* Posts by elvisimprsntr

68 posts • joined 2 Mar 2018

Page:

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

elvisimprsntr

I guess you don't use a GPS based time server or understand location determination is critical to determining GPS time. Good to know in case your resume comes across my desk.

https://www.masterclock.com/company/masterclock-inc-blog/finra-clock-synchronization-regulations-are-you-in-compliance

elvisimprsntr

Glad I have my own verified compliant GPS NTP time server in my home.

I wonder how many government agencies, car navigation systems, and aircraft navigation systems will go Tango Uniform (TU) on 4/6.

What about the banking industry? At least it’s a Saturday so the stock market won’t crash.

QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entries

elvisimprsntr

Problems like this occur when a user enables WAN facing services (port forwarding, UPnP, MyQNAPcloud, etc.) Hackers can profile the device based on responses, then gain access using known vulnerabilities.

Judge! snuffs! Yahoo!'s attempt! to! settle! 2013! megahack! class-action!

elvisimprsntr

Put all the lawyers on the B-Ark and send them ahead to populate the next planet.

Ref: https://hitchhikers.fandom.com/wiki/Golgafrinchan_Ark_Fleet_Ship_B

"The Golgafrincham Ark Fleet Ship B was a starship designed to relocate the (largely redundant) useless part of the population from the planet of Golgafrincham."

Hope you're over that New Year's hangover – there's an Adobe PDF app patch to install

elvisimprsntr

Glad I excommunicated anything Adobe and M$ long ago.

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

elvisimprsntr

Seems like Android should not grant access unless the device is authenticated/unlocked vs something implemented in every single app on the device.

It's a Christmas miracle: Logitech backs down from Harmony home hub API armageddon

elvisimprsntr

Re: Joy to the World

For example, offering free Hubs to replace their unsupported Link only after customer outrage. Then offering refunds to those who bought a discounted Hub before the free replacement offer, once again only after customer outrage.

Logitech has never published their products APIs. Maybe this will be a step in that direction.

A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

elvisimprsntr

Last Logitech device I will ever own.

On the first day of Christmas, Microsoft gave to me... an emergency out-of-band security patch for IE

elvisimprsntr

Re: It's about time...

there is...

format c: /s

Home users due for a battering with Microsoft 365 subscription stick

elvisimprsntr

Excommunicated M$ from my home 10+ years ago. Computer stress free life and fatter wallet. What's not to like?

Adobe Flash zero-day exploit... leveraging ActiveX… embedded in Office Doc... BINGO!

elvisimprsntr

So the key take aways are don't run:

1. M$ Windows - Check

2. IE - Check

3. ActiveX - Check

4. Anything from Adobe - Check

5. M$ Office - Check

Surface Book 2 afflicted by mystery Blue Screen Of Death errors

elvisimprsntr

I haven't experienced a BSOD in 10+ years, coincidently about the same time I excommunicated M$ from my home.

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

elvisimprsntr

A classic prank to play on someone who forgets to screen lock their computer before walking away was to:

1. Take a screen cap of the desktop

2. Replace the background image with the screen cap

3. Move all the desktop icons off screen and hide the task bar.

Then wait for the comedy to ensue when the individual exclaims none of the menus/icons worked. It was even more hilarious when even IT was stumped.

Groundhog Day comes early as Intel Display Drivers give Windows 10 the silent treatment

elvisimprsntr

Excommunicated MS (and more recently, Crapcast) from my home 10+ years ago. Life without computer induced frustration is amazing. I highly recommend it.

Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim

elvisimprsntr

1. Start with a good enterprise class firewall (pfSense) - Done

2. Configure firewall to route ALL DNS requests through OpenDNS, even if the host manually enters a DNS IP - Done

3. Configure OpenDNS to filter traffic you don't want clients accessing - Done

4. Use a professional mail hosting provider which which employs virus scanning and filtering. - Done

5. Disable USB interfaces on ALL clients - Done

6. Have a company policy which prohibits use of company resources for personal use which can result in suspension or termination. - Done

7. Mandatory employee training - Done

8. On site backup strategy (GF,F,S) with offsite/remote for disaster recovery - Done

Facebook's new always-listening home appliance kit Portal doesn't do Facebook

elvisimprsntr

If you still think Facebook is your friend, watch the 2 part PBS Frontine series.

https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/

Facebook, Google sued for 'secretly' slurping people's whereabouts – while Feds lap it up

elvisimprsntr

Kudos to Apple for holding on to their principals, but timing of Tim's public speech and the these lawsuits seems like more than a coincidence.

https://www.dailydot.com/debug/tim-cook-data-weaponization-speech/

It's a war between Apple and everyone else for your wallet. Apple makes money on products and services. G and FB make money off advertising.

Someone's in hot water: Tea party super PAC group 'spilled 500,000+ voters' info' all over web

elvisimprsntr

Add this to the growing list of reasons I actually de-registered to vote

* All politicians are corrupt and conflicts of interest don't seem to bother them

* All politicians will lie and tell you what you want to hear in order to get your vote

* All politicians will break their campaign promises once elected to office

* All politicians pass laws/bills to ensure their pockets are lined with cash

On the third day of Windows Microsoft gave to me: A file-munching run of DELTREE

elvisimprsntr

"All Windows users are beta testers. Consider it a privilege." - Satya Nadella

All *nix in my home, except for a single W7 VM for a security panel configuration app which insists on using .NET

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

elvisimprsntr

I uninstalled everything Adobe years ago, Flash and Acrobat. I highly recommend everyone else do the same.

The only reason I have Oracle JavaRE installed is for a single home automation controller console interface, otherwise JRE is disabled by default.

Facebook monetizes 2FA, Singapore monetizes hacker, and ransomware creeps monetize US Democrats

elvisimprsntr

Family and friends still wonder why I don't use FB or any other form of SM.

Twitter: Don't panic, but we may have leaked your DMs to rando devs

elvisimprsntr

First Rule: Nothing is guaranteed to be private over the Internet/Cloud.

Second Rule: See First Rule.

Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers

elvisimprsntr

Don't some of the voting machine manufacturers also make ATM machines which are vulnerable to remote jackpotting and have one key fits all locks? I would not be surprised if they also manufacturer the computer systems in gas pumps. That is all one really needs to know to make an educated guess about security of voting machines.

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

elvisimprsntr

ATT and a number of ISPs offer McAfee for free under the guise of "protecting" the customer. Most IT folks know things like McAfee route all your DNS requests through their servers to filter content, track your requests, and possibly inject ads.

A properly configured firewall (i.e. pfSense) will route DNS requests and filter traffic so ALL clients are protected, not just the clients with McAfee installed. Clients already have enough performance degradation due to Spectre and Meltdown mitigation without the additional overhead of McAfee bloatware.

BlackBerry claims it can do to ransomware what Apple did to its phones

elvisimprsntr

BB trying to stay relevant through scare tactics and trying to solve a problem that should not exist. If your system has been compromised that would warrant use of such software from BB, then you were not doing enough to prevent compromise or performing adequate backups.

Western Digital wonders why enterprise isn't keen on its solid-state drives

elvisimprsntr

Sure SSDs have faster RW performance, but the bottleneck is the network. It's about price vs. capacity, and redundancy to prevent data loss. The only application we require SSDs is in airborne equipment, for obvious reasons.

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

elvisimprsntr

It's a conspiracy folks! Planned obsolesce!

We already know CPUs are reaching the end of Moore's Law. This will ultimately lead to a decline in sales when all you get is incremental performance increases. It has likely already begun if you believe some of the YoY sales figures. Intel (and others) know these issues exist and let them trickle out to guarantee they will get sufficient press coverage to scare the $hit out of everyone. Future Intel comes to the rescue to save humanity by announcing a new line of hardened processors, future OS distributions require new hardened processors. Profits soar! Everyone wins! Well, except for the consumer and business that are forced to upgrade all computers, severs, networking gear, and anything else with a processor.

Sysadmin trained his offshore replacements, sat back, watched ex-employer's world burn

elvisimprsntr

My job (and many others) were getting relocated to another state. While they were offering a relocation package, it did not come with any cost of living adjustments. If invited, we were required to sign a contract. If you signed to go and subsequently left, you would not get any severance. If you sign you were leaving, you had to train your replacement with no guaranteed date or advance notice.

I found out the name of the recruiting company they hired, sanitized my resume, and applied for my own job. During the course of the recruiter interview, I was able to find out how much they would pay my replacement. It was a lot more than I was currently making. I had to spill the beans when the recruiter picked up on several awards I received from my employer I forgot to sanitize.

The funny part of the story is my sanitized resume still made in the file boxes of resumes management went through. Most of the resumes were junk. One manager picked up my resume, skipped over the name and started reading my experience. Once he realized who's it was, he exclaimed to the other managers in the room, " This is {name withheld} resume!" Which someone else in the room replied, "Now you know he is looking." Disgusted with the quality of the other resumes the recruiting company brought in, the first manager held up my resume and said to the recruiters, "This is the type of person we are looking for!"

I signed I was going to secure my job. The severance package was not very good anyway. I also knew it would be near impossible to time my end date with the start of a new job. I ended up taking a job with a 35% pay increase, signing bonus, paid OT, and full relocation package. I didn't burn any bridges though. After a 200% turn over in the organization, they begged me to come back. I told them my new price, which they met with a relocation package. It wasn't in the most pleasant part of the country, but knew with time I could transfer back to the paradise where I started.

Sen. Ron Wyden: Adobe Flash is doomed, why is Uncle Sam still using it?

elvisimprsntr

I couldn't help but think of Brave Sir Robin after reading this thread.

https://youtu.be/jYFefppqEtE?t=19

elvisimprsntr

US Gov't and schools continuing to use Flash is a form of government subsidy. Since most Flash programmers couldn't get job anywhere else, the Gov't gives them a job to keep them off unemployment. Also applies to most politicians and their staff.

Spectre rises from the dead to bite Intel in the return stack buffer

elvisimprsntr

When Spectre and Meltdown first became public in January, I decided to wait 5-7 years before purchasing a new device (laptop, NAS, phone, tablet, router, etc.)

I think I'll use the money saved to buy a new vehicle instead.

Adobe on internal systems security hole: Panic not. It isn't critical

elvisimprsntr

Don't worry, they drafted in their best Flash programmers to fix it.

Better to keep all those Flash programmers behind closed doors. If they get out, it will be the beginning of he zombie apocolypse

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

elvisimprsntr

Brings a new meaning to "Intel Inside."

No one wants new phones – it's chips that keep Samsung chugging

elvisimprsntr

When phones in US were carrier subsidized with a 2 yr contract, I had no problem shelling out $200 for a new phone every 2 years. Once my last contract ended, I switched to a much lower out of contract plan.

My current iP6+ is almost 4 years old and my battery was just replaced by Apple for $29. My father had been using my old iP4 until last year when I bought a second hand iP6S+ and give it to him.

My new upgrade cycle is when Apple stops providing OS updates for a particular device, which means I can likely get 5-6 years out of a device. Even then, I will likely only buy a second hand device for 1/3rd the original price.

No, it's not Intel's 5G chip Apple is ditching – it's the Sunny Peak Bluetooth, Wi-Fi part

elvisimprsntr

Original fake news reported directly/indirectly by someone looking to short Intel stock.

GitLab's move off Azure to Google cloud totally unrelated to Microsoft's GitHub acquisition. Yep

elvisimprsntr

They copy it to floppy ,hand the floppy to someone at Google, they copy it to their servers.

Done.

Isn't that how they did it in Office Space?

https://www.youtube.com/watch?v=GyB6ffmXsZo

Intel chip flaw: Math unit may spill crypto secrets from apps to malware

elvisimprsntr

As I have said since Spectre and Meltdown were first made public, I will not be buying ANY new devices for at least 5 years. I figure it will take at least that long for die changes after all the vulnerabilities are discovered.

Microsoft reveals which Windows bugs it might decide not to fix

elvisimprsntr

"...how about fixing the one that has totally shafted the wifi adapter so it now won't connect to anything whatever steps I take.

M$: Thank you for discovering and reporting a security vulnerability. We pushed a security update to your system to fix the vulnerability. Your computer should no longer be at risk.

June 2018, and Windows Server can be pwned with a DNS request

elvisimprsntr

From what I read, Edge includes an integrated Adobe Flash player. So Edge security is the product of Microsoft and Adobe combined. Nice.

Comcast's mega-outage 'solution'... Have you tried turning your router off and on again?

elvisimprsntr

While I understand the economics of combining services with a single company, you place your business at risk doing so. Businesses should have a emergency plan in place to forward calls to a different number during a service outage.

There is a lot to be said for having separate service providers and/or redundancy. I have dual WAN (ATT Fiber and TMobile LTE) failover for exactly this type of scenario.

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

elvisimprsntr

This article is irrevelent because everyone has already removed Flash at this point, right?

VPNFilter router malware is a lot worse than everyone thought

elvisimprsntr

I haven't run OEM firmware in 10+ years.

Currently running https://www.pfsense.org on https://protectli.com firewall and https://openwrt.org on OEM hardware. Previously, it was https://dd-wrt.com on OEM hardware.

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

elvisimprsntr

So we need a 28+ core CPU in a desktop to make up for the reduction in performance due to Meltdown and Spectre mitigation? Nice!

Smart bulbs turn dumb: Lights out for Philips as Hue API goes dark

elvisimprsntr

You are holding it wrong.

ISP popped router ports, saving customers the trouble of making themselves hackable

elvisimprsntr

An example why I don't use ISP provided hardware.

About to install the Windows 10 April 2018 Update? You might want to wait a little bit longer

elvisimprsntr

Excommunicated Microsoft from my home 10+ years ago. Linux and macOS is all I need. Plenty of open source software and my wallet is much fatter from all the $ I've saved.

OpenWrt forums lost as hardware failure again crocks open Wi-Fi router

elvisimprsntr

Given how inexpensive NAS servers are these days, there does not seem to be any excuse for this.

1. Two separate RAID servers with geographical separation

2. Real time RSYNC between the two

3. A domain/DNS provider which will automatically fail over to the backup server

4. Grandfather-father-son backup strategy, with periodic checks the backups can be restored.

5. Multiple sys admins

It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V

elvisimprsntr

1. Who in their right mind is still running Flash, on any platform?

2. Glad I excommunicated Microsoft from my home a decade ago, except for a Windows 7 VM running on a QNAP NAS. Otherwise, it's macOS, Linux, LibreOffice, etc.

Page:

Biting the hand that feeds IT © 1998–2019