* Posts by vulture65537

83 publicly visible posts • joined 3 Jan 2019

Page:

Torvalds' typing taste test touches tactile tragedy

vulture65537

Cooper Pair

> Model M is the Steinway, the Stradivarius of the qwerty world

Tommy Cooper found in his attack a Stradivarius and a Rembrandt.

Unfortunately Stradivari couldn't paint and Rembrandt made terrible violins.

IBM scores perfect 10 ... vulnerability in mission-critical OS AIX

vulture65537

Re: So much for....

About 1998-9 Troy Bollinger did a great job of handling the batch of bug reports gave him on AIX 4.1. One of which was library code and he pointed me to other vendors.

Governments can't seem to stop asking for secret backdoors

vulture65537

Every other government from North Korea, Iran, and France will be able to obtain everything MPs put in the platform.

One stupid keystroke exposed sysadmin to inappropriate information he could not unsee

vulture65537

Re: Quite the opposite experience

What about an earlier vehicle of yours you know has been scrapped?

vulture65537

At uni in the 1980s we all got a floppy disk and were strictly told not to copy copyright material such as Apple Mac applications Almost immediately after was the lesson on copying files where it was suggested we copy MacWrite to floppy.

Backup software vendor Veeam deleted forum data after restoration SNAFU

vulture65537

Re: Didn't backup frequently enough?

Maybe they could have gaps in the ID range reserved for corrections.

Maybe they could have a journal of changes capable of replying parts.

I was told to make backups, not test them. Why does that make you look so worried?

vulture65537

Re: Backup to /dev/null

I knew someone get the tape device name wrong. This created a large file under /dev/ and a puzzle why the tape was blank .

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'

vulture65537

Re: What!

S3 buckets can be used for web hosting. These days you need to fiddle with settings to allow that. So if someone is intentionally providing something to the public it's not normal that the public would need to authenticate to read it.

Brackets go there? Oops. That’s not where I used them and now things are broken

vulture65537

Re: AND / OR

In a cafe I once ordered coffee and strawberry ice cream which got me dual flavour ice cream and no coffee.

vulture65537

I worked at a major email system where the 'block email from that address' control was mixed in and hard to separate from such other powerful features that minor changes to the block list (could be several a day) all had to come to someone as senior as me

Abstract, theoretical computing qualifications are turning teens off

vulture65537

Re: WYF!

6502 assembly could be programmed from the BASIC UI.

vulture65537

Re: WYF!

It was in the ladybird book.

US Army turns to 'Scylla' AI to protect depot

vulture65537

Will it be available to the secret service?

Wanted. Top infosec pros willing to defend Britain on shabby salaries

vulture65537

Re: Pay grades

renumeration

And dodgy spelling/typing.

vulture65537

My pension record shows salary £42,750 in April 2005.

And nobody ever took any notice of my reports and advice - even managers with no first hand knowledge denying my own observations.

Revamped UK cybersecurity bill couldn't come soon enough, but details are patchy

vulture65537

>. idea is that if more organizations have to keep their security controls in line with government-set standards,...

When I worked in the private sector to government standards about 10 years ago they weren't all that sensible.

systemd 256.1: Now slightly less likely to delete /home

vulture65537

Saltzer & Schroeder gave principles in the 1970s including

Safe Defaults

Proving yet again that people will put more work into making a mess than into finding out what's good to do.

'Little weirdo' shoulder surfer teaches UK cabinet minister a lesson in cybersecurity

vulture65537

I saw a commuter on the tube carrying a pack of paper in a transparent case. In the front of the pack was a letter reading Dear $name, ...

I spoke to her by name (great shock) and suggested the transparent case in public was a bad idea.

Bad vibrations left techie shaken up during overnight database rebuild

vulture65537

Canary Wharf workers near a pile driver have had to explain in their conference call with other sites what is going on.

