Posts by Wzrd1

Re: What if you don't allow JS at all?

Well, there's flash...

Just to name one.

Then, move onto BHO's and accessory programs that are vulnerable.

One of the reasons I prefer to use a honeyclient and sniffer, to actually see what goes on behind the scenes.

I've dissected real world attacks that otherwise would've been complete mysteries. Some, using really old tricks, such as dumping binary data into a text editor that didn't test for text data, via a remote session link. Others, using some innovative and novel methods, which my employer and their overlords were quite keen on.

Re: Double-Edged Sword of Progress

If we're voting, I vote for creating a Culture Mind.

It'd be nice to have intelligent company to share Infinite Fun Time.

Re: Black insulating tape

Save, that there is behavioral analysis.

Patterns garnered on browsing habits, network traffic forms, even the pattern of typing a password can be confirmation.

Cue the launch of a new AI-powered threat detection product...

Yeah, I was thinking more along the lines of a new neural net guided counterattack system.

Had something similar, years ago, which had a slightly more disproportionate response pattern. Hit a threshold, start hammering back on a sliding scale beginning at 1/3 over the level of the attack. Escalating by orders of B channels, to give a hint of the era that that system was in place.

A neural net, with the appropriate model (I have a specific animal kingdom level in mind), wouldn't be that difficult, given VM capabilities available today.

Re: Not in IT...

"...one wonders what would happen if the affected workforce simply downed computers..."

In the US, that would result, regardless of notification, in a lengthy prison sentence.

In the US, throwing one's wooden shoes into the works is illegal.

Re: Not in IT...

In IT, I've had the opportunity and utilized it, to purchase my old desk for pennies on the hundred dollar mark.

Exchanging desks as the outsourced job was outsourced and the company failed.

Re: That means you heard it before it was released

"Or people don't get rid of them."

Or demand a wall around them... Paid for by them by proxy of one's own populace.

Re: That means you heard it before it was released

"Can't believe a fundamentally experimental album is still being talked about and apparently still selling well nearly fifty years after its release."

Well, there were those Beatles and a certain White Album I owned. Alas, the kids managed to get it stolen while I was away at some tiff in a certain Gulf...

But, for 'Eclipse', I was 10 or 11...

Now, knees are gone, back is gone and BTW, is it the memory or something else that goes first and what's the other thing?

Re: "...hashland would sound silly."

"The interrobang, a cross between a question mark and an exclamation mark."

I remember that in the later 1970's there was an attempt to resurrect the thing. It flew like the proverbial lead balloon.

"My US keyboard "has" a pound sign, as Shift-3 is #, but Shift-4 is still $, and we don't have a "£" key, so I had to copy-paste it from your post."

There's a unicode for it, which I'm entirely too lazy to look up and alas, I failed to import the lookup script from my other computer as of yet. As it's nearly midnight, that's a tomorrow afternoon job.

"We do call £ "pound" and this weekend I had to tell someone about the pound/shilling/pence system, as he was wondering about the "weird 3 part prices" in his vintage catalog."

Then, the question arises, "What is a quid" and assorted other slang terms, which turns into an hour long question and answer session. Leaving production at Fanny Adams.

Yeah, never thought you'd hear that old expression from across the pond!

"What do US people call a real pound (currency) symbol?"

Most US citizens are astonishingly ignorant and call it a "funny L symbol". I call it a Pound (currency) symbol and get asked what nation uses that currency.

Seriously!

I think that the ancient Athenians had the right of it, denying the idios the vote.

"Incidentally, since we call it a hash in the UK, but the Americans call it a pound and the social media companies are US based, why don't they call it a poundtag ?"

Because, far too many of us in the US call social media a "pound sand tag" and treat it accordingly.

Re: Yes.

"Well, a fair few do; there'll always be those folks who want to actually prove they know how to do the job, but they are getting increasingly rare these days."

Yes, I'm one of that vanishing breed. Alas, the reality does not meet your expectation.

Just today, I was asked to assist a coworker, who could not use his notebook's trackpad. It quit on him, he thought it defective.

Despite it being an HP device and a glaringly bright LED indicating that he had disabled the damned thing.

