* Posts by Velv

1856 posts • joined 21 Jan 2010

A UK digital driving licence: What could possibly go wrong?

Velv
Silver badge

Re: You've all missed the best part

ApplePay (which uses Apple Wallet) can be activated without unlocking the phone. So no reason the driving license couldn't be made viewable while protecting privacy. In fact, you've probably just proven this should be mandatory

2
1
Velv
Silver badge
Boffin

Re: It Bodes

"...and a certificate of your identity. The latter use only works at all if this is a physical card with security features which make it difficult to reproduce."

The latter use only works at all if this is a physical card item with security features which make it difficult to reproduce.

Lothian Buses do M-Tickets on your SmartPhone - you activate a pre-paid ticket and show the screen to the driver. Sounds easy to "fake". But it's an image with moving elements making it impossible to screenshot. An active security feature is harder to fake, so there's no reason any digital document couldn't have similar features.

2
1

HSBC swinging axe on UK IT department, 840 heads to roll

Velv
Silver badge
FAIL

I don't know HSBCs average for years employed, but I do know the industry average is a little over 10 years.

So HSBC is getting rid of ~8,000 man years of site knowledge.

You can train new people about what's in the book (documentation), but you can't teach that "ah, we saw this fault a couple of years ago, dig out that email". But to an accountant, a techie is just a techie. I wonder when the board is going to notice that the same is true of accountants...

3
0

Sysadmin paid a month's salary for one day of nothing

Velv
Silver badge
Go

My boss caused chaos in the January sales :)

The office was across the road from a large shopping centre. There were around 50 IT staff in the office on the 1st and no catering staff. So for lunch, the boss went over to the shopping centre and joined the queue at Burger King.

On reaching the front, he started:

"Can I have 20 Whoppers, 20 Angus, 20 chicken sandwiches, 20 hamburgers, 20 cheeseburgers and 100 large fries please"

The rest of the queue were not impressed.

9
0

Old, complex code could cause another UK banking TITSUP – study

Velv
Silver badge
Boffin

"... its the quality of the code not the length..."

Quality is a subjective measure. Heavily documented code that's clear and easy to maintain could be quality to one situation where tight efficient complex code is quality in a different situation.

0
0

Colander-wearing Irishman denied driver's licence in Pastafarian slapdown

Velv
Silver badge

"Surely the thing that defines a religion is sincere belief, nothing else.

If you sincerely believe in something/anything then who are "they" to say it is or isn't legitimately a religion?"

And there in lies the problem - what if your sincere "belief" is that some element of society is wrong and that it's your duty to execute them. Does that grant you the freedom to follow your religion?

There needs to be a consensus of acceptable behaviour, and Pastafarianism is a political tool to show a mirror to religion and religious beliefs. If there is anyone on the planet who truly believes in the FSM then they've missed the point completely.

0
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

Velv
Silver badge
Headmaster

Re: Some thoughts

If they're your disks and you refuse to comply then you're first person involvement.

If Seagate* were compelled to provide access to the content of your disks then they'd be a third party involvement similar to Apple.

*or your manufacturer of choice.

2
0
Velv
Silver badge
Big Brother

Re: Q: How is the government ever going to convict bad guys without access to encryption?

Never lose sight of why the FBI really wanted access to his phone. Hint, it wasn't to convict him.

It was to find his contacts - to find the other drug dealers and users he was interacting with so they know who to conduct the above searches against.

3
1

Amazon attempts rule fudge to take exclusive control of new dot-words

Velv
Silver badge
FAIL

Re: Bass-ackward.

But do you own .jake

Didn't think so.

So you don't control *.jake

One wonders if Jake actually understand how TehIntraWebTubes (sic) work

5
1

One million patients have opted out of Care.data

Velv
Silver badge
Boffin

I'm in no way defending HOW this has been done (government is shit), or some of the WHYs, but the statistical analysis and big data elements are actually groundbreaking. You find correlations in seeming unrelated data through proper analysis, and things like prescription rates and referrals are related data so they don't count as big data analysis.

2
6
Velv
Silver badge
Gimp

Re: NHS Digital

Just wait until the digital proctologist comes along...

4
0

Utah declares 'war on smut'

Velv
Silver badge
Joke

Self Removal

Surely all the state has to do is pass a law require transgender people to use their birth bathroom and the porn industry will remove its services from the people of the state ( see North Carolina)?

3
0

Brexit would pinch UK tech spend but the EU wouldn't care – survey

Velv
Silver badge
FAIL

Isn't there a blogger somewhere who specialises in publish pay-walled articles for everyone?

