* Posts by gerdesj

1199 posts • joined 15 Aug 2009


The lighter side of HMRC: We want your money, but we also want to make you laugh

gerdesj Silver badge

Re: Not this year

"a/c - OBVIOUSLY!"

Really, Mr Spartacus?

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?

gerdesj Silver badge

All the King's horses ...

"The miscreants called AT&T, and claimed to be Terpin with a new phone."

... and that is where it all unwound rather nastily. Security isn't easy.

Veeam. Veeam. Veeeeeeeam. What was that? Oh, just the sound of half a billion bucks hitting backup biz's bucket

gerdesj Silver badge

"Veeam is awesome"

I'll generally second you there on that although some more esoteric arrangements can leave you tearing your hair out.

The product is great and the support is among the best in the business. Gostev is a bit of a hero!

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean

gerdesj Silver badge
Paris Hilton

Re: Jet

"sharing a database engine is why Small Business Server died"

I do not think that is the reason that it died - there are far better reasons. Customers bought it once and then stuck with it for many years without upgrading (often out of fear) - not enough built in obsolescence. It was too hard to upgrade from. I recently did one and getting to Exch 2016 from 2007 involved an intermediate migration to 2010 and the full horror of each step. Took ages.

If I could turn back time, I'd tell you to keep that old Radarange at home

gerdesj Silver badge

Re: Pesky microwaves

I deployed a chain saw to fix my home Free Sat reception. The prevailing wind eventually managed to push a bit of a fir tree in the way. It was felled at 2230ish and slightly annoyed my neighbours (I couldn't hear much through my ear defenders and was only mildly inconvenienced.)

Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'

gerdesj Silver badge

War? Nope

Bad move. Mondelez is probably going to have to prove that the US is actually at war with whomever delivered NotPetya (NP). NP might well have been developed for the Russian state or not (who cares - its still nasty) but that does not constitute war.

The US and Russia are not at war: there is no merit in trying to claim otherwise. It might be considered inflammatory and perhaps reckless to imply a state of war might exist.

NHS England claims it will be all-digital within the decade

gerdesj Silver badge

Re: Any recommendations for managing both? ^_^

"Conversely do not use a defibrillator on a pc."

I once used a PC as a defib (well I passed the mains across my heart via both arms), luckily I was in my early 20s at the time and was able to shake it off. On the other hand I was in my early 20s and stupid enough to not treat electricity with due respect.

My 2019 resolution? Not to buy any of THIS rubbish

gerdesj Silver badge

Re: You missed one...

These will be buried in the silt underneath: https://en.wikipedia.org/wiki/Sinclair_C5

Encryption? This time it'll be usable, Thunderbird promises

gerdesj Silver badge

Re: That's nice dear ...

"The lack of anything in LinuxLand to even approach Outlook"

Evolution EWS has been around for a very long time and is displaying my Exchange mailboxes right now.

Scumbag hackers lift $1m from children's charity

gerdesj Silver badge
Thumb Up

Asswipes and arseholes

Good multi lingual skills there that journo. I'm pretty sure that you have covered the entire gamut of en_* unfavourable descriptions of miscreants.

The fastest, most secure browser? Microsoft Edge apparently

gerdesj Silver badge

Re: Shock: certificate cartel doesn't like Let's Encrypt

"But years of high prices and synthetic restrictions (one certificate per ip address) didn't stop the fraudsters or, worse, traffic hijacking."

High prices - check. One cert per IP? Traffic hijacking?

UK spam-texting tax consultancy slapped with £200k fine

gerdesj Silver badge

Re: Next time


Max fine = £500,000 but there is: "They include criminal prosecution, non-criminal enforcement and audit."

The eulogising of The Mother Of All Demos at 50 is Silicon Valley going goo-goo for gurus again

gerdesj Silver badge

Do you really want to notify everyone linking to your blog whenever you shuffle some text around?

Never mind a blog, imagine what a link to FB would do to your sanity.

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

gerdesj Silver badge

Re: I need some help with Latin here

"I'm guessing we'll need "who monitors the monitors" in Latin now to make it sound impressive in reports, it's no longer about the watchers."

What you asked for is "quis custodiet ipsos custodes" what you will get in return from Equifax is "futue te ipsum et caballum tuum".

For fax sake: NHS to be banned from buying archaic copy-flingers

gerdesj Silver badge

Re: There were tantrums when the Trust I worked for switched off their fax machines.

There were half hearted tantrums when the IT company I part own *cough* lost its fax machine when we moved. It slipped and fell into the skip. Then I had to throw a chair onto it to make sure it broke properly.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

gerdesj Silver badge


32M customers in a country with a total population of 66M. I hope the PM is requesting a report on what happened, that thing counts as national infrastructure.

AWS has a security hub, OpenSSL has a new license, London has a problem with cryptocoins, and more

gerdesj Silver badge

Re: Linux gets its own nasty Bitcoin malware

"How exactly does the Linux malware get onto the Linux system in the first place, without the user downloading and running the malware and providing the root password?"

Sadly many installers these days consist of something like this:

# curl https://bit.ly/script.sh | /bin/bash

Not everyone downloads the script first and analyses it before running it. To be fair it is no more dangerous than installing *anything* off say Tucows on a Windows box.

Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs

gerdesj Silver badge

Top stuff

This is a proper nerdy article which has slithered onto el Reg. Me: I absolutely love it. You can try and use terms like "Linux supremo" to try and sound a little bit user friendly but in the end this is a complex subject that will have many readers glazing over before line three. STIBP THBIS NONBSEPNSE is close to genius (OK: I spat wine on my screen!) Well researched and documented article - thanks.

Now as to the meat: Spectre and Meltdown have yet to really *be* compromises as far as most of us civilians are concerned. We don't yet hear of any S&M compromises but they surely exist and will be deployed by the clever mob. The not so clever mob (the usual non govt haaxxor nob ends) will eventually come up with something and become a pain.

Keep patching, kids.

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

gerdesj Silver badge

Re: Own VPN?

"Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it."

For starters you may already have a router capable of being a VPN concentrator already. If not then DD-WRT, Tomato, pfSense, Netgear, Draytek and many others can. You do not need a static IP either - there are loads of dynamic DNS operators available. Most routers will have a built in client for DDNS as well.

So, no: don't think you should rent a machine in the cloud unless you know what you are doing. Subscribe to /r/homenetworking on Reddit or the pfSense forums or whatever and find out how to get your home network in shape first. The only reason I can think of to not host your own VPN at home is if your ISP blocks all inbound access.

gerdesj Silver badge

Re: run your own? really?

"After all, most people in the UK who want to look like they're connecting from the US"

Why on earth would I want to appear to be from the US? My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd.

My OpenVPN relies on *my* CA trust working and if it refuses to connect then I reach for Wireshark to find out why not. If the "free" wifi is being naughty and doling out certs and intercepting TLS it soon becomes obvious.

If at first or second you don't succeed, you may be Microsoft: Hold off installing re-released Windows Oct Update

gerdesj Silver badge

Re: X marks the spot

"It's not a new thing in 1809 either..."

It's 2018 here. You stick to your steam punk OS and I'll get some work done.

Facebook's CEO on his latest almighty Zuck-up: OK, we did try to smear critics, but I was too out-of-the-loop to know

gerdesj Silver badge


"And magical super mysterious unknown AI will switch the curve to this"


Samsung unveils next-generation 8nm Exynos silicon

gerdesj Silver badge
Thumb Up

It's pop-AI but tailored, fans


Windows XP? Pfff! Parts of the Royal Navy are running Win ME

gerdesj Silver badge

"Now excuse me while I go and reboot my IOT immersion heater controller with which I replaced the old electrical timer switch that worked perfectly. I'm not joking either, I'm a moron. It must have been a pissed Amazon purchase but I can't remember."

What?? You haven't wired up an ESP8266 based thingie to it for that very purpose. Obvs, you'll need another one to restart the first and then its ESP8266s all the way down ...

We are all morons. You should see what I've done to my U/F heating. I nearly cooked the dog.

Windows 10 Pro goes Home as Microsoft fires up downgrade server

gerdesj Silver badge

Re: Just install Linux (joking aside)

"The two features I buy Windows Pro for are the ability to join a domain, and RDP"

Well then we have you covered: Join the domain with winbind (Samba) and use xfreerdp - many GUIs available. I have Kerberized everything on this laptop I am using right now. I get my files by accessing folders in my home dir that magically mount shares via autofs. Libre Office for office stuff. email from Exchange through Evolution. Printing via CUPs. Teamviewer works for providing remote support. KeePass native for password management.

This one weird trick turns your Google Home Hub into a doorstop

gerdesj Silver badge

Re: So the HomeHub has an undocumented API backdoor

Quite right and go a bit further. Engineers should design against failure and not consider it a bit of a downside.

I am still putting together my IoT stuff at home and one of my requirements is that everything fails safe and has a manual control. So, for example, my home's underfloor heating is controllable via Home Assistant and via the thingies on the wall.

McAfee says cloud security not as bad as we feared… it's much worse

gerdesj Silver badge

Define average

According to McAfee, the average business uses around 1,900 cloud instances, but most of the companies they surveyed only thought they used around 30.

Define average. I suspect that the word instance here is suffering from a severe case of mission creep to assist headline generation. If nothing else I bet that the thing that instance refers to in "1900 cloud instances" is not the same thing as the 30 instances that the companies know about.

Yale Security Fail: 'Unexpected load' caused systems to crash, whacked our Smart Living Home app

gerdesj Silver badge

Re: Let this be a lesson

"for anyone even daring to think about using IoT for this sort of thing."

Depends on how you do your IoT. I am spending months deploying IoT at home, each step building on the last and tested. My "hub" is Home Assistant running on a Lenovo Thinkcentre (which is properly designed to live in harsh environments). It is backed up and is on a UPS and ethernet connected. I also have a standby VM, just in case. https with a Lets Encrypt cert. and HA Proxy on the front (pfSense router). I have multiple VLANs, host firewalls deployed etc. I maintain my home network to as near to PCI DSS as is possible (yes, really! I'm CREST accredited and do ISO 9001 and 27001 at work) One other design requirement is that everything fails safe and/or has a manual control where applicable.

This lot has to be signed off by wifey ...

Love Microsoft Teams? Love Linux? Then you won't love this

gerdesj Silver badge

Re: "Vanishingly Small"

"OK, there was lock-in on the desktop things like Outlook,"

Evolution EWS gives you a full Exchange mailbox experience including calendaring. Get Kerberos working (winbind from Samba) and it is truly SSO as well.

Fed up with cloud giants ripping off its database, MongoDB forks new 'open-source license'

gerdesj Silver badge

Some do give back

... just not in the way you'd like.

Yandex sponsors the Clickhouse database system which is quite a beast and open source. https://clickhouse.yandex/

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

gerdesj Silver badge

Yay, more updates

apt, yum, pacman, emerge, dnf: One of these is sometimes slower than Windows Update.

On the seventh anniversary of Steve Jobs' death, we give you 7 times he served humanity and acted as an example to others

gerdesj Silver badge

Poe's Law?

Poe's law? fuck that. The lesson is way older than "that Poe's law is an adage of Internet culture" (wikipedia etc)

@AC and co: This article is anchored on "as ye sow, so ye shall reap".

Fat chance: Cholesterol leads boffins to discover world's oldest animal fossil – 558m years old

gerdesj Silver badge

Re: So what does Cholesterol do in the body that's so important the genes are unchanged in

1/2 a trillion years?

I think you'll find that is 1/2 a treellion years (and could probably do with a few more eeeees). It is a staggeringly long time ago. In the age quoted (558 million years) even the least significant bit is rather a long time: eight million years. Start breaking down the timescales into bits and it all gets a bit overwhelming.

Adobe forks out $4.75bn for Marketo in massive marketing mashup move

gerdesj Silver badge

Five beelion USD

Is it really worth it? You decide

iFixit engineers have an L of a time pulling apart Apple's iPhone XS

gerdesj Silver badge


That's not just a spudger, that's a Halberd Spudger.

Click your heels, um, mouse thrice and you've quickly got Ubuntu on Hyper-V in Win 10 Pro

gerdesj Silver badge

Re: Solution?

"I recently acquired a sexy new Dell laptop."

Me too. I got Arch on it without even having to accept any unwanted license agreements. Being able to update the BIOS from the EFI partition is a welcome change to the contortions Linux users have often suffered in the past (eg convert swap partition to a fat32 f/s so that FreeDOS can run a DOS only updater)

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

gerdesj Silver badge

Re: Another WD nightmare

You might consider NextCloud. Mine is open to the world but securing IT stuff is my day job. If you are not sure then start with getting a VPN running for remote access to home. OpenVPN listening on 443/tcp looks very like a https website which can work nicely on many sites and you can even drill it through many web proxies if needed.

Raspberry Pi supremo Eben Upton talks to The Reg about Pi PoE woes

gerdesj Silver badge

Another option (USB over PoE)

Note that you can get devices that turn a PoE into a powered USB connector. The one I got off Amazon didn't want to allow the ethernet to get through so I ended up using the wifi.

Don't let Google dox me on Lumen Database, nameless man begs

gerdesj Silver badge

Re: Is ABC...?

Angry of Andover (Billious of Birmingham and errrr Cold of Stream)

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

gerdesj Silver badge

Re: Who uses McAfee ?

You are probably unaware of their ePO product and the other big outfit stuff they do. McAfee has a rather better name in corp circles than you might think. To be honest, their enterprise stuff is massive and sometime quite bewildering (I've been "doing it" for about 10 years now). I run Arch on this laptop and my office workstation and can install Gentoo without bothering to refer to a manual but sometimes an ePO can stump me for a while but not for lack of functionality 8)

Somerset boozer prepares to declare its inn-dependence from UK

gerdesj Silver badge


Well, Lydford is just up the road from here (Yeovil).

Might have to pop inn.

Everyone screams patch ASAP – but it takes most organizations a month to update their networks

gerdesj Silver badge

Patchy McPatchface

I am a dyed in the wool sysadmin that owns my own company (MD). I only have around 10 Windows and 20 odd Linux servers to worry about on a VMware cluster with a slack handful of SANs, switches etc and pfSense routers.

I can't manage to patch that lot to Cyber Essentials standard all the time because CE mandates patches applied within two weeks of release. That's a laudable aim and one to work towards but the real world has a nasty habit of intruding.

For example, recently (last two months) Mr MS unfortunately released a right old bugger's muddle of updates that broke Exchange a bit (ooh me Transport Service has died) and broke older and weirder SharePoints, and screwed Azure Sync (and the rest). I have also had RDP die on 2008R2 servers until I fix certificate perms and even which one to use. I really picked the wrong time to start restricting schannel stuff and enable other MS patches via registry keys.

I *am* the pointy haired boss and have absolute power (until my office manager kicks me into touch) and know what I am doing. I'm CREST accredited and can throw together a Gentoo box without bothering with docs. There are not enough hours in the day to patch things anymore.

I have a few customers to worry about and a few PCs as well

Your Phone prematurely ejected, Skype texting on the way, and 900 more years of Windows

gerdesj Silver badge

Re: 2919

To be honest it depends on how the 2032 thing pans out.

For me 1999 was the first year of the Linux desktop. OK, year of the Linux console - it took me a while to configure XFree86 and work out how to get a window manager together. God it looked crap compared to what I'm typing this on: sysadmins should not have to work with typeface choices and anti aliasing was not exactly a thing.

Now you can tell someone to literally go f--k themselves over the internet: Remote-control mock-cock patent dies

gerdesj Silver badge

Unencumbered by patents

https://buttplug.io - probably the best URL in the world.

It is probably NSFW but it is also a genuine open source project with a particular focus. The TLD choice is pure genius

Microsoft Teams goes free, as free as the wind blows... up to a point

gerdesj Silver badge

My count is less than that and I follow Hacker News FFS!

I see they have Papr but not Plopr or Wnkr

Fresh cup of WTF with lunch? TeamViewer's big in Twitter's domination-as-a-service scene

gerdesj Silver badge

Go on, you know you want to: https://twitter.com/search?q=%23teamviewer&src=typd

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

gerdesj Silver badge

Re: And people still use XP

Get a grip. My firm tends to a Win 98 (*) machine for someone. You'd be surprised what runs the machinery in manufacturing ...

(*) It breaks if you put a default gateway on it. NetBEUI becomes NetBIOS and that's too modern. Hilarious

At last – a use for AI! Predicting an England World Cup victory

gerdesj Silver badge


"Brazil are still favourites with a 29.9 per cent likelihood of taking home the spoils."

Not any more they aren't.

While you were basking in the sun, the relentless march of the Windows-maker continued

gerdesj Silver badge

Re: bugger the mouse

If having your ball and rollers removed and replaced with a red light and sensor wasn't bad enough, you want to do that to the poor thing.

For shame Sir, for shame.

Not OK Google: Massive outage turns smart home kit utterly dumb

gerdesj Silver badge


Look, if you are going to do IoT you need: A network technician, a sysadmin, multiple sites, the mind set of a proper engineer and a lot of time to experiment and test. You'll need a safety first mentality and a few other skills.

I have most of the above, including a lot of tape. I am starting with ESP8266s and simple circuits, Mosquitto and Home Assistant. My VMs live on a proper SAN and VMware cluster. I start with multiple segregated VLANs and firewalls (including hosts). All comms including MQTT are TLS 1.2 or similar. Web apps live behind HA Proxy etc etc. If anything fails, it is designed to fail to manual operation rather than fucked.

Oh and the wife is the customer.


Biting the hand that feeds IT © 1998–2019