* Posts by rmason

638 posts • joined 3 Feb 2016

Page:

BT CEO tests positive for coronavirus, goes into self-isolation after meeting fellow bosses from Vodafone UK, Three, O2 plus govt officials

rmason

Re: It's getting the 1% as well

We are hearing of celebrity / sports people / politicians being infected because

*THEY ARE ABLE TO GET TESTED*

For you or I (UK based) we won't be tested until it gets bad enough to hospitalise us. People are waiting 7-9 days for a test.

Our numbers will spike like Italy's did, as soon as we test more people. That's what happened there. Less that there was a huge spike in infections, more that there was a huge upturn in actually testing.

Corporate VPN huffing and puffing while everyone works from home over COVID-19? You're not alone, admins

rmason

Re: Uptick in remote S/W sales

Almost all of them are offering temporary free licences, yes.

Cisco Webex, MS teams etc etc

Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

rmason

@Pascal

Your issue there is that the average ship is of very little use, unless it comes back to land at some point.

They won't magically become secure when docked.

Not a Genius move after all: Apple must cough up $$$ in back pay for store staff forced to wait for bag searches

rmason

Everyone finishes at the same time and there'll be 1-2 security guards stood at the end of a very long queue.

Everyone gets wanded or walked through an arch then bag searched.

Places like dixons/PCW repair warehouses etc do the same over here, but you're paid as you don't clock out until past that search point. I've even known it at places like clothes shops that suffered large "shrinkage". I know of a UK company who actually asked a large outlet to do this to their contractors.

This is what Apple meant by "for their benefit". They mean "well if we search you, we can't accuse you of theft".

Anyway, back to UK retail. I know of a large IT contractor who asked their clients to bag check the contractors staff.

Because each time they went to this chain to do a server upgrade or replacement, the staff of said store robbed their employers blind *EVERY* time a contractor of any sort walked in.

"Yeah, we had contractors again, that'll be where all those nice shirts went boss!"

The chain was asked by the IT firm to search the contractors on the way out and *NOT* tell staff below management level at the retail chain this was happening. I believe because it almost cost them the contract due to the theft accusations.

What happened?

The duty manager was made to check engineers, the staff weren't told, all the stock still walked out the door anyway.

Surprisingly enough it wasn't the £250/day contractors stealing clothes and other random clart. It was the min wage employees of said chain. It almost cost a multi million pound contract. a 12 month job supporting 20-50 mobile engineers.

Anywho, random aside but I have seen this done for both staff targeting (dixons), and staff "protection" reasons (discount 'designer goods' chain). All paid for though.

rmason

Re: Good

Presumably because you weren't min wage or close.

That's sort of the issue here. They think they can treat low earners like scum.

Bloke forks out £12m, hands over keys to tropical island to shoo away claims that his web marketing biz was a scam

rmason

Re: Sorry, somebody had to say it.

Unsure why you got downvotes for this.

Every time any MS product is mentioned here the replies are full of totally false claims regarding what office/win10 can't do.

You're entirely correct. Many of the anti-MS stuff here just shows a lot of ignorance, they don't know of what they speak. :)

It's a long list of rants about stuff windows/office is perfectly capable of in an absolutely trivial manner.

He’s a pain in the ASCII to everybody. Now please acquit my sysadmin client over these CIA Vault 7 leaking charges

rmason

Re: They're never going to get a jury who understands any of this

Yeah, guys going to Jail isn't he? Regardless of those pesky facts (he may have done it, i'm not assuming either way).

Due is going to jail though.

Ding-dong. Who's there? Any marketing outfit willing to pay: Not content with giving cops access to doorbell cams, Ring also touts personal info

rmason

Re: So... what now?

It'll be the former. More specifically that will be what attracted amazon in the first place.

See also the purchase of fitbit, roomba et al by various parties.

They don't care about the hoover/step counting watch/doorbell. they wanted all that yummy data.

Remember when Europe’s entire Galileo satellite system fell over last summer? No you don’t. The official stats reveal it never happened

rmason

Re: WTF?

MY bonus is related to the performance of the company, not of my department.

So If I provided *any* system with an uptime of below 80% my / our bonus would be safe. Assuming that badly performing system didn't affect the performance of the company that is.

Yes, my bonus would be entirely safe. I would however lose my job which, last time I checked, did affect my bonus payment.

Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon

rmason

Re: Won't someone think of the Reviewers!

Plenty of smart folks at Intel.

Sadly it would seem none of them are in a position whereby they are able to say "maybe we should do the more expensive thing our engineers have been suggesting, maybe it is worth losing some margin".

As at most places, there will be talent, and that talent will be reminded to stay in it's bloody box and do as it's told. Stop being so negative. Etc.

rmason

Re: At some point...

