* Posts by Lunatic Looking For Asylum

95 posts • joined 24 Mar 2020

Page:

VMs were a fad fit for the Great Recession. Containers’ time has finally come

Lunatic Looking For Asylum

Before long we'll be just running several apps on the server, get rid of the dock overhead as well.

Fashion repeats.

'I put the interests of the country first': Colonial Pipeline CEO on why oil biz paid off ransomware crooks

Lunatic Looking For Asylum

To quote his Bobness, parphrasing Dr J I think

"They say that patriotism is the last refuge to which a scoundrel clings"

Fastly 'fesses up to breaking the internet with an 'an undiscovered software bug' triggered by a customer

Lunatic Looking For Asylum

...and fire (the scapegoat) who let it through as soon as we find out who to blame....

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing

Lunatic Looking For Asylum
Happy

It's not single point of failure - it's the cloud, never happens according to my mate Gary in marketing...

Home Office slams PNC tech team: 'Inadequate testing' of new code contributed to loss of 413,000 records

Lunatic Looking For Asylum

Re: Realities

I resemble that remark :-)

As another vendor promises 3 years of Android updates, we ask: How long should mobile devices receive support?

Lunatic Looking For Asylum
Facepalm

You do realise that you have now condemned your battery to fail, the digitser to stop working and and the CPU to develop a thermal fault - and all so you could say how wonderful it was :-)

Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report

Lunatic Looking For Asylum
FAIL

Re: Tangential rant - there - I feel better :-)

Glad to know I'm not alone.

I thought that playing their game would get it workiing so I went down the SPF, DKIM, DANE and TLS route and it made not a blind bit of difference. Never had a problem so far with gmail - just M$.

It's still happening - maybe I should try something other than Exim :-)

Lunatic Looking For Asylum

Re: only a hundred thousand

1.1 million complaints, 100k linked - policy appears to be only worry if we get 10 or more complaints.

They also said 'linked to' - they didn't say they did anything about them so I wonder how many were actually deleted.

I use Namecheap myself - have done for almost 20 years - they were Enom resellers when I first started using them. The service has been quite good over the years though I am sick of asking them to stop sending emails out in HTML only format.

Recently, my account has been getting locked due to failed login attempts - I suspect that Namecheap are now being bombarded with speculative logon attempts, they are now a nice big target.

They also supported the Nominet EGM so they earned some respect there :-)

Lunatic Looking For Asylum
Flame

Tangential rant - there - I feel better :-)

My RANT with MS is the fact that most of my mails to outllook/hotmail go to clients JUNK folders and you get no feedback from M$ as to why - at the moment I'm getting regular spam offering the services of sweet young things from outlook via what looks like some sort of injection into sharepointonline.com.

Of course M$ won't do anything about it.

It's in their interest to give externals a sh*t service - there's peer pressure from clients to do even more of their dirty work :-

DId you get my email ?

No.

Is it in Junk ?

Yes.

Cool, any ideas why it went to junk ?

No. Why don't you use outlook for you mail - we never get stuff in junk from other microsoft clients...

Grr

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Lunatic Looking For Asylum

Re: Accountants and Financials

But shouldn't they have been told ?

Realistically, somebody somewhere down the food chain will have warned them about the possibility of the attack - I bet there's some techy guy rubbing his hands with glee and running round shouting I told you so - naa naa na naa naaa :-)

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

Lunatic Looking For Asylum
FAIL

Re: Exim rules!

Philip Hazel retired years ago - Exim was at 3 something when he went and he's had nothing to do with it since.

Exim 4 has been pretty solid but it is getting unwieldy, it's configuration is arcane and idiosyncratic and it's documentation obtuse (never mind the quality - look how many pages we've got).

It's certainly suffered from feature creep.

I don't think the devs have anything to to be proud of really.

Even this emergency release, they mentioned a feature that turns off the taint checking but also said it's immediately deprecated and that feature isn't in the main release - you have to download a slightly different release '-fixes' which there isn't a tarball of on the main download server.

Alternatively you can download the previous 4.93-fixes stable (release without the tainting checks) that they have generously applied the patches to but again the tar files are not on the main site.

Yep, you have to pull a git release from the source repository to get those fixes - sigh :-(

I'm definitely thinking of an alternative now - Exim's credibility is at 0 now and I have a load of work to do because of how they have handled it - a comment from the mailing earlier mentioned they had been sitting on these bugs for 7 months.

They then go and release and publish and everybody is left running around like idiots hastily patching, rebuilding and fixing stuff. It will all end in tears.

I know it's not polite to criticise volunteer efforts but sometimes being too polite creates more trouble. If people had been more critical, Exim may not be in the mess it now is.

Lunatic Looking For Asylum
Flame

I still use exim

Been using it since 1993 ish.

Just been and compiled and rolled out the new release. Ended up having to do a lot of reading and farting around.

Exim has copious documentation but it is really difficult to digest. Most of the problems today weren't with the compile, it was trying to find what I needed to do to the configuration file so that it would used de-tainted data.

What's de-tainted data ? I hear you all cry. In their wisdom the Exim developers decided that any data that could possibly come from the outside world was dangerous and couldn't be used directly in, for example the name of a file. Seems like a good plan but they didn't tell anybody they were doing this, they just rolled it out and mentioned it in the release notes (not even at the top of the release notes either). Consequently the mailing list was flooded with people screaming because their 'working for decades' configs suddenly stopped.

It's generally been accepted thet the exim devs could have handled the release better.

It's particularly galling that while the devs were busy looking at the tainted data splinter they missed the *()&ing planks that today's release is hopefully in mitigation of.

It does make me wonder what else they have missed and has dented my (and I suspect a lot of other postmastes) confidence in the product.

Facebook, it's cool to see you using Rust and joining the foundation, but please don't Zuck it up for all of us

Lunatic Looking For Asylum

Re: Rust - the language for coders who can't.

> Good coders who use Rust are prevented from the occasional mistake.

Only if Rust detects them.

Bad coders are prevented from the majority of mistakes.

There is the problem that all coders will over rely on the compiler and have the 'it must be good code because the compile was clean' attitude.

I don't see any of the those as benefits.

A good cautious slow C programmer is preferable to a dozen sloppy rust code monkeys putting blind faith in the compiler.

Lunatic Looking For Asylum
FAIL

Re: Rust - the language for coders who can't.

I can imagine that they would spend all that time dreaming up new algorithms and horizons and better more efficient ways of doing it.

In reality, they'll just go and yak about daytime telly and watch more soaps.

Too many programmers don't give a flying fig - if they did we wouldn't have as many security breaches, OOM errors, patch Tuesday's and segfaults as we do.

Manglement are as much to blame - quality vs quantity etc. and deadlines trump correctness.

Lunatic Looking For Asylum

Rust - the language for coders who can't.

Potentially dangerous code can be written in any language. Good coders know this, good coders work hard to ensure there is no dangerous code. Syntax checking and analysis by rust just allows crap coders to get away with being crap. Can you imagine the horrors that will result when all these Rust programmers suddenly have to write a bit of C or C++.

I'm currently sorting some Python out & I can confirm that while code is beautifully indented and formatted, it is still shit code, uncommented and logically flakey.

I won't use Go either - any language that forces a style on you is plain old bad.

Traffic lights, who needs 'em? Lucky Kentucky residents up in arms over first roundabout

Lunatic Looking For Asylum

Great Idea BUT sh*t implementation

Pet peeve - traffic management signs on motorways - e.g. A123 closed at J92. Where the F is that - I might know the A123 and J92 if I live on it but as a passing driver no chance. If they said A123 closed at THE NEAREST TOWN TO THE CLOSURE it may actually help.

Other than that, signs are a good way to go.

'There was no one driving that vehicle': Texas cops suspect Autopilot involved after two men killed in Tesla crash

Lunatic Looking For Asylum
Mushroom

Re: Spare Tyres

Things must have been desperate if you were considering McD's.

I think I'd have eaten the tyres first.

Lunatic Looking For Asylum
Childcatcher

Re: "more of a super-cruise-control"

I take my wheels off, wire brush the bosses clean and the inside of the wheel hub and slather the mating parts with a CopaSlip

https://www.molyslip.co.uk/copaslip/

Also do the threads on the nuts/studs.

Your nuts come loose so much better when well lubricated fnarr fnarr.

Lunatic Looking For Asylum

Re: Lockdown Lift Euphoria

In my experience, I feel that the standard of driving on Britains roads is now worse than it was before covid.

As a cyclist, I see more close passes, poor lane discipline and aggressive driving than I did before lockdown.

As a car driver, I have been passed in 30 & 40mph zones more often as well.

Too many think a driving licence is a right not a privilege.

Do you expect me to talk? Yes, Mr Bond, I expect you to reply: 10k Brits targeted on LinkedIn by Chinese, Russian spies

Lunatic Looking For Asylum
WTF?

At least in the olden days, some beautiful Russian woman (or young man...)

would try sleeping with you - now it's just a spotty nerd in a run down office block clicking 'Like' icons :-(

Never done LinkedIn, or any other social media platform for that matter.

I was working at <I'd rather not say> defence contractor in a security role (it may or may not have been patroling the perimter and issuing car park passes but it was still security) a few years ago and the missive came round telling staff to remove their clearance status from LinkedIn.

Personally, if you are stupid enough to put your clearance status on LinkedIn then you should be fired and have no place in a security role. The only exception I can think of is if you are phishing for foreign agents to contatct you.

I _REALLY_ don't get social media.

Vote to turf out remainder of Nominet board looks inevitable after .uk registry ignores reform demands

Lunatic Looking For Asylum

Re: My Vote

> I am the registered 'owner' not my registrar,

You would be surprised to see how many domains I have had from the big boys where the registered owner is the large registrar themself. I've not had one come in since Nominet started making a fuss about it a few years ago but it was very common. Admittedly some of the smaller registrars were sloppy but the big ones were worse simply because the registrant was ignorant and was guided through the requirements.

And the one domain one vote was tried - but it was realised that it would only take a couple of the largest registrars to collude and there would be mayhem - couple this with the lare registrars not being UK based and you basically have no teeth.

Lunatic Looking For Asylum

Re: Shine a light

I can compete with <CHOOSE YOUR SUPPORTING REGISTRAR HERE> on price and service - as can any one of the other smaller registrars.

Over the years I have seen hundreds of customers leave me for the likes of 123-reg and 1&1 - sadly, I don't think most customers care, they just see the 'domains for 1p' and other dodgy claims.

The problems started long ago - I've been a member for over 20 years and some of my fellow members have been railing against Nominet and the management of it from before I joined, it has been, if not as rotten as it is now, getting a bit whiffy for a lot longer than most people want to admit.

Nominet have never kicked 1&1, 123 or uk2 to name a few of the big bad ones and I have had to jump through hoops to clean the mess up when receiving domains in - it was not uncommon for domains to come in from the big registrars with registrant details that were wrong and should not have been registered. The likes of the above three didn't care, they'd got the money, they'd also got a lot of clout with Nominet as well. Little fish like me got the grief though.

I also got a LOT OF GRIEF from Mrs Lunatic because she had to do the paperwork and sort the TS&C's out and jump through hoops with policy documents for Nominet to inspect just so we could become an 'accredited' registrar. I'm expecting a letter from Nominet any day now telling me that they have audited our web site and it's still compliant but our liability insurance is about t o expire so please supply us with a policy number to maintain your accredited status...

And then you see what a bunch of self serving pocket lining brain dead oxygen wasters is running the board - you may understand why the members are thoroughly disenchanted.

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

Lunatic Looking For Asylum

Re: Whose bloody computer?

I wondered about this as well. Why didn't they just get a court order to threaten turn off said companies internet connection in X days if they fix the problem. You can lose your freedom for petty misdemeanours, why not just lose your link until you have shown that you can fix the problem.

Going in and modding somebody's server - no matter how bad the situation or good the intentions is an awful precedent to set.

Key Perl Core developer quits, says he was bullied for daring to suggest programming language contained 'cruft'

Lunatic Looking For Asylum
Pint

Re: His resignation letter in full

Strongly resisting the urge to paste that into a file and run it.

icon x $^T

How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director

Lunatic Looking For Asylum

Re: While we are stamping on things

Is this a recent thing - my N8 was acting weird for a few days last week and I did a webview update and it solved the probs. Google had pushed a funny patch out that was stuffing something and forcing a reload was enough to clear the probs. I'm sure I saw an article on the reg somewhere about it... here it is :-

https://www.theregister.com/2021/03/23/google_webview_patch/

Lunatic Looking For Asylum
Coat

Of course, it would be cheaper if said companies (and public sector orgs) actually paid for qualified advice and staff to mange the problems and risks BEFORE the attack took place.

Unfortunately we have a culture of cheapest wins and Brenda* can do speadsheets, lets make her security officer.

*Apologies to any person called Brenda - it's not personal - I just pulled the name at random - I don't know anybody called Brenda either.

Prince Philip, inadvertent father of the Computer Misuse Act, dies aged 99

Lunatic Looking For Asylum

Re: No TV

Hnnph.

I was working in Holland when she died. I remember waking up to BBC R4 on longwave and thinking "WTF are they on about - you'd think she was dead"...

Had a pleasant ride from Eindhoven through to Belgium on that day. I embarassingly was the slowest tomato.

It was a PITA getting back home for a couple of weekends - the country seemed to have gone mad and everybody wanted to go home. It took me ages to get through Schipol due to the queues. I'd have stayed in my flat another weekend had I realised.

I'm glad I was out ofthe country and was a bit embarassed by what looked like mass hysteria.

UK's National Cyber Security Centre recommends password generation idea suggested by El Reg commenter

Lunatic Looking For Asylum

pwgen and vi -x here.

Firefox does a pretty good job of generating garbled passwords and storing them. PITA if you want to access a site from another machine though.

My pet hate is websites that change the rules so the password you register with uses a different rule set to the "I've forgotten My Password" process.

Lunatic Looking For Asylum
WTF?

Intrigued. What does this mean ?

Nominet ignores advice, rejects serious change despite losing CEO, chair, half its board in membership vote

Lunatic Looking For Asylum

Re: Eleanor Bradley

> Where do they all belong?

At the trough with their ilk.

Chairman, CEO of Nominet ousted as member rebellion drives .uk registry back to non-commercial roots

Lunatic Looking For Asylum

Re: One question

You are Russel Howarth and I claim my £5.00

Lunatic Looking For Asylum

Re: One question

Bloke with a big shed then.

Marketing - the registrars do that - why do Nominet need to do it ?.

Finance - only needed to find intuitive ways to line the directors pockets - realistically :-

money in from domains - (server costs + staff costs + a bit for contingency + a bit for good causes) == 0.

Personally, I knew they's blew it when I found they were using Oracle as the backend database,

The registry is only as bloated and inefficient as it has been made by the gravy chasing leadership has made it over the last few decades.

Nominet have tried (successfully!!) to make a mountain of the molehill, it seriously does need reforming and has done for several years, I have been a member for over 20 years and when I started there wereother members complaining about the way it was run - and they wee right then and they are still right - it's just that Nominet managed to sideline, ignore and gerrymander the system against them.

Any idiot can run a monopoly, unfortunately for the erstwhile board, they were special idiots that brought the monopoly down.

Desperate Nominet chairman claims member vote to fire him would spark British government intervention

Lunatic Looking For Asylum

They have always used 'the goverment' gambit.

There were worries years ago that BIS would get involved and that Mandelson had his beady eye on the organisation when there were problems - it quelled the dissent then. Can't remember what the crisis was at the time - I think it was something about voting rights and power being given to the board.

I've lost interest over the years in Nominet - I'm still a member and dutifully pay my fees but have basically been treat by them (as have other smaller members) like shit and totally ignored. Eventually, we have had enough and this is the result, the structure is Gerrymandered for the big organisations and they have supported Nominet, hopefully when the mess gets cleared up, there will be a more equitable relationship between Nominet and ALL it's members.

TBH, the governemnt marching in and stomping all over them wouldn't make things much worse.

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

Lunatic Looking For Asylum
Boffin

Re: Buffer overflow, a "traditional" issue

I think 'young coders' tend to JFGI and cut and post the code samples they find which are usually the best examples of how not to write perfectly formed, commented and structured code.

Lunatic Looking For Asylum
Facepalm

And Debian fluff it of course...

The update for grub2 released as DSA 4735-1 caused a boot-regression

when chainloading another bootlaoder and breaking notably dual-boot with

Windows. Updated grub2 packages are now available to correct this issue.

For the stable distribution (buster), this problem has been fixed in

version 2.02+dfsg1-20+deb10u2.

Lunatic Looking For Asylum

Nothing :-)

They will roll out the patches to Ubuntu (if they haven't already) and it will automatically update as is Ubuntu's wont.

If you are really desperate to apply the patches, open a terminal and :-

sudo -i

apt-get update

apt-get upgrade

and that should apply all the latest and greatest.

My preferred method is :-

apt-get dist-upgrade which is a bit more intense that a mere upgrade ;-)

YMMV

Are you a Stable Genius because you look after horses before they bolt ?

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

Lunatic Looking For Asylum

Re: My 6 bay QNAP has been fabulous for the last 15 months or so...

Can I have it :-)

I'll bung Debian on it and make good use of it.

I'll even go as far as offering to pay postage and I have a couple of old burnt out UPS you can have to use as doorstops :-)

Lunatic Looking For Asylum

I've got a couple of them

I installed debian on them, it's a bit fiddly without a console.

Next NAS box I get will be a DIY thing - the QNAP's are good but lack of a console and proprietary motherboard and UI lets them down a bit. They're great for plug and play but to really make best use of them, ditch QNAP's O/S which is a pretty limited Linux.

VMware to stop describing hardware as ‘male’ and ‘female’ in new terminology guide

Lunatic Looking For Asylum

Re: Give my greetings to the new brunette

I forgot about Karen - have a beer - if that's your thing - if it offends your puritannical self, let me know and I'll drink it myself :-)

Lunatic Looking For Asylum

Give my greetings to the new brunette

Shirley Crabtree ?

Wikipedia has a page of Shirley's, admittedly there are more Shirley (F) than Shirley (M) but Shirley (M) is not that uncommon.

John Wayne was a Marion.

Point is, even with the new names, they are going to upset somebody somewhere - it's just that those they upset won't be the ones they are upsetting now.

In a few years time, we will be having them change the stuff because we're all woke to Shirley's plight :-(

Lunatic Looking For Asylum

Re: This PC subversion only idiotically makes things harder and more confusing for competent people

We could always steal 'bastard' from engineering. If we can't think of a nice friendly name for something we can just call them bastards. So we have a bastard mating with a bastard, or a bastard calling a bastard.

That should clear up all confusion :-)

Lunatic Looking For Asylum

Re: Last time I checked ...

Careful - you may offend case' sensitivities...

Lunatic Looking For Asylum

Re: Virtue-signalling wankery

Get Impact sockets - they drive and undrive much better :-)

https://en.wikipedia.org/wiki/Socket_wrench#Impact_sockets_and_drivers

Lunatic Looking For Asylum

Re: While we're on the subject…

I don't suppose we can call it the black market anymore - or the black economy either for that matter.

And those naughty people can't be blaggards either.

Lunatic Looking For Asylum

I blame Dick Emery.

From 1980.

About 10:45 in ...

https://www.youtube.com/watch?v=63oUjjIVqVI

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cash

Lunatic Looking For Asylum
Paris Hilton

Re: Students.............

Sorry, Massage girls are first to go - they're the honey traps for the try spymasters...

Tony Blair tells Russian infosec conference that cross-border infosec policies need more gov intervention

Lunatic Looking For Asylum

Tony Blair apparently "Didn't do God".

Analogue radio given 10-year stay of execution as the UK U-turns on DAB digital future

Lunatic Looking For Asylum

Blat fatteries

This was one big gripe with them. They ate batteries and I ended up leaving them plugged in to the wall wart. More annoying was that the radios had to be on a window sill to receive anything, I don't get a particularly good FM signal here either but I can generally get it anywhere in the house with a bit of careful orientation of the radio, DAB is window sill only, it has improved since early days where it was kitchen window sill, at least now it's any window sill and the dining room.

Don't get me started on the number of times we have to retune the smart telly because somebody has decided to renumber the stations or move them.

Back in the 405 days, we had three channels and admittedly the volume wasn't there but at least you could watch something. Digital it's either picture of black screen.

We'd probably get better service if th BBC actually puit some money into infrastructure and bandwidth instead of the luvvies/over paid presenters.

Lunatic Looking For Asylum
Thumb Up

Re: World radio

Really good. I liked that though it thought I was in Canada :-)

http://radio.gaga whould have been much cooler :-)

Ex-barrister reckons he has a privacy-preserving solution to Britain's smut ban plans

Lunatic Looking For Asylum

Re: porn

One person's filth is another's erotic art.

Once government start banning or controlling this, they won't stop. Eventually, you would only end up with government filtered content because the governments would be under so much pressure for the next moral issue to hit society. Ban junk food sites, ban you tube because there's some scary stuff on there about sharpening pencils with a craft knife...

In essence, the proposal won't work. How do you know it's porn firstly ? The originator has to classify it. What if they don't ? Do you say only streams with a classification are allowed ? You will really throw the baby out with the bath water then.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021