Posts by Alan W. Rateliff, II 879 publicly visible posts • joined 21 Nov 2007
I shudder to think how this will affect environments with WSUS for the purpose of limiting specific patches to specific machines. The assumption is that all patches are good (except for the recent ones which break Intel Bluetooth and opening certain types of web-exported files in Excel.)
Over-all, though, I agree that in small steps Microsoft is making it more difficult to manage and support our own machines. If we would all just give in to the cloud!!
If an accelerometer can pick up vibrations from typing, I suspect that in some conditions it could pick up vibrations from a hard drive, fan, etc. Sound and vibrations are funny things; indeed, yelling at an array of hard drives is enough to interfere with operations.
That is interesting. Assuming none of the rest is urban legend, that the van could in some way perfectly identify the consumer of the stream, then that battery API in HTML5 could be the final nail in the coffin for this type of scenario as the server could determine if the machine is charging or not. Of course the assumption is that the unit is charging from mains and not from one of those portable charging sticks (I got me a 24,000mA brick... very handy.)
Two hundred comments, and I ain't going through them all to see if someone mentioned this. Submitted for your approval, and handful of Windows 7 machines which, for various reasons, need to remain on 7 past the free 10 upgrade period. It seems to me that if the offer was there at one time, the machine should qualify later (okay, I know that is not technically how it works, LTO, operators standing by, and all that.)
Makes me wonder if one could make a full system image (backup or third-party,) upgrade and activate 10. Then restore the Windows 7 image (why not revert from 10? Literally a litany of stories on why not out there.) Use the computer until such time as 7 is no longer a necessity then load the computer with Windows 10 media. Since the hardware is the same and activated with all the same identifying markers, should work, right?
My observation is not speaking for anyone any more than pointing out a car engine seizing is caused by a lack of oil is speaking for the engine or the car. If you were affected by this tragedy then you obviously can speak for yourself as to whether or not you find something offensive. If you make that offense known to someone then they can speak for you. But to automatically assume that something otherwise innocuous would be offensive to someone or cause them distress is, well, offensive.
"By contrast, El Reg did cheat. A clickbait headline suggesting a really interesting story, leading to this."
Right! Here I was on Hump Day expecting to read about wasps getting a good going over for having extraromantic rhompy-bhompy, and instead I get tarted up queens in a Little Miss child beauty pageant cage match in old Aztec-style (except that both contestants get bled-out afterward.)
Shame on you, 'Reg. I suppose soon we will start seeing Vulture Central coverage of underground wasp fighting.
"link to evidence, or it didn't happen. That is all."
Will this do to start?
https://stevengoddard.wordpress.com/tracking-us-temperature-fraud/
(He has since moved here: http://realclimatescience.com/ )
There are plenty more sources if you care to search on your own.
A Yank might at first take offense to these statements. Sadly, this is exactly to what we have been reduced by our political ruling class, given power by a citizenry which has largely willfully submitted itself to the omnipotence of the legislator, to be ruled by its inferiors.
We have lost our balls, or rather traded them away for a bunch of warm and fuzzy notions, replacing, as Thomas Sowell said, what worked with what sounded good.
Indeed. Make it known in Ukraine where he is, and here come Boris and Natasha to disappear his parasitic ass.
Again, assuming his asylum is legitimate.
Discussion with a number of people about this turns up concerns about the way summary judgement works in cases like this. On the one hand it is meant to help those who would otherwise be powerless, but on the other hand it is easy to abuse. Like many things, there is an assumption of good faith that the system will not be used in manners not intended.
I just have to say that if you have never filled your pants with terror, or some other matter, then you may just not be worth your salt. I know I have learned a couple of damn good lessons in moments of sheer terror followed by thoughts of what it might be like to live in Belize under an assumed name.
Taking an entire dial-up ISP off-line by a deny filter not understanding that once a deny is in place you damn well better have an explicit allow, then having to haul ass across town to fix the error via serial console. Orphaning a 48GB Exchange database during an Intel-to-AMD hardware upgrade because the logs were still stored on the system drive which is now wiped and reloaded loaded with a new SBS 2003 installation, and the subsequent weekend learning the magic of eseutil. Using tab completion on the target of a cat /dev/null > and missing the target, completely killing a customer portal website and the time in restoring from off-site tape.
I am certain I have a few other little ones not so serious which have taught the value of proof-reading, testing, and testing the tests, and how quickly one can spin up a replacement dust-box when really necessary.
I have said in the past if ever in a position to hire, I would never hire anyone who answers "no" the question of "have you ever crashed a server or lost critical data?" I want to know first how you react to a disaster (especially of your own creating,) secondly how you work under subsequent pressure, thirdly what you did to recover, fourthly what you did or now do to ensure that particular mistake or similar mistakes never happens again, and last but not least how you reported the incident.
Having more feeling of control is extremely important as I have found providing off-site IT services for numerous customers. Just the mere act of power-cycling a modem and firewall is often enough to not only reduce the calls but to make the customer feel like they are less dependent upon you.
I have heard in the past "I just didn't want to bother you" or some similar sentiment, but what is really being said is "I don't want to be forced to call you to free me from the shackles of technology every time some 'little' thing goes wrong." Some customers will feel that they are being held hostage, at the mercy of some outside contact with the keys to the kingdom, knowing it is a 80/20 gamble on if you answer right away or they may have to wait 10 or 15 minutes for a return phone call -- when a simple reboot would have been enough to resolve the issue.
Really. Something as simple as "reboot the computer" is not only empowering to the customer or user as having the ability to resolve many issues, it also lessens the frustration of having a critical call to return, or divert from another job, only to find the solution was as simple as rebooting. Now you have one customer or user waiting for you to return to them, and one customer or user who has had to wait for you.
Amazingly, a simple document with these lines is like gold:
"Problem: QuickBooks won't open
Error: QuickBooks cannot find the data file, or similar
Resolution: Check on Q: drive by clicking START then 'Computer.' If Q: drive is not present, restart the computer and try again. If Q: drive is present, please note if a red ' is present on the drive before proceeding, then double-click on the drive. If the Q: drive opens and you can see files, close the window and open QuickBooks, again.
If the error given is different than above, or any given step results in another error, please call xxxxxxxx."
Pictures help, too.
Of course, you will always have a user who just does not want to troubleshoot. Really, that is fine, too, as their job has other things on which to focus, and only a small percentage of those users makes life happier for all involved.
While customers like to know they can depend on you, most do not like being dependent upon you.
The difference between the chance of inhaling a dangerous mixture in e-cigarettes is far different than, say, obtaining a bad cut of illicit narcotic. In particular, one is a product of a formerly self-regulating free market while the other is a product in a completely unregulated, self or otherwise, "black" market.
Obviously I am not implying e-juice is the same as "Fatal Beauty," but this is exactly the FUD pushed by fervent supporters of pervasive and ubiquitous regulations.
In a properly self-regulating free market, that is one in which the consumer actively participates, a bad e-cigarette formulation will bring about a massive public out-cry against the manufacturers, producers, and likely the distributors as well. Is it less likely that a regulated free market will result in fewer instances or lessened chances of obtaining a dangerous substance? That is debatable considering the myriad recent instances of regulatory agencies not doing their jobs -- which I have to find amusing were it not so serious as a well-known axiom is how the bureaucracy is lazy and slothful, and yet so much trust is placed upon it to protect us.
Are these new regulations necessary? It seems to be yet another instance of the bureaucracy justifying its own existence and fulfilling a proclamation I once heard a city councilman make about, to paraphrase, how the council cannot permit certain businesses, which came about "organically" to fulfill a customer demand and need, to operate until mechanisms exist to regulate them.
Never had my stuff blown up by an insurgency, either. Even the most mind-blowing exception to my daily routine pales in comparison, so absolutely raising a glass to my brethren in these hell-holes: you are far better men than I.
Now, someone out there has this recording. I suspect this someone reads The Reg. I suspect even further this someone can accidentally leak this recording... for the benefit of the entire IT world.
Lastly, if anyone will double-check their accidental damage coverage and other property insurance I am certain you will find these all exclude damages and losses caused by civil uprising. While not a war zone, anyone caught up in riots or protests-run-amok will find anything damaged or destroyed is going to be out-of-pocket.
I have been considering the amount of Windows 10 connectivity to Microsoft and the telemetry that gets sent in. I would not be surprised if by next summer we start getting partner emails telling us we can manage our customer computers remotely via Microsoft Managed Services (MSMMS) once we register some ID generated on the customer computer in our partner dashboard.
After a full report was sent in on the source and background reasons for the massive infection, the contracting firm's overtime compensation was declined by the US DoD.
Probably one of the smartest things done in government. I was speaking with a state agency employee the other day about some of the really cool awards and recognitions given by various departments, divisions, and bureaus for things like "clearing up four-month backlog." You know, backlog the recipients caused in the first place.
And those of us who predicted this from the very start were (and are still frequently) dismissed and disparaged as ignorant racists. On the one hand I could take solace knowing that they will and do suffer as much as I. On the other hand I am unhappy that any of us must suffer at all.
Just a little more... then a little more... then a little more... until, what? How far do we go until we have gone far enough? And what about pointing that "narrow" beam of enlightenment upon yourself and upon those who carry your water? Does the attitude change then?
This from an administration and a man who has claimed executive privilege in an investigation involving his own Department of "Justice," has fought tooth and nail FOI requests on his various alphabet departments, obfuscating as much of its activities as possible, meanwhile mocking and belittling those who demand to know the inner workings of its politburos.
Then to speak about the laws of the land while ignoring and undermining law at every turn, laughing derisively when anyone challenges the actions.
There was a time when I hoped to work for the NSA, because I believed that by getting such a post I would be in a position to help people better protect themselves and work to coordinate better protection for our infrastructures at a national level. I followed an academic path to accomplish this, but the closer I got the more I noticed how my moral compass just did not align with what was transpiring in our government. Now, instead, I find myself pursuing a path to advocate against the directions in which our government is lunging head-first, much at the cost of its citizenry.
To speak of the law of the land, while at the same time taking the Constitution as if it consisted of mere suggestions and guidelines, is shameful. But you will not be ashamed, will you, because you are indeed a True Believer.
So, Mr. President, with no due respect, screw you and the horse.
I found a few daemons in regular upkeep which do not, by normal configuration, allow you to disable protocols. You can disable the ciphers but not the protocols. So what happens is the SSLv2 handshake is permitted, thus trading certificate information, but then there are no ciphers which can be negotiated so the connection "fails." At this point the damage has been done.
This reminded me: in the year 2016, Windows still gives me the error that a file name is too long. In the year 2016 that limit is still 260 characters, which can only be overcome by prefixing "\\?\" to the file path. According to MSDN you can use that prefix on UNC paths, as well, but I have had difficult time getting that to stick, in particular when copying with Explorer.
I wrote an extremely simple screen blanker for the C64. The stupid thing would not fire and I suffered over it for a several hours, even re-writing it -- but not from scratch, as my impertinent youth advised me to re-use sections which I "knew" worked.
Turned out one of the sections which "worked" had a BEQ instead of a BNE, two completely different conditional outcomes. In my defense I was young and then learned a very valuable lesson about making assumptions during troubleshooting.
If, reasonably or otherwise, you are using any networking kit which does not support anything over SSLv3/TLSv1, SHA1, or newer ciphers, and for which there are no, and never will be, firmware updates to correct, this is the perfect reason to keep an XP VM handy.
Printers, switches, routers, etc. Of course, the argument is they should be replaced. I get that and in most cases I am all in, but for the other cases there are perfectly legitimate reasons not to replace, or at least legitimate mitigations in place. (At the same time I also despise manufacturers who have firmware available to bring the secure interfaces into modernity but still ship with the old firmware installed which causes the browser to stomp on your fingers.)
I have had to reach for my "Internet Explorer (Windows XP Mode)" shortcut a few times working with network printer/scanners in small offices plenty of times.
"880 floppy credits"
Too bad the second higher up is 1790 credits instead of 1760.
But this stretch goal has me a little concerned:
350K € - Real Services (Advanced)With Basic Real Services only HTML, CSS, JS and binary images can be hosted on your servers. The purpose of this stretch goal is to let you enrich your contents with PHP and MySQL databases.
Oh, how much fun it would be for someone to turn this gaming platform into a gaming malware gaming platform. On the flip-side, turning the game into a hosted MySQL database could be a neat twist. Until your closest neighbor and "ally" turns on you and raids your datacenter for desperately needed materials.
Meanwhile, we are competing to build the ultimate datacenter for the game. Soon, the game will be hosted within itself. Shortly afterward it becomes self-aware. Oh, man, I need sleep!
I do not want to support 10 for people who pay me, even less for someone who gave me life. I mean, what a shitty way to repay them.
Actually, my dad is not so bad with computers. He is super-effective at messing them up, and semi-effective and getting them going again. Sometimes I would just prefer them to get a nice Android tablet (lesser of evil vs. Microsoft?) or an iPad.
I guess the most difficult aspect of my professional technology career is how much my vendors are pushing me to hate them and their technology, and sycophant brain-washed users push me to hate them and how they use technology.
Though still difficult, it is actually far easier these days for me to swallow a response "yeah, I use x-product even though it spies on me/gives away my data/whatever because I have to for y-critical function" or "but I have some mitigations in place" than "because it's just so cool" or "look at all the stuff I get!" If only because to a large degree I find myself, begrudgingly, in the former positions.
I remember reading somewhere that Windows 10 can host updates for other machines on your network, like a "Windows Update Bit-Torrent" of sorts. (And I am too lazy to find and confirm this nasty rumor.) If that is true, then given other advances in malware, theoretical and otherwise, it would not surprise me if your air-gap security against Windows Updates falters against the open speakers and microphones in your computers with the yet-discovered Windows Updates Over Air service.
Gah, I was going to come up with a long and clever name with an even cleverer (yeah, I said cleverer) acronym, but it is 2:15 in the am and I should be burning off an enormous sleep deficit.
You could do an internal WSUS server with temporary GP settings on a new machine, wuauclt /detectnow. (Mind you, if you don't carefully set your updates to download you will wind up with hundred GB or more of mostly irrelevant updates downloaded to your server.) You could also try this:
http://download.wsusoffline.net/
IME, it tends to miss some updates which you can get through WU later, but the initial patching problems are eliminated and hands-on time is greatly reduced.
Basement of an Air Force town house, phone cord spliced into the main line running through the first floor supports, done in such a way as to be able to stuff back up and hide from the parents, dropped down to a 110 baud Volksmodem (or whatever the hell it was) attached to a Commodore 64, in turn attached to a 13-inch black-and-white TV.
In the bed room is a Radio Shack "200-in-1" electronics lab with a light sensor and wig-wag circuit attached to a small Lego town lit by absconded Christmas bulbs and LEDs. During any other hour than the Witching Hour of dialing up through BBSs and weird network connections to other lands found by war-dialing and trial-and-error, the Commodore 64 is connected to said Lego town running its traffic lights directing Matchbox cars around the scene, while "Radio Ga Ga" and "Synth Sampler" (Doc-doc-doc-doc Doctor Livingston, I presume?) played on the record player next to the latest COMPUTE! magazine, and "You Can't Do That On Television" filled the room with sound.
This was actually a somewhat socially-adjusted, in-shape kid of about 12 with an active sport, bike-riding, and outdoor life with little incentive to sleep during the night.
He still does not sleep much during the night, taking advantage of this affliction to perform server maintenance and earn extra money while watching "Futurama" or "Casshern" on DVD (sometimes straying to watch "The Running Man" or "Runaway") and listening to C64 and Amiga remixes over Bluetooth headphones so as not to wake his female companion and the neighbors.
The C64 does not run Lego town traffic lights anymore, but there is a traffic signal hanging next to the desk with a sequencer to keep it lively.
"Those working on the private cloud would also be wise to have a think about their career direction" = "Don't even think about developing skills that would compete with Us."
"...businesses are expected to mellow in their prudish hesitation towards adopting public clouds for all but mission-critical workloads..." = "Your biological and technological distinctiveness will be added to our own."
From the sub-title (yes, I realize after reading TFA it is not related): "16 million years worth of music streamed to your mobe annually" = "Soon your music tastes will be dictated by unknown benefactors who control the content available for streaming."
Unfortunately, some of us still have to support legacy clients, customers, or colleagues which can only work with the SHA-1 hash or, just as bad, the higher end of the TLSv1 ciphers. In a few cases I have to support email transfer to servers which only support RC4-MD5.
I have to set up a special machine to route to these legacy contacts, knowing full well that I cannot guarantee security (hell, I might as well not even bother encrypting) and relating that to both ends of the transfer. Looking at connection stats, I found that a number of US government agencies are still using the low-end of the TLSv1 suite, if not SSLv3 out-right, meaning that I have to keep a weak system in place for them. (Oh, and so do MANY of the Yahoo! "bullet" servers.)
Client devices are yet another problem. I admit that my phone is so old it cannot support a SHA-2 hash, or anything better than TLSv1/3DES-SHA, which means that as I start enforcing strong encryption at my site I have to no longer use email on my phone, use my own SHA-signed CA and subsequent signed certificates on a dedicated server, or replace my phone (in order of most to absolute least likelihood -- my reticence to replace my phone is a topic for a later conversation.) Me aside, I have to still support a number of client devices for at least the next few months. I have already sent out The Word, and on my side is that Google and Microsoft services will not support them soon, either, so my chances of losing them as customers is slim.
Anyway, a lot of work to do.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
