* Posts by Trixr

324 posts • joined 30 Jun 2009

Page:

Can't get pranked by your team if nobody in the world can log on

Trixr

Re: the old "rotate the monitor" trick

Ah, yes, editing the registry to include more "helpful" Windows Tips was my speciality in the late 90s, as well as forcing them to pop up with each logon. I developed quite a nice little .REG file with my classic hits after a while.

2
0
Trixr

Re: Hold the phreakin phone

That was a shit habit even back then. At the very least, they should have had another workstation on their desktop, or a KVM-connected machine, that they could logon with DA rights to do those jobs.

0
0

Scanning an Exchange server for a virus that spreads via email? What could go wrong?

Trixr

Re: Deleted Emails

All I can say is thank god for the AD Recycle Bin these days, and "prevent accidental deletion" of OUs.

Still, creating 7000 new accounts seems a bit knee-jerk - recover the accounts from brick-level backup if you have one or an authoritative restore from a DC backup. That shouldn't have been too difficult if it was done by deleting entire OUs. Recovering the accounts will also restore connectivity to the "orphaned" Exchange mailboxes because the mailbox attributes will also be restored.

Also, for young players, TELL THE BOSS. Yes, develop some kind of basic recovery plan before you tell the boss, but TELL THE BOSS FIRST. A decent boss will fend off any upper management that starts whinging about missing accounts. A boss who is first informed of an issue that you're in the middle of p*ssing around with by the CEO, or (don't ask) a member of the public, is going to be spending much more time imitating a very hot blowdryer in your face rather than letting you get on with trying to keep your job.

And no, if you're not in the US, you shouldn't be fired because of one c@ckup, if you recover the situation. However, doing the mushroom routine on the boss will not be great if it's bad enough and a PIR decides someone's head needs to be on the chopping block.

As someone who has been the boss of an infrastructure team, I've had the good fortune not to encounter an issue that we couldn't recover from. But team members trying to fix serious issues themselves without putting their hands up (self-caused or not, although the former is worse) always make it more difficult for managers and team members to help them get it sorted. Not to mention making the manager look like a numpty in front of the real PHBs if they hear about it first - no-one likes being kept in the dark and made to look like a moron to their boss (I don't care what level you're working at).

It also means that upper management lose confidence in the team as a whole if they perceive the manager as being clueless. Again, one incident like that shouldn't be too bad in the greater scheme, but if it keeps happening, in this day and age, it's the outsourcers next, not a new manager (and if you have a manager who genuinely wants to help you get on with your job, you want to keep them happy - mutual back-scratching is a good thing in this instance).

4
1
Trixr

Re: Nice story

Funnily enough, the worst c*ck-up I've ever encountered with email involved a Linux system. Shiny new Red Hat box, which had all the email from the university academics stored on it, recently transferred from the ancient VMS system. It was IMAP, but I don't recall whether or not it was Dovecot. I didn't administer it.

One day, the email storage got hosed because of some issue with the SAN (twenty years ago; can't remember circumstances now). Oh dear, sorry academics, we'll have to restore everything from backup. In the meantime, they had dialtone mailboxes, so they were receiving new messages.

Go to restore the backup... there is no backup. There was some arrangement where the mail storage was supposed to be backed up via another system mounting the mail storage volume, and this had never been put in place. The RHEL backup was only backing up local storage, not SAN-attached. Oh dear oh dear oh dear.

How was it recovered? Recovering the VMS system, re-migrating the mailboxes to Dovecot(?) on RHEL, and then replaying the MTA logs to catch up the interval between the VMS migration and the loss of storage. Amazingly, it only took a week, although the boss was positively volcanic in demeanour that week.

Conversely, the worst issue I've had in 20 years' of Exchange support was the smallish regional mail server that was happily receiving messages from the MTA and other Exchange servers, queuing them nicely in the SMTP message queues... and failing to deliver them to mailboxes. Since intra-Exchange and MTA delivery queues are different, and the server had plenty of storage, was not over subscribed, each of the email databases were happy and the messages were destined for different DBs, blah blah de blah, trying to find out what was going on was difficult.

