* Posts by ChipsforBreakfast

38 posts • joined 20 Sep 2019

UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies


Re: Abandon Copper At Your Own Risk....

The likes of BT offering VoIP over it's own fiber is much less problematic (although not entirely without risk) as it controls the infrastructure end to end in that situation. It could, if it so desired, keep telephony traffic entirely separate from data, thus mitigating at least some of the risk of DDoS.

The chances of them actually doing that without a very firm regulatory imperative however are so small that I suspect I have a greater chance of riding in an electric flying car!


Re: This has been a known threat...

A 'private connection' (unless you're talking about a dedicated physical line, which for all but the very largest is utterly impractical) will not save you from a DDoS attack that swamps your provider's bandwidth.

Especially not when the underlying POTS network is gone and everything is IP based.

Much more work is needed before we start transitioning potentially life-critical systems such as telephony exclusively to the internet.

Microsoft sinks standalone Hyper-V Server, wants you using Azure Stack HCI for VM-wrangling


Re: Hyper-V role still available

Perhaps Veeam might like to look at expanding the number of hypervisors they support given the all-but-certain demise of Hyper-V in many SME's after this announcement.

'Hybrid cloud' AKA 'line Microsoft's pockets' is of no interest to the vast majority of our customers - those who want to go cloud have, those who don't/can't won't be railroaded into it.

If I'm going to have to pay for a host OS/Hypervisor than I may as well pay VMware & get a better product for my money. Free, there's KVM, XCP-NG & more (proxmox is interesting if sometimes a little flaky still).

BOFH: Despite the extremely hazardous staircase, our IT insurance agreement is at an all-time low. Can't think why


"they stopped bringing them in around the same time we started bringing hammers in"

I really MUST try that approach... theraputic & good for security!

Apple announces lossless HD audio at no extra cost, then Amazon Music does too. The ball is now in Spotify's court


Re: Yay!

Converting an analog medium into a digital representation and then back to analog again is, to put it mildly, less than ideal.

If you really want to hear it as it was live you need a good quality analog recording & quality playback equipment.

Digital is convenient but it's always going to be a compromise.

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus


Re: If the email was from e.g., a gmail account...

Without the details of the message it's impossible to say whether it should or shouldn't have been spotted.

Doing (as I have to do on occasion) phishing training/testing for companies is a very fine line. You need to make the message as realistic as possible but not so realistic it genuinely cannot be spotted. You also need to consider the target audience - for example a message I'd send to a bunch of trained IT support people would likely only have one, hard to identify, indicator as I'd expect them to have a much higher level of awareness and skills than most. A message going out to a group of office workers/managers would have more and easier to identify indicators in it.

There is a lot of truth in the maxim 'Train hard, fight easy'


Re: Unfortunately,

Calling me up and then demanding I pass 'security' is one of my pet hates.

The lucky ones get away with a polite 'No, I don't give personal information to random callers'. The unlucky (or those who persevere) get the full on lecture/rant about just how stupid they are being.

I've even had one insist that because the caller ID was from their published number (they will remain nameless to spare the blushes of their IT/security team who I'm certain know better) that I had to give them my details. I don't think my offer to call them back from their own CLI was particularly well received....

OVH outlines three-point 'hyper resilience' plan after Strasbourg fire


Re: At last backups you will be able to use your backups

That really depends on what services you're using. We use bare metal servers. We install our own hypervisor on them and we back them up to our own, non-ovh facilities using normal backup tools.

We have contingency plans that allow us to restore to either AWS or Azure if necessary.

It's not really up to the provider of the DC to manage your backups. Sure it's nice if they will but there's no substitute for doing it yourself.


Re: communication


We are OVH clients, with a not insignificant number of servers hosted there. We had servers in SBG2. We also had no data loss and minimal downtime (what downtime we did have was largely my own fault).

OVH has the technology and network available to avoid building systems with a single point of failure. They have advanced networking capabilities if you want to use them (in our case, we've now added API access & scripts to our network monitoring to repoint IP's if a network goes dark).

The point is that the client has to use them. If they don't, they have only themselves to blame.

BC is more than just backup.

Openreach out and hike prices on legacy fixed-line products: Broadband plumber pulls trigger after Ofcom gives the nod


Re: We've switched to LTE

Ah yes, Edinburgh. The place where you might get ADSL, IF you're lucky. The problem there is the physical cabling - it's old & from what I've been told portions of it are actually made of aluminium and not copper which doesn't work with VDSL. Combine that with the almost herculean difficulty of replacing said physical plant in a city where you only need to look at traffic to cause a tailback and random 'conservation areas' making it difficult to install cabinets and you have the perfect storm.

Some areas are lucky and get Virgin Media service. Most don't Leased lines frequently carry stupidly high 'civil works' costs and thus are out reach for many.

Yes, I've fought that war.. many times. I feel your pain.

PS... Starlink isn't too badly priced although coverage is still patchy. 5G/LTE is workable but as you've found there are few options for routers (try Vodafone - the one they offer is probably the best of a bad bunch currently).

From Maidenhead to Morocco: In a change to the scheduled programming, we bring you The On Call of Dreams


Sun, Sea, Sand & Expense Account!

The scene, one dreary day in late march back toward the end of the 2000's. I was working as a lowly field tech for a now-defunct supplier of WiFi to some major hospitality businesses.The call, from a rather panicked account manager came at around 4 on a Friday - the local installation team had botched the job and the customer was threatening to cancel the contract, could I help?.

Calls like that weren't too unusual (the perils of outsourcing installation work to contractors are well known round here!) but the location of the problem certainly was - a top-end resort in Marbella, playground of those with far more money to burn than I'll ever see. Needless to say I didn't hesitate for longer than it took to make sure my passport was still valid and without further adoo a ticket was purchased for Monday. I was a little bit surprised to see it was an open return but put it down to the situation and thought no more of it.

Monday comes, things get stranger still. E-mail from the office with details of a hire car (we usually had to rely on buses or taxis!) that would be waiting at the airport. Business class seat on the flight too (apparently that really was all they could get!) - this was shaping up to be a good job! Got to the site to be met by the general manager who showed me the mess (and it was a mess!) left by the contractor - nothing installed, cables in a heap..a pigsty. He was naturally a bit p**ed off, especially since they were starting to get busy. After a quick inventory & walk around the complex (it's BIG.. lots of blocks) and I figured 3 - 4 days work would do it. Went off, found the GM & told him what I was proposing... which is when it got REALLY interesting.

Apparently, I could only get access to rooms when they were vacant - not just unoccupied, vacant. He & I looked over the booking calendar and worked out a plan... it'd take almost 3 weeks to finish the job. A hasty call to the account manager, who called his boss.... and the job was authorized. The GM was so pleased that it would get done before some VIP's were due he comp'd the entire account - accommodation, food, beer, the lot!

And that is how I ended up spending three weeks in a 3 bed suite of a 5-star Marbella resort, fully comp & working at most 2 hours day. I actually flew my girlfriend out for the second week...

Best call I've ever done!

Missile systems software dev leaker has sentence almost doubled after UK.gov says 4½ years was too soft

Big Brother

Re: Digital Era

You are assuming the motives of those issuing such warrants are benign. In many cases they are but when they are not the impact can be enormous. Encryption provides a way for ordinary people to take control of their information back from the grasping claw of the state - there is generally no need for the authorities to read every e-mail, record every website, monitor every phone call and read every document a person writes but todays technology permits just that, in real time, without the victim's knowledge and on a massive scale.

That is what is driving the uptake of encryption - state overreach and pervasive surveillance. If it wasn't for that there would be no driver to make encryption easier to use or to make it default for normal communications.

Proper encryption has been around since the days of PGP in the 90's but was always hard to use and so remained a niche product, then along came Snowdon and the dawning realization of just how much information was being hoovered up and suddenly there was a huge public interest in encryption technology and lots of effort went into making it easy to use, accessible & almost the default for everything.

That leads to the situation we now find ourselves in. Encryption is ubiquitous and very effective - by it's very nature you can't have encryption that only 'authorized' people can break - it's either secure or it's not, there is no middle ground in mathematics. So the authorities resort to laws compelling people to produce keys or face punishment - however distasteful the idea may be it's probably the best solution there is going to be and it carries one huge benefit over any technical solution - a properly drafted disclosure law (and I'm not saying RIPA is that!) will ensure that such requests get proper judicial and public scrutiny, hopefully limiting any attempts to use those provisions unfairly or without proper justification.

It's not ideal, but it's the best we've got.

OVH founder says UPS fixed up day before blaze is early suspect as source of data centre destruction


Re: Is there a lesson here about putting your eggs in one basket?

How badly impacted you were depended largely on what products from OVH you were using. Their cloud products did not seem to be badly impacted at all (at least not that we noticed) but they also provide a number of other services including hosted backup & the typical 'rent a server' product.

We don't use the backup services so I can't comment on those but we do make extensive use of their rental servers & associated networking. A number of our customers want the benefits of not having to deal with local architecture but also aren't ready to go full public cloud and OVH's rented server/network options are an ideal intermediate step for them but as with anything you have to design it right and use it properly to get the best out of it.

It is remarkably easy (and surprisingly inexpensive) to build a properly resilient architecture using OVH's services. By properly resilient I mean live replication across multiple DC's in multiple locations so you won't get hurt if even a whole DC goes south. Many probably don't bother, trusting that 'it'll never happen' - well, now they know better and that's not OVH's fault. Hard lesson, but the worthwhile ones usually are.

We did have some downtime - one of our client's netblocks was announced via SBG so despite them having a functional replica site they couldn't actually reach it. It took 24 hours to get that sorted out but a sizeable part of that was down to the fact I wasn't as aware as I should have been of all the capabilities on offer to us. After OVH support helpfully pointed me to their API & told me that we can use it to control where on the OVH network our blocks are announced in near real time the client was back online in less than 10 minutes.

We're now adding the OVH API to our config tools so we'll be ready if anything similar happens again....

In this business the learning never stops :)

Talk about a Blue Monday: OVH outlines recovery plan as French data centres smoulder

Thumb Up

Re: It's not the incident that's important

And credit where it's due, OVH got in touch just after 9 this morning and the issue was resolved by 10am.

Customer's happy, we're happy - can't really ask for more (and again, the level of flexibility in the OVH network is really quite surprising for the price point)


It's not the incident that's important

It's what you do afterwards that really counts. We're OVH customers, with servers in the destroyed SBG2 DC. We have redundancy (I've been playing this game far too long not to have!) but that depends on OVH's network actually passing packets correctly, which is isn't right now. I'm perfectly willing to give their support teams the benefit of the doubt for today but that runs out at 9.30am tomorrow because that's the time when I need to make the call on whether to initiate an expensive bare-metal restore to Azure.

If we DO need to do that it'll be entirely down to OVH's lack of support and not down to the fire. It'll also be the end of our relationship with OVH.

Accidents happen but falling over afterwards is avoidable....

OVH data centre destroyed by fire in Strasbourg – all services unavailable


Re: DR Plans

We have a (tested) 48-hr RTO for a full bare-metal restore from backup to an alternate provider (Azure in this particular case since these are all Windows VM's). Actually activating that process is expensive so the decision to do it will be made tomorrow depending on whether or not we can get any traction with OVH support.

To be honest, if we DO have to do it we're unlikely to return to OVH. Accidents happen, what's a lot more important to us is how the aftermath is handled (or not handled...)


Re: DR Plans

OVH has some very clever networking capabilities that in most situations make life much easier for us poor buggers who have to make it all work without upsetting the bean-counters too much.

Said capabilities make it easy(ish) to have a primary site in one DC and replica in a completely different country. You'd think that would be enough DR for just about any reasonable situation... except...

That same clever networking is the Achilles heel. Long and short of it, it's broken. That DR site is now sitting there, up and laughing at my futile attempts to get it to talk to the world.

OVH support, naturally enough, can't give any sort of clue when this is likely to be fixed. I can't blame them for that - I really wouldn't want to be working for OVH's network engineering team right now.

Next up, restore from backup - to another provider!

Lesson : there is NEVER enough DR.

Just when you thought it was safe to enjoy a beer: Beware the downloaded patch applied in haste


Re: Army Email time

I vividly remember spending hours clearing masses of 'snowman eating child' animations from a poor, struggling Exchange server one Christmas. Not long after disposing of 'I love You' either.

Shame I couldn't dispose of the users quite so easily!

Three rips up call centre outsourcing contract with Capita 2+ years early


Re: So a piss poor service

Exactly. Customer service being piss-poor was the reason I left three two years back. Their call center operation was utterly horrendous, one of the very worst I've ever encountered (and given I've spent more time yelling at BT than I care to remember that is saying something!).

It doesn't look like I'll be going back anytime soon...

Beware the fresh Windows XP install: Failure awaits you all with nasty, big, pointy teeth



Evil little buggers. Got hauled out to a warehouse one saturday because 'the wifi wasn't working right'. A quick check revealed that about 70% of the AP' (all mounted about 30ft up!) were offline. Switches & other ground based components checked & ruled out I commandeered a hydraulc platform and went in search of the fault..

There, up in the roof among the girders were the culprits - a family of grey squirrels who'd taken to gnawing on network cables.

I've no idea what it cost them to get the place recabled but I did suggest investing in a shotgun!

While waiting for the Linux train, Bork pays a visit to Geordieland with Windows 10


Re: Need a bit of Raspberry Pi action

I'm sure there are MDM solutions for Linux if you really need them but I'd personally question why you would need them for something like digital signage.

To my mind, a sign is effectively a static black box. It's installed with exactly the build of software it needs to do it's job and nothing else. It's run on a secure network, far from the shark infested waters of the internet. It shouldn't need updating, upgrading or managing at all really, all it needs is a constant supply of electricity & fresh content.

Decent designs will incorporate a watchdog or two to make sure that when they bork (as they all inevitably will) they both try to fix themselves and tell you they're broken so you can give them a hand if needed.

What does it matter if the project you based it on stops development - it's not as if you can't still install the software or use the software... and if you really need something fixed, you CAN fix it.

And there's one plus point for the PI... the software & OS live on a flash card - a wholesale upgrade to the system is only a card-swap away. Not so easy with windows-based systems, even with MDM.

Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app


Re: NHS is a minor problem here, really.

No, google won't have it - that's the point. The system proposed by Apple & Google is decentralised, there is no central store of data to mine/sell/monetise/hack - it just does not exist. The data is held on each individual phone which polls, at intervals, for the ID's last confirmed to have the virus. The phone does the matching against it's local database of contacts and alerts you if it finds one that's on the latest infected list.

The list of contacts is NEVER sent anywhere.There's no 'master list' of everyone's contacts, anywhere, yet it can still function perfectly well as a contact tracing & alerting tool.

It's a very good example of designing a system to do one job, and only one job. It collects only what's absolutely necessary for it to function, transmits only what you let it and provides information only to you.

There is literally NO need for a central data store at all to accomplish the stated aim of this app.


Re: this poses a dilemma

The answer is blindingly obvious and has already been adopted in many other countries - don't collect the data at all, at least not centrally. It's not needed for the stated purpose of the app (contact tracing & alerting) which can be accomplished just as well by a decentralised system.

The only benefit to centralisation would be the ability to directly contact potentially infected people (as opposed to just having an app provide an alert) but for that to work you need personally identifiable information on record as well as the list of contacts...which instantly becomes a tool for mass surveillance, like it or not.

This is NOT about contact tracing, it's about state surveillance of the population. The fact that you can have one without the other is the message we as the technically literate & privacy aware need to be trying to hammer into the collective consciousness of everyone else.

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy


Re: Correction

Location and cell data alone is too coarse, especially indoors. It needs to be combined with a more fine-grained dataset to accurately identify gatherings & contacts.. hence Bluetooth.

Add the two and you have a near-perfect surveillance system that can tell you who met who, where and for how long...a dictator's wet dream!


I won't be installing it even IF they make it a legal requirement. The phone will go in the bin first.


Not on my phone

Sorry, but no. I do not trust our government with this level of access to my personal movements. I also see very few advantages and lots of potential disadvantages to this for the end user. Remember this is the same government that lied through it's teeth about PPE supplies, actively broke the law regarding data retention and continues to sidestep privacy regulations at every possible opportunity.

How long do you think before the back-end data is processed to determine who's phone is seeing the most bluetooth signals regularly and the cops sent to 'remind' them about social distancing? I give it a month, perhaps two and of course it'll all be for our own good.

Central control of alerts also raises another, more sinister spectre. What if the number of alerts being sent were controlled to suit a political agenda. Too much spread this week week making the govt. look bad.. let's just stop sending alerts for a few days. Need to scare a few more people this week.. let's send a batch of alerts out for no good reason.

'Personalised messaging' is pure nonsense and nothing but a smokescreen to deflect criticism. It'll never happen in any meaningful form and it's perfectly possible to design such a system without the need to store data centrally anyway.

It's an odd world indeed when two of the world's worst invaders of privacy are a better option than those who's job it is to protect it!

AI 'more profound than fire', Alphabet CEO Sundar Pichai tells rich folks' talking shop


Come with me if you want to live…

There's still time to build that bunker before August 29th...

Take DOS, stir in some Netware, add a bit of Windows and... it's ALIIIIVE!


Re: HP drivers...

278 fscking MB!!! For a printer!!

You took the words right out of my mouth. How in the name of hell can anyone think it's sensible to have a driver packed filled with such a massive quantity of bloatware & crap is entirely beyond me.

Are HP really THAT hard up for cash?

Image-rec startup for cops, Feds can probably identify you from 3 billion pics it's scraped from Facebook, YouTube etc


Re: Legality

I'm willing to bet this particular company is very much located on the far side of the pond from Europe and considers itself sufficiently insulated from such minor inconveniences as GDPR.

In theory the reach of GDPR is global, the real question is do any of the various regulatory bodies involved have the balls to even try to make that case.

I won't be holding my breath.

Stand back, we're going in: The Register rips a 7th-gen ThinkPad X1 Carbon apart. Literally


Re: Screw count

Don't start me on HP! When recently my trusty almost 10-yr-old HP Envy laptop finally died of a broken case I bit the bullet and bought a new one. Seeing as I'd only recently replaced the SSD in the old one I opted to save a few quid and got the model with the basic spinning-rust disk. I also happened to have a shiny new M2 disk lying about (I forget why, I think I got it for a friend's machine that ultimately couldn't make it work). Should be simple enough to swap the disk....

And the fun began.

- First, you have to pull off the rubber feet/strips that hide all the screws. A right pain in the neck.

- Then you have to undo the multitude of screws hidden below, all so tiny you practically need a microscope to see them

- But the fun isn't over yet, oh no. Now you have to literally prise the case apart and prey you don't actually break anything. Easier said than done.. thankfully I had a plastic lever I used for dismantling equally reluctant phones handy.

Finally, I can swap the disk & stick in the M2. An hour and half just to swap a disk... and most of that spent trying to actually GET to the the disk in the first place!

And how long to remove the drive from the old laptop... under 2 minutes and 2 simple screws.

Progress... you can keep it!

We've found it... the last shred of human decency in an IT director – all for a poxy Unix engineer


Re: Beer...

That's the definition of a *real* manager.

I have before and doubtless will again before I finally decide to hang up my keyboard and go do something sensible instead sat with customers and told them bluntly that the buck stops right here. No, I didn't do the work and I didn't make the mistake but my team did and that makes it my problem.

I've faced down angry CEO's more than once and told them that if they want the head of the engineer then they'll get mine too. Nobody's ever taken me up on it and to be honest if they did it's not a place I'd want to work anyway.

I've also never,ever, hung a member of my team out to dry for a mistake no matter how serious. In fact, we have a very clear policy on mistakes - when you make one, be honest about it up front. You won't get disciplined bot you'll clean up your mess. I'll help you if you need it but you're doing the donkey work. Just don't make the same mistake twice......

A stranger's TV went on spending spree with my Amazon account – and web giant did nothing about it for months


Re: How do we know it was actually a TV?

It seems some devices do show up and others don't. For example, I have two android devices linked to my account, only one of which is shown. Likewise, I have a VM STB linked which isn't shown anywhere.

There doesn't seem to be any rhyme nor reason to it - the android's were linked within minutes of each other yet only one appears....

I suspect there are some fairly serious issues within the Amazon API & associated front end that Amazon aren't being very forthcoming about, the sort of issues that a ripe for a nasty media story and a severe slapping from the ICO when the extent of the problem finally comes out.

I think I'll be re-evaluating my exposure to Amazon services unless they resolve this issue very quickly and openly.

When the satellite network has literally gone glacial, it's vital you snow your enemy



Got at call in the office one day that a point to point link we'd installed across a fairly large river had gone down. Remote troubleshooting proved futile, both sides of the link were up and transmitting but there was simply no signal between them. Figuring that someone had probably walloped one of the antenna (again!) an engineer was duly dispatched to go and realign the link and 'educate' whatever individual had ignored the 'No work at height without clearance' notice yet again.

Fast forward an hour or so... engineer arrives and immediately diagnoses the problem - one very large, grey battleship floating at anchor right in the middle of the beam path. Ticket closed with the immortal words 'Not allowed to move the battleship'....

Accept certain inalienable truths: Prices will rise, politicians will philander... And US voting machines will be physically insecure


Re: Why is this so hard?

The point of sealing the machine in a tamper-proof box isn't to prevent people accessing it - it's so you *know* that someone did. It's no different from sealing a traditional ballot box - anyone *could* open it but not without you knowing about it.

As for the paper receipts -

One copy retained in a separately sealed compartment - that allows for a cross-check of the machine's count against the physical count (so you can determine if someone's tampered with the result after it's been read)

One copy to the voter so they can see that the vote they cast is the vote that was recorded (so nobody can program the machine to show one thing and record another)


Why is this so hard?

It *seems* like a reasonably simple problem to fix.

- Secure the machine, physically. Put it in a sealed, tamper-proof box with nothing but a power plug exposed. No network connections, no wifi, nothing exposed except the touchscreen.

- Give it a printer with a two-part roll. Physically print the ballot cast *as well as storing it electronically*, spit one part into a separate sealed bin and eject the other to the voter.

- When it comes time to count, election officials collect the machines, unseal the outer case and read the vote tally. If there's a ny dispute or concern, a *second set* of officials open the printout box & do a manual count.

That should be almost impossible to subvert given minimal competence and integrity on the part of those running the ballot, surely.

Gearheads get their spudgers into an iPhone 11 Pro Max: Bi-lateral charging, anyone?


Ericsson GH172

As close to indestructible as any piece of electronics I've ever owned. Mine survived :

- Being dropped in a swimming pool.

- Being dropped off of a cherry picker three stories up (it did land on grass)

- Numerous drops, bumps, bangs and general abuse

- Sliding off of a van roof onto the road

- Being dunked in a pint of beer when it rang during my consumption of Liquid Amnesia on a Friday night

It finally died of a simple short circuit, only to be replaced by an almost as tough GH197 - much to my delight I could even reuse the old battery as a spare....

God knows what my Note 10+ would make of such treatment!

Three UK slammed for 'ripping off' loyal mobile customers by £32.4m per year


Re: Worst mobile provider

My experience so far suggests otherwise (as it did for the twenty-odd years I was with them before going to Three because they were cheaper). I've had to contact them once since returning and the phone was answered promptly by a knowledgeable person who solved the problem quickly.

Time will tell (I did see the ranking for customer service before I moved) but so far, so good.


Worst mobile provider

I have never, ever come across a worse 'customer service' experience than Three UK now. 5 years ago they were superb - good service, good network, good prices but it's been nothing but downhill from there. Fast forward to today - 2 hour wait to speak to anyone, ANOTHER hour to actually get them to do anything and just when you think you're past the worst you get told you can't upgrade because the contract you've been paying for the last five years has a contraction of your name on it.... yes, that really happened!

How long to fix the 'problem' - 10 -14 days & a posted copy of my passport! Needless to say I declined this polite 'offer', one PAC code later (thanks for getting at least one thing right) and 5 minutes in the Vodafone shop I have a new phone and a lower bill.

Won't be going back.


Biting the hand that feeds IT © 1998–2021