* Posts by gerdesj

1141 posts • joined 15 Aug 2009

Page:

GDPRmageddon: They think it's all over! Protip, it has only just begun

gerdesj
Silver badge
IT Angle

ACs ACs everywhere, yet ne'er a comment to worthily remark upon

Is RegAuth down? Every comment here so far is AC. (OK test done and "no"). So wtf is going on? Am I really going to have to ditch my Private Eye sub?

On balance I think that a set of regs with aims like this might be useful:

This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

0
0

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?

gerdesj
Silver badge

Re: Welcome to the 'new' Canonical

"I think you need to run wireshark and look at the actual traffic on a minimal install ubuntu. I think you'll be surprised."

It's not going to be very minimal if you've got Wireshark on it. Perhaps you meant tcpdump? Anyway, I've just done a Bionic minimal - https://help.ubuntu.com/community/Installation/MinimalCD - install and there is no sign of any data slurping.

6
1
gerdesj
Silver badge

Re: "opt-out was probably the best choice"

GDPR relates to personally identifiable data. I'm not sure that the metrics being gathered constitute a fingerprint.

65
3

Advanced VPNFilter malware menacing routers worldwide

gerdesj
Silver badge

Re: It's the Russians, No the Chinese...

Trump.

4
3

You've got to be kitten: Vet recruiter told to pay £1k after pinching info from ex-employer

gerdesj
Silver badge

Re: 3 fivers and change?

GDPR doesn't apply yet. This would have prosecuted according to the provisions of the Data Protection Act.

10
0

Summoners of web tsunamis have moved to layer 7, says Cloudflare

gerdesj
Silver badge
Trollface

Simple solution

"OSI layer 7 attacks"

Simply use the DOD four layer model and avoid the problems at layers 5,6,7! Job done.

4
0

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

gerdesj
Silver badge

Re: How to make the move?

"My ISP (Plusnet) is IPv4 only." I used to be with PlusNet and when I asked a few years back what their plans for IPv6 was, I was told "no plans".

I left. I also took the four office links to another ISP ... and around 30 odd of my customers ... and my dad and my brother and a few other family members and friends and acquaintances.

Not the end of the world for them, I'm sure.

2
2

Facebook Android app caught seeking 'superuser' clearance

gerdesj
Silver badge

Re: So Facebook's response is to shoot the messenger basically

Dream of electric sheep (possibly).

3
0

Meet Asteroid, a drop-in Linux upgrade for your unloved smartwatch

gerdesj
Silver badge
Paris Hilton

"Privacy has been a design consideration. And because it's actually a rich Linux, you can run Docker."

wtf?

2
1

UKFast bit barn yarn: 'Cisco switch glitch' leads to service ditch

gerdesj
Silver badge

"so the incoming mains supply was lost to the bit barn and generators failed to pick up the slack"

They are not generators then, just lumps of stuff taking up space ..

5
0

UPnP joins the 'just turn it off on consumer devices, already' club

gerdesj
Silver badge
Paris Hilton

Re: another lesson

"NOBODY NEEDS TO FORWARD PORTS UNLESS THEY ARE RUNNING A SERVER."

IPv6 8)

1
4

Facebook stuck with IRS bill after court tosses $7 BEEELLION appeal

gerdesj
Silver badge

Re: “the IRS gets to decide what does and doesn't get an appeal hearing”

"Rather defeats the purpose of an appeals hearing, if the opposing side gets to decide whether to let you fight."

That was the result of a court hearing, not a fight in a playground.

3
4

Wanted that Windows 10 update but have an Intel SSD? Computer says no

gerdesj
Silver badge
Trollface

"Wanted? I thought it was foisted regardless?"

You mean one day I'll run $ yaourt -Syu and find myself mashing ctrl-c really, really quickly and taking a long hard look at my mirror lists??

Karma to burn

4
4

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

gerdesj
Silver badge

Re: Be careful about version numbers.

" whereas distro-makers might be doing their own thing." Oh they do ...

Ubuntu take a stock kernel version eg 4.13.0 and then stick with it but backport fixes etc. Hence you get versions like 4.13.0-41-generic which is the 41st version of the Ubuntu version of 4.13.0 - in a generic way 8) This on the other hand: 4.16.5-1-ARCH is the first Arch iteration of the stock 4.16.5 kernel.

Both kernels will have some stock mods applied before distribution so my 4.16.5-1-ARCH will be different to what you get direct from Linus and Co.

2
0

Microsoft reckons devs would like an AI Clippy to help them write code

gerdesj
Silver badge
Mushroom

Why not wire it up to Stackoverflow as well and be done with it? You'll have your code writing itself 8) What could possibly go wrong?

9
1

Admin needed server fast, skipped factory config … then bricked it

gerdesj
Silver badge

Re: 80186

My school (Abingdon aka "Royce's") had a RM Nimbus in the D&T workshop. With Windows 1 on it and a rather early AutoCAD.

About 1 year later I (cheers Mum and Dad) had a 80286 based beast with 1MB of RAM. I saved up for a 80287 maths co pro so I could run ACAD on it. To be honest I had more fun reading Peitgen and some other bloke's fractal related shenanigans and attempting to replicate their results in GW Basic.

Then I got hold of a C compiler - cool and quick and bloody complicated. I went back to BASIC to get the results that I wanted at the time, in linear time. Before you smite me with righteous indignation, bear in mind that I just wanted results and not a cool paradigm.

3
0

UK gov grilled over massive exposure to struggling outsourcer Capita

gerdesj
Silver badge

"MP's obviously don't read el Reg"

Private Eye have used that name for as long as I can remember

43
0

Microsoft Lean's in: Slimmed-down Windows 10 OS option spotted

gerdesj
Silver badge

Re: The funny thing is that...

My cat must have gone on a diet:

-rwxr-xr-x 1 root root 34856 Dec 29 12:08 /usr/bin/cat

4
0

Facebook puts 1.5bn users on a boat from Ireland to California

gerdesj
Silver badge
Paris Hilton

$1.6bn

$1.6bn - How many NHSweeks is that?

0
1

Millions of scraped public social net profiles left in open AWS S3 box

gerdesj
Silver badge

Re: S3?

https://haveibeenpwned.com/

3
0

Australia’s .au admins told to reform or get rooted

gerdesj
Silver badge

Bingo

"This includes transitioning the delegation for management of .au to another provider if auDA is unable to achieve necessary outcomes."

This includes getting someone else to do it.

3
0

Facebook faces foe formation in facial fingering fight

gerdesj
Silver badge

Re: OH dear....

"The supplier said the client was free to invoke them, but if they did, the supplier would be filling for bankruptcy as it could't afford to pay any.

The public body was stuck between a rock and a hard place."

.. and hopefully now understands the concept of "due diligence" (including insurance)

13
0

Why you shouldn't trust a stranger's VPN: Plenty leak your IP addresses

gerdesj
Silver badge

Re: So ElReg what are you reporting this crap for.

"The only VPN's of any value are the ones that you connect to at your place of Work or Home, if you can keep them secure, don't stuff up, leak your own addresses, crash, staff don't spy on your usage or just............"

So true and yet even the pros make mistakes. Take me for example. I look after quite a few networks, firewalls and the like. I have a newish laptop and decided to put my office OpenVPN connection on it. Fired it up, typed in "whats my ip" into Google and saw my IPv6 address staring back at me. Bollocks. Oh well I'll use the office WANs via the web proxy to get the job done.

I now need to fix up what happens with working IPv6 when connecting to our currently IPv4 only VPN. The assumed policy is that all traffic is gatewayed through the VPN and it isn't. I could simply change the policy I suppose.

4
0

It's baaack – WannaCry nasty soars through Boeing's computers

gerdesj
Silver badge

Aircraft do not use Windows for critical systems.

Imagine being a pilot in a commercial jet on finals and being told that Windows Updates needs to do its thing due to an inadvertent miss configuration (ahem) and "making everything safe" before doing it.

13
0

Java-aaaargh! Google faces $9bn copyright bill after Oracle scores 'fair use' court appeal win

gerdesj
Silver badge
Gimp

IT exists ...

... to keep lawyers in business. I suppose it is one way to repatriate non trivial amounts of dosh to the US:

spend it on sharks.

Trebles all round for m'learned friends *chink*

6
0

Microsoft to lock out Windows RDP clients if they are not patched against hijack bug

gerdesj
Silver badge

"Such a shame the patch kills 2008R2 servers" and Windows 7 and possibly not just on VMware either. We also have several instances of wifi being disabled on Windows 7 on our helpdesk ...

2
1
gerdesj
Silver badge
Linux

"It's also worth looking for updates from vendors of third-party RDP clients, as they can also fall foul of this vulnerability."

https://github.com/FreeRDP/FreeRDP/issues/4449

https://github.com/FreeRDP/FreeRDP/issues/4503

https://github.com/FreeRDP/FreeRDP/issues/4498

etc.

It took nearly three whole days from patch Tuesday for a fix to arrive via pacman on my PC.

4
1

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

gerdesj
Silver badge

Re: Off the top of my head

"Now I haven't put much thought into this" - You sir win the internet for that comment.

"I personally use Open DNS" - they work very well for many use cases but is yours one of those? ODNS will always respond with an IP address for a request for an A record - their webby server. Is that what you want (unlikely)?

I'll recommend using 9.9.9.9 ie Quad9 for DNS instead. They will not respond with a default address on fail which is what should happen and easier to work with.

7
1

Windows Server 2019 coming next year and the price is going up

gerdesj
Silver badge

Buggrit

Hi, my name is Jon

Hi Jon

I've been clean of Windows on my personal systems for over 10 years now ...

* wow* *well done* (etc ad nauseam)

... but the bigger boys ... they make me do it ... I can edit their docs and use their Exchange (Evolution with EWS) but I feel ashamed - I still can't open OneNotes ...

... I installed PS Core (from my package manager - not via a random download) Apparently it is normal to install any old stuff on a Windows box. I'll stick with curated by someone I've heard of on the end of a GPG sig.

I'm not cured - I like to fix broken AD's I can't help it, they are so sad. I see OpenDNS used for upstream DNS and other things (*).

Cheers

Jon

(*) ODNS will always reply with a record but sadly it might not be the one you want or need

3
7
gerdesj
Silver badge
Alien

"RHEL at least costs a lot more to license in most cases than the equivalent Windows Server!"

That's nice AC! I'm sure it does but thankfully I have choice and I choose to exercise it. I run up Ubuntu LTS (Xenial for now) like they are going out of fashion for servers and use Arch for workstations and Arch and Gentoo for personal use. Not one - just to re-iterate - not one of those (and there are around 300 across the country that I look after) has skipped a beat that I didn't cause in some way.

I also look after quite a few other systems and I can't be so charitable about them. Recently Win 2008R2 and Win7 machines had wifi and ether snags (for VMs) after the latest batch of Windows Updates (funnily enough we'd already documented the fix years ago, nice to see it again). I'm also not close to being mentally scarred (but pissed off) by a recent AV n firewall etc upgrade for a customer on a system I've been a sysadmin for a time range that is near to decades - not just years.

Windows - you can stick it u *** bbbzzzt ***

15
8

YouTube plan to use Wikipedia against crackpots hits snag

gerdesj
Silver badge

Partnership requirement to read?

"In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube"

I'm not in a formal partnership with WP either. Do I need one to read it?

8
10

Samba settings SNAFU lets any user change admin passwords

gerdesj
Silver badge

Re: SO what I'd like to know...

"Is how long this flaw has been around?"

Version 4 of Samba has been around for a while now: https://www.samba.org/samba/history/samba-4.0.0.html. Whilst surveying the view from your horse, you might note flaws have come to light in other systems (hardware and software) that are way older than that.

I have personally fixed a problem by having access to the source. Per system connection limits from a Samba box to another system (using CIFS/SMB ie for "drive mappings") were fixed to 256 by a constant in the code. I increased the value and re compiled. Problem fixed. That was with Samba 3 a long time ago but the point remains.

7
6

Oh honey! Oxfordshire abuzz with reports of a MEEELLION bees stolen

gerdesj
Silver badge

@Kugutsu

Agreed - that's a lot of colonies in one location. They may be breeding for sale or it could be insurance enhanced counting.

2
0

Intellisense was off and developer learned you can't code in Canadian

gerdesj
Silver badge

I had never realised (sic) that Canadians are illiterate(*) too... :-)

Canadians are likely to be keen on French style spellings, for some reason that escapes me. Anyway, colour etc were the original spellings across the board until the US decided they were un-American a few years back.

7
3

DropEverything! DropBox DropsDocs to DropStocks

gerdesj
Silver badge

Now I use spideroak. I pay 120$ a year for unlimited zero-knowledge encrypted storage. Currently using 9 TB. :)

I can't see that plan here: https://spideroak.com/one/ $279 for 5TB seems to be the top of the range. I do hope that zero knowledge is not simply a prescient comment on your future data availability.

Also, why is this needed for a zero knowledge data storage silo: https://spideroak.com/dmca-takedown-notice-submission/ ?

1
0

VMware sticks finger in Meltdown/Spectre dike for virtual appliances

gerdesj
Silver badge

Disable the shell for operators

I've just read the vCentre 6.5 mitigation doc. It is to disable the shell on all non root accounts and disable the shell. Seems obvious really when you think about it and not such a bad idea.

2
0

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

gerdesj
Silver badge

Re: Got my copy!

"Anon because of admitting that."

Bloody browsers and their convenient auto login features or is the post anon tick box broken?

9
0

MY GOD, IT'S FULL OF CARS: SpaceX parks a Tesla in orbit (just don't mention the barge)

gerdesj
Silver badge

Good skills.

4
0

Open source turns 20 years old, looks to attract normal people

gerdesj
Silver badge

Re: Open source is leading to single source

"Free BSD exists, and I think it is vastly superior to the GNU/Linux family of distributions. You may disagree, that's fine, the point is there is competition, and there is a choice."

I've never seen FreeBSD with a space in it. However, I'm a fan too via pfSense - I look after rather a lot of them. Thankfully my Linux accent when speaking to the shell doesn't get in the way too much.

Your point about competition and choice is, in my opinion, the most important thing.

WE HAVE CHOICE - USE IT.

10
1

Spectre shenanigans, Nork hackers upgrade, bad WD drives and more

gerdesj
Silver badge
Gimp

Black Dev Ops

Remember software development takes a while. If you are putting off patching Meltdown and Spectre because there are still no known nasties out there then you may be in for a nasty surprise soon enough.

As well as patching, why not use this a good time to check up on your backups, fix up the leaky firewall and push through a proper password policy. If you are particularly brave, why not see if you can scare the purse string holders into 2FA?

8
0

Maybe you should've stuck with NetWare: Hijackers can bypass Active Directory controls

gerdesj
Silver badge

Re: OS vs. Directory Service

dsrepair -ot -xk3

1
0

Intel alerted Chinese cloud giants 'before US govt' about CPU bugs

gerdesj
Silver badge

Re: Possible word to wise...

"Yes, but El Reg is only noted with faint praise."

To be honest, all articles I read related to this mentioned el Reg as source, faint or otherwise. I think you'll find that el Reg is known around the place.

It's a bloody red top, for goodness sake. Who wouldn't take them seriously? ... tut ...

3
0

Acronis: Ransomware protection! Get yer free ransomware protection!

gerdesj
Silver badge

Re: I've asked before, but:

@Dave This may or may not help:

Configure a share on your NAS for backups with a new account that only has access to that share. Remove all access to that share from all other accounts. Use a backup program that allows you to use separate credentials. The purpose of this is to avoid a ransomware nasty deleting your backups.

Yes your backup program will backup whatever you tell it to, so you need to monitor your filesystems. To mitigate this I use several approaches. A script goes off daily that looks for file changes, counts them and emails me the result - I look out for a large number of changes and odd file extensions appearing. The second mitigation is to use a grandfather/father/son backup regime - so 4 quarterly, 12 monthly, 4 weekly and then the dailys or whatever you have space for on your NAS. Really important files get a one way mirror to a remote location (NextCloud, which is also backed up) By one way mirror I mean that deletions are not sync'd. If a ransomware thing goes off, then the original un-encrypted files are still there but one day they may leave the filename intact, so that may not work. However, NextCloud does versioning so an overwrite, even with the same name will leave the previous version available.

10
0

STOP! It's dangerous to upgrade to VMware 6.5 alone. Read this

gerdesj
Silver badge

RTFM

If you have a large setup then RTFM first before doing a major job

https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-upgrade-guide.pdf page 43, Important. That took one simple search ("vmware 6.5 upgrade guide") and a skim read to find.

15
0

Samba 4.8 to squish scaling bug that Tridge himself coded in 2009

gerdesj
Silver badge

Re: Samba is still relevant?

"So.. SMB is dead... ditch it, kill it, burn it."

RLY? You are obviously not daft but your experience is a bit lacking. SMB is used to throw a lot of data around the place and it has changed somewhat between 2000 and 2018. When you enable signing and encryption you get security and authenticity. Your comment alludes to it but I would humbly suggest that "tools for the job" is a bit shorter.

One Drive for Bus.: I own my business (we are an MS reseller as well) and I'll keep my data in the UK, on my gear, with NextCloud.

File shares do not have logs but systems do. Mine end up in a bloody great ES cluster with Graylog on the front.

1
0

Death notice: Moore’s Law. 19 April 1965 – 2 January 2018

gerdesj
Silver badge

Re: You do know that Moore’s law says nothing about speed?

"From what I remember, many of those dimensions are a wee bit small."

Something like 7 x 10^34 linguine.

7
0

Unlocked: The hidden love note on the grave of America's first crypto power-couple

gerdesj
Silver badge

British Eizabethan

Britain wasn't available when Sir Francis Bacon was alive. He was an English Elizabethan or as we like to say: Elizabethan.

22
1

Home Office admits it sent asylum seeker’s personal info to the state he was fleeing

gerdesj
Silver badge
Joke

GDPR

When GDPR kicks in could they sue for 4% of UK GDP?

9
2

HMS Queen Elizabeth has sprung a leak and everyone's all a-tizzy

gerdesj
Silver badge

Re: Minor problem

This is the fault that is "leaked" to the press. We wont hear about the real snags that were found.

24
2

Japanese quadcopter makes overworked employees clock out

gerdesj
Silver badge

Re: I can save them $4,500 per month

It isn't rocket science. However I suspect that Japanese culture is a little different to ours (?)

Reading between the lines and some crazy 2+2 style reasoning leads me to conclude that someone is willing to blow $4,500 per month on an "innovative" solution to a non-problem (where I'm from - UK). However, I can imagine that I might come up with some pretty crazy sounding schemes if I had to attempt to break cultural norms. It would appear that in Japan that throwing technology - the brasher the better - is a good start to doing something pretty radical (breaking cultural norms). I've seen dafter from HR in the past 8)

This (Japan) is a land where it is apparently good form to fall asleep in a meeting, provided it is obvious that you have been burning the candle at both ends (for the firm). If that happens here, then the more humiliating the wake up, the better, is sometimes the rule. I'm not sure who is dafter ...

7
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018