IT professional specialising in Microsoft SQL Server, Windows Server and Azure based in West Yorkshire, United Kingdom. Driven to learn, improve and create better IT outcomes for clients. Open water swimming enthusiast and facilitator for Andy's Man Club.
I remembered this week that I’ve not posted here for a while so in the interest of (1) confirming I am alive, (2) making some fluff up to prevent the blog from looking “abandoned pending domain expiry” and (3) to get back in some kind of rhythm.
Honestly it’s been busy. Nobody wants to stand still and as we all work out what’s going to be the “new normal” there’s a lot of push for cloud, automation and remote connectivity. That means a lot of work to be done so less time to have a natter on the blog.
Hopefully I will have a new laptop to review pretty soon so watch out for that.
Canonical have today released Ubuntu 21.04 dubbed Hirsute Hippo (apparently that means “hairy”). This is a short-term support release with 9 months of updates to be had.
Hairy Indeed
There are a number of changes including support for joining Microsoft Active Directory, support for the Wayland server by default and a visual refresh among other things. Of course you’ll also be getting a more recent version of the Linux Kernel specifically number 5.11.
I have yet to get my trusty XPS 13 out to commence an update but if you get the torrents you’ll be served by yours truly from my NAS whilst I go visit the pub for the first time in about 5 months.
Speaking to a lot of people right now everyone’s at the stage where they’ve not much to talk about seen as they can’t leave their homes and…you know…do interesting things. I am looking forward to being back swimming and for a pint at the pub (not together though).
In the meantime I put a fresh lick of paint on the blog. Enjoy.
If you’re in the SQL Server world you should be aware of this by now however for those who’ve been busy getting stuff done this week Microsoft have released a security update for SQL Server described in full in KB4583459.
Data can be sent over a network to an affected Microsoft SQL Server instance that might cause code to run against the SQL Server process if a certain extended event is enabled. To learn more about the vulnerability, see CVE-2021-1636.
Patches are available for SQL Server 2012 and above with currently supported service packs. As it’s most people’s best interest to maintain a SQL Server that doesn’t allow this to happen it’s a great idea to get this patch installed now. If you are intending on ruining someone’s day with this exploit I wholeheartedly apologise for spoiling your fun.
I anticipate quite the majority of my clients will “accidentally” end up with this patch through Windows Update which is probably for the better (exceptions given if it somehow kills the SQL Server).
In the UK we have gone into Lockdown 3: The Winter Crisis so there’s not much Round Tabling, swimming or pubbing to be done until the COVID-19 virus is brought under control. Fortunately consultancy is back in full swing so the bills are getting paid.
Priority number one and two for 2021 will be to stay safe and get the vaccine respectively. As a child my parents would always tell me to play outside and avoid any drugs especially needles. In 2021 they’re telling me to stop inside and get a jab as soon as my turn comes up. How times change.
Over Twixmas I did try my hand at building a PiHole on a Raspberry Pi 3 Model B that has been lurking in my drawer but I scrapped it after a week. I felt the omission of DNS over HTTP/TLS by default is too important to overlook. I plan to build a WiFi 6 core network at my house sometime in 2021.
Meanwhile I’ve been discussing PC builds with some good friends of mine as we’re enjoying Cyberpunk 2077. I’m currently drawing up a parts list for my next custom build I’ve provisionally called Build-V. Yes that is indeed because it’s the 5th custom build I’m intending to put together and yes that’s where all that petrol money I’ve saved is going.
Recently with work I’ve been on a lot of customer maintenance jobs: patching our cloud systems, upgrading Making Tax Digital add-ons and also tidying up with a few ongoing projects that are about to go live. It’s strange because I’m used to being booked by clients for a full day and now I’m often working a couple of hours a day per client. The (electronic) paperwork is good fun.
I was eager to play a certain title from a certain Polish studio that has certainly been the most anticipated game release of the year and also probably the reason there’s not been much going on in IT this week. I decided I would order a physical copy and it’s still progressing through the Royal Mail’s network which is very overstretched right now.
No matter because that gave me enough time to finish another game I had recently started:Ion Fury developed by Void Point and published by 3D Realms.
Ion Fury is a First Person Shooter (FPS) built on Build Engine that powered Duke Nukem 3D. As such don’t expect photorealistic 3d graphics. Sprites and old fashioned 3d levels are in here. It’s a very nostalgic and overall very fun shooter. You play as protagonist Shelly “Bombshell” Harrison who’s on a mission to destroy Dr Heskel’s laboratory after his goons interrupt her night on the town and spill her watered down and overpriced beer.
The game is pretty much a back-to-basics shoot ’em up. As such there is no regenerating health or shields so health and armour must be replenished by fighting through the level. I know a lot of modern FPS games favour a regenerating health system however I feel this sacrifices tactical gameplay where the player must plan their attack out accordingly. Fortunately with Ion Fury I found this was a really fun and refreshing game to play.
The sound and visuals for the game are also fantastic. Shelly drops the occasional Duke Nukem-esque one liner (although nowhere near as sexist) and Dr Heskel (voiced by John St John who is the voice of Duke Nukem) periodically contacts Shelly through monitors at various points in each level to offer put downs and threats of annihilation. The enemies are a mix of cyborgs, cultists, spider-like heads things and augmented rats each with their own unique sound effects. The world of Ion Fury really comes alive through the headphones.
I’ve thoroughly enjoyed playing through Ion Fury. The end-game boss posed a significant challenge and I had an approximately 11 hour play through which feels just about right for an FPS. I’d recommend it to any old-school FPS fan for Christmas.
We’re probably all aware by now of a certain fruity tech company has decided to jump the Intel ship for their laptop and desktop lines after pleasing results in the phone and tablet markets. Mac fans, reviewers and interested tech peeps have been receiving the first machines powered by the M1 chip and the initial reviews have been intriguing to say the least.
Remember this?
There was a lot of hype around the Apple event on November 10th, 2020 and then a lot of scepticism around the performance claims. Performance numbers were missing and comparisons were made to older Mac hardware running previous generation Intel processors. When the store went live the concern was voiced regarding memory topping out at 16GB. I understand you creative types need a lot of it. The memory and storage upgrade prices are also absolutely appalling to my delicate Wintel eyes. It costs £200 to double the storage from 256GB to 512MB or 512GB to 1TB. 2TB will set you back £800. Not a completely fair comparison but you could have yourself two 2TB NVMe SSDs for that price.
Initial reviews suggest that the hype is actually real. I’ve been skim reading reviews and Apple has apparently delivered. This news has made me happy for a number of reasons. The PC market needs a shake up and the Wintel stranglehold in both the PC and server market needs challenging. But there’s also another nostalgic reason I’m reminiscing about.
Some of you may remember the old Acorn computers at school. Back in my day we had one Acorn computer per class of around 30 kids. I don’t exactly remember what model of Acorn they were but it was the first computer I got to use. There were many crude drawings made in the paint program and there was a cool game about setting sail as Christopher Columbus to try and find America which nobody beat mostly due to crew mutinies and inclement weather leading to a sinking (should anyone remember the name of the game and have a link please comment as I would love to play it again).
Eventually by the time I reached year six (age 10) someone found some spare pennies in the budget and so the venerable Acorns were replaced by Intel powered Windows 98 machines at my school. Acorn computers eventually disappeared from the market but their ARM Holdings subsidiary lived on to become the dominant designer of CPU architectures in the world. Although not owned by a UK shareholder any more I am thrilled that a home grown company has reached the top in the tech world.
The long term question will be how this affects the PC from this week. I have had doubts about the Microsoft ecosystem both consumer and business when it became apparent that the mobile strategy was being abandoned and eventually when the “next” Windows (i.e: Windows 10) was sold to the market as a service and not a product. There doesn’t seem to be much interest in the store and UWP is met with arguable hostility as well. Microsoft’s focus under Satya Nadella has been cloud and Windows is looking very much vulnerable to a changing world. People’s main drivers aren’t their PCs or laptops any longer. It’s their phones and Microsoft decided to abandon that race long ago.
I was considering a new Ryzen based PC build to replace my ageing Intel Core i7 6800K, GeForce GTX 1080 Founders Edition, 32GB DDR4-2400 RAM, 1.75TB SATA SSD system but current events conspire against me as things seem to be in short supply. With Apple bringing ARMageddon (sorry) however what does that mean for PC Gaming builds anyway? There’s a cool video been posted* with someone testing editing a 144 track Billie Ellish song in Logic Pro fully loaded with plug-ins on both a basic M1 Mac Mini with 8GB RAM and a 10-core i9 iMac with 64GB RAM. I don’t fully understand what I’m looking at but apparently it’s surprising that the M1 Mac Mini can handle it at all. If Apple gear can also deliver similar value for gaming well what do I need this tower for?
There’s not a lot of sense in jumping to conclusions about all this yet but the shake-up appears to have happened and it would appear that Acorn is going to win the PC war after all.
*I won’t post the link as it’s hosted by a company I don’t like for tax evasion, privacy, lobbying and many other reasons.
I’m going to let the whole thing settle down before I jump to any conclusions because let’s face it that’s as much exercise as some armchair political pundits have had for the whole crisis. I’ve also just had to peel myself from the ceiling reading a Reddit comment describing databases as “one of the lowest forms of computing”.
Take a deep breath. The UK.gov failed to disclose circa 16,000 cases of COVID-19 allegedly because of a technical problem that turned out to be the Excel spreadsheet they were using surpassed the 1,048,576 row limit in Excel.
No I don’t know either.
I usually steer clear of politics but seen as we have spent around £11 million quid on the initial contact tracing app which didn’t even work I feel like it’s all becoming a bit of a farce over there. Thank goodness Dido Harding is at the head of the new alphabet soup in charge of public health in England otherwise we’d be really in dire straits now.
Like I said before I’m absolutely not jumping to conclusions. I’m getting my exercise elsewhere and I’m coming on leaps and bounds with my sarcasm problem.
From time to time we have to be the family’s IT support. It comes with the profession. Today I had work to do for Mum and Dad. The CCTV just wasn’t working. They were going on holiday, hadn’t checked the cameras in a while but they weren’t accessible from their phones. They really wanted them back before they went away.
The tell tale signs quickly came apparent after I logged in to the NVR (Network Video Recorder) which is a Dahua model. The camera list read “HACKED”, “CHANGE”, “FIRMWARE”. The issue with the device falling off the network turned out to be that a deliberately faulty IPv6 address had been set which also knocked out IPv4 communication.
Best I can tell they had fallen victim to an attack that appeared back in 2017. The default super user account for this NVR is ‘88888888’ and the default password is ‘888888’. Last time I’d checked out the CCTV I noticed this was in place and I really should have changed this. On Dahua NVRs this super user account should not be accessible from remote. The system should check if the access request had been made from local or remote and – in case of the latter – deny access accordingly. The flaw apparently is that this check isn’t properly done. The article linked also references a Facebook post which suggests that using Dahua’s DDNS also made it easy for the attackers to identify and target vulnerable devices. My parents were indeed using Dahua’s DDNS.
In other words the system was a sitting duck on the internet.
I can only assume someone out there has written a script to look for vulnerable Dahua devices exposed to the internet, log in via the admin account using default or easy to guess passwords and then apply setting changes to forcibly remove these devices off the internet. Malicious but also a public service. The device runs an embedded version of Linux and could have easily ended up part of a botnet if hacked firmware was uploaded.
To resolve the attack I reset the unit to factory defaults, uploaded new firmware to both NVR and cameras then set accounts with strong passwords using the XKCD method. I do not have a high trust of IoT devices but not being particularly happy about going up a ladder to replace the cameras this was the best I could do.
It should be noted that Dahua’s website is diabolical for finding firmware updates. You cannot just search a model number to find the device and associated firmware. I needed to check a load of firmware releases to see which ones were pertinent. I had a few attempts with what I thought was correct firmware but apparently wasn’t. I am thankful that the devices can do checks of the firmware to be installed because the risk of bricking the devices in this scenario is real.
In the industry we all know the lessons and we all recognise when a chain of events start happening and not get stopped then the results can be catastrophic. In the case of my parents I assume someone’s shut off network access deliberately but the reality is that someone could’ve used the CCTV access to determine that nobody was in the house. The cameras point to the drive where their cars are parked after all.
Let’s conclude it by reiterating the standard points:
Default passwords (and arguably account names) aren’t acceptable for an internet facing device. I had an opportunity to change it and I didn’t. Whilst the admin account should not have been accessible remotely it was thanks to a firmware flaw. Changing that password could’ve stopped this attack in progress.
Firmware updates need to be done as often as they become available. Security issues happen. Pobody’s nerfect right? As soon as those vulnerabilities and fixes become apparent they need to be tested and deployed.
Trust is a weakness and no trust is owed to the average IoT device. The industry is notorious for bad security practices and abandoning devices within a short lifecycle. Ideally these devices shouldn’t be left open on the internet but placed behind a VPN where the access can be defended slightly better. That’s not a practical solution for most home networks so there must be an accepted risk.
I will reserve judgement on using a DDNS. The CCTV was registered with a *.dahuaddns.com address which I suppose makes it pretty easy to focus an attack if you can narrow it down to specific devices or a single manufacturer. I would suggest using a static IP instead but my parent’s ISP does not offer this. Comment below if you have anything to offer on this as I don’t know how much safer you are with a custom DNS.
