* Posts by The Mole

255 posts • joined 18 Apr 2007

Page:

Let's play immutable infrastructure! A game where 'crash and burn' works both ways

The Mole

"The last thing your script does is turn off the SSH port (or whatever method your OS uses to let you logon) so you can’t log-on to the machine anymore."

There goes any chance of performing diagnostics on that machine then, or presumably copying files off the machine to read logs or extract core dumps etc. Or if you can copy files back and forth the machine is no longer immutable.

Perhaps sysadmins should be employed who can follow procedures and can be trusted to only make manual changes on machines when they have to?

3
0

Software devs' new mantra: Zen dogs dream of small-sized bones

The Mole

Shock News

“We did an analysis of hundreds of projects over a multi-year period. The ones that delivered in less than a quarter succeeded about 80 per cent of the time, while the ones that lasted more than a year failed at about the same rate.”

So the simple projects (note no comment about release schedules) are much more likely to succeed than more complex projects. In other news...

4
0

Little warning: Deleting the wrong files may brick your Linux PC

The Mole

Re: This is like BIOS flashing by Unix commands

The blame is on the firmware designed because when developing firmware you should be coding defensively, you shouldn't assume that all the layers above you behave perfectly and understand the implications of operations they perform. They should have anticipated failure modes where the UEFI data gets corrupted/zeroed/deleted and coded to defend against this (failing back to using defaults).

9
0

Two-thirds of Android users vulnerable to web history sniff ransomware

The Mole

Re: Not really an security exploit

Most businesses would disagree with you, they want apps to be able to perform (remotely controlled) wipes/factory resets in case a device containing sensitive data is lost.

13
1

There's no guidance for Scottish police use of UK facial recog database

The Mole

"Brian Plastow, told The Register that the PND system was "not that great" as it returns only a number of possible image matches which require human assessment, comparison and investigation."

To me that sounds exactly the correct implementation, there will always be margins of error and it should be up to a human to recognise that they should assess and investigate the results properly, not just go with the highest hit and ignore the very similar looking person in position. The fact he thinks that makes it really not that great is worrying - though obviously I've not seen the implementation so it may be made really badly..

9
0

Google patents robotic 'mobile delivery receptacle'

The Mole

IR?

Presumably the IR is for allowing the drone to align and hit the target, I would have thought some wireless protocol (bluetooth, wifi etc) would be far more suitable for communication.

0
0

Blighty's Parliament prescribed tablets to cope with future votes

The Mole

Re: As a vote is a binary decision..........

Actually with voting there are 4 options:

1. Aye

2. Nay

3. Can't even be bothered to turn up

4. Abstain (The whips will make my life hell if I actually vote against)

There is no division for abstain in parliament, however parliamentary rules do allow you to go into both divisions giving your name to the clark and actually voting Aye and Nay at the same time, thereby actively abstaining (and also having a chance to gossip with MPs from both sides of the house.

2
0

Watch infosec bods swipe PINs, magstripe data from card readers live on stage

The Mole

Which is why if I were doing the attack I'd just display a message "Card error please retry" and so have the user re-enter the PIN to validate the true transaction. The till operator will notice it happening but they will just re-assure the customer thta the machine has been playing up all day.

4
0

Big Brother is born. And we find out 15 years too late to stop him

The Mole

Re: What I fail to understand about this...

You don't know how much they spent on it, nor how well it actually works in reality - remember the options with SIGINT is either ensure the enemy doesn't realise that it exists and so therefore doesn't defend against it, or make the enemy believe it is far better than it really is so they are forced to use less efficient/more costly/less flexible methods.

There's probably also the fact that they deliberately excluded the politicians from the process and so didn't have the goal posts and requirements constantly being moved and changed.

5
0

Samba man 'Tridge' accidentally helps to sink request for Oz voteware source code

The Mole

You could also say human counters are valueless as they can make mistakes and be subverted.

In reality they both can have their place. The voting system needs to have a proper secure paper audit trail than can be manually verified by hand. Against an attacker attempting to subvert the election result then polling machines could theoretically be subverted, however an attacker of that kind can also subvert human counters, fake postal votes and generally get their own way, having a paper audit trail (done properly) which can be verified helps protect against this case. Voting machines can however ensure that counts are done quicker (not that I understand the obsession on speed) but also more accurately, if in doubt look at how often paper recounts occour and how often they produce different results even in first past the post. When you have multiple layers of rounds and complicated vote allocation systems these mistakes are far more likely to occur and the odds are a properly tested and vetted machine is more likely to get it correct.

Of course the machines should be properly tested and vetted by independent experts, and at the minimum the test cases and results being freely accessed and reviewed with a mechanism for test cases to be challenged and additional tests to be proposed.