Double tapped it, explained nicely (due to his age) that he had a severe keyboard-mouse interface issue and departed.

While the user, due to the way that I worded things, will feel good, his supervisor, having heard my words knows that the user, despite being hired for a specific high level technical role, doesn't have a clue. I suspect he'll soon have to find a new position, perhaps, as a pizza delivery guy,

"People don’t want certifications and don’t want to do whiteboard coding and don’t want to do take-home assignments so what exactly do people want, to waltz into a job with a nod and a wink?"

Yep, in my case, that was precisely what happened. What the reality of it is is, I'm the most qualified person that the company has. I can diagnose AD issues after being kicked in the head by an angry horse. Not that I'm idiotic enough to put myself into the position of causing a horse to suffer such an injury.

Laughably, zero certifications that are germane. Annoyingly, the client requires specific certifications to operate at specific levels.

If memory serves, I do believe that Moses sat with me for my first certification.

Or was that some guy, who called himself Adam and had no family as of yet...

Re: Certifications, pah !

"My experience with Windows-minded colleagues is they are more inclined to memorize a list of letters and fill in a multiple guess test than to actually have skills tested, so I don't expect much from these new Azure certs."

My experience has been, two out of four responses are nonsense, two may or may not be a question of which one is least wrong - in the Microsoft manual version.

Not real life.

Hence, right clicking computer, selecting manage isn't an option in the idiotic things. One has to select the pathway the entire, long way.

Useful on a system one really is going to wipe and reimage, but a joke in the real world.

But, that data was insanely irreplaceable... Yet, entirely never backed up or copied to the server's storage array, which is SAN based.

Yeah, I've worked everything from Hell Desk through LAN/WAN, moved to information security. Now, wending my way back to more satisfying occupational activities, BOFH MK II.

Re: Certifications, pah !

" real cert would be a panel of three experts grilling the candidate for twenty minutes, or, for more practical things, a misconfigured server to correct and put in working order. Or sit the programmer in front of a computer and give him two hours to pound out the code to solve a given problem, then review the code. Bonus points if the program compiles and actually works."

Isn't that what a proper technical interview actually is? Oddly, for this gig, the technical interview was entirely omitted.

But, I've trivially identified the major problems in our environment. The management.

I'll have a solution to that problem next pub outing.

Signed,

BOFH MK II.

Re: So true...

"I had to chuckle when I read this. I've done NT4 MCSE, MCITP:Ent 2K8R2' and am 1 exam away from 2K12 R2 MSCE. I just can't be bothered anymore..."

Yeah, know the feeling. Alas, I'm working doing contracting for the US DoD, who are cert happy. Despite Microsoft's pathetic and anemic offerings of most modern offerings. It appears that Microsoft switched from having engineers design the tests to the sales teams doing so. With predictable and pathetic results.

Still, due to my contract gig with the US DoD, I need a cert. So, after perusing lists of test questions and with open laughter, I'll not even bother to study. Indeed, I may well decide to get falling down drunk and pass that anemic test.

This, from the guy who, on day three at a new environment, successfully diagnosed a major AD replication failure that the AD team refused to acknowledge the existence of.

It seems that they permitted some pinhead to install a new DC onto a cheap network path to the entire domain, then after some time, permitted that pinhead to power button remove it, rather than demoting it and shutting it down.

End result, that specific DC had been elected replication roles that now no longer existed and AD in general had no clue that the absence of the former replication hub was now vacant.

All, with end user's access.

Once they read my e-mail, they attained a clue and removed another DC, which was to be upgraded anyway and was a replication partner with the absconded DC, forcing an election.

Bloody hell! I can't wait until the movers get my laser armed sharks here. And the purloined security robots.

Now, if only I could find the urinal electrification kit that I packed...

Moves, can't find a blasted thing!

Found a cricket bat, which is odd, as I never owned one before. But, can't find that damnable electrification kit or my Marmite. Found some Oxo, which is odd, as I'm fairly certain that was lost in our first move, two years ago. Found a foot, inside of a shoe marked Fanny Adams.

The latter, I posted to the UK embassy, anonymously, to avoid potential human rights issues.

Come to think of it, I am now convinced that that isn't my luggage.

Movers!

Re: Made it here first!

"I wouldn't be calling insulin a drug, it is made by the human body..."

Nope, human insulin is made by the human body and one specific, genetically engineered e. coli species.

Insulin in general is made by many species and it is indeed, when prepared as such, a drug.

Once it is purified and prepared for usage as a medicine, it is indeed a drug and regulated as such. Which is a good thing, as it's then guaranteed to be pure, sterile and of guaranteed potency.

Which is good news for my insulin dependent wife.

Re: Made it here first!

"There are actually benefits to vaporizing mary jane."

Not for us, we both have *severe* allergy to the substance. As in being utterly incapable of breathing allergy.

Which, considering the ubiquity of the substance, is extremely annoying!

Re: I'm curious..

"So, why is this long line chase a sensible tactic?"

The sensible tactic is to stay out of his way and let him run out of fuel. They only get something like 4 - 5 miles per gallon of diesel for the M577 and M113. They're also slow, do around 40 MPH (although, I did get an M113 up to 60 MPH once, it was on a *really* long hill).

Oh, the armor is particularly weak as well. A couple of inches of aluminum is all.

But, comparing the price of letting him run out of fuel vs the rental of heavy construction equipment and having that equipment getting dented a little, cheaper to let him run out of fuel.

Then, wait for the heat to convince him to depart the metal box being heated by the sun.

"Ok, let me try to help: what about incompetence and malpractice?"

No, I'll help.

A purer example of a fundamental lack of due care and due diligence has never been presented to a court of law until this occurred.

Do expect to see this company in receivership in the near future.

Re: Never again

"As it states quite clearly on the promo visible on the screenshot of multi-panel (p2), 'Samsung Electronics has taken care to create a memorable expreience'."

Well, being electrocuted is a memorable experience, however, I don't recommend it.

Re: Pugh Pugh Barney Mcgrew ...

I dunno. Hanging up a snake in a forceful manner can tend to induce, erm, irritation on the part of the snake.

Re: Waiting....

I don't think that'd be all that effective.

You're dead if you don't give in, you're dead if you do give in and all of the passengers are dead as well.

Re: Budgets

First, there's that entire WSUS thingie that's free.

Creating a test group, trivial.

Been there, done that, created the damned program.

Add in SCCM and assorted other package management software, well, seriously. This is a management complacency issue.

Now, long fangs are hooked upon many, many, many management asses, not only UK, but throughout the EU.

Re: Missing the Obvious

I invite you to lead by example, so that others will follow.

Let us all know how that works out for you.

Re: Govt depts and system patching

Not only government. I work for a major corporation, derived from a Fortune 200 corporation.

This weekend, Saturday being my "Monday", I found major patching for this frigging vulnerability going on.

Back when I was IASO for a major US military installation, patches of the OS were delayed, at most, by 30 days.

Net result, due to equally anal retentive antivirus states, the 2008 cyberattack on the US DoD, which was centered on our area, failed.

Following best business practices also helped. A lot.

A tad of commonsense also helped.

Re: Oh dear. XP

Oddly, Microsoft sent out a patch for XP.

Good idea, as this rubish code belongs in a rubbish tip, not a fucking operating system. And to be honest, this shit code likely has existed since the US DoD bought the NT4 source code.

Blaming the NSA for doing what defense organizations do is idiotic, as they didn't write the shit code, Microsoft did and gave all six major vulnerabilities a free pass, for decades!

Do research how long the SMB1 stack has existed.

Hint: SMB1 is nearly as old as our children, who are in their mid-30's. It's nearly 30 years old.

We have one thing that's over 30, other than our children, our wedding bands. Everything else was either lost, destroyed in a move or damaged beyond repair in moving or normal life.

Or do we also need to get netbui fixed as well?

Yeah, I'm *that* old and a bit older.

Hint, the Queen of England sat 9 years on her throne before I was born, but my earliest memory, beyond a diaper pin jab, when I wriggled and understood what mom was warning me of, was JFK being shot to death.

This is a case of one complaining of a Model T Ford not running worth a damn on modern gasoline and worse, the valves hammering themselves to death.