Posts by vulture65537

Re: Driver Signing

What about refusing to downgrade to a lower version (after the new version has been in use for a day)?

Re: HOWTO Move Your Server

At Uni I was reading a book which covered three-phase power (it turns out to be important for X-ray machines) and found in the book a warning that if the fuse blows you must not replace it with a nail.

Re: If you want to do Low-Latency properly ...

No - you walk one string and compare to the other buffer that might not contain a string at all (and if it does may not indicate the buffer size).

Re: With great power...

You mean it's time someone invented smrsh - the sendmail restricted shell?

https://www.linuxtopia.org/online_books/linux_system_administration/securing_and_optimizing_linux/chap22sec182.html

Higher upload speeds would help a lot with backups to cloud.

Re: Impressed with the service but........

I used to report port scans and intrusion attempts ... even cataloged the preferred contact method (email/web form * groups/single items) for a bunch of ISPs and automated the reports (with a rate limit).

The most annoying was my own ISP since they couldn't reliably read logs (bsd pf logs in tcpdump format) and often contacted me claiming I was the source of the scans I'd complained about.

Re: Support ticket

I had a luser claim that my s/w changed his Solaris hostname to "-a". Puzzled by this since I'd been running it on Solaris for a long time and knew it never changed the hostname, I invited him to look in root's shell history for "hostname -a" where perhaps "uname -a" was intended.

I never heard back.

Re: The scariest word in IT....

I (and Kevin) had to deal with a situation in the early 1990s where the culprit (Carl) had been the last person to leave on Friday (and by the time we arrived on Monday was abroad on leave). He'd left some sort of unfinished reformat and reinstall job without so much as a note about how far he'd got and what was left to do.

During his holiday someone phoned for him and when I said he was away they asked "Oh! How do you manage without him?".

Re: Good accounting

> phony invoices that each of the tech giants thought were for real purchases

Years ago I worked at a place that tried to pay invoices whether they were due or not. The drone I spoke to on one of these occasions was panicking that "they might sue us" while I was telling him the cancellation I had in the correspondence file would keep us safe if they did.

Re: Once upon a time in Brighton...

I found a situation where a password could not be changed; even by root using 'passwd -r files luser'.

The line in /etc/passwd was there but the passwd program was not reading it. Enter truss .. /bin/passwd was quitting before reading the whole file which meant a problem in the file. pwck pointed out wrong number of fields.

And somebody's edit had left a blank line mid-file resulting in later lines not being used.

Re: Translation:

No harm in a few more instance types and let the customer choose?

Re: All Amazon CPU include a integrated microphone as standard

always

https://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Re: Do...While

do { ... } while(0) was a tool taught me* in the 1990s for use in C macros.

When you have your code:

if (x) frobulate;

you don't need {} after the if even when frobulate is #define'd as multiple statements of something.

* by the pdksh maintainer Michael R?? er, web search suggests Rendell

Yes they were.

Re: Job Postings

> Hiring an infosec person, chucking them in a corner and paying them well will never be a waste of money.

That's exactly a waste of money as you missed out the part where you should take their advice.

> contracts finishing by 28th February 2020

Did they not notice the leap year?

Re: Charities are a fraud

Years ago there was a debate in the newspaper about pay in public v private sectors. Someone defended his public sector pay because of the amount of money he managed (i.e. spent). Another writer said spending money is easy and the hard work in the private sector is earning the profit.

Re: And this means

> keep the expensive part of the IT organisation

Did Amdahl also make a law of finance ?

Re: "Customers will not be charged"

Vodaphone -> Vodafone

He's been learning from Richard Attenborough. https://www.imdb.com/title/tt0049637/

Re: A common misconeption

I blame the Potato farm.

Re: DES

https://www.usenix.org/publications/login/december-2003-volume-28-number-6/end-crypt-passwords-please

December 2003 article on the limitations of old DES crypt()

Re: Let me get this straight ....

> universe is expanding

That applies on large scales. Bringing nearby things together is not prevented (so it's not an excuse why your golf club misses the ball).

Re: Santander

I had Powergen phone me to say I needed to change my password which included the term "cheating bastards" because of the way they'd used higher estimated bills than actual meter readings.

Re: How is it any better than running NoScript

> introducing lumps of code from sources over which its developers have no control

https://www.troyhunt.com/locking-down-your-website-scripts-with-csp-hashes-nonces-and-report-uri/

Have you written your cloudy serverless proposal?

https://dilbert.com/strip/1995-11-27

Re: With All Due Respect to Larry Wall

Your experience is not complete until your boss personally tells you that an unpatched bug does not even exist . This is a bug that you discovered and reported to the vendor 9 years earlier and (after testing the patch) sent a description to a security mailing list that's archived on the web.

Re: A new idea?

Dear Boss, Refer to quote from Dorothy Parker.

Re: Privelage escalation

privilege

Re: Perhaps you should advise your children

You do not tell them what to play. They do not tell you what to do with the money.

Re: Strange

out of copyright by now

Re: Par for the course

> SHMBO

Relative of SWMBO?

Re: But surely

Assuming you mean read-only anonymous FTP for distributing stuff there's not a lot wrong with it.

But it does have a disadvantage relative to HTTP. The data connection is prone to receiving connections from unexpected participants sneaking in before the intended connection.

Re: On the bright side

as seen in new towns and places where building nuclear plant was considered but not done

Re: Does this change anything?

https://en.wikipedia.org/wiki/Domain_fronting

disabled in April 2018 by big players

Re: Bribery at work

If you're not thinking it happened again 3 months later .. think a bit harder.

Re: Nice story

> I'm also happy I'm not the only one who once had a totally pointless day in his career

I was approached by a manager about Friday lunchtime saying he urgently needed some work done for a customer meeting on Tuesday. His own team were on holiday and he did not know when they were due back. So I did 9 hours (IIRC) overtime on Saturday.

Monday comes round and his team are back in the office and say they've already done everything for the meeting.