In the end, after inspecting logs, checking all services up, stopping/restarting services, unmounting/remounting databases, restarting SMTP, moving mail queues to different partitions... 6 hours later, I gave up and rebooted the box. Once it's back up, BAM, everything starts getting delivered as if nothing happend. All the mail was delivered within 10 mins. THANKS, MICROSOFT!

1
0

Microsoft gets ready to kill Skype Classic once again: 'This time we mean it'

Trixr

Is THAT what that is! I use Skype maybe once a year, and the POS whinged at me about a password the last time I attempted to use it. And I know it's the right one. Mystery solved!

0
0

Cisco Webex meltdown caused by script that nuked its host VMs

Trixr

Re: 'This was a process issue, not a technical issue'

Nah, there is a difference in any failure analysis between a component failure and "human factors" (aka C*CKUP).

Sounds like the script worked perfectly. How it was *targeted* is something else.

0
0

Why are sat-nav walking directions always so hopeless?

Trixr

Re: never seems to taste the same?

But in a place where they cannot make the water hot enough to make proper tea, the microwave option is the least-objectionable.

1
0
Trixr

Re: Tea with milk

Frigging Lipton. I can't believe it's sold in Oz/NZ - it's the Starbucks of tea. And yes, I do actually judge my friends who have the muck in their cupboards.

0
0
Trixr

Re: Too many apps

For us antipodeans travelling to the northern hemisphere, none of that stuff works. I think pretty much the only constellation I can reliably identify in the NH is Orion. I get lost walking out of a tube station, because the sun is in the wrong part of the sky.

1
0

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

Trixr

I can just about guarantee that if you're in an English-speaking country, your electronic inspection laws at the border are more draconian than NZ's. Of course, if you don't travel, fine.

2
1
Trixr

Re: Australia has more draconian laws

Yup, Border Farce in Oz is much more draconian than NZ in that sense. NZ is just bringing its laws up to a degree of parity.

And as has been observed, the US doesn't give a toss about "reasonable cause". In fact, nothing in their so-wonderful Constitution applies to non-citizens entering their borders.

As for the UK, it's almost as bad. All a Customs officer needs to say is "Terrorism Act", and they can do what they like with your electronic devices. No just cause or anthing of that nature required.

27
0

Microsoft's collaboration software Teams works on its collaboration hardware Surface Hub

Trixr

the irony

version of the Windows 10 OS used by the Surface Hub is a different beast to that found on desktops. The user interface, for example, runs a shell geared for prodding in a meeting room. The lock screen is replaced by a welcome screen and user sign-in is a very different experience..

So this toy gets a custom shell, but they can't figure out how to do that on the GUI version of Server 2016? No, we have to get super-critical services like XBox Live Game Save and Wallet Service installed on a *server*. Good their priorities are sorted.

3
0

Microsoft slows Dynamics 365 update cadence

Trixr

Call me old-fashioned

...but I'd rather have quality updates rather than updates released for the sake of some marketing cadence.

10
0

Sysadmin left finger on power button for an hour to avert SAP outage

Trixr

Re: Me, that's who...

Belatedly, but whoever made the decision that Linux should simply restart with no prompt if CTRL-ALT-DEL is done in a console session should be shot. It's not as if Windows hadn't been around a fair while when Linux actually became more than a bare kernel.

0
0

Office junior had one job: Tearing perforated bits off tractor-feed dot matrix printer paper

Trixr

Re: out of paper!

With 100 PCs, you'd hope they'd be be sending their jobs to a print server, not individually straight to the device.

You can use the GUI or NET PRINT commands to target a specific queue (naturally your print server will generally be used for multiple printers), or stopping/restarting the spooler (after a pause) is normally sufficient to clear the whole server without having to delete SPL/SHD files (some might be left hanging around if they were corrupt).

0
0

Fixing a printer ended with a dozen fire engines in the car park

Trixr

I worked with a moderately psycho telephone engineer who thought it was a great laugh to include a similar mass of wires, relays and the like in my luggage when I was stupid enough to leave it unattended in our office before flying overseas that evening.

I got all the way from the UK to NZ without it raising any flags (that I know of), and you will just to have to imagine the air turning blue, with thunderbolts, when I finally opened my luggage and discovered his "present".

This was in 2002, when everyone was still feeling very delicate about 9/11, security at Heathrow was obtrusive and paranoid, and they took those questions about "did you pack your own luggage" etc very seriously.

He's fortunate I didn't take out an HR complaint on him, but I got a job while I was in NZ and only returned for as long as it took me to wind up my old job.

This was not long after he'd had a spitting screaming rant at us sysadmins for having the termerity to have two pints one lunchtime around the holidays. So it wasn't just "harmless fun" - he was a nut bag, but not stupid, and had to have realised his "present" could have caused me a fair amount of trouble during my travels.

0
0

Admin needed server fast, skipped factory config … then bricked it

Trixr

Re: Nope

...I thought that "insert disk 2 of 6" on top of disk 1 of 6 *already* in the drive was an urban myth until I saw it multiple times at a university I worked at. Ah, students.

0
0
Trixr

Yup, me too.

Exactly the same thing happened to a Dell tech a decade later at a place I was working at in the UK. We'd just gone to a new service contract where us admins were to be "hands-off" the hardware. PSU died in a server, Dell shipped a new one from the US, followed by a shiny new tech to install it.

We all stood around watching the new support arrangement in action... and managed not to giggle aloud when he unwrapped the PSU and installed it without the merest glance at the voltage switch position (poor dude was a bit nervous with the entire systems admin team "observing").

After a nice bang! and the magic smoke escaping, we ended up getting a brand new CPU, memory, motherboard AND PSU.

0
0

Sysadmin hailed as hero for deleting data from the wrong disk drive

Trixr

Re: Grub rescue

I don't think it was *you* who somehow screwed it up. Almost exactly the same thing happened to me updating the Nvidia driver on the Solus distro. A distro that purports to seamlessly deal with graphics driver updates.

For me, I didn't bother with recovery after I saw the grub rescue - I just wiped the Solus off my dual-boot laptop and reinstated the Windows bootloader. Yet another Linux distro that bit the dust for me. I get really sick of how fragile Grub is.

0
0

'I crashed AOL for 19 hours and messed up global email for a week'

Trixr

Re: With hindsight

Correct - Exim was "experimental" for a fair few years. Postfix came out in 1998, but I didn't use it till v2.2.

smtpd_timeout was a lovely thing, not to mention all the smtp client timeouts going the other way (no waiting forever tying up a process waiting for a receiving MTA to respond).

0
0

Gmail is secure. Netflix is secure. Together they're a phishing threat

Trixr

Re: This has happened to me for years

I have to say that operating a catchall address in this day and age is really a liability and not an asset. Unless of course you're maintainer of some RBL.

If you want to know who's trying to spam you, you simply look at the mail log and the rejected messages.

If you're using it as a honeypot to construct some kind of home-baked RBL, then just subscribe to Spamhaus Zen. Their database is orders of magnitude bigger than anything a little home domain will encounter... and is therefore much more useful if some exploit is in the wild. It's free for a host processing less than 100,000 SMTP connections per day. I used it for my medium-sized organisation (5000 mailboxes) until they made us get crappy Ironport. Like any RBL, the rejected connections are clearly logged in the mail log.

If you're operating a catch-all to capture misspellings of your email address(es), simply set up a catch-all that's aliased only with the likely misspellings.

0
2

There's security – then there's barbed wire-laced pains in the arse

Trixr

Re: Conflicting Advice

That Schneier advice is now a decade old.

The common advice these days is long pass phrases that don't have to be changed too frequently, and 2FA

0
0
Trixr

It's uncanny - it's almost like she's worked at my organisation (down to the exec using Dropbox), and she would have been shown the door quick smart with sensible observations like those.

0
0

Azure needs extra security controls before it's fit for government use, says Australia

Trixr

Yeah, I don't mind El Reg going for the tabloidy headlines when it's amusing, but this really is a misleading spin on the situation.

Also, since I was at the presentation, MS clearly had a matrix of services that were going to be approved for Protected status (in conjunction with the appropriate controls as implemented by the relevant agency - they have responsibility too). There were at least a dozen or so services that were excluded.

1
1

Sysadmin shut down the wrong server, and with it all European operations

Trixr

If it's a Linuxy box, check out Fail2Ban. Dynamically creates iptables rules on receiving bad logon requests (or whatever other criteria you select in the sshd.log) at whatever frequency/time interval you choose.

I used it for Postfix, for dropping SMTP connections that were attempted more than three times in a row from hosts that were blacklisted in our RBL - those got banned for 6 hours. Also, hosts that attempted more than 20 messages in 5 mins to "unknown recipients" - they were dropped for 2 hours, I think - a cheap person's DHA throttle.

2
0
Trixr

DesktopInfo is a wonderful tool.

Just come up with a template INI file and stick it somewhere all RDP users can read it, create a shortcut in ProgramData...\Startup to launch desktopinfo.exe for all users, and bake that into your gold image. Easy to package and distribute as well.

Then you get the name of your system as big as you want on screen - colour code for prod/non-prod if you're fancy, and some cute at-a-glance statuses if you want those as well.

1
0

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them

Trixr

Re: Fix

Yes, of course you *hope* I test changes. I haven't even deployed these updates into our DEV environment yet. I always wait at least 3 days. Then there's at least 10 days before they go to Prod.

In my experience, we've been more affected and put more at risk by deploying crappy patches too fast than any runaway exploit.

2
0
Trixr

Re: Fix

Yeah, I'm sure going to love running around setting reg keys on 300+ servers. Thank god the yanks get to find out this crap before we do.

It would help if MS didn't screw up *any* part of the TCP/IP stack or network configuration with a bloody routine patch.

11
0

Samba 4.8 to squish scaling bug that Tridge himself coded in 2009

Trixr

Re: Samba is still relevant?

Dude, if you think Active Directory "is dead", you're having a laugh. I don't care where in the world you upload your crap, if there's any security on it, you're using authentication and authorisation services.

As it happens, the core of Azure is still based on AD technologies - yeah, sure, SAML wrappers etc, but what do you think is validating your claims?

Having directory services combined with Kerberos with minimal configuration required was a killer feature. I still don't think Samba has caught up with AD services, except for basic stuff, but there's nothing wrong with the LDAP + Kerberos stack.

As for SMB, I don't think it's that great myself, but it's a sh*tload better than SharePoint. Try storing multi-gigabyte binary files inside a SQL database and see what your DBAs say. Try storing 27 million files of 5-150 bytes in size in SharePoint (which exactly what is in a directory on one of our file servers right now ... and I *wish* they'd ingest those into a database!)

And if you want to store a bunch of docs and spreadsheets on a web server, SharePoint is still shite. A simple WebDAV is better. The only benefit I can think of with SharePoint is in a clustered instance, where you've got your stuff spread across a large farm. And that's only because of the clustering technology, not because it's a great way to store and retrieve files.

0
0

ServiceNow plans non-devs writing non-code for real enterprise apps

Trixr

Obviously I'm behind the times in thinking that a billion dollar business no longer qualifies as a "start-up".

0
0

Programming in the Middle Ages: Docker makes a lovely pair of trousers

Trixr

Re: Comma, please

Please read up on serial commas and the fact they are NOT required where you have a conjunction, depending on what writing STYLE you happen to have adopted.

If you have a preferred style, fine. The serial comma is common in the US (and Oxford, natch). There's nothing about an "and" that implies the entities are "a couple".

0
0

Linux-loving lecturer 'lost' email, was actually confused by Outlook

Trixr

Re: been there - seen that - never been shouted at to that extent (yet)

Sorry, why on earth would you allow a 500MB message size??????

Internally or externally.

I'm afraid that's the fault of the administrators, not the users exploiting the really stupid system.

0
1

Apache Foundation rebuffs allegation it allowed Equifax attack

Trixr

Re: Hang on...

Dude, no-one has confirmed whether that WAS the breach. Useless to speculate.

Yes, if Equifax were using Struts and didn't configure it according to best-practice, then sure, hang them out to dry.

0
0

User thanked IT department for fast new server, but it had never left its box

Trixr

I pretty much credit my IT career with my early understanding of the power of the placebo.

I worked in a law firm in the late 90s that had recently switched from Word Perfect to Word, complete with very gnarly macros. Often the Win 3.11 machines would virtually grind to a standstill, and the quickest way to free up the memory was a simple reboot.

Lots of the secretaries (and pretty much any user today, of course) would swear black and blue that they had already rebooted and it was "something else" causing the problem when their machine went to snail pace.

So my Advanced Desktop Support technique was to go to the affected machine, run up the command prompt, run a "dir /s" on the C:\ drive, make some muttering sounds as the output scrolled down, THEN do the reboot. Apparently I was the "best" desktop support person in the place because I "went the extra mile to *fix* the problem". Fast forward to being a shiny new NT administrator in the Ops area 6 months later.

2
0

Hell desk to user: 'I know you're wrong. I wrote the software. And the protocol it runs on'

Trixr

Sounds like the experience we had with the EMEA support branch of a well-known US computer manufacturer shortly after our boss signed us up for a "fully managed" hardware support service for our machines.

PSU blew in one workstation about a week after this arrangement came into play, we called, a package with the replacement PSU was couriered to us, and the tech followed to install it the day after. We were keen to experience the delights of this fully-managed service, so we were STRICTLY hands-off.

The package was festooned with obvious US-origin courier labels and in what was obviously the factory packaging. All three of us systems admins were gathered around the bench waiting for the MANUFACTURER tech to work his magic - poor dude.

So he opened the packaging, removed the nice, shiny, factory-new PSU, flipped it over without even glancing at the voltage selector switch, installed it, plugged in the box, powered on and BANG!

So yeah we got a new motherboard, new RAM and new CPU out of that little number. And a good laugh once the tech departed. We managed to restrain ourselves to a polite "whoops" when it blew up almost in his face.

I do not understand any tech anywhere in the world (maybe not the US itself, since they seemed to assume they were the default) not double-checking a PSU voltage selector in the late-90s - a very basic routine check.

I won't bother relating the story of the "hot-swappable" server SCSI hard drive on the student registration system that most certainly was not. Thank christ it wasn't just before (or DURING) enrolment time.

3
0

If you love your email standards, SMTP your feet: 35 years later

Trixr

I don't know why all the downvotes - are any of these from anyone who works with a substantial email environment? (Multiple enterprises, or even medium-large enterprises?)

I thought Google was on the right track with their Wave idea. Of course, their ramming it down everyone's throats and the fact Google were going to make it their proprietary thing meant its death-knell, deservedly so.

But the idea of moving seamlessly between a IM conversation style to a message delivery system in "offline" mode (if you like) was great. How the security and connection handshake could be handled with multiple providers is something else, because of course Google weren't designing for that either. Something like the messaging equivalent of Diaspora (the social media platform), where multiple nodes can intercommunicate, perhaps.

I know that some would say it'd be overly complicated, but if anyone thinks that pure SMTP is workable these days, they're dreaming. Multiple message formats, multiple mail access protocols, bolt-ons (and they ARE bolt-ons) like SPF, DKIM and DMARC, the gymnastics required to encrypt messages and the transport layer, SenderBase, RBLs, etc etc etc etc.

1
1

CMD.EXE gets first makeover in 20 years in new Windows 10 build

Trixr

Re: They are bonkers

I dunno, the first thing I do is change the RGB settings on that medium grey they use for the default text to something much lighter. Not having to do that on every new box I log on to would be nice.

0
0

Sysadmin jeered in staff cafeteria as he climbed ladder to fix PC

Trixr

Re: What is this ?

Similar issue I had in an academic institution in London, which had multiple buildings spread across Bloomsbury. The connector was seemingly the BEST thing to hang an academic's coat on, despite multiple reminders to the office occupant that it was not in fact its purpose.

Traipsing across half of the west end when it was hosing down was not my favourite activity.

2
0

BA's 'global IT system failure' was due to 'power surge'

Trixr

Re: Cynical Me

Yup, I know of an instance where a certain country's largest airport's ATC systems were literally two minutes away from a complete power failure. Mains power didn't come back after some issue with switching between that and the genny (I did hear the gory details, but my understanding of what's what was limited). The contract electrician (no more on-site sparkies after "efficiency" cuts) had to be called out from the other side of town (a town with awful road congestion at the best of times).

The only reason the whole lot didn't go down was due to the site manager and staff literally running around the ops building and tower powering down every single piece of electrical equipment that did not concern the tower cab's ATC display systems and nav aids. Was there any review in terms of obtaining another genny and/or onsite sparkie during operational hours? No.

6
0
Trixr

Re: "Tirelessly"?

I dunno, it's not a bank holiday in India, and they're probably flogging all the poor bastards to death over there.

13
0

Fat-thumbed dev slashes Samba security

Trixr

Re: Now if this was in windows

Totally agree. So far it's mostly "oops, here's a workaround, hope you guys fix it soon", rather than rants about "Linu$$$" and "Tridge-hell" and the like.

0
1

'Trash-80' escapes the dustbin of history with new TRS-80 emulator

Trixr

Re: good old days...

This schoolgirl did, although I didn't choose "BOLLOCKS" of my text of choice. :-)

1
0

Miss Misery on hacking Mr Robot and the Missing Sense of Fun

Trixr

And this is why they invented Dropbox (etc). That's where my book stash lives, as well as about three actual devices.

0
0

Green software blacked out Australian State

Trixr

Re: "it is not customary to study multiple faults"

They did.

The wankers running the gas-fired turbines said they didn't get 'enough warning' to spin them up. It was complete lies, since they were warned a few day in advance that the gas-fired capability would likely be required when the weather hit.

Of course the govt was at fault for not ringing them up first thing in the morning of the storms to ask "Are those #*@*% things on yet?"

2
1

User jams up PC. Literally. No, we don't know which flavour

Trixr

Re: Never underestimate the foolishness of the average user

If you're going to imitate a Mickey-Rooney-quality "Asian" accent, get your Rs and Ls right. The Chinese pronounce Ls, the Japanese pronounce Rs. So your "Chinaman" would be Japanese given that sample. But never let accuracy get in the way of an ethnic stereotype.

1
0
Trixr

Actually, for us non-American colonials (in NZ), "kindergarten" refers to pre-school for the ages of 3-4. We start at age 5.

2
0

Sysadmin's sole client was his wife – and she queried his bill

Trixr

Re: Re-booting windows

If you're running the Professional edition, just use GPEdit to stop it. There's plenty to google on using group policy to limit how Windows update works.

0
0

The Register's guide to protecting your data when visiting the US

Trixr

Re: Not right, but not that strange either

Yes. the profiling is so advanced that when my Buddhist Sri Lankan-born boss and her similarly-spec'd hubby travelled to the US during the Bush II years, on their Australian passports (being citizens for 30+ years), they were stopped and searched - at length, the "please step into this room" treatment - at every single US airport they transited through on their journey.

No criminal record, no military service in birth or residence countries, no visas to China, Russia, Cuba, Middle-East nations yadda yadda in their passports, no ticking luggage, and the purpose of their two-week visit was to attend an academic conference at Georgetown University and see family members in two other cities.

There may be things you could say about what Sri Lankans of the military persuasion do to Tamils in that country, but as far as I know, the yanks have never been that fussed about that. Buddhists aren't really that renowned for their suicide bombings or jihads at the best of times.

Of course, they did fit the advanced profile of being suspiciously brown in skin tone. And sure, it seems that the US border guards are improving their detection rate based on such techniques by exponential rates at present.

2
0

EU privacy gurus peer at Windows 10, still don't like what they see

Trixr

Re: What information does Win 10 slurp?

I have W10 Pro at home, and it's fine in terms of being able to be locked down. GPEdit is your friend.

And no, as far as I'm concerned, work kit remains just that. I'm not letting my personal data anywhere near it.

0
0

HPE blames solid state drive failure for outages at Australian Tax Office

Trixr

Er, how are the potential failures of MODERN SSD storage potentially any more risky than other storage devices? Bad firmware = bad firmware, no matter what the storage substrate.

I remember having to replace 300+ Hitachi drives in the early 2000s - good old spinning rust, manufacturing fault with the actuator or actuator arm, I can't remember which. Ok, most of that was preventative replacement, once Dell finally admitted the problem, but a 1/5 failure rate was pretty noticeable prior to that.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018