* Posts by HellDeskJockey

31 posts • joined 27 Jul 2016

Sysadmin’s plan to manage system config changes backfires spectacularly

HellDeskJockey

Re: Why use a revision control system?

Ahh paper tape. Worst come to worst you could always read it manually. Though for a backup I would use Mylar. That stuff was darnmed near indestructible. Way too bulky for modern systems though 1 Kilobyte requires about 2.6 meters of tape.

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

HellDeskJockey

He's right security will only be added to IOT products when companies are forced to. But we also have to realize the this stuff does last a long time. I have a 15 year old laser printer. It works why bother replacing. Washer and dryer and fridge are even older. Mom has a 50 year old washer.

For non US readers the only thing class actions suits do is to enrich lawyers and allow companies to get off cheaply. Most class action offers I receive are tossed in the trash. If you are not offering me at least $20 USD cash it's not worth my time.

Six lawsuits against FCC's 5G idiocy – that $2bn windfall for telcos – is bundled into one appeals court sueball

HellDeskJockey

Re: That's rich.

My exact thoughts have an upvote. Gotta love the schadenfreude.

F***=off, Google tells its staff: Any mention of nookie now banned from internal files, URLs

HellDeskJockey

Most are professional in email, especially as in the states they are a legal record. Which can be made public in the event of legal troubles. Most have learned not to say anything in email you would not want said in public.

Now as to %$@^%) phone calls.

Fast food, slow user – techie tears hair out over crashed drive-thru till

HellDeskJockey

Ahh Users

My personal favorite:

Customer: "Hi our equipment lost memory and data could you help us?"

Me: "Do you have a backup."

Customer: "No we've never done one." (On equipment they have had for 5 years or more)

Me: "Ok this will take a bit of time." (Typically 3 to 5 days of phone support)

Well at least every day is a day closer to retirement.

US Democrats call in Feds: There's something phishy going on with our voter database

HellDeskJockey

Re: Left hand .. Right hand

Will Rodgers said it best "I'm not a member of any organized political party. I'm a Democrat."

'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

HellDeskJockey

Re: Insurance Black Boxes and the GDPR

Here in the states they actually have those devices. If you have poor credit you can buy a used car but it comes with a tracker/disabler. Miss a payment and the car can be disabled and tracked then repossessed if you do not make prompt payment. You "consent" to this so it's legal. If you don't consent they will not sell you a car.

A friend has one. Nice guy, but not the best credit risk.

Not OK Google: Massive outage turns smart home kit utterly dumb

HellDeskJockey

Local control. Not everything belongs on the internet.

Don't panic, but your baby monitor can be hacked into a spycam

HellDeskJockey

Re: Why would this need a mothership?

Good point I like my IOT stuff but I keep it local. Also you need to be careful how you communicate. My electronic deadbolts do not communicate wirelessly. I could upgrade to some but why would I add a security hole. Though with my house a good foot would do the trick. When thinking about IOT be sure to look at how they communicate.

You know that silly fear about Alexa recording everything and leaking it online? It just happened

HellDeskJockey

I like my smarthome but keep it off the internet. I have no need of clicking the lights on and off from work. Also while the stuff is getting better you should still have some technical knowledge. You will have to do some maintenance on it periodically. If you don't like tech use a light switch.

Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak

HellDeskJockey

It's possible in the US to be held on a different charge while they build the case against you. For example we have clear proof of a firearms charge. We will hold you on that while we investigate the murder charge.

Admin needed server fast, skipped factory config … then bricked it

HellDeskJockey

Default at 240. Many techs on the other side of the Atlantic would be cursing you. "My new computer doesn't work....."

Furious gunwoman opens fire at YouTube HQ, three people shot

HellDeskJockey

The truth is that if you are posting content on Google Facebook etc you are a digital serf. You are subject to the will of the creator and you can have your earnings cut off at their whim. While a gun was a direct cause of the injuries. The motive was a disagreement about whether the videos should be allowed to make money or not. YouTube decided and basically the creator had no alternative but to accept the result or revolt. There needs to be a way that a creator can appeal a decision and have it adjudged by a neutral third party. Something like a small claims court when the bar to entry is low enough that someone can feel that there is a practical appeals process.

This won't stop everything (crazy is gonna be crazy) but it will help to allow content creators to not feel abused by their digital overlords.

US mulls drafting gray-haired hackers during times of crisis

HellDeskJockey

Then again

A few grumpy oldsters might be just the thing. Listen kid if you try and breach this network once more there is going to be a drone over your house at ...... Now fuck off and let me take my nap.

If this laptop is so portable, where's the keyboard, huh? HUH?

HellDeskJockey

Re: @AC:There's portable... and then there's portable

An IBM 1401 that brings the memories back. I learned to program on one of them in school. It was old then in the 1970's but still worked. I still have a few old porta punch cards in an old box somewhere.

Shopper f-bombed PC shop staff, so they mocked her with too-polite tech tutorial

HellDeskJockey

As you can see from my handle quite a few years at the helldesk. We have durable industrial equipment. The problem with being an abusive customer is that we remember. I'll pretty much ignore your abuse during the encounter. But the next time when you need a favor, "Sorry we can't do that." Be friendly and courteous and I'm wiling to bend a few rules as needed.

Perv raided college girls' online accounts for nude snaps – by cracking their security questions

HellDeskJockey

Re: Everytime I see "Mother's maiden name" on the list of security question...

>Can't say as I keep any nude photos online either, not that anyone would be interested in seeing the >naughty bits of a sixty year old bloke.

You mean those young attractive women on the internet who tell me they like older umm larger men are lying to me? I'm in shock.

Disk drive fired 'Frisbees of death' across data centre after storage admin crossed his wires

HellDeskJockey

Well since I have spent most of my career working on CNC equipment lathes, machining centers mostly. There are quite a few stories one time we were troubleshooting and intermittent spindle problem on a 30 hp lathe. Well it stopped an there was nothing to do but go in the cabinet with lots of kit so you could not move easily and a multi v belt pulley (the better to cut fingers off). Found the problem shortly a micro switch was out of adjustment. All of a sudden the switch clicked it and WHOOSH motor starts at full speed. I scramble out as the operator is doing emergency stop. We both look at each other and he asks "Are you ok?" I respond with "Yes I think so" as I'm counting fingers. Thankfully things are a lot more safe these days. Lost a few friends from the Good Old Days.

Leaky-by-design location services show outsourced security won't ever work

HellDeskJockey

So what. If you were to location track my phone you would have found out the "TOP SECRET" information that my girlfriend and I went out for dinner last night.

However you could have easily found out the same information because; I used my credit card, we are known to the waitstaff, her older children greeted us when we returned to her house.

If I were to be doing something that required it I would take measures including no smart phones. But for my normal life I really don't care.

Insteon and Wink home hubs appear to have a problem with encryption

HellDeskJockey

First don't connect anything to the net unless there is a real benefit. That goes double for IOT devices. But seriously if you do spoof my Insteon system, all you can do if flick my lights on and off. Annoying but hardly the stuff of nightmares. If you are close enough for radio spoofing just try a jammer instead, no encryption decryption required.

IT fraudster facing four years' bird time for $10k blackmail

HellDeskJockey

Re: Why did he do it though? Pure dicketry?

That's why I work for other people. In my 30 years there have been a lot of changes. Fighting to get paid hasn't changed one bit, still the same from when I was wet behind the ears to being a grizzled oldster. Today when they ask me about working on a PO I nicely explain they have to go through accounting and get approval first.

Surprising nobody, lawyers line up to sue the crap out of Equifax

HellDeskJockey

You heard it here first department. Customers will get a year of free credit monitoring. The lawyers will get 1 billion $USD for ummm "fees" or something. I've been in too many class action suits I just toss them with the rest of the Junk mail now. Unless they are offering real money.

It's the thought that counts: Illinois emits 'no location stalking' law

HellDeskJockey
FAIL

As a current Illinois resident. I'm completely unimpressed.

Our representatives can't pass a budget. Our credit rating is abut to be reduced to junk. We have billions of dollars in unpaid bills. This is the best they can come up with is a law allowing our Attorney General to sue companies.

FAIL because it's well deserved.

Australian Taxation Office named as party preventing IT contractors being paid

HellDeskJockey

Memory Alert

This happened to me in the 1970's IRS froze the company accounts and bounced our paychecks. I'm still waiting for that money. But I did learn a valuable lesson.

If PaycheckOk = FALSE THEN Work = Done

Russian hacker arrested in Spain for bot-herding not election-fiddling

HellDeskJockey

Stay Tuned

They may be holding him on bot herding for now but with new evidence that can change. US can and will amend charges as needed.

Democralypse Now? US election first battle in new age of cyberwarfare

HellDeskJockey

It's possible but...

As a Yank in my area the voting machines are electronic but they use a backup human readable paper tape (4" rolls). When I vote the paper tape is displayed and you are encouraged to check it to be sure your ballot is properly cast. Not everybody checks but it wouldn't take a lot to see a problem in the system. That would certainly result in a recount and a mess but not the end of the world.

Of course I check my ballot. I know computers and don't trust them.

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?

HellDeskJockey

Users are Key

It doesn't matter how many patches you offer if users will not use them. Also IOT tends to be difficult to patch. Several things need to be done.

Offer upgrades with patches. Create an incentive to patch.

Punish those who don't patch shut down the device or add legal issues.

Require manufacturers to provides support. A simple way would be to require that a failing company as part of the bankruptcy either make arrangements to patch things or open source the code.

Also people need to realize that not everything needs to be on the net. I have electronic locks but they are local control only and that is not likely to change. I need to unlock the door when I am in front of it not from remote locations. My lighting control likewise sits behind a firewall so as not to be hacked. It works great when I am home.

We need people to realize that while "being on the net" may have it's benefits there are risks as well.

US Homeland Security launches IoT willy-waving campaign

HellDeskJockey

Reagan put it best

'The nine most terrifying words in the English language are "I'm from the government, and I'm here to help"'

Still all too true.

Black Hats control Jeep's steering, kill brakes

HellDeskJockey

Really???

If you have physical access to the car you can weaken the steering or brakes mechanically. This has the added advantage of not leaving a traceable device for law enforcement to track. Fingerprints and DNA anyone?

It is possible but not likely. I'd be more worried about errors from aftermarket devices.

Osram's Lightify smart bulbs blow a security fuse – isn't anything code audited anymore?

HellDeskJockey

There is a security cost to IOT

There is no such thing as a completely secure system. Add to that many IOT devices are difficult if not impossible to upgrade makes security issues inevitable. But you can do a few things to make things safer.

Don't put the system on the Internet just because you can. My light controller is not on the internet you have to be on the local network to use it.

Change the default user ID and password. admin, admin will not fool anyone.

Keep your whole network upgraded. Two words, Weakest Link

Monitor your system. Security is a continuing issue not a one time event.

Look into security issues when upgrading your system. If you see security issues ask if the benefits outweigh the risks.

Biting the hand that feeds IT © 1998–2019