^^^This.

CVE score of 2.8 is a hard ignore for 99% of businesses. firmly in the "i'll patch if it his WSUS as a recommended update" realm.

The worst one of the two, at a 6.5, still won't register as important for most. Firmly in the realm of "meh, might take a look".

Virtual reality is a bonkers fad that no one takes seriously but anyway, here's someone to tell us to worry about hackers

rmason

Re: No one wants to see me playing beatsaber...

They are way ahead of you. "VR" is a category on most adult sites.

It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild

rmason

Still leaves the IE engine on all machines and dozen / hundreds of ways that windows it'self uses it to run / interact with things.

This does not make you safe, simply a *bit* safer than having IE the browser installed.

rmason

Honestly it doesn't really matter that much.

Yes, you can remove the internet explorer" windows feature".

this removes the browser. It doesn't remove the engine. Lots of internal windows stuff will carry on calling, and using IE to do "stuff". Anything that calls mshtml.dll, for e.g. will use IE. Old sharepoinjt stuff will. Certain interactions from your other "safe" browsers with explorer.exe act in such a way that the IE engine is used (etc etc etc)

So while it partially helps, it's really no solution. We need a patch still.

The "workaround" MS are advising here is the *exact same one* they put forward for the last one or two IE related CVEs, so anyone who hasn't done that already, just isn't looking / caring.

A fine host for a Raspberry Pi: The Register rakes a talon over the NexDock 2

rmason

Re: Bring back netbooks

MS lied.

They told the suppliers of it that Atom processors would be fine. they were not. Hence netbooks ran OK for a bit (with windows I mean) but then swiftly tanked.

By the time the drive had filled with user stuff and updates, applications made the thing crawl, the processor (in most) for the power consumption was intel Atom, and they just didn't have the grunt for windows. That's what killed the netbook. The average user and business who bought them, bought atom and used windows. Without much long term joy.

They did probably still do) run linux absolutely fine.

Similar thing happened to vista (other UI issues etc aside) MS told the OEM boys that 1-2GB or ram would be sufficient, so people bought "vista ready" machines with 1GB when they needed 4.

rmason

Re: Why some people keep on reinventing the ill-fated Palm Foleo?

That's what I want. To be fair, that was the initial vision MS had with whatever-it-was-called and samsung with DEX.

You buy a powerful (core, ram etc) *device* most people envisioned to be a phone or a tablet.

*Device* then just slots into optional mini/medium/large options of laptop/tablet/desktop all with relevant bits.

*Device travels everywhere with user, user simply slots device into preferred working environment. The issue was the tech was too expensive. 1k for decent device + various chassis that turned out to be expensive despite lacking most of the computer gear.

One day it will be like that, but right now it would mean your "laptop" costing more than a traditional laptop of higher spec, and your "tablet" not being much cheaper than a tablet with all the computer inside anyway, etc etc.

rmason

Re: Why some people keep on reinventing the ill-fated Palm Foleo?

Exactly. With 2 x of these and one pi, you're at the spend of a decent, modern i5 +8/16GB laptop.

Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

rmason

Re: Are WordPress plugin developers the worst, or ...

I agree.

IT'#s not that wordpress is bad, per se, it's that it's allowed an entire flood of "web developers" who really mean "I pick a nice template/theme then it's just next-next-next-fill in text boxes-next-done.

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?

rmason

Re: The world wide web is a cancerous piece of crap these days

Chrome is telling you that your username and/or password are contained within leaks of usernames and passwords.

Listen to it, and change your password(s)

rmason

Quick glance at the posting history and...EEEK!

Wow, lot to unpack there. Everything from MK ultra to conspiracies about the chips in cats and dogs giving them cancer.

Every opportunity taken to mention the police / state raping everyone.

Get caught with questionable material did we? again: EEEK.

rmason

Re: CheckMate

A 1 million fine eh?

How much do you think it would cost them, as a whole entity, to hire highly qualified and experienced security, networking and IT teams?

Hint; more than a mil, which is why they do what they do. The slap on the wrist is less than the cost of doing it properly. It was ever thus, and that's why we see people operating the way they do.

rmason

Re: market forces, political processes

Great. Well done.

So UK.gov pays capita to chase you, they chase you, they get paid. All you're doing is binning a letter.

So back to the original point of "How does Joe Public express their dissatisfaction for (e.g) Crapita?"

The answer remains: "You can't not in any way, shape or form."

binning it makes you feel better, sure. They still get paid, regardless.

Ministry of Justice bod jailed for stealing £1.7m with fake IT consulting contract

rmason

The missing money will be (mostly) in the house purchase. They'll sell that, just not this quickly.

Samsung’s aspirational Galaxy Chromebook: Shell out $1k for a fast beaut (and remember to try Linux if you're into that)

rmason

Re: And the battery life is...?

All they can give is the stuff contained in the solitary press release.

They've not had a unit to test.

IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata

rmason

Re: idiot

He'd still be doing it now if he's simply used his company to sell cheap *actual* products at a huge markup.

He wanted 100% of the money. If he'd have been happy marking tat up 100% , chances are he'd still be happily selling them $300 laptops for $1500 etc , it would just have taken longer.

This page is currency unavailable... Travelex scrubs UK homepage, kills services, knackers other sites amid 'software virus' infection

rmason

Re: Nice holding page

Unpatched (for ages) public facing RDP?

These people don't employ anyone who is competent at their jobs, and/or competent at managing upwards and getting these things sorted.

Want to live long and prosper? Avoid pirated, malware-laden Star Wars free vid streams – and pay to watch instead

rmason

Re: Stupid

It's not downloads and torrents (etc) that they are targetting now (well, no more than normal).

This is refering to the many streaming sites out there, think youtube but it'll have cams of the latest films , and whole series to watch. Kids, plebs, and idiots. Those who couldn't have torrented without a full time IT employee to help them. The low hanging fruit, of which there are many.

You're absolutely correct, it's not the film per se, it's the 15 things they blindly click "yes" , "ok" and "install" on to make it start playing on "totallylegitfilms.ru" etc

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5

rmason

Re: Nah

I don't claim to know anything about russian law, but they've been after him for ages.

What changed is nginx sold for above $600m , so the people in question, Rambler.ru , sold the case to someone with cash to persue it. They didn't suddenly decide to go for him, they were woken up by the $$$$$$

rmason

They just want money.

If code changes are made, it'll fork and carry on.

They've been after him for ages, but they waited, waited until nginx sold for $600M+ before acting.

This is purely financial. The storm troppers kicking his door in, is just how they roll.

Gospel according to HPE: And lo, on the 32,768th hour did thy SSD give up the ghost

rmason

Re: Is it custom firmware?

If you have affected drives (SKUs on the HPE link) you don't wait. You check the uptime on them, now. Then you move the data off.

There will be no "sniff of drive failure" here. You hit the required amount of uptime and the drives die, to a state where the data can't be recovered.

Orange is the new green: Nigeria scammer bags $1m while operating behind bars

rmason

Re: "against established standard practice"

Exactly.

It doesn't take a rocket surgeon to figure out how a man whose previous occupation was "stole a load of money" managed, somehow, to get preferential treatment in a prison in a famously corrupt part of the world..

I wonder how he managed that?

Sage still waiting for cloudy investments to make it rain as operating profit tumbles 10.5%

rmason

Re: Well cloud didn't pay off

They're that agile they skipped blockchain entirely. I believe their AI made the decision for them, after it did some machine learning. In an AWS instance, naturally.

Try as they might, ransomware crooks can't hide their tells when playing hands

rmason

@kittenhuffer

Not a file system, but I can make suggestions.

Most of the new AV offering from various vendors do pretty much this.

Things like sophos interceptX sit on your servers and learn what "normal" usage is. A baseline. Then once all trained and enabled it would do just as you describe. If a server is suddenly getting an unusual amount of file edits/writes then bam, it kills the services and stops the process. Loads of other vendors do it, but we have sophos so that's the one I have experience of.

If your file shares are on windows boxes, then look into FRSM : You can configure it to help with ransomware type scenarios too.

https://medium.com/savagesec/minimizing-ransomware-risk-with-fsrm-847d70f6212b

They terrrk err jerrrbs! Vodafone replaces 2,600 roles with '600 bots' in bid to shrink €48bn debt

rmason

They've replaced those jobs *for ever*, not just for a single annual pay cycle.They can (and will, according to the article) scale it up too. IT won't cost *another* 48bil to replace the next 2600 jobs, and so on.

So 48B in development etc isn't just to save the costs of those 2600 jobs, they were just the jobs picked off first. Going forwards the cost/replaced job will be (relatively speaking) a few quid.

Q. Who's triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

rmason

Re: Remote Management SYstem

Yup. It was precisely this. Not teamviewer et al.

There was a user on (ilo/idrac/etc) with a weak password, and no one was doing ilo/idrac/etc patching.

Microsoft explains self-serve Power platform's bypassing of Office 365 admins to cries of 'are you completely insane?'

rmason

Re: respecting organizations’ data governance and compliance

@Wellyboot

MS have said (indeed have begun) emailing end users directly with this "info".

MS comms used to goto the MS365 admins, this they are spamming the users direct.

