* Posts by Tom Wood

470 posts • joined 14 May 2008

Page:

Brexit threatens Cornish pasty's racial purity

Tom Wood

Re: Swings and Roundabouts.

"The EU does not allow origin discrimination of that nature on goods, hence the need for the "protected origin" scheme and the roomfuls of bureaucrats to administer it."

[citation needed]

19
3

HR botches redundancy so chap scores year-long paid holiday

Tom Wood

January 1st?

When has anyone ever worked on New Years Day?

11
0

LinkedIn mass hack reveals ... yup, you're all still crap at passwords

Tom Wood

Re: Attitudes to risk

"ANY information they can glean from it can be used to reconstruct your identity, at least to the point they can employ social engineering to get more information and then eventually they have enough to compromise or steal your identity."

They *could*. But *would* they?

Your common-or-garden cybercriminal, much like your common-or-garden house burglar, will go for the easiest targets. They're after quick money not some convoluted identity theft.

In practice, my LinkedIn password is better than "password" or "12345678", but not as good as 12 truly random characters or whatever. Which is fine, as long as there are lots of people who have passwords worse than mine; just as my house isn't likely to get burgled as long as I have pretty good locks on the doors, and the guy down the street has crap ones.

2
0
Tom Wood

Attitudes to risk

I really don't want someone to get access to my bank account, or my email account, or root access to my servers, so I use secure passwords for them.

But LinkedIn, or for that matter some random forum such as this one, what's the worst that can happen if someone logs in as me?

The main risk if someone steals my login details from the likes of LinkedIn (or indeed this forum, which doesn't even use a HTTPS connection...) is if I use the same email and password combo for either this site and others, or for my email account, in which case they can get access to all the "forgotten password" emails and the like.

But if I don't, then what's the problem?

I have a better lock on the front door of my house than I do on my garden shed, for much the same reason. Get into the shed and at most you can steal some plant pots, potting compost, barbecue charcoal and a bit of garden furniture maybe.

9
1

Three UK: Our MMS prices are up. Get around us with WhatsApp or Skype

Tom Wood

Ryanair logic

Customer: "Why is X so expensive? Surely it doesn't cost you anywhere near that much to provide the service?"

Ryanair/Three: "Well, you don't have to use X."

It doesn't really answer the question, even if they are correct that you can generally avoid the charges by jumping through various hoops.

5
1

Bloaty banking app? There's a good chance it was written in Britain

Tom Wood

LOC was thrown out as a useful measurement for *coder productivity*.

It used to be assumed that the more LOC per day, the better the coder.

Now it is often believed that less is more, simpler is better, so actually writing negative LOC could be a very good day indeed. Hence the argument in the article that fewer LOC in non-British banking apps is a good thing.

13
0

Blighty starts pumping out 12-sided quids

Tom Wood

Re: iSIS

http://www.mirror.co.uk/news/uk-news/royal-mint-forced-change-name-7657745

1
0
Tom Wood

Re: counterfeit pound coins

Yes - depending on which article you read something like 30-45 million circulating pound coins are fake.

2
0
Tom Wood

Re: iSIS

They actually seem to have quietly dropped that name since 2014 - the link from the article redirects to a different page. Can't think why.

The potential security features are intriguing though. Could the coins, rather than being just a lump of metal, actually contain some kind of chip?

4
0

One-third of all HTTPS websites open to DROWN attack

Tom Wood

read the details

A server that supports TLS 1.2 is only vulnerable if it or some other server that does support SSLv2 is using the same certificate.

1
0

Cameron co-opts UK mobile industry for EU Remain campaign

Tom Wood

Re: BBC bias

Yes, every BBC Radio news bulletin I've heard in the past 2-3 days has had a brief "x says we should remain in the UK for y reason" from the newsreader, then some spokesperson for the UKIPs/Tories/other xenophobes of choice have been given a 30 second clip to spout complete tripe arguing about why we should leave.

I've not heard a single clip spoken by a correspondent from the "remain" camp.

9
2

Good thing this dev quit. I'd have fired him. Out of a cannon. Into the sun

Tom Wood

Either always use braces, or use Python...

6
0

GCHQ’s Xmas puzzle proves uncrackable

Tom Wood

Re: QR code?

There are online "scanners" that work from webcams or uploaded images. You could have reproduced the QR code in MS Paint or similar if you really didn't have a way of photographing it.

2
0

DWP building a separate ID tool as Verify can’t cut it, whisper sources

Tom Wood

Re: This is a solved problem surely?

Yes, but this is once you have a bank account. Setting up a bank account if you've never had one is a surprisingly difficult task. Especially for recent immigrants (e.g. refugees granted asylum) who have no identity history in the UK and may not even have ID documents from other countries.

It's these sorts of individuals DWP in particular will have difficulty identifying.

I imagine the Verify system would also struggle to identify many of those particularly of an older generation who even if they have a bank account may not have any debts (so no credit record), have no driving licence or passport, etc.

9
0

New gear needed to capture net connection records, say ISPs

Tom Wood

Re: How exactly does this work

@Missing semicolon:

You are correct. But the URL is inside the HTTP request itself - not in the packet headers - and is encrypted for HTTPS. That's what I meant by "Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?"

0
0
Tom Wood

How exactly does this work

When I visit www.theregister.co.uk, this isn't one transaction. First there is a DNS lookup, which in my case currently resolves www.theregister.co.uk to 104.20.24.212. Then I open a TCP connection to 104.20.24.212:80 and send a HTTP GET request for /. Then the HTML loads and this may trigger many further DNS lookups and requests for images, style sheets, javascript and so on.

Exactly what are they logging to determine I am visiting www.theregister.co.uk? The DNS lookups? The TCP connection to 104.20.24.212:80? (But who knows what that IP address really is - actually this particular example has no reverse DNS - but it could well be a shared server, CDN server, etc).

Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?

10
1

NZ unfurls proposed new flag

Tom Wood

Re: Research

http://www.flaginstitute.org/wp/british-flags/the-union-jack-or-the-union-flag/

1
0

Terrorists seek to commit deadly 'cyber attacks' in UK, says Chancellor Osborne

Tom Wood

The Tories winning the election was pretty terrifying...

6
4
Tom Wood

Has Osborne just watched Spectre?

a new "National Cyber Centre" which is described as "the countries first dedicated ‘cyber force’

3
0

NHS IT must spend a fortune to save a fortune, says McKinsey

Tom Wood

Incremental changes

This would be fine if it were a case of spend £500k, save £1m, 16,000 times over. If it didn't deliver after the first few such projects you could cut your losses and run. If it did work, it would pay for itself in short order and not need much in the way of actual upfront investment.

But somehow I expect it's not that simple...

1
0

Skype founders planning non-drone robodelivery fleet. Repeat, not drones

Tom Wood

It's as if they have never seen Robot Wars

Just imagine all the ways one of these could get (1) stranded through it's own incompetence to deal with the hazards of a typical street (puddles, slippery leaves, dogs and their droppings, fallen branches, parked cars etc), (2) maliciously waylaid (tipped over/put on top of a bus shelter/thrown into the canal/kidnapped by local kids/troublemakers), driven off in a thief’s van, etc.

5
0

The ONE WEIRD TRICK which could END OBESITY

Tom Wood

Re: craft it smaller

In the UK that would be illegal. The smallest quantity for selling draught beer and cider is a third of a pint. You are also allowed to sell two-third pint measures, and any (integer) multiple of half pint measures, but that's it. https://www.gov.uk/weights-measures-and-packaging-the-law/specified-quantities

4
0

CODING PEEP SHOW offers chance to hire devs as they program

Tom Wood

Re: Watching paint dry

"Any idiot can bash out a foreach loop on automatic"

Based on some of the apparently experienced developers I've given technical interviews to, that statement is sadly false.

6
0

Turn-by-turn directions coming to Ordnance Survey Maps

Tom Wood

Re: too little too late

Google maps is fine for road - offroad it's pretty useless though.

Compare for instance Ilkley Moor:

Google map

https://www.google.co.uk/maps/@53.8948331,-1.841674,13z?hl=en

vs OS map

http://binged.it/1JJiJaQ

and that's just based on the 1:50000 OS map data, zoom in and you'll see the extra detail from the 1:25000 version.

4
0

'Hans free' mobe gag crowned Fringe's funniest

Tom Wood
Facepalm

Re: The one from a few years ago was much better

Was that "2011 winner Nick Helm" by any chance?

16
0

Wikiland turns to Shapps and says ‘those emails you wanted, we deleted them, sorry’

Tom Wood

Do you mean Data Protection Act?

The FoI act only applies to public bodies, doesn't it?

A Subject Access Request is a thing where you can get data held on you by a company or organisation under the terms of the Data Protection Act.

6
0

Amazon UK conditions 'exhausting', claims union

Tom Wood

A lot of a warehouse isn't storage

It might be a mistake, but a lot of the floor area in a warehouse isn't "storage capacity" - it's taken up with aisles, conveyors, shelf supports, packing benches, etc.

4
0

Labour Party website DDoS'd by ruly democratic mob

Tom Wood

Re: I'd like to know..

Germany, France, Spain, the Netherlands, Italy... all have state owned railways. Hell, their state owned railway companies even own a good chunk of our supposedly private railway companies. What is it about these countries that means they can run successful state-owned railway companies but we can't?

3
2
Tom Wood

Re: I'd like to know..

Well the railways is fairly easy. The state still owns most of the infrastructure and rents it out to the privatised operators. You just let their contracts expire and don't renew them, or if you want to get more creative find ways to terminate them early. (As the franchises start falling back into state hands, the state then gets to keep the profit from them, which can be reinvested or used to buy up the remaining contracts).

And, of course he could borrow more. Brown didn't "borrow and spend every pound there was to have", as evidenced by the fact that Osborne has borrowed more than Brown did: http://blogs.spectator.co.uk/coffeehouse/2013/11/the-tories-have-piled-on-more-debt-than-labour/

3
3
Tom Wood

Re: It's £3.88 a month

That's for a full membership. You can pay a minimum of £3 to become a "supporter" which means you get a vote in the leadership contest but none of the other perks of membership.

5
0

Safe as houses: CCTV for the masses

Tom Wood

Re: Netatmo's Welcome costs €199, which is presently about £140.

You just need to get a decent credit card that doesn't charge such fees. http://www.moneysavingexpert.com/credit-cards/travel-credit-cards

0
0

That's not an Ofcom email about your radio licence – it's a TROJAN

Tom Wood

Re: I got one at work

Indeed, I run my own mail server and use suffix addressing (sometimes called "plus addressing" as that is what is supported by gmail) for this purpose. In gmail you can use myname+anything@gmail.com and it will be delivered to myname@gmail.com. Use a different "anything" for each account and if it leaks you know who has been passing your address, and can block that variant (or just block it if they don't honour unsubscribe, etc).

Since the plus character is commonly used for this purpose it's actually not that good as a spammer could strip it out and still reach your inbox. If you have your own server you can specify an alternative character to use, I use a dash/minus sign, but you could use a dot, underscore etc. Someone could still guess and remove it and hit your inbox, but in practice I've found that doesn't happen, and if it did I could just dump the inbox and create a new one, and redirect all the existing aliases to it.

0
0
Tom Wood

Re: Probably these work the same as bank scams

Indeed, looking at my mailserver logs, I received two attempted mails this morning to an address that is no longer used, allegedly from spectrum.licencing@ofcom.org.uk:

Aug 5 08:52:58 mail postfix/smtpd[8095]: NOQUEUE: reject: RCPT from unknown[14.161.18.210]: 550 5.1.6 <xxx@xxx.co.uk>: Recipient address rejected: Address no longer in use; from=<Spectrum.licensing@ofcom.org.uk> to=<xxx@xxx.co.uk> proto=ESMTP helo=<static.vdc.vn>

Aug 5 09:06:21 mail postfix/smtpd[8127]: NOQUEUE: reject: RCPT from unknown[202.131.235.74]: 550 5.1.6 <xxx@xxx.co.uk>: Recipient address rejected: Address no longer in use; from=<Spectrum.licensing@ofcom.org.uk> to=<xxx@xxx.co.uk> proto=ESMTP helo=<[202.131.235.74]>

I have never used this address (or any address for that matter) for anything to do with Ofcom.

So there is no data leak, this is just general non-targeted spamming.

1
0
Tom Wood

Probably these work the same as bank scams

They send them to millions of addresses. Some people who have a genuine reason to have contact with Ofcom (or Barclays, HSBC, etc) see the email and think it must be targeted directly at them.

Admittedly radio hams are towards the more niche end of the spectrum, which reduces the number of targets for the spammer, but also probably increases the likelihood that those in the target audience do fall for the scam.

Mostly these things are sent by botnets and will be caught by the usual anti-spam DNS blacklists.

0
0

Buffoon in 999 call: 'Cat ate my bacon and I want to press charges'

Tom Wood

Re: Too polite

Maybe not. I like this explanation from here: http://www.theguardian.com/notesandqueries/query/0,5753,-18852,00.html

"Why are there no pork or other pigmeat cat food varieties? "

"I've always understood the reason to be that the pigmeat industry has a long-established method of disposing of its waste products. They call the result "sausages" - or, if you're lucky, "economy sausages". "

19
0

Blighty's BONKERS BANKING BONKING BONANZA: Apple Pay arrives

Tom Wood

"associated security/privacy benefits that brings about"

But Apple gets to know everything about your shopping habits...

Contactless cards work well and seem to be accepted in most places these days... even if I had an iPhone I can't see what the advantage to the customer is over using a contactless card. (Yes the retailers may like the lower charges, but do you really think they will pass them on?). If you really find it too much trouble to carry a card around (in reality most people will have a physical wallet with them anyway) then just out your card in your phone case, glue your card to your phone, or get one of those low-tech Barclaycard stickers.

6
9

This whopping 16-bit computer processor is being built by hand, transistor by transistor

Tom Wood

I must be the only software guy here

because I think it's a ridiculous project :-)

Just because you can, doesn't mean you should. This is the opposite of progress - deliberately doing thousands of small repetitive tasks that a machine can do much better (for almost every definition of better - smaller, faster, cheaper, more reliably, using less resources)...

0
19

Vodafone hikes prices to 37.5p/min – and lets angry customers flee

Tom Wood

EE are charging more - 44p

http://ee.co.uk/help/add-ons-benefits-and-plans/price-plans-and-costs/ee-price-plans/changes-to-numbers-starting-08-09-and-118#what

But, NHS England says doctor's surgeries shouldn't use 084 numbers. Many banks and customer service lines are changing to use 0345 or 0370 instead of the 08 versions (03 numbers come out of inclusive minutes).

1
0

Milking cow shot dead by police 'while trying to escape'

Tom Wood

Re: A cow is actually quite dangerous

Indeed. NZ has about 10 million cattle (beef + dairy) and 38 million sheep, but just 4.5 million people.

Though I'm not sure if you should calculate injury rates per animal or per farmer...

7
0

Radio 4 and Dr K on programming languages: Full of Java Kool-Aid

Tom Wood

Re: It would have been better

Indeed, and that's how a good Computer Science degree course works. The actual language doesn't matter nearly as much as the concepts behind it.

6
0

Bonking with Apple is no fun 'cos it's too hard to pay, say punters

Tom Wood

Re: What study?

Aldi now take contactless credit and debit cards.

I've found using contactless cards (with the exception of an American Express card which doesn't seem to work everywhere) really easy and thankfully more places are taking them now. The only annoyance is the few badly-trained cashiers in some shops who insist on having you "insert your card" before they will activate the card terminal meaning by then it's too late to bonk.

Considering how easy a contactless credit card payment is, I can't see why I'd want to use a phone to do the same thing. The card payments are quick, easy and just work. No batteries required.

2
0

Popular crypto app uses single-byte XOR and nowt else, hacker says

Tom Wood

Re: Turning the company's soiled reputation around 360 degrees!

He meant XOR the plaintext input with the key, twice, which gives you back the plaintext (x) no matter what the key (y) is:

((x XOR y) XOR y) = x XOR (y XOR y) = x XOR 0 = x

1
0
Tom Wood

Re: Unclear

Read the linked analysis. The mask used is not random. By some means it converts the password into a single 8-bit "key" (barely deserves to be called a key), and XORs each of the first 128 bytes with that key, a byte at a time. (Basically ECB mode (http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_.28ECB.29) which would be crap even with a proper big, random key).

The rest of the file is left in the clear.

This isn't encryption, it's about as good as those invisible ink pens you can buy from the Early Learning Centre.

21
0

First HSBC, now the ENTIRE PUBLIC SECTOR dodges tax

Tom Wood

Re: "while no one would go to prison for false VAT claims"

It's hardly the same. Whether VAT is or isn't paid by a government department isn't costing the taxpayer anything.

1
5

UK chip champ ARM flexes muscle: Shows strong profit and sales

Tom Wood

Re: Good or Bad?

It's worth noting that ARM don't make the chips themselves; they design cores and license the designs. The likes of Qualcomm, Samsung and TI include the ARM core as part of their SOC designs and produce the actual chips.

3
0

UK air traffic mega cockup: BOTH server channels failed - report

Tom Wood

So the cause

was a hard-coded limit on the number of "things" in the system. But instead of being hard-coded in one place it was hard-coded to different values in two places. Recent changes meant the lower of the two limits was exceeded for the first time ever, and the higher limit wasn't.

Sounds like a fairly basic software test should have caught this issue. If your requirement is "the system shall support up to X things connected" then a decent test would check what happens if the system is tested with X-1, X and X+1 things to make sure the limit had been programmed correctly (and with the correct use of <, <=, == etc).

But, you know, it had worked OK since the 90's, so why would anyone need to test it?

7
3
Tom Wood

Re: Passenger count

Many will be cargo flights, or light aircraft.

4
0

'Tech' City hasn't got proper broadband and it's like BT doesn't CARE

Tom Wood

Business class...

We're a SME (about 60 staff) based in Yorkshire. We recently moved buildings into our own office and had our own fibre installed (100 Mbit symmetric). No doubt this cost a fair chunk of money, but if you want a business class service you can get one if you pay for it.

This might not be affordable for smaller businesses but if decent connectivity is important to you then I'm sure you'd make sure it was available (e.g. in a shared office facility) before signing a lease?

7
0

BT coughs £12.5 billion for EE as fourplay frolics pay off

Tom Wood

What will happen to EE TV?

I'm getting to like my EE TV box... from what I can tell it's a lot nicer to use and more fully-featured than BT's TV offering.

0
0

Google gets my data, I get search and email and that. Help help, I'm being REPRESSED!

Tom Wood

But... Google is a monopoly

If you want to search the internet, you have to use Google (more or less).

If you want to use Google, you have to hand them some amount of personal data.

That's the problem. It's like you are effectively the only apple supplier in the market (OK, there are a few other tiny suppliers, but their apples are very small and not very tasty and they have limited varieties) and you insist that if I want to get some apples, I'm not only going to have to hand over my pears but also information about how many pears I grow, what variety of pears, the secret recipe for my pear crumble and so on.

If the market were functioning correctly there would be multiple apple suppliers. One might exchange 3 apples for 2 pears plus all that data, and another might exchange 2 apples for 2 pears plus no data, and I'd have a meaningful choice.

4
1

Page:

Forums