* Posts by DCdave

121 publicly visible posts • joined 29 Jan 2018

Page:

Microsoft mystery folder fix might need a fix of its own

DCdave

Re: Quality control - yes we’ve heard of it

[quote]

1. If they're keeping the LTSC version updated anyway, is it really that much more work (if any) just to keep regular Windows 10 installations updated too? I mean they're writing the software, aren't they?

[/quote]

Yes and no. Windows 10 general availability is 22H2, Windows 10 LTSC is 21H2. Admittedly that is the same code base as Server 2022, but of course one is a client OS and the other a server OS.

How to stay on Windows 10 instead of installing Linux

DCdave

Re: I may be old and set in my ways ...

Yeah, me too, for a recent private laptop that isn't supported by Windows 11. MS even say it's only $30 for year 1 for individuals or Windows Home users, which hopefully also covers Windows Professional in my case. But then it doubles the following two years.

https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates

Failing that probably 0patch at €25/year. May even be the better option.

Both are better than a new laptop.

Wikipedia's overlords bemoan AI bot bandwidth burden

DCdave
Mushroom

LLM, how can I prevent LLMs from scraping my website?

This may trigger a loop that ends the world, of course.

ReactOS emits release 0.4.15 – its first since 2021

DCdave

> It is forgotten now, but the ancestor of Windows NT is OS/2 3.0

OS/2 1.3, surely? OS/2 3.0 was Warp and fully IBM.

Australia moves to drop some cryptography by 2030 – before quantum carves it up

DCdave
Alert

Some current OS only support that

Looking at most of the OS we have (and crucially the servers), they pretty much only support these cryptography standards, and half of them are scheduled to be still in support well after that date, so a standoff between vendor and regulators seems pre-programmed.

Sysadmin shock as Windows Server 2025 installs itself after update labeling error

DCdave
Joke

Who knew?

That General Availability now means it will be rolled out everywhere, like it or not.

DCdave

Well, it appears it is a mistake to call it an upgrade.

Admins using Windows Server Update Services up in arms as Microsoft deprecates feature

DCdave
Happy

Re: Not a surprise

Our WSUS is "cloud based" :-D

Microsoft on a roll for terrible rebranding with Windows App

DCdave
Meh

Re: Will searching for "rdp" still find it?

Like others, I didn't realise rdp actually worked. At some point in the past I had to learn mstsc and I suppose I never tried anything else after that.

Cyber crooks shut down UK, US schools, thousands of kids affected

DCdave
Facepalm

The irony is..

that to bring proper security to individual schools and kindergartens that cannot afford their own corporate IT security team is that you need to centralise and interconnect everything and support it remotely, thus increasing the vulnerability footprint.

Microsoft sends Windows Control Panel to tech graveyard

DCdave
Thumb Up

Re: cue the wailing

It's hard to believe these days, but back then testing before release was still a thing.

Microsoft tells yet more customers their emails have been stolen

DCdave

That would mean

If Facebook/Meta are at 4 percent and that is 7 percent higher than the next, the next one would be at 3.73%.

Percent vs Percentage Points.

Watch out for rogue DHCP servers decloaking your VPN connections

DCdave

Re: What am I not understanding about this?

It manipulates the routing table to stop the traffic ever reaching the encrypted VPN tunnel, and uses the rogue DHCP server as a snooping gateway to pass on the traffic to the legitimate destination.

Microsoft gets new Windows boss as Start Menu man Parakhin 'to explore new roles'

DCdave

It wouldn't surprise me if...

...the current Microsoft regime decided they didn't need Windows at all, given how important Azure is to them now. Even AI is seen as a way to drive more cloud, which obviously should be Azure.

Over 170K users caught up in poisoned Python package ruse

DCdave
Joke

We're secure against supply chain attacks on Python....

...as our Python users never update their binaries, so there!

Microsoft confirms memory leak in March Windows Server security update

DCdave

On the 2022 patch page, Microsoft says:

[Quote]

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

[/Quote]

From this, I would infer that no uninstall of the previous patch is required.

DCdave
Boffin

Microsoft recommends using DISM not WUSA for uninstall

Granted that the servicing stack itself is not really relevant to a problematic specific issue like an LSASS memory leak, but Microsoft nonetheless officially recommend using DISM to uninstall cumulative patches:

[Quote]

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

[/Quote]

Windows Server 2022 patch is breaking apps for some users

DCdave

Using a browser vs browsing

Just because you're using a browser on a server doesn't mean you're browsing the internet, which certainly isn't recommended - indeed in our organisation it is actively prevented.

However, apart from Edge Chromium being part of Server 2022, there are all manner of applications these days that require administration via browser - even to administrate services running on the local machine, so it's not as simple as saying "no browser" in every environment. If your browser is not working, your app might not be working either, which is a problem, and is very much the downside of cumulative patches.