Chinese customers to unfold their Huawei Mate X on 15 November

rmason

2 grand for a phone.

People are idiots, aren't they?

Think your VMware snapshots are all good? Guess again if you're on Windows Server 2019

rmason

Re: Snapshots shouldn't be used as only backup for db workloads

Snapshots are not backups. Snapshots should not be used as the only backup for *anything*.

rmason

Re: Snapshots shouldn't be used as only backup for db workloads

snapshots in VMware aren't backups at all, not in the real sense of the word.

You lose your VMDK, your snapshot is worthless. They're short to mid term rollback options, or little lifesavers for easily restoring something relatively simple. They aren't a backup though. you damage or lose your vmdk file and if you don't have an actual backup of *that* it's toast, snapshots or no.

https://kb.vmware.com/s/article/1025279

Line one is "do not use snapshots as backups"

Remove them from your thinking completely when you think "do I have backups?".

Telstra chairman: If those darn kids can earn $5m playing Fortnite, why can't execs?

rmason

Correct.

almost everyone who uses the term "millenial" , especially in the media, actually mean "teenager to 20 something". I.e not a millenial.

As you say I'm a millennial, i'm 36. The guy speaking, at 35, is *also* a millennial. That's how well he understands the term.

Plusnet is doing us proud again with early Christmas present for customers: Price hikes

rmason

obviously experience varies greatly with location etc.

Our virgin line is solid, almost 12 years a customer (an 18 month break when we tried a new BT based provider and immediately fled back when we could!)

In that time we've had about 3 faults, all resolved either same day or next. We get the advertised speed that is well over anything a BT based line could get.

Your experience sounds terrible, but it's not representative, or they'd have no custom.

Shit support it shit support yes, but you get that 9 places out of 10.

BBC said it'll pull radio streams from TuneIn to slurp more of your data but nobody noticed till Amazon put its foot in it

rmason

Re: It will be their podcasts next...

I have noticed my podcast provider of choice doesn't now have the newer episodes of the one BBC podcast I listen to (infinite monkey cage)

There have been new eps this summer, but Google Podcasts doesn't seem to have them. PErhaps that tap is off already.

rmason

Yeah, if they're relaxed about Kodi it'll be because either they can't stop them and have tried. *or* kodi are feeding them data.

That data will be "IPs of people using kodi for BBC TV stuff". The BBC will now be trying to figure out how to tie that into their DB of payers and non-payers,

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks

rmason

Re: Microsoft Update Catalog only

They're letting user space test it for WSUS customers.

It'll be a while before it hits WSUS. just pull it in manually. Trivial to do.

Microsoft Surface users baffled after investing in kit that throttles itself to the point of passing out

rmason

Re: The problem is

One is a failure of some sort that no doubt will be fixed.

One was done on purpose to users, and lied about. That is why apple got sued.

Cloud vendors can't resist the lucrative smell of gaming dollars – and they're all in it to win it

rmason

Re: "Nobody knows if it will really work for the mass market"

@Pascal Monett

This isn't about streaming games as in videos of gamers playing ( what we currently get on YT, twitch etc) but physically streaming the game itself from the cloud.

I.e plug a controller into a screen connected to the internet, connect to a game on google's cloud, and have their cloud handle the compute/ram/gpu etc requirements.

The monetisation is built in.

Pay us £x per month, and have access to every game hosted on the service.

Think netflix. I don't pay for a movie, I pay netflix for all their movies.

This would be no more guying games, simply pay your monthlies to your provider or providers of choice, and get all their games.

Microsoft hikes cost of licensing its software on rival public clouds, introduces Azure 'Dedicated' Hosts

rmason

It's all virtualised now.

Not heard of VGlobe? It's the Deity level licence for VMware.

A few VMs (virtual mice) hosted on VGlobe and you're away.

rmason

Re: When will they learn?

It's a security risk *for your company* if your sys admin don't know how to / can't manage it. They also can't trust you to do so, it's them on the line if anything happens, not the user.

I suspect that's what they mean.

You'd get told RHEL or bugger off here too. :)

As a sysadmin if you let people pick an OS, you end up with all of them in use, with the expectation to support them when things break.

It's all fine and dandy having "cover your arse" emails, but when half of dev (or whatever) is sat not working, guess who is made to fix it? Hint: Not the user who insisted on ubuntu, or chromium, or Mac OS etc when you're a windows shop or a RHEL shop or whatever,

Cloudflare punts far-right hate-hole 8chan off the internet after 30 slayed in US mass shootings

rmason

Re: So, since 1961 ...

I don't think anyone has said he's totally to blame.

He IS making it worse though.

Clinton - Banned Assault rifles, ban allowed to lapse by Bush.

Just FYI.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020