* Posts by tip pc

436 posts • joined 7 Mar 2018


Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues

tip pc Silver badge

when you have no control over key aspects of your solution, anything can and will happen

the really fun thing is that many users don't even know they are dependant on third parties for their stuff to work correctly.

Funny how some think that running older systems is the issue, when they have no clue as to how the newer systems work and that it doesn't have to be that way.

If there was a good way to notify about the issue and obtain user approval that would be a great start, but not suitable for systems that run headerless.

Even better would be a some kind of automatic management system that auto magically fixed these things.

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

tip pc Silver badge

Re: Old devices

"Just plug it instead to a small 2 port box with the other port instead going to the lan."

so that system that has just 1 port that can be administered via sha1 needs another box in-front of it to proxy sha2.

you could do that or you could put a fw in the logical path blocking all ssh to everything you want & a single bastion host in the subnet of the sha1 system that will only permit sha2 or whatever you want.

Then you use strong auth to get to the bastion host in the required subnet and then sha1 to the old system and any other systems in that subnet that can only use sha1.

you could put the bastion host elsewhere but it ups the risk of the traffic being intercepted from 0 for the solution with the box in front of the sha1 system to a little bit more for something on the same subnet intercepting that traffic (can't happen on a switched network unless a port mirror is configured) to again a bit more if the traffic is routed through a number of systems that could intercept or chnage on route (fw's load balancers, virtual systems, IDS/IPS) etc

the attack risk is much lower on your internal systems than it is if your traffic has to go across a public network even if you use a vpn or private peering in a colo.

EU General Court tears up ban on Three slurping O2. Good thing the latter's not set to merge with Virgin Media, eh?

tip pc Silver badge

Huawei flip flop doesn’t help

If government could make its mind up once and for all telcos like three could get on with 5g.

Is there anything to stop Nokia, Ericsson, Samsung from licensing Huawei tech, commission Huawei to build for them and then sell to phone companies?

Technically not Huawei but realistically it is.

Chinese firms started 5g research way before others did so hold a huge patent portfolio of necessary technologies, I understand politically pressuring China Is the current game but when Huawei etc side step this the west will have egg on their faces.

BoJo buckles: UK govt to cut Huawei 5G kit use 'to zero by 2023' after pressure from Tory MPs, Uncle Sam

tip pc Silver badge

Re: Being too lazy to investigate the supply chains

Designed :: not in China

Assembled :: not in China

Components :: made in China

Record-breaking Aussie boffins send 44.2 terabits a second screaming down 75km of fiber from single chip

tip pc Silver badge

“ There are parts of the OTN system where one fat pipe crammed with data is all that is needed (e.g. undersea links of several thousand km)”

RFOG is often used in long distance transmission as the signal can be amplified several times before it needs to be recreated.

This new technology is not for long haul transmission. Its core, site to site & transmission And will enable faster edge.

Das reboot: That's the only thing to do when the screenshot, er, freezes

tip pc Silver badge

Re: Yes, Daily, or even hourly!

"I wish I had a beer for every screen shot of an error emailed to me asking for the solution... RTFS?"

the funniest ones are where someone has taken a photo of the screen and sent it

Vodafone woes far from over for Xiaomi Mi 9 owners amid complaints of leaky batteries and voicemails in Romanian

tip pc Silver badge

Why is any of this Vodafones issue

I'm not an Android user, but why has a phone update caused an issue for users on Vodafone? Is the update bespoke for Vodafone, is that still a thing?

I had a Nokia phone that i couldn't update as Orange hadn't approved the update. Was my last Nokia phone and last phone locked into a network.

Are Sim only users also impacted?

Is this all Xiaomi Mi9 users or just those who use Vodafone (PayG, Sim Only, etc)?

Microsoft claims it has spun up a top-five AI supercomputer for its pals at OpenAI – but won't reveal the full specs

tip pc Silver badge

285k CPU cores and 10k GPUs does The fourth Tuesday of every month have it on its knees

Does it still get its monthly Tuesdays?

US senators call for more transparency over $12bn TSMC fab plant investment

tip pc Silver badge

What am I missing here?

TSMC want to spend $12bn building a semiconductor plant in Arizona USA and senators are complaining?

Maybe TSMC could spend that $12bn in the UK or another 5 eyes nation building semiconductor plants instead?

I truly don’t understand why the senators are complaining when TSMC build chips for US firms that could be built in China instead?

What am I missing here?

Beer rating app reveals homes and identities of spies and military bods, warns Bellingcat

tip pc Silver badge

Loose lips cost lives

thats not clear

Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT

tip pc Silver badge

Re: Who do you want to hide from ?

some CDN's will serve any site they CDN for on any of the IP's they resolve on.

As an example, the reg & the pirate are on cloudflare. internally resolve the pirate to the IP of the reg and you can visit the pirate on https without your isp blocking.

tip pc Silver badge

Re: DoH

good luck with that whack a mole.

you'll need to start proxying everything and blocking at the proxy.

tip pc Silver badge
Big Brother


Will chrome tell me I’m using DoH or will it silently work in the background.

What about my local dns filtering, will it bypass my pi-hole in favour of its own DoH, maybe not today but what about in the future if my isp decides to do DoH?

I’ve blocked all port 53 traffic out and in and have a DoH proxy running internally, if chrome decide to silently use DoH in addition to my OS’s DNS I will never know, unless I now also use a proxy and inspect, TLS decrypt - inspect - encrypt, everything. With my tin foil hat I can see how that benefits state actors.

tip pc Silver badge

Can no longer Easily see what extensions are installed

“ Chrome no longer pins extensions to the toolbar by default”

I assume extensions can’t be silently installed etc etc, what if I use someone else’s pc briefly, do I have to check their extensions list before I use their browser?

Having an obvious place for running extensions to show by default looks like an obvious safety thing to do.

Former Labour deputy leader Harriet Harman calls on UK govt to legally protect data from contact-tracing apps

tip pc Silver badge

Re: The PIE lady knows best

that really is not safe for work or for home.

Do the googling on a burner phone far, far away from home, maybe near a church?

Facebook to surround all of Africa in optical fibre and tinfoil

tip pc Silver badge

Re: Can someone explain?

"Only silver is better than copper"

you'll find that Gold is better than both Silver and Copper.

UK housing association Places for People hands £21m to Salesforce to look after CRM and job scheduling

tip pc Silver badge

Housing Association announce £25m IT contracts

£25m sounds like a lot of money for a Housing Association to be paying. How much profit are they making? i thought they where all non profit and did things on a shoe string?

Flashy new toys for the next Windows 10? Sorry, fun-seeking Fast Ringers must make do with DoH for now

tip pc Silver badge

Re: DoH without DNSSEC - no validation ?

“ Its all well and good that you can point your machine at the preferred DNS provider however how do you verify the answers ?”

Don’t worry just stick with the plain text current incarnation.

Otherwise you check the https certificate of your DoH provider and cheat by pointing your Cloudflare DoH url at a genuine Cloudflare ip so it just looks like you need to x thousand Https requests per day to Your favourite site and zero dns or DoH requests.

Otherwise DNSSEC it is.

Sky Broadband is not the UK's cheapest, growls ad watchdog

tip pc Silver badge

Re: Disappointingly

“ but we can compare like with like when your camera can do all the other stuff”

That’s the point right there. To make the phones sell they add buzzword features to make it look better than it really is.

Does it really need a 64mp camera or 120gb storage or 6gb of ram?

tip pc Silver badge

Re: Disappointingly

“ because that's all that matters to the majority”

It’s actually all that matters to the bean counters. If they can make the product cheaper by stripping quality out that most consumers won’t care about they make more profit.

Do you want an iPhone or latest xiaomi with mega x number of buzzwords?

A 10 year old slr can still take better pictures Than latest shiny phone but isn’t anywhere near as luggable.

We'd love to come up with a Harbor container ship pun but we're too corona-frazzled. Version 2.0 is out

tip pc Silver badge

said Michael Michael

“ said Michael Michael, director of product management at VMware and Harbor maintainer”

That’s unfortunate naming.

Anyone else with their surname for their first name?

Taiwan trumpets Apple planting next-gen monitor plant in local science park

tip pc Silver badge

Taiwan economy growing in lockdown?

who'd have thought it?

Russia admits, yup, the Americans are right: One of our rocket's tanks just disintegrated in Earth's orbit

tip pc Silver badge

Re: Elon Musk isn't helping, is he

wtf is Techbroism?

'We're changing shift, and no one can log on!' It was at this moment our hero knew server-lugging chap had screwed up

tip pc Silver badge

This is a live system, Do not Reboot it

~ 2010 i was on the phone with cisco support regarding a 6512r we had recently installed and running in a contact centre. It was up and taking calls but we had some issue iirc to do with ACL's consuming cpu instead of running in the ASIC. sh tech and logs back and forth to Cisco then a lot of webex's. The cisco engineer suggested we up the code to a recent (released after we had issues) version and we planned to install it on the redundant supervisor. at the start of the call i stated the switch was live taking customer revenue generating calls, during our troubleshooting i reiterated the same, before we started the upgrade on the redundant supervisor i repeated the same & that we will do the switch over out of hours, once the upgrade was done i repeated the same & i'd do the switch over over night, she then flipped the supervisors causing both supervisors to boot and all calls to drop & phones to power off (PoE), I was actually on site, a contact centre going quiet is just as eerie as a server room going quiet. Of course i lost the webex when the switch went to. Luckily everything came up ok, still had the original issue despite new code. I sent some really snotty emails to cisco that day!! For some reason i didn't get into trouble for that one!

The issue was too many operands used across the various ACL's causing the cpu to have to process instead of the ASIC's.

tip pc Silver badge

Re: It's easy to detect the Aarons of the world nowadays.

"You need a server running Zabbix "

"Just the other day, I found a server running cryptocurrency mining software in a user account"

doesn't matter what monitoring software you have, there's a bunch of other stuff you need to be doing to make sure that miscreants aren't running malicious code on your systems. What other stuff have you not found?

tip pc Silver badge

Re: Labels people, and read them!

"Labels people, and read them!"

presumably everything in the Dev comms room was almost fair game whilst the live room had stricter change control?

I also assume the Dev & Live comms rooms where appropriately signed.

Lastly, a big organisation should have had more than 1 DHCP server & PC's typically retain their DHCP addresses, only checking for a new address at half the lease time, for that reason we used to set DHCP at 4 days so machines could still work on a Monday from Friday's lease giving time to fix any issues from a weekend fault.

O2 be a fly on the wall during BT and Vodafone's video calls: Telefónica's UK biz, Virgin Media officially merge

tip pc Silver badge

Re: And the losers are...

The thing about debt is that taxes are paid after costs like debt etc. More debt, less taxes. If you have another business that is profitable and pays a lot of tax, you can offset some that tax and cost of the new company by paying off that debt to your offshore services company and paying far less tax to the UK. Its a Win Win in the corporate world. Branson is a master at it (not saying he's involved at all here).

tip pc Silver badge

Re: Logical Next Move in the "comms+pay tv" "market"

"Three are on record as being against quad play. But then so were O2"

O2 had no choice in the matter, Both Telefonica & Liberty need the money and no one wanted to buy either (that would get through the regulators). This deal works out much better for VM than O2. TV packages are becoming dated with many people streaming from 2 + providers already (i have Netflix, Amazon, AppleTV & now Disney+, any others can FO!!!!) Who wants cables going in every room when the TV can just stream on demand from the web?

in a few years we won't even bother with home wifi as the 5G spec will allow our devices to just connect to the mobile phone network on our account and just work so no need for home wifi.

tip pc Silver badge

Re: Ha ha

"In fact 02 MVNO's are amongst the cheapest"

Doesn't mean that the O2 network isn't behind the others.

Could mean O2 are sweating their assets and not investing in upgrades etc.

I've never had an O2 phone, i did have cellnet Pay as you go a long time a go, inspired by THOIC which turned out to be encouraged by News Corps NDS but any way.

Nervous, Adobe? It took 16 years, but open-source vector graphics editor Inkscape now works properly on macOS

tip pc Silver badge

“ But the affinity software just whinges after install and never runs, it's been like that since their beta period for me, and they have no solution (three different machines, three different versions of Windows).”

Definitely the affinity software, can’t possibly be something you’ve done over 3 different pc’s that’s causing the issue.

All other Windows affinity users must also Be experiencing the sand issue yet Affinity haven’t bothered to do anything about it.

tip pc Silver badge

Re: Who cares about business?

Invest billions, become a verb land you expect it for free.

$}#%^]¥ millennials

Inkscape is free to you but developers gave their time and effort for you to get it free. Hopefully the credit they get for their work increases or justifies their salary which ups they price if the commercial software we buy.

tip pc Silver badge


She has just shelled out 3 x £23.99 for the Affinitg suite, luckily on App Store so I can use via family sharing.

Saves me spending ages getting cs5 working o. What ever the latest macOS is.

I’ll give that ink thing a blast though.

We beg, implore and beseech thee. Stop reusing the same damn password everywhere

tip pc Silver badge

Re: In other news....


“ The trouble with "correcthorsebatterystaple" is, it doesn't scale. If we all start using "three or four common words strung together", then attackers will start guessing passwords in that format.”

The idea is to increase the number of characters of the password to increase the processing time to brute force it. Doesn’t matter what words are in it, a word attack is a word attack. At least 12 characters With capitals, symbol & number it’ll take long enough to crack to put an attacker off Unless they pay for expensive cracking hardware.

I personally just use the random password which actually looks like it follows a pattern to make input easier. Password is stored and synchronised to my keychain across phone, tablet and laptop.

After 10 plus years I now have no clue what my reg password is but don’t need to. Email is secured with 2FA and backup codes.

tip pc Silver badge

Re: In other news....

“Basically, if the password is important for me I'll keep it secure. If it's just the site being obnoxious about I'll treat it with the contempt it I think it deserves.“

Millennials It’s all about me, me, me, me, me .........

Some of the username password stuff is EU law mandating businesses know their customers/users. If your buying stuff it’s needed for anti fraud and money laundering protections again from the EU. Forums will use email addresses to confirm who you are for anti bullying EU mandates.

That is why Twitter, gmail, Facebook etc want your phone number, it helps them but EU / Government demand those organisations know their users and a phone number reinforces that. I don’t think Twitter, gmail etc would stomach the media backlash otherwise.

Lots of logging going on that most are unaware of.

Microsoft tries really hard not to say the next Xbox could be delayed by coronavirus

tip pc Silver badge

Obvious certainty of massive sales

People will pre order this and accept an empty cardboard gif the tree so long as they get a shipped version within ~4 months.

MS could guarantee purchases with shops etc in case punters decide to return or rather not take up their purchase options.

PlayStation will have exactly the sand issue.

Nintendo had that problem last year, anyone know of any retailers selling The full fat switch?

Comms giant Telefonica confirms O2 in talks to merge with Virgin Media

tip pc Silver badge

Re: Fools

“ To the "fool" who wrote about the RPI increase...RPI is increased annually in April once the ONS (office of national statistics) announces what the annual RPI level is, as such your increase is yearly and you'll know when it's going to occur as its is increased the same time every year.”

A few years ago there was no annual increase. You often got more airtime / texts / data I’m a new contract perhaps costing a little extra.

I was paying £12 a month on three for years, just got it down to £10 and it’s up to £11 again but I get 8GB now along with my unlimited calls and texts instead of the 2 then 4GB I was getting before.

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

tip pc Silver badge

250 comments largely opposing the change

It’s sad to read the comments and effort people have gone to to oppose the changing of just a few words.

IT is all about change, changing hardware, software, protocols, use cases etc. Somethings don’t change behind the scenes but the presentation is continuously being rejuvenated.

It’s a few words, originally used be a very small number of people and now in more broad use are found not to be in keeping with how the rest of the world wants to use language.

Allow list

Block/deny list

Plenty of other phrases could do with an update too.

If it’s too hard to get your head around why the words should be changed then IT really isn’t for you, especially with all this constant change happening.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

tip pc Silver badge

Obvious flaw not in article

Come on elreg, why no mention about how TCAS actually calculates the collision warning and that this testing was all done on simulation. PTP would need 3 aircraft flying at the target aircraft to get the target to move in their desired direction. It can’t be done from stationary antenna on the ground as the target aircraft would see the others as not moving.

3 aircraft converging on another would be a failure of other systems and protocols and TCAS would be the least if anyone’s worries.

Britain has no idea how close it came to ATMs flooding the streets with free money thanks to some crap code, 1970s style

tip pc Silver badge

Re: When Devs break the software!

"*Update installed on Friday. No notice, no e-mail just a flood of alarms all weekend until I logged in to check the system! What fun :/"

Thats just standard.

