[Dave Rice]

So it’s quicker to type control panel in search then ? I now only have to get as far as co and it’s there.

[Dave Rice]

Hard to go wrong with a Samsung tablet.

I use the “John Lewis” filter because they don’t stock crap and yes they have it for £199 with a 2 year warranty.

[Dave Rice]

Cat 6 is a pig to put RJ45 plugs on. It has a stiff plastic X piece in the middle that has to be dealt with. I only use it for punch down to punch down cabling i.e. no plugs and only when it’s in a written specification from the customer (only the military so far and God knows why).

It’s quite simple, no-one here needs Cat 6. specification cables, it will not speed anything up. I know quite a few older places running quite happily still on Cat 3 to the desk.

[Dave Rice]

Yes, a lot more is going to come out and it’s not going to be edifying on either side. It does appear the moderate Muslim community has found the courage to push back and point out that they are reporting these people.

Internment doesn’t work and seems to be a largely knee jerk reaction. In WWII  in one Isle of Man camp over 80 per cent of the German and Austrian internees were Jewish refugees. But the failure of the Norwegian campaign had led to an outbreak of spy fever.

[Dave Rice]

I’ve been forcing this wherever I can since the The Update Assistant made it available.

No issues with crashing etc. but they have changed Settings enormously, and the right click on Start menu. The only way to get Control Panel now is through the search box (you can always pin it). You only need it for the most esoteric of options now though.

[Dave Rice]

You don’t need a HDD attached to get a UEFI to boot. All you need is a CPU and ram. Plus it helps if you have some sort of graphics to be able to see it ? But if it has o/b graphics I’d just go for that but D2 will need a card.

I was repairing a PC today and we knew the HDD had gone as it booted straight into the UEFI. However there are a plethora of start up options and some early boards did some strange things. Things are easier now with GPT, UEFI and W10 all the way. It’s when you start mixing legacy stuff it it gets sticky.

It could be te PSU has blown and taken mobo and ram with it. But at 6 years old the mobo is in that age range when micro cracks can start making an appearance.

Problems with replacing the motherboard: It’s a 140 watt job so the cheaper “78” (760G) end is out. They can only cope with 95 watts. Personally I have found my 2 forays into the 970 world a disaster and wouldn’t touch them with a bargepole.

It may be time to say goodbye. These days even a lowly £55 Pentium of 3 generations (Haswell) ago is 50% faster in single threads (which is still what matters) and only 15  -20% slower in multi threads on a £45 motherboard that would take your DDR3.

The latest £85 Kabylake Pentiums are 2 cores with HTT (like an i3) and 3.6Ghz. Sh1t off a shovel and the with the HD630 onboard graphics I would ditch the HD5750 as well. You’ll be saving 180 watts at full pelt too.

[Dave Rice]

Deportation = the action of deporting a foreigner from a country.

Where would they have deported the bomber to? He was British and a Mancunian.

[Dave Rice]

Yes it’s ancient. We don’t seem able to shake it though.

[Dave Rice]

Yes, I’m afraid we’ll have the think of the children knee jerk reaction that will try and allow even more RIPA to get through.

Watch the blue team introduce it first and then deny it’s making political capital on a tragedy. It’s keeping the nation safe (strong and stable), even though it’s happened on their watch, as did Westminster. If only the Govt and GCHQ and the Yanks / 5 eyes / Israel / whoever could intercept the encrypted message the perpetrator sent before they did the despicable act we could stop such things.

Like all the terrorist movements before it, it will have to be sorted by “political” means (people talking to each other) as nothing else works in either direction. Why are the people who do these things so motivated that they will do them? Insert Islam / Nazi / Catholic Irish / general nutter (Jo Cox) into the equation as much as you like, they all think they have an axe to grind and a cause to espouse.

[Dave Rice]

The NSA created ExternalBlue: “(SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.” When they say”specially crafted” it’s not special at all. MS always use that wording, probably approved by the lawyers and total bollocks. I think it means not produced by MS themself.

That is what allowed Wannacry to spread once it got in. User permissions have nothing to do with it.

In my situation I am not too worried as SMB v1 is only running on Linux variants (printers and NAS) which are not under threat of infection. The Windows boxes can use SMB v2+ to access the shares for the scanners on the Synology NAS. Plus I have a robust security measures in place to prevent infection and mitigate it’s effects if not.

[Dave Rice]

You can see that happening. Is my cell compromised? Do I run or do I do what I said I would?

If it’s a wider conspiracy now would be the time to hit elsewhere even if it’s relatively low in body count, it’s the impact?

If I can make this up, so can anyone and I wouldn’t blame anyone being cautious right now. As long as the paranoia doesn’t get wound up to shooting innocent people like de Menezes in 2005 or interning “suspects” like we had in NI.

The chances of being in the wrong place at the wrong time are incredibly small. I haven’t checked but you probably have more chance of winning the lottery or guessing a total strangers phone number.

Even if I was going to Manchester tomorrow (and not July 3) or even London / Brussels / Paris I’d still be on the train. As it happens I’ll be on the bus to Yate and walking through the shopping centre on my way from the bus stop to the charity. As a suicide bomber I  could make an impact nearly as big as last night. It has one of the largest Tesco stores in Europe, never mind the rest of the shopping centre, and kids everywhere at the right time(s).

Keep calm and carry on….

[Dave Rice]

On my recommendation the charity have bought a Lexmark CX510de as the HP printer in Finance has died (this is not the printer I mentioned earlier, the 2 support branches use Konica Minolta bizhub c224e MFPs on page per page leases – not my idea!).

At almost £400 it’s not cheap, but it’s full duplex print and scan (via an ADF), 30ppm b&w and colour, low running costs (0.12 and 0.72) and ships with 8k Black & 4k CMY Toners (cost £385 to replace), a 4 Year On-Site Warranty and a free Kindle Fire (to bribe the budget holder with). So actually in terms of TCO it’s a billy bargain!

The point is this is firmly aimed at SMBs. It was delivered today and I’m off to configure it tomorrow. So check the SMB specs. Not a sniff but in the Scan to Network Folder Setup instructions it clearly supports XP so I think we all know the answer by now.

But, there may be light at the end of the tunnel. Looking at “Scanning to a computer using the Embedded Web Server”  and “Setting up Scan to Computer” we see “This feature is supported only in Windows Vista or later”. May be a  :good:

There is also a Scan for E-mail option but that will mean setting up a gmail account for “less secure apps” as they don’t have any free domain email addresses. Also it means setting up a destination to every user individually. That’s 15 of them not counting staff turnover.

Hey Ho, it will be fun. How much do you want to bet I’ll just go for the easy SMB v1 to a Synology share option? Actually very high as the Konica printers mean SMB v1 will active anyway and the perimeter and local security defences are very good. I am not worried about a man in the middle scenario.

There appears to be an app of sorts that may sort this, we’ll see tomorrow.

[Dave Rice]

It’s all in the MS STorage Stop using SMB1 Blog and it can be convoluted. However apparently a “smb.dialect.index == 5” filter with wireshark will work.

However they provide SMB1 usage auditing in Windows 10 and Windows Server 2016 “Set-SmbServerConfiguration –AuditSmb1Access $true” Then examine the SMBServer\Audit event log on the systems.

The comments tell of a story where SMB v1 is in still in use in line of business tools, and it ain’t XP. IBM ISAM sticks out (it’s to do with database indexes) and it’s typically used by small outfits where a full blown SQL alternative is too complicated or expensive.

It seems Ricoh printers and Toshiba copiers are the same. The MS  answer is “I wonder what they will say when you tell them you are switching vendors.” How naive. Ricoh (or Aficio) MFPs are the mainstay of the pay per page lease business and people will have long contracts in place. Although apparently newer machines do have SMB v2 but you have to Telnet to them to enable it. looks like some HP MFPs have the same issue.

Earlier on I turned off SMB1 on the charity’s Synology NAS which has a share used as the target for the scanner on their ancient MFP. They don’t do much scanning but I’m just waiting for the phone call….

So it is industry wide on all sorts of devices that can’t just be thrown out or isolated. This is what I meant by my comment on the ZDNet article. No business works in an MS only world where you can “just upgrade to this years model”. When the phone call to the non scanning comes in my answer cannot be go and replace £1,400s worth of printer.

EDIT just realised I’m “panicking” unnecessarily. SMB 1 can still stay turned off on the PCs. Only the Synology will need v1 so the printer can drop the scan onto the share. As it’s a mapped drive from the PC it would be vulnerable to encryption, but who cares too much about a bunch of PDFs that would have been copied to the Cloud Station via the PC?

[Dave Rice]

There’s plenty of high wattage 12vc DC PSUs (power bricks) about for use with pico ATX “PSU”s, I have one. The mini-itx store has them up to 192w = 16A

There’s also 12v Dc power supplies for powering many analogue CCTV systems at once. But a quick check is whilst they have a high total amperage, each port is limited to 1.6A

[Dave Rice]

I think you mean that to start the PSU you short out 2 pins on the motherboard which in turn does the same to 2 pins on the ATX plug?

If so have a look here

[Dave Rice]

I’m attending a webinar (horrible word) at 2pm “Debrief: The anatomy of WannaCry by IDC and Bitdefender”.

As mentioned devices are still being produced in large volumes aimed at the sector least likely to understand any of the issues. The same sector IoT is aimed at, who love a bargain too.

Microsoft and the whole security world has for some time been urging IT professionals to dump it and have provided the tools to search it out.

2 slides from the webinar (EK = exploit kit)

 

I believe they think it’s not a nation state or organised crime. Its not just sloppy code, how to retrieve the ransom wasn’t thought through.

The advice was exactly the same as has been mentioned here. Patch, AV, backup on remote devices, disable SMB v1.

[Dave Rice]

I’m not going to Manchester until July 3rd and even if I was wouldn’t be at a tweenie gig! (Hawkwind tomorrow night, real old farts stuff).

This is a very low act specifically aimed at children and their parents.

[Dave Rice]

I’m seriously thinking of going down the none of the above route. Living in a safe seat my vote is largely irrelevant anyway.

That’s what made me laugh about the Brexiteers banging on about bringing Democracy back. I have no more say on my local representative than who will be the President of the EU. “The average constituency last changed hands between parties in the 1960s, with some super safe seats having remained firmly in one-party control since the time of Queen Victoria”. – See more at: http://www.electoral-reform.org.uk/safe-seats#sthash.bzlgcqGB.dpuf

Put it this way, I have never ever had any political canvasser knock on my door and we’ve lived in the area for over 25 years. There’s no point, it’s all decided before it’s even begun.

[Dave Rice]

Don’t worry about Cat 6 John, it’s a cabling standard and doesn’t need “support” from anything attached to it.

Cat 5 or Cat 6, it will make no difference to you.

[Dave Rice]

If your target only supports ver 1 then you’ll have to run ver 1.

Your WHS 2011 is based on Windows Server 2008 R2 so supports SMB 2.1 as does W7 and above.

[Author]

Posts