On second thoughts sounds like this ones not worth reading.

2
0

'GPS 2.0' outline calls for open, hackable, interfaces

Velv
Silver badge
Devil

And just how do Google (still) know where the wi-fi base stations are located...

1
0

Drive for Lyft or Uber in SF? Your wallet is about to get lighter

Velv
Silver badge

Re: But I thought...

Uber maintains the stance that drivers are "independent contractors" despite having lost a couple of cases over a few named "employees".

So while SF "can't have it both ways", neither can Uber, Lyft, or any other business

4
0

Met cops shop for £150m IT system. Must have: Data centre ops

Velv
Silver badge

Perhaps its because its not my area of expertise, but are there really COTS options available for operating a Police force?

There are some Operational Management tools out there for managing workloads and mobile workforces, but do they really meet the privacy, security, integrity and audit requirements of law enforcement and justice?

0
0

FBI, Apple continue cat-and-mouse game over iPhones in New York

Velv
Silver badge
Headmaster

Re: Pretty weak position for the FBI here

"...by shutting down DFU updates "

I think we should be careful about what we prescribe as the "fix" for the challenge. There are many good reasons why it might be necessary for Apple to assist a person to access the hardware and content using a particular technical method, e.g. a failed update, a company owned phone, the owner being deceased and the family rightfully requiring access.

The issue is not technical. The issue is the government demanding access to private information, and their right or not to make such demands. Technical workarounds will fail - if the government has the power, they will use it, and they will penalise anyone who obstructs them irrespective of reality. We need to make sure they never get the power.

2
0

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Velv
Silver badge
Headmaster

"no one is above the law"

But that doesn't mean you author utterly stupid and dangerous laws that no one should be above!!!

1
0

PayPal freezes 400-job expansion in North Carolina over bonkers religious freedom law

Velv
Silver badge
Mushroom

Re: Freedom

@Intractable Potshead

So you don't buy into that philosophy, that's cool.

Perhaps you think it's OK not to serve a disabled person, or an old person. Perhaps you think we should take the vote off the Blacks and the Women, because let's face it, they're not worth.

We've had this debate. Not treating people equally is discrimination. The Suffragets fought for equality and the sane people knew it was right. Martin Luther King fought and died for equality, and the sane people knew it was right. Discrimination and prejudice are wrong, and I stand by my statement - if you're not prepared to serve the public equally don't serve the public. I'm not asking you to like them, not liking your customers is a whole different issue.

1
0
Velv
Silver badge
FAIL

Re: Who are Americans?

All people everywhere gain their personal "standpoint" from the views presented by people around them. From their family, their peers, their social groups (including religious groups), TV, film, and sports and all the daily media. Some of those around them may present conflicting views and they make a choice of standpoint.

They don't inherit it genetically.

4
0
Velv
Silver badge

Re: Freedom

"The state can't force you to deal with folks you don't want to."

Well, yes, and no.

If you offer a service to the public, then you must offer that service to all of the public equally. If you are not prepared to offer your services on an equal basis then you should not be offering your services.

Simple. Equal individual rights. Dig?

16
0

Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?

Velv
Silver badge
FAIL

Re: Simpler yet - Just Encryt

D'oh!

Encryption is useless if an authorised and authenticated "user" accesses the data, and this is actually the more common route for data loss.

2
0
Velv
Silver badge
Headmaster

Drupal 7.23 had major issues and Drupal 7.32 was the fix.

OK, it's utter pedantry, but I do wish software authors would look carefully at the version numbers they release, and if the numbers are close (e.g. easily transposed like the above) then increment to another number to avoid potential confusion. This is not the only example I've seen recently where similar version numbers caused much head scratching.

2
0

Managing infrastructure, a newbie's guide: Simple stuff you need to know

Velv
Silver badge

4. Centralised Authentication

If you're in the UNIX world then learn this now - it's a skill that's missing in so many companies. Some places do this integration very well, but many others haven't got a clue, and as time moves on the requirement to use a Directory Service for authentication not just at OS but at application level is going to become much more fundamental.

Don't reinvent the wheel. Integrate with a proven directory service, and if your company already has Windows AD then leverage Windows AD as that directory - the Windows world has been doing this for 16 years now, and while it's far from perfect, it's extremely pervasive.

0
0

White House flushes away court-ordered decryption like it was a stinky dead goldfish

Velv
Silver badge
Holmes

Re: How far ?

