Posts by John H Woods 3577 publicly visible posts • joined 14 Nov 2007
If someone promised me something by 17:00, and I didn't get it till 17:59, I would be a lot happier with an apology and an acknowledgement that it was an hour late than I would be with them trying to tell me that not only did they actually mean any time between 17h and 18h, but that everybody knows that's that what it means.
(IANALBIPOOTI) If I had one of these, I would be sending it back to the *seller* for a refund or replacement. We need to establish that routers that have vulnerabilities like these are simply not fit for purpose; any more than an ostensibly secure door lock than can be opened with a bit of judicious jiggling.
"You have to assume that anyone with an agenda already knows the phone numbers of most of your workforce" -- NumptyScrub
Agreed, but I don't think that being aware that serious actors already have this information should cause one to drop one's guard -- I doubt the person who provided the number thought it through and decided, well, all our enemies have the director's personal number anyway, so what's the harm? Giving away a personal detail like this is symptomatic of an organisation inadequately defended against social engineering attacks.
It seems to me that it may not be that big a deal that someone fluked a call through to the PM, as long as he's smart enough not to be social engineered (is he?). But the handing out of a mobile number, whether classified or not, for any employee, let alone a senior one, is a serious security breach. You try phoning my company (a bit of Googling will tell you who it is) and I will be absolutely gobsmacked if they give you my mobile number, job title or even confirm that I work there.
We expect GCHQ to be at least as resistant to social-engineering as major corporations, don't we? What really worries me is if the disclosed number was used to enable the second incident - did DC see a caller ID which initially led him to believe it was the director of GCHQ?
"It would be interesting to hear the author's view of how repressive and intrusive UK legislation and proposals are vs. Thailand."
It would be interesting yes. But I've never been a sucker for the fallacy of relative privation ("it's so much worse in Thailand, so what are we complaining about"), and I think we need to be clear that, inasmuch there are 'nuances', these should not exist at the level of the IT professional, however senior or experienced. Judge says surveillance on those people there, IT professional says OK. Anybody else says surveillance on those people there, IT professional says NO.
"My laptop does that all the time. It's Linux Mint and it's called a "feature" :D"
It's not Mint, it's GRUB. And it's easy to configure to, amongst other stuff:
1) autostart an entry after n seconds
2) default to the last started entry
3) not show a menu unless requested
Sounds like you need (2) and (3) - a few minutes work with a search engine will tell you what to do.
[Edit: you can use the tool grub-customizer if you don't fancy editing the config file]
... not only in the long term moral sense of 'defending our way of life by throwing it away' but also in the tactical sense of enabling teenage basement-dwelling jihadi-wannabes to entirely paralyse the security services simply by generating false leads --- without having to do anything remotely approaching the level of donning a vest.
... and something is odd in the bar chart. Sure the data looks "logarithmic"*, but that graph ain't. (and if it were, of course, the data would look linear).
*yeah, I know, this way round it's an exponential decay. Although without some curve fitting there's a number of distributions this could be.
[Edit: a closer look at the text suggests the author could have meant that industry bar charts have to be logarithmic or otherwise they'd look like this. I think it could have been a bit clearer - perhaps the inclusion of one of the mentioned logarithmic graphs would have been helpful?]
I'll take a horrible job for $$$, a moderate job for $$ and a brilliant job for $: so would most people.
However, last time I looked at the contractor market I was offered day rates significantly below what I make as a permie.
Recruiters: if you want a smaller number of people to do what would ordinarily be the work of a larger team, plan to spend 80-90% of what you'd need for the full team. Less than that and your small number of people will create an even bigger problem, very quickly indeed.
Something like (politeness adjusted up or down depending on context):
"Sorry, but you've been had - that is a false story from over <N> years ago <link>. If you want to avoid getting had again, check these: <link> <link> <link>" [Usually snopes, hoaxslayer and google].
It also helps to educate people about the 'blue tick' so they don't think it really is Range Rover giving away a brand new Evoque to a random 'liker' that says what colour they want.
The third time I have to send personal messages like these, I block or unfriend. Over time, my feed has cleaned up nicely!
"Given that Facebook has taken 10% of my employee's productivity - then I need to employ an extra 10% of staff to get the same job done. Of course 1% of this would be re-taken by Facebook and so on."
You need to employ an extra ~ 11.1% of staff. It's the same percentage problem you get when sellers have a "no V.A.T." sale and people (often the sellers themselves!) think this means 20% off.
Apart from expressing the fact that the script writer was a total jerk - I could forgive it if it weren't so clear they realized it was dangerous and couldn't be arsed to do a 10 second google to see how to phrase it - I'm like to know what people recommend here. Removal of backup devices or media is obviously good, but what are the additional strategies here to defend against executables you want to trust, but not completely?
Back up to tar files (preserves permissions and owners), which themselves are owned by 'backup' and/or not writeable? Run such executables as a different user? Chroot them?
Haven't had time to play GT5 but I remember GT4 as a highly moral game. You could do immoral things, sure, but that was up to you. Murdering prostitutes for money is certainly possible, but that arises as a consequence of open-world gaming with detailed supporting logic; I got to 100% without murdering a single prostitute.
As a projector user I already find the currently fashionable habit of cutting to white rather than black; (and minimalist slogans on a bright white background) rather uncomfortable. Looks like watchers of regular TV will soon be joining me in shielding their eyes.
"Colleges, the health industry and athletes seem to have cottoned on quite some time ago." -- Bassey.
In fact, I remember a highly respected nutritionist (one of the WHO senior advisors at that time) at Oxford Brookes telling me that the link between the plasma markers and what one actually ate was embarrassingly weak, and when added to the uncertainty between the markers and the diseases, pretty much left you with nothing more than "eat sensibly and exercise sensibly" - the same advice, as he pointed out, that has served people well for thousands of years. This must have been about 25 years ago.
In addition to many excellent suggestions (thanks) in the article and the preceding comments, perhaps I could just mention Emacs; the UnxUtils collection of native (not cygwin) core utils; the whole of the rest of the suite that ProcessExplorer belongs to (Autoruns, Handles, Sysmon, PSservice etc). Also something for mounting ISOs is nice (I use VirtualCloneDrive), and on the subject of disks, I love WinDirStat and its graphical representation of how storage is used (roughly equivalent to Linux's Baobab). And is it just me that loves Q-Dir as a Windows Explorer replacement?
I also like to have a few extra command-line binaries like sha256sum, base64 etc.
(Probably just me, but I always have GnuPlot, GeoGebra and a free Smalltalk development environment - such as Squeak or Pharo - as well)
And - not an application, but any windows system I use, first thing I do (ok, after installing a Dvorak keyboard YMMV) is to put the task bar up the left hand side, with small icons, so you can actually read what the windows are! And what else are you going to do with all that horizontal space when the vertical resolution doesn't allow 2 A4 sheets side by side?
Some people don't. I was in a TV shop years ago when 100Hz was new and a couple came in asking which where the 100Hz TVs. The salesman went to find out, and I just pointed out the ones I could see. "You know a lot about TVs?" they asked? "No - I can just see which ones aren't flickering" I did wonder why, if they couldn't, they wanted a 100Hz TV.
Judder, audio and video artefacts are similar. They drive some people wild, and others barely notice. But -- it's still completely unacceptable for Google to manufacture an international product that only works properly in the USA. It doesn't cost less in the UK because it is less suitable - you'd have a good argument for taking it back as unfit for purpose (IANALBIPOOTI).
"But imagine that somebody killed your relative ..."
Stupid argument, I'm suprised you're not ashamed to make it. I was going to explain why it's stupid, but I'm sure you're too stupid to understand, so I won't bother. Perhaps I'll just ask whether you would like government/police operated TV throughout your house? No? But what if somebody killed your relative?
"Anyone else would have fitted the spare and carried on..."
Since you appear so interested: I attached the tube of Tipp-Ex thoughtfully provided by Audi; attached the 12V inflator as instructed; and it all blew out of the tire all over the road. Obviously there are other circumstances that could have been impossible for a driver to even attempt a repair.
If you are *really* interested, the situation was complicated by the fact that it is a company car, operated by Lex, whose 24 hour line goes straight through to the defunct RAC number. So I can't just call the AA, tell them the RAC are tossers and that I want to change membership. I can't have the car towed by A N Other contractor as I have no authority to do so, and no-one to contact to get that authority. It is a cabriolet, in the middle of nowhere, at 02:00 on a freezing cold winter night. I have two phones on two different networks, a blanket, water, chocolate. I think the idea that I was unprepared is ludicrous - my only mistake was giving the RAC so long to answer the phone before calling a cab, but I knew it was going tobe more than £100, and hard to reclaim (it was -- actually, I still haven't got it back).
I had the misfortune to have a blowout 5 minutes into a 4 hour RAC outage earlier this year. They blamed 'Vodafone'. I told them I thought it was pretty unsatisfactory, given that their entire business model is answering the phone and dispatching patrols that they didn't have a backup.
For instance, I could have tweeted them my location. At least they could have announced their outage on their website and I wouldn't have waited several hours before giving up and calling a taxi. I was also amused that they told me 'coordinates don't work' when I told them my location.
Still, before I ramble off about that, my point is this: what is all this single-point-of-failure nonsense and could it possibly have anything to do with 'corporate cost control' being all the rage rather than an emphasis on achieving the business' publicly stated goals?
"I'm afraid the engineering-a-bridge equivalence argument that people like to cite doesn't apply because the software logic in a large system can be exponentially more complex than the maths involved in making a bridge stay up" -- boltar
Exactly - if bridges could fail because of a submillimetre-sized misalignment, there wouldn't be any still standing. There are essentially no engineering problems in any other discipline that approach the complexity of software engineering problems.
"I'd love to know what they'd gain by imprisoning me"
I still don't get your mindset; you cannot imagine being framed, Colin Stagg style, but you can imagine the very unlikely situation that you are involved in a terrorist incident.
The simple stats are that the police or security services are more likely to kill you than the terrorists are. Now, say they do, would you rather your family eventually get justice and compensation or would you like to live in a world where whatever the police or security services do is right by definition?
"I still can't see it ever happening to me ... either way I'll take my chances." - jon48
So, you're prepared to take the risk of your rights being eroded, but you aren't prepared to take the much smaller risk of being a victim of a terrorist attack?
Here's my get-rich-quick tip for you: instead of paying your household insurance, spend the money on lotto tickets.
... in a tank opposite the telly --- they would get fed when the evening's telly was over. When the telly went off, up they all came to the surface; I swear some of them even learned to recognize the tell tale signs of the cast-list going up before I even hit the off button.
Even C. a. auratus are certainly a long way from the "Holy Carp! When did I get a castle?" stereotype.
"Humans have lived for hundreds of thousands, if not millions, of years without this kind of tat" -- jake
For most of those millenia, 35 was old. Whilst I agree with your sentiment in a lot of cases, hard data can be useful. My old GP used to reckon that if every bathroom scale was swapped by the NHS for a blood pressure monitor, several lives would be saved: you know if you're fat when you put on your trousers; you pretty much have no idea what your BP is without measurement.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