I guess you work for Virgin Media

International space station connects 100Mbps symmetric space laser ethernet using Sony optical disc tech

tip pc Silver badge

Re: Nice technology

i've a pile of rare gbics in my draw, witnessed hundreds of new still wrapped in plastic tossed into the skip when the old office closed too.

I had no idea how rare they where. will i get a pay rise if i let my bosses know i'm working with rare kit?

tip pc Silver badge

Elon has the ISS covered

I’m sure the ISS will be able to hook into star links backhaul and gain global coverage and higher bandwidth before Sony get their toy working globally for ISS.

Or did someone watch that awful brad pit AdAstra movie and decide they needed to build an encrypted laser link so they can go to Mars and then send a live encrypted voice laser communication to the outer solar system? Not sure it was worth the journey or the lives lost along the way to send a voicemail.

Square peg of modem won't fit into round hole of PC? I saw to it, bloke tells horrified mate

tip pc Silver badge

soft modems

my performa 6400 had a cheap ass soft modem. Worked ok until the cpu got busy and couldn't cope with the 36.6kbs spec.

Apple on 2020 so far: OK, so iPhone sales are a bit glum. Wearables, music, apps, vids to the rescue... almost

tip pc Silver badge

I assumed it was a hipsters phone, but maybe it was Tim's and he was grimacing at a photo he unwittingly put up and the others are moments away from their shock face.

What's worse than an annoying internet filter? How about one with a pre-auth remote-command execution hole and there's no patch?

tip pc Silver badge

Re: Only rogue users

Is it acceptable for staff to surf stuff at work that other staff or the media would find not suitable for doing at work?

If it’s not acceptable you will need some kind of filter. Every company I have worked at (either government or Fortune 500 equivalents) has had filtering which I’ve sometimes managed. We all accept some level of email filtering as normal, in the uk government has mandated ISP’s block access to certain sites like the pirate bay etc so not a great deal of difference, ok uk isn’t blocking the same extensive list as other nations but blocking exists, just not to sites that most people go to.

Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers

tip pc Silver badge

URL referral should be talked about more

More people should know about how browsers pass on details of the previous page visited.

I always close a tab before going to a new site. I shouldn’t have to though.

So many things going on behind the scenes we have little knowledge of.

Florida man might just stick it to HP for injecting sneaky DRM update into his printers that rejected non-HP ink

tip pc Silver badge

"To use the car analogy here, the fact a car manufacturer recommends that you use a certain brand of engine oil to lubricate the engine, you don't have to use that brand. It is irrelevant how much they spend on R+D every day to develop their engines, the brand of oil you use after YOU have bought the car is entirely your own choice."

Now days you need to ensure the oil adhere's to the specification as determined by the manufacturer, especially in diesels with DPF's and those newer ones with Ad-Blue. DPF's need low ash oils, putting normal oil in will coat the DPF and result in hefty repair bills, especially when the service person will spend ages diagnosing the issue as they won't initially know its just because the wrong oil spec was used.


Red Hat’s new CEO on surviving inside Big Blue: 'We don’t participate in IBM's culture. It’s that simple'

tip pc Silver badge


"I would not WORK for or buy Anything from IBM now. as for RedHat, Give it time. IBM will start importing the suits to "rationalise" the RedHat business, before finally killing it with a thousand cuts."

Gini is gione now, there is a new CEO in charge and changes will be made.

Dumpster diving to revive a crashing NetWare server? It was acceptable in the '90s

tip pc Silver badge

MacGyvery Lashup

As lashups go thats a propper MacGyvery that.

that fact it kept running for 5 years is truly bonkers, still nothing changes, just the MacGyveries get more automated or done in code.

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard

tip pc Silver badge

Re: Massive invasion of privacy

"Not sure why so many down-votes. Must be the same who think that NI is not taxation. Councils are very obviously part of the government in all but name. As just one clue - they impose tax on us (council tax). Tax is money that is collected by and for the government."

look at it this way then:

National Government = Party that leads Parliament

Local Government = Party that runs the local city / county etc

your conflating this issue with being the fault of the national government, when in fact its the local government who have instigated, bungled & are at fault for this.

In this case local and national governments are from opposing parties, but even if it was the same party its still not an issue from national government when local government have done this against their own citizens without the knowledge or consent of the national government.



Biting the hand that feeds IT © 1998–2020