* Posts by jtaylor

104 posts • joined 12 May 2010


Microsoft changes DHCP to 'Dammit! Hacked! Compromised! Pwned!' Big bunch of security fixes land for Windows


Re: Disable TFTP services

VoIP phones

Silent Merc, holy e-car... Mflllwhmmmp! What is that terrible sound?


"For those with functioning vision there's little difference except 'signature lights' . For those without, the tyre and wind sounds are still notable at any speed of consequence (20 mph upwards)."

I have a few blind friends. Vehicle sounds are how they identify if it's safe to cross a street or a driveway or walk through a parking lot. It's how they know when the light changes, and when to prompt their guide dog to attempt to cross. Drivers don't expect that pedestrians might have low vision, so the burden is really all on the pedestrian. And yes, drivers do run over white canes in their haste to cut off a pedestrian in the crosswalk.

As for "speed of consequence" I'll ask around what people consider consequential as they're run over. Maybe blind people are trained to withstand impacts up to 20 mph.

Sniff the love: Subaru's SUVs overwhelmed by scent of hair shampoo, recalls 2.2 million cars


Re: pedal area

My clutch pedal started squeaking and groaning. I cured that with a few shots of silicone grease where the pedal arm rotates against the bracket. (Silicone grease won't destroy the hydraulic seal that's exposed a few inches behind this.)

I'm not the first person to do this.

I really hope I didn't create electrical problems under the dashboard.

Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that


In a similar vein, I once bought tires, and double-checked my receipt while walking over to my car. They had charged me the extra warranty which I had carefully refused multiple times.

I returned and the salesman was busy and asked me to wait in the rather long line.

I parked my car across both of their bays, walked back inside, and told the salesman I was in no hurry and would wait for the manager. I sat down with some brochures.

The store manager was very helpful, promptly fixed the charge, and apologized for the trouble.

Sometimes it helps to establish a mutual interest in solving the problem. Sales is one way to do that.

Amid polar vortex... Honeywell gets frosty reception after remote smart thermostat tech freezes up for a week


Re: IOT=Crap

I have no use for this stuff either, but some people do.

A blind friend manages home lighting through IoT. Lamps are plugged into smart plugs. "Alexa, turn off kitchen light."

Before this, the lights would be turned on for (or by) visitors and forgotten.

If I were caring for a frail relative, I'd love a smart thermostat, even knowing the risks. And if that service suddenly failed, it would be more than a minor inconvenience.

Boeing 737 pilots battled confused safety system that plunged aircraft to their deaths – black box


Re: If a plane can do this, what happens to cars?

It already did.

A few years ago, Toyota made the news after several of their vehicles crashed at high speed. In one horrifying case, a passenger called 911 for advice as the car accelerated out of control.

The proximal cause was stuck throttles.

This failure mode is easily managed by shifting into neutral to disengage the engine. Some drivers did this, some did not. Some of my friends were terrified this might happen to them. They simply had never been told how to deal with such a situation and did not have the systems knowledge to figure it out themselves.

Operators must be trained and skilled to manage the systems they are responsible for.

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad


Re: Lesson 1, use an add blocker.

Excellent idea. ADD is tough when a page has animated advertisements.

How do you like them Apples? Farewell sensible sized phones, forever


Re: Non smart phone

Local mobile phone store has a few phones for Old People. Tactile buttons, not very complicated, displays that can be set to LARGE FONT. When the salesperson tries to sell me the latest bling, I ask to see what they have for OAPs.

I just don't know what the sync options are.

WDC's My Cloud Home Duo is a natty piece of kit but beware iContent


Power control

I've had RAID appliances and home servers for years that are 'always on'...until the electricity goes out. The UPS gives me about 20 minutes to shut things down nicely.

Unless Western Digital have a UPS monitor for this box, or designed it to prevent data loss (internal battery for the RAM, caps or battery to gracefully shut down the drives), it needs a power switch that can be found and used by someone in underpants stumbling in dim light, and which doesn't require WiFi to operate.

This new My Cloud looks like a step up from their previous offerings. iSyncing aside, I'm impressed.

Want to keep in contact with friends and family without having to sell your personal data?


Re: Target demographic?

"a fraction of the hardware/software specs and versatility."

I think that's actually the point. It's not the whole Internet on a steno pad, it's a television videophone. Different demographic.

Despite all the fluff about "haptic feedback" in games, haptic design is really a thing. Knobs and buttons and switches are legit.

