* Posts by Ken Hagan

4707 posts • joined 14 Jun 2007

Google tells iOS 9 app devs: Switch off HTTPS if you want that sweet sweet ad money from us

Ken Hagan
Gold badge

Sadly that won't happen. What *will* happen is that advertisers (not programmers) will make the switch because advertisers will notice that they aren't reaching the audience that kept HTTPS on and so they'll upgrade their content delivery.

This isn't Google's problem. This is the advertisers problem, and the fix is easy.

3
0

Legal eagles accuse Labour of data law breach over party purge

Ken Hagan
Gold badge

Re: I do wonder...

I did read a column somewhere last week where someone claimed he'd been rejected because he (well, actually some family pet) wasn't on the electoral roll, so it looks like they are using that as a first sweep.

0
0

French woman gets €800 a month for electromagnetic-field 'disability'

Ken Hagan
Gold badge

"It is notable that nobody has these illnesses in countries without a welfare system."

I don't think that statement is encumbered with the overwhelming burden of proof that you mentioned earlier.

Also, the judge appeared to be of the opinion that her illness had been diagnosed by a doctor, but not explained or treatable, so by your logic anyone suffering from a poorly understood and incurable disease should be left to fend for themselves.

4
0
Ken Hagan
Gold badge

Re: inverse square law and all that

"I get my TV from satellite transmission. If it can reliably get a signal to my satellite dish, then I do believe that my body is also "receiving" the signal."

True, but the only reason your satellite dish can pull the signal out of the noise is by restricting itself to an impressively narrow band of the spectrum. It is "unlikely" that any part of your body is as well tuned to any frequency as the satellite dish. For any reasonable width of spectrum there's probably much more EM noise coming from the Sun than the satellite.

1
0
Ken Hagan
Gold badge

Sufficiently powerful antennae can (in operation) generate enough power to light a fluorescent tube and phones use frequencies not terribly different from a microwave oven. Given the inverse square law, someone who works with the transmitters on a daily basis is probably exposed to a thousand times the radiation of someone living underneath the antenna. I am willing to believe that they may *eventually* cook their testicles.

3
2
Ken Hagan
Gold badge

Re: Despite dispute over the very existence of the syndrome

John: I suspect that this is just poor phrasing. If Mage had said "imagined" rather than "imaginary" then that would have been clearer that the *cause* is not real rather than the symptoms. (The placebo effect is perfectly real, to give a related example.) As you say, since the symptoms are real, we ought to deal with them.

Picking up on your example with wasps, you don't even need the wasp. Most people can be adequately freaked out by a loud buzzing sound behind their neck and the people standing in front of them saying "Wasp!". To get from there to electrosensitivity one only needs to slowly crank up the implausibility of the cause and the severity of the symptoms. Both can be done on a sliding scale and there's no objectively right place to draw the line.

8
0
Ken Hagan
Gold badge

Re: It must be spent

A suitably tuned aerial would presumably do the trick. One can reasonably say that it absorbs radiation at the offending frequencies from the environment (and sinks the energy into a resistor). If we are talking about the frequencies used by modern gizmos, the "EM sponge" would be fairly small and therefore wearable.

Psychiatric treatment would consist of demonstrating said equipment in a proper lab and proving that it actually works. Then you sit back and let the placebo effect work its magic.

14
0

The most tragic thing about the Ashley Madison hack? It was really 1% actual women

Ken Hagan
Gold badge

Well f*ck me! (or not, it would appear)

So we have a service whereby you can add some woman's email address to a big list of adulterers and it doesn't cost you anything, but obviously *she* will get the "welcome" email and it will go straight in her spam folder and there's no way for the original perpetrator to ever use the account so it lies idle.

I am not in the least bit surprised that this happened several million times. Nor am I surprised that AM made no attempt to remove these accounts from their membership statistics.

I am, however, puzzled that anyone ever thought this was a suitable website to give their credit card details to.

3
0

More deaths linked to Ashley Madison hack as scammers move in

Ken Hagan
Gold badge

Re: Insane

"And procreate!"

Relax. They're Ashley Madison users, so they aren't actually *meeting* the opposite sex.

1
0
Ken Hagan
Gold badge
Coat

Re: Suicide rates

"Give them time, still early days."

The phrase "suicide rate" already factors in the passage of time.

1
0
Ken Hagan
Gold badge

Re: Cat factor

"Hope you have never purchased anything on a credit card you wouldn't mind telling your Mom or Boss in detail about. "

You may not be able to believe this, but *lots* of people go through life on the assumption that everything they do will come out in the end. For centuries, mainstream religious belief taught *exactly* that. Nowadays we are too sophisticated to believe in God, but we appear to be using the internet as a replacement.

Of course, throughout the same centuries, there were always those who appear to believe that retribution and come-uppance was for other people. History isn't generally kind to them, but they certainly existed, so I'm not surprised that AM had such a following.

2
1

FBI probed SciFi author Ray Bradbury for plot to glum-down America

Ken Hagan
Gold badge

Re: Time on their hands

No need to be desperate. If you are even close to being part of the intelligence community, everything you do can be wrapped in secrecy (so you can get away with anything, or nothing) and if someone *does* call you out for being an oxygen thief then you can resort to plan B which is to accuse them of being un-patriotic, or working for the enemy, or soft on crime, or ... well, it hardly matters because everything you might use to judge the accuracy of the accusation turns out to be secret. ("Trust us, our anti-terrorism squads have saved thousands. No, we can't tell you any more than that, just thousands.")

Keeping secrets has two costs. There's the explicit cost of whatever infrastructure you use to guard your secrets, and then there's the hidden cost of all the incompetence and waste that is never addressed. I suspect that the latter usually outweighs the former, which is why secrecy is something that a state should minimise.

20
0

Second Ashley Madison dump prompts more inside-job speculation

Ken Hagan
Gold badge

Re: Really?

"But will they survive people knowing they had fewer than 10% female membership?"

There's a story in the Telegraph today alleging that some of the female membership was faked, and so the true stats are even more one-sided. Of course, right now you can make up almost anything you like about AM and the mud will stick.

Edit: Fruit and Nutcase posted a link (below) whilst I was writing the above!

10
0

Win8 inventory glut? Yep, it's all Microsoft's fault, says HP

Ken Hagan
Gold badge

Re: Now's the best time to buy HP

If you've already got Win8.1, Win10 is such a tiny change that you might as well treat it as a service pack. (If you've got a Win7 box that you like, I'll concede that you might reasonably decide to stick with it.)

4
7

Microsoft drops rush Internet Explorer fix for remote code exec hole

Ken Hagan
Gold badge

Re: Paranoia speaks:

"I wonder why"

Microsoft's KB article says "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory." so it is probably something like a use-after-free.

If this was in the back-compat cruft then it would be removed when that cruft was deleted from the IE codebase to make the first version of Edge. At the time, they needn't have been aware that the bug existed, or that they'd just removed it.

0
0

Microsoft will explain only 'significant' Windows 10 updates

Ken Hagan
Gold badge

Re: If

I think the last 30 years or so have demonstrated that mass-market success is obtained by cutting corners and reaching market with something sexy before the quality implementations turn up (and thereby ensuring that the quality version never catches on). As long as "testing" actually costs time and money, there will be an incentive to "optimise" the amount of testing you actually do.

This doesn't meaning that a software version of Gresham's Law is inevitable, but it certainly makes it harder for quality to win.

On the other hand, for many popular application classes, like email, browser, office suite and OS, we pretty much *have* that features that most people want and so it ought to be possible for vendors to offer just that feature set and compete on quality.

4
0
Ken Hagan
Gold badge

IMHO, most open source code is also below a quality level that I'd want my name against, but clearly that's just me since the actual authors chose to publish.

MSDN samples are generally pretty poor quality. MS defend that by noting that they are intended to illustrate a particular API and so often omit error checking or don't handle general cases. On the other hand, they know full well that these samples are cut-n-pasted and end up unmodified in real apps. Perhaps this is why so many MS technologies wither on the vine. They launch the API with such poor quality samples that the API can't evolve without triggering loads of backwards compatibility issues (and so it never evolves).

7
0
Ken Hagan
Gold badge

Trust nothing? Too late for that!

"To your correspondent's mind, Microsoft's stance flies in the face of years of sensible security advice to trust nothing. Asking users to just swallow Windows 10 updates is very hard to consider as best practice."

The moment you decided to run Windows, you trusted Microsoft with total control of your PC.

Sure, you will find cases where an update borks something you were rather fond of, such as the ability to run your workloads, but that *is* (tin-foil hats notwithstanding) accidental and the vast majority of updates *do* protect your machine against attacks (that are, these days, often reverse engineered from the published patches).

If you have to time and energy to deploy patches on a test system to check for accidental damage, feel free to do so. But refusing to install a patch just because MS didn't publish a KB article about it makes no sense when you happily installed the entire OS without any end-user documentation (let alone source) at all.

6
5

Yet another Android app security bug: This time 'everything is affected'

Ken Hagan
Gold badge

Re: It's a Cluster F**K !

I suspect that "Mongolian" or a "Mongolian horde" will pass through censorbots more easily.

0
0

Linux boss Torvalds: Don't talk to me about containers and other buzzwords

Ken Hagan
Gold badge

Re: This seems a very level-headed and straight forward discussion

In the last week or so we've discovered that the x86 chips aren't (or weren't for a long time) actually as hard as we'd hoped, so depending on what you mean by "truly" hardened I'd say that no OS running on commodity hardware can be truly hardened.

That doesn't mean we can't do a lot better than several popular OSes currently do.

5
0

The Ashley Madison files – are people really this stupid?

Ken Hagan
Gold badge

Re: Just like Fight Club

Yes, which is why you can toss anything from gmail or yahoo (that isn't a white-listed friend) straight into the spam bucket. It always amazes me that anyone is willing to use such tarnished brands as their online persona.

1
2
Ken Hagan
Gold badge

Re: Framed?

The numbers would certainly suggest so, unless you reckon that a sizable portion of the male population is sexually desparate. Also, since it appears that AM were charging a monthly fee to even be on the list, they must have been raking it in if these were regular customers, so one suspects that most of the addys were defunct -- and quite possibly always had been.

2
0
Ken Hagan
Gold badge

Re: "The Ashley Madison files – are people really this stupid?"

"I wonder if the site's owners can be sued by people whose names showed up in the database but who never actually registered but rather who were registered by someone else using their name and email."

If, as claimed, the email addresses were not validated, then there may be no actual evidence that the people concerned had anything to do with the site. Given the notoriously long arm of UK libel law, and given the widespread assumption amongst the general public that "if you're on the list then you're guilty" then I'd be careful about claiming that anyone was on the list.

6
0

Why do driverless car makers have this insatiable need for speed?

Ken Hagan
Gold badge

Re: Priced into oblivion

"I also wonder what this will do to rates of alcoholism, when there will be little incentive not to drink any more?"

Too right! I mean, where's the incentive in "not dying of liver failure at 40"? Still, at least with driverless cars these drunks will only be removing their own genes from the pool, rather than taking a few others with them.

1
0
Ken Hagan
Gold badge

Ah! Page three of the comments and finally we have someone commenting on the actual article.

Another point to be made against the thesis is that where cloud and road disagree, the road takes precedence. That is, I (and my lawyer) don't give a flying fuck how up-to-date your cloud database is or how many vehicles are feeding results into it. If you are driving on a public road, what matters is what is, or isn't, on that public road at the time. You need to point your eyes/cameras outward and interpret what you see.

(As is already the case today, a cloud database might allow you to choose a better route, but that has nothing to do with the safety of the vehicle. Conversely, and not the case today, a driverless car might be able to use alternative sensors (like radar) to increase safety, but the data processing for that is all internal to the car.)

1
0

Preserve the concinnity of English, caterwauls American university

Ken Hagan
Gold badge

Re: Too obscure

"Around the time of Shakespeare, there was a whole slew of words called "inkhorn" words that were coined which quickly died out; I don't think they're worth reviving."

'Twas ever thus. A year or two back we had whole newspaper articles about "omnishambles", but where is it now?

0
0
Ken Hagan
Gold badge

Re: funny

"English has pursued other languages down alleyways to beat them unconscious and riffle their pockets for new vocabulary."

And the best bit is that once we've finished pronouncing them, the original languages don't want them back. :)

0
0
Ken Hagan
Gold badge

Re: I'm perturbed

Perturbate is like masturb. The real verb is slightly different in both cases, but you need to be an etymologist to know (or care) why.

0
0

Android apps are flooding on to jailbroken Win10 phones

Ken Hagan
Gold badge

"Not by selling phones, that's for sure!"

I wouldn't be so sure. If the next generation of Windows phones can make a decent fist of running all your favourite Android apps, you might *prefer* to buy a Windows phone over a "real" Android phone because the former has an update system that allows the OS vendor to patch security problems. The news over the last month suggests that Google do *not* have such a mechanism for the majority of Android devices, even including some of their own ones.

Of course, choosing Microsoft on security grounds might just prove too insanely ironic for some geeks.

21
4

Testing times as NASA rattles Mississippi with mighty motor burn

Ken Hagan
Gold badge

Re: OK so how fast

"Imagine being strapped to the top of the biggest firework man ever built, they lit the blue touch paper, and then watched from the safety of their bunkers...."

Ah, bunkers. That's yet another thing they learned the hard way. The Apollo 4 launch was so loud it damaged the press building about a mile(?) away. Later Apollos had some sort of sound suppressors.

https://www.youtube.com/watch?v=1uoVfZpx5dY

0
0
Ken Hagan
Gold badge

Re: OK so how fast

Oh, and the 0-60 time for the Saturn V is apparently 4.5 seconds.

And that's straight upwards. It would be about half that on the level. No brakes, though. Enjoy.

4
0
Ken Hagan
Gold badge

Re: OK so how fast

Wikipedia has the numbers for a Saturn V ( https://en.wikipedia.org/wiki/Saturn_V ). There's a rather nice graph of g-force against time and (a real gem here) the text notes that they actually had to *turn off* one of the 1st stage engines in-flight to avoid squishing the payload. :)

Apollo was abso-fucking-lutely awesome.

4
0
Ken Hagan
Gold badge

Re: new technology...

True, (or close enough: v = root(2*20*2000) = root(80000) so maybe you need nearer 3km or 3g) but Mach 1 is about 4% of the momentum you need and consequently about 0.16% of the kinetic energy.

Exercises for the reader: Is it true that if Earth was a bit larger, it would be flat-out impossible for any self-contained chemical rocket to get to low orbit? If so, is that another term for the Drake equation that is usually left out?

2
0

Mozilla testing very private browsing mode

Ken Hagan
Gold badge

Back to the Future: Ads without tracking

I'm sure that, once upon a time, advertisers just put ads on pages. Everyone who viewed the page got the same ad. Advertisers had to decide which pages were most likely to be viewed by their target audience.

This worked.

Sure it was *less* effective than planting a zillion cookies and then delivering a different ad to every person who views a page, based on their entire browsing history, current location (GPS says "bog", send some porn) and credit rating. But we tolerated it. Ad-blockers only really became mainstream when advertisers became indistinguishable from aliens with anal probes.

23
0

Ofcom coverage map: 7/10 – must try harder next time

Ken Hagan
Gold badge

Re: You cannot be serious...

I can help with my house, too, and between myself and my various friends and relatives we've tried all the networks. The signal out in the street is OK. Indoors, downstairs is a black hole. Upstairs has a couple of places near windows where you can pick something up. The house is 1970s brick construction just outside Cambridge (in one of the areas marked "OK" on the map in the article), not some Aberdonian granite castle with walls three feet thick.

Fortunately, mobile phones now have apps that let you piggy-back on the domestic wifi. Hurrah for land-lines!

0
0

Apple's AirDrop abused by 'cyber-flashing' London train perv

Ken Hagan
Gold badge

Re: Personal responsibility?

"its upto the user to take responsibility for securing the device."

I'm not aware of a phone OS that lets you control the security of the device. They are all basically walled gardens for letting the vendor shovel content at you or sell your privacy to advertisers.

In this case, Apple are off the hook as soon as they provide a documented and supported way for customers to root the device. Until then, Apple are the responsible party and have clearly failed in this case.

4
0
Ken Hagan
Gold badge

Re: Violated from looking at a dick pic?

I dunno. If I had someone sitting next to me and a dick pic appeared on my phone screen, I'd be more than a bit miffed that the person sitting next to me now thinks I'm surfing porn on my phone in a public place.

Violated? It may not be exactly the right word but it certainly captures the strength of feeling.

9
0

Two weeks of Windows 10: Just how is Microsoft doing?

Ken Hagan
Gold badge

That privacy option...

"No security-conscious business will allow this, so why does Microsoft not want to get feedback from these customers?"

Unless there is a way via Group Policy to override dumb users just clicking on the "OK" button, MS will get plenty of feedback from business customers. Any business dumb enough to upgrade their staff to Win10 in the first month or two is going to have all its employees all steamed up and *more* than willing to spend their lunch-break venting their spleen at the new OS.

Whether MS *want* this feedback is another matter. Win10, like Win8, appears to have been driven by feedback that was overwhelmingly from teenagers who don't have to get a job done with "legacy" apps.

25
0

CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS

Ken Hagan
Gold badge

"The BIOS delivered PE code is not countersigned by Microsoft."

That would appear to imply that MS have not implemented the boot-time kernel signing requirement properly.

2
1
Ken Hagan
Gold badge

Re: Did I hear someone say...

I don't think you did, so I'll say it for you.

For many users, the smart way to use a computer now is to install Linux on the bare metal and run Windows in a VM. Modern CPUs make virtualisation quite efficient, so you won't notice the performance hit. All your USB devices will continue to work, because virtualising USB is pretty easy. The more paranoid viruses will detect the VM and try a different victim. (You have the option of doing your browsing and email on Linux anyway.) Backing up your entire Windows configuration is as simple as copying the system drive image. Windows will sit upon a limited and old-fashioned (virtual) BIOS rather than this modern compromised rubbish.

I accept that this won't appeal to gamers or to the average user who would struggle to set up such a system. However, it makes a lot of sense for corporate systems, where neither objection is valid.

9
0
Ken Hagan
Gold badge

Re: The Redmond giant was not available for immediate comment.

Well that's fine but Fort Meade's mission statement is supposed to include protecting US citizens from external threats. Providing the Chinese with a digitally signed rootkit installer would appear to be difficult to reconcile with that objective.

7
0

Malvertising set to wreak one BEELLION dollars in damage this year

Ken Hagan
Gold badge

That JIT trick

How does that work then? At some point, you have to assemble the finished product and at that point the AV software either recognises it or doesn't. If you'd downloaded it as a single entity then the same applies, either the AV software recognises it or it doesn't. Also, the PC is owned at the point where the bad guys have a command shell, so the rest of the diagram is just fluffery.

This sounds to me like an attempt to persuade the naive that there is a new kind of threat out there that requires the spending of fresh protection money.

0
0

Police use RIFLE AND TASER to relieve man of iPhone case

Ken Hagan
Gold badge

That was certainly true in the UK a few decades ago, but the assumption then would have been that the realistic firearm in the hands of a small child was a fake. If you can't make that assumption then you probably don't allow the sale of such toys.

12
0

ICANN chairman loses mind over his domain-name privacy shakeup

Ken Hagan
Gold badge
Paris Hilton

Re: You beat me to it

Actually Paris H. isn't such a bad idea. The role requires zero technical competence, since (as noted nearby) the rules could be automated. All that is required is someone to arbitrate on debatable issues. Paris H. has plenty of her own cash and (if certain videos are to be believed) would be quite hard to blackmail or bully. She doesn't give a shit about the various people who would want to influence her decisions.

0
0

Ubuntu phone on sale to world+dog ... but will it work on your network?

Ken Hagan
Gold badge

I don't think it is a matter of belief -- more a question of definitions. Canonical's own description of scopes (http://www.ubuntu.com/phone/features) makes it perfectly clear that they are a way of shovelling content in the direction of the consumer. If your notion of "app" has withered so far over the last couple of decades that you cannot conceive of a computer used being anything more than a dribbling lard-bucket squinting at a poxy screen and thinking they are cool, then scopes do indeed replace apps.

1
0
Ken Hagan
Gold badge

AC: I'm confused, too. How can this be Ubuntu on a phone and yet "In May, the development team said there were "no plans" to release new devices based on Ubuntu 15.10 "Wily Werewolf," the upcoming version that's expected to ship in October.".

If you can't upgrade to Willy, er, Wily then it is just another walled-garden built on a FOSS kernel but deliberately closed off to prevent paying customers from actually deciding how the device is used. We already have a couple of those and if you prefer something more exclusive then Microsoft have a third strait jacket with hardly any other users, so you could use that.

1
0

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

Ken Hagan
Gold badge

Re: Bugs in Edge? Really?

" It makes you wonder just how much of Edge was really a re-write / build from scratch."

Where did you get that idea? I thought Edge was fairly clearly presented as "Starting from the IE codebase, we took out all the backwards compatibility hacks.". The idea is that it will then be easier to maintain the less-hacked-about codebase. I'm not aware of anyone claiming that it was a completely new engine. (As you hint, given previous and completely discredited claims of a "total re-write" regarding Windows itself, any such claim for Edge would have been laughable.)

1
0

Carphone Warehouse coughs to MONSTER data breach – 2.4 MEELLION Brits at risk

Ken Hagan
