amazing how like minds find each other
2 peas in a pod etc
Posts by tip pc
1725 publicly visible posts • joined 7 Mar 2018
Page:
Capita taps Microsoft Copilot to dig it out from UK pensions backlog
Keir Starmer declares 'months' timeline for social media age clampdown in UK
Tuesday 17th February 2026 15:53 GMT 
https is effectively a vpn especially when coupled with esni
when MP's and media talk about vpn's they really mean people obfuscating their internet communications from the ISP.
A VPN is a Virtual Private Network & denotes making a secure connection to a remote network so your machine acts like its virtually at the remote end & connecting to the private systems at the remote end.
But the VPN's being spoken about are really proxies as there is nothing at the remote end the user is connecting to, they are using the connection to prevent someone local to them eavesdropping on their private connectivity to the public internet.
I accept that there are some miscreants that will be connecting to private systems to connect to bad stuff but that's not what is being spoken about here, its people accessing resources in the free open internet & deciding they want to use a VPN to prevent their ISP & possibly government from snooping on them.
We've had it drummed into us for years to check the padlock & ensure sites are secure etc. that padlock means that the information on that page is encrypted between you and the end point.
We should all know that thanks to SNI, a single IP can host an unlimited number of web sites. It was still possible for the ISP to know the site you visit by inspecting your dns queries & the sni contained in the site request headers.
Now with DNS Over Https & encrypted SNI its no longer possible for an ISP to determine what site you are looking at, they will just see the IP of the remote site which as mentioned could host an unlimited number of Sites.
Given a vpn can use any port it wants to, there is nothing to stop an ssl vpn using port 443 to convey the traffic and someone scanning the traffic would just see encrypted garbage to say cloudflare. You could be looking at cars or pictures of pine trees or streaming the latest trailer for Star Wars or watching your no brand camera system,
from the network viewpoint it all looks like legitimate encrypted https traffic but the end website would remain unknown.
So how can they stop that connectivity without mandating some kind of client side detection?
is that it?
we will all be mandated to add some kind of government mandated client side scanning app?
This is all very dystopian.
Starmer proimised to tread lightly on our lives but appears top be doing the opposite.
https://youtu.be/xavKVYcYJx8?t=49
If Microsoft made a car... what would it be?
Sunday 15th February 2026 20:51 GMT
volvo 340 GLE
Mine would decide to break down every 70 or so miles for no reason, you could crank it till the battery went flat & it wouldn't start, leave it 40 minutes and on its last gasp with an exhausted & flat battery it'll spring into life and waft you on its way like there was no issue.
Heated seats, heated windscreen & headlight washer jets.
sunroof
rear wheel drive
looked like an old gits car which is just what I needed in my 1st year at uni. certainly got me noticed by the girls, much to their amusement.
yes I truly hated that car.
& yes it did crash on me, steering was vague, back end could & would step out & braking was like being on a ferry starboard, then port then starboard then port & repeat
Luckily no blue screen of death but it did roll on me.
I was astounded when the recovery guy jumped in turned the key & it started 1st time.
I hated that car!!
Apple's Creator Studio creates a subscription where free apps used to live
Were telcos tipped off to *that* ancient Telnet bug? Cyber pros say the signs stack up
Thursday 12th February 2026 20:15 GMT
Re: Define use.
On ipv4, for telnet to be exploitable from the internet someone would have to port forward from the public ip to the internal ip of the system listening to telnet.
Did you do that?
In IPv6 it’d be directly routable from the internet but hopefully your firewall would drop unsolicited inbound connections, have you done that?
Windows dropped telnet from being installed by default in windows 7 in 2010 & also server 2008 R2.
It’s not unusual to have things in the lab that are initially less secure than in production, especially whilst being built.
There is also secure telnet that uses ssl to secure the connectivity
https://www.ibm.com/docs/en/i/7.4.0?topic=ssl-configuration-details-securing-telnet
I’m glad the people I work with are grown up about things & not instantly dismissive.
The UK government isn't spending much taxpayer cash on X
Supermarket sorry after facial recognition alert flags right criminal, wrong customer
New hire fixed a problem so fast, their boss left to become a yoga instructor
Friday 6th February 2026 11:53 GMT
Re: Many moons ago now
I got tired of coming up with last-minute desperate solutions to impossible problems created by other fscking people.
google ai says
I understand your frustration. Dealing with the stress of constantly solving crises caused by others is exhausting, and it is completely normal to feel this way when carrying that mental and emotional burden.
When these feelings arise, it might be helpful to:
Set boundaries: Clearly communicate your limits to others to manage expectations and avoid taking on more than you can handle [1].
Prioritize self-care: Engage in activities that help you relax and recharge, even if it's just for a few minutes a day.
Seek support: Talk about your feelings with a trusted friend, family member, or mental health professional. You don't have to manage this all by yourself.
If you find this feeling is persistent and significantly impacting your well-being, reaching out for professional guidance can provide additional coping strategies and support. The National Alliance on Mental Illness (NAMI) offers resources and information, and the Substance Abuse and Mental Health Services Administration (SAMHSA) National Helpline is a free, confidential resource available 24/7.
movie is under siege said by Tommy
https://youtu.be/3Zad8u7Tzi0?si=QTIs5XRL7DKlZcY_&t=80
Notepad++ update service hijacked in targeted state-linked attack
Tuesday 3rd February 2026 11:45 GMT
I simply have zero confidence in the developers.
whats your views on Microsoft & their software including windows OS and Office productivity apps that are known to have issues & vulnerabilities that are constantly exposed?
the notepad++ issue appears to be targeted at certain territories redirecting downloads to a malicious rebuild. That means most people got the correct intended version whilst some got the compromised version.
Unless your in those territories or targeted then its likely versions you & your organisation downloaded where all ok.
How do you guard against other software that could be compromised that know one knows has been compromised?
Tuesday 3rd February 2026 11:31 GMT 
yet another good reason to not update if your version predates the attack
updates are good for new features or bug fixes but if it ain't broke, why update?
if you have a version that predates the problem then why update?
The new update protections do seem worthwhile but then you will get them when you eventually update.
defo worth updating if your current version is within that compromised timespan, prob not worth installing an older version as you have to be extremely sure your getting a none compromised version & the older installer won't tell you.
i had a look at the notepad++ download site and there where adverts looking like the download button that where not the legitimate download further down the page.
The download page should not have any adverts on it to avoid confusion etc.
Capita pension portal 'fiasco' forces Cabinet Office into damage control
Friday 30th January 2026 12:43 GMT
profit from chaos
Capita knew full well what they where getting into.
Sometimes forming a narrative of problems is useful when negotiating extra unforeseen costs / profits down the line.
to lay people it looks like this will be a loss for capita.
Reality is that this will increase their profits.
typically the contract would come with constraints on costs & effort etc, capita can now prove that the constraints where to prohibitive & the contract could not be fulfilled as originally specified and what they & everyone else based their bid on.
So they have a valid reason to increase costs to meet the demand
Thursday 29th January 2026 15:52 GMT
Re: Article Understates the Issues
is there some online calculator that could be used to approximate what you would get?
i appreciate its wishful thinking but might get you a ball park
a quick google shows these 2
https://www.civilservicepensionscheme.org.uk/memberhub/knowledge-centre/tools-and-calcs/pension-calculators/
https://www.cfcs.org.uk/help-advice/money/apps-and-support/pension-calculator/
Three is the magic number for Alaska Airlines: triple redundancy
ATM flashes a port or two for the enterprising hacker
Wednesday 28th January 2026 12:05 GMT
Hostile environment
The connectivity medium should always be considered hostile when the machine is connecting from an uncontrolled environment.
It would be cost prohibitive to put enough controls in place around the router/cpe/‘physical connection to isp’ so is cheaper & more effective to build it into the atm machine so it can reliably & securely connect via an unsecured network.
Sniff as much as you want it should be safe.
If not the atm owner should find out soon enough & learn about a new hacking method which is likely cheaper discovery than the amount of cash in the machine.
Won’t be as secure once government ban vpn’s though but I suspect there will be many exemptions for things like this forming encrypted tunnels to authorised end points.
Will get tricky when those end points are in the cloud on IP’s shared with other services but that will likely be an edge case because who would build a von to a domain name instead of fixed IP’s (probably a norm nowadays to use fqdn’s instead of IP’s your business owns for p2p vpn’s but I’m old school)
ICE knocks on ad tech’s data door to see what it knows about you
Microsoft admits Outlook might freeze when saving files to OneDrive
Wednesday 21st January 2026 16:39 GMT 
makes you wonder why sane people update their systems
i remember when i was much younger i'd always install the latest updates.
when fixing someones PC the 1st thing i'd do is updates.
i've been a mac user since ~91, ive taken the same approach on those too, until recently.
i will be keeping my systems on osx/ios26 & may roll back my laptop to osx 15.
app updates i will make a judgement on, OS updates i will take the service updates but i likely will not be upgrading to osx/iso 27 unless i truly need to.
if i could roll my ios stuff back to ios 18 i would.
There are no new features in iso26 i actually want.
If i'm not having an issue with my apps why do i need to update?
re app vulnerabilities, my personal machines are protected by apples xprotect etc plus the apple firewall, plus home firewall, plus nat so most addressed exploits likely can never be remotely exploited.
unless i'm facing a usability issues or bugs then i likely have no need for the app updates.
Its not like updates fix all bugs or won't introduce new ones as per this article so why would any sane person update unless there is some significant reason to?
NASA's Artemis II Moon rocket arrives at the launch pad
AWS flips switch on Euro cloud as customers fret about digital sovereignty
Thursday 15th January 2026 11:04 GMT 
took their time seeing it for what it is
European tech leaders are concerned about US laws having jurisdiction over European operations of US companies. For example, under the CLOUD Act, US authorities can compel access to information held by American cloud providers irrespective of where in the world that data is housed.
they weren't that bothered when it started
comprehension of the world is changing and now at pace.
UK backtracks on digital ID requirement for right to work
Wednesday 14th January 2026 17:45 GMT
Starmer today in parliament said digital ID will be mandatory for working
https://youtu.be/mOK_tNoQEeU?t=76
Mr. Speaker, I'm determined to make it harder for people to work illegally in this country. And that's why there will be checks. They will be digital and they will be mandatory.
I'm sure some will make claims that that is not what he meant, but how do you do those checks without checking everyone? will only those with a certain hue be checked?
Will they import a bunch of ICE agents to do the non mandatory checks?
Starmer looked well lout of his depth today, he needs to go, I'm not sure the others in his camp are up to the job though.
Same statement applies to all the other politicians too.
I'm sure there are some outstanding MP's who do amazing things for their communities, weird how they never make it into cabinet or being PM though.
would be interesting to hear what none UK readers think of that video from the start,
at 1st I thought Starmers quip about the karma sutra was AI, especially in light if this stuff about banning x for images etc, seemed a completely unnecessary thing to put into a joke especially in parliament that was being televised live during the day & that young people have a chance of watching as a guardian may have it on.
Wednesday 14th January 2026 17:14 GMT
they are just delaying it
UK backtracks on digital ID requirement for right to work
we all knew it'd run into issues & be late anyway.
Government are trying to regain some approval ratings by going slightly softer, it'll still be mandatory for many
We got this far without it, we will survive without it.
I can virtually guarantee that even if a party that says they will scrap it comes into power, it'll still be introduced.
As of jan 2026 the ruling parties in UK/USA/EUc have all done numerous things they promised they wouldn't do when campaigning for office, not little things but major things.
a reminder of Starmers victory speech where he promises to tread more lightly on our lives (6 min mark)
https://youtu.be/CeBF1SHstEY?t=236
Firefox 147 brings GPU boost, tidier tabs, and video that follows you around
Cloudflare CEO threatens to make the Winter Olympics a political football after Italy slugs it with a fine
Tuesday 13th January 2026 20:17 GMT
Re: Confused (again)
Define shared hosting system.
AWS is home to a number of successful online streamers
Have you heard of Netflix
https://aws.amazon.com/solutions/case-studies/netflix-case-study/
Or peacock
https://aws.amazon.com/solutions/case-studies/peacock-case-study/
Being generous I’d say you’ve misunderstood how websites & connectivity works.
Some google searches can surface some additional detail on how it all works
And yes a single ip can host an unlimited number of sites and each of those sites can also stream content over that single ip,
Tuesday 13th January 2026 20:02 GMT
Re: "an IP can host an unlimited number of FQDN's."
I appreciate not every reading the reg is technical, a bit of googling goes a long way to understanding
As a primer have a read of this.
https://en.wikipedia.org/wiki/Server_Name_Indication
Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.[1] The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during a TLS handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546
Monday 12th January 2026 13:52 GMT
Re: Cloudflare hypocrisy
Shared IPs? Residential customers may be behind CG-NAT. People serving pirated contents, and making money from IT, don't use shared IPs. They use some hosting that provide them the resources to access and deliver copyright contents with the speed required to serve enough users to make money. These are not botnets used fos DDoS, or someone sharing torrents.
an IP can host an unlimited number of FQDN's.
the shared IP's is in relation to the fact that a hosting provider can host a number of different domains behind a single public IP.
If the regulator approves the requests, it uses an automated system to inform ISPs and other players that they must block access to certain IP addresses and not provide DNS services to domains suspected of facilitating piracy.
miscreant sets themselves up at a hosting provider that then uses a single public IP for hundreds of domains. Suddenly cloudflare drop resolving the IP & all those other sites can't be reached.
sounds like they are being mandated to do it globally too so those outside of Italy lose access too. Stops Italians using a vpn to bypass the block.
a better way would be to drop resolving for the individual domain from clients originating in Italy rather than everything on an IP globally, won't stop VPN usage to sidestep the block.
Monday 12th January 2026 13:46 GMT
Re: Confused (again)
If the regulator approves the requests, it uses an automated system to inform ISPs and other players that they must block access to certain IP addresses and not provide DNS services to domains suspected of facilitating piracy.
a single IP can host an unlimited number of FQDN's.
miscreant sets themselves up at a hosting provider that then uses a single public IP for hundreds of domains. Suddenly cloudflare drop resolving the IP & all those other sites can't be reached.
sounds like they are being mandated to do it globally too so those outside of Italy lose access too.
a better way would be to drop resolving for the individual domain from clients originating in Italy rather than everything on an IP globally.
Humongous 52-inch Dell monitor will make you feel like king of the internet with four screens in one
Monday 12th January 2026 15:25 GMT
why can't i do virtual displays currently?
i have my mac hooked up to a 42" tv (appropriate 4:4:4)
i wish i could compartmentalise it into 4 virtual screens so each 1/4 can have what i want in it.
i know i can organise different windows from different apps into quarters of the screen but when i change to an app OSx has this annoying habit of hiding other windows when i don't want it to.
& no 'spaces' is not what i want, neither is stage manager
New carbon capture tech could save us from datacenter doom
Friday 9th January 2026 16:41 GMT
Re: I don't get it.
most UK homes use far less energy (in all its forms) than we did in the 1980's.
Even this chart showing from 2000 to 2024 shows a decrease from ~ 400 Twh to under 300Twh
https://ember-energy.org/data/electricity-data-explorer/?entity=United+Kingdom
despite population growing
per capita we are ~ 4000Kwh per person in 2024 as opoosed to over 6000kwh in 2000.
Friday 9th January 2026 16:28 GMT
Re: Wrong premise
To be fair, a mature tree doesn't absorb as much carbon as a young tree, as it is growing much slower.
However, the really important questions are what did they do with the wood, and did they plant new saplings?
all the leaves i have to pick up falling from neighbours trees into my garden disagree.
CO2 is not only stored in the wood you see in a tree.
All vegetation that photosynthesises use the CO2 to form the leaves as well as the trunks etc. a mature oak can have ~ more than 120kg* of Carbon stored in the leaves it drops.
*different sources will say differing amounts.
leaves from 10 oak tree's is a tonne of Carbon captured and sitting there for disposal, provides shade in summer, a home for animals and the acorns provide food for squirrels amongst many other benefits.
I'd take a million mature oak trees over this carbon capture nonsense!
Your smart TV is watching you and nobody's stopping it
Tuesday 6th January 2026 10:11 GMT
Re: My next TV will be a big monitor
Been a sky customer for 20 years, I can’t remember ever changing a viewing card.
I’ve had sky q for ~9 years and never changed the viewing card.
Not sure where the 6 year replace thing comes from. I’m amazed it’s been so reliable (probably break now) no I’m not interested in glass or stream.
IPv6 just turned 30 and still hasn’t taken over the world, but don't call it a failure
Wednesday 31st December 2025 21:15 GMT
most have no clue how IPv6 actually works
link-local:: self assigned address starting fe80::
IPv6:: GUA starting 2001:: or 2001::, ULA:: starting fc00::, loopback starting ::1
traffic is actually routed via the Link-Local addresses to the peer (gateway) link local address.
IPv6 is a more l3 orientated than IPv4, as in IPv4 can just send traffic directly to an IP on the same subnet with no gateway needed, IPv6 needs to have that link local address & know the peer link local address to send its traffic to.
Wednesday 31st December 2025 20:46 GMT
Re: Some of us would like to use it
Anonymous Coward
Some of us would like to use it
But their ISP (aka the Computer) says NO. They fence all IPV6 addresses off from our endpoints.
I'm with vm02 and they don't support ipv6.
I do have apple's private relay so I do reach ipv6 websites etc over that with no issue,
Nothing on IPv6 that I can't get on IPv4 so I'm not missing anything for home systems that don't have private relay.
I am interested though what about IPv6 are you missing or perceive to be missing?
Wednesday 31st December 2025 20:34 GMT
Re: The real reason nobody wants to use it
Actually each host would have multiple IPv6 addresses, which could well change so making it a bit pointless. So the idea that ‘SERVER1’s’ address is xyz, became somewhat redundant.
as I understand things, the IP changing was a result of privacy extensions to reduce tracking across different networks of mobile clients.
https://datatracker.ietf.org/doc/html/rfc4941
but yes IPv6 was intended for hosts to have multiple addresses on the same interface.
Not sure why they thought that would be a good idea.
Wednesday 31st December 2025 20:24 GMT
Re: The real reason nobody wants to use it
@Excused Boots
10.16.14.12, does sound like it’s four numbers, no it is actually a single 32 bit decimal number which happens to be expressed in that way to make it easier for us meatbags to process. Every network device on the planet sees it as a single number of a fixed size, ie 32 decimal bits.
nope,
its 4 x 8 bit numbers, 0-255 (256 total numbers)
IP addresses are hierarchical & the word boundaries are important. The host uses the subnet mask to know what parts of the address are the subnet the Host is on & therefore reachable directly & everything else needs to go via the gateway as specified in the route table.
There is nuance in there.
Wednesday 31st December 2025 20:13 GMT 
Just ratify NAT & let us have at it!!!
"IPv6 was an extremely conservative protocol that changed as little as possible," APNIC chief scientist Geoff Huston told The Register. "It was a classic case of mis-design by committee."
And that notional committee made one more critical choice: IPv6 was not backward-compatible with IPv4, meaning users had to choose one or the other – or decide to run both in parallel.
For many, the decision of which protocol to use was easy because IPv6 didn't add features that represented major improvements.
"One big surprise to me was how few features went into IPv6 in the end, aside from the massive expansion of address space," said Bruce Davie, a veteran computer scientist recently honored with a lifetime achievement award by the Association for Computing Machinery's Special Interest Group on Data Communications, which lauded him for "fundamental contributions in networking systems through design, standardization, and commercialization of network protocols and systems."
Davie said many of the security, plug-and-play, and quality of service features that didn't make it into IPv6 were eventually implemented in IPv4, further reducing the incentive to adopt the new protocol. "Given the small amount of new functionality in v6, it's not so surprising that deployment has been a 30 year struggle," he said.
that last statement can't be emphasised enough
Another innovation that meant IPv6 made less sense was network address translation (NAT), which allows many devices to share a single public IPv4 address. NAT meant IPv4 network operators could connect thousands of devices with a single IP address, meaning their existing IP addresses became more useful.
"These solutions were relatively easy to deploy, aligned with existing expertise, and avoided large-scale infrastructure changes," said Alvaro Vives, manager of the learning and development team at RIPE NCC, the regional internet registry for 76 nations across Europe, the Middle East, and Central Asia.
another positive for NAT is that it shielded broadband users from unsolicited inbound connectivity without the complication of end users having to configure firewall polices. Setting port forwarding is non trivial so software engineers needed to come up with better ways of supporting clients behind NAT. NAT provides a protocol level backstop to guard against misconfiguration of inbound connectivity.
Many see NAT as a negative, I suspect they weren't about in the dial up days where machines where infiltrated by unsolicited connections in a matter of minutes, yes IPv6 address range is huge and reduces likelihood of scanning but security by obscurity is not a good thing.
"In fact, IPv4's continued viability is largely because IPv6 absorbed that growth pressure elsewhere – particularly in mobile, broadband, and cloud environments," he added. "In that sense, IPv6 succeeded where it was needed most, and must be regarded as a success."
pure nonsense
RIPE NCC's Alvaro Vives agrees. "What IPv6 got right was its long-term design," he told The Register. "It provides a vast address space that allows networks to be planned more simply and consistently. This has enabled innovation, from large mobile networks to the Internet of Things and advanced routing techniques such as Segment Routing over IPv6."
again nonsense, innovation has been reduced in IPv6 because of this end to end connectivity dogma which is a fallacy.
APNIC's Huston, however, thinks that IPv6 has become less relevant to the wider internet.
"I would argue that we actually found a far better outcome along the way," he told The Register. "NATS forced us to think about network architectures in an entirely different way."
That new way is encapsulated in a new technology called Quick UDP Internet Connections (QUIC), that doesn't require client devices to always have access to a public IP address.
"We are proving to ourselves that clients don't need permanent assignment of IP address, which makes the client side of network far cheaper, more flexible, and scalable," he said.
we need to roll those familiar techniques from IPv4 to ipv6 let us innovate by migrating our current tools and experience which makes use of the characteristics of NAT.
"So folk use IPv6 these days based on cost: If the cost of obtaining more IPv4 addresses to fuel bigger NATs is too high, then they deploy IPv6. Not because it's better, but if they are confident that they can work around IPv6's weaknesses then in a largely name based world there is no real issue in using one addressing protocol or another as the transport underlay."
Tru Dat
Many shriek that NAT is bad because it breaks the end to end principle.
https://en.wikipedia.org/wiki/End-to-end_principle
The end-to-end (E2E) principle is a design principle in computer networking that requires application-specific features (such as reliability and security) to be implemented in the communicating end nodes of the network, instead of in the network itself
truth is that Firewalls, Load Balancers, IPS etc also violate the end to end principle yet they are recommended for IPv6 to serve use cases.
An inherent characteristic of NAT is that the protocol itself provides a mechanism to prevent inbound connectivity. This provides a backstop for firewall misconfigurations.
Yes lots of things should be done properly to prevent unsolicited inbound connections but any regular here knows how often misconfigurations result in breaches and lessons should be learnt etc.
I guess what is really telling is how cloud providers have reintroduced NAT safety properties internally to mitigate issues from misconfigurations:
AWS
What actually happens
Security Groups = mandatory stateful inbound deny
Instances are not reachable unless:
Explicit rule
Explicit association
Even then:
No direct L2 reachability
Controlled attachment
This is structural non-addressability, not just firewalling.
GCP
IPv6 instances exist
Inbound traffic:
Requires explicit firewall rules
Requires explicit target tags
No accidental exposure
No implicit reachability
Again: policy enforced as architecture
Azure
IPv6 supported
NSGs are mandatory
No “raw” IPv6 exposure
Host intent + admin intent required
The pattern
Clouds implement:
“Nothing is reachable unless multiple independent systems agree.”
That’s NAT’s philosophy — without address rewriting.
NAT is a lot easier than that mess in the big 3 cloud providers
Crims disconnect Wired subscribers from their privacy, publish deets online
Wednesday 31st December 2025 11:03 GMT
@pc-fluesterer.info
AFAICS there were no credentials leaked.
credentials in this case are the email, home address, phone number & name. The article has no mention of passwords being included which i think is what you inferred by 'credential'.
The current leak is centered around readers of Wired magazine. The miscreants published 2.3 million emails, which had the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers.
Ten mistakes marred firewall upgrade at Australian telco, contributing to two deaths
Monday 29th December 2025 15:30 GMT
The linked report has better details
Not sure its fair to place blame solely on the Optus enhineers
so looks like the Optus network team wrote the change request for Nokia to enact.
Optus team changed the procedure for the fatal change
Optus had not used that procedure on six previous firewall upgrades
was that the 6 preceding changes or they had used procedure 16 at least once before in the preceding 15 changes?
Nokia also deviated from their normal procedure for the fatal change
Nokia, meanwhile, chose to use a Method of Procedure from 2022 it did not employ on past upgrades and which was the wrong one for the job.
When Nokia got to work, it incorrectly classified the job as having no impact on network traffic.
been there done that, also done impacting work where the end users detected nothing, plan for the worst & hope for the best.
By that point, Optus had classified the job as urgent. Doing so meant it didn’t conduct an engineering review, as would normally be the case.
By that point, Optus had classified the job as urgent. Doing so meant it didn’t conduct an engineering review, as would normally be the case.
At 2:40 AM, the teams made a post-implementation check. The report found that call failure rates were increasing, not declining as expected. “The anomaly was not picked up,” the report states.
checks and balances designed to detect problems not followed through with.
The final mistake was that Optus used nationwide aggregate data to assess variation in call volumes across its network. “This data was not sufficiently granular to enable detection of the emerging problem,” Schott wrote, so local issues caused by one botched upgrade were not detectable.
i guess a way to detect major issues but misses the locals as stated.
There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly.
i suspect there was some underlying reason to get this done, compliance? vulnerability upgrades? upgrades to remain in a supported version?
Blaming the network guys seems hollow & missing detail including the role of management oversight, architectural design & change management at Optus & Nokia.
Did they explore that the reason for doing things differently for change 16 was needed because it had a different implantation stance than that of the other firewalls?
Perhaps it was a different model of FW that had different physical characteristics or different features?
Perhaps it was meant to isolate & lock the gateway so that traffic routed through an alternate path through the other systems that where unaffected, after all just 455 calls where impacted out of what must have been thousands.
Lastly, the issue persisted well after the change was implemented. Did the upgraded firewall(s) remain isolated after the change, if so how come? looks like an architectural design issue i hope its been rectified.
The loss of life is tragic but blaming the network engineers doesn't look like its got to the nucleus of the problem, could there be other potential issues that this upgrade has started to surface?
reading the linked report, there was some confusion concerning the reason for doing the locking the gateway process for the management firewalls when the procedure was needed for the dmz firewalls. while the gateways where locked, traffic wasn't diverted. An Optus engineer picked up on the lock, double checked & they decided to proceed anyway. Nokia chose a MOP that didn't do the divert, reviewed it 3 times & double checked with Optus. This seems like bureaucratic fatigue, done the same things plenty of times and x numbers of others have blessed it etc. Nokia then notified the change date & time & Optus never responded.
Non emergency calls rerouted as per design but the Emergency calls didn't. This likely caused the most confusion as there was no general fault just Emergency calls on Optus, calls via other networks likely where not impacted so emergency calls became an edge case where everything else looked fine, its like looking for a needle in all the haystacks at that point. Nokia also chose to do the gateway locking well ahead of the fw upgrade, had they done it immediately before the fw upgrade then the impact would have been far shorter.
A few normal users had notified Optus but it wasn't given enough weight of importance until the emergency services started complaining & the issue surfaced to management. It then took a considerable effort to identify impacted callers.
Looks like the fw wasn't upgraded in that change window when the gateway lock was in place as the issue was surfaced & rectified before it was scheduled early the next day.
Looks to me that the Optus network was not as resilient as it should have been.
Those emergency calls should have been rerouted regardless of the gateway lock. What if the gateway hung in an up/up no forwarding state?
Hopefully things if future will be better once they insource their capability.
IT team forced to camp in the office for days after Y2K bug found in boss's side project
Death to one-time text codes: Passkeys are the new hotness in MFA
Monday 15th December 2025 09:14 GMT
"With passkeys, we take that shared-secret model and just blow the whole model up, so there's nothing that can be shared," FIDO Alliance CEO and executive director Andrew Shikiar told The Register.
That tells you all you need to know. But if you need a less technical explanation: "Trust me bro"
What more could you want?
i use passkeys and share them across my apple devices and different members in my household so 'shared' here means something other than me sharing my passkeys amongst my trusted devices and household.
if the statement from the FIDO alliance ceo is clear to you then that is most definitely in the "Trust me bro" space.
yes i'm curious and statements like that make want to know more.
As i wrote earlier, its very much in the realm of ssh keys type of solution with some wraparound around the storage of the private keys to make it unlikely & hard to be shared, but as its technology i'm wondering for how long that not able to be shared stance will survive.
some exploit to extract passkeys will be hugely impacting given the amount of trust being levied on passkeys.
Wednesday 10th December 2025 17:55 GMT
Your passkey belongs to one of the three corporations who developed your browser or your OS (depending on the browser/OS combination used at the time the passkey was generated), not to you, but they let you use them.
so effectively, no one knows how pass keys work aside from a few clued up people.
my understanding was they where like ssh keys. i have my private key & they have my public key effectively as described in the article, with my key store of choice keeping it safe.
i notice the apple password app explicitly states you can't export passkeys, allegedly there is some mechanism to transfer to a 3rd party password store.
