* Posts by Roland6

1725 posts • joined 23 Apr 2010

Sniffing and sharing Wi-Fi passwords? There's an app for that!

Roland6
Bronze badge

Re: er ...

Sounds like a good way to harvest e-mail addresses/phone numbers to me. Setup a rogue open access point with fake access page, save the submitted data.

Well unless things have massively changed, the web page login details for many hot spots were passed over an open WiFi connection, so you only needed a WiFi sniffer...

0
0

Carry On Computing: Ten stylish laptop bags for him

Roland6
Bronze badge

Re: The Targus CDB1-001 - Best Laptop bag ever!

"the main zip finally broke"

Those old Targus bags used to come with a 'lifetime' guarantee, suggest you drop Targus a line...

1
0

Never trust a developer who says 'I can fix this in a few minutes'

Roland6
Bronze badge

Re: Simple install.

Years back one of my client's had a developer "fix it on the fly" - no one could get the production system to work apart from the developers... After much investigation (we finally did a clean room build, because we couldn't gain access to a production system) it was discovered that the developers were simply replacing the production system with a copy of their development system (complete with dev tools) - which worked, but the developers had no clue as to why it worked (probably due to excessive use and abuse of root privileges and undocumented hacks)...

1
0
Roland6
Bronze badge

There was a contingency plan!

" why the PM had not just gone for a back-out when it went wrong? That would have restored service, albeit on the old version, well within the change window"

I've been on projects (and in the middle of one now) where the main supplier has no concept of contingency planning, believing the best way forward is to simply burn the bridges and fight the fires as they arise. Current project is just such as case, the system was supposed to go live 10 days ago, well parts of it did - sort of, however,the client's Finance Director is starting to get shouty, as still she is without a functioning accounts system, something the main supplier was supposed to have ensured would not happen...

3
0

A good effort, if a bit odd: Windows 10 IoT Core on Raspberry Pi 2

Roland6
Bronze badge

Re: http://www.computerconservationsociety.org/images/ict1301-1.jpg

There might be a connection between software bloat and the demise of paper tape & punched cards...

Can't help thinking that Win10 IoT is still very bloated at circa 800MB, given just how much WfWG 3.11 managed to do...

3
1

US plans to apply export controls to 0-days put out for comment

Roland6
Bronze badge

Re: Let me be the first:

"it will involve ITAR which allows for licenses to be had for a bit over $2k so the larger players won't have any problems but the odd independent hack is going to get tacked to the wall."

Suspect that non-US security companies, such as those HQ'd in former eastern Europe and Russia will have difficulty getting and retaining such licenses...

2
0

Why does Uber keep its drivers' pay so low? Ex-CFO: 'Cos we can'

Roland6
Bronze badge

Re: Ah, yes. "Capitalism"

why should the passenger care if their taxi is insured or not?

Well most passengers won't even think about insurance, until they need it...

However, because of the way Uber contracts with drivers, a business would be daft to use Uber as its preferred taxi company, because if your business arranges my taxi to the airport and it has an 'incident' and it is found not to have insurance etc., your company many find it has liabilities!

2
0

If IT isn’t careful, marketing will soon be telling us what to do

Roland6
Bronze badge

Re: IT could use marketing...

But in many companies they do! These people are called consultants!

Many companies tend to use consultants because they are from outside the organisation and hence are quasi- independent. Also unless IT is well funded, it tends not to have the additional resources needed to run new projects outside of "business as usual". (To use the example, you don't expect the toilet attendant to refurbish the toilets.)

The problem is that many non-IT business people think they can get the necessary advice etc. from the purveyors of bespoke systems rather than incurring the additional cost of getting their own (independent third-party) manpower in. The result is, as comment upon, the bespoke system vendor gets the customer (end user department) up and running with their application, but don't generally involve IT, as that is typically out-of-scope and plays havoc with the 'agile' delivery schedule...

1
0
Roland6
Bronze badge

Re: Huh?

And marketing and sales have been multichannel for a long-time...

Don't see what has suddenly changed.

1
0

Public cloud? Two vendors float on high, says Gartner

Roland6
Bronze badge

The 2015 magic quadrant can be found here: http://cloudcomputing.info/en/news/2015/05/gartner-releases-its-magic-quadrant-for-cloud-infrastructure-as-a-service-for-2015.html

As can the quadrants for 2013 & 2014.

To see the report currently you need to sign into Gartner...

What is interesting is seeing, what is effectively an off-shoot from an IT user organisation, being so far ahead of IT supplier organisations in the provision of IT cloud services.

1
0

EFF fears crims are getting smart to Superfish SSL flaws

Roland6
Bronze badge

Re: @mybackdoor

Yes Windows will flash a warning to the user about whether they really want to install a new certificate. However, for the vast majority of (non-IT) users they want the add-on, hence they will click 'OK' on the messages with little or no understanding of what exactly they were clicking 'OK' to. In fact I'll suggest that even IT literate users would have problems determining if a browser add-in did or didn't need to install a new certificate.

I can confirm that some supposedly IT literate users will tell users that certificate warnings are normal and just click ok... In fact they can go to the next step and tell the user to click the box "don't ask me again"...

0
0

Ofcom: Oi, BT! Don't be greedy – feed dark fibre to your rivals

Roland6
Bronze badge

Re: The other big issue about this is...

Another big issue is going to be end-to-end connectivity, as BT's dark fibre will be between BT premises and cabinets. Hence a third-party is probably going to have to use some creativity to adapt BT's network to their needs and may find that there is insufficient space capacity in parts of BT's network to enable them to build an end-to-end connection.

0
0
Roland6
Bronze badge

but why aren't 'the rivals' investing in dark fibre networks of their own

Answer: Time and money!

Building out a network requires capital upfront and then locks it up for the long-term - just ask: C&W, Interoute, Colt, Virgin Media, to name a few who have invested in infrastructure. However, being able to piggyback on someone else's network is significantly cheaper in CapEx terms, even if over the long-term it may have a higher OpEx.

0
0
Roland6
Bronze badge

Re: TalkTalk?

I don't know what to believe anymore.

Well it is a bit obvious, Talk Talk want infrastructure yesterday and if they can get someone else to do all the paperwork and legwork involved in physically laying cables so much the better for Talk Talk...

I will be interested to see what the other owners of major fibre infrastructures such as Vodafone (previously C&W), Interoute and Colt will say, as this proposal will impact their business'es.

0
0
Roland6
Bronze badge

Re: How does this affect investment decisions?

If any spare capacity that gets installed can be required to be sold at low cost to a competitor

I suspect you are jumping ahead of yourself. Firstly, Ofcom are talking specifically about "dark fibre" ie. fibre that is unlit and also unterminated(?). Spare capacity is something different, although dark fibre might be considered to be spare capacity. All BT have to do is to connect up their spare fibre to some live equipment and occasionally use it for something and it is no longer neither spare nor dark, it is just under utilised capacity.

0
0
Roland6
Bronze badge

Re: The other big issue about this is...

The other big issue about this is redundant routing of trunks, or the lack of.

Currently, it is relatively 'easy' to confirm that a circuit from BT takes a different duct route to one from another provider. I can see with this new directive in place, life will get a lot more difficult. And many companies will only discover they didn't have alternatively routed trunks when another Holborn happens...

0
0

IBM trades cold comfort for hot air in Microsoft-AWS slugfest

Roland6
Bronze badge

Re: Nonsense is Goodsense, I Guess...

> IBM doesn't make any money from the actual mainframe or storage

Agree, IBM's mainframe business is very much like Rolls Royce aero engines business: they don't sell engines any more, instead they sell service support contracts based around the usage of their engines...

I see no reason why IBM won't structure their cloud offering similarly.

0
0
Roland6
Bronze badge

Depends on where you want to be...

IBM sells a tiny number of mainframes - compared to WinTel servers, but it makes a large profit on this business. I suspect that IBM are wanting to establish a similar business in cloud, so let MS and AWS slug it out at the commodity end.

The only question is whether IBM can convince (enterprise) customers of the tangible added value of their cloud offering over commodity. But then I suspect neither Azure or AWS will let you run OS/390 applications...

4
0

BRAIN-SLURP case: Battery maker and Apple reach agreement

Roland6
Bronze badge

Re: Poached?

Well either there is something to this or it went something like this:

First person innocently accepted a job at company A, but as part of his discussions with his recruiter he mentioned the names of a couple of his colleagues, who he thought were good. These then got approached and also innocently accepted a job at company A. People start to leave and suddenly company B notices that most of the team working on some product have moved to the same company...

I had a similar experience at one time joining another company and over the following few months bumping into "ex-colleagues" who had similarly jumped ship. The slightly irritating thing was because we all did it without talking to each other, we missed out on the rather generous recommend a colleague/friend recruitment bonus...

0
0

Time to get your babble on: Microsoft opens Skype Translator Preview to all comers

Roland6
Bronze badge

@Credas

I try to avoid idiomatic language when talking to a non-native English speaker anyway in order to make understanding as easy as possible, so I don't think it's unreasonable or a hardship to do the same when dealing with translation software.

Whilst that is not unreasonable when you are expecting the recipient to have to translate what it is you are saying. The real problem is taking something that the originator expected the recipient to be able to read in its original language and understand its contextual and cultural references.

Note this doesn't just apply to say English - Chinese translations, but also to say Middle English (used by Chaucer) - English. One of the interesting aspects of Wikipedia is the number of articles covering various common phrases eg. "Hoist with his own petar" Shakespear. (Yes he does use 'petar' and not 'petard').

0
0

Forced sale of Openreach division would put BT broadband investment at risk, says CEO

Roland6
Bronze badge

Re: If the board of BT plc won't invest in a demerged Openreach....

>For another example of how hard it is to get investment and make a profit look at VM.

If memory serves me correctly Richard Branson sold VM the year it declared it's first profit...

0
0

Don't panic as Server 2003 rushes towards end of life

Roland6
Bronze badge

Re: It's time

It's also time to create that final set of VM's for XP Pro x64, given the joint heritage.

0
0

Security bods gagged using DMCA on eve of wireless key vuln reveal

Roland6
Bronze badge

Re: A few points

"When did IOActive formally advise the vendor of the flaw

Given the way many companies make formal announcements through the media, I think IOActive announcing the flaw to the trade press can be argued to be a formal advisory, unless the vendor can show the existence of a contract and hence demonstrate breech of contract... Perhaps IOActive's mistake was to not test a couple of other similar devices and post the combined results as a 'review'.

2
0

Good luck displacing Windows 7, Microsoft, it's still growing

Roland6
Bronze badge

Re: 2nd User Systems

>And what's the licencing situation on that?

As long as it has a COA on it then you can install any version of Windows the COA permits. However, because MS don't get any revenue, they've deliberately made it difficult for OEM's to sell Windows reinstall media when not supplied with the original system. Likewise becasue they got no revenue from the second user market, they introduced the MAR programme to make it difficult for refurbisher's to refurbish systems that had a totally valid COA attached.

Once Windows is installed and using the correct OEM key (as per the OEM given on the COA), MS are going to be hard pushed trying to prove the system isn't legal!

0
0

Bigfoot now visible in commercial satellite images

Roland6
Bronze badge

Re: Just an update would be nice on Google maps

> The aerial photos of my local town centre on Google maps are over 10 years old

I'm wondering when Google will launch a google maps with historical satellite/aerial overlays.

0
0

Tesla Powerwall: not much cheaper and also a bit wimpier than existing batteries

Roland6
Bronze badge

Re: Could work for me

I would also look at putting a "soft start" power supply on my fridge,

I had one of those things back in the early 90's, it worked really well on the basic fridge/freezers, but as soon as they introduced electronic control panels... Basically, most modern fridge/freezers with electronic control panels already include "soft start" as it helps them with their energy efficiency rating...

1
0

New Windows 10 will STAGGER to its feet, says Microsoft OS veep

Roland6
Bronze badge

Re: Tech enthusiast, not necessarily IT.

>Windows 1.0 was text based

I think that is what would be called functional minimalism today... It would probably present a challenge to those who've grown up on 'txtspeak' and icon driven UI's...

0
0
Roland6
Bronze badge

“We are still working on the specifics of how they will get presented the upgrade offer,”

Lets hope they don't use Windows Update, and foist Win 10 on those who 'naively' accepted MS's claim that having Windows updates automatically installed made their system more secure.

4
0
Roland6
Bronze badge

Re: Why bother upgrading from Windows 7?

Actually ever since Vista the horsepower required to run each successive Windows version has gone down!

I doubt I will be able to dust down an ancient XP box (circa 2001) and install Win 10 on it and expect any meaningful performance (by today's standards)...

3
0

Why should I learn by ORAL tradition? Where's the DOCUMENTATION?

Roland6
Bronze badge

Re: The only thing better than a weird CMS ...

That's why I tend to stick with Open Source projects now.

The trouble is that open source also suffers from lack of end user documentation and training materials... Yes having access to source code may make it more developer and tech support friendly, but does very little to help users get to grips with how to use it.

Back in the 80's one of the surprises was that something as poorly documented as Unix was then, managed to make such a big impact when proprietary OS's such as VMS were so much better documented...

One of the joy's of MS Word, Excel and then Office was that back in the 80's and 90's it came with a solid set of documentation - that was largely accurate! Then MS decided not to ship documentation, leaving it to people to purchase books from the Microsoft Press, which in turn seems to have given way to books from third-party authors and websites/forums.

Obviously, with enterprise software a set of manuals may get delivered to IT support, but everyone else either gets a training course and documentation consisting of a bunch of slidesets, or as Alistair observes, from collegues. Whilst there is nothing wrong with learning from colleagues and it is to be recommended, there is a need to underpin this with access to training courses and reference documentation, the catch is that many enterprises overlook the formal training requirement and assume that people will simply learn the new system: how much training did the typical enterprise do when they deployed new versions of Windows and MS Office?

6
0
Roland6
Bronze badge

Re: Sorry if it's an obvious question, but...

It isn't just in-house systems that suffer from this... Remember the launch of Windows 8... which in turn was just following the tradition of modern end user software that no one read the manual, so why supply a manual as the software should be intuitive; but what everyone forget is that Accounts software, for example, is only intuitive to those who know about Accounts...

2
0

Boeing 787 software bug can shut down planes' generators IN FLIGHT

Roland6
Bronze badge

Re: "Cold starting an airliner is a long-drawn out process."

In every other industry, power cycling software is known to be a good thing

Well yes and no, having worked on safety critical systems in the past, one of the challenges was the system was expected to be up and running for the full duration of it's operational life: 20 plus years! However, due to power outages, I doubt any of the systems we actually deployed into the field actually lasted more than a few years without getting an unplanned hard reset. Given the absence of press reports over the last 30 years, whatever faults these systems may have had, I can be reasonable sure that no lives were endangered or lost as a result of system failure...

3
0
Roland6
Bronze badge

Re: Patriot and requirements

Re: Clock accuracy and stability.

I think part of the problem is that we have got used to the pace of technology evolution where most things are over specified and over engineered for the job - eg. a light bulb with a full computer on-board just so that the light can be controlled over the Internet from a browser app. Hence we simply take things off-the-shelf, thinking that they are largely the same. So it would not of surprised me that the requirements omitted key details because they were regarded as unnecessary pedantic detail.

So in the case of Patriot (based on the information in your comment), it would not surprise me to find that there were no explicit clock accuracy and stability requirements, only the requirement for rapid deployment. Hence leaving the door open to the use of lower accuracy (but probably more robust) clock components.

So yes I would agree the failing at Boeing may well be traced back to the requirements and the lack of design authorities obsessing over details. Lets hope findings get published...

0
0
Roland6
Bronze badge

Re: "249 days is a long-time to have something on continuous test. "

We don't yet know *exactly* what happened. I'll be interested to see how it could have been avoided. But I'll be astounded if it genuinely only shows up after 249 days and couldn't have been foreseen and therefore prevented at design/code/test time.

Following the discussion about "Fail Safe" and the little information released it does seem that insufficient consideration was given to just what was the right fail safe mode for a GCU to go into.

0
0
Roland6
Bronze badge

Re: All depends what 'shutdown' means?

+1 for the EE Times article, a good update on the various "car accelerated without warning" incidents that have been reported over several decades.

3
0
Roland6
Bronze badge

Re: Common Millisecond Counter Issue

>Now readers need to think about why the GCU suppliers didn't spot (and didn't properly handle) a predictable integer overflow condition.

Well, there are several reasons why this may not have been spotted. Firstly, 249 days is a long-time to have something on continuous test. Secondly, given the fun and games you can have with ASM and 'C', there is no reason to suppose that the actual counter was not declared as unsigned and that only a single test and hence a single conditional ASM instruction, treated the counter as signed.

Also from memory the x86 instruction set for example, doesn't make a big difference between the Jump conditional (unsigned) and Jump conditional (signed) variants and hence unless you are paying real attention to the code you are reading, this is easily missed.

1
0
Roland6
Bronze badge

Re: So...

I guessing the solution is to disconnect the batteries and ground power every 247 days.

The directive requires operators to perform and electrical power deactivation at intervals not to exceed 120 days. So it would seem that it is typical that planes are not routinely electrically power deactivated.

It would be interesting to know how Boeing discovered this fault, I suspect it may have arisen from a review of reliability/fault data and someone spotting a common theme...

4
0

Intel has ambitions to turn modems into virtual servers and reinvent broadband

Roland6
Bronze badge

Re: For everyone wearing tin hats

Well this is what was possible in 2012:

http://www.theregister.co.uk/2013/03/19/carna_botnet_ipv4_internet_map/

Just think what can be run on a fully fledged server that will most probably also be part of the dark web, so invisible to AV et al...

1
0

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs

Roland6
Bronze badge

Re: the administrator for your granny's laptop

If a person doesn't know enough to turn this feature off, there is a fair chance they would be better off inside the walls.

Actually, given what I've seen over the years, the issue isn't so much about a person not knowing enough to know how to turn something off, but not knowing/appreciating why it was on in the first place and modifying their behaviour accordingly.

With Windows we've seen this in spades as many users default to using as their normal account, one with 'admin' privileges enabled by default...

Walled gardens suit some people just fine.

Agree, I live with the iStore walled garden that limits what app's I can load on my iPad, so I also have an Android device which permits me to step outside of the walled garden as and when I find it necessary (just a shame it doesn't also let me have root access on the same terms).

As for your toaster, kettle etc. the extent to which these have become a walled garden has probably past people by: Putting aside costs, if the appliance fails it is unlikely that it can be repaired.

0
0
Roland6
Bronze badge

Re: But what about... @h4rm0ny

>>" And if a user can't manage that then they're exactly the sort of person who shouldn't be turning it off anyway."

That was the reason why I was suggesting that MS would enable this as default on Home/Consumer systems. The article and discussion was assuming that MS would ship Device Guard disabled across the range, so only knowledgeable users would enable it, but that sort of defeats the primary objective of making Windows more secure/safe for normal users...

But then they've kept EMET out of Windows because it could cause badly written programmes to crash...

My objection was that I would hope MS will permit me to turn this off and not to automatically red flag the security status of my machine in the system tray because of this.

0
0
Roland6
Bronze badge

Re: FOSS is the Devil in the Microsoft World

I don't see why Microsoft wouldn't implement a similar function.

Suspect they will, only it will be via a registry key for which there is no public documentation.

Which means because this function will be enabled/disabled via the Windows Administrator rather than in the BIOS etc. we have already identified the weak point in Device Guard's security...

1
2
Roland6
Bronze badge

Re: the administrator for your granny's laptop

Trouble is that as the administrator for my granny's PC, I've already given her a limited user account. So I get calls asking to do SysAdmin tasks when either they want some things installed or something else needs updating and the updater needs admin privileges... So don't see this really saving much.

Basically, what this does is to force users to get all Windows applications and updates from the MS Store; and we all know the delights of walled gardens...

7
0
Roland6
Bronze badge

Building EMET into Windows would actually be doing something useful - it would improve Windows and permit EMET to run at a much higher security level than it does as a user space add-on!

1
0
Roland6
Bronze badge

Re: But what about...

Device Guard, when enabled by an administrator...

Expect that to be implemented as enabled by default on home/consumer rated OEM installs and disabled by default only on volume licence distributions.

Also we can expect Windows Security to permanently flag the PC as being insecure, just because you've disabled this 'security' feature, thereby masking all other security events... You can see this at with XP, simply enable/disable the option to automatically check for Windows updates and see Windows XP go from being secure to being insecure!

6
2

UK rail signals could be hacked to cause crashes, claims prof

Roland6
Bronze badge

Needs a sense of proportion

And on his regular visits to Cranfield, Prof Stupples gets off the train at Milton Keynes Central and hops into a waiting Google driverless car for the cross town journey to Cranfield...

0
0

Microsoft to offer special Surface 3 for schools

Roland6
Bronze badge

Re: Back in my day...

Don't knock the slide rule! it is a very good tool and performs it's function very well. Additionally it does help to reinforce certain relationships between numbers, as it uses them in a very practical way.

1
0
Roland6
Bronze badge

Re: Cloud? @dogged

>>"because schools have to account for kids who don't have the Intarwebz or even the Why Fies at home."

Not a problem! Just start from that assumption - the school my daughter attends did and it hasn't prevented them being consistently listed in the top 20 UK state schools. Also this stance hasn't prevented then from making full use of VLE, email etc. Yes having Internet access at home is a bonus, particularly gaining access to parental parts of the school's website, but you can manage without it.

1
0

Evil Wi-Fi kills iPhones, iPods in range – 'No iOS Zone' SSL bug revealed

Roland6
Bronze badge

Re: Force connection?

I may have missed it in the PDF, but how exactly do you force a device to connect a network?

In the iOS WiFi settings there is an option "Ask to Join Networks". If this is not enabled then the device will attempt to connect to any known network AND available open networks. Enable it and your device will only automatically connect to known networks.

However, there is one obvious loop-hole namely public hotspot SSIDs, which many users will have listed as known networks, these are obviously easy to find and hence be impersonated. Because the connection is done quietly, a user may be unaware their pocketed device has connected to "Starbucks" as you entered MCDonalds...

Additionally, there is the unknown as how iOS handles hidden SSID's. I would of hoped in iOS 8 that Apple has effectively disabled support for this pointless mode of operation and hence the device doesn't periodically broadcast known SSID's in a vain attempt to find a network. As this broadcasting of SSID's enables the use of tools that simply takes the SSID a device is looking for and create an instant access point for that network!

5
1

Ad-blocking is LEGAL: German court says Ja to browser filters

Roland6
Bronze badge

Re: Except, it did not

And there are several processes still running against Eyeo, which could still find itself outlawed and bankrupted in any of them.

Should prove interesting given ABP is GPLv3 open source...

Although I note that donations/contributions are paid directly to Eyeo rather than a not-for-profit intermediary.

0
0

Met Police puts iPads, Windows and Android mobes on trial

Roland6
Bronze badge

Re: Get 'em a decent case!

Don't you mean: Get 'em a decent USE CASE!

Personally, if the device can't be used one handed, whilst walking down the street and the display isn't readily readable in sunlight and at night, then it's an instant fail.

So that is probably an e-ink Android tablet with reading light, something like www.meetearl.com , shame it's yet to reach production.

0
0

Forums