* Posts by gerdesj

1215 posts • joined 15 Aug 2009

Page:

Protip: If you'd rather cyber-scoundrels didn't know the contents of your comp, don't apply for a Pakistani passport

gerdesj Silver badge
Childcatcher

Re: Not just that ...

(btw, when did the Anonymous option disappear ?)

Good question. I can't find it either ...

Microsoft changes DHCP to 'Dammit! Hacked! Compromised! Pwned!' Big bunch of security fixes land for Windows

gerdesj Silver badge
Gimp

Word

"These bugs are particularly impactful"

That word makes me want to go completely postal.

F5 Networks buys into open source, hands over $670m for Nginx! Double Nginx! Infinity Nginx!

gerdesj Silver badge

engine x or loadsamonnaaaay

Ubuntu 14.04 LTS media released with APT fix as end of support nears

gerdesj Silver badge
Gimp

Re: Problem with ESM

How on earth have you got yourself into this position?

Normally this sort of nonsense needs keywords like "ActiveX" or "Oracle Forms".

I say, that sucks! Crooks are harnessing hoovers to clean out parking meters in Chelsea

gerdesj Silver badge
Gimp

Re: Trickle down economy?

"So a hooker @ £4/hr"

Which century are you currently inhabiting?

BOFH: Bye desktop, bye desk. Hello 'slab and a beanbag on the floor

gerdesj Silver badge

In the UK, 'spoons is where you go for your brekkie beer.

It's now 2019, and your Windows DHCP server can be pwned by a packet, IE and Edge by a webpage, and so on

gerdesj Silver badge

Re: people use windows server's DHCP ?

Ubuntu offer this: https://www.ubuntu.com/livepatch basically your box patches itself and kernel patches are spliced in whilst still running. Free for three systems.

On any Linux distro, install "needrestart". That will tell you what needs a restart after patching and in most cases will even do it for you.

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

gerdesj Silver badge
Childcatcher

Re: Wasn't this handled last time?

Yes, I remember the panic - but it turned into a non-event.

That's because we adults patched things. I had quite a busy time before the millennium whilst you were deciding whether to shit in your nappy or not.

Jammy dodgers: Boffin warns of auto autos congesting cities to avoid parking fees

gerdesj Silver badge
Gimp

Re: Congestion is about work not transport

"Bristol"

Now that Ikea has a branch in Exeter, I no longer have any need of Bris'l 8)

It's Shodan embarrassing: Red-faced Rubrik blames public-facing DB on developer ballsup

gerdesj Silver badge
Gimp

Rubrik has fingered one of its developers

*snigger*

Are you a Windows 1 in 10 (1809)? Or a mighty 80 percenter (1803)?

gerdesj Silver badge
Paris Hilton

Re: Killed my internet

"only the VPN connection now works"

So what does your VPN work over: IPX over carrier pigeon?

Data hackers are like toilet ninjas. This is not a clean crime, you know

gerdesj Silver badge
Gimp

Re: Seen in the Postmen's Toilet (many years ago)

"Postmen's Toilet"

Now there's a phrase looking for something to eupheme about. Probably be next year's Viz Annual title.

The BMC in OpenBMC stands for 'Burglarize My Computer' – thanks to irritating security flaw

gerdesj Silver badge
Alien

Re: Silly burglarizers

Does a bugler buglarize a bugle in the US or simply play it?

gerdesj Silver badge
Paris Hilton

Re: Silly burglarizers

"but I do wish El Reg would stop borrowerizing those goofy Americanisms"

"By Shaun Nichols in San Francisco"

I note you called the Register El Reg ...

You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit

gerdesj Silver badge
Windows

Possible quick fix

"and enforcing SMB signing."

I haven't had time to get to the bottom of this snag yet but enabling SMB signing is a very quick, easy and low risk change. You probably have it enabled already if you're big enough to need an Exchange system cluttering up the place. Fire up gpmc.msc!

https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ - Mitigations. Several low cost options there that are a good idea anyway.

Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong

gerdesj Silver badge

Re: Dirty Scammers

My answer to "What version of windows are you running?" was "X".

The lighter side of HMRC: We want your money, but we also want to make you laugh

gerdesj Silver badge

Re: Not this year

"a/c - OBVIOUSLY!"

Really, Mr Spartacus?

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?

gerdesj Silver badge
Gimp

All the King's horses ...

"The miscreants called AT&T, and claimed to be Terpin with a new phone."

... and that is where it all unwound rather nastily. Security isn't easy.

Veeam. Veeam. Veeeeeeeam. What was that? Oh, just the sound of half a billion bucks hitting backup biz's bucket

gerdesj Silver badge
Megaphone

"Veeam is awesome"

I'll generally second you there on that although some more esoteric arrangements can leave you tearing your hair out.

The product is great and the support is among the best in the business. Gostev is a bit of a hero!

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean

gerdesj Silver badge
Paris Hilton

Re: Jet

"sharing a database engine is why Small Business Server died"

I do not think that is the reason that it died - there are far better reasons. Customers bought it once and then stuck with it for many years without upgrading (often out of fear) - not enough built in obsolescence. It was too hard to upgrade from. I recently did one and getting to Exch 2016 from 2007 involved an intermediate migration to 2010 and the full horror of each step. Took ages.

If I could turn back time, I'd tell you to keep that old Radarange at home

gerdesj Silver badge
Windows

Re: Pesky microwaves

I deployed a chain saw to fix my home Free Sat reception. The prevailing wind eventually managed to push a bit of a fir tree in the way. It was felled at 2230ish and slightly annoyed my neighbours (I couldn't hear much through my ear defenders and was only mildly inconvenienced.)

Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'

gerdesj Silver badge
Windows

War? Nope

Bad move. Mondelez is probably going to have to prove that the US is actually at war with whomever delivered NotPetya (NP). NP might well have been developed for the Russian state or not (who cares - its still nasty) but that does not constitute war.

The US and Russia are not at war: there is no merit in trying to claim otherwise. It might be considered inflammatory and perhaps reckless to imply a state of war might exist.

NHS England claims it will be all-digital within the decade

gerdesj Silver badge

Re: Any recommendations for managing both? ^_^

"Conversely do not use a defibrillator on a pc."

I once used a PC as a defib (well I passed the mains across my heart via both arms), luckily I was in my early 20s at the time and was able to shake it off. On the other hand I was in my early 20s and stupid enough to not treat electricity with due respect.

My 2019 resolution? Not to buy any of THIS rubbish

gerdesj Silver badge

Re: You missed one...

These will be buried in the silt underneath: https://en.wikipedia.org/wiki/Sinclair_C5

Encryption? This time it'll be usable, Thunderbird promises

gerdesj Silver badge
Linux

Re: That's nice dear ...

"The lack of anything in LinuxLand to even approach Outlook"

Evolution EWS has been around for a very long time and is displaying my Exchange mailboxes right now.

Scumbag hackers lift $1m from children's charity

gerdesj Silver badge
Thumb Up

Asswipes and arseholes

Good multi lingual skills there that journo. I'm pretty sure that you have covered the entire gamut of en_* unfavourable descriptions of miscreants.

The fastest, most secure browser? Microsoft Edge apparently

gerdesj Silver badge
Windows

Re: Shock: certificate cartel doesn't like Let's Encrypt

"But years of high prices and synthetic restrictions (one certificate per ip address) didn't stop the fraudsters or, worse, traffic hijacking."

High prices - check. One cert per IP? Traffic hijacking?

UK spam-texting tax consultancy slapped with £200k fine

gerdesj Silver badge
Childcatcher

Re: Next time

https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/

Max fine = £500,000 but there is: "They include criminal prosecution, non-criminal enforcement and audit."

The eulogising of The Mother Of All Demos at 50 is Silicon Valley going goo-goo for gurus again

gerdesj Silver badge

Do you really want to notify everyone linking to your blog whenever you shuffle some text around?

Never mind a blog, imagine what a link to FB would do to your sanity.

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

gerdesj Silver badge
Windows

Re: I need some help with Latin here

"I'm guessing we'll need "who monitors the monitors" in Latin now to make it sound impressive in reports, it's no longer about the watchers."

What you asked for is "quis custodiet ipsos custodes" what you will get in return from Equifax is "futue te ipsum et caballum tuum".

For fax sake: NHS to be banned from buying archaic copy-flingers

gerdesj Silver badge
Gimp

Re: There were tantrums when the Trust I worked for switched off their fax machines.

There were half hearted tantrums when the IT company I part own *cough* lost its fax machine when we moved. It slipped and fell into the skip. Then I had to throw a chair onto it to make sure it broke properly.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

gerdesj Silver badge
FAIL

Pffft

32M customers in a country with a total population of 66M. I hope the PM is requesting a report on what happened, that thing counts as national infrastructure.

AWS has a security hub, OpenSSL has a new license, London has a problem with cryptocoins, and more

gerdesj Silver badge
Linux

Re: Linux gets its own nasty Bitcoin malware

"How exactly does the Linux malware get onto the Linux system in the first place, without the user downloading and running the malware and providing the root password?"

Sadly many installers these days consist of something like this:

# curl https://bit.ly/script.sh | /bin/bash

Not everyone downloads the script first and analyses it before running it. To be fair it is no more dangerous than installing *anything* off say Tucows on a Windows box.

Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs

gerdesj Silver badge
Childcatcher

Top stuff

This is a proper nerdy article which has slithered onto el Reg. Me: I absolutely love it. You can try and use terms like "Linux supremo" to try and sound a little bit user friendly but in the end this is a complex subject that will have many readers glazing over before line three. STIBP THBIS NONBSEPNSE is close to genius (OK: I spat wine on my screen!) Well researched and documented article - thanks.

Now as to the meat: Spectre and Meltdown have yet to really *be* compromises as far as most of us civilians are concerned. We don't yet hear of any S&M compromises but they surely exist and will be deployed by the clever mob. The not so clever mob (the usual non govt haaxxor nob ends) will eventually come up with something and become a pain.

Keep patching, kids.

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

gerdesj Silver badge
Childcatcher

Re: Own VPN?

"Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it."

For starters you may already have a router capable of being a VPN concentrator already. If not then DD-WRT, Tomato, pfSense, Netgear, Draytek and many others can. You do not need a static IP either - there are loads of dynamic DNS operators available. Most routers will have a built in client for DDNS as well.

So, no: don't think you should rent a machine in the cloud unless you know what you are doing. Subscribe to /r/homenetworking on Reddit or the pfSense forums or whatever and find out how to get your home network in shape first. The only reason I can think of to not host your own VPN at home is if your ISP blocks all inbound access.

gerdesj Silver badge
Childcatcher

Re: run your own? really?

"After all, most people in the UK who want to look like they're connecting from the US"

Why on earth would I want to appear to be from the US? My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd.

My OpenVPN relies on *my* CA trust working and if it refuses to connect then I reach for Wireshark to find out why not. If the "free" wifi is being naughty and doling out certs and intercepting TLS it soon becomes obvious.

If at first or second you don't succeed, you may be Microsoft: Hold off installing re-released Windows Oct Update

gerdesj Silver badge
Linux

Re: X marks the spot

"It's not a new thing in 1809 either..."

It's 2018 here. You stick to your steam punk OS and I'll get some work done.

Facebook's CEO on his latest almighty Zuck-up: OK, we did try to smear critics, but I was too out-of-the-loop to know

gerdesj Silver badge
Windows

Magic

"And magical super mysterious unknown AI will switch the curve to this"

Bollocks.

Samsung unveils next-generation 8nm Exynos silicon

gerdesj Silver badge
Thumb Up

It's pop-AI but tailored, fans

Genius

Windows XP? Pfff! Parts of the Royal Navy are running Win ME

gerdesj Silver badge

"Now excuse me while I go and reboot my IOT immersion heater controller with which I replaced the old electrical timer switch that worked perfectly. I'm not joking either, I'm a moron. It must have been a pissed Amazon purchase but I can't remember."

What?? You haven't wired up an ESP8266 based thingie to it for that very purpose. Obvs, you'll need another one to restart the first and then its ESP8266s all the way down ...

We are all morons. You should see what I've done to my U/F heating. I nearly cooked the dog.

Windows 10 Pro goes Home as Microsoft fires up downgrade server

gerdesj Silver badge
Linux

Re: Just install Linux (joking aside)

"The two features I buy Windows Pro for are the ability to join a domain, and RDP"

Well then we have you covered: Join the domain with winbind (Samba) and use xfreerdp - many GUIs available. I have Kerberized everything on this laptop I am using right now. I get my files by accessing folders in my home dir that magically mount shares via autofs. Libre Office for office stuff. email from Exchange through Evolution. Printing via CUPs. Teamviewer works for providing remote support. KeePass native for password management.

This one weird trick turns your Google Home Hub into a doorstop

gerdesj Silver badge

Re: So the HomeHub has an undocumented API backdoor

Quite right and go a bit further. Engineers should design against failure and not consider it a bit of a downside.

I am still putting together my IoT stuff at home and one of my requirements is that everything fails safe and has a manual control. So, for example, my home's underfloor heating is controllable via Home Assistant and via the thingies on the wall.

McAfee says cloud security not as bad as we feared… it's much worse

gerdesj Silver badge

Define average

According to McAfee, the average business uses around 1,900 cloud instances, but most of the companies they surveyed only thought they used around 30.

Define average. I suspect that the word instance here is suffering from a severe case of mission creep to assist headline generation. If nothing else I bet that the thing that instance refers to in "1900 cloud instances" is not the same thing as the 30 instances that the companies know about.

Yale Security Fail: 'Unexpected load' caused systems to crash, whacked our Smart Living Home app

gerdesj Silver badge
Gimp

Re: Let this be a lesson

"for anyone even daring to think about using IoT for this sort of thing."

Depends on how you do your IoT. I am spending months deploying IoT at home, each step building on the last and tested. My "hub" is Home Assistant running on a Lenovo Thinkcentre (which is properly designed to live in harsh environments). It is backed up and is on a UPS and ethernet connected. I also have a standby VM, just in case. https with a Lets Encrypt cert. and HA Proxy on the front (pfSense router). I have multiple VLANs, host firewalls deployed etc. I maintain my home network to as near to PCI DSS as is possible (yes, really! I'm CREST accredited and do ISO 9001 and 27001 at work) One other design requirement is that everything fails safe and/or has a manual control where applicable.

This lot has to be signed off by wifey ...

Love Microsoft Teams? Love Linux? Then you won't love this

gerdesj Silver badge
Linux

Re: "Vanishingly Small"

"OK, there was lock-in on the desktop things like Outlook,"

Evolution EWS gives you a full Exchange mailbox experience including calendaring. Get Kerberos working (winbind from Samba) and it is truly SSO as well.

Fed up with cloud giants ripping off its database, MongoDB forks new 'open-source license'

gerdesj Silver badge

Some do give back

... just not in the way you'd like.

Yandex sponsors the Clickhouse database system which is quite a beast and open source. https://clickhouse.yandex/

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

gerdesj Silver badge

Yay, more updates

apt, yum, pacman, emerge, dnf: One of these is sometimes slower than Windows Update.

On the seventh anniversary of Steve Jobs' death, we give you 7 times he served humanity and acted as an example to others

gerdesj Silver badge

Poe's Law?

Poe's law? fuck that. The lesson is way older than "that Poe's law is an adage of Internet culture" (wikipedia etc)

@AC and co: This article is anchored on "as ye sow, so ye shall reap".

Fat chance: Cholesterol leads boffins to discover world's oldest animal fossil – 558m years old

gerdesj Silver badge

Re: So what does Cholesterol do in the body that's so important the genes are unchanged in

1/2 a trillion years?

I think you'll find that is 1/2 a treellion years (and could probably do with a few more eeeees). It is a staggeringly long time ago. In the age quoted (558 million years) even the least significant bit is rather a long time: eight million years. Start breaking down the timescales into bits and it all gets a bit overwhelming.

Adobe forks out $4.75bn for Marketo in massive marketing mashup move

gerdesj Silver badge

Five beelion USD

Is it really worth it? You decide

Page:

Biting the hand that feeds IT © 1998–2019