0
0

Royal Mail mulls drones for rural deliveries

The Mole

Drones are clearly a stupid idea. Driverless vans/minibuses on the other hand would make sense. Currently a lot of time is spent with posies driving round to pick up other posties to get them to the next part of their route or resupply then with the next bag to deliver. Driverless vehicles could fulfil this post of the role well. Though electric trikes and the like may also work out cheaper and more environmental.

0
0

Deutsche Bank to axe 'excessively complex' IT, slash 9,000 jobs

The Mole

Re: Respect

My assumption is that someone was asked to produce a large number so probably took the approach of counting OS versions so that Windows XP, 2k, Vista, 7 and 8 all count as different OSs as do Red Hat 5,6,7 and Centos 5,6,7 and however many other flavours of Linux are deployed.

To be fair when looking at consolidating what you have to support that isn't an unreasonably approach, IT generally only want to support once specific OS release version not any flavour of Linux that a random dev happens to favour.

19
0

UK's Lloyds Banking Group scrambles to patch account-snooping security hole

The Mole

Re: You say bug he says feature

Yes it is a bug. It may be a bug in the requirements and design but that is still a bug in the application. I'd agree it's not a coding bug but it is still basic functionality that the test team should have discovered and raised.

0
0

How French spooks can silently command Siri, Google Now on phones

The Mole

Other attacks

Is this attack fundamentally linked to their being a microphone amp/long antenna in the circuit or could it theoretically be deployed against other types of cable (usb cables etc)?

0
0

Let’s hear it for data scientists! Making our lives more and more frictionless

The Mole

Differentiated pricing

Of course the less scrupulous systems also do differentiated pricing on the offers. From a demographic who shop around and have little disposable income, congratulations we will give you an offer to get 50% off . From a demographic who generally don't shop around or use price comparisons sites, fantastic, we will milk you for all we can get and give you an exclusive offer for 1% off and make finding the best deals really hard!

4
0

PETA monkey selfie lawsuit threatens wildlife photography, warns snapper at heart of row

The Mole

I'm quite happy for animals to own the copyright for pictures .. as long as the animal can file the appropriate paperwork and show in court that they took the photo with intent.

8
0

Microsoft starts to fix Start Menu in new Windows 10 preview

The Mole

Re: Waitaminute...

Or perhaps 8192/2048 = 4 bytes available per tile some of which is then used as a pointer into the TilesInViewEx table to find the remaining data?

Wonder why they couldn't just update the original table with a new size, or use something that wasn't placing such low bounds in data size.

4
0

My parents don't know I'm in SEO. They think I play piano in a brothel

The Mole

I'm not surprised many SME businesses don't know what SEO is. Whilst this may be a big problem for the SEO companies is it actually a problem to the majority of the local market focused SME? My experience is that searching for "<placename> <businesstype>" seems to work pretty effectively, and even more effective is following links from business directories/rating sites.

9
0

Mining for insight in the economy of things? Check your toolkit

The Mole

Farming

"Take farming, for example. Not traditionally at the forefront of technological change"

Are you sure about that? If you ignore weapons many of the first stone tools would have been for farming, then as metal developed farming tools improved and would have driven the change, then look at the ploughs and other large metal devices where getting good quality metal was essential, then the development of steam driven threshers, tractors etc. Moving forward some of the first computers (Leo) were being used for optimizing food distribution, then development of sensors to automatically detect which plants are ripe ready for harvesting, gps based mapping of what areas have been ploughed/sprayed, or fully automated milking parlours which cows can just wander up to on demand, be milked by a robot and have all the data logged..

Farming as an industry is and always has been a hotbead of technological change, though individual farmers are none to stick in their ways.

1
0

Don't bother buying computers for schools, says OECD report

The Mole

Which of course is why the teaching pendulum swung to preferring course work and analytical type questions rather than memory recall (particularly in subjects like history). However then 'everybody' started complaining that it made getting the qualifications too easy as the students could copy from each other, plagiarize (or is that research?) and produce good work, also they no longer could recall key dates, so the pendulum has now swung back to concentrating on final exams benefiting the quick writers with good memories. Give it another 5 years and it will rebound back again...

1
0

Jeremy Corbyn wins Labour leadership election

The Mole

Re: i for one, welcome... (actually I don't but that's by the by)

UKIP is biding its time waiting for the Euro Referendum debate to really kick off at which point we'll have to put up with them again. Farage meanwhile is insulting his fellow members of the European parliament.

3
0

Wileyfox Swift: Brit startup budget 'droid is the mutt's nuts

The Mole

When you are using it as a GPS in the car a good viewing angle makes placement much easier.

Also if you like to show photos/videos/youtube clips to groups of other people.

Or glance down at it to lying on the desk to see the time.

Plenty of potential reasons... some better than others

1
0

Legal eagles accuse Labour of data law breach over party purge

The Mole

"then "data protection" does not apply to them using that tweet to decide you cannot vote."

The information is in the public domain yes, but the argument is that by copying the tweet into their own database, by associating that tweet with a person applying for membership, and then by using that tweet to determine whether the application should succeed then they are storing and processing sensitive personal information without informed explicit concent.

The fact it was originally public information (probably) becomes irrelevant as soon as they start to process it for other purposes.

3
0

Oi, Google! Remove links to that removed story, yells forceful ICO

The Mole

Re: Please remove the link...

Something along the lines of:

if search.query contains "Blobbo Boggins and result contains "inflatable friend" then exclude result from list.

Annoying but no different to what they do with safe search or other types of illegal content they have to block

6
3

Austrian court rules online radio streaming is not broadcasting

The Mole

Re: Just cos it's legal doesn't mean it's right

The court ruled that it is not illegal to own a computer and access the online version of the content without having paid the license.

The court did not rule that the broadcaster has to make the online content available to everyone, just that they couldn't prosecute against those who didn't have the license.

Unless required by law to provide the online content (which I'd be surprised at) then they can apply whatever access controls restrictions they like and as long as it isn't discriminatory then there is little the courts are likely to do.

7
0

Ireland loses entire airport amid new postcode chaos

The Mole

Re: Privacy concern?

Because a lot of surveys ask for postcode (and no other address details) for categorizing responses into geographic areas. Generally in the UK they will only use the first 4 or 5 digits (not needing to go down to road segment level) but will get a user to enter the entire postcode as its easier than trying to explain which part they do want. If the eircode identifies the house the anonymous survey is suddenly a lot less anonymous.

1
0

This box beams cafes' Wi-Fi over 4kms so you can surf in obscurity

The Mole

Re: Fail of fails.

In the UK librarians (as opposed to volunteers) are increasingly rare in libraries, there will be IT staff in the central office who will nominally be looking after the IT infrastructure, I wouldn't be at all surprised if the Wifi was subcontracted out to a third party to operate, probably with some form of unlimitted/Gigabytes plan. A single person connecting from a long way away is not going to add any traffic spikes above what a single additional person connecting locally will do. The contractor won't care even if they did as they aren't spending their own money to monitor it. The wifi will no more be watched over than the taps are watched over by an onsite plumber...

15
0

Blocking mobile adverts just became that little bit easier

The Mole

Well it is being done by an Israeli tech company so I'm sure they've thought long and hard about interception.

As well as the interception issues there are likely to also be copyright issues for the operators. Unlike home users modifying the content on their own machines (probably covered under fair use/private copying type provisions) the mobile operators are modifying the page content for profit (through reducing costs), at the same time they are depriving the content providers of advertising revenue meaning there are actual damages that those content providers will be able to claim for. Personally if I were a mobile operator lawyer I wouldn't want to go near it because of this reason.

6
1

Ofcom: Oi, BT! Don't be greedy – feed dark fibre to your rivals

The Mole

My guess is because BT is able to deploy dark fibre much cheaper thanks to all the ducting, exchange buildings and other infrastructure which was 'gifted' to BT when it became a private company.

4
3

Self-STOPPING cars are A Good Thing, say motor safety bods

The Mole

Re: Transitional period

If you are following the highway code distance then you will be able to stop in time regardless of how quickly the car in front breaks. The highway code distance is assuming something has fallen off the back of a lorry and so isn't moving, the stopping distance should be the distance required to recognise, break and come to a stop before hitting it. Most drivers don't follow the highway code however and assume that a shorter gap is sufficient, relying on the fact the car in front is unlikely to come to a sudden halt and so the total distance you have to stop over is longer than the initial gap..

4
0

Don’t want a footie-field-size data centre? No problem (or is there?)

The Mole

Re: Not really surprising

Don't forget the level of support/warranty you are likely to get between the two offerings as well.

0
0

Infusion pump is hackable … but rumours of death are exaggerated

The Mole

Network accessibility

Gaining access to the wifi network may be challenging if it has been properly secured, but the fact is most hospitals have been retrofitted with ethernet cabling all over the place - certainly to doctors offices and nurses stations. These networks will be connected to the wifi network (I assume the whole sales pitch of needing wifi on pumps is to allow the nurses to monitor them remotely without having to actually go look at their patients?).

The question isn't how secure is the wifi network, but how hard is it to plug a cable into a spare ethernet network port and start using the network?

A well setup network will presumably use mac address checking and the like to prevent rouge devices connecting but I don't know how easy those are to be defeated.

0
0
The Mole

Re: So an exploit can be delivered over WiFi. What about a harmful agent?

A lot of drugs need to be infused over a period of time otherwise they are dangerous - hence why they are being infused rather than injected in the first place. If you deliver over 30 minutes what should have been delivered over 6 hours then there is a very real chance of serious harm before it is noticed.

That said I do agree that the real risk is relatively low - though the low risk of getting caught and impersonal nature of doing it remotely may make the theoretical risk higher than that of a person walkign round fiddling with the machines.

That said I'm not sure why they would need wifi to begin with, they have a screen for a reason and I'd hope don't require regular software updates anyway given they don't actually do much.

0
0

UK exam board wants kids to be able to Google answers

The Mole

Course Work

Of course this already exists - it is called course work, with the added bonus the time constraints don't have to be as strict (depending on how organised the pupil is or if they leave it to the last minute. Education and exams have a natural pendulum action between "course work makes it too easy restrict it and do exams" and "exams unfairly favour those good at fact retention and writing fast course work is far fairer". Personally I'd say course work reflects the real world of work far more accurately but then I also think the point of university is for academic people to be academical and advance the boundaries of knowledge so it all comes down to what you think the purpose of school, exams and university is for.

3
0

E-voting and the UK election: Pick a lizard, any lizard

The Mole

Faster Counts and Costs

How much does running a polling station actually cost?

Looking at http://thanet.gov.uk/your-services/elections-and-voting/working-at-elections/working-at-elections/ it's a probably less than a thousand pounds covering staff, transport, pencils and hire.

It adds up but the likelyhood of an all electronic system properly maintained and updated actually coming in cheaper seems low to me.

As for the supposed benefit of poll results coming in quicker my general response is who cares? Even historically it hasn't been a big problem to wait until the next morning to find out who has formed the government, in the current situation even when the poll results have been done it is likely to be days (if not weeks) before we know who the government is anyway.

6
0

Google versus the EU: Sigh. You can't exploit a contestable monopoly

The Mole

Harm..

In many ways I have little issue with Google enhancing its search engine to embed info boxes from its own products (e.g. type a postcode it shows a map), nor is it unreasonable that if you use a combination of google products you may get an enhanced experience.

What I do have a problem with is if Google manipulates the 'organic' search results so that competitors are artificially ranked lower so that a normal user isn't likely to find them compared to results for google products. Manipulating the ranking of competitors making them harder to find would be abusing the monopoly on search results.

17
1

Revealed: The AMAZING technology behind Apple's $1299 Retina MacBooks – a lot of glue

The Mole

Re: Objection!

I think you missed the point of the post. Apple kit (like any other) does have failures - even (as you say) if just from people being people and dropping stuff or spilling liquids on it. Making the devices next to impossible and uneconomical to repair is irresponsible and bad for the environment as for even minor breakages it is more economic to replace the whole unit regardless of the environmental cost.

There is a balance to be had but I for one don't believe that Apple's margins are so tight that they can't afford to effectively screw/clip the battery in place rather than use glue making it near impossible to replace safely,

14
0

Sony tells hacked gamer to pay for crooks' abuse of PlayStation account

The Mole

What evidence do you have that he had a weak password, its not like the Sony network has never been compromised. Alternatively he may have been tricked into entering it on a web form, or credentials could have been sniffed off his network (no idea if it is encrypted or not).

30
1

Euro THERMONUCLEAR REACTOR PROJECT is in TROUBLE

The Mole

Re: Hypocrites

If I remember right it is the European Commission not the European Parliament who are ones with the reallly dodgy accounts. I've always thought that Peter Mandelson must have really felt at home in the commission..

That said I'm sure the quality of the European Parliament accounts and expenses claims are superb...

6
1

My self-driving cars may lead to human driver ban, says Tesla's Musk

The Mole

Re: Not a problem solved

I agree things do go wrong, many humans have coughing fits, distractions around them meaning they avert their eyes (which have minimal redundancy for depth perception anyway), drive erratically due to moods, fall asleep at the wheel, drive when drunk, drive with the onset of dementia, and keep driving even when warning lights, banging sounds, etc suggest that they should stop.

These are all errosr/sensor faults that already happen. A self driving car will have redundancy for important sensors and (unlike humans) will fail safe - pulling over and waiting for a service vehicle to come along and fix the faulty sensor much to the annoyance of the passenger who would just have ignored it. They will never be 100% safe but the probability of the types of errors you describe happening and causing a catastrophic failure is going to be lower than the 'faults' that a proportion of human drivers repeatedly drive with.

As for servicing my bet is that in the short-medium term then either

a) you don't buy the car you hire with servicing and insurance included (as standard insurance companies will initially not insure it)

b) They will be full of DRM/require software being reset during the servicing meaning the only genuine parts at the genuine service station are capable to do it and we will pay through the roof for the privilege.

2
1

Battle for control of Earth's unconnected souls moves to SPAAAACE

The Mole

Re: Did I miss....

To be fair providing access (and sharing) of information on techniques and technology to improve sanitation (e.g. how to make a bio-toilet, how to use malaria nets efficiently or prevent the breading of mosquitos), farming (irrigation methods, accurate weather forecasting, prices in the local (or not so local market), and poverty reduction (solar lights, access to new markets, how to effectively reuse the materials around you) are all things that will contribute to the above. What balance between on the ground and the costs is of course an important question.

20
1

Yahoo! wheels! out! password! on-demand! service! for! simpletons!

The Mole

Doesn't actually reduce security

If you have access to some ones phone sufficient to request the password then you will almost certainly (for most users) already have access to their email accounts that they have on their phones. All this services is effectively automating is the pressing of the 'forgotten password' link and creating the new password through the reminder email link.

Of course if you come to rely on this service you are stuffed if your phone breaks and you can't log in to setup a new phone number as you can't create a one time password to log in with...

3
0

RIP Sir Terry Pratchett: Discworld author finally gets to meet DEATH

The Mole

Re: Oookk. OOK.

I couldn't have expressed it better myself.

11
0

Look, no handsets: How to do telephony without a phone

The Mole

Redundancy

Combining everything onto a single network does have serious limitations though particularly if the network every fails and you want to call the IT team to tell them of that fact...

2
0

Legalising London's bed-hopping economy is POINTLESS

The Mole

Interesting logic

The logic in the article seems to be that because this law isn't currently being enforced then there is no reason to repeal the law. This seems backwards, if the law isn't currently being enforced then councils should either be encouraged to actually enforce it, or the law should be repealed. Having unenforced laws hanging around the statute books are among the worst types of laws, they allow for malicious prosecutions and penalise the people who try to actually be law abiding - if it isn't being enforced and you are ignorant of it then you are (probably) fine, if you aren't ignorant of it and law abiding you loose out.

16
0

Top Euro court ends mega ebook VAT slash in France, Luxembourg

The Mole

Re: VAT Fraud!

The flaw in your argument is that Bob is *generally* more likely to use his increased income to but a newer more fuel efficient car, whilst Joe is *generally* forced to by an old banger and therefore pays more VAT on the petrol he is using.

That said I agree with you it is one of the better taxes, the biggest problem with it are the oddities in some of the rules that make it inconsistent and illogical (books vs ebooks being a prime example).

6
1

Adobe launches cashless bug bounty

The Mole

Re: The problem is cost.

They could at the very least give free subscriptions to their online services - that has a real cost of zero and would encourage people to continue looking for further issues.

4
0

$533 MEEELLION – the cost of Apple’s iTunes patent infringement

The Mole

Re: Gotta love Apple.

What do you mean by a model? Is a computer model/mathematic proof sufficient? After-all why should Mr Smith loose out because he can't afford to manufacture his new jet engine? Without a patent he can't safely go and ask someone else with the skills and equipment to manufacture it as they could just steal the idea and will have the resources to make it quicker.

I totally agree though that the system is broken, mathematical techniques and processes shouldn't be patentable (covering most of software - that can be copyrighted), the tests for innovative, technical effect and non-obvious to someone skilled in the art should actually be enforced. Taking X and shoving it on the internet or on a mobile phone is not generally innovative or non-obvious. Thinks like bouncing menus don't have technical effects and are just processes/mathematical techniques anyway.

14
0

Be your own Big Brother: Covert home spy gadgetry

The Mole

Re: re. 'Casio' and 'Pure' items

My guess is they are genuine Sony/Pure/Casio products.. . just with some 'after-market' modifications done to them and being sold second hand. It's legal with cars, but whether a judge would take the same view of these type of modifications is another matter.

5
0

Evil CSS injection bug warning: Don't let hackers cross paths with your website

The Mole

Its a webserver serving a dynamic page there's no need for the url to bare any relation to files on a file system at all. The website may be configued to pass anything after showthreads.php into the php script - which the script may then just ignore.

The route of the problem would seem to be the browser is way too lenient with parsing css and will pull definitions out of any old junk.

0
0

Page:

Forums