Posts by tip pc 1577 publicly visible posts • joined 7 Mar 2018
Do those guys that used to sit in the silo to turn the missile key work from home now as well?
notwithstanding the above, zero trust architecture is a thing designed to prevent hacks from within the business.
https://en.wikipedia.org/wiki/Zero_trust_architecture
There was a time when hackers modified Sega Dreamcasts and had them installed in businesses beneath the floor tiles or above ceiling tiles and remotely connected into corporate networks.
Zero trust architecture mitigates exploits like that and those concepts make it safe for people to be working from home.
obviously if its super sensitive work then it should be done from controlled environments like a company secured office, but lower level activities like admin or HR can be done relatively safely from home with obvious caveats.
https://www.bbc.com/news/articles/crkx3vy54nzo.amp
Below is from the telegraph.
A criminal hacking gang known as DragonForce took responsibility for the attack as well as similar attacks on Marks & Spencer and Harrods.
The hackers reportedly showed the BBC screenshots of emails they sent to the retailer’s cyber security director on April 25.
Hackers ‘accessed and extracted data’
A spokesman for the Co-op said on Friday it was “continuing to experience sustained malicious attempts by hackers to access our systems” as it works with government cyber security experts to try and limit the damage of the attack”.
They added: “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems. The accessed data included information relating to a significant number of our current and past members.
“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
It has called in both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) as it battles the cyber attack, which followed a similar hack on Marks & Spencer, which has thrown the upmarket grocer into chaos. A third attack on Harrods followed on Thursday.
pure speculation here but if they have taken their remote access vpn offline, I wonder if that indicates an issue with the vpn vendor they have / use or that they have blocked incoming vpn traffic from unknown IP's.
more details should be socialised so that others using similar kit can take appropriate safeguards.
I know that those running critical infrastructure by know have a steer as what to watch out for, if they know it'll take 5 mins till the hackers know, so why has it not been disseminated wider so those smaller players can get in on the mitigations too.
IPv4 & IPv6 are incompatible so for an internal IPv4 client to reach something IPv6 across the internet a proxy is needed, not just a router.
you can't route from IPv4 to IPv6.
other than that i'd agree.
RFC 1918 defines the IP address ranges reserved for private networks, preventing address conflicts with the public Internet.
Internet routers from ISP's do not route RFC1918 addresses, so your 1st part is correct when companies use rfc 1918 internally.
IBM famously used to / uses their public addressing internally. Been a while since i was there so no idea if its still a thing.
IPv6 provides globally routed addresses for internal use. having none routable addresses internally adds a layer of security that does not exist with IPv6 and their hatred of NAT.
if IPv6 just endorsed & promoted NAT then i'm sure it would have had greater adoption.
The 40 degrees email goes out when all other alerts have been exhausted, it literally emails all directors and managers and not just the IT dept because something must have gone drastically wrong to reach this point. We're thinking possible fire. The room is set at 19C. We also have a caretaker function that starts to slow the CPU and GPUs down if the temperature keeps rising.
you have a plan then
have they ever triggered apart form the static shocks?
last times I was in a situation with a hot server room was during power events & the aircon failed, once during a power failure where the ups and genies kicked in but genies didn't power the aircon, ironically was in winter with snow on the ground and we had a keen heldesk guy walk in which took him ~ an hour and the power came up 20 minutes before he arrived.
another previous time was when they where ultra sound testing the mains and we powered everything off, when given the all clear the aircon (can't remember the brand but the rack size units that blew cold air through the raised floor) failed to start but we where assured it would work soon and where instructed to power everything up. took 4 days for that to be fixed and we had portable units blowing cold air in the room, server temps where around 30c.
Network kit is typically the last to die in hot rooms and can be long after other kit has expired. All Kit is usually a bit warmer than ambient temperature.
I think some of our network kit would be faulted at ambient 40c
Mushroom
I have a couple of server rooms that have ethernet thermometers installed, that are set to email all the important people in the business if the temperature exceeds 40 degrees C
would you not want that alert at ~30c or more likely 25c?
operating temps typically only go to 45c for network and 35c for servers.
servers shutting down is often enough to cool a room so that 40c might never be seen whilst your servers have expired.
Here is another recent example.
Believe it or not, police arrested a mum after she confiscated her kids iPads.
Police locked the mum up, then searched the address and found the iPads. Police also went to the school and removed one of the kids from class to discuss the issue.
On March 26 she was taken to Staines police station, where she had her fingerprints and custody shots taken, and was searched before being put in a cell. Almost 12 hours after officers knocked on her mother's door she was allowed home on bail, which meant she wasn't allowed to speak to her children who were part of the investigation.
Surrey Police said that following its initial enquiries no further action was need and later acknowledged that she was "entitled to confiscate items from her own children”.
https://www.getsurrey.co.uk/news/surrey-news/surrey-mum-arrested-held-cell-31401679.amp
Chief Superintendent Aimee Ramm, Surrey Police’s Northern Divisional Commander said: “A tracking device on the iPads showed that they were at the address.
“Officers encouraged the woman to return the items and resolve the matter, however the woman did not cooperate and therefore she was arrested on suspicion of theft.
“A search was then carried out using post-arrest powers and the iPads were located.
“The woman was subsequently released on conditional bail while further enquiries were carried out to establish the ownership of the iPads.
“The police bail conditions included not speaking to anyone connected to the investigation, including her daughters, while officers carried out their enquiries.
“Following these enquiries, officers were able to verify that the iPads belonged to the woman’s children, and that she was entitled to confiscate these items from her own children.”
https://www.telegraph.co.uk/news/2025/04/11/vanessa-brown-surrey-police-locked-up-cell-daughters-ipads/
How can multiple police officers go through with that nonsense.
The woman was hardly going to skip the country over confiscating her children’s iPads. Police knew she was the mother & even pulled one of her kids from class over the issue.
It makes no sense.
According to Statewatch, types of data the homicide prediction project looks at include those related to: Suspects, victims, witnesses, missing people, people for whom there are safeguarding concerns, and other vulnerable individuals.
The MoJ documents stated that health marker data was expected to give "significant predictive power" to the models, with factors like mental health, addiction, self-harm, suicide, vulnerability, and disability all informing homicide predictions.
The above is what police officers and health care officials where trained to look for, Government should stop trying to computerise everything and bring back the human element.
Put humans back in the loop and they can make judgements of these things rather than leaving it to computer algorithms that then become hard to challenge, because the staff acting on the computer output do not & will not have the authority to challenge what the computer determines and management will push back on challenges to make the system look good despite innocent citizens being negatively impacted because the computer said so.
"Time and again, research shows that algorithmic systems for 'predicting' crime are inherently flawed," she said. "Yet the government is pushing ahead with AI systems that will profile people as criminals before they've done anything.
UK Judiciary is already jailing people for hurt words while letting child harmers out on bail or suspended sentences.
"This latest model, which uses data from our institutionally racist police and Home Office, will reinforce and magnify the structural discrimination underpinning the criminal legal system. Like other systems of its kind, it will code in bias towards racialized and low-income communities. Building automated tools to profile people as violent criminals is deeply wrong, and using such sensitive data on mental health, addiction, and disability is highly intrusive and alarming.
This will ensure all cops have to enforce what the computer says, baking in that racism that has steadfastly been being removed over decades.
We all see the problem yet we know government won't address the issues.
Won't they think of the citizens?
But worse.
People remember the terminals of old.
I remember seeing the presentations of logging in to a gui vdi using your id badge and your session following you about.
Roaming profiles was as close as I saw it get but took ages for your home drive to get chugged to the pc you were on etc.
Oh well, the next generation get to discover the promises turned into vaporware.
Yes, the multiple entities each with multi $b annual revenues, have got it wrong with whatever they are doing.
I did think checkpoint had lost the plot when they ditched ipso (free bsd) for splat (red hat) then Gaia which is (at least used to be) based on red hat too.
Cisco iOS runs off of red hat too.
Panos is based on fedora (red hat lineage again)
Must be something ok with Linux if the largest vendors are using it in anger.
Maybe you should roll a new fw product on Minix with whatever your advantages are as USP.
Todays market requires ngfw stuff, how’s minix with that?
Tough crowded market out there now though.
I've been on many courses where the trainer has no answers.
some train multiple products, from Firewalls to SQL to Load balancers in the same month.
They know the course but don't know the products. Deploying checkpoint is vastly different to implementing PIX/ASA/FirePower, deploying Citrix LB is different to AVI.
Scratch under the surface and all their comprehension is exposed.
They teach the course and not necessarily the product. Also they often lack experience of running the product in anger so won't understand the nuances when you ask about situations that can arise when the product is deployed.
@CA Dave
The only way an ISP worker's computer gets infected with malware is if they go somewhere stupid or open an email with red flags. Everyone in any kind of IT knows damn well Russia will exploit any chance it gets. Absolutely inexcusable.
https://forums.theregister.com/forum/all/2025/03/28/google_kaspersky_mozilla/
The Chrome patch addresses a fairly vague vulnerability identified by Kaspersky, which it found after spotting a phishing campaign targeting Russian journalists, academics, and government agencies with bogus invites to an event.
"The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist," wrote Kaspersky researchers Igor Kuznetsov and Boris Larin.
looks to me like the attacks are very sophisticated and are hard to distinguish from genuine correspondence.
If you want to ensure things like this aren't in your browser / software then you need to roll your own.
I'm not suggesting its easy, just that if your at risk of exploitation then the only way to be sure is to have your own guys write your own software & understand all the bits that go into it and conduct regular audits for bugs etc etc etc.
younguns wont believe it but in the dim distant past it was common for companies, agencies councils etc to have their own software departments that would write code in addition to purchasing off the shelf stuff.
likely need a return to those principles.
a finance place i worked at had a couple of those solutions in place, Space for office & call centre staff, not everyone but enough to keep going.
several times a year some people would go over for a few hours and test connectivity for DR documentation tick box exercise.
sometimes all you need is some space in a locked rack in a DR office with an uplink, fw's & switches for connectivity to the mother ship & local LAN connectivity can be spun up within a few hours.
The agency reveals that BT/EE had originally planned to provide ESN gateways using 1899.9-1909.9 MHz spectrum. However, Ofcom decided this was not optimal because the frequencies had already been harmonized across Europe for FRMCS.
whilst it makes sense to align with others, what if they got FRMCS wrong in Europe?
being able to do things differently is often a strength
Is it not KISS to simply press the upgrade button rather than build a whole new instance and restore the backup with then fettling to fix things that don’t carry over to the new version correctly?
People clearly have different meanings for KISS.
There has been a history of buggy updates for pihole, I used to run it in containers and I’d clone an instance, upgrade the clone and ensure all was happy before just keeping on using it, worst case was I’d delete the clone and use the original and try again after a month or so.
That was my KISS.
Yes. It on a pie but I was KISS
I use a lot of apple stuff and pihole doesn’t work with vpn connections and private relay
Solution is a com profile, google it.
Easy to install works as well as pihole etc.
I also use dns over https profile on my ucg-ultra and drop port 53 outbound so every thing in my household is using the same adguard dns over https
works even when not in the home, uses dns over https and is less hassle than pihole for which I needed 2 Ubuntu docker hosts on my vm with a pihole each so that containers in 1 could use pihole in the other as they wouldn’t reach pihole in the same docker instance & occasionally 1 would crap out & I’d only notice when the things in 1 docker broke.
In fact since I got the ucg-ultra I no longer have my home server on as it was just doing opnsense (was pfsense till negate got nasty) pihole, prtg, plex (replaced with OTT clients), a download client, freenas (replaced with iCloud) and now occasional network labs (labs now at work), it’s so much quieter in the study now.
Grace ideally will communicate with Athena using the Moon's first mobile network. Nokia has designed and built a 4G/LTE base station as a test bed for a large communications grid planned for use when humans next arrive.
i wonder why they didn't just do 5g with all its advanced capabilities over 4g?
is it due to less client power draw with 4g?
If your using a Mac you don’t need iTunes (music now) to backup your phone.
Can even do it wirelessly.
As a family we have over 2TB of photos. None of our Mac’s have enough built in storage & using iCloud is convenient knowing all those photos are saved off device moments after being taken.
Even if a phone is stolen after that great photo, it’s likely in the cloud before the miscreant can turn the phone off.
I don’t really care about the phone any more, it’s my data in iCloud I care about & the thief cares not about that either as they will never unlock the phone & have no desire too.
Just the government wants to rummage through my data to see if they can find something incriminating on me.
As far as I can tell, they didn’t need to do that to nab Huw Edwards.
Will Richmond-Coggan, partner at Freeths specializing in privacy and cybersecurity disputes, said: "Insisting on this level of access, even with judicial supervision of the process, may well place the UK on a collision course with previous decisions made in the European Court of Human Rights, which has previously ruled (in the case of a similar attempt by Russia to broaden the scope of its domestic surveillance capabilities) that this contravened people's privacy rights.
"In turn, there is concern that it may well prejudice the UK's adequacy status with the EU which underpins the current free flow of data between the EU and the UK, potentially increasing the costs of doing business in Europe."
Looking forward to these lawyers getting a satisfactory result from this
The UK State already has legal power to demand user passwords to decrypt personal data upon demand. No US 5th Amendment rights here in the so called cradle (not) of democracy. Up to 5 years in the clink if you don’t play ball!
makes this a way to go fishing then, automatically trawl icloud data for things the government does not approve off and then send the boys in to have a word.
probably should have been the headline.
Joking aside, we all knew the investigatory powers bill would be used to subvert law abiding citizens to find the few miscreants out there.
Having Apple remove encryption wasn't needed to get the likes of Huw Edwards in court & despite knowing what he did the courts didn't incarcerate him which undermines an aspect of their argument.
sounds like those IBM/lenovo switches, bundled with IBM hardware as a supposed win win for the client.
i used to like those HP procurve switches and deployed hundreds back in the day.
cant beat a trusty cisco though. Not always best performance on paper but IOS consistency was the key to success.
its not uncommon to happen upon a cisco switch with uptime of a decade or more, of course no firmware updates in that time but that s a different story for a different day.
https://www.reddit.com/r/Cisco/comments/bgv7a3/uptime_record/
A bit last century I suppose but I blanch at the thought of placing these over complicated devices on the network border.
They are referring to the management interface of the firewall.
Most network systems have a management interface nowadays, helps separate management traffic from data.
Pop that management interface on a secure internal network and it reduces the risk of the system getting pawned across the internet as it would typically not respond to management traffic on an interface that is not the management interface.
yep, systems like this have been about since it least the turn of the century and definitely before given that users used serial connections to conenct to mainframes with green screen terminals since the 70's
https://www.raritan.com/products/kvm-serial/serial-console-servers
https://www.lantronix.com/products/eds5000-series/
not everyone had them but.......
why didn't the techies just remotely disconnect the uplink port from the router?
Surely the switches management interfaces where on a different vlan?
Surely the university used ip helpers on the vlans configs?
Surely the techies didn't use dhcp for the switch IP's
surely the techies could have setup a static IP on their machines if they also fell foul of the malicious dhcp server.
i guess these where in the times when these things where not well understood or implemented.
Still impressive the techies knew exactly what room the malicious system was in and could go directly to it.
Maybe the disconnect was a show of annoyance after they rectified the issue remotely.
The connection app is a jeans to an end.
There are loads of 3 parties that can integrate with connect cloud and you can consume your data there.
Connect is the conduit that connects your activity to a wider ecosystem, loads are free some are paid for.
Many just use connect to get their data to Strava.
https://support.strava.com/hc/en-us/articles/216918057-Garmin-and-Strava
Given all the issues they've been beset with, will they now see IT in a new light and provide their teams with the resources and funding to succeed?
i know we can all bet they won't.
handing over their IT intellectual property to TCS looks like a spectacular own goal that will lead to continued problems ahead as they will be reliant on 3rd parties managing their stuff instead of their own staff.
they'd be better off outsourcing to Sainsbury's and earn off the dividends, at least Sainsbury's tech seems to work even if they have outsourced to TCS too.
that is very true.
most entities, even government, have a freeze over Christmas even if its just due to staff availability etc.
the only reason to not freeze is if the penalties out way the risk.
Its obvious the pressure has been on the Asda project teams to succeed, i suspect that Asda has some contractual obligations with Walmart to at least show some percentage of migration movement that doing this work now is imperative to Asda.
You'd expect that these stores moving now are low hanging fruit, where problems can be swept under the rug,
chat GPT suggests ~ 50 MWh
Over a year:
50×24×365=438,000 MWh or 438 GWh.
1. Annual Energy Consumption
The AI data center consumes 438 GWh/year (50 MW × 24 hours/day × 365 days).
2. Energy Available from Sunlight
The amount of sunlight (solar irradiance) falling on one square meter varies by location, but a global average is 1,000 W/m² under peak conditions. Over a year:
Average Solar Irradiance: ~5 kWh/m²/day (typical for sunny regions).
Annual Solar Energy per m²: 5 kWh/m²/day × 365 days = 1,825 kWh/m²/year
3. Solar Panel Efficiency
Modern solar panels have efficiencies between 18% and 22%. Assuming 20% efficiency:
Energy Captured per m² per Year:
1,825kWh/m²/year×0.20=365kWh/m²/year.
4. Total Area Required for Solar Panels
To meet the annual energy demand:
Total Area=
365kWh/m²/year
438,000,000kWh
≈1,200,000m².
This translates to 1,200 hectares (12 km² or ~3,000 acres).
