* Posts by DCdave

109 publicly visible posts • joined 29 Jan 2018

Page:

Microsoft tells yet more customers their emails have been stolen

DCdave

That would mean

If Facebook/Meta are at 4 percent and that is 7 percent higher than the next, the next one would be at 3.73%.

Percent vs Percentage Points.

Watch out for rogue DHCP servers decloaking your VPN connections

DCdave

Re: What am I not understanding about this?

It manipulates the routing table to stop the traffic ever reaching the encrypted VPN tunnel, and uses the rogue DHCP server as a snooping gateway to pass on the traffic to the legitimate destination.

Microsoft gets new Windows boss as Start Menu man Parakhin 'to explore new roles'

DCdave

It wouldn't surprise me if...

...the current Microsoft regime decided they didn't need Windows at all, given how important Azure is to them now. Even AI is seen as a way to drive more cloud, which obviously should be Azure.

Over 170K users caught up in poisoned Python package ruse

DCdave
Joke

We're secure against supply chain attacks on Python....

...as our Python users never update their binaries, so there!

Microsoft confirms memory leak in March Windows Server security update

DCdave

On the 2022 patch page, Microsoft says:

[Quote]

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

[/Quote]

From this, I would infer that no uninstall of the previous patch is required.

DCdave
Boffin

Microsoft recommends using DISM not WUSA for uninstall

Granted that the servicing stack itself is not really relevant to a problematic specific issue like an LSASS memory leak, but Microsoft nonetheless officially recommend using DISM to uninstall cumulative patches:

[Quote]

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

[/Quote]

Windows Server 2022 patch is breaking apps for some users

DCdave

Using a browser vs browsing

Just because you're using a browser on a server doesn't mean you're browsing the internet, which certainly isn't recommended - indeed in our organisation it is actively prevented.

However, apart from Edge Chromium being part of Server 2022, there are all manner of applications these days that require administration via browser - even to administrate services running on the local machine, so it's not as simple as saying "no browser" in every environment. If your browser is not working, your app might not be working either, which is a problem, and is very much the downside of cumulative patches.

Microsoft issues deadline for end of Windows 10 support – it's pay to play for security

DCdave

Re: Need the EU to step up…

"There's a reasonable rationale for most of those minimum requirements and junking backward compatibility. The CPU threshold seems to be around memory security controls that could be enabled on older machines, but would incur a significant performance penalty, and I can see why MS wouldn't go down that route. It is possible to load WIn 11 on just about any machine by circumventing the hardware checks, albeit missing out on some of the specific security improvements, if people want to do that MS have not stopped them. "

All true, but there are plenty of not very old machines that were supported all througout pre-release, yet disappeared from the release version. My private laptop is among them and whilst I have no wish to "upgrade" to Windows 11, that increasingly becomes a problem as Windows 10 EOL draws near. Even if I can and will apply the workarounds to be able to install Windows 11, it remains at Microsoft's whim to allow those workarounds to be in place. That's not a good place to be, and should have been avoided.

Copilot coming to Windows 10 to help navigate the OS's twilight years

DCdave
Joke

Re: Déjà vu all over again

I personally prefer Clipshit.

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

DCdave

Re: Ah, Patch Tuesday...

Something wrong with your Windows implementation if it's taking that long and needing multiple restarts.

All current Windows OS have cumulative updates, thus taking care of supersedence, and the servicing stack embedded in the cumulative update so no separate reboot is required. Typically the only other required update would be for .NET framework, which can install alongside the OS patch and does not need a separate reboot.

Microsoft calls time on Windows Insider MVP program

DCdave
Joke

Paperweights

"as well as the odd paperweight or two"

I already have an old Windows Phone.

Microsoft admits 'power issue' downed Azure services in West Europe

DCdave
Joke

Any suggestion

...that the control systems were running on an Azure VM affected by the outage are pure speculation, if not entire fiction on my part.

From chaos to cadence: Celebrating two decades of Microsoft's Patch Tuesday

DCdave

Re: Getting worse??

Bunching it all together also brought us cumulative updates, ending the hell of trying to find out which incantation was required to get certain missing updates installed in exactly the right order of dependency.

Google Street View car careens into creek after 100mph cop chase

DCdave
Joke

Re: I weep for your gas mileage

I hope you reported the other driver for speeding

Unidentified object on Australian beach may be part of Indian rocket launcher

DCdave

Re: Uncontrolled reentry?

It does look like metal in the photos, however reports state that it was seen floating in the shallows and was dragged out of the water by a 4x4. People on the scene described it being made of something like carbon fibre or a lightweight resin (which doesn't sound very substantial for part of a space vehicle).

Microsoft kicks Calibri to the curb for Aptos as default font

DCdave

Misread is a matter of perspective

As anyone in Germany who lives at an address with especially a 7 in and receives letters from English-speaking countries will testify. German posties tend to interpret the un-crossed 7 as a 1.