Microsoft issues deadline for end of Windows 10 support – it's pay to play for security

DCdave

Re: Need the EU to step up…

"There's a reasonable rationale for most of those minimum requirements and junking backward compatibility. The CPU threshold seems to be around memory security controls that could be enabled on older machines, but would incur a significant performance penalty, and I can see why MS wouldn't go down that route. It is possible to load WIn 11 on just about any machine by circumventing the hardware checks, albeit missing out on some of the specific security improvements, if people want to do that MS have not stopped them. "

All true, but there are plenty of not very old machines that were supported all througout pre-release, yet disappeared from the release version. My private laptop is among them and whilst I have no wish to "upgrade" to Windows 11, that increasingly becomes a problem as Windows 10 EOL draws near. Even if I can and will apply the workarounds to be able to install Windows 11, it remains at Microsoft's whim to allow those workarounds to be in place. That's not a good place to be, and should have been avoided.

Copilot coming to Windows 10 to help navigate the OS's twilight years

DCdave
Joke

Re: Déjà vu all over again

I personally prefer Clipshit.

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

DCdave

Re: Ah, Patch Tuesday...

Something wrong with your Windows implementation if it's taking that long and needing multiple restarts.

All current Windows OS have cumulative updates, thus taking care of supersedence, and the servicing stack embedded in the cumulative update so no separate reboot is required. Typically the only other required update would be for .NET framework, which can install alongside the OS patch and does not need a separate reboot.

Microsoft calls time on Windows Insider MVP program

DCdave
Joke

Paperweights

"as well as the odd paperweight or two"

I already have an old Windows Phone.

Microsoft admits 'power issue' downed Azure services in West Europe

DCdave
Joke

Any suggestion

...that the control systems were running on an Azure VM affected by the outage are pure speculation, if not entire fiction on my part.

From chaos to cadence: Celebrating two decades of Microsoft's Patch Tuesday

DCdave

Re: Getting worse??

Bunching it all together also brought us cumulative updates, ending the hell of trying to find out which incantation was required to get certain missing updates installed in exactly the right order of dependency.

Google Street View car careens into creek after 100mph cop chase

DCdave
Joke

Re: I weep for your gas mileage

I hope you reported the other driver for speeding

Unidentified object on Australian beach may be part of Indian rocket launcher

DCdave

Re: Uncontrolled reentry?

It does look like metal in the photos, however reports state that it was seen floating in the shallows and was dragged out of the water by a 4x4. People on the scene described it being made of something like carbon fibre or a lightweight resin (which doesn't sound very substantial for part of a space vehicle).

Microsoft kicks Calibri to the curb for Aptos as default font

DCdave

Misread is a matter of perspective

As anyone in Germany who lives at an address with especially a 7 in and receives letters from English-speaking countries will testify. German posties tend to interpret the un-crossed 7 as a 1.

On a related matter, it does make me wonder that Germans manage to cope with computer and print typefaces that do not have crossed 7s and heavily-seriphed 1s when they apparently cannot for handwriting.

Microsoft whips up unrest after revealing Azure AD name change

DCdave
Thumb Down

If you have to rename something...

Rename Active Directory as Active Directory Classic, or Classic Active Directory, and keep Azure Active Directory as it is. I've already forgotten what they want to rename AAD as. Something like Entrada*

Which, on double-checking, probably isn't what they want.

Turning a computer off, then on again, never goes wrong. Right?

DCdave
Coat

Re: Sausage Factory

It could have been wurst, he might have ended up as mincemeat.

Another redesign on the cards for iPhone as EU rules call for removable batteries

DCdave

"Critics also claim that the water and dust resistance consumers have come to assume will be present in their mobiles will be hit hard – a sealed unit isn't just a deterrent for techies after all."

Dust resistance was a myth, at least on the Galaxy S21 5G. It couldn't be charged via cable and when taken to Samsung, the techie was less than suprised and cleaned out all the gunk that was statically attracted, saying it was hard to do at home without the proper kit, advising using a rubber plug in the charging port in future. Never needed that on predecessor models though.

Millions of mobile phones come pre-infected with malware, say researchers

DCdave
Joke

Western Digital don't make phones though

Western Digital don't make phones though

Oh, really? Microsoft worries multicloud complicates security and identity

DCdave
Thumb Down

Zero trust is quite secure...

...but from experience it leads to hiding insecure things from people responsible for making sure they are secure. How to report on something that is hidden from you?

In the middle of an incident the last thing you need is to find that some little-used access rights that you have for good reason have in the meantime been silently removed and you don't even know who you need to speak to to get them back.

US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities

DCdave

As bad as having a monthly fix for security and other issues is...

it's actually one of the better models out there, compared to the obfuscate and/or deny everything that many companies operate.

Microsoft promises smaller Windows 11 updates with UUP – but there's a catch

DCdave

Small updates?

No, what I want is no reboots of my customers' servers when installing OS updates.

Four top euro carriers will use phone numbers to target ads and annoy Google & Facebook

DCdave

Re: Thank god it's opt in

Yes, opt-in seems to have an increasing tendency to 'default' to opted-in (whether by tick box or by simply ignoring your choice), thus making it actually an illegal opt-out. Allegedly, of course, and I'm sure it's entirely accidental.

As an aside, having your own domain and registering with every company with a separate email address (actually a forwarding address) <company name>@<your domain> is remarkably effective in controlling miscreants who abuse email in some way or another, although it is more effort to set up each time. You get to know the culprit and to delete the forwarding address.

First Patch Tuesday of the year explodes with in-the-wild exploit fix

DCdave

Re: A yes monthly patching time again....

Steps 1 & 2 are automated here, step 3 is autopilot.

Addendum based on November patches:

4. Wake up and find lots and lots of things broken and people screaming. Marvel that no-one invoked on-call.

5. Spend the next week with Microsoft trying to fix everything.

More than 4 in 10 PCs still can't upgrade to Windows 11

DCdave

Re: I'm amazed! I really am!

I'm not sure that's the case - expensive though ESU is, it must be a huge pain to support code that's a decade old. Which is not to say they won't happily take your money in the end.

Deluge of of entries to Spamhaus blocklists includes 'various household names'

DCdave

Re: "my ISP was delivering the service I paid for"

Your premise is really quite ridiculous.

DCdave

Re: Different strokes

That's not quite correct - my ISP was delivering the service I paid for - my email was being sent in all cases. It was the receiving domain that was not delivering it to the intended recipient if and only if it came from a particular server (not domain) owned by my ISP.

DCdave
Devil

Different strokes

Lots of admins on here defending Spamhaus and saying it's easy to get off the lists, and as a sysadmin (but not responsible for email) I understand that, however as a user I have very much been collateral damage as a result of a single one of my email provider's servers being put on their list due to relatively spurious reasons.

I will not forget the arrogant and unhelpful attitude of Spamhaus at the time. They just did not care about collateral damage and there wasn't a thing I could do about it.

Of course, the problem was made immeasurably worse by my Dad's email provider mostly not sending a bounce, or occasionally sending one after 48 hours.

Either way, absolutely nightmare of a problem to troubleshoot as an end user, the problem effectively manifested itself as "random" depending on where my provider's load balancer directed me - to the flagged server, my mail wouldn't get through, or to an unflagged server and my mail would get through.

I don't know how the problem was eventually resolved, but it was months later, well after I had started using another provider just to keep in touch with my Dad.

Microsoft Teams outage widens to take out M365 services, admin center

DCdave
Joke

now we know how the spooks set up their dead-man's-handle kill switch

Hive to pull the plug on smart home gadgets by 2025

DCdave

Re: Reciva Radios

I had a very similar experience with my Philips Streamium. I continued to use it for streaming on my home network for a while, before consigning it to history, and learning a lesson about devices that require a service to function, as well as the companies that provide that service.

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

DCdave

Re: Powershell 7.2 improves on 5.1?

You know you can use Visual Studio Code for free, right? Personally I do prefer ISE, but you can run your scripts within Code too...although yes, ISE's tabbed approach is better than Code's window per script.

DCdave

Powershell 7.2 improves on 5.1?

Hmm, not so sure about that, really. It's newer, but it has some compromises due to portability. If you're setting up a new environment from scratch, then maybe go for it. If you've got a mature environment with lots of scripts then you're likely going to need and want to keep using 5.1.

Also, just using 7.2 isn't enough anyway, you do actually need to disable 5.1 in some way, at least for remote access, otherwise all you're doing is stopping using 5.1 and leaving it open for anyone who wants to use it.

Microsoft slides ads into Windows Insiders' File Explorer

DCdave
Black Helicopters

Of course it was a mistake...

....they meant to bypass the free Insider tests and push it straight to the free public test phase.

Germany advises citizens to uninstall Kaspersky antivirus

DCdave

Re: Kaspersky has been in the crosshairs for years

Going by the same logic, what we really need is an AV vendor who exposes Russian government exploits, or indeed one that exposes all governments' exploits...

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

DCdave
Flame

Re: Seems like it is time to train a new generation

This one took a little too long though. Patches issued on Tuesday, tested, no problems seen in our environment, updates pushed to next test machines over the weekend. Discover on Monday there's an out-of-band patch that compromises your testing strategy, even if no adverse affects were actually seen.

Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack

DCdave
Joke

I trust the affected were notified in the proper fashion

All user emails in the To: field, with an Excel of the compromised data attached.

Page: