* Posts by Nick Ryan

1684 posts • joined 10 Apr 2007

LinkedIn mass hack reveals ... yup, you're all still crap at passwords

Nick Ryan
Silver badge

Re: Advice please

...or somebody guesses the master password, or watches you type it in, or the keepass encryption algorithm has flaws, or the application itself...

While services such as keepass are very useful they do shift the focus onto a single password with which an attacker will get access to a lot of services.

0
0
Nick Ryan
Silver badge

Re: Advice please

Keepass can run as an independent application and all it needs is to access your Keepass data file.

Keepass comes with a Portable version (no installer required), download from the keepass website itself: http://keepass.info/download.html.

The next step is that you need to keep the Keepass data file available to you. There are many ways of doing this, the issue is likely to not have a single (losable) copy on something like a memory stick and to instead use a web storage service of some form. Pretty much any of them would do as long as you trust the encryption of the Keepass application the strength of your password to it.

0
0

Google-backed solar electricity facility sets itself on fire

Nick Ryan
Silver badge

Re: Predicting Problems

Quite likely. However with this kind of engineering and design the default position and/or configuration should be "safe", which is the general requirement for many industrial systems. Any lack of power or "incident" response should return the mirror to a default "safe" state (good luck with this on a power loss scenario). Part of this was probably in place, however automatic monitoring systems in the tower should have triggered an "incident" alert and all or some of the mirrors should have switched to a safe alignment automatically. Now implement this to a very strict build and maintenance budget...

2
1

VMware flushes Windows vSphere client and Adobe Flash

Nick Ryan
Silver badge
Facepalm

Re: How hard can it be?

I'm no programmer, but how hard can it be to write a proper bit of software instead of some browser abomination?

or more usefully:

How hard can it be to write a proper web interface instead of some browser abomination?

There's a growing industry idiocy in attempts to replicate a rich application interface using JavaScript on a web browser. Whereapon it's no longer a web application it's invariably just a badly laid out and barely useable mess that just happens to be delivered through a web browser. Also, this isn't "HTML5", that's just marketing BS as HTML5 is nothing more than an extension of HTML4 and it's not a suddenly new or enabled environment to use with web applications.

3
0

Chaps make working 6502 CPU by hand. Because why not?

Nick Ryan
Silver badge

Re: I'll really be impressed when..

@Simon Harris

That sounds right. I suppose we could lookup the 6502 instruction set but it's quite interesting how well the instruction set comes back to memory despite so many years of not using it. I remember reading through it all in detail when teaching myself 6502 (6510) assembler as the C64 came with great manuals, particularly the Programmers Reference Guide(?).

1
0
Nick Ryan
Silver badge

Re: I'll really be impressed when..

From memory, yes: the X and Y registers had different capabilities when it came to the indirect/offset addressing modes.

I remember when I first figured out what one of the more obscure ones actually did, and then wondered if there was ever a useful use for it. Like you do I searched the entirety of both of the C64 ROM chips and couldn't find the instruction in use. Not a definitive use case, but it was what I had available at the time...

1
0

SHOCK: GM crops are good for you and the planet, reckon boffins

Nick Ryan
Silver badge

This still gets pushed around the Internet like it's true:

Greenpeace co-founder Patrick Moore now promotes vitamin A-fortified blindness-fighting Golden Rice, which Western NGOs are attempting to restrict in the countries that most need it.®

Patrick Moore was not a co-founder of Greenpeace and the more that careless reporters blindly reproduce this the more this incorrect statement gets spread. Not that it's just El Reg, the Golden Rice website also claims that Patrick Moore was a co-founder of Greenpeace when he is not.

Here's Greenpeace's take on it: http://www.greenpeace.org/international/en/about/history/founders/ (Patrick Moore was an early member, but not a founder).

However for me, there is only one Patrick Moore...

6
3

Motion Picture Ass. of America to guard online henhouse

Nick Ryan
Silver badge

Re: Business Philosophy

To be fair (yeuch, this hurts), when it comes to the ten year sentence for online pirating it's harmonising the online and offline maximum sentence values. As it stands, a repeat/serial offender dealing with physical media can be given ten years maximum, however a repeat/serial offender dealing online can only be given two years maximum.

While it makes sense to harmonise the maximum sentences, it does rely on the courts applying them sensibly rather than believing the rampant MPAA (US so shouldn't have any direct impact on UK judgments but yeah) and FACT lies about the supposed level of damage and therefore the level of sentencing.

1
0

A cracked window on the International Space Station? That's not good

Nick Ryan
Silver badge

The windows are probably key structural components keeping the atmosphere in while the debris shields are retractable and therefore cannot keep the atmosphere in - hence the need for spares. As for why windows, most likely two reasons - we're humans and like to look out on occasion and a viewing aperture like a window is considerably more flexible in use than a video camera.

1
0

Google asks Unicode to look over 13 new emoji showing professional women

Nick Ryan
Silver badge

Re: Who invented the term "emoji", and why?

The font of all definintive knowledge, Wikipedia, has a page explaining this: https://en.wikipedia.org/wiki/Emoji

Emoticons, originating with the ascii smileys, were generally to depict emotions. Emojis are essentially just pictures, which is kind of reverse evolotion for many languages but not incorrect as such because it's the nature of languages that they change.

1
0
Nick Ryan
Silver badge
Coat

Re: Discriminatory

And Pirates. Bastards. Where are the required array of pirate emojis?

There need to be a full spectrum of these with different eye patches, hats, skin colours, gender, scars and parrots. Never forget the parrots. The Norwegian Blue just doesn't get the recognition it deserves.

(my pockets are full of pirate stickers)

11
0

IE and Graphics head Microsoft's Patch Tuesday critical list

Nick Ryan
Silver badge

Re: Firefox is catching the Microsoft attitude.

Or possibly use Firefox ESR (Extended Support Release)

0
0

Engineer uses binary on voting bumpf to flag up Cali election flaws

Nick Ryan
Silver badge
Coat

Re: Amazingly, on sunday ...

Not so! One may also post XKCD links as well, not just Dilbert.

2
0

Why has Microsoft stopped being beastly to Google?

Nick Ryan
Silver badge

Re: Is this really Microsofts POV?

Pretty much, it's about the money and the route to it.

If you look into Microsoft's financials for quite a long time now, whatever division the Office suite is in is the one that's made the most money. The OS division, while a valuable enabler and lock-in aid, has been making less and less money over time. With other OSes being given away for free, the ability to sell "just" an OS is a harder and harder prospect particularly when the previous OS worked and continues to work fine. Microsoft are also finding this with the Office suite, because any further functionality they add is beyond what most users want or care about therefore selling a new version is becoming harder and harder.

The result? OSes are effectively free and while Office suites are, for the time being, a source of income as these become more commodotised this income will dry up and they'll become effectively free as well. However just because something isn't sold doesn't mean that it isn't valuable as an enabler for other sales therefore Windows 10, even if given away, has considerable value in pushing Microsoft's services and applications. Take Microsoft Office, currently it's arguably the best office application suite by a reasonable margin, or at the very least has enough remaining lock-in to keep users "loyal", however even this is being eroded by the likes of Google Docs which is given away for free. However both are being used to gently (or not so gently) push users into a cloud subscription - as in a perpetual, regular income.

3
0
Nick Ryan
Silver badge

Readers may well applaud the focus on the brave strategy of litigating to gain the user's trust – but wonder why Microsoft's continues to use aggressive malware techniques to persuade us to upgrade to Windows 10. Good question. Some consistency here would be welcome, Redmond.

These are both business decisions with, arguably, good reasons behind both.

By focusing on being a trusted cloud provider, is a very good call and aside from being a key sales point in Microsoft's favour, should also help to improve the entire hosted services (cloud) market.

Windows 10, despite a lot of annoyances (in particular with patchy upgrades and the horrible default security options), is a change of tactic by Microsoft in response to a very real market change, namely that Operating Systems are now just commodity enablers and the value is no longer in the OS itself as it's in the services and applications that run on it. Does the average comsumer or computer user really give that much of a stuff as to what Operating System their computer happens to run on? No, they just want to access certain applications, or types of applications, which for the vast majority of users are a web browser and a word processor of some form and it's useful to note that more and more the word processor is accessed through a web browser. There are exceptions of course, but these are more down to specific requirements such as applications that only run on a given Operating System or even version of the Operating System, largely games and specialist software. So from Microsoft's point of view, the value isn't in the OS, it's in what sits on top of it and in how they can help steer users towards Microsoft's offerings rather than alternatives. If the value of the OS is reducing and the enhancements that can be delivered as part of OS updates are diminishing, then why would users even care to upgrade? They won't, for example the distaste of upgrading from Windows XP onwards as in general user terms the previous OS did what they required. This leaves Microsoft tying to implement their services on a fragmented and messy OS base, which is far from ideal particularly how in the past they have intentionally intermingled application and OS features. Support five different end point OSes or just one? It's an easy choice and I'd make the same call. Getting consumers to upgrade to this OS is a different matter, although my prediction is that after the free upgrade period is over MS will seriously consider extending it "for goodwill reasons", the time pressure of the current fixed date for free upgrades will ensure that a large base of installed users are in place by then and the rest will tend to want to keep up with the masses.

8
1

What do you call an old, unpatched and easily hacked PC? An ATM

Nick Ryan
Silver badge

Re: physical intrusion

Many "through the wall" ATM machines may be secure enough from the front, however the rear of them where the access to the "interesting" parts can be had is often not so well protected. Just behind a screen or in a box and often with nothing more than a standard "security" hex style bolt keeping the case closed. I've seen a few with vents where one can readily see more interesting parts.

Obviously tampering with an ATM inside a bank is risky, however so is tampering with one outside as they're often covered by CCTV. However what you've missed in the article is the fact that the ATM networks are often so insecure, that gaining access to one of them will give the successful attacker access to many more ATMs, so even if it appears to be physically secure, how about the one around the corner inside the bank or even another branch of the same bank?

7
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

Nick Ryan
Silver badge

Re: Well...

The responsible Agency should keep an eye -now and then, depending of activity level- on anybody who is educated in Chemistry of Explosives, just in case.

That will include pretty much anybody with even a half reasonable education in chemistry then.

Making things go boom, and the formulas for these are generally quite simple. Particularly if you're the kind of "making things that go boom" person who doesn't really care too much about toxic residue or the overall efficiency of the boom as long as it goes adequately boom.

0
0

Tokyo rebrands 2020 Olympics

Nick Ryan
Silver badge

Yes, but....

Have the Japanese lawmakers created new, and entirely unnecessary laws, specifically to protect these trademarks of the money making organisation that is running the games locally? Or are they shamefully relying on the same laws that are already in place to protect every other business and individual but without such scope for higher financial penalties or due process skipping?

0
0

BlackBerry is pivoting from phones to enterprise software

Nick Ryan
Silver badge

IMHO it's very far from a good strategy. The IT industry is littered with the corpses and zombie marionettes of previous "named" organisations that decide to turn their back on their original market to "concentrate on enterprise", or "obscurity" as it's otherwise known.

0
0

Windows 10 Anniversary Update draws nearer with Inky preview

Nick Ryan
Silver badge

The annoyance here is that Windows has had, since Windows 7, a "Library" feature that lets you merge folders, but this is not used by default. On the positive side, search found my image instantly.

It's good new that the utter farce and king of stupid "libraries" is not enabled by default on Windows 10. While it works OK when reading documents of a particular type from a system because you get to see all of the locations together, it's a total disaster when it comes to saving a file because you no longer have a clue, or any particular control, where the damn thing will go. Unless you save but pointedly ignore and bypass libraries, in which case you have two disjointed interfaces, one for read and another for write.

5
1

Adobe scrambles to untangle itself from QuickTime after Apple throws it over a cliff

Nick Ryan
Silver badge

Re: Maybe Adobe should consider...

Not just video editing, randomly Microsoft PowerPoint requires that QuickTime is installed for many video formats. Despite other compatible CoDecs being installed.

0
0

How does a business make decisions? How should a business make decisions?

Nick Ryan
Silver badge

Is it me or is the message of this article contradictory?

The ending seems to be to recommend "big data" or in most business terms "just analyse the (limited) data you have and watch for trends" however the core message is that when bringing in a new product one has to look at the data that one doesn't have because there won't be sales data for a new product or service and predictions for uptake of a new product or service are often vague at best.

1
0

Win XP, Flash, Java... healthcare makes easy pickings for hackers

Nick Ryan
Silver badge

Many popular electronic healthcare record (EHRs) systems and identity access and management (IAM) software supporting e-prescriptions require the use of Java, factors which could account for the higher installed base. But this is bad news for security because Java browser plug-ins are a popular exploit route for hackers.

I strongly suspect that the writer is confusing the word "popular" with "common".

As for requiring Java, this is because these systems were designed and written by utter fuckwits who wanted to do the "modern web thing" but couldn't get the concept of web delivery and "applications" using a standard HTML interface (where we shouldn't have dumb OS dependencies) as they were too hung up on traditional windows applications. So instead they tried to write web applications as if they were rich client applications but in order to get the degree of stupid/control in the interface they found they could only do this using Java, which "obviously" wasn't a problem because it's multi-platform, right? Frustratingly we have a continuation of this level of fuckwittery but instead of Java, "rich client applications" are being coded in JavaScript. Same concept, same stupidity.

5
0

BOFH: Thermo-electric funeral

Nick Ryan
Silver badge
Joke

Re: Surprising how much thermal mass there is in the cool head of a hammer

All tools are hammers.

8
1

What's wrong with the Daily Mail Group buying Yahoo?

Nick Ryan
Silver badge

Re: The AOL Time Warner merger

Technically it was a "merge" with both organisations transferring into a new combined organisation, 55% of which was AOL, 45% Time Warner, as dictated by their current "value" at the time. The shifting of management positions and shareholdings would likely make for quite dull but insightful reading.

0
0
Nick Ryan
Silver badge

The AOL Time Warner merger was masterful. I'm pretty sure the case was that there were some very clever people at AOL who managed to hoodwink Time Warner (who were until this time pretty successful) into believing that AOL had any value, had any income and weren't the laughing stock joke player on the Internet. That would have taken some effort, but to somehow come up with a value in excess of Time Warner's was a masterpiece of creative accounting.

2
0

Google found 760,935 compromised web sites in a year

Nick Ryan
Silver badge

Re: 760,935 breaches Google detected

These days it's usually the applications that run on the webservers that are the source of the problem, not the web server itself. Earlier versions of IIS were a blight on the Internet, more recent versions are relatively safe; Not 100% safe of course, in reality that's that's effectively unachievable. The same with Apache, the security has improved since earlier versions.

And depending on your statistics, IIS is either doing quite well or is still quite a long way behind. It depends on how you filter and weight the results.

I'm more happy that there isn't a monocultore of web servers. Both IIS and Apache annoy for different reasons while performing administration tasks on them, both have strengths and weaknesses on this side and the performance front.

6
0

Censorship FTW! China bans Paris Hilton, minor Kardashians et al

Nick Ryan
Silver badge

Re: yah know...

If this were to happen what would the Daily Fail (and Facebook's "trending") actually "report" on. After all, I cherish all the articles highlighting that some talentless twat who's happened to be on TV at some point was photographed wearing swimwear. On a beach.

Now if the aforementioned twat was photgraphed wearing swimwear while going to the cinema then, yes, this actually has a tiny bit more interest to it (just for the stupidity). On the otherhand, please don't let the Daily Fail and Facebook know this otherwise there would instantly be many of these z-listers wearing swimwear to the cinema just so they can be photographed doing it.

0
0

Half of Facebook's Free Basics users ditch the freebie web-lite service for the paid-for real deal

Nick Ryan
Silver badge

Re: Just because my band is broad doesn't mean your web site has to be fat.

It's not just "abusing modern web APIs with oldskool web design" an even more recurring poroblem is "oldskool" windows/client developers abusing modern web APIs. These are the same kind of idiots that rather than use Flash to enhance a website instead chose to build an entire "website" out of one Flash object.

0
0

BOFH: Sure, I could make your cheapo printer perform miracles

Nick Ryan
Silver badge

Re: Slight tangent

The CD appears to have no function but to throw an error and initiate a sequence of downloads from the net. WTF has happened to the once-mighty HP?

They probably had to do this because there's no longer enough space on the CD for the two football pitches worth of legalise and disclaimers as well as the print drivers. Mind you, the way HP's print drivers are going there's probably not enough space on an otherwise empty CD, and DVDs are doubtless considered too expensive.

7
1
Nick Ryan
Silver badge
Joke

Re: There are times I like my workplace

You allow them to use a USB flash drive they found in the car park?

It would be churlish to liberally leave them around the car park and not allow them to use them...

12
0

Open-source vuln db closes – plenty of taking and not a lot of giving

Nick Ryan
Silver badge

Re: They woke up

Put simply, it's impossible to create an entirely "secure" development language/environment. All it needs is for an algorithm to be incorrect or not thought through fully and that's security "broken", and this algorithm could be anywhere from the lowest level memory management code to a public access statistics report.

Doesn't mean that we can't improve things though.

3
0

Contactless payments come to in-flight entertainment units

Nick Ryan
Silver badge

Some ghastly internal US flights. Probably delta, can never remember as the seats are sold on from one carrier to the next.

0
0
Nick Ryan
Silver badge

Great, even more "incentive" for arsehole airlines to foist (noisy) adverts on you from point blank range. Want to turn this shitting, annoying screen off sir? Just pay $.

I've suffered on a few of these flights and despite repeated thumps, yanks and many, many button presses the bloody things just keep on going unless you wave your credit card at them. Packing in-flight material around them to obscure the screen is frowned upon... I must remember to bring a sheet of cardboard and tape next time (ideally, plastic and superglue but those are harder to get through and even more frowned upon).

3
0

Truly crap exhibition dumped on Isle of Wight

Nick Ryan
Silver badge

Re: Er, what?

Still less lazy and ignorant than the cat "owners" (a.k.a. staff: dogs have owners, cats have staff) who don't bother to train their cats to go in a litter tray and instead leave them to piss and shit all over the entire neighbourhood.

11
8

Legion of demons found in ancient auto medical supply dispensing cabinets

Nick Ryan
Silver badge

IIRC the barcode scanners aren't really the problem. The fingerprint reader is much more of a custom affair and that's before you get to the customised keyboard.

0
0
Nick Ryan
Silver badge
WTF?

Re: Firewall?

there lies your problem: that won't happen. No-one would authorise or pay for an intermediate kludge program that sits between these systems and the drug suppliers own proprietary software. Too many things to go wrong. Besides which, it would destroy the logic of having these machines, where all the stock control is done at "point of sale". Putting another step into the system destroys that ability

Ah, erm. There is an "intermediate kludge" system that sits betweeen these (effectively POS, possibly Point Of Dispense) systems and the hospital patient records system. The theory is that there are two separate network segments, with the system running the "intermediate kludge" software acting as the gateway, effectively the router.

Sensible enough, until you combine this with a couple of issues - this system is rarely, if ever, patched and until a couple of years ago ran one of the least performing AV systems. The windows administrator and other maintenance user passwords for this system are, of course, hard coded.

2
0
Nick Ryan
Silver badge

Re: RE: Air gapping

Has nobody heard of VLANs? Combine this with network device authentication and even if the wrong device is plugged into the wrong port it won't get anywhere.

0
0
Nick Ryan
Silver badge

Re: Wonderful options available...

Nope. Hospitals are a regulated environment, which means anything that runs there MUST (by law) be approved by the government (otherwise, any suits as a result of faults default against them).

I can honestly say that this is not the case.

1
0
Nick Ryan
Silver badge

Re: XP embedded?

These systems are running XP embedded. I know, I was trained on them, ooh, about 6 years ago. AFAIK these models are still being sold.

The bad news is that CareFusion (actually part of the BD group) have an almost comical suicidally backwards approach to technology, in particular computing. At least they had then and I haven't heard of any major strides forwards on this front. And they have a lot of them in place and frankly if they work, then a hospital will shy of replacing them and if CareFusion repair them, they take care to put them back pretty much just as they were.

2
0

How NoSQL graph databases still usurp relational dynasties

Nick Ryan
Silver badge

Re: Best Tool

A serious problem is where proponents of one technology or another attempt to force use of it in fields where it's not ideal.

Yes, a NoSQL, or unstructured database can represent users and credentials however an SQL database tends to do this better and more efficiently. On the other hand associating arbitrary data with a particular user sometimes lends itself more to NoSQL rather than SQL. Similarly representing an arbitrary tree structure or membership for a field value is something that neither standard SQL nor NoSQL do particularly efficiently which is where the flattened reporting databases come into play, sharing features of both SQL and NoSQL.

Ideally I'd like a seamless NoSQL and SQL database where the most appropriate storage method can be used without having to have multiple independent database connections and therefore effectively preventing transactional functionality.

1
1
Nick Ryan
Silver badge

Re: Someday?

Ironically your example - finding friends' friends - is a fixed two level depth query and therefore easily solved using standard SQL and could be done using Oracle/Ingres/RDB/Sybase/DB2 at least as early as 1985.

I'm glad I wasn't the only one wondering what was so hard about this query.

Finding depth at an arbitrary, programattic, level is a little more interesting on the SQL front but a fixed query of "my friends" or "my friends' friends" is simple - as long as the database hasn't been designed by a muppet of course.

1
0

Error checks? Eh? What could go wrong, really? (DoSing a US govt site)

Nick Ryan
Silver badge

Re: It could always be worse.

Does this mean you disapprove of Intercal's COME FROM?

You should have asked more politely.

PLEASE COME FROM...

0
0
Nick Ryan
Silver badge

At least the keyboard not found press any key message has a bit of logic behind it; after resolving the problem you can actually follow the instruction.

That was the theory. Unfortunately most keyboards prior to USB such as PS/2 but also the old DIN connectors which were electrically the same were not hot pluggable and doing so could, but pretty unlikely to in practice, damage the control circuitry.

1
0

Hands on with the BBC's Micro:Bit computer. You know, for kids

Nick Ryan
Silver badge

6502 registers limited? Pah! We had loads to choose from! A, X and Y for a start. Then we had the status register, a stack pointer (generally best left to the processor itself, but you could have fun manipulating it) and a program counter (current execution address).

It was a dream compared to the Z80.

10
2

Microsoft to add a touch of Chrome to Edge

Nick Ryan
Silver badge

Re: Internet Explorer

Edge doesn't support ActiveX so can't be used for those hideous older Sharepoint sites.

While I really appreciate the impending death of ActiveX, unfortunately it's not just older SharePoint sites that rely on it. It's used for horibblenesses such SharePoint Excel services integration, although at least this one is being depracated/removed in SharePoint 2016.

0
0
Nick Ryan
Silver badge

Re: Finally a solution...

Yes, but hiding file extensions is a feature that some fucknut marketing idiot in Microsoft decided to force on users "to make things easy". Or just to confuse the living shit out of a great many users because they now have no clue what a file actually is without double clicking it and seeing what happens. These are the same users that can generally cope with the file extension indicating a meaning and usually, after a few prods, get the idea that to change a file from one type to another one cannot simply change the file extension.

6
0
Nick Ryan
Silver badge

Internet Explorer

remember Internet Explorer is for businesses

Largely because:

a) Group policy actually does something with it

b) The clusterfuck that is SharePoint relies on it, or more accurately it's bugs, non-standards and Microsoft specific plugins. And MS are still in the pushing SharePoint at everything they can game.

Unfortunately this doesn't stop Microsoft still setting Edge as the default, uninstallable browser in Windows 10 Professional and Enterprise editions (made worse as it has a near identical icon to Internet Explorer as well). Hijacking the default PDF file association is another gem as well.

6
0

Microsoft's equality and diversity: Skimpy schoolgirls dancing for nerds at an Xbox party

Nick Ryan
Silver badge

Re: Sex is a marketing way to sell stuff? What a news!

Might have gone to a few more tech conventions and a few less lingerie conventions had I known about this.

Might have gone to a few more lingerie conventions and a few less tech conventions had I known about this.

There. FTFM :)

3
0

Forums