On a related matter, it does make me wonder that Germans manage to cope with computer and print typefaces that do not have crossed 7s and heavily-seriphed 1s when they apparently cannot for handwriting.

Microsoft whips up unrest after revealing Azure AD name change

DCdave
Thumb Down

If you have to rename something...

Rename Active Directory as Active Directory Classic, or Classic Active Directory, and keep Azure Active Directory as it is. I've already forgotten what they want to rename AAD as. Something like Entrada*

Which, on double-checking, probably isn't what they want.

Turning a computer off, then on again, never goes wrong. Right?

DCdave
Coat

Re: Sausage Factory

It could have been wurst, he might have ended up as mincemeat.

Another redesign on the cards for iPhone as EU rules call for removable batteries

DCdave

"Critics also claim that the water and dust resistance consumers have come to assume will be present in their mobiles will be hit hard – a sealed unit isn't just a deterrent for techies after all."

Dust resistance was a myth, at least on the Galaxy S21 5G. It couldn't be charged via cable and when taken to Samsung, the techie was less than suprised and cleaned out all the gunk that was statically attracted, saying it was hard to do at home without the proper kit, advising using a rubber plug in the charging port in future. Never needed that on predecessor models though.

Millions of mobile phones come pre-infected with malware, say researchers

DCdave
Joke

Western Digital don't make phones though

Western Digital don't make phones though

Oh, really? Microsoft worries multicloud complicates security and identity

DCdave
Thumb Down

Zero trust is quite secure...

...but from experience it leads to hiding insecure things from people responsible for making sure they are secure. How to report on something that is hidden from you?

In the middle of an incident the last thing you need is to find that some little-used access rights that you have for good reason have in the meantime been silently removed and you don't even know who you need to speak to to get them back.

US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities

DCdave

As bad as having a monthly fix for security and other issues is...

it's actually one of the better models out there, compared to the obfuscate and/or deny everything that many companies operate.

Microsoft promises smaller Windows 11 updates with UUP – but there's a catch

DCdave

Small updates?

No, what I want is no reboots of my customers' servers when installing OS updates.

Four top euro carriers will use phone numbers to target ads and annoy Google & Facebook

DCdave

Re: Thank god it's opt in

Yes, opt-in seems to have an increasing tendency to 'default' to opted-in (whether by tick box or by simply ignoring your choice), thus making it actually an illegal opt-out. Allegedly, of course, and I'm sure it's entirely accidental.

As an aside, having your own domain and registering with every company with a separate email address (actually a forwarding address) <company name>@<your domain> is remarkably effective in controlling miscreants who abuse email in some way or another, although it is more effort to set up each time. You get to know the culprit and to delete the forwarding address.

First Patch Tuesday of the year explodes with in-the-wild exploit fix

DCdave

Re: A yes monthly patching time again....

Steps 1 & 2 are automated here, step 3 is autopilot.

Addendum based on November patches:

4. Wake up and find lots and lots of things broken and people screaming. Marvel that no-one invoked on-call.

5. Spend the next week with Microsoft trying to fix everything.

More than 4 in 10 PCs still can't upgrade to Windows 11

DCdave

Re: I'm amazed! I really am!

I'm not sure that's the case - expensive though ESU is, it must be a huge pain to support code that's a decade old. Which is not to say they won't happily take your money in the end.

Deluge of of entries to Spamhaus blocklists includes 'various household names'

DCdave

Re: "my ISP was delivering the service I paid for"

Your premise is really quite ridiculous.

DCdave

Re: Different strokes

That's not quite correct - my ISP was delivering the service I paid for - my email was being sent in all cases. It was the receiving domain that was not delivering it to the intended recipient if and only if it came from a particular server (not domain) owned by my ISP.

DCdave
Devil

Different strokes

Lots of admins on here defending Spamhaus and saying it's easy to get off the lists, and as a sysadmin (but not responsible for email) I understand that, however as a user I have very much been collateral damage as a result of a single one of my email provider's servers being put on their list due to relatively spurious reasons.

I will not forget the arrogant and unhelpful attitude of Spamhaus at the time. They just did not care about collateral damage and there wasn't a thing I could do about it.

Of course, the problem was made immeasurably worse by my Dad's email provider mostly not sending a bounce, or occasionally sending one after 48 hours.

Either way, absolutely nightmare of a problem to troubleshoot as an end user, the problem effectively manifested itself as "random" depending on where my provider's load balancer directed me - to the flagged server, my mail wouldn't get through, or to an unflagged server and my mail would get through.

I don't know how the problem was eventually resolved, but it was months later, well after I had started using another provider just to keep in touch with my Dad.