I already know a few people who could use this, once it's ready for release.

Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America


Re: Business as usual in the Land of the Free...

"As long you're a CORPORATION."

You have that backwards, or replied to the wrong story.

This act is "To prohibit the use of certain clauses in form contracts that restrict the ability of a consumer to communicate regarding the goods or services offered in interstate commerce that were the subject of the contract, and for other purposes."

Oracle to shutter most Euro hardware support teams


Re: Offshore support

When I've worked with people in other regions, the cultural (and infrastructure) differences can be just as bad as language.

Hell, even west-coast US versus east-coast US can inspire self-harm.

Sysadmins told to update their software or risk killing the internet


Re: I feel the need to raise a change request

BAHAHAHA. Brilliant!

DNS is such a live wire that I once submitted a change request where the risk was "all zones are corrupted, Company services go offline, customers fail to make payroll, and Company never recovers."


Re: What?

"That's some exageration right there. DNS is not required for the internet to work. Sure stuff will break because of its reliance on DNS, but the whole of the internet? seriously? it will just cut you off? lol"

You'd be surprised* how few Internet services use hardcoded IP addresses. How load balancers rely on DNS. And web sites and email. And database connectors, monitoring, backups, host administration, logging, IDP, and cloud...everything. Yes, the Internet relies on DNS resolution.

*not many would be surprised, but clearly you would be.

Hotspot Shield VPN throws your privacy in the fire, injects ads, JS into browsers – claim


Re: The simplest approach is ..

I'm not surprised either. Google provides email hosting to many businesses.

How can you kill that which will not die? Windows XP is back (sorta... OK, not really)


Splendid! Thanks G2.


Re: april 2019 and the pink elephant in the room that nobody wants to talk about.

It sounds like your company lacks a desktop roadmap and that management doesn't consider desktop support to be a priority.

I understand why you would want to outsource those decisions. Maybe there's a less drastic way to do so.

Edit to add: Assets depreciate on a schedule. When the value of an asset reaches zero, it is written off (it may still be used, but it has no book value). If those Windows XP licenses aren't fully depreciated by now, I wonder about the accounting practices.

systemd'oh! DNS lib underscore bug bites everyone's favorite init tool, blanks Netflix


As mentioned above, why the HELL is systemd resolving names?

I'm no fan of systemd anyway; I'm okay with either BSD or SysV init, liked chkconfig in IRIX, and enjoy SMF in Solaris, it's just that systemd's reach exceeds its grasp.

Shades of Domain/OS where every function was a system call, and...edrgy. UNIX doesn't have to be so monolithic and brittle.

But how does our ransomware make you feel?


Re: This isn't RESEARCH its validating known work.

"This isn't exactly new and cutting edge research items. Not only has this been studied and documented by various red teams, they've done a much better job of research without a PhD on the team."

Fascinating. Citations please.

John McAfee plans to destroy Google. Details? Ummm...


Re: All the usefulness of a Google search

Someone call Scott Yanoff!

Ah, the good old days.

Jesus walks away after 7,000lb pipe van incident


It wasn't just Jesus

Article picture shows "big popes." Maybe this was a team effort!

MH370 researchers refine their prediction of the place nobody looked


Re: What can be learned of the crash at this late stage?

Indeed, there won't be as much evidence after so much time and seas.

The "black boxes" (you're right; they're orange) are sealed, durable, and located in the tail of the aircraft to best survive a crash. They're likely intact, and they won't degrade much in seawater. What has failed, though, are the locator beacons. It will be a real pill to find those black boxes now.

The aircraft...probably not much left of that, and they would probably retrieve only a few things. (In shallow water, it would be torn up and dispersed by heavy seas, and in deep water, hard to recover.)

The black boxes usually give enough information to model what happened, and make a theory about why. The Flight Data Recorder logs all instrument data (speed, altitude, fuel, attitude, temperatures, engine parameters, etc),warnings, control positions, and control inputs. That's enough to figure out what they plane did.

The Cockpit Voice Recorder logs all sounds from the flight deck, including conversation, bells and beeps, clicks and swooshes and similar sounds when someone pushes buttons or moves things. If both pilots are chatting about family and then there's a cacaphony of warning bells, that's obviously a different situation than if 1 pilot is heard ranting about Amelia Earhart while there's a muffled banging on the door in the background. Or if we hear labored breathing and 1 pilot asks the flight attendant to find a doctor. If the end is just computer noises, and the pilots were never heard leaving the flight deck, we might remember Payne Stewart.

Automobile Association under fire for car-crash handling of data breach


Re: Taking it seriously

Heh. Nice catch. Yet another case where, I suppose, it's best to take "incredibly" in the literal sense.

I certainly don't believe how seriously they take data issues.

Intel's Skylake and Kaby Lake CPUs have nasty hyper-threading bug


Re: This is gonna suck.

Facetime with a sighted friend who will read the screen to you.

There's an iPhone app that senses light, so you can even tell when the screen lights up.

(Equivalent tools are no doubt available on Android and Windows Phone. It's just that all my blind friends use iPhones.)

Verizon!-owned! Yahoo! bins! AT&T! IDs! for! Tumblr! logins!


Right, so, Verizon doesn't want people to use their AT&T logins for Verizon products.

Amazon squares up to Walmart over boycott calls: Talk sh!t, get hit


I assume AWS is its own business unit. Most big (US) corporations that I've seen really do manage business units independently. That lets each BU react directly to the market (and thus compete more effectively than if it's micro-managed), and yes there are very strong legal and contractual reasons to keep the businesses separate. Even when there's a strong reason to coordinate, they're often just incapable of working across fiefdoms: Hanlon's Razor.

Sure, they all contribute to the corporate bottom line, but that's a financial aspect, not an operational one.

Migrating to Microsoft's cloud: What they won't tell you, what you need to know


Re: Migrating to Microsoft's cloud: What they won't tell you, what you need to know

word_merchant wrote: "What they won't tell you - it's shit, unreliable, insecure and woefully expensive"

I'm curious to learn more. Can you give examples?

In my admittedly limited experience, Hosted Exchange is just what it says: Exchange Server, with all the protocols that includes, Outlook Web Access, and all the groupware features like contact lists, shared mailboxes (slick integration), hosted and shared calendars, etc.

It's been pretty reliable. Not perfect, but better than typical VPS.

Security I'm especially curious about, because it uses Azure AD as a back-end, HTTPS for Web, and TLS for email connections. What I've seen looks better than the usual hosted VPS (smaller attack surface, for one), but there's a lot that I don't know.

Cost is $5/month per Hosted Exchange mailbox. Shared mailboxes are free up to 50GB. For a small company, this is very competitive with a hosted VPS. Anything other than fully hosted requires IT Person With Clue, which is not cheap.

When I recommend a solution to a client, that's my name and reputation on the line. I hope you'll share what you know.


Wonderful article that really nails the risks. Thank you!

We recently migrated a client to Office 365. Small business, limited budget, existing IT was a bit ad-hoc. We have a lot of experience with email (I recently bonded with someone over RFC2822), but this was our first time with Office 365. We researched and prepared and tested and staged and documented and the migration was a success, but my god, the learning curve....

Wish we had read this article first. Keep writing!

You're all too skeptical of super-duper self-driving cars, apparently


Re: Lesser of two evils?

"Flying is a piece of piss compared with driving. Nothing happens quickly, 1/2 km is considered a near miss so there is nothing to hit except the ground and it is pretty obvious where that is."

Quite a few accidents begin away from obstacles, and then "progress to the scene of the crash." I take your point, though, that driving in traffic has far less margin for error. A stranger in the next lane can lose attention for half a second and send 2 tons of Range Rover through your side door without warning.


Re: Lesser of two evils?

Yes, I chose to compare the least competent automated system with the least experienced driver. then proposed that if the minimum standard is higher for computers, that's an improvement. It wouldn't be useful to compare the worst automated system with the average human. No weasels were injured in that explanation.

Humans certainly do learn! Even experienced drivers make stupid errors, though. And I'm not sure those mistakes are all novel ones. I suppose the automation manufacturer would "learn" during testing and real-world experience, program appropriate behavior, and then the behavior would be consistent across all cars equipped with that system, subject to updates. That's a scale of learning that's simply beyond human capacity.


Lesser of two evils?

Every time I shudder at the idea of fully automated cars, I consider how really bad humans are at driving, at calculating risk, and at evaluating ourselves.

If the worst automated car is better than the average teen with 2 months' experience, that's a step up. If it learns from mistakes, that's already better than the average human.

Risk from cyber attacks? Is that risk worse than a human who uses the Internet while driving?

If nothing else, automated cars permit objective regulation of driving behavior, something which we humans are unable to do.

We could learn from aviation, which uses automation very effectively. No, not fully automated driving, but Instrument Landing Systems, TCAS collision avoidance, GPWS warnings about terrain, FADEC engine controls, Fly By Wire which compensates for mechanical control problems, and a regulatory environment that requires manufacturers to prove the safety of their products.

Oh, and aviation considers any "accident" as a failure to be investigated and hopefully prevented in the future. In an automobile, if you drive on bald tires and then slide your car into oncoming traffic, that's an unforeseeable act of God. Car culture is no paragon of safety.

Connectivity's value is almost erased by the costs it can impose


This isn't new

The Internet is incredibly useful and increasingly ubiquitous, and incomprehensibly complex, but (most of) our lives are rather broader than that.

Web sites are ephemeral, yes. That's always been true.

Online services offer you value, then hold your data hostage. Yes, this is why I know someone who still pays for AOL: she's had that email account since forever, and it is easier to rent it than to find everyone who might want to contact her to give them another email address. Also, years of email will disappear once the account is terminated.

Glitzy things value shiny over substance. This is as true at the supermarket check-stand as online.

Projects appear from nowhere and last until the creator loses interest. How many guys are forever "fixing" an old car or building a Wendy house, until one day it goes out by the curb?

Some people rely on smartphone apps to navigate wilderness areas, then get caught short. Such people got equally lost before smartphones, simply by going for a walk without being prepared.

Fundamentally, I spend most of my money with established businesses. I trust and listen to people whom I know. Sure, some people live on AirBnB and buy their groceries and gasoline from Groupon, but for most of us, I suspect that the Internet is merely one part of life and didn't replace everything. And it won't.

Partners tearing their hair out over Dell EMC invoice system borkage


Re: Utterly useless

There are many likely ways this failed, but over-eager devs were probably not involved. They usually push for more time to finish, not less.

This was probably deployed to meet some external deadline: maybe to align with another project (to refresh the data center or critical people were required for something else to begin), or maybe just because the Magic Dart Board had set a date.

I've been part of projects like this. Honestly, I couldn't find any single point where they broke; the organization just lacked the cohesion, transparency, and values to succeed. Techs work on what they're given. Project managers try to deliver to the requirements. Managers juggle staff and schedule conflicts, and priorities that come through parallel channels. Senior execs make decisions based on information that they know will never be complete. And nobody has good scope or interface definitions.

Probably everyone has been through this meat-grinder before, and knows that there's no pot of gold at the end of the rainbow. Deliver, deploy, fix, apologize, survive for another day.

'My PC needs to lose weight' says user with FAT filesystem




I once wrote IHTFP on the whiteboard before a dreaded project meeting. This was far away from MIT (in every sense) so I got away with it.

Walmart workers invited to shuttle packages


Wow, lots of well-formed concerns about this program. Thanks for the education!

I could easily see Walmart making this a voluntary — truly voluntary — program. They have nothing to lose. Some employees will jump for a little extra cash. When I worked retail, there was lots of fine print, and few employees really understood it. As a new hire, I was advised by other employees about where to be careful, and what is just management BS that everyone signs and it doesn't really matter.

Walmart could list all the risks and assign them to the employee in a wall of text. Those who read and understand it, would probably not run deliveries. Some others will happily deliver and tell coworkers about how much extra they made last week: what a great program!

TLDR: These benefits to employees are immediate; costs are not.

BA IT systems failure: Uninterruptible Power Supply was interrupted


At a previous company, we did have a full-time electrician. When he wasn't fixing something, he was supervising an upgrade or replacement, designing future electrical buildouts, meeting with DC tenants to be sure we didn't overcommit the electrical supply, fixing stuff around the offices, and generally being Very Useful.

To be fair, we had more than 1 data center, with complex power requirements. Much like BA, come to think....

I've worked both as a direct employee and as a contractor. A company has much more control over direct employees.

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book


What version of iTunes doesn't run on a personal computer?

Former RCL director: It was me who cancelled their domain names


No choice, really

It might be hard to transfer a domain to an entity that won't participate in the transfer. If he contacted RCL and asked them to do their part to take control of the domains (which would be easy to prove), then he should be in the clear. He simply released the asset after being warned it might be a liability.

This is why Boards get Directors and Officers insurance: if your name is there (or on an asset), you can be individually liable on behalf of the organization. If he were no longer shielded by the company, he really had to get his name off the list.

What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years


Bah. I want to be able to recommend a smartphone to people who just want, you know, a smartphone. That will work until it doesn't or they replace it.

I really thought that Google (brand) phones were a good answer. Seems they are not.

In this context, my iPhone is a better investment than I realized.

Gift cards or the iPhone gets it: Hackers threaten Apple with millions of remote wipes


Re: Am I the only one?

Gift codes are indeed easier to trace than cash / cryptocash. They are also easy to sell on to unsuspecting people before the codes are traced and cancelled.

Before I buy a gift card second-hand, I verify the balance, then spend it all immediately after I pay for it.

Texas cops lose evidence going back eight years in ransomware attack


Exactly this. If someone could click on email and run software that alters legal evidence, that same person already had the ability to alter that legal evidence.

Malware wasn't the real problem here.

'Ancient' Mac backdoor discovered that targets medical research firms


Re: "More secure than PC? Ha!"

Ah, I remember when PC stood for Personal Computer. (What does it stand for now?)

I'm unconvinced that Macs transcend personal computing.

But yeah, seems like standard userland malware.

Seagate hauls out fat form factor throwback hard drive


Ahaha. I remember the Bigfoots. Cheap and cheerful.

Nothing can replace my old full height ST423451W. I keep it around to scare kids and win arguments.

I've had a few experiences getting Seagate to RMA a drive that failed in hardware RAID but passed their SeaTools diagnostics. This new drive would have to be pretty cheap for me to consider it.

Facebook's internet drone crash-landed after wing 'deformed' in flight


Re: Recurrent theme?

From the report, the aircraft was intact and fully operational until the autopilot balled it up. The autopilot responded to a normal situation — high on approach — by commanding control surfaces to deflect beyond that which was structurally safe for the airframe. (Va or such)

Yeah, I'd blame the autopilot as the proximal cause of this accident. Root cause would be something like "we put our best Python programmers on this project but forgot to include an aircraft engineer," but that's outside the scope of the FAA investigation.

Uber-creepy: Dial-a-ride devs accused of stalking pop diva Beyonce


Re: Shameless

"you are using an app, paying with a credit card and giving your GPS to the driver to find you... when and on what planet did anyone think that information was going to treated well and respected?"

When you put it like that, it's pretty dire. I do think though, that when I install an app, it shouldn't report my location unless and until it needs to locate me. When I use a credit card, I expect it to be processed through a normal credit card processor and that information like my CVV won't be stored with the merchant. Of course I want the driver to know where to pick me up, but that's a very limited audience (2 people) and I don't expect unknown others to be able to not only listen to that "conversation" but also to then track me across multiple transactions that involve different people.

Uber and Lyft have really opened opportunities for some friends who cannot drive. I don't rail against the services. I do, however, wonder if they're really doing all they should do to protect their customers (and by "should" I mean acting as they claim to and as they are required by law).

A-dough-be: Photoshop flinger pumps profits 50 per cent


Is this all about moving customers to a subscription (rental) model and off of perpetual licenses?

In Red Hat, Veritas: Firm backs OpenStack convergence play


Quaker Oats became popular because they offered a consistent product in reliable measures. In other words, customers learned to trust their product quality.

This is important in computing too. Providers model expected demand and then build to it (with varying overcapacity). Customers buy a service as if it were guaranteed. If the provider fails to reliably meet expectations, they lose the trust of customers.

"Predictable quality of service" is a big deal. I'm interested to see how this works.

Bloke accused of Linux kernel.org hack nabbed during traffic stop


Re: How about community service instead

"Hey, remember that idiot who popped kernel.org a few years ago and put a trojan into Linux systems?" "Yeah, what of him?" "He's working for the city now, in lieu of prison." "Oh, that's nice. What's he doing?" "Installing Linux on thousands of computers that don't belong to him."

Childcare app bods wipe users' data – then discover backups had been borked for a year




No backups, no testing, ad-supported childcare service, and their domain is in Somalia.

I wonder if Orbit was trying for Sketchy Outfit Of The Year.

Microsoft takes five months to replace broken patch


Re: This is why Windows is no longer viable.

Businesses operate with imperfect tools in imperfect situations every day. The point is to find "good enough" and make money at it.

I think you raise some good points, but your dire predictions are not yet supported by either reality or common sense. If you propose viable and attractive alternatives to Windows, your opinions would have greater value.

Meanwhile, I can't recommend that businesses who rely on Quickbooks or Exchange/Outlook stop using Windows. I can't recommend that photographers change to Linux and leave Lightroom and Photoshop and all those plugins.


Biting the hand that feeds IT © 1998–2019