Posts by Mystereed

Used to get emails at work from a woman thinking she was emailing her husband

Don't get your hopes, up - nothing salacious! Can't remember if I have posted this before, but a woman who works at the same company as me was emailing her husband (who has same name as me) and her system picked up my internal address instead of his external one the first time and kept reusing it as default autosuggest.

First email I got was because she had booked return train tickets with the source destination the wrong way round and asking what could she do? I helpfully sent her the website link of the train company page where tickets can be adjusted if you have the right traveller info, thinking it was someone just asking for help. When she then wanted ME to change the tickets for her, I realised the mixup and set her right - she was most apologetic.

A few weeks later I got got an email suggesting a BBQ that weekend? I politely turned it down as I was in another city and that her husband might get jealous? She replied that she had realised her mistake as soon as she hit send and apologised again.

Another few weeks later, she emailed me to say she was going home sick as she had an upset stomach. I told her I was sorry she was not feeling well and that maybe the food at the BBQ may not have been cooked properly?

She was even more mortified by that exchange - I then pointed out that when Outlook (which is what we use at work) starts suggesting an entry, a little cross will appear at the far right of that line. Click that cross and Outlook won't suggest that one again until you have typed it in full again. Haven't had another email from her since, hopefully because the suggestion worked but maybe the stomach upset was more serious than we both thought?

We've had three so far

The first one only lasted a few seconds because I got too excited and said "I've been waiting ages for one of these calls", when my other half handed me the phone saying it was someone from Openreach. Click... Doh!

I think they are on a timer because the next two hung up at 20 minutes, almost to the second, having made no meaningful progress. I've never been brave enough to let them actually get in to my network, just wasted their time by pretending to be doing things which take time. I know enough to know you have to be pretty good to be totally safe when letting someone run arbitary code. I haven't set up a VM on an isolated network segment yet, maybe when I retire I'll investigate some best practice disposable setups.

I just keep polite and misunderstand what they are saying or take it too literally:

Them - "Can you go to a device which you use to access the internet?"

Me - "Yes, no problem."

Them "What does it show on the screen?"

Me -"It's all black"

Them - "What do you mean"

Me - "It isn't switched on"

Them - "Switch it on please" (this is when you can both hear them get interested that they have someone compliant and also frustrated because they realise it will take a while).

Them - "What does it show on the screen?"

Me - "The news"

After a few more questions I give away that it is the TV, which I use to access the Internet to watch Netflix. Then I suggest I use a laptop?

Them - "What does it show?"

Me - "It's black - it's not switched on" (this is where the real frustration starts to creep in to their voice)

It takes ages to boot

I then pretend to try the websites like teamviewer which they want me to open. They all fail with a blocked content message. I then helpfully suggest that it might be due to it being my work laptop which I've been told has a lot of security 'stuff' on it, should I use my personal one?

I then do the "What does it show?" & "Black, it isn't switched on" and long time to boot loop again.

I'm not sure what happens next as that has been the 20 minute limit where they just hang up. I assume they just give up and move on to the next attempt on their robocaller, but as long as I am not doing anything important, wasting their time gives me a little bit of pleasure.

I think giving them a bit of an adrenaline rush by allowing them to vent their anger is wrong - just keep them frustrated and depressed about how slow and thick these westerners can be (they have all had Indian accents, though the two I strung along were called Dave & Alex). They probably get paid by results, wasting their time will cause them stress, allowing them to vent will release it? Play the long game - give them ulcers or other stress related conditions!

That share scheme sounds a bit unfair

and also ripe for exploitation by management.

Fair to say if someone leaves by explicit choice - i.e. resigns, they get cancelled, but if somebody gets made redundant (even voluntarily) or retires due to age, sickness etc, then the shares should still vest.

No more than 35%?

Is that by number of boxes, capacity or cost?

Lots of wiggle/weasel room there - they could maybe get half the infrastructure from Huawei for 35% of the total cost?

Or install small non-Huawei kit in lots of locations with small capacity needs and then get beefier Huawei kit where it will actually be more cost effective in busier locations?

Bad targets drive bad behaviours?

How about...

...allowing them if the adverts can only be seen by people actually inside an enclosed phone booth? That would stop everyone else getting distracted by them?

The companies probably wouldn't want to deploy them with that condition though, which would prove they are just trying to get around the regs.

The real rule is...

...to give the one you dropped to your mate and get yourself another one?

Denial of service?

As well as maybe being able to pretend to be the original device, this would also be a denial of service - that original sim will stop working and the real IOT traffic which should be transferred will now either be lost or stuck?

Not an expert on this type of thing, but can that sim be brought back online with the original details or will someone have to physically put another one in? The second will be a major PITA, but the first could result in a tug-of-war, unless extra security is put in place? Plus what's the betting that the attacker would be the one to ask for extra security and the original owner then won't be able to get it back?

Obligatory xkcd

https://xkcd.com/927/

Fingerprints to gummies?

I think police are already allowed to take finger prints forcibly?

Are they then allowed to make gummy fingers from those images to attempt to unlock phones?

Obviously there are time limits involved, but just curious if they did get evidence via that method if it would be admissible?

Rather than close the accounts...

...once identified as bogus, why not just black hole them so that nobody ever sees the content those accounts produce?

Maybe that way the scammers are less likely to move on to new accounts with a window of opportunity to rip off people before they get banned and they can also be used as a kind of honey pot (content on those accounts is highly dubious so that content being posted on another account is also more likely to be dodgy too)?

Or maybe they only ever use the accounts for a few hours anyway - based on the numbers, there has got to be some kind of automation in use there for sure? Why not have a grace period after creation of an account where certain functions are not allowed or throttled. A proper business can wait a day or two to get their new name up and running before they pump out dozens of tweets/posts/blogs - scammers might actually get affected?

There would be the added benefit of being able to track accounts which search for the content to check it is actually there - or do scammers not have test teams?

How about some grace time after expiry?

If a domain has been owned for a couple of years, how about having an embargo on it being picked up by someone new for a month or so? If you really don't want it, you can give permission for someone to have it early?

Marketing name for this technique?

I read something recently which described this kind of arrangement as being a Centaur.

That sounded a bit better than pantomime cow, which would make you more like to wonder which half you were going to be - the head or the other end?

Weasel words?

Not for external sale - does that mean they will be rented out instead?

Who has just a single account these days?

Another account with a buffer chunk of cash in case the main one goes down?

Happy it is up safely...

...but seriously disappointed it didn't go up on the planned date as I was in Florida and we had managed to get in to the Kennedy Visitor Center car park that afternoon :-(

Had to fly back to the UK the next day. Argh!

Whack-a-mole?

1. The machine learning algorithm gets trained using an existing set of known styles of video.

2. Deploy to live and start rejecting new videos which match criteria (I assume maybe the accounts also get flagged as potential producers of dodgy material and get suspended, rather than having special forces sent to where the user is logged on?).

3. Dodgy uploader uploads their latest video using fresh account.

4. Dodgy uploader gets told their video has been rejected.

5. Dodgy uploader contacts their film director/editor to tell them their latest style has been compromised.

6. Dodgy director/editor moves on to a new style, and gives video to uploader. Go to 3

7. When a human sees an example of new style, reports it. Goto 1

8. So eventually, based on the above rules, we will have every publishing/film style ever used by these people? Black & White silent movies, French New Wave, Manga, etc. etc. and then they will have to give up? Is that the theory? Looking forward to their version of Carry on up the Khyber btw.

RPO & RTO?

They could get their data back from backups without any loss. The meets the Recovery Point Objective.

They couldn't get it back in time to continue normal operation though. So was their Recovery Time Objective wrong (of course everyone can wait a week, I don't want to pay extra to get it back in 2 hours!) or was the recovery procedure unable to meet the RTO? Which if it is a supplier could result in a claim?

Can I just say...

...that we have been blessed with so much brilliant stuff to watch over the years?

I haven't clicked on so many up-votes ever!

Don't fight - love the things you love :-)

You know why they don't want the passwords any more?

It's obvious - they don't actually need them, they can get what they want from just the usernames, everything is backdoored :-(

Enquiring minds have to know...

..if the "unlatched browser" entry is a deliberate typo on a story about typos?

So, does it mean that..

...there is more outsourcing going on or that it is becoming more expensive?

Once all the permanent capability has gone, the suppliers can start upping their rates?

Have never been a fan of showing how big a change is by the cost though.

Are they actually repatriating it at the moment?

I thought all the big companies were holding the cash offshore until the next rates 'amnesty' when they can bring it home without paying as much tax?

2FA may not protect you?

Don't forget that they will want to know your telephone number and will probably be able to read the messages sent to it even if you left it at home and so can access any 2FA code to get access to the sites that they want?

Same with emails.

The securefobs will need a bit more work - like an arrangement with the manufacturers to have a method of reproducing the required code by detailing the serial number of the keyfob? If you leave that at home then you might be slightly better off.

When we move to iris scans, we will probably have to send them an eyeball!

yes - didn't SSP have an HP SAN go pop too?

http://www.computerweekly.com/news/450303913/Insurance-brokers-count-cost-of-lost-business-as-SSP-SaaS-platform-outage-enters-second-week

That one was originally said to have been caused by a power problem, but it went on for ages.

Is the HP kit or Support an issue or is it because there are so many of them about that there is more chance of a high profile story cropping up? Bit like when a 'self-driving' electric car has a problem it seems to be more often than not a Tesla?

Not a serious suggestion...

Why not weld a helicopter on top of the gun turret - you can then point it in the right direction and fire a harpoon missile? Two stones with one bird?

Public and private positions?

The TCS people who work here were told by their bosses that Brexit would be an opportunity for them as they think they will continue to have access to the UK but that some of their near-shore competitors in Poland etc would find it harder.