Microsoft Teams outage widens to take out M365 services, admin center

DCdave
Joke

now we know how the spooks set up their dead-man's-handle kill switch

Hive to pull the plug on smart home gadgets by 2025

DCdave

Re: Reciva Radios

I had a very similar experience with my Philips Streamium. I continued to use it for streaming on my home network for a while, before consigning it to history, and learning a lesson about devices that require a service to function, as well as the companies that provide that service.

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

DCdave

Re: Powershell 7.2 improves on 5.1?

You know you can use Visual Studio Code for free, right? Personally I do prefer ISE, but you can run your scripts within Code too...although yes, ISE's tabbed approach is better than Code's window per script.

DCdave

Powershell 7.2 improves on 5.1?

Hmm, not so sure about that, really. It's newer, but it has some compromises due to portability. If you're setting up a new environment from scratch, then maybe go for it. If you've got a mature environment with lots of scripts then you're likely going to need and want to keep using 5.1.

Also, just using 7.2 isn't enough anyway, you do actually need to disable 5.1 in some way, at least for remote access, otherwise all you're doing is stopping using 5.1 and leaving it open for anyone who wants to use it.

Microsoft slides ads into Windows Insiders' File Explorer

DCdave
Black Helicopters

Of course it was a mistake...

....they meant to bypass the free Insider tests and push it straight to the free public test phase.

Germany advises citizens to uninstall Kaspersky antivirus

DCdave

Re: Kaspersky has been in the crosshairs for years

Going by the same logic, what we really need is an AV vendor who exposes Russian government exploits, or indeed one that exposes all governments' exploits...

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

DCdave
Flame

Re: Seems like it is time to train a new generation

This one took a little too long though. Patches issued on Tuesday, tested, no problems seen in our environment, updates pushed to next test machines over the weekend. Discover on Monday there's an out-of-band patch that compromises your testing strategy, even if no adverse affects were actually seen.

Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack

DCdave
Joke

I trust the affected were notified in the proper fashion

All user emails in the To: field, with an Excel of the compromised data attached.

Intel teases 'software-defined silicon' with Linux kernel contribution – and won't say why

DCdave

Clearly this means...

The boffins at Intel have found a way to emulate a Xeon running on a 286 chip. We have a solution for the silicon chip crisis!

Now, where did I put that old IBM PC?

BOFH: You. Wouldn't. Put. A. Test. Machine. Into. Production. Without. Telling. Us.

DCdave

and we all know that it finishes with the call being cut at exactly closing time for their hotline (or before if they really don't give a rat's behind).

Docker’s cash conundrum is becoming a bet on a very different future

DCdave
Joke

Re: "Progressive pricing may seem dangerously like socialism"

What are you doing owning a house. Are you some kind of rabid, selfish capitalist?

Windows 11 will roll out from October 5 as Microsoft hypes new hardware

DCdave
Go

Re: That was fast

I guess we'll really know what's what when/if MS release Windows 10 21H2. Maintaining different (even if closely related) codebases goes against everything MS has done in recent years, so it would make sense for Windows 10 and Windows 11 to be really close. Alternatively, expect Windows 10 to get little more than lip-service support in future.

Microsoft does and doesn't want you to know it won't stop you manually installing Windows 11 on older PCs

DCdave
WTF?

Old laptop? What old laptop?

I'm fairly ambivalent about upgrading to Windows 11, though I have it running on a VM out of idle curiousity. But I was quite surprised to find from the compatibility list that my 3 year old laptop with a Ryzen 5 2500U, where said VM is running, wasn't even supported. New laptop? Don't think so, but I might eventually install Windows 11 on it, I suppose.

DCdave
Joke

Re: 99.8%, statistically significant?

Well, even basic maths says that Windows 11 is 10% better than Windows 10.

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?

DCdave
Facepalm

I feel so foolish

It seems so obvious after reading the report, as a sysadmin I should just read the code of all the (in many cases closed-source) software running in the data centre. Why didn't I think of it before? Then we'd be safe.

Excuse me, what just happened? Resilience is tough when your failure is due to a 'sequence of events that was almost impossible to foresee'

DCdave
Flame

Re: What? Only four questions?

Documentation? I think I recognise this word from the last century when as a tester my developer boss told me "the code is the documentation".

Fastly 'fesses up to breaking the internet with an 'an undiscovered software bug' triggered by a customer

DCdave

I'd add another step - we will work on limiting the scope of any changes to cause such a widespread issue. A customer should maximum only be able to affect their own systems.

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

DCdave
Black Helicopters

Remind you of anyone?

Google and CCP seem to have the same attitude to data. Has anyone seen them both in the same place at the same time?

Samsung stops providing security updates to the Galaxy S8 at grand old age of four years

DCdave

Re: "For an Android"

I suspect we have a different definition of "function", but fair enough.

So what if I pay peanuts for my home broadband? I demand you fix it NOW!

DCdave

Re: Feature suggestion.

Why only when the connection drops? It'd be quite useful when the connection is active too.

Page: