Posts by tip pc

Re: Old devices

"Just plug it instead to a small 2 port box with the other port instead going to the lan."

so that system that has just 1 port that can be administered via sha1 needs another box in-front of it to proxy sha2.

you could do that or you could put a fw in the logical path blocking all ssh to everything you want & a single bastion host in the subnet of the sha1 system that will only permit sha2 or whatever you want.

Then you use strong auth to get to the bastion host in the required subnet and then sha1 to the old system and any other systems in that subnet that can only use sha1.

you could put the bastion host elsewhere but it ups the risk of the traffic being intercepted from 0 for the solution with the box in front of the sha1 system to a little bit more for something on the same subnet intercepting that traffic (can't happen on a switched network unless a port mirror is configured) to again a bit more if the traffic is routed through a number of systems that could intercept or chnage on route (fw's load balancers, virtual systems, IDS/IPS) etc

the attack risk is much lower on your internal systems than it is if your traffic has to go across a public network even if you use a vpn or private peering in a colo.

Re: Being too lazy to investigate the supply chains

Designed :: not in China

Assembled :: not in China

Components :: made in China

“ There are parts of the OTN system where one fat pipe crammed with data is all that is needed (e.g. undersea links of several thousand km)”

RFOG is often used in long distance transmission as the signal can be amplified several times before it needs to be recreated.

This new technology is not for long haul transmission. Its core, site to site & transmission And will enable faster edge.

Re: Yes, Daily, or even hourly!

"I wish I had a beer for every screen shot of an error emailed to me asking for the solution... RTFS?"

the funniest ones are where someone has taken a photo of the screen and sent it

Loose lips cost lives

thats not clear

Re: Who do you want to hide from ?

some CDN's will serve any site they CDN for on any of the IP's they resolve on.

As an example, the reg & the pirate are on cloudflare. internally resolve the pirate to the IP of the reg and you can visit the pirate on https without your isp blocking.

Re: The PIE lady knows best

that really is not safe for work or for home.

Do the googling on a burner phone far, far away from home, maybe near a church?

Re: Can someone explain?

"Only silver is better than copper"

you'll find that Gold is better than both Silver and Copper.

Re: DoH without DNSSEC - no validation ?

“ Its all well and good that you can point your machine at the preferred DNS provider however how do you verify the answers ?”

Don’t worry just stick with the plain text current incarnation.

Otherwise you check the https certificate of your DoH provider and cheat by pointing your Cloudflare DoH url at a genuine Cloudflare ip so it just looks like you need to x thousand Https requests per day to Your favourite site and zero dns or DoH requests.

Otherwise DNSSEC it is.

Re: Disappointingly

“ but we can compare like with like when your camera can do all the other stuff”

That’s the point right there. To make the phones sell they add buzzword features to make it look better than it really is.

Does it really need a 64mp camera or 120gb storage or 6gb of ram?

Re: Elon Musk isn't helping, is he

wtf is Techbroism?

Re: And the losers are...

The thing about debt is that taxes are paid after costs like debt etc. More debt, less taxes. If you have another business that is profitable and pays a lot of tax, you can offset some that tax and cost of the new company by paying off that debt to your offshore services company and paying far less tax to the UK. Its a Win Win in the corporate world. Branson is a master at it (not saying he's involved at all here).

“ But the affinity software just whinges after install and never runs, it's been like that since their beta period for me, and they have no solution (three different machines, three different versions of Windows).”

Definitely the affinity software, can’t possibly be something you’ve done over 3 different pc’s that’s causing the issue.

All other Windows affinity users must also Be experiencing the sand issue yet Affinity haven’t bothered to do anything about it.

Re: In other news....

@Veti

“ The trouble with "correcthorsebatterystaple" is, it doesn't scale. If we all start using "three or four common words strung together", then attackers will start guessing passwords in that format.”

The idea is to increase the number of characters of the password to increase the processing time to brute force it. Doesn’t matter what words are in it, a word attack is a word attack. At least 12 characters With capitals, symbol & number it’ll take long enough to crack to put an attacker off Unless they pay for expensive cracking hardware.

I personally just use the random password which actually looks like it follows a pattern to make input easier. Password is stored and synchronised to my keychain across phone, tablet and laptop.

After 10 plus years I now have no clue what my reg password is but don’t need to. Email is secured with 2FA and backup codes.

Re: Fools

“ To the "fool" who wrote about the RPI increase...RPI is increased annually in April once the ONS (office of national statistics) announces what the annual RPI level is, as such your increase is yearly and you'll know when it's going to occur as its is increased the same time every year.”

A few years ago there was no annual increase. You often got more airtime / texts / data I’m a new contract perhaps costing a little extra.

I was paying £12 a month on three for years, just got it down to £10 and it’s up to £11 again but I get 8GB now along with my unlimited calls and texts instead of the 2 then 4GB I was getting before.

Re: When Devs break the software!

"*Update installed on Friday. No notice, no e-mail just a flood of alarms all weekend until I logged in to check the system! What fun :/"

Thats just standard.

I guess you work for Virgin Media

Re: Nice technology

i've a pile of rare gbics in my draw, witnessed hundreds of new still wrapped in plastic tossed into the skip when the old office closed too.

I had no idea how rare they where. will i get a pay rise if i let my bosses know i'm working with rare kit?

Re: Only rogue users

Is it acceptable for staff to surf stuff at work that other staff or the media would find not suitable for doing at work?

If it’s not acceptable you will need some kind of filter. Every company I have worked at (either government or Fortune 500 equivalents) has had filtering which I’ve sometimes managed. We all accept some level of email filtering as normal, in the uk government has mandated ISP’s block access to certain sites like the pirate bay etc so not a great deal of difference, ok uk isn’t blocking the same extensive list as other nations but blocking exists, just not to sites that most people go to.

"To use the car analogy here, the fact a car manufacturer recommends that you use a certain brand of engine oil to lubricate the engine, you don't have to use that brand. It is irrelevant how much they spend on R+D every day to develop their engines, the brand of oil you use after YOU have bought the car is entirely your own choice."

Now days you need to ensure the oil adhere's to the specification as determined by the manufacturer, especially in diesels with DPF's and those newer ones with Ad-Blue. DPF's need low ash oils, putting normal oil in will coat the DPF and result in hefty repair bills, especially when the service person will spend ages diagnosing the issue as they won't initially know its just because the wrong oil spec was used.

https://bevo.mercedes-benz.com/bevolisten/221.0_en.html

Re: IBM

"I would not WORK for or buy Anything from IBM now. as for RedHat, Give it time. IBM will start importing the suits to "rationalise" the RedHat business, before finally killing it with a thousand cuts."

Gini is gione now, there is a new CEO in charge and changes will be made.

Re: Massive invasion of privacy

"Not sure why so many down-votes. Must be the same who think that NI is not taxation. Councils are very obviously part of the government in all but name. As just one clue - they impose tax on us (council tax). Tax is money that is collected by and for the government."

look at it this way then:

National Government = Party that leads Parliament

Local Government = Party that runs the local city / county etc

your conflating this issue with being the fault of the national government, when in fact its the local government who have instigated, bungled & are at fault for this.

In this case local and national governments are from opposing parties, but even if it was the same party its still not an issue from national government when local government have done this against their own citizens without the knowledge or consent of the national government.