I'm in no way suggesting this is anywhere near a reasonable justification for such legislation, but you've got to remember that most criminals are a bit thick, they'll use the standard features on their device, and law enforcement gaining access to the information will secure more convictions. I can therefore understand why some people think it's justified, however like you, I'd suggest any such legislation will just push the really dangerous criminals further underground.

0
0

We bet your firm doesn't stick to half of these 10 top IT admin tips

Velv
Silver badge
Headmaster

Re: 1) is a tad unrealistic

Agreed there are issues that can only be diagnosed under the users credentials.

But the policy will handle that. The user must remain present during the support service. They cannot be permitted to "just bugger off for coffee". Now I know it's difficult for the PFY in his second week to tell the senior manager they can't just leave their password behind or even just leave the computer logged on, but if the senior manager has signed up to the policy in the first place the company should be behind it and the PFY. It doesn't take long for the right culture to be the norm.

6
0
Velv
Silver badge
Facepalm

Re: encourage staff to challenge anyone who's not displaying their badge

Congratulations you've proven you're part of the problem and not part of the solution.

8
6

Security bods disclose lock bypass bug in iOS

Velv
Silver badge
Headmaster

"If there's a bypass that will grant access to data without entering the passcode, then the encryption isn't as strong as it's claimed to be, is it?"

Nothing wrong with the encryption. It's the authentication that is weak.

2
1

Contactless payments come to in-flight entertainment units

Velv
Silver badge
Joke

"in the event of the aircraft losing cabin pressure Oxygen masks are available from the ceiling by presenting your contactless card to the panel above your head"

4
0

'Devastating' bug pops secure doors at airports, hospitals

Velv
Silver badge
Boffin

Re: The service runs as root?

"The service runs as root? ... is just plain laziness..."

"If the input was sanitised, it wouldn't even matter that it was running as root"

Any single failure probably wouldn't be an issue, but this problem and more importantly the subsequent blindness in the comments just highlight that *ALL* areas of the system need to take responsibility for the security of the entire system. No piece can ever rely on security being provided by some other piece.

7
0

US government updates secure email guide for first time in a decade

Velv
Silver badge
Big Brother

Re: Oxymoron

the old comparison being "Military intelligence is to intelligence what military music is to music"

0
0

Bloaty banking app? There's a good chance it was written in Britain

Velv
Silver badge

Re: A few notes ....

"There a reason the worlds banks run on "old" technologies. Tried and tested for one. I'd rather go into space on a 50+ year old Soviet rocket, than the latest gee-whizz from anyone."

It's a balance between how proven the old and the new are. I'd rather go into space on this years model rocket if they've proven for a few months they can launch 10 a day than the 50 year old rocket that's only ever had 10 launched.

Banks are careful about the technology chosen, but as the proven technologies get older the number of experienced people in the world is actually falling.

0
1

Reddit's warrant canary shuffles off this mortal coil

Velv
Silver badge
Boffin

Reddit to be first prosecuted for breaching terms of the letter

Reddit have by removing the canary taken an action which tells everyone that a National Security Letter has been served, and that is likely in breach of the conditions of the letter.

It remains to be tested in court, but Reddit is high profile enough that I can see this being the first to be pushed by the government (I guess it depends on the content of the letter and when the relevant agency is willing to make the details public in court).

While the warrant canary is a nice idea, it's not as neat as people think.

0
2

iPad bricked by iOS 9.3? Don't worry, we'll get through this together

Velv
Silver badge

That being the route in the FBI would like to take.

0
0

Computers shouldn't smoke. Cigarettes aren't healthy for anyone

Velv
Silver badge
Boffin

Back in the days when you could smoke on aircraft the maintenance crews found the yellow staining a great indicator for finding the leaks in the pressure vessel.

7
0

MH-370 search loses sharpest-eyed robot deep beneath the waves

Velv
Silver badge

Re: Waste Of Time

Even if such satellites were operating over the ocean at the time, the data will probably have been dropped instantly.

They weren't looking for the plane, so the chances of catching the incident by accident are minuscule, and given the vastness of ocean with nothing happening there wouldn't be analysts wasting time to look for anything in the footage, so it would just get dumped.

4
0

Google to unleash Android Pay on UK shoppers within 'months'

Velv
Silver badge
Boffin

Re: I don't see any point to this

Can't speak for AndroidPay, but ApplePay tokenises the details from the App so that as they pass through the card machine and over the network they cannot be copied and used elsewhere.

If you just use your card (contactless or normal) then the card details can be stored or stolen and used elsewhere (and there are plenty of examples where this has happened with dodgy card machines and dodgy retailers).

0
0

Google gives away its internal $200 patch analysis tool for free

Velv
Silver badge
Boffin

Call me cynical, but one of the advantages of paid for tools is that there is a profit market for innovation and diversity. If all researchers use the same free tools they run the risk of making the same mistakes in their research.

OpenSSL was/is a great security library for developers. Open source is great because anyone can read the source code and find any bugs. It all fell down when it turned out nobody had read the source code and it had quite a serious bug.

0
0

Swede builds steam-powered Raspberry Pi. Nowhere to plug in micro-USB, then?

Velv
Silver badge
Coat

Steam Radio

Is the Pi running an Internet Radio Streaming app? Or should that be steaming app?

7
0

Flying Scotsman attacked by drone

Velv
Silver badge
Coat

Re: Clearly impossible

Having applied a fresh cup of really hot tea you've just proven that the more unlikely something is to occur the higher the probability it will happen sooner rather than later

7
0
Velv
Silver badge

Re: Think of the cost implications

"They'll have to employee someone to scrape all the drones off the front at every station...."

They don't bother scraping off the remains of other flying objects a train hits. And presumably to be mainline certified the windscreens will have been tested with the chicken gun.

5
0

Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack

Velv
Silver badge
Headmaster

Re: They gave him their password

He pled guilty to one count of unauthorised access to a computer system.

That doesn't mean that was one of the 122 accounts he accessed (which will be 122 separate counts of phishing or fraud or whatever that actually is in legal terms when you trick the victim into granting you access). It's an entirely different and charge.

But the evidence on that one unauthorised access was probably the best evidence they had of securing a conviction without going to court, the threat to him being a court might find him guilty of the 122 counts of fraud and a substantially larger sentence.

1
0

UK Snoopers' Charter crashes through critics into the next level

Velv
Silver badge
Big Brother

Re: Where were the opposition?

The problem is most MPs and parties have been brainwashed to believe that something is required or the country will fall apart. They believe in some form of new powers "to tackle terrorism and crime". Even if they don't believe every word of the current bill they believe there must be a new bill on surveillance and electronic communication interception.

And the fastest way to get those new powers approved is to let this bill pass to committee and hope they can amend it prior to final reading.

What happens next will be the real tell-tale...

4
0

Steve Jobs, MS Office, Israel, and a basic feature Microsoft took 13 years to install

Velv
Silver badge
Mushroom

So something that's used by 0.0012% of the world population is a "basic feature"

Sounds more like someone has a chip on their shoulder

8
10

Want to kick butts? Go cold turkey

Velv
Silver badge
Gimp

They also received "behavioral support from nurses", which may or may not have included being handcuffed to a cast-iron bedstead at gunpoint.

I've never smoked, but if they need someone to be in a control group just send me a message

7
0

Police use of illegally held biometrics broke the law, says commish

Velv
Silver badge
Black Helicopters

In a parallel, there are rules where if the spooks have illegally collected data which proves a suspect did not commit a crime they are being investigated for the spooks are required to informally brief the police that they are "barking up the wrong tree".

Tinfoil hats on...

5
0

Only 12% of UK thinks Snoopers' Charter is 'adequately explained'

Velv
Silver badge
Big Brother

It's easy to explain the Investigatory Powers Bill - the authorities are going to gather together evidence on everyone on the presumption that everyone is guilty prior to them committing any crime

11
0

7,800 people's biometric data held on police anti-terrorism database

Velv
Silver badge
Joke

The way things are going they'd be better keeping a database of people who aren't "criminals".

That way when you get stopped :" ah, you're free to go Sir, you're on the known good list" or "sorry Sir, you're not on the list, we need to take you in"

2
0

A typo stopped hackers siphoning nearly $1bn out of Bangladesh

Velv
Silver badge
Pirate

Did the thieves get the spelling wrong on the transfer, or was the spelling wrong on the original email from the Nigerian Prince?

8
0

What's next? FBI telling us to turn iPhones into pocket spy bugs? It'll happen, says Apple exec

Velv
Silver badge

Re: America is not the world

So let's assume Apple is forced to write new Government mandated firmware...

Will Homeland Security be checking the devices of travellers to the USA on arrival:

"Excuse me Mr Tourist, we see you've got an iPhone? Is it the US version or the non-US version (in which case we are going to deny you entry)?"

And is any country going to ban the US version? Wasn't it The Netherlands that recently implemented laws preventing this type of privacy invasion, in which case are Merkin Fanbois going to be barred from Holland?

0
0

Forums