Posts by greenwood-IT 63 publicly visible posts • joined 25 May 2016
I run a small IT business supporting local businesses. I actively refuse to be "admin" on systems that I have zero control over.
I know I don't have much say over Windows updates, but I can delay, diagnose and rollback patches. 365 offers none of these options, so I refuse to take on ownership of 365 problems.
Don't get me started...
...I would argue that we don't really have an "Opt-In" or "Op-Out" option for much of what Microsoft are trying to sell us.
I have turned off and disabled OneDrive more times than I care to remember, but somehow it seems just appear on my taskbar demanding that I sign in.
I run an IT company with my own Active Directory and backups - yet I keep being asked to switch to an online Microsoft account for security? It's also told me that I don;'t have a backup and so am at risk - all very dodgy and designed to "trick" people into buying their services,
Even when you do get asked to "Opt-In" there is no "Opt-Out", just an annoying "Ask me again later" - what happened to the "F Off and NEVER ask me again!" option that a desire?
It's almost like a Trojan, we have to block it every time, but they only need to be allowed in once - we don't stand a chance!
So we're hoping the iFixIt document server gets hacked, and they refuse to pay the ransom. The tools and documentation will then be released to the public by an unknown nasty person and everyone will be happy.
Since when did "you can't get it on the internet" become a real thing?
I'm a Sole Trader working in PC and hardware setup, install and repair. I'm not VAT registered, so will they just send me a cheque each month? :-)
More than likely, this will only benefit the larger businesses and squash the local suppliers. Hopefully they will just make "IT Components" VAT free, so everyone can benefit.
OK, so they are now saying this was a "definitions/signature" file and not the actual kernel driver itself that caused the problem? This brings on even more questions;
1) is this critical signature file not signed or checksummed? Both options would have avoided a corrupt file being delivered - which would have avoided this incident. From a security perspective, I'd expect such a critical file to be digitally signed - you wouldn't want bad people modifying its contents now would you?
2) The contents of the signature file were not corrupt, but just plain wrong - so what happened to input validation? I thought everyone who did anything with security new about bounds and input validation? This is an input file to a critical process, it should not have blue screened just because someone but in too many commas of a date in the wrong format - that is bad programming 101.
It sounds like a school boy error by CrowdStrike to me - probably a rushed job and now time for "good practice" - possibly because that would have slowed down the release, but also possibly slowed down the application when running. Relying on the "ON ERROR" function in a kernel driver is not a good option.
"Yes dear, I know I agreed to decorate the bathroom 10 years ago, but when I finally got around to considering doing it last week it looked a lot more expensive to do. I guess you were right, and I should have done it years ago, but there was no incentive then, and even less now"
How the heck do these businesses get away with their excuses? They have all been making profits for years but claim to have not noticed raising prices of material essential to their license agreements? Stop them deploying 5G until they comply with their existing licenses. Perhaps fine them a percentage of their revenue based on the coverage shortfall - then they would invest to save money.
The "opt out" also doesn't work for relatives of the data subject. My details may well appear in the database without me knowledge if a relative if mine "opted in". You have the same issue with GDPR, a staff member can opt in but provide next of kin details, which is confidential data they share with you without the owners permission.
When I was with BT and doing VOIP over 20 years ago, this topic came up. The best suggestion was to simply change the BT primary socket faceplate to provide ADSL to the router, and to allow the VoIP from the router to connect back to the new faceplate via an RJ11. This would then have allowed ALL the existing extensions and devices to function as normal. Basically using the router as an ATA and connecting the output to the properties existing cabling. Provision of a small 350VA UPS would also be considered. The suggestions got a "thank you" reply, nothing more
A far simpler option would be to allow a default password but insist on it being changed on first use.
The main advantage would be that you can then easily gain access following a Factory Reset. The idea of resetting a device and THEN having to find a sticky label for the password :-(
The idea of a "Security Support Contact" and a published "Best Before" date would be handy, but I bet a bunch of the cheap IoT companies would just go bust and rebrand (if they have a brand!) every year.
I've never understood how letting them have more access to more data about me will "improve my privacy"?
It also means I'm more likely to route all my traffic via a VPN via a foreign country or use a foreign cloud service, which means I'll actually have less protection under UK law.
I'm guessing sales of "personal cloud boxes" build by foreign countries will increase...
With the forthcoming election, can I ask each MP to list their technical qualifications - or in fact, any job related qualifications (ie, not their family tree or private club memberships).
Having just come back from an office with 6 people running on a 1.4Mbps broadband - going cloud based isn't always the answer. You're also looking at subscriptions - so these 6 staff members will be paying the same £7/month each for Office 365 that will perform much worse than the £20 one off OEM license for Office Pro they already own. Let customers decide what they want and when they upgrade, we don't need to be forced in to an upgrade if there is zero benefit, or we don't have the money. I remember the days when people WANTED to upgrade to get the new features - what amazing new feature persuaded you to upgrade to WIn11 from Win10?
So does EVERYTHING run on the one machine or network? It appears the ransomware attack took out absolutely everything! Surely the public facing website wasn't connected on the same LAN as every other device? I can see they may have hit a web server and got access to SQL, but the entire business??? Who "designed" and implemented this setup? I do hope this £9M is being spent on a different IT provider to the one that has already screwed them over with their original design, implementation and support fees.
I live in a small village, where broadband speed in some areas is still in single digits! Universal Obligation didn't arrive here. We currently have at least 4 providers flooding the area with fibre, and they are all behind schedule (Trooli is 2yrs late) and digging up different parts of the village. Trooli, Giganet, Vodafone and Openreach - why don't you talk to each other and either do different villages or share the ducting costs? As it stands, you're just covering the place in traffic lights and mud, as well as breaking the traditional phone lines when pulling fibres!
PS: You also need to come up with some new product names, "Full Fibre" is the name of your 80Mb VDSL offering, which is in fact 50% Fibre.
Everyone agrees that MFA is great for security.
However, spare a thought for the tech who often ends up with a buggered PC and needs to access the users system. Either the device is taken to a remote workshop or it's accessed remotely - but how do you then enter your clients fingerprint or text received on their phone? It may be more secure, but IT Support will suffer.
So, if I create a deep fake porn image of a politician, I need to register that fake (with the CR) on the Adobe Cloud. Then when I share it online, obviously with the metadata removed, it can be detected. That sounds like it's going to work, and I can't think of any way around that :-(
Also, if I grab a copy of an old photo of the Mona Lisa and upload it to the Adobe Cloud today, will that mark ALL global copies of the Mona Lisa as dodgy copies?
This is going to be so much fun.
20 years ago, a small team developed software to deploy, upgrade and manage 2,000 servers, 50,000 PCs and 8,000 CAS machines. We upgraded every end point almost monthly and overnight.
Who is this company that's paid millions to upgrade 300 machines on a weekday between 9-5? Who manages this project, do they have any previous experience?
I'm 20 years out of date, but could probably still do a better job from my laptop sat in bed!
"Project gigabit" another project that will just die off before completion.
What happened to the "Universal Service Obligation", I still have clients stuck way below that threshold but ISPs are ignoring it.
What happened to 4G, I have clients who can't get it, and now are being told 3G is being turned off with no plans for 5G in the area.
Roll out within 12 months from a standing start - no chance. Trooli and giganet have been messing in my postcode for 3 years and it's still not fully available or working!
75% of that "investment" will go on paperwork anyway.
How about we delay the age verification bill for a few years?
By that time, the children we're trying to protect will have grown up and be over 18. Problem solved :-)
Why are we removing responsibility from the parents? Supervision, discussion and Parental Control software does actually work. In comparison, look at the eScooter rental situation with children under 18 driving in the streets - how is the age verification via driving license working there?
I keep being told by "influencers" that it's a "real job", so I'm guessing that if the government accepts it as a real job, and they pay taxes, then they may be right :-)
Interesting point about the $1,000 (?) from online activities, I'll have to check my Google and Amazon clickbait payments :-o
Am I missing something? Why would a police car not just get in front of the Tesla and slow down? Surely the Tesla would see the slow moving traffic in front and stop (I really hope it would!), or did it mount the pavement and drive through the tables and chairs on the sidewalk like they do in so many American films?
I'm guessing California will now demand an SMS gateway so they can text Tesla a vehicle registration number and ZIP code, and have the vehicle self drive to the police pound :-)
If you are going to write it down, please add a date next to it or cross out the old ones. I must spend hours a week waiting for clients to flip through password books shouting out different passwords for the one login I need. Although I must admit, I enjoy trying to identify the pattern :-)
I had one client who's email address was something like xT5-4GHj!@bigemail.com and the password was Mable - I'm sure they were confused when they set it up!
This comes down to the old issue of logging into a system as "Administrator" rather than a restricted user. We all know it's wrong, but it makes coding, testing and support soooo much easier.
Everyone is rushing their development, and we know security & testing only ever finds problems and causes delays :-(
Keyless cars, what a great idea - security will be in version 2.
Haha,
Well I've stuck with a setup we developed for a 50,000 PC deployment with over 2000 sites. The router goes at .200 with clients on DHCP below, and "important stuff" on the higher numbers above. It does mean the first PC on site is .1, so names and IP addresses can match if you really want :-)
Chat soon.
"we do not hold any confidential information on any of our servers"
I understood name, email, job description, company and password were classed as personal and confidential. I'm pretty sure I can't just publish my list of contacts from my database on a web page - which is what they have basically done! ICO, do your job.
Who comes up with this stuff?
So the target is to get "high speed" to 85% of the population. That means those who live in cities or already have decent infrastructure will get even fast broadband, while those 10million who live on the end of a bit of wet string in the country will be left behind, forgotten and ignored.
I bet the "Tax break" is targeted at new technology, ie, subsidised 5G or FTTP, rather than providing a reliable 50Mbps to home & business users via DSL or a strong 3G/4G signal.
Anyone seen the UK plans for how to run 6 office phones off of a 0.25Mbps ADSL link in 2025 when there's no mobile coverage in the area?
Thanks UK planners and Government regulations.
Haha,
It definitely sounds like an OpenReach issue - so you can see why ZEN want this guy to leave ASAP. Any future ISP will have the same issue, so he'd be far better staying with ZEN and insisting that based on the contract that he's been paying, THEY need to get it sorted.
I've had problems with BT recently (not naming the product), and after months of zero support, I started "abusing" every one of their adverts on Facebook - all done very politely by just pointing out how bad they were. Within a month of my campaign, I'd got a call from someone high up who asked "if I'd had problems?" :-) He's not put me in direct touch with someone technical who actually understands the product - almost a happy ending - it's still not working correctly, but they guy I'm talking too actually understands the problem and appears to be kicking arse and getting some progress.
This article, and a lot of public exposure of the issue will do more good than writing to your MP - in fact, despite my local MP having broadband and a website, he doesn't "do" email? :-( (he does do email, but only for his friends - not for his constituents!).
Chat soon.
"The health and safety of our customers and crew is always our primary concern," a TUI spokesperson said.
Clearly their primary concern was getting cheaper software developed offshore and not fully testing it.
Out "thoughts and prayers" are with the non-UK developers and shareholders.
There's also a lot of benefit in actually "owning" a version of the software on your system.
Looking at cloud based software, or software that auto updates when it feels like it can cause more problems than it fixes. A lot of the "managed" platforms get updated with features many clients don't actually want, most businesses also hate the way the software they use, updates outside their control thus causing support and training issues.
I had one medical client who was unable to print legally required labels from their 12 label printers across 3 sites last month - all because they had "auto update" turned on as their "security policy" requires them to install "official updates within 14 days". Look at the Android issues last month as another example of lack of control and how it impacts YOUR business.
You can have Microsoft Office for £7/month or a one off fee of £70 - what are you paying for? Most users already have Email and Cloud Storage, so why pay monthly? Nobody rents their TV, Video or Fridge any more do they?
Well we have a legal requirement to print labels when we prescribe meds - and a dozen Dymo label printers all started missing life threatening details over the weekend.
The "patch" also included un-fixes for DNS and FTP, which also broke this week after the reboot.
Whoever wrote the security policy that said manufacturer released security fixes need to be applied within 14 days clearly never worked with Microsoft :-(
Don't get me started on "r" numbers (I believe r is a short for RAND() as it's somewhere between 0 and 1)
Knowing that one person has reported positive, then surely knowing how many contacts they have had and how many of those became infected, would be a very accurate way of calculating a more accurate r value? It seems so bloody obvious compared with the current dozen committees who vote on a random number that they then seem to average before saying it's somewhere between 0.5 and 0.999 but less than 1.
Erm,
Years ago (before ZIP, ARJ and LZW), I wrote a compression utility that would compress any data down to a single byte. Unfortunately I never managed to complete a working decompression method though. Maybe I should resurrect that code now - anyone got a working Vic-20 I can borrow?
So just having one maintenance system to monitor & manage all 3 networks? That there is exactly the problem, one system plugged into everything - that would be the target. Would it be so expensive and inconvenient to have a separate maintenance system for the public network?
So the porn sites will now have to "subscribe" or "register" with a central body to verify visitor ages. The porn sites will also presumably have to invest in securing their site to handle this personal data, as well as comply with GDPR (will they have to keep a copy of the personal details?). I'm guessing this will just push the porn sites off of UK soil and beyond UK Government control.
"Free Porn" - site verified dirty by UK Government and clean by McAfee
I wonder if there will be a page on gov.uk with links to approved porn sites? That would seriously help with SEO :-)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
