Especially idiotic when you consider how common garden leave seems to be within IT these days, especially for people like SysAdmins, regardless of whether it's an acrimonious split or not.
128 posts • joined 8 Mar 2007
Re: Good idea, but that still allows the troll to start the procedure
"Because the only entities harmed by patent abuse are the ones selling product. You don't sell product, you are not harmed if someone else is doing the selling."
So you genuinely invent something that's worth millions and get a patent on it, but without massive investment or infrastructure you can't simply manufacture and sell it independantly. You then approach a large corp that it would fit well with, and offer to sell / licence your invention to them since they've got related products, capital, facilities etc. They use your patent info to build it themselves and pay you nothing...
By your logic you couldn't sue large corp since you don't produce anything and currently make no money with your invention.
Issues in Devon
It's been down most of this morning, though a colleague has seen his phone reconnect and then drop off again for data so may not be 100% dead. Having to rely on wifi like some kind of savage... this must be what it's like to be one of those people on the lessor networks, where poor comms is the norm!
Re: OK, but is this really relevant?
Boothy beat me to it, but yeah, the text of the KB gives zero indication of what it does. The only reason I knew anything about it was thanks to someone helpfully mentioned it on the TechNet forums (not an MS employee / contractor / etc), who'd obviously gone through the updates one at a time until he got the prompt.
Business continuity isn't just tech orientated
@Pascal Monett - That's why you plan for that kind of scenario in advance in your documented plan. For instance you could have it in writing that in the event of a disaster, select staff WILL get expenses repaid (no questions asked within reason) where used to get things operational again. Or perhaps ensuring ahead of time that there are staff who have access to a company credit card (other than Directors in case they're not immediately available) or have limited purchasing authority.
IMHO the biggest issue with DR is that done properly it has to be business led, but business tends to think of it as an IT only issue. Given enough budget we in IT can effectively get a customers system running 24/7 with zero downtime, but if a days downtime doesn't massively impact the business there's little sense spending thousands to protect against rare events. It's the business that needs to decide what the maximum allowable downtime is, and determine the financial implications of any downtime that does occur, for instance in £s per hour. Only then can be plan and budget a solution that's appropriate to the requirements and perhaps most importantly, the justifiable costs.
Disabling security to allow security tests
I always love the requests from PCI testers to whitelist their IP ranges so they can do their security tests. Amusingly they never seem to get the irony of asking us to effectively disable our clients security mechanisms to allow the PCI tester to check the security is good enough. Especially annoying when the client in question has nothing PCI related on their server or machines (payment terminal talking direct to the bank, and online payments handled via 3rd party processor), yet they still have to be tested.
Re: This was news back in 1996
Perhaps this has lapsed into the realm of "well duh, everyone knows this, if you don't then what are you even doing here" and become something they don't even both to teach any more. Thiebauld may currently be coming to the embarrasing realisation that he's effectively announced that water is wet! :-)
"Weksteen, a Securus Global hacker, thinks they offer clues about where system administrators store sensitive assets because the mention of a directory in a robots.txt file screams out that the owner has something they want to hide."
Change "system administrators" to "developers" or "Wanabies" then perhaps you have a point. A SysAdmin by definition has access to the entire system, so has no need to store sensitive stuff within the web root! Your normal peon that's limited to an FTP login however doesn't have a choice. Us SysAdmins get enough crap already without people trying to blame us for dev faults.
Well that would certainly explain some of the weirder questions and replies I've seen on Technet, including some from MSFT CSG posters! All this time I assumed they were morons, but perhaps they were C&C bots! :-)
Some interesting points but I find it somewhat insulting and condescending that you (and to be fair others as well) refer to it as a move UP, as if by narrowing your field of expertise to a single area (at the expense of all others) that it somehow makes you better and more important. Granted, in the long run specialists may tend to have greater potential for earning more than generalists, but I'd suggest that's more about that individual focusing on becoming the best in that field, than their speciality simply conferring that on them.
Let's stick with calling it what it really is, a move across. I imagine there are plenty of us generalists that would consider your description of workplace politics, paperwork, red tape and loss of autonomy as a move DOWN!
Hanging out with the wrong people!
"People often romanticise legacy IT. Sys Admins fondly look at that old Compaq Netware server"
What kind of Sys Admins have you been hanging out with? I don't know a single one who looks fondly on old legacy kit, they / I might accept that time / financial / logistical constraints may prevent everything bring brought up to date as quickly as we might like, but in an ideal world where money / time / resources were no object I think we'd all prefer to be working with and maintaining up to date systems.
Z30's a superb phone
Have to agree, it's a superb phone. I've had mine for about a year, and before that had an XDA Exec, Nokia E90 and Nokia E7, so I was used to having a physical and large keyboard. The Z30's virtual keyboard beats them all hands down (which really surprised me), and I found I can type faster and more accurately on it than I could on any of the others. The way the phone learns and adapts the keyboard (or specifically where on each key it's most sensitive) as it learns your typing style is superb, but equally I think one of its weaknesses, since anyone picking it up for a play doesn't immediately experience it at its best.
The only niggles I've found with it are 1) on the lock screen preview, if you have multiple mailboxes configured (eg home and work), it will always display both. In all other views you can customise it, so for instance my hub only shows home email, and if I CHOOSE to I can open my work email. 2) I wish they'd get with the 21st century and let me COMPLETELY disable the download restriction for installing Blackberry updates. You can allow some app updates to crack on and download, but blackberry updates refuse if you're doing it over a mobile data signal. I've got unlimited data, so having to connect to a wireless connection just to install updates is frustrating.
Re: Shoddy reporting or just trying to glam up something not that interesting?
Actually to be fair, I since spent time last night trying to find any article with links to definitive facts, and none of the papers or sites I found did. Everyone seems to be quoting everyone else, some link to the BBFC guidance document, but that doesn't mention that list of banned things either. The closest I found was a blog article from a lawyer, and even then he's writing based on facts told to him by someone else, who in turn was told them in a meeting regarding the rule changes!
Shoddy reporting or just trying to glam up something not that interesting?
I'm sorry Reg, have all the proper reporters left for Christmas already? Unless you can provide an actual link to back up what you're saying I'd have to say the entire article is utter rubbish.
"The new regulations from the British Board of Film Classification"
They're not regs from the BBFC, they're government legislation enacted by the Minister of State (as the link clearly shows) which as far as I can see simply use the BBFC's existing certifications.
IANAL, but from my reading the only thing that's changed is that "On-demand programme services" are now legally held to the same standards as DVD's (which I thought most voluntarily did anyway), and where content is already R18 rated or would be R18 rated (so only available in sex shops) it can still be shown but only if mechanisms are in place to ensure viewers are not under 18.
Presumably with the lack of a link to anything specific from the BBFC the rest of the article is simply BBFC's current stance on what can't even be sold in sex shops, and nothing of substance has actually changed from their point of view.
A rod for their own backs
"However, this company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists."
To my mind the issue (aside from jurisdictional issues) is that they're now complaining about behaviour that the Government created. Unless things have change, my understanding is that so long as these companies DON'T actively monitor what's being done on their services then they're safe from responsibility, just as long as they act when notified of an issue. If on the other hand they do ANY monitoring and for instance censor certain posts, then they lose that protection and are deemed responsible for what's written on their systems.
With rules like that (which the government put in place) why would any provider act any differently? There's zero incentive for them to do a little proactive monitoring or censoring etc. There's no legal mechanism for taking a best effort approach and being let off if you miss something (which realistically is bound to happen regardless of how hard they tried). Far easier in terms of both cost and legal liability to do nothing at all.
Re: stupid (calculator size) chip and pin devices for every purchase
"stupid how? Because it actually manages to provide a little security?"
They're fine if you only ever doing online ordering at home, but it gets annoying when you've got the availability of internet connections at work and on the move, but you can't place an order because the damn fob is on your desk at home. I wouldn't mind as much if they let you have more than one of them, either the fobs or the little card readers, at least then you could keep one at home and one at work (or other second location of choice) but last I heard none of the banks will let you.
Re: Start with the basics
"Is this the same "verified by visa" that limits you to a ten character password that won't let you use special characters"
That's the one, though I thought it was an eight character limit. When I had to setup my mastercard one I came up with a completely random 20+ password that was fine, I couldn't believe it sometime later when I had to create my Visa one, when I tried to doing the same (different password obviously) and got an error telling it was too many characters!
Impetus to check
You also have to wonder if any of those reporters or analysts trade in those stocks themselves (or know those who do). There are laws about giving bogus information in order to make a profit, but if you've been "fooled" by information given by someone else due to not bothering to check the facts then how would anyone prove it. Even if you suspected it might not be legit, I imagine there must be a temptation to publish anyway, make some cash (either directly or indirectly via friends), and then say "woops, can't believe I fell for that!" afterwards.
"Of course, if all websites employed secure HTTP and Extended Validation Certificates this would be rather more difficult."
That only helps if EVERY website adopts that, and realistically that's not going to happen. Even having HTTPS won't help, I could go and register thereal-theregister.co.uk today under my name and get a valid SSL certificate for that and then setup a dummy thereg site on it. You'd get a legit looking site running under SSL, you'd only know there was an issue if you dug deeper. On the face of it in terms of the browser saying it's legit, SSL only helps confirm you're on the website you're attempting to visit, it doesn't confirm you've gone to the wrong address.
Re: "Moffatt has set the precedent for Timelords switching gender"
Indeed, the Doctor has already said that The Corsair regenerated as both men and women, so while the Doctor hasn't yet it doesn't mean he can't. Same as how he hasn't yet regenerated as ginger.
"The mark of The Corsair. Fantastic bloke. He had that snake as a tattoo in every regeneration. Didn't feel like himself unless he had that tattoo. Or herself a couple of times. Oo hoo! She was a bad girl!"
Quality over quantity
"Some would argue, however, that Blackberry is in fact very much in need of fixing"
If fixing means making it more like the iPhone then god no it doesn't need fixing. The great unwashed can have their iPhones, those of us in know will stick with our BB's that provide actual work related functionality!
It's good to see they're bringing out new keyboard versions, since 1) there are plenty of people who still want a physical keyboard on a smartphone, and 2) it's something no one else seems to be doing, but I hope they don't go completely down that road. I love my z30, it's my first entirely touch phone (following on from a Nokia e7 and before that a Nokia e90), and now I'm used to it and the intelligent keyboard has learnt my typing style I actually find the touch keyboard faster to use than the qwerty keyboards on either of my Nokia phones.
Better to beg forgiveness than ask permission
While I'm not sure I agree with what they did, the way they did it seems ideal for both the FBI and the Seattle Times.
As much as they might complain about damaging trust, what WOULD have damaged trust in the Seattle Times would have been if the FBI had asked them for permission and they'd said yes. As it is the FBI gets their arrest, and the paper gets to complain publically about it, distancing themselves from the story and highlighting how they're not in law enforcements pockets. It's a win win for both sides, even if they're unlikely to admit it publically.
"There's a new hotkey that allows you to move apps easily between monitors by pressing Win+Shift and the left or right arrow key."
Sorry, are you saying that they didn't include that key combination which has been part of Windows since Windows 7 (possibly Vista) in the previous build, or that you weren't aware of it until now? It's definitely not "new". See also Win+Shift+Up, Win+Up, Win+Down, Win+Left and Win+Right (though the last two may only be since Windows 8).
"Because this diminish the graviy of those vulnerabilities? And still shouldn't open source code have been reviewed by thousand of eyes to spot those vuilnerabilities earlier? Shouldn't have open source code "more secure" because of that? Of course this is closed source, thereby no one peer reviewed it, right?"
That's a fair point, after all those thousand eyes helped with OpenSSL / Heartbleed! :-)
Re: The Hype is Strong in This One
Quite. I saw the title and started thinking "bugger, have to patch servers", then saw references to OLE and suspected where this was going, and finally got to the PowerPoint bit and realised "oh, fuss over nothing then, patches needed for clients, but funnily enough the servers don't run PowerPoint!".
My one real complaint about this... why link to a wikipedia article explaining Shai-Hulud and not link to the CVE article!
Getting my hopes up!
Damn it Reg for getting my hopes up, I thought we might finally see the end of that POS app which hasn't been the same since it stopped being Veritas, and Symantec absorbed it into the borg.
Re: NFC woes to come
"The optimal solution for bank / retailer would be they continued to issue proximity payment cards and if Visa / Mastercard released a payment app for a phone that the card could be registered with. The finger to pie ratio stays the same as does the transaction charge."
I think that's kind of the point. It's only being released in the US where as I understand it they don't have proximity payment currently. Here in the UK it'd be yet another system, but in the US there's currently no competition. The differences between card security and mobile NFC security aside (since normal users won't know or care) I assume there must be a reason for the lack of US rollout, perhaps due to more diversity in banks etc across states making it harder to have a single system nationwide (like the old Baby Bell issue with mobile networks). If that's the case then I can imagine banks being tempted to back something like this rather than have to find a way to do it themselves nationally.
Re: Out the b*****ds
"Go right up to that sales booth and tell them.
"I would have been interested in your product but one of your sales men was a total ass, so I won't be buying from you ever again"
Word WILL get around the company in question, even if its not in official channels, the talk over the water cooler will cause embarrassment."
Stories like this make me ashamed of my gender at times, and it's not just IT world, I've heard similar (and worse) tales from female friends who're seriously into the sci-fi / cosplay world, with the minority (I hope) seriously letting the side down.
Reporting the bad behaviour to the relevant companies, especially when they're on hand at the conference, sounds like the best option. Far better than simply ignoring their stand, which does nothing to make the company aware of what their staff are doing or give them a chance to resolve the issue.
Sounds like they're simply getting management into the same level of responsibility as accountants! A friend of mine's training to be an accountant, and as I understand it from him they don't even have a defence of "I didn't know" in some circumstances. Eg, if based on the information they had access to + their level of knowledge (whether they're chartered or just a book keeper) they SHOULD have known and suspected that something dodgy was happening then it's assumed that they DID know. So I guess it sucks if you're an incompetent accountant, and now an incompetent manager!
"I couldn't believe it untill I checked one evening after working late. The regular change policy didn't last, probably because IT staff got tired of people moaning that they had lost their post-it. Mind you, I checked again later and a lot of the post-its were still there."
That's not just with regular changes, I've seen that with users when they only get changed once a year. My solution (after telling them that wallets were fine, just NOT under the keyboard), go round at night, remove the post-its, and reset the password to something longer. Wait a few days and repeat. People eventually got the idea.
Sounds like bullshit stats to me
So only 15k of the 550k servers have changed their private keys, and on that basis it's assumed the remaining servers are vulnerable!?!
As others have mentioned, many of those companies are likely running older Linux OS versions, which will be using pre-v1.0.0 OpenSSL which wasn't vulnerable. On top of that, of the top 1000 FTSE companies something like 35% to 45% of them are running IIS on their web servers, so no OpenSSL and again no vulnerability. So loads of those 97% of companies won't have changed their keys because they didn't need to in the first place!
Re: Point of Issue
I suspect the reality is that the "insecurity" of C has less to do with the language itself, and more to do with the underlying application code being written 10/15/20 years ago and not being looked at since. Even the best programmer back then couldn't be expected to foresee every security eventuality, and would have no knowledge of much of what is now considered best practice.
This kind of thing is always the risk you take when you focus on simply adding bits to existing applications and making it look pretty, rather than starting from scratch and writing the entire thing based on current best practice from the ground up. You might not be able to polish a turd, but some companies really will try! :-)
Re: Not sure about this
While the mass media may word it that way, I think from a scientific point of view the point is in identifying those planets that definitely CAN support life rather than excluding others.
If you assume that there may be many forms of life, and they may be capable of surviving on any planet in any solar system, then suddenly any planet is a likely candidate. If that's the case where do you focus your attention? It's far simpler to focus on what we know for sure, and base the search on conditions that make life possible here (and which as far as we know preclude it on Venus or Mars). Besides, in searching for planets with Earth like conditions they're not only looking for planets which may already have life, but also planets which could support us were we one day able to reach them.
Long winded search
"On a non-Update 1 system, searching meant you had to swipe your finger in from the right edge of the screen to start the process, or hover your mouse over the lower-right hand corner of the screen and then move the cursor up to the Search box to type in your query."
Yeah, or you could just press Start on your keyboard and immediately start typing what you're searching for! Why faff around hovering over things with your mouse etc, especially on a system with a keyboard?
I'll admit it's nice to have an actual search box on the Start screen, but purely because the idea of just typing without putting the cursor somewhere does blow some users minds.
"What's not so fine is trying to train up a generation of coders who will lead the march into a glorious British capitalist future of economic innovation. That's moronic, because the real problems with innovation and business in the UK are social and political, and creating a generation of kids who know Python won't even come close to solving them."
Well said. That's my biggest issue with the policy, not that they want to give kids a taste of what programming is about, but that their aim seems to be to produce an army of coders who'll keep the UK ahead. Aside from not being the most effective way to teach things like logic, or that if a child does take an interest the teacher will be unlikely to have the skills to help them progress, I find it somewhat insulting that they assume that programming is the only area in computing that anyone should care about. Are they going to follow it up with a year of networking, a year of sysadmin'ing, a year of DBAing etc?
Probably scared of competing with Lenovo servers
To my mind it can only be a good thing. IMHO Lenovo desktop / laptop kit these days is far better than the HP equivalent, so I can only hope Lenovo entering the server space will improve things in that arena as well!
Re: Poor sod...
Though you can guarantee he'll be getting the piss taken out of him over it by the other sysadmins for years to come (in a light hearted way of course). My major screw up was about 10 years ago and it still comes up occasionally, and we still mention a friend of mines best screw up now and again some 15 years later.
Re: Jheez, poor bastard. :\
Definitely true! Only after experiencing that sinking feeling where it feels like the bottom has just dropped out of your world, and then having to tell your boss what you've done, only then can you truly appreciate axioms like "don't assume, check" and "hope for the best but plan for the worst". Until then they're just words that are impossible to put into proper context.
"Updates for free ? Maybe not. But I certainly do not think that Microsoft has the right to arbitrarily decide to no longer support a product that millions of customers are still using."
Hardly arbitrary, MS have documented their life cycle policy for years, and in the case of XP they've already extended it far beyond when support should have ended.
It's interesting that people only seem to get worked up over MS stopping support for one of their products, but no one seems to put it into context. They're no different than other OS suppliers. Apple stopped support for OSX 10.6 (Snow Leopard) last year (original release date 2009). RHEL 4 stopped being supported two years ago after only 5 years. Debian 5 after only 3 years.
Re: my tuppence worth
"Server versions can go up to 64GB."
Though that's only if you're running Enterprise or Datacenter editions, otherwise you're limited to 4GB on 32-bit standard.
Re: That is what you get for using Windows
If it's old you might be fine. From what I can see the issue only affects the newer versions of openssl, older versions like 0.9.8 and below don't have the vulnerability, so some older kit will likely be fine. For instance Watchguard report some of their older firewalls are unaffected, and I believe CentOS 5.x is also fine as it doesn't support OpenSSL newer than 0.9.8, unlike any of the CentOS 6.x versions which have the newer one and therefore need looking at.
Why would anyone want a new box running 2008?!? It sucks, it's the vista of the server world! Only reason for using 2008 rtm is if you need 32-bit windows but since that's not an option in r2 I don't see why you wouldn't want 2012 which is a far better os imho. Perhaps avoid 2012 r2 if you're scared of being up to date, but personally I think it's the best windows server os yet.
To my mind this definitely smacks of headline grabbing rather than an attempt to protect children.
Having told us that the network level filters are necessary and will solve everything, now they're saying that they need additional protections.
If they really want to protect children then I'd have thought the obvious place for them to look first is at helping to make the network level filters and home based filters more accurate. Rather than dumping costly requirements on anyone hosting a site featuring adult content, surely the simpler method would be to come up with a universal way to identify those sites. For instance agree on a collection of tags, for instance Adult, Porn, NSFW etc, which could simply be added to the meta data of any adult oriented websites. The filters can then easily look for those tags and immediately restrict access to those people who don't want that material visible.
You'd obviously make it clear that should sites fail to implement those simple fixes then more stringent legal action may follow, but start with the carrot and move to the stick only when required.
"I've been one of those some of us for 20 years. The point I'm making is that previously you had to use a mishmash of whatever the heck worked to get things done, VBScript, Perl, Batch and in my case the UnxUtils Win32 ports to give me stuff like sed, awk, grep, wget, etc when Perl wasn't allowable or practical."
Oh yes, been there, done that. Batch scripts basically acting as a wrapper to call vbs scripts and Win32 ports of Unix commands. Those Win32 port files are quite possibly the most used utils I've ever found. It's so much nicer now finally having a uniform language that can do all that (I know you probably could in VBScript, but I never really got my head into it), without having to worry whether I've already copied those scripts to a server. Being able to include much better help and error trapping is a benefit as well of course, using something designed for SysAdmins rather than programmers.
Re: I'm glad people believe sysadmin skills are becoming extinct
"Those are people who live in the Microsoft bubble where people believe they don't need to be able to program, and that somehow it is normal that e-mail is something complex."
To be fair, I imagine there are people like that on both sides of the OS divide, with people considering themselves "Linux admins" because they admin a cPanel install on a Linux box, yet have no idea how to do anything at a bash prompt.
Re: "13 years. 13 years. 13 years is far too long to expect support."
"So we're really not talking about systems as old as 13 years, we're talking about machines that could be less than 5. And some businesses with volume licenses may well have still been building XP systems more recently than this."
In a business environment perhaps, but in the home it's quite possible. Until this Christmas my parents were still using their 10 year old XP machine, and it's these types of people I think MS are targeting. In my parents case I got so fed up with having to support XP legacy that I bought them a new Windows 8 box instead. Bit of a learning curve for them admittedly, but after showing them how it works I think they've got the hang of it now.
Re: Mass e-mail != Spam
I suspect there's two elements to the problem. 1) users have been told for ages not to click unsubscribe links in emails since it identifies them as being real people. 2) webmail sites like Gmail make it very easy to mark unwanted messages as spam without having to provide any justification, so users get in the habit of hitting the spam link since it's easier than doing it properly, without understanding the ramifications of what they're doing.
Re: To be fair ...
Always nice to read comments and articles from people who've clearly never seen the thing they're writing about!
"The problem is in the helper applications. Adobe's PDF Reader is a particular culprit. There is no way that viewing any kind of document should EVER allow any executable code to run without further explicit confirmation from the user. We are far too lenient about applications that allow remote execution exploits."
Except it's not an actual PDF attachment, it (at least with the variant I've seen in the wild) is an executable, with its icon set to be the standard PDF document icon and a file extension of .pdf.exe, so on machines with the default "hide extension of known file types" option enabled it looks like a pdf file. The example I saw even displayed as having come from another member of staff (a valid address) rather than some government agency.
Surprised there's been no mention in the articles about this of how it also attacks mapped drives, so it's not just the local system at risk. The client that got this had not just that users machine infected, but also every file that could be accessed via his mapped drives. Fortunately we had backups of the server data, but the client machine's data was less fortunate. Served as a valuable explanation of why we kept telling them to store their data on the server!
Not just Newquay
It's not just Newquay, I believe most places in Exeter don't accept them either any more. Certainly a few years ago when I had some young friends at the Uni they confirmed that some or all pubs wouldn't accept NUS cards or even PASS cards as proof of age, so many of them had to permanently go around with their passport when on a night out.
Does seem a crappy way of going about things but I guess it depends on whether he now goes into discussions with people about granting access. Much easier to start from a position of "I don't have to be here, I'm legally entitled to just deny access, now let's haggle." than one where the others may or may not have rights.