Posts by Trixr

Re: Can't they just drop the GUI and boot to powershell

Give me 50000x Powershell over VB scripting. Never got to grips with that, Powershell actually makes sense.

Yes, the command syntax is clunky, but it's reasonably consistent. It's a scripting, not programming language - if you want do your programming, fine, do one of the languages that sits on top of .Net.

For me, having had Perl scripting experience back in the day, I found it pretty simple transferring most of that to PS. Now you may commence hosing me about Perl.

I totally agree, I would have cursed at myself as well!

First IT job, first job in the UK, first job in a law firm, first time handling such a large, expensive piece of kit - I was the absolute definition of a PFY.

In my slight defence, if the desktop build guys had been around, I would have scarpered downstairs and asked for assistance. At the very worst, it's possible we could have scavenged a VGA connector off another monitor and replaced it.Thinking back now, I should have tipped them the nod on Monday morning, but things you do when you're young, foolish and guilty...

Re: Sounds Like...

Honestly, chapeau. That's the best ever El Reg riposte and I have seen a few...

Re: Happened in the Exchange team

Unless it was 20 years ago, no excuse now for setting up an Exchange list with more than a few people in it and not locking down who can send to it. Especially if it's a dynamic distribution list.

Re: re: My-Handle

That is literaly how I got into IT.

I was a *copy editor*, then correcting SGML markup, then within a year, I'm running NT domains in a different country and getting to grips with token ring and IBM connectors.

Re: FTP?

Internal network management group who refuse to open an SSL port so we can upload some stinking files from internal windows host to a perimeter web server?

Just a random example that sprung to mind.

Re: Laptops?

this is why I have a hollow wedge-shaped laptop rest that has a grille on top for air flow, while the bottom of the wedge is solid with a neoprene backing for lap comfort. Back of the wedge is a few cm high, so it has the benefit of making a level surface for typing as well.

here's an experiment for you - stick a Windows VM (nothing installed beyond the OS and a decent Administrator password) on an internet-exposed network. Add a firewall rule that blocks everything except a whitelist of your control IP and the well-known address IP blocks for the Russian Federation - a list is here: https://lite.ip2location.com/russian-federation-ip-address-ranges. That whitelist should have an ALLOW ALL rule (all ports).

Make sure the machine is logging all connection attempts in the firewall logs. Have something running elsewhere that regularly scrapes/uploads that log (e.g. at 5 min intervals) so you can ensure that's not interfered with.

Then see how long it takes: a) for the machine to receive inbound network connections beyond ping, DNS, and if you're generous, http(s); b) until the machine is compromised and is running all kinds of interesting things. With any luck, you'll get a good selection of ripped TV shows/movies/music showing up in the file system.

Of course the more sophisticated hackers/malware purveyors will be running their stuff from some CDN and not the main RU IP blocks anyway. But if you can run it for a week without anything you didn't put there showing up or your still having control of the machine, I'll be genuinely surprised. I'd be willing to bet Linux wouldn't last either.

Yep, Perl has Net::DNS. Allow your admin workstation IPs do dynamic DNS registrations in bind, then use Net::DNS::Update to do 99% of what you need. Which is typically just adding or deleting the same old handful of RR types.

Since you're sending/receiving actual DNS packets on the protocol layer, you don't get syntax problems in your hosts file - a "bad" record simply won't get committed. If it's successful, you get a reply packet you can (should) check for. The zone gets incremented etc just like any other dynamic DNS registration.

Obviously you can write script wrappers to do your typical things, like do a bit of syntax-checking of the input. Or create a PTR every time you create an A record in [zone], as long as a PTR doesn't already exist. Or, if there is a PTR, display what's there, prompt for a change, etc etc. If you have a split-brain zone or multiple name servers, a script can update them all at the same time.

The rest of Net::DNS will do general DNS stuff like various RR queries (with a baked-in method of sorting multiple results if you choose, sensibly according to RR type or a custom sort), zone increment, zone transfer, and so on.

Saved my bacon from the late 90s up until less than a decade ago, when I stopped working with bind, across multiple orgs and countries. I think I directly edited a zone file less than half a dozen times (after configuring the environment so I could use my scripts) during that time.

One place in particular could take days to turn around DNS updates (very complex environment) and had errors on at least a monthly basis - with decent scripts, all those problems went away. Certainly no more "fat finger" incidents corrupting the zone files.

Incorrect records being added/deleted, well, you can't entirely fix the GIGO problem - but throwing errors if some idiot tried to enter an IP for an invalid range was certainly helpful.

Re: Australia's Encryption-Busting Law

That's not it. I don't know of anyone who's using some govt backdoor encryption - we're using vendor/industry-standard stuff.

The exploits have nothing to do with TLS either. They're getting in via unpatched SharePoint, IIS etc, and spearphishing

Re: I remember things differently ...

A plane crash over land is classified as "collision with terrain".

Re: Teams is a flaming pile of

All agreed. I actually like Teams better than Skype slightly, because I never liked Skype that much, but all those complaints you have are the same as mine.

Other than the window chrome being in line with the more "modern" apps (whatever you call them), but I wish they'd settle down on that front as well

Re: JOINT Remote Control Leverage of Microsoft Kernel Assets.

Dear downvoters, please click on the profile link for the OP and enjoy the wonders that await you.

Re: Choice

If "everything in *nix is a file*, I don't know how you can say it's "pretty much useless". I can think of plenty of ways to operate a mail/dns/web server using PS as it is on Linux.

But honestly, don't use it if you're a pure *nix admin. It's fine, no use for you? Don't use it. If anyone builds a distro that has it baked in, don't use that distro. It's not hard.

Same re PVE vs PVP. I simply don't have the time to spend to skill up on being any good at PVP, unlike dudebros who can spend 10+ hrs a day just playing games. I have that problem with multiplayer in general, to be honest.

Also, for a game that is about "realism" and survival, sitting in a nest all day long and sniping everything in sight is unrealistic, unless you're a sociopath. There's no way people will survive that kind of scenario without teaming up and not shooting possible allies/trading partners on sight. I'd think more of this kind of PVP if there were debuffs for killing players who have showed no threat to you. (Maybe this game has that kind of system - this article is the first I've heard of the game.)

Re: Hybrid children watch the sea

Ah, the days when you could count your server fleet on your digits

Re: Get rid of the commercial middlemen

Well, if you're already signed up to Azure, your IT is already owned by corporate middlemen.

For private stuff, sure, if there's a viable alternative, use that. But that's not what this article is about - it's about hybrid AD-Azure environments.

1. I think you missed the word *require* in that statement, which is borne out in the original "request".

2. The request also specifies "men" and "women", and some people don't feel they're either.

(TBF, if I was NB, I'd be fine with that and just rock up in whatever. "Sorry, boss, the memo just specified boys and girls".)

3. If you're a woman, apparently you have to wear a skirt. A short one. I don't even OWN a skirt and haven't for, oh, 40 years.

Re your statements specifically:

4. Women are nerds too, but apparently not in your taxonomy. I'm not sure what us nerds who aren't red-blooded men actually are, please explain. (Actually, please don't.)

5. Also, are gay men "red-blooded men"? I'm sure pretty much all of them are, actually. Or perhaps they all have anemia from looking at insufficient numbers of sexy women. Perhaps someone should reveal this scientific insight to the world.

7. I don't look at my colleagues as sexy anythings (unless we are actually in a relationship outside of work), but maybe "sexy women" don't count as colleagues?

8. I'm sure I won't qualify as a "sexy" woman on your scale, but if I did for any of my colleagues, if they didn't leave off the staring very frigging fast, well, they wouldn't be feeling very red-blooded "male" either for a while after that. Since, you know, I'd be there for the event, not someone's leering eye candy. (Since we've already determined women aren't nerds, I wouldn't be worried about any leering from them.)

9. Finally, I like looking at sexy women too. (Not at work events.) So am I a "red-blooded male" after all and allowed to wear trousers?

Re: what were they doing holding stuff like DoB & NI number?

Except you pay even more for the credit card currency conversion. You may not be visiting a country with ATMs that take your card. I do mightly resent having to present ID to buy cash though.

Re: "but could for example, also be done through ads on a trusted website"

That's exactly the reason. It's even - gasp! - irony. Like "they couldn't care less" so much that they couldn't be bothered with the "-n't".

People criticising slang idioms in different versions of English is tedious in the extreme. FWIW, Americans use both, and there are plenty of Americans who also criticise the "could care less" version among their own. Again, slang, who cares?

If you see it in formal writing, sure, get up on your hind legs then (but make sure it's not a perfectly acceptable variation in their English first).

Re: What was this problem again?

Well, what link are you more likely to click on? An SMS coming from "RandomMalwareSource" or one from "TikTok" purporting to invite you to "look at this cool clip shared by Madison"

Re: Asimov was a letcher

I'm far from puritan, but some dude grabbing my arse would find his balls up around my ears. And it was the case back then too, actually, except that women were mostly expected to put up with it, or get hubby to defend his property.

At best, you hear most women of that era say "you put up with it". It's a vanishingly small number who enjoyed it. And even then, what you enjoy from someone you actually find attractive vs someone you don't can be quite different.

As for reputation, maybe he had that reputation among men in his social circle, and the women he targeted, but it's really unlikely that women in general would have been in on the loop unless they were very close to it. Your random female fan in those relatively sheltered days would probably not be expecting the famous author Dr Asimov to be playing grab-arse with them.

Re: DNS and PFYs

I was a PFY at one place and found that the grizzled old walrus-moustached network guys were editing BIND zone files manually on multiple servers in a very complex environment with multiple zones combined with an AD environment, and a split namespace for internal and external-facing hosts.

There were a LOT of typos and errors due to the manual process - forgetting to increment the zone file serial number, forgetting a reverse entry for new host records, forgetting to restart bind after a change, never running named-checkzone and introducting syntax errors, etc etc, some of which affected the AD domain that was using BIND as its forwarders.

In my previous job, I'd created a suite of Perl scripts to manage named/bind, and passed these on in the new job after one too many screw-ups. The heavy lifting was done by configuring Bind to allow dynamic updates to the zones from specified hosts/admin workstations, and then mostly using Net::DNS::Update to add standard record types in an easy interface. Under the hood, the "add-rr" script would send any updates to all the required zone masters and create PTRs (for A records) etc without manual intervention. Other scripts did some basic maintenance tasks by typing a couple of words.

Obviously the scripts were throughly vetted and kept simple and crystal clear as to their function. Lots of comments to indicate where to add details for new name servers etc in the event of any infrastructure changes. Since 90% of the job was adding A, PTR and CNAMEs (and other basic RRs like SRVs and MXes from time to time), the scripts stopped nearly all the "fat-finger" incidents - all that had been really needed was to ensure consistency.

Cut to last year, when I heard from a former colleague that these scripts - customised for the environment in 2005 - are still in use today, through multiple name server refreshes. Very flattering.

Re: And this, dear friends...

Eh, I haven't played a game in the last decade on PC that wasn't perfectly playable out of the box in decent quality. What I generally *prefer* to do is tweak the settings up from their defaults. Such as, for some reason, FarCry 5 starting up in 1600×900 and everything on "medium"

Re: Get over your Filesystem operating systems

so if you created your OS structure like LDAP (including its API), you satisfy exactly that kind of "richer abstraction". Your heirarchy, a well-defined location for everything, and, with the objects and their classes, various attributes that define the methods used for accessing them.

LDAP isn't a file system, obviously, it's a protocol. I can certainly imagine a low level OS protocol that acts as the "directory" for all the other OS protocols. I mean, they specifically reference EHCI for USB devices.

And for everyone bleating on that they're saying this OS will be "fileless", I don't know where they're getting that from. It wasn't implied. It said that file system methods would not be used to access system resources unless they are of type "file".

Re: Habitual glasses wearer

Not to be *that* person, but this is the wording in the piece:

" The wearing of glasses (or indeed hats, false moustaches or Ziggy Stardust makeup) in passport photos is forbidden and so the recognition systems struggle if you fail to remove them during checks."

So, as written, it's not correct.

But yes, of course, if you have your pic taken with or without glasses and then present yourself to the scanners in the opposite state, they will struggle.

(I've just realised I've rececent got myself very different frames to the specs I was wearing in my last passport photos, and now I'm kicking myself)

Re: Have I met "Verity"?

Bollocks. "Well-known" by whom? I've been reading her column since (off-and-on) Dr Dobbs days.

If you think people make purchasing choices solely on price/fitness for purpose, you should become an economist, because that is precisely the kool-aid they like to drink.

Yes, for many of us, those criteria are indeed the most important.

For others, it's only price, or only features (you will pay whatever it takes), or the logo on it, or because some vacuous celeb endorsed it, or your football team gets their kit off them, or it was the last ad you saw on TV....

Refusing to buy goods on ethical grounds has been around since boycotts and picket lines were invented, so let's not pretend it's anything new.

Yes, as a queer person, I would rather do without than pay money to COMPANIES who use their profits to contribute to organisations or political campaigns that "don't believe" in my equal rights. For the individuals who work at those companies, I don't care what they do with their money, although some people are so loathsome I don't particularly want to contribute to their personal income either (Larry*cough*Ellison).

For some goods/services, there may literally be no alternative, although I can't see that happening very often. So infrequently, actually, that your false dichotomy was instantly eye-roll-inducing.

If there aren't any ethical criteria you care about, fine, buy what the hell you like. If you choose to publicise what you buy and if it is indeed distasteful - toothpicks made from Amazonian rainforest timber or whatever - then sure, be prepared to be criticised for it. But if you legitmately don't care what "snowflakes" think of your purchasing choices, why would such criticism bother you?

But let's not pretend that any of us are public figures - if I knew you personally, I might well judge you, but again, so what? The judgements would be flowing both ways in that instance and would have zero impact on your life.

And yes, the judgements do flow both ways. We've just had a sports star bleating on about how the massive fires in Australia are the "fault" of us dirty queers. That's been going on a lot longer than a bit of wondering about why people choose to fund organisations that actively disparage whole sectors of the population.