* Posts by vagabondo

493 posts • joined 1 Aug 2008

Page:

Millions of voters are missing: It’s another #GovtDigiShambles

vagabondo
Bronze badge

@Irongut

I live in Scotland too. The letter that you got, if the same as mine and my friends' (Galloway and Glasgow) was sent one to each residential property with a description of the registrations that had been migrated to the IVR, with a request for anyone whose details were incorrect or missing to fix it using the new system. Most of this should have been cleaned up on the old system last year with the high voter turnout for the referendum. However at least two MSPs (incuding Cabinet Secretary Alex Neil) were lost in the process.

http://www.thenational.scot/politics/risk-to-votes-as-scottish-minister-finds-he-is-missing-from-electoral-register.935

@ Fink-Nottle

The Electoral Commission stuff is reserved to the UK Government, so slights to the SNP or Scottish Government are misplaced.

0
1
vagabondo
Bronze badge

Re: NI numbers?

I, and everyone that I know got our NI numbers when we left school or got to school-leaving age. Apart from some who came from other countries as adults nd had to apply for a NI number/card (employers used to buy stamps at the Post Office and stick them in their employees' cards, which required regular renewing as they filled up) before starting work.

When the physical card was done away with the name associated with my NI number inexplicably changed to that of a similarly named cousin. At various times I haave spent hours neganged otiating with clerks to correct their records, but throughout my life the name on some govt records has spontaeously changed to the wrong one with occassional cross-contamination. This causes enormous inconvenience when a (local) govt office gets the wrong name and absolutely insists that I provide identification with the name on their records, but not the one on my passport, NHS card, bank account etc.

Sorry for that, but I get really pissed off about it. When an inconsistency occurs in data sets it should either be investigated and fixed, or flagged and left; not just changed according to the toss of a coin.

1
0

NHS England has some sneaky plans for Care.data acceleration

vagabondo
Bronze badge

Re: The price of failing to cooperate...

I do not live in England, but aren't invites to routine screening, vaccination, etc. sent out by your general practice?

4
0

LOHAN chap serves up 'tenner a week' e-cookbook

vagabondo
Bronze badge
Thumb Up

Recommended ...

... reading for teenagers being left or sent off to fend for themselves. Excellent advice in this epub. Maybe a second edition with a few pictures would be good.

2
0

Home Office splashed £35m trying to escape e-Borders contract

vagabondo
Bronze badge

Re: A confidential arbitration process

@arrbee

The description of PFI missed the bit about the PFI contrcting consortia including banks, who borrow the money from the Bank of England at considerably less than market rates. Thus the whole scheme is an accounting sleight of hand to transfer public funds to private, while moving the cost of capital projects from one arbitary ledger column to another.

3
0

Sick of Chrome vs Firefox? Check out these 3 NEW browsers

vagabondo
Bronze badge

Re: Lynx, anyone?

Also w3m is useful.

0
0

Linux kernel dev has gone well and truly corporate – report

vagabondo
Bronze badge

Re: Snowballing

"... wasn't Minix based on a microkernel? Also GNU Hurd?"

Minix was a macrokernel design, based on Unix principles. But Hurd was/is a microkernel design. Minix3 is microkernel.

@Oninoshiko and @Lusty

I do not remember Linus T misusing the term microkernel. The main reason that the GNU community adopted the Linux kernel over the the more elegant microkernel designs was efficiency and availability. The performance of micro versus macrokernels remains problematic. When Microsoft announced NT, they claimed it woulduse a Carnegie-Mellon style microkernel, but actually used a macrokernel design. The MSliterature/press releases were a source of cofusion for much of the less technical technical press.

The converse of micro iis macro, and of monolithic is modular. The very early Linux kernels were moolithic macrokernels. When a kerneel wascompiled, the required drivers were compiled in. It did not take very long for modulesto be introduced, when at build time the essential hardware drivers and filesystems could be selected to be built-in, and the merely desirable to be compiledas autoloading modules.

6
0

UK air traffic mega cockup: BOTH server channels failed - report

vagabondo
Bronze badge

Re: Just "193 Atomic Functions"?

I do not think that they are talking about database transactions here.

From the article:

"All of the operational roles performed within the London Area Control have a unique identifier known as an Atomic Function".

Together with th mention of "signing off" and unused station, I understtod that "active Atomic Functions" was related to the number of ATCs logged in. Other information about operator mis-keying while logging out might point to a poorly programmed log-out sequence that permits the operator to be apparently logged out without releasinf their "Atomic Function" token.

Just my guess.

0
0

Fraudsters make bank as exec wires $17 MEELLION to China

vagabondo
Bronze badge
FAIL

Why don't

people at least routinely use e.g. GPG signing for important email? And take notice when the sig fails.

0
0

'Privacy is DAMAGING to PROGRESS' says Irish big data whitepaper

vagabondo
Bronze badge
Flame

"boffins" or PHBs?

From the description given in this article, this does not seem to have much to do with boffinry and a lot to do with PHBs in sharkskin suts.

5
0

Internet lobs $$$s at dev of crucial GPG tool after he runs short of cash

vagabondo
Bronze badge

How to donate

Apologies if my reader missed it (I have found the new layout considerably less "accessible" than the old one.), but I would have appreciated donation details (or links to} in the article.

Credit card: https://gnupg.org/donate/index.html

or

Bank transfer, tax certificate, etc: https://www.wauland.de/en/donation.html#61

4
0

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

vagabondo
Bronze badge

Re: bbc.co.uk

Chromium + Pepper-flash + AdBlock + Ghostery + ScriptBlock

Works for me with iPlayer and STVplayer, etc.

1
0

UK watchdog grills big biz: So HOW do you use their 'consumer data'?

vagabondo
Bronze badge

enforcement action

So is this "consultation" just an excuse to avoid/procrastinate on the previous decision to take action against the unfair use of fonsumers' data?

3
0

Wikileaks: We DO NOT approve of OUR secret stuff being LEAKED

vagabondo
Bronze badge

sour grapes ?

I suspect that this is realy partof Wikileaks PR, just reminding/bringing the wider world's attention to the inherent insecurity of "free" communications services. The story has been widely published, and maybe prodded some non-techies to think about the advisability of secure comms.

1
2

Turn your head and cough (up your details), HealthCare.Gov has sprung a leak!

vagabondo
Bronze badge

Re: Ad networks? On healthcare.gov?

It's not much worsethan the NHS exhorting their patients to use Facebook and Twitter. My current bête noir is the NHS giving my phone number to a telephone sales company on the pretext of outsourcing appointment reminders. I'm afraid that monetization and insecure data harvesting is ingrained in all branches of what should be public service.

4
0

HTTPS bent into the next super-cookies by researcher

vagabondo
Bronze badge

301 redirect...

But. That is a server-side "solution". It does not protec the client from a malicious web-site. This "super cookie" problem requires a client-side solution.

If this was a cookie, it should only be readable by the server that set it. However this flag seems to be readable by any contactedserver. This looks like a flaw in either the protocolor its implementation.

7
0

Want to have your server pwned? Easy: Run PHP

vagabondo
Bronze badge

Surely the first/routine port of call is to apply the security patches. Version upgrades are primarily to add new features.

This article's failure to understand how security issues are routinely addressed in the OSS world leads me to doubt its usefulness about anything. Is it really about selling W3 Tech's products?

4
4

Hackers pop German steel mill, wreck furnace

vagabondo
Bronze badge
Boffin

Re: Is there something missing?

Just switching off a furnace full of molten metal and you get a massive slug of scrap metal wrapped in a fire-brick jacket. It takes a long time to remove the solidified metaland build a new furnace.

5
0

YEAR of the PENGUIN: A Linux mobile in 2015?

vagabondo
Bronze badge
Unhappy

Re: There's always someone

Yup! This is year-end time and HMRC insist that Corporation Tax returns have to be made using a version of Adobe Acrobat Readerthat is only available for some versions of MS and Apple OSs. So much for the Cabinet Offices "open standards".

11
1

Terror bomb victims demanding Iran's .ir will appeal US ruling

vagabondo
Bronze badge
Headmaster

Re: Can we have .com & .gov then please

".us" is the ccTLD that belongs to the USA.

1
0

HORRIFIED Amazon retailers fear GOING BUST after 1p pricing cockup

vagabondo
Bronze badge

Re: Hang on

But once you have paid and left the store the article is yours It is then up to the supermarket to sort out the problem with the price gun. In this instance the retailer has outsourced pricing to RepricerExpress and the shelf-stacking and checkout to Amazon.. Once the goodsare paid for and despatched, the retailer should be looking at their business model, especially w.r.t. price management.

Why does any algorithm allow the selling price to be less than the purchase price withoiut oversight?

5
0
vagabondo
Bronze badge

Re: Shurely

"much less functionality (the more complex, the greater chance of a cockup) much less functionality (the more complex, the greater chance of a cockup) "

Complexity does not necessarily lead to funcionality and vice versa.

4
1

Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!

vagabondo
Bronze badge

Re: GNU

@Trevor

Just keep reciting "Lennhart is mortal". The universe is eternal (relatively) and resilient. One day both systemd a nd pulse-audio will succumb to "The Unix Way" as proclaimed by those eternal heros -- Ken Thompson and Dennis Ritchie.

Herr Poettering is just Red Hats version of Novell's Miguel de Icaza. Eventually his ideas will also be spewed out and carefully stepped around. Anyway how old is he? He can't survive much longer than me, the future is safe from both of us.

2
2
vagabondo
Bronze badge

GNU

Well I liked using a set of text files and a shell script to shovel processes into firebox too. But systemd is licensed as GPL or LGPL just the same as those init scripts, and neither came from the GNU project. You will have to think up another reason to prefer init.

2
3

Shellshock over SMTP attacks mean you can now ignore your email

vagabondo
Bronze badge

Are there any mail transfer agents or clients that would try to execute, as opposed to read a mail header?

2
1

Microsoft, Docker bid to bring Linux-y containers to Windows: What YOU need to know

vagabondo
Bronze badge

Re: zzzzz, Virtuozzo did this many years ago

... and on Linux FreeVSD preceded Virtuozzo. Container-type technology has been in development since chroot (change root) in pre-BSD Unix in the 1970s, so precedes Solaris, Microsoft, FreeBSD and Linux.

2
0

Shellshock: 'Larger scale attack' on its way, warn securo-bods

vagabondo
Bronze badge

Re: The problem is...

"Ok, critical web server with CGI+bash vulnerability I can understand..."

Can someone please explain a scenario where a production web server would need CGI plus any shell? I just cannot envision the need for a web server to run under an account with a login or shell, or for a CGI program to have to call a shell. If admins need a CLI shell for maintenance then the shell could be made executable only by the "wheel" group or equivalent (maybe "users" on a shared hosting platform, but certainly not mysql, wwwrun, etc.).

1
0

SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches

vagabondo
Bronze badge

Re: Fortune 1000 overlords SHELLSHOCKED into Bash patch batch

"you really don't want to get notified every time one of packages that's installed "

That's not the point. We keep all of our critical systems on stable, long-term tested software versions, except we apply security patches automatically within 24 hours of their release. These are normally backports, and do not push our software to the latest packages. This is a standard feature of serious distributions and is trivial to implement. The risk of a security patch tacking a system down is trivial compared to the potential consequences of leaving a known vulnerability open.

0
0
vagabondo
Bronze badge

@AC re: MS consultants

" Microsoft consultancies are having a very busy week "

Do you know any Microsoft consultants that offer a credible no-bugs guarantee? Or even a SLA that specifies security patches within 5 days of discovery?

7
1

Bash bug: Shellshocked yet? You will be ... when this goes WORM

vagabondo
Bronze badge

Re: Oh $!#t.

"So we all OSX users are screwed?"

Depends. A security patch may have been applied without upgrading the bash version. I do not use OSX, so do not know how their security patch policy works.

On my systems (openSUSE):

$ env x='() { :;}; echo "vulnerable"' bash -c 'echo "hello"'

vulnerable

hello

-- sorry about the extra line-feeds added by El Reg.

and

$ env x='() { :;}; echo "vulnerable"' bash -c 'echo "hello"'

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

hello

6
0

Troll hunter Rackspace turns Rotatable's bizarro patent to stone

vagabondo
Bronze badge
Meh

Re: Class Action?

But not as good as the supposed public regulators (i.e. the patent offices) doing their job by actively investigating patent applications, and rejecting any that are do not demonstrate non-obvious novelty or supply sufficient detail to enable reproduction (including any that they do not understand).

Perhaps if the patent offices cann/will not employ examiners who are "experts in the field", they should insist that applications are written in comprehensible, plain language and published for a consultation period, classified according to the trade and sector affected. This would make it easier for trade magazines to draw them to the attention of those affected and their experts. The ability to be understood by the average "specialist journalist" would be a good test for comprehensibility (I am thinking of the "technology" reporters of the BBC, Guardian, Daily Mail, etc. being expected to understand the patent sufficiently to be able to reproduce the invention).

2
1

Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM

vagabondo
Bronze badge

Re: wtf

"It's also known as a Lorne sausage and it's crap."

If you buy it from places like Iceland, I expect it is crap. But some butchers that make their own get it right. A butcher in Dunoon used to have a really good square sausage reputation -- it had to be ordered in advance (1960s).

1
1
vagabondo
Bronze badge

Re: What are your predictions?

I predict widespread hangovers over Friday and Saturday due to an excess of both celebration and disconsolation. The distillers will do well. I bought some pies this afternoon and already had a couple of bottles (Jura and Talisker) ben.

slàinte!

1
0
vagabondo
Bronze badge

Re: No law against asking somone a question is there?

I am pretty sure that you can publish the exit poll results after the official poll closes. The restrictions only apply while the polling stations are open.

1
0

Italy's High Court orders HP to refund punter for putting Windows on PC

vagabondo
Bronze badge
Childcatcher

Re: I think the real issue here was the EULA thing

"Windows but it was not clear that some additional agreement must be made to use it"

Perhaps every time there is a retail sale that includes an EULA, the seller should be obliged to explain in simple language the full extent of the restrictions, and inform the customer that alternatives are available.

0
0

Scottish independence: Will it really TEAR the HEART from IT firms?

vagabondo
Bronze badge
Headmaster

Re: What's in a name?

No, "The Kingdom of Great Britain" was created with union of the Kingdoms of England (what is now England and Wales) with Scotland in 1707

Sorry but the kingdoms were united when James VI flitted south and took on the James I of England and Ireland job as well in 1603. I think that James styled himself King of the United Kingdom -- it might be used in the front of a "King James Bible" -- he certainly had the naval "Union Jack". 1707 was the union of the parliaments.

0
0

Warrantless phone snooping HAPPENS ALL THE TIME in Blighty

vagabondo
Bronze badge
Mushroom

manifest promises

In a real monetarist/neo-liberal political system a government ignoring its manifesto would be a breach of contract. That would mean that the deal that put them in power was void and be grounds for a elections in all the constituencies represented by the defaulting party. Any person or organisation that has lost out because of a failure in their reasonable expectation of an electoral pledge not being honoured should be able to sue the offending party for damages.

3
0

'Stop dissing Google or quit': OK, I quit, says Code Club co-founder

vagabondo
Bronze badge

Re: Cash vs Principles

Those are very good points. But. Google is big business. Big business does not pay tax, so the effect of tax-offsetting is moot.

The CEO of the Weir Group said on Radio Scotland that a possible reduction in corporation tax post a yes vote would be of no interest, as only 5% of corporations paid basic taxes. He was more interested in the benefits that come from Westminster. He, along with the head of the Wood Group (also trying to persuade us to vote no) seemed more interested in getting hold of fracking licences than any taxation issues.

1
0

Securobods warn of wide open backdoor in Netis/Netcore routers

vagabondo
Bronze badge

Re: Congratulations you work in IT.

@Hargrove

I am sure that anyone that has used a web interface to configure their router is sufficiently "expert" to use the same interface to install a firmware upgrade, if one was provided. I do not expect the average user produce their own.

"I'm not sure that Netis is alone in having this vulnerability."

These stories are a regular feature here. They are not confined to the low cost devices either.

0
0
vagabondo
Bronze badge

@Lars

Sorry but you also forgot about EEROM and Flash Memory. Also the term used was "hard-coded" not "hardwired" -- we are dealing with firmware here, not hardware.

Most motherboards, "intelligent" devices, etc. -- including routers -- use flash memory to store their operating firmware. The system allows the flash memory to be overwritten and rebooted. That's how the firmware is upgraded. Firmware images are generally available for download from the device manufacturer's website.

The recommendation for replacement was "short of a fix". A fix is trivial, and could be implemented in-situ remotely. I would expect revised firmware images to appear at http://netis-systems.com/en/Downloads/ within a few days, but that depends on the priorities of these low-cost (approx £10) devices.

1
0
vagabondo
Bronze badge

Re: Congratulations you work in IT.

"Expecting people to ..."

I thought that most "consumers" got their routers preconfigured from their ISP, and only "experts" bought their own. I would expect the ISP or other tech support to be able to perform the fix remotely -- this is a remote access vulnerability.

0
0
vagabondo
Bronze badge

As these routers have upgradeable firmware, it should not be too difficult to download the firmware, change the password, and install the modded image. It would only take a few minutes to write a script to randomize rhe password, providing the original password was known.

Of course the manufacturer could provide firmware without the backdoor if their customers pressured them.

0
0

Facebook needs to defend Austrian privacy violation case

vagabondo
Bronze badge

If this case succeeds, what would be the consequences for organisations using US owned cloud services? If e.g. a housing association decided to move their data to Office 365, could all their tenants claim compensation?

0
0

Munich considers dumping Linux for ... GULP ... Windows!

vagabondo
Bronze badge

Re: So, what are FOSS e-mail client /server options?

Did a US judge not recently rule that MS locating servers in Europe would not protect them from data-mining by US officials without needing a court warrant? This provides difficulties using US owned cloud services for organizations that want to comply with data protection laws, or just wanting some privacy.

There also seems to be a problem with data availability for Office 365 users. See frequent El Reg reports, including another one today.

3
0

Brit kids match 45-year-old fogies' tech skill level by the age of 6

vagabondo
Bronze badge

Re: Arbeitsbeschaffungsmassnahme fur NEETs

No, this "research" is by a marketing company providing material suitable for a press release aimed at technical illiterate "journalists" to punt to the Stephen Fry type of advertisee.

They were relating the subjects on their awareness of electronic media products. No awareness of what was being sold, or the "payment" being extracted was required.

[Instad of a "Think of the Children" we need an "Exploit the Children" icon.]

2
0

Facebook wants Linux networking as good as FreeBSD

vagabondo
Bronze badge
Alert

Re: I'll bring the popcorn to watch this...

Yes, Linus had better watch out. Facebook will be stealing all that top secret GPL code.

4
0

Factory-fresh delivery: Get your OpenSUSE fix daily

vagabondo
Bronze badge

!3.2 Milestones

This article appears to have been sourced from unofficial speculation, rather than the openSUSE mailing lists or web site,

Version 13.2 is due for release in November, and milestones are expected from October for pre-release testing. Factory has always been the place for development packages, that often break each others' dependencies. Snapshots of Factory were fairly infrequent, and used as the basis for "milestones". The change is that since the end of May factory-snapshots are being built daily, including DVD and CD images. This allows system testers to work with known builds without waiting for the milestones.

1
0

Scottish independence debate: STV player flops under weight of viewers

vagabondo
Bronze badge
Childcatcher

Watch it on STV Player or BBC Iplayer

Re: Put it on Youtube

It was available on STV Player by midnight. And it will be on BBC Parliament (and Iplayer), without adverts, at 7o'clock this evening.

I thought it was typical boring politicking -- continual repetitive asking the same question that was unanswerable; either because it was designed to be unanswerable or because the answer would be self-incriminating.

2
1

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

vagabondo
Bronze badge

Re: Doom for US tech companies

@Chemist

"Then if he/she didn't post as AC he/she would be able to put a "Joke" icon!"

But I thought posting as AC was part of the joke! After all it was a response to Trevor's justified rant against the AC MS shill. The problem with AC posts is that we never know how many or who they are.

1
0

Pentagon hacker McKinnon can't visit sick dad for fear of extradition

vagabondo
Bronze badge
Facepalm

Re: And when Scotland gets independance

The European Convention on Human Rights belongs to the Council of Europe, not the EU. E.G. Russia, Azerbaijan and Monaco are signatories without being members of the EU.

5
0

Page:

Forums