* Posts by Velv

1867 posts • joined 21 Jan 2010

Global 'terror database' World-Check leaked

Velv
Silver badge
Coat

Re: uhh

I thought Who was on First

6
0

Florida man sues Apple for $10bn, claims iPod, iPhone was his idea

Velv
Silver badge
Boffin

"Here's the report you requested Captain Pickard"

1987

5
0

Chatbot lawyer shreds $2.5m in parking tickets

Velv
Silver badge
Unhappy

"Do you wish to register a complaint?"

"Yes" > /dev/NULL

2
0

Kremlin wants to shoot the Messenger, and WhatsApp to boot

Velv
Silver badge
Boffin

This is a good thing!

No, wait, let me explain that statement.

If governments are forcing the hand of the big multinational companies then those companies will have little choice to remove the end to end encryption since one product will not work in all countries.

We tend to use the biggies through laziness. It comes bundled and our friends us it. Without the proprietary biggies, the public will then turn to open communication platforms following open communication standards that no country can control. There will be dozens of different clients available from authors around the world and no country will have the ability to shutdown all the individuals who wrote those clients.

A country may be able to threaten a user, but then the (innocent) user has the option of handing the government their previous conversations (but you'll know they have them!).

OK, I'm not really saying the Russian law would be a good thing (or the Merkin, UK, or any other government back door). But maybe if someone points out how simple it is to circumvent then perhaps common sense will prevail (facepalm).

2
0

Wales gives anti-vaping Blockleiters a Big Red Panic Button

Velv
Silver badge
Headmaster

"Vaping is harmless"

They claimed smoking cigarettes was good for you. Until they found out it wasn't.

0
4

Bloke flogs $40 B&W printer on Craigslist, gets $12,000 legal bill

Velv
Silver badge
Coat

Ironically, isn't this the very type of "Service" that made CraigsList infamous???

2
0

Engine warning light appears on Uber's $100m driver settlement

Velv
Silver badge
Terminator

American lawyer unfairly profits from legal settlement. Surely not. That would never happen.

12
0

Capitalize 'Internet'? AP says no – Vint Cerf says yes

Velv
Silver badge
Headmaster

So what about The Cloud, which is of course both The Cloud as a concept of some kind of service in, ear, well The Cloud, and The Cloud which is a company that provides wifi access.

0
0

Unicode serves up bacon emoji

Velv
Silver badge
Go

Gorilla

Harambe

1
1

Flytenow's other wing clipped: second appeal fails

Velv
Silver badge
FAIL

Re: Hypocrisy

In the UK, uber drivers still need to be licensed minicab drivers with full commercial insurance on the vehicle as a minicab. So no hypocracy over complying with the regulations.

Globally Uber has been the subject of 200+ plus lawsuits for not complying with local legislation. So no hypocracy about allowing multi-million dollar owners to make money from spare car seats.

The fact the multi-million dollar owners continue to break the law and haven't gone to jail yet is a different issue.

3
0

Get outta here, officer, you don't need a warrant to track people by their phones – appeals court

Velv
Silver badge
Big Brother

Now let's turn the ruling over metadata on its head and see where we get to...

"Dear Mr Phone Company.

Please give us the details of all phones that were within 50m of nn.nn.nnn, ww.ww.www on mm/did/yy* between hh:mm and hh:mm.

Regards

The Authorities"

*its an article about Merkin authorities. We all know the real way to express a date is dd/mm/yy

1
0

A UK digital driving licence: What could possibly go wrong?

Velv
Silver badge

Re: You've all missed the best part

ApplePay (which uses Apple Wallet) can be activated without unlocking the phone. So no reason the driving license couldn't be made viewable while protecting privacy. In fact, you've probably just proven this should be mandatory

2
1
Velv
Silver badge
Boffin

Re: It Bodes

"...and a certificate of your identity. The latter use only works at all if this is a physical card with security features which make it difficult to reproduce."

The latter use only works at all if this is a physical card item with security features which make it difficult to reproduce.

Lothian Buses do M-Tickets on your SmartPhone - you activate a pre-paid ticket and show the screen to the driver. Sounds easy to "fake". But it's an image with moving elements making it impossible to screenshot. An active security feature is harder to fake, so there's no reason any digital document couldn't have similar features.

2
1

HSBC swinging axe on UK IT department, 840 heads to roll

Velv
Silver badge
FAIL

I don't know HSBCs average for years employed, but I do know the industry average is a little over 10 years.

So HSBC is getting rid of ~8,000 man years of site knowledge.

You can train new people about what's in the book (documentation), but you can't teach that "ah, we saw this fault a couple of years ago, dig out that email". But to an accountant, a techie is just a techie. I wonder when the board is going to notice that the same is true of accountants...

3
0

Sysadmin paid a month's salary for one day of nothing

Velv
Silver badge
Go

My boss caused chaos in the January sales :)

The office was across the road from a large shopping centre. There were around 50 IT staff in the office on the 1st and no catering staff. So for lunch, the boss went over to the shopping centre and joined the queue at Burger King.

On reaching the front, he started:

"Can I have 20 Whoppers, 20 Angus, 20 chicken sandwiches, 20 hamburgers, 20 cheeseburgers and 100 large fries please"

The rest of the queue were not impressed.

9
0

Old, complex code could cause another UK banking TITSUP – study

Velv
Silver badge
Boffin

"... its the quality of the code not the length..."

Quality is a subjective measure. Heavily documented code that's clear and easy to maintain could be quality to one situation where tight efficient complex code is quality in a different situation.

0
0

Colander-wearing Irishman denied driver's licence in Pastafarian slapdown

Velv
Silver badge

"Surely the thing that defines a religion is sincere belief, nothing else.

If you sincerely believe in something/anything then who are "they" to say it is or isn't legitimately a religion?"

And there in lies the problem - what if your sincere "belief" is that some element of society is wrong and that it's your duty to execute them. Does that grant you the freedom to follow your religion?

There needs to be a consensus of acceptable behaviour, and Pastafarianism is a political tool to show a mirror to religion and religious beliefs. If there is anyone on the planet who truly believes in the FSM then they've missed the point completely.

0
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

Velv
Silver badge
Headmaster

Re: Some thoughts

If they're your disks and you refuse to comply then you're first person involvement.

If Seagate* were compelled to provide access to the content of your disks then they'd be a third party involvement similar to Apple.

*or your manufacturer of choice.

2
0
Velv
Silver badge
Big Brother

Re: Q: How is the government ever going to convict bad guys without access to encryption?

Never lose sight of why the FBI really wanted access to his phone. Hint, it wasn't to convict him.

It was to find his contacts - to find the other drug dealers and users he was interacting with so they know who to conduct the above searches against.

3
1

Amazon attempts rule fudge to take exclusive control of new dot-words

Velv
Silver badge
FAIL

Re: Bass-ackward.

But do you own .jake

Didn't think so.

So you don't control *.jake

One wonders if Jake actually understand how TehIntraWebTubes (sic) work

5
1

One million patients have opted out of Care.data

Velv
Silver badge
Boffin

I'm in no way defending HOW this has been done (government is shit), or some of the WHYs, but the statistical analysis and big data elements are actually groundbreaking. You find correlations in seeming unrelated data through proper analysis, and things like prescription rates and referrals are related data so they don't count as big data analysis.

2
6
Velv
Silver badge
Gimp

Re: NHS Digital

Just wait until the digital proctologist comes along...

4
0

Utah declares 'war on smut'

Velv
Silver badge
Joke

Self Removal

Surely all the state has to do is pass a law require transgender people to use their birth bathroom and the porn industry will remove its services from the people of the state ( see North Carolina)?

3
0

Brexit would pinch UK tech spend but the EU wouldn't care – survey

Velv
Silver badge
FAIL

Isn't there a blogger somewhere who specialises in publish pay-walled articles for everyone?

On second thoughts sounds like this ones not worth reading.

2
0

'GPS 2.0' outline calls for open, hackable, interfaces

Velv
Silver badge
Devil

And just how do Google (still) know where the wi-fi base stations are located...

1
0

Drive for Lyft or Uber in SF? Your wallet is about to get lighter

Velv
Silver badge

Re: But I thought...

Uber maintains the stance that drivers are "independent contractors" despite having lost a couple of cases over a few named "employees".

So while SF "can't have it both ways", neither can Uber, Lyft, or any other business

4
0

Met cops shop for £150m IT system. Must have: Data centre ops

Velv
Silver badge

Perhaps its because its not my area of expertise, but are there really COTS options available for operating a Police force?

There are some Operational Management tools out there for managing workloads and mobile workforces, but do they really meet the privacy, security, integrity and audit requirements of law enforcement and justice?

0
0

FBI, Apple continue cat-and-mouse game over iPhones in New York

Velv
Silver badge
Headmaster

Re: Pretty weak position for the FBI here

"...by shutting down DFU updates "

I think we should be careful about what we prescribe as the "fix" for the challenge. There are many good reasons why it might be necessary for Apple to assist a person to access the hardware and content using a particular technical method, e.g. a failed update, a company owned phone, the owner being deceased and the family rightfully requiring access.

The issue is not technical. The issue is the government demanding access to private information, and their right or not to make such demands. Technical workarounds will fail - if the government has the power, they will use it, and they will penalise anyone who obstructs them irrespective of reality. We need to make sure they never get the power.

2
0

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Velv
Silver badge
Headmaster

"no one is above the law"

But that doesn't mean you author utterly stupid and dangerous laws that no one should be above!!!

1
0

PayPal freezes 400-job expansion in North Carolina over bonkers religious freedom law

Velv
Silver badge
Mushroom

Re: Freedom

@Intractable Potshead

So you don't buy into that philosophy, that's cool.

Perhaps you think it's OK not to serve a disabled person, or an old person. Perhaps you think we should take the vote off the Blacks and the Women, because let's face it, they're not worth.

We've had this debate. Not treating people equally is discrimination. The Suffragets fought for equality and the sane people knew it was right. Martin Luther King fought and died for equality, and the sane people knew it was right. Discrimination and prejudice are wrong, and I stand by my statement - if you're not prepared to serve the public equally don't serve the public. I'm not asking you to like them, not liking your customers is a whole different issue.

1
0
Velv
Silver badge
FAIL

Re: Who are Americans?

All people everywhere gain their personal "standpoint" from the views presented by people around them. From their family, their peers, their social groups (including religious groups), TV, film, and sports and all the daily media. Some of those around them may present conflicting views and they make a choice of standpoint.

They don't inherit it genetically.

4
0
Velv
Silver badge

Re: Freedom

"The state can't force you to deal with folks you don't want to."

Well, yes, and no.

If you offer a service to the public, then you must offer that service to all of the public equally. If you are not prepared to offer your services on an equal basis then you should not be offering your services.

Simple. Equal individual rights. Dig?

16
0

Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?

Velv
Silver badge
FAIL

Re: Simpler yet - Just Encryt

D'oh!

Encryption is useless if an authorised and authenticated "user" accesses the data, and this is actually the more common route for data loss.

2
0
Velv
Silver badge
Headmaster

Drupal 7.23 had major issues and Drupal 7.32 was the fix.

OK, it's utter pedantry, but I do wish software authors would look carefully at the version numbers they release, and if the numbers are close (e.g. easily transposed like the above) then increment to another number to avoid potential confusion. This is not the only example I've seen recently where similar version numbers caused much head scratching.

2
0

Managing infrastructure, a newbie's guide: Simple stuff you need to know

Velv
Silver badge

4. Centralised Authentication

If you're in the UNIX world then learn this now - it's a skill that's missing in so many companies. Some places do this integration very well, but many others haven't got a clue, and as time moves on the requirement to use a Directory Service for authentication not just at OS but at application level is going to become much more fundamental.

Don't reinvent the wheel. Integrate with a proven directory service, and if your company already has Windows AD then leverage Windows AD as that directory - the Windows world has been doing this for 16 years now, and while it's far from perfect, it's extremely pervasive.

0
0

White House flushes away court-ordered decryption like it was a stinky dead goldfish

Velv
Silver badge
Holmes

Re: How far ?

I'm in no way suggesting this is anywhere near a reasonable justification for such legislation, but you've got to remember that most criminals are a bit thick, they'll use the standard features on their device, and law enforcement gaining access to the information will secure more convictions. I can therefore understand why some people think it's justified, however like you, I'd suggest any such legislation will just push the really dangerous criminals further underground.

0
0

We bet your firm doesn't stick to half of these 10 top IT admin tips

Velv
Silver badge
Headmaster

Re: 1) is a tad unrealistic

Agreed there are issues that can only be diagnosed under the users credentials.

But the policy will handle that. The user must remain present during the support service. They cannot be permitted to "just bugger off for coffee". Now I know it's difficult for the PFY in his second week to tell the senior manager they can't just leave their password behind or even just leave the computer logged on, but if the senior manager has signed up to the policy in the first place the company should be behind it and the PFY. It doesn't take long for the right culture to be the norm.

6
0
Velv
Silver badge
Facepalm

Re: encourage staff to challenge anyone who's not displaying their badge

Congratulations you've proven you're part of the problem and not part of the solution.

8
6

Security bods disclose lock bypass bug in iOS

Velv
Silver badge
Headmaster

"If there's a bypass that will grant access to data without entering the passcode, then the encryption isn't as strong as it's claimed to be, is it?"

Nothing wrong with the encryption. It's the authentication that is weak.

2
1

Contactless payments come to in-flight entertainment units

Velv
Silver badge
Joke

"in the event of the aircraft losing cabin pressure Oxygen masks are available from the ceiling by presenting your contactless card to the panel above your head"

4
0

'Devastating' bug pops secure doors at airports, hospitals

Velv
Silver badge
Boffin

Re: The service runs as root?

"The service runs as root? ... is just plain laziness..."

"If the input was sanitised, it wouldn't even matter that it was running as root"

Any single failure probably wouldn't be an issue, but this problem and more importantly the subsequent blindness in the comments just highlight that *ALL* areas of the system need to take responsibility for the security of the entire system. No piece can ever rely on security being provided by some other piece.

7
0

US government updates secure email guide for first time in a decade

Velv
Silver badge
Big Brother

Re: Oxymoron

the old comparison being "Military intelligence is to intelligence what military music is to music"

0
0

Bloaty banking app? There's a good chance it was written in Britain

Velv
Silver badge

Re: A few notes ....

"There a reason the worlds banks run on "old" technologies. Tried and tested for one. I'd rather go into space on a 50+ year old Soviet rocket, than the latest gee-whizz from anyone."

It's a balance between how proven the old and the new are. I'd rather go into space on this years model rocket if they've proven for a few months they can launch 10 a day than the 50 year old rocket that's only ever had 10 launched.

Banks are careful about the technology chosen, but as the proven technologies get older the number of experienced people in the world is actually falling.

0
1

Reddit's warrant canary shuffles off this mortal coil

Velv
Silver badge
Boffin

Reddit to be first prosecuted for breaching terms of the letter

Reddit have by removing the canary taken an action which tells everyone that a National Security Letter has been served, and that is likely in breach of the conditions of the letter.

It remains to be tested in court, but Reddit is high profile enough that I can see this being the first to be pushed by the government (I guess it depends on the content of the letter and when the relevant agency is willing to make the details public in court).

While the warrant canary is a nice idea, it's not as neat as people think.

0
2

iPad bricked by iOS 9.3? Don't worry, we'll get through this together

Velv
Silver badge

That being the route in the FBI would like to take.

0
0

Computers shouldn't smoke. Cigarettes aren't healthy for anyone

Velv
Silver badge
Boffin

Back in the days when you could smoke on aircraft the maintenance crews found the yellow staining a great indicator for finding the leaks in the pressure vessel.

7
0

MH-370 search loses sharpest-eyed robot deep beneath the waves

Velv
Silver badge

Re: Waste Of Time

Even if such satellites were operating over the ocean at the time, the data will probably have been dropped instantly.

They weren't looking for the plane, so the chances of catching the incident by accident are minuscule, and given the vastness of ocean with nothing happening there wouldn't be analysts wasting time to look for anything in the footage, so it would just get dumped.

4
0

Google to unleash Android Pay on UK shoppers within 'months'

Velv
Silver badge
Boffin

Re: I don't see any point to this

Can't speak for AndroidPay, but ApplePay tokenises the details from the App so that as they pass through the card machine and over the network they cannot be copied and used elsewhere.

If you just use your card (contactless or normal) then the card details can be stored or stolen and used elsewhere (and there are plenty of examples where this has happened with dodgy card machines and dodgy retailers).

0
0

Google gives away its internal $200 patch analysis tool for free

Velv
Silver badge
Boffin

Call me cynical, but one of the advantages of paid for tools is that there is a profit market for innovation and diversity. If all researchers use the same free tools they run the risk of making the same mistakes in their research.

OpenSSL was/is a great security library for developers. Open source is great because anyone can read the source code and find any bugs. It all fell down when it turned out nobody had read the source code and it had quite a serious bug.

0
0

Swede builds steam-powered Raspberry Pi. Nowhere to plug in micro-USB, then?

Velv
Silver badge
Coat

Steam Radio

Is the Pi running an Internet Radio Streaming app? Or should that be steaming app?

7
0

Forums