5. Battery Storage
Daily Energy Requirement:
Nighttime energy (12 hours of no sunlight):
600MWh×3=1,800MWh.
Battery Volume and Weight:
Energy density of lithium-ion batteries: ~250 Wh/L and ~6 Wh/kg.
Battery volume:
1,800,000kWh÷0.25kWh/L=7,200,000L=7,200m³.
Battery weight:
1,800,000kWh÷0.006kWh/kg=300,000,000kg or 300,000 tons.
Battery Space:
Assuming batteries are packed at ~1,000 kg/m³, the storage space would be
300,000m³, which is roughly 15,000 m² (considering 20 m height).
6. Summary
Solar Panel Area: ~1,200,000 m² (1,200 hectares or ~3,000 acres).
Battery Space: ~15,000 m² (1.5 hectares or ~3.7 acres).
Total Space Needed: ~1,215 hectares (12.15 km² or ~3,003 acres).
This estimate assumes efficient land use for solar panels and battery storage. Adjustments would depend on panel orientation, spacing, and local solar irradiance.
UK allows you to have 2 uk passports
https://www.gov.uk/government/publications/additional-passports/additional-passports-accessible
useful if you need to travel to territories that don't like each other
used to be that going to Greece & Turkey would cause issues if the passport control saw the other nations stamps
but NX-OS now that one mixes up the order you have to enter commands
you mean NX-OS running in aci mode.
NX-OS running in non ACI mode works like normal IOS.
i dread logging into that part of the environment that is ACI, and then have to find the ACI controller management IP / name & then remember my way around ACI.
even worse when your sharing your screen, even worse when the audience are fellow network bods.
always do "copy run start" then "reload in" [or its platform equivalent] before starting your work
then you just need to wait for the timer to expire and device to reload (juniper just loads the previous config) and your back as you where before your change.
after 1 event of locking yourself out you likely won't repeat the offence!!!
i've worked in places where they owned public addressing and blackholed it on the internet while using it internally for specific use cases.
idea was it would not be routable if a miscreant tried accessing it from the internet.
they could have just used a bogon / martian / reserved but if you use your own owned addresses that you know are routed to null then there is no fear for an address currently reserved being openly routable in the future.
When I got my newish car I wanted it to have auto stop in case I suffered some issue and was no longer capable of controlling it.
No idea if it actually works, I’ve had to dial it back as many times pulling left out of junctions it would slow or stop me as cars where coming in their lane from the left.
Also it would moan on motorways if a car to my left was slowing despite my lane still flowing.
It also has delayed reactions seemingly, up to a minute, where I’m in queuing traffic & a bike / moped / pedestrian passes close by it sets off a potential collision warning despite me still being stationary and the hazard long gone. Sometimes road infrastructure sets it off too.
It’s not a Tesla but I believe it’s a Bosch derived system like many would be.
Driver aids are beneficial but driving should be left to the humans.
In the case of this tragic event, the car should have warned the driver of the potential issue and slowed the car while putting hazards on. That it didn’t demonstrates the technology isn’t ready yet.
Where they went wrong was making IPv6 *so big*, there really was not much need for such a huge (and I think overkill) addressing range and keeping the hexadecimal out of it would have helped it's adoption as I am sure that is part of what scared everyone off.
Where they went wrong was their fastidious insistence that NAT be gone and everything should connect to everything just as we where realising we didn't want everything to connect to everything and also we want somethings to look like 1 thing when really they where 1000 things.
turns out ipv4 works pretty well for availability & security by masquerading.
NAT was transformative for security, cheap, ubiquitous and with the benefit of enabling firewalling as the session table could be used for that.
yes ipv6 has gazillions more addresses but do we need them?
once people realise we don't need lots of addresses to connect to stuff, we can end back in the realms of closed gardens where we prefer to connect to the net via a secure solution that promises to protect and care for us. VPN's are a 1st step and work fine over NAT.
This. If you're wanting to warm up a room that room is more than the air within it, it's a lot of objects, furniture, walls, etc.. If they're too cold you're going to feel cold irrespective of the air temperature. Whilst the room's warming up the air is a heat-transfer medium of rather low capacity between the heating system and everything else. Without an initial overshoot of that medium it's going to take far too long to achieve.
our old house had a cold kitchen.
i had a plinth heater installed that ran off the central heating (with an electric fan), once the heating came on the plinth fan started to run and blew warm air into the kitchen, it'd warm up quick, far quicker than a radiator in that room would warm the room.
but yes if the contents of the room is cold, it takes a while to get truly warm but moving warm air helps.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
