early 90s), there was no thought or vision that someday we would have the large cloud shared execution hosts that we have today. Once one vulnerability was found, it was pretty clear that there would be others.

To fix this requires a serious redesign of the core CPU engines, which will take years to fully test, then propagate out and replace the existing flawed CPUs.

There was no intentional plan to create this issue, it is mainly a case of changing environments and requirements.

Who needs foreign servers? Researchers say the USA is doing a fine job of harboring its own crimeware flingers


Re: This is not exactly news

The usage of TOR or VPS services from within my corporate network would be cause for termination.

Great, you've moved your website or app to HTTPS. How do you test it? Here's a tool to make local TLS certs painless


2 years ago it became apparent that my software company didn't understand certs. There was even an internal meme for it.

So, set up an internal CA, ran a couple courses, forced everybody to request certs for their test servers, etc.

It worked, certs are no longer an issue.

Eventually ran into the SAN cert issue with Windows Server 2012 R2 not requesting SAN by default, so ended up making a wild card get out of jail free cert. Which kinda defeated the whole purpose.

However, certs are no longer a meme, or a support issue, so win!

IBM is trying to throttle my age-discrimination lawsuit – axed ace cloud salesman


It doesn't really matter. IBM will no longer exist within 10? years. Think of all the other old school tech names that are gone. DEC, Digital, etc. Why should IBM be any different?

Maybe HP will buy them.... (omg)

Cisco swings the axe on permanent staff – hundreds laid off worldwide this week


The sad thing is, as a large company, you HAVE to do layoffs. Especially in tech.

Hire 10 people. 2 are top rate, 6 are ok, 2 are terrible.

Who is the most likely to leave? The top 2, and maybe some of the 6.

Who will never leave? The bottom 2.

Hire another 10 people. 2 are top rate, 6 are ok, 2 are terrible.

Rinse, repeat.

If you don't have a house cleaning, you fill up with bottom raters.

Sad, but true.

And given the ability for bad managers to select staff that, uh, fits their views, you have to be shotgun with the house cleaning.

Terrible for the individual, necessary for the whole.

If you haven't already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat


Would anyone...

who regularly reads here, admit to owning a MicroTik router?

Ah, um, let's see. Yup... Fortnite CEO is still mad at Google for revealing security hole early


1 week delay from reporting to software company to publishing the exploit. Where has this EVER been considered standard?

How many ways can a PDF mess up your PC? 47 in this Adobe update alone


C++ for the win.

C++ for the win. Only language I know of that can cause this many problems.

'I crashed AOL for 19 hours and messed up global email for a week'



This just sounds like they were on the bleeding edge of email systems, and something was going to die, somewhere.

The fact that they couldn't get a load balancer strong enough to handle their volume tells you something was going to give.

An honest attempt was made to address the issues, and it failed. Meh.

Moneybags VCs look to the stars – and spaff a billion on space tech


Tbh, I've thought "take my money" more than a few times. With no expectation of returns.

Please no Basic Instinct flashing, HPE legal eagles warn staffers


So why would someone create this?

Because they had been suffering through miserable presentations. And wanted to improve their own life from Hell to just miserable.

FYI: AI tools can unmask anonymous coders from their binary executables


Now, RISC code after full optimization might be harder.... That stuff is strange.

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!


If you have access to the hardware...

Fundamental theory. Security is built on a "trusted" item. Without that item, you can always break in. And pretty much every computer security item is based on a trust in the hardware. Once you have physical access to the device, the rest is just engineering.

Developers, developers, developers: How 'serverless' crowd dropped ops like it's hot



Being a developer of too many years to want to count, this just sounds like the latest bandwagon to hell.

Sure, with the "right people", you can make this work. And those "right people" are the same small selection of people that everybody wants for every one of these bandwagons. Sitting here surrounded by 20+ developers, maybe 3 could make this work. For a while. Maybe.

International team takes down virus-spewing Andromeda botnet


Wouldn't the operators notice?

So the botnet operator would have had signs that someone was taking an interest. As in, that the AVs were hitting its installs more and more frequently. Eventually this kind of operation will cause the operators to run before the takedown happens. But that will likely take a while.

No 2017 bonus for you, HPE tells employees


If you are working at a large Tech company

and expect to be treated like an employee at a small tech company...

You deserve what you get.

Firefox 57: Good news? It's nippy. Bad news? It'll also trash your add-ons


The main reasons I use Firefox is NoScript and AdBlock. LastPass is where I store my passwords, so it is a must have as well.

Without Noscript, there is really no reason to pick FireFox over other offerings. Will be amusing.

Hackers able to turbo-charge DJI drones way beyond what's legal


Given that the majority of readers of this forum tend to be sysadmins who enforce rules on users, I find some of the responses to this amusing.

Who says that my password can't be my name, or "password" or... Silly rules getting in my way.

Who says I can't fly my drone into restricted airspace? Silly rules getting in my way.

Quite amusing, tbh.

Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'


No 2 factor authentication method will overcome social engineering. There will ALWAYS be a way to admin override the settings and reset them. You know this, you live it every day resetting user passwords.

Dead serious: How to haunt people after you've gone... using your smartphone


The Plan

Set up a trust fund.

Set up an AWS server paid from said trust fund.

Set up a database, email, SMS, etc. (Possibly paid from said trust fund.)

Die grinning.

IBM: ALL travel must be approved now, and shut up about the copter


One wonders

I have been watching these IBM announcements, and wondering why one would still work there?

Stuff like this makes people leave. The people who leave first are the highest skill workers who can easily find a new job. This is a sliding scale down to the bottom end who will never leave on their own.

So, what is left at IBM? And why?

How do you end a company like IBM? Does it keep getting smaller and smaller, with less and less effect? Sad.

What should password managers not do? Leak your passwords? What a great idea, LastPass


Still way better than no password manager and reusing human rememberable passwords.

The priest, the coder, the Bitcoin drug deals – and today's guilty verdicts



We have, as a civilization, built up a set of laws and rules about how things like stock markets, money lending, etc, should work. It is not perfect, but it does work. Without it, life as you know it would not exist.

Some of the commenters here seem to feel that any thing organized is designed to rip them off. And bitcoin and Tor are completely white as driven snow. Because it fits the uncomplicated, unbalanced views they hold dear.

It would be interesting to see how many bitcoin operations are actually criminal in basis. As in, drugs, or things like card skimmers, or ransomware payoffs, and so on. Personally, I suspect a very large percentage of the transactions are related to that.

So the question is, does the nirvana that Tor and bitcoin are supposed to help create actually exist, or is that nirvana really total criminal anarchy? I personally have not seen any of the nirvana created, but I have seen an awful lot of criminal activity.

Don't pay up to decrypt – cure found for CryptXXX ransomware, again



The people who support Bitcoin and think its great will defend it to the death, in the face of any logic.

Those of us who look at the world, analyze what is going on, and make decisions based on that, look at bitcoin, look at how it is being used, and put it down on the facts of its behaviour.

Earlier, someone used a "I bought some a while ago, and made a bunch of money off holding it" argument. I agree that you are happy you made some money on it. However, how is that a defence of all the other issues. The reason its value probably went up is because of all the people forced to buy some to pay off their ransomware. So, quite likely, you are enjoying the proceeds of crime, indirectly. Hmm...

This is your captain speaking ... or is it?


What hacker

is dumb enough to interfere with a plane they are flying on?

Consequence 1: Death

Plane crashes...

Consequence 2: No anonymity

Something obvious happens, authorities are called, they go through the list of passengers, and....

The penalties for interfering with a flight like this would be in the terrorist/hijacker category, with SEVERE penalties.

And yes, there are probably a few idiots that stupid...

'Mirai bots' cyber-blitz 1m German broadband routers – and your ISP could be next


Why is this port not filtered by the ISP?

Of course, that would imply they knew they had a problem before this.

Filter the port traffic to only be allowed from a small subset of the ISP's management set. Done. Sigh.

Getting your tongue around foreign tech-talk is easier than you think


Canada, Eh?

You could consider Canada as your Brexit. French and English as national languages. We watch the rest of the world go insane, then go out and shovel the snow off the driveway.

Source code unleashed for junk-blasting Internet of Things botnet


Routers anyone?

Who puts their IOT devices on the open side anyway? Who can afford the IP addresses?

Job ad promises 'Meaningless Repetitive Work on the .NET Stack'


Something says...

Insurance company to me. But I could just be cynical.

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay


So has anyone...

actually seen a non-criminal use of Tor?

Tor users are actively discriminated against by website operators


Re: I am Human Blockchain

Any such "I am human" algorithm can be spoofed by software. The attackers have the advantage. You make a defence, and they keep poking around at the edges until they find a weak spot.

What we all really need is an SD card for our cars. Thanks, SanDisk


You miss the point.

I live in Canada. Regularly, during the winter, the temperature in Southern Ontario reaches -30 C. Other places, it gets even colder. And my car stays outside all winter.

Last year I accidentally left a UPS over winter in cold location. In the spring, it no longer worked.

Then, if you consider the other extreme, how hot does the interior of a car get in a southern climate in the sunshine in the summer. Easily +50C or higher.

Manufacturers use the temperature and other environmental ratings of the components to certify their overall rating. If they don't, they are liable for the repairs and other costs if those components fail.

Good thing this dev quit. I'd have fired him. Out of a cannon. Into the sun


20 20 hindsight is always best

I am amused. The original article referenced programmers who clearly were broken. However, picking on academic fortran, and other code that was written LONG before today's Software Engineering standards were created, and the glorious hardware that we have that allows effectively infinite memory space is quite amusing.

And most academic programmers are self taught. No one teaches software engineering 101 to Physicists. Even though most of their work is simulations...

Cops hate encryption but the NSA loves it when you use PGP


Makes perfect sense

Think of all the headers in an email. Source and Destination for one. As the article clearly says, they don't need to read the encrypted text, they just want to know that you and your destination are talking.

As it states. If you are using PGP, Tor, or any of a bunch of other things, you are flagged as a person who is possibly interesting. This reduces the subset of search targets immensely.

And if you are only talking to your gran using PGP, and she only talks to you using PGP, they will pretty much ignore you.