I have wondered what the privacy connotations are for passkeys but info is hard to come by.
before today i had assumed they could readily be transferred
Wednesday 10th December 2025 17:42 GMT
ebay did this to me.
i had already moved my amazon account to passkeys so when i used ebay for car parts i thought it would be good to do that there too.
several months later i needed different parts & went to login to ebay, it didn't just login & asked for username & password, supplied those & it didn't let me in.
tried the "i forgot" & it wanted to ring my land line from 2008, i've moved since, didn't transfer my number & no longer have a landline.
They have my mobile number which i've had since ~97 which they have previously sent me updates on.
support said they can only use the landline and not my mobile & the only way for me to use their service is to create a new account.
i really wanted the part so capitulated.
i had heard that they where going away from passkeys
1st site that came uo in a quick google search
https://www.reddit.com/r/Passkeys/comments/1jbvnwy/ebay_removing_passkeys/
User insisted their screen was blank, until admitting it wasn't
Friday 12th December 2025 09:15 GMT
reminds me of the telnet test
someone says the firewall is blocking their app from working
back in the day i'd ask them to open the windows command prompt and type telnet x.x.x.x 2209 or what ever port they needed & tell me what they see.
they'd then say nothing happened or nothing is happening, i'd then say did the window go blank, they say yes I then say thats the sign it worked, if they want proof of what it looks like when it doesnt workk i get them to go to a none existent address and they see a different response namely seeing what they typed then after a pause the timeout message.
most remain sceptical until its fixed at the remote or local end by others, path in between us typically fine.
Porsche panic in Russia as pricey status symbols forget how to car
Wednesday 10th December 2025 11:05 GMT
Re: More cloudybollocks
I was once very interested in EVs, however my current vehicle – which only went out of production in 2021
my current car was made in June 2020, must have been the last of its line, the refresh was made days after and has a different entertainment & nav system.
i knew before i purchased 2nd hand, & weighed up that the older system with less connected features was better.
aside from the headlights & ent/nav system, everything was the same.
just wishing it had the 3g comms module instead of the 4g now
X shuts down European Commission ad account after €120M fine announcement
Tuesday 9th December 2025 08:55 GMT
Re: EU X alternatives
why do people trust X more than the BBC or Guardian?It's a false equivalence. X doesn't publish anything themselves other than maybe status updates. The Bbc and Grauniad publish whatever journalists might be able to slip past their editors.
X claim to be the #1 trusted news source & the bbc & guardian have laid claim to that title too so I don’t see how it’s a false equivalence.
Certainly all the major news outlets have x accounts and advertise their stories there.
I guess seeing major providers headlines in 1, alongside independents, place provides choice for people to choose who’s content to consume, I assume rival SoMe does the same so why do people stick with x?
Tuesday 9th December 2025 08:43 GMT
Re: EU X alternatives
Now all that said, the great mystery for me is how X continues to succeed when it has such a completely appalling user interface - alternatives are available but you gotta scratch around a bit to find 'em, and 99.9999999% of X users don't.
Any chance of explaining how the interface sucks & how the alternatives are better?
Any alternatives you’d recommend? You mentioned you got reported twice on bluesky for challenging ‘ environmental misapprehensions’. Don’t people report people for that on x too given it’s a large platform with lots of diverse views on topics?
I guess fundamentally, screaming into the void of hundreds of millions vs just millions should make no material difference but there is a perceived difference that I can’t articulate.
Monday 8th December 2025 21:09 GMT
EU X alternatives
Given the number of alternatives to X & the popularity of hatred & ill feeling towards X here and in the guardian, you'd expect that people would have just dropped X and it'd disappear into obscurity, relegated to a 4chan competitor.
Why has that not happened?
Why have people not abandoned X?
Why is X billed as a popular app for news?
lots of fake and ghastly info on X, so why is it so popular with the wider public?
do people get paid to read x?
why do people trust X more than the BBC or Guardian?
I suspect a rival service that can out X X would be popular too.
I've heard of people ditching X for bluesy & mastodon but they then go back to X.
Is there something wrong with the conversations people have on the alternatives other or the content there?
Biting the hand that feeds IT