Three-year-old Apache Flink flaw under active attack

vulture65537

Managers are divided between those who refuse to believe a bug exists even when it was discovered years earlier by a member of their own team - that the manager has spoken to but insists that he knows better than technical staff

Or the kind that believes bug reports such as red hat rpc still contains a flaw fixed in 1998 just because the version number shown over the network is still 1.2 .

Neither one is curious enough to ask about the truth or be any more satisfied with better conditions than you get by doing nothing. This ensures that nothing will be done except useless things because something must be done

These are real examples from work and people with names omitted.

Will Flatpak and Snap replace desktop Linux native apps?

vulture65537

Re: One thing you've missed

Disconnect from network then do your volume or filesystem snapshots. Reconnect to network to copy them to other storage.

vulture65537

Re: Performance isn't free...

Mark Bannister (of Jane Street) documented one on Linkedin a few years ago while I still had an account on it.

Your security failure was so bad we have to close the company … NOT!

vulture65537

Re: Would you believe...

Don't tell me this was at a greeting card company.

Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks

vulture65537

Re: Driver Signing

What about refusing to downgrade to a lower version (after the new version has been in use for a day)?

Who needs the A-Team or MacGyver when there's a techie with an SCSI cable?

vulture65537

Re: HOWTO Move Your Server

At Uni I was reading a book which covered three-phase power (it turns out to be important for X-ray machines) and found in the book a warning that if the fuse blows you must not replace it with a nail.

vulture65537

Long ago somewhere in this galaxy there may have been someone who tinkered with the inside of a PC so much he got to leaving the screws undone and the case open a few centimetres. Then there was contact from a near neighbour (who had not seen indoors at this place) complaining "You're running a PC with the case off which interferes with TV signal and is illegal". The case went back on and there was no more complaint.

Wake me up before you go Go: Devs say they'll learn Google-backed lang next. Plus: Perl pays best, Java still in demand

vulture65537

Re: If you want to do Low-Latency properly ...

No - you walk one string and compare to the other buffer that might not contain a string at all (and if it does may not indicate the buffer size).

School's out as ransomware attack downs IT systems at Scotland's Dundee and Angus College

vulture65537

"because nobody knows anything"

This graduate from 13 miles south suspects that's the usual condition.

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

vulture65537

Re: With great power...

You mean it's time someone invented smrsh - the sendmail restricted shell?

https://www.linuxtopia.org/online_books/linux_system_administration/securing_and_optimizing_linux/chap22sec182.html

vulture65537

Re: How?

too right, and common knowledge since at least 1994

http://sunmanagers.mrbill.net/1994/0509.html

Go on, eat your fibre, new build contractors. It's free! OpenReach lowers limit for free FTTP connections

vulture65537

Higher upload speeds would help a lot with backups to cloud.

Wave goodbye: DigitalOcean decimates workforce as co-founder reveals lack of profitability, leadership turmoil

vulture65537

Re: Impressed with the service but........

I used to report port scans and intrusion attempts ... even cataloged the preferred contact method (email/web form * groups/single items) for a bunch of ISPs and automated the reports (with a rate limit).

The most annoying was my own ISP since they couldn't reliably read logs (bsd pf logs in tcpdump format) and often contacted me claiming I was the source of the scans I'd complained about.

A Notepad nightmare leaves sysadmin with something totally unprintable

vulture65537

Re: Support ticket

I had a luser claim that my s/w changed his Solaris hostname to "-a". Puzzled by this since I'd been running it on Solaris for a long time and knew it never changed the hostname, I invited him to look in root's shell history for "hostname -a" where perhaps "uname -a" was intended.

I never heard back.

Brit banking sector hasn't gone a single day of 2020 without something breaking

vulture65537

If El Reg wants to reproduce user content on topical issues isn't it possible to pick items with better adherence to the 3rd commandment?

The time PC Tools spared an aerospace techie the blushes

vulture65537

Re: The scariest word in IT....

I (and Kevin) had to deal with a situation in the early 1990s where the culprit (Carl) had been the last person to leave on Friday (and by the time we arrived on Monday was abroad on leave). He'd left some sort of unfinished reformat and reinstall job without so much as a note about how far he'd got and what was left to do.

During his holiday someone phoned for him and when I said he was away they asked "Oh! How do you manage without him?".

vulture65537

Re: Try 'rm -rf some_directory /*'

I might have done something similarly dumb by starting a directory name #with-a-hash-making-a-comment .

Also GNU rm interprets -r -f etc if it sees them later in the argument list which might be unexpected.

Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoices

vulture65537

Re: Good accounting

> phony invoices that each of the tech giants thought were for real purchases

Years ago I worked at a place that tried to pay invoices whether they were due or not. The drone I spoke to on one of these occasions was panicking that "they might sue us" while I was telling him the cancellation I had in the correspondence file would keep us safe if they did.

Remember the Dutch kid who stuck his finger in a dam to save the village? Here's the IT equivalent

vulture65537

Re: Once upon a time in Brighton...

I found a situation where a password could not be changed; even by root using 'passwd -r files luser'.

The line in /etc/passwd was there but the passwd program was not reading it. Enter truss .. /bin/passwd was quitting before reading the whole file which meant a problem in the file. pwck pointed out wrong number of fields.

And somebody's edit had left a blank line mid-file resulting in later lines not being used.

Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws

vulture65537

Re: Translation:

No harm in a few more instance types and let the customer choose?

vulture65537

Re: "We take our customer's privacy seriously..."

> Dedicated servers if you are handing PII, including financial transactions.

Then there are your passwords, SSH keys, ASLR variables, CSRF variables etc so even if you have no PII you might want to step up the caution.

Gravitons, Neoverse... you'd be forgiven for thinking AWS's second-gen 64-core Arm server processor was a sci-fi

vulture65537

Re: All Amazon CPU include a integrated microphone as standard

always

https://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

In Rust We Trust: Stob gets behind the latest language craze

vulture65537

Re: Do...While

do { ... } while(0) was a tool taught me* in the 1990s for use in C macros.

When you have your code:

if (x) frobulate;

you don't need {} after the if even when frobulate is #define'd as multiple statements of something.

* by the pdksh maintainer Michael R?? er, web search suggests Rendell

That code that could never run? Well, guess what. Now Windows thinks it's Batman

vulture65537

Yes they were.

vulture65537

> warning for anyone ever tempted to insert witty error messages into their code

sudo has an option for "insults" (strange sayings emitted when you enter a wrong password). I maintained sudo for a while in a company which meant download/compile/package when there was a new version. There were a few people so alarmed by the "insults" that they made helpdesk calls to people who didn't know what they were and didn't know how to find out about them. In later releases I made sure the insults were turned off.

examples here: https://grayson.sh/blogs/viewing-and-creating-custom-insults-for-sudo

Before you high-five yourselves for setting up that bug bounty, you've got the staff in place to actually deal with security, right?

vulture65537

Re: Job Postings

> Hiring an infosec person, chucking them in a corner and paying them well will never be a waste of money.

That's exactly a waste of money as you missed out the part where you should take their advice.

UK tech freelancer numbers down for first time in 5 years since IR35 tax reforms hit public sector

vulture65537

> contracts finishing by 28th February 2020

Did they not notice the leap year?

No one would be so scummy as to scam a charity, right? UK orgs find out the hard way

vulture65537

Re: Charities are a fraud

Years ago there was a debate in the newspaper about pay in public v private sectors. Someone defended his public sector pay because of the amount of money he managed (i.e. spent). Another writer said spending money is easy and the hard work in the private sector is earning the profit.

Tearoff of Nottingham: University to lose chunk of IT dept to outsourcing

vulture65537

Re: And this means

> keep the expensive part of the IT organisation

Did Amdahl also make a law of finance ?

'Technical error' threatens Vodafone customers with four-figure roaming fees

vulture65537

Re: "Customers will not be charged"

Vodaphone -> Vodafone

The safest place to save your files is somewhere nobody will ever look

vulture65537

He's been learning from Richard Attenborough. https://www.imdb.com/title/tt0049637/

Page: