Feeds

* Posts by Tom 13

5837 posts • joined 10 Jun 2009

Carders punch holes through Staples

Tom 13
Silver badge

@Glenn 6

Bullshit!

Stores started swiping credit cards long before the data gathering began. They started it because transferring the numbers electronically was more accurate than running a card through a mini-mimeo machine and collecting a signature. The mini mimeo machine meant the numbers had to be transcribed later by workers at VISA. The reduction in losses was reflected in the reduced costs VISA passed along to the businesses for swiping cards instead of imprinting them. It's been about 15 years since I had to look at the numbers, but I don't expect that aspect of it has changed.

0
0
Tom 13
Silver badge

Re: wouldn't even be an issue if cards had a chip & pin

Shoddy thinking. If the thieves have access to install a skimmer, they have access to install a device to intercept both the chip data and PIN transmission.

I shop in US stores all the time. I for one am happy they no longer engage in the kabuki theater that use to be security for a credit card purchase. I remember the bad old days of a clerk pulling out a month old book to see if my credit card was on the list of stolen credit cards. And having my credit card declined because I made the fatal mistake of buying gas for my one car from the pump before heading inside to pay the clerk for the repair work they finished on my other car.

It's not that I am unaware of the problems. In fact, I've just gone through the process of canceling one of my credit cards and getting a new one because dodgy charges showed up on it. Neither VISA nor I can identify where or how the card was compromised. But they caught it, no goods were exchanged, and the bad guys didn't get money. I don't expect chip and PIN would have prevented it, but their monitoring caught it.

0
0
Tom 13
Silver badge

Re: Simple solution

The UK has now admitted Chip and Pin isn't infalible like they claimed it was. All it did was allow banks to dodge responsibility for fraud for a couple of years.

What security checks do you think a minimum wage monkey could actually be trusted to make? Check the signature? Right. I've been to college, I know how easily fake IDs are obtained for getting into bars and bars ARE legally liable for serving minors.

The only solution is to start holding the banks and the businesses with crap security responsible for the full extent of the economic damage they do to the users who are compromised by their failures. If that means the limited liabilities on corporations need to be modified, so be it. I'm all in for holding the officers of the corporation personally responsible for the breaches in cases like this.

5
0

US Senate's net neutrality warrior to Comcast: Remind us how much you hate web fast lanes

Tom 13
Silver badge

Re: They're a parasite biznizz.

Yes, but compared to the parasite shaking them down for more contributions to his campaign re-election funds, they're just a small parasite.

0
0

Are you a gun owner? Let us in OR ELSE, say Blighty's top cops

Tom 13
Silver badge

Re: wouldn't be best advised to tell the plod to piss off

If you can't tell him to leave, he isn't just asking politely is he?

So yes, it IS an increase in power. If the police need to show up unscheduled, they should need to take it in front of a judge for approval. Even that can be just a procedural instead of actual protection in some places. But leaving the police as judge and police is ill advised.

1
0
Tom 13
Silver badge

Re: Oh, we have a full on, media driven, breakdown in the rule of law

That is precisely the time at which gun rights are most dear.

1
1

Sysadmin with EBOLA? Gartner's issued advice to debug your biz

Tom 13
Silver badge

Re: The meek will inherit the earth

The critical claim from CDC and WHO is that Ebola is only communicable after the infection manifests itself. If they're off about that, we're in a world of hurt. Just yesterday they admitted that while they're sure that's true, it hasn't been tested. I will grant that given what we know about infectious diseases, it warrants a 95% confidence rating. Is that high enough for a disease that is 50-70% fatal?

The real problem here is that if you get an outbreak in one of our major metropolises they will self-evacuate. Except in this case that will mean dispersal of the disease to more regions. So they HAVE to nip this in the bud. The only way to do that is to quarantine everyone who has had contact with each and every infected person. Even if that includes 100 people on plane that was only a 1 hour flight. So far the Keystone Cops on this side of the pond haven't been willing to say and more importantly, DO that.

0
0
Tom 13
Silver badge

@Alistair

If it was as easy to kill as you claim, it wouldn't be the threat that it is, even in Africa. It certainly wouldn't have infected healthcare professionals in first world countries who were following Ebola protocols. And it wouldn't be killing so many healthcare professionals in Africa who are treating the disease.

There are multiple problems with trying to combat Ebola. For me the biggest is the Keystone Cops routine the US and especially the CDC have been displaying. Things might be better on that front in Ole Blighty. Next up is that when you compare flu symptoms the only flag you have is previous contact with someone who was know to have Ebola.

So yes, it is something to be concerned about. Not panicked, but not blase either. At least until the Keystone cops start acting like people who have a clue about stopping the spread of a highly lethal communicable disease.

1
0

FIRST standards to clean up messy CERTs

Tom 13
Silver badge

Security in IT these days is very nearly a house of mirrors.

At a fundamental level, they're practicing security through obscurity because they're afraid that releasing the data tells the bad guys too much. Only after a threat is well understood and they think they have a fix suitable for an AV-type company do they publicly release the data. This seems to apply even when stopping the threat is best done by patching the software.

On one level I understand it and sympathize. On the other hand, it sure seems to make life more difficult on the rest of us.

I'm glad I don't work IN the house of mirrors, and only need to transit it from time to time. I much prefer the clarity of "the magic smoke got out, can you fix it for me?"

0
0

Torvalds CONFESSES: 'I'm pretty good at alienating devs'

Tom 13
Silver badge

In my old age, I've developed a tolerance for Jobs.

He produced some decent hardware. My take on Torvalds is that he has light years to go before reaching the prick level Jobs achieved very early in his career. If Torvalds ever reaches the same level Jobs did, I may re-evaluate my good opinion of him. But not until then. And neither pretty boy nor any of his Torvalds hating acolytes posing as news writers will alter that opinion before then.

1
0
Tom 13
Silver badge

Re: Don't start off being obnoxious

Oddly enough I knew someone who used this line of thinking to masquerade his occasional outburst. By starting every conversation off with "What a maroon!" Or "What a l.user!" he established figured the real outburst would just be part of the pattern.

...

No, it didn't actually work. You could tell when he was really upset by the color of his face. But the language wasn't any worse than his friendly greeting.

0
0
Tom 13
Silver badge

@Filippo

That was written with all the confidence of someone who has never been involved from the ground up of a successful, large, volunteer project.

Emotions always come into play. The biggest piece of bullshit anyone ever dishes is that you solve all problems by focusing on only the technical. Human beings don't work that way. The question to the manager is always: Is it worth my effort to deal with their ego at the same time I deal with the technical issue.

It's never fun being on the receiving end of the vulgar and emotional attack. I know I've been there and the accusation was a hell of a lot worse than anything Torvalds ever wrote to any of his devs. The title of the email, sent to the entire group on the mail list was:

YOU FUCKING THIEVES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

It went on to accuse the board of directors of colluding to give improper compensation to the friend of the current President of the organization. At the time I was treasurer and the one who was actually driving the decision. The person making the accusation was one of the founders of the group. He was heavily emotionally invested in the success of the group because of the long hours he labored in promoting it. We resolved the issue by forwarding the issue to the lawyer who proceeded to explain the seriousness of the email to the sender. Because of the long distance and indirect communications it required the better part of a month to resolve. Eventually the sender recognized the valid reasons for the decision, withdrew the accusation, and apologized for his emotional outburst. There were complex reasons for the outburst. First up was an underlying animosity between the sender of the message and the person who was being contracted to do work for the NPO. Second up was that the sender considered himself to do the work and said he would have done it for free. Next up was that the sender felt shut out of the decision making process. The key to the resolution wasn't actually focusing on the technical issues. Those were down pretty cold: the person contracted had already written a similar program for a larger organization than we were and was actually being paid a pittance for the work. The pittance was more of a chain for the NPO to ensure it was done on time (always the biggest problem in an NPO). But what actually resolved the issue was showing him that we were taking his concerns seriously, even to the point of having the lawyer handle a fair part of the discussions and openly discussing the issues at meetings. Healing the emotions was as important to the resolution as addressing the technical issue.

While I wouldn't say the two individuals are good friends these days, they are civil to each other, and from time to time invite the other to social events.

Bottom line: programs are mostly written by geeks who for the most part are better at talking to machines than they are to each other. Recognize and accept that and you can deal with it better.

6
0
Tom 13
Silver badge

Re: which isn't the same thing.

to stupid and stubborn people, it is. Which is at the heart of the problem with Putterings.

3
0

HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'

Tom 13
Silver badge

Re: how much the cable companies here are despised.

And when he says "cable companies" we plebes include Verizon in that, just like we include Comcast when they say "telcos". The lawyers can pick their nits, but eventually we plebes always win the language war.

0
0
Tom 13
Silver badge

Re: I believe this is a misunderstanding

No, it's skipping the lawyerese and translating it into plain ordinary English ('Merican version, not Brit). When I use to work at a screwdriver type white box IT shop we had a saying: "You can pay us a service contract over time, or you can pay us service rates on demand. Either way it works out about the same for us."

1
0
Tom 13
Silver badge

Re: Broadcast and Comercial TV is dead

No, broadcast and commercial tv are why cable survives, at least in the US. We have the FIOS bundle because of the amount of long distance phone calls my roommate makes and because she wants to watch the new broadcast tv episodes more or less as they are released. We DVR everything, but normally watch it within the week. Mostly she likes the DVR for skipping commercials. Hulu et al may eventually change that model, but only when the studios stop depending on the major networks as their primary money source.

I don't follow the logic of this story at all. With the exception of a very, very few acclaimed series and sports, nobody except hotels subscribes to HBO in the US. Their selection is crap and has been for a long time. That's why they are the first ones to head to OTT. I tried HBO about 20 years back. They'd get 5 movies a month that they endlessly cycled. If you want to watch movies Netflix is simply a far better deal. Even Showtime and Skinemax have more fare than HBO. And the line about how expensive it is to buy HBO because of packaging is complete bollux. You can get a basic subscription and add HBO to it. No need for the other packages. Same with Showtime, Skinemax, The Movie Channel, Playboy, and all the other Premium channels. The reason they're called Premium is you pay a substantial price for a single channel. Back when I briefly had the subscription it was $30/HBO or $50/HBO and Skinemax combo. Even if the price has dropped to $10, that's more than the Netflix subscription.

Do I think the industry would do better in full streaming, watch on demand mode? Probably. Structure the season with Release date/times for episodes that resembles the current programming schedule and I think they could make it work. But they aren't ready to make that move yet.

3
3

WikiLeaks reveals new draft of Trans-Pacific Partnership

Tom 13
Silver badge

Re: Unrepresentative

The modern Democrat party has completed FDR's march toward communism. They don't care about rights as we once understood them, only group rights. And as some pigs are more equal than others, they have grown accustomed to eating at the troughs they once derided.

Now get with the program before they send you off to a re-education camp.

1
14

Scientists skeptical of Lockheed Martin's truck-sized FUSION reactor breakthrough boast

Tom 13
Silver badge

Re: The kind that can pass a Turing test.

The problem is the Turing test is too difficult to pass. In fact if you applied the Turing test to 100 randomly selected people, I'm sure at least 25% would fail it.

Full disclosure: this thought did not originate with me, but I have no clue where I first read it. Probably somewhere here on El Reg.

0
0
Tom 13
Silver badge

Re: why are they looking for outside investment for this?

There's a great deal of detail missing from the article. If the new production line would cost $10bn to ramp up, even $2.9bn/yr in profits isn't enough to fund it. Even if it pretty much guarantees $6bn/yr after the line is up and running. So you look for investors.

The catch on that is that there is a great deal of detail missing from the article. So they could be selling a perpetual motion machine under another name.

3
0

Arab States make play for greater government control of the internet

Tom 13
Silver badge

The real world can be a real biatch.

If you want the most open internet possible, you have to support the country that slurps the most data regardless of how much you dislike their data slurping.

If you're in a non-US country, because of the data slurping, the US will try to keep the pipes as wide open as possible.

2
0

NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)

Tom 13
Silver badge

So we should gird ourselves for a grid attack. Or would you prefer for your comments to remain guarded at this time?

0
0

Heistmeisters crack cost of safecrackers with $150 widget

Tom 13
Silver badge

Re: My extensive knowledge of nuclear weapons

Mine tells me you don't actually have to worry about it at all. In the worst case scenario the timer stops at 1.

See also, Galaxy Quest.

0
0
Tom 13
Silver badge

Even at $1500 you have significant savings over a machine worth tens of thousands of dollars and sold only to military customers.

0
0

Remember that tale of a fired accountant who blamed Comcast? It's kinda true, says telco

Tom 13
Silver badge

Re: find out real quick how the wiretap laws work,

If you have any doubts about that for the US side of the pond, Google "Linda Tripp". Because that's the bit they used to threaten her when they didn't like what she was doing.

0
0
Tom 13
Silver badge

Re: had a fun time in Federal court last year

Sadly, the problem with the current US justice system is that only applies to that particular instance of your particular case. That whole precedent thing is only pulled out if it agrees with the ruling the judge wants to render.

I concur that OUGHT to be sufficient. In fact, I'm of the opinion that it shouldn't be illegal to record any call, only to misuse such a recording in an attempt to blackmail the other party.

0
0
Tom 13
Silver badge

Re: pegged my bullshit-o-meter, too.

Yep. Talk about a prime example of a non-apology apology accompanied by a non-denial denial.

1
0

Activist investors DESTROY COMPANIES. Don't get me started on share dealings...

Tom 13
Silver badge

Re: Both Apple and MS pay dividends

Only after threats from the activist investors force them to do so.

0
0
Tom 13
Silver badge

Re: @Spartacus (No many times its NOT really their money!)

If the company can borrow against benefits and pensions, the money never belonged to you in the first place.

0
0

Antarctic ice at ALL TIME RECORD HIGH: We have more to learn, says boffin

Tom 13
Silver badge

Re: Lets try an experiment.

Except your experiment does not correctly reflect the data set. The data set is:

55, 55.1, 55.2, 55.3, 55.4, 55.4, 55.3, 55.4, 55.4, 55.3, 55.4, 55.3, 55.4

and you're throwing out all the 55.4s as outliers.

0
1
Tom 13
Silver badge

Re: with El Nino peaks removed

NO! NO! NO! NO! And I say again NO!

When you are doing REAL science you don't get to remove actual data that disagrees with your theory! This is the fundamental problem with your Warmist cult.

2
3
Tom 13
Silver badge

Re: "We have more to learn"

There's nothing cynical about telling the truth.

Although on a Page article that's brings out the Warmist trolls, you will collect a lot of downvotes.

1
1
Tom 13
Silver badge

Re: the extreme weather gets more common

Or not:

http://www.weather.com/news/weather-hurricanes/florida-hurricane-free-streak-luck-run-out-20140801

http://www.livescience.com/39619-major-hurricane-landfall-drought.html

1
1
Tom 13
Silver badge

Re: Care to substantiate that with a linky?

The links provided don't even rise to the credibility of The Weekly World News.

1
0
Tom 13
Silver badge

Re: In short the climate models are a busted flush.

Only if by "busted flush" you mean two diamonds and one of everything else.

In fairness, given the hand is so bad poker doesn't actually have a name for it, I suppose I shouldn't quibble.

0
0
Tom 13
Silver badge

Re: What's the problem with this?

I've tried making fancy layered drinks a few times. They're darned hard to make without a heck of a lot of practice. And their viscosities are a heck of a lot different than sea water and fresh water.

1
0

Google AXES AndroidScript app used by 20,000 STEM coders WITHOUT WARNING

Tom 13
Silver badge

I agree about the Terms and Conditions, especially for a developer who has probably written his own terms and conditions for an app. Not so sure most people would think using the trademark name in the title was dodgy. But T&C is enough to limit my sympathy as well.

0
0
Tom 13
Silver badge

Re: There was no need to stop it.

Yes there is. The way the game is played is the Trademark Owner must start by saying "you're not allowed to do that, stop it." Then the offender responds "What would it take for me to be able to do that?" At which point you can discuss the license terms. I've been there with a small outfit and a no-name lawyer and they played it the same way as the super expensive lawyer. And the truth of the matter was, we were honored that one of the big boys was tipping their hat to our little convention. It gave us exposure no amount of advertising money possibly could have. If you're a gamer, chances are you've even seen the trademarked character, but probably got the order of appearance wrong. Convention came first, character second.

1
0

AT&T to fork out less than two days' profit in bogus bill charge flap

Tom 13
Silver badge

Operating Income =\= Profit

Yes, the fine is atrociously inadequate. That doesn't mean El Reg should stoop to the same levels as the telco almost monopoly.

0
0

Microsoft: Yeah, about that 50% post-Christmas customer price hike...

Tom 13
Silver badge

Re: "Home-Premium"

Yep, big difference between consumer and business pricing.

Another IT Fish Story

Incoming VP-type Fish says: I know the specs on the laptop I want here they are and hands them off to Pilot fish.

Pilot Fish takes specs, looks on approved vendor site. Approved vendor is Dell. System specs only match for an XPS laptop. But Pilot fish is contractor, not authorized purchaser, so he isn't looking on the approved purchasing portal site. So he calls vendor to find his assigned sales person. After 20 minutes of work he has name and email address so he sends specs only (not the device he found) to sales agent to request pricing and ordering information (not a quote, just the information). Sales agent returns a recommendation for a a Latitude 6xxx series laptop because the XPS is a consumer offering and not available via the approved purchasing portal. Final kick: Latitude doesn't meet one of the key specs, it's 1 pound heavier than VP-type Fish wants. In fact, there is another Latitude laptop that does meet that requirement and it is listed in the approved portal. Which Pilot Fish knows because we received several in the last few months.

Full disclosure: I'm not the Pilot Fish, I just sit next to him at work.

0
0
Tom 13
Silver badge

Re: Microsoft to come out on top on a cost benefit analysis

Sure, if one of their droids is doing the C/B analysis. But what if you're running a proper one that includes the retraining costs every time they shaft users with a new interface because they're bored?

Gawds I still recall some arsewipe standing in front of us when our small non-profit was migrating from Windows 3.11 to 95 and WordPerfect 5.1 to 6.1. "Once you learn how to use this new interface you'll never have to learn another interface again." Yet with each new version SOMETHING in the interface gets f*cked from the way you've been doing it for the last 3-5 years.

0
0

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Tom 13
Silver badge

Re: Baffled

The vendors do enable proper security. The banks just fail to implement them.

A couple of posters have noted "proprietary networks" and that's the way it OUGHT to run. But all too often a bean counter says "we're paying for high speed internet in that office, why can't we just use that." And an IT guy starts talking about VLANs and firewalls so it gets approved. Because that proprietary network at slower speeds will cost as much or more than the connection they already pay for.

Likewise the logging and the access controls. I think I was only ever called to work on an ATM machine a couple of times. But I was never required to log my access to the system. Yes, I did my work while an authorized bank agent watched. But they really had very little clue about what I was doing. If I slipped in a USB drive to run an authorized update and the USB had a silent trojan installer they never would have known. Worse, they wouldn't have been able to trace it. Fortunately I'm an honest sort of person.

3
0
Tom 13
Silver badge

Re: they run on their own private network, with no link to the Internet

In the vendor's literature maybe. In practice?

...

Not so much.

1
0
Tom 13
Silver badge

@ Robert Helpmann??

I will definitely confirm that stability angle. I started life as a DTP specialist. I got pissed off about a job and applied to the husband of a coworker for a tech position. For illogical reasons he hired me. This was back around the time 16x CD drives were just hitting the market. The very first week on the job (very first day IIRC) we got a call from one of his clients on the other side of DC. It was a bank and their Federal Funds PC had died the previous evening. For a bank this is a really big deal. By law they need to settle up with the Feds at least once every two business days and they'd already missed their first day. Boss says no problem. Calls up a supplier requests a courier drop of an IDE drive to the affected bank and asks the branch manager to call us after he gets delivery. Shipment came in the early afternoon and we headed over. Branch manager takes us to the machine. I looked at the case and commented that it looked really old. Baked white paint on heavy gauge metal old. We moved the monitor off it and confirmed it was an IBM style AT case. We opened it up. First thing we had to do was peel off a layer of dust from the inside of the machine. It lifted off just like a bed sheet. And that's when despair struck. It was and IBM AT with a 286 processor and a genuine MFM hard drive. There were no PCI slots to drop in an IDE drive controller. And the floppy was a genuine 5.25 low density floppy. Somehow or another we managed to rig a 3.5 floppy to it boot from the floppy and copy the data from the MFM to floppies. When we fdisked the drive it came back to life and we were able to transfer the data back to the drive. The bank made their Fed Transfers that night. We also told the bank manager he needed to replace the system pronto because you couldn't get MFM hard drives anymore. I understand this was no small prospect because the key component of the system was an encrypted modem card that cost more than the brand new IBM computer did when it was originally purchased.

5
1
Tom 13
Silver badge

@Bod

Wow, so much garbage such little useful information.

Yes, the OS does matter. The point of this particular malware is to leave the machine operational so it gets restocked and hit it at random times. Probably uses a different install crew than pickup crew.

The whole point of an ATM kiosk is to be a COTS solution. That means either a CD or a USB port and no custom rolled BIOSes. Yes the machine should be physically secure and it should have video coverage of access to the locks on the ATM as well as cams on the front.

The only actually useful bit is that the BIOS should be properly configured to require booting from the installed OS device which probably ought to be a hard-drive, and it should require a password to modify. Of course those precautions are pretty much straight out the window if the thieves have physical access to the device anyway.

The big problem here is that these systems are typically installed on a lowest cost basis. It's been more than a decade since I did support work for a local bank. At the time their ATMS were running an almost out of date version of Windows with no expectation they'd be replaced soon. I can't remember anymore whether it was 95 or if they'd at least used NT4, but I'd bet it was 95. In theory the ATMs were secure because the access door was on the inside of the bank. This particular chain didn't have any kiosks in shopping malls or grocery stores.

2
2

Yes. Economists DO love MAGICAL, lovely HUMAN SELFISHNESS...

Tom 13
Silver badge

kmac499

The one advantage economists have over Warmists is that they accept that the model is too complex to ever be able to accurately model. And some parts of the economy are well modeled. For instance, we know if you raise the minimum wage you lose jobs. Which is more than Warmists know about CO2.

2
5

Doctor Who becomes an illogical, unscientific, silly soap opera in Kill The Moon

Tom 13
Silver badge

Re: shuttle relies on an atmosphere in order to glide

Who are you going to believe? The paid liars at NASA? Or the actual pilots who have flown the shuttle?

0
1
Tom 13
Silver badge

Re: requires a metric fuckton of energy.

Not necessarily. It could be done by warping the mass in from somewhere else. But that would take the episode in a completely different direction than the one they took. For the one they took, yes, yes it would.

0
0
Tom 13
Silver badge

Re: a totally inane story and premise.

Dr. Who can work with a totally inane story premise. But in this episode it's like they forgot who the characters were. The Doctor is acting more like the Master and they're doing the same thing to Clara they did to Ramana. I liked that Ramana was smarter and more mature than the Doctor when she first appeared. Then over the course of Key to Time they degenerated her into a clueless fawning puppy dog.

0
0
Tom 13
Silver badge

Re: Is Capaldi going the way of Colin Baker?

From CB I got more pompous than ass even though he was a pompous ass who evolved into a likeable character. The way they've written the scripts so far for Capaldi I'm getting more "ass" and maybe Valeyard, which now that he's got unlimited regenerations doesn't make sense.

0
0

Strange tale of an angry bean counter, Comcast and a shock 'firing'

Tom 13
Silver badge

Re: Just for the record...

You're right of course. But at this point in time, telcos aren't telcos either. As far as I can tell, for all practical purposes there are no differences between Comcast and Verizon at this point. It's only a matter of time before the law catches up with that fact.

http://hothardware.com/News/Say-Goodbye-To-The-Landline-ATT-And-Verizon-Want-To-Cut-The-POTS-Cord/

http://www.marketwatch.com/story/why-att-and-verizon-arent-hung-up-on-land-lines-2014-03-31

http://www.ustelecom.org/sites/default/files/documents/130403_Voice_Comp_Update.pdf

The PDF shows 2013 estimates that POTS service in the US would be down to just 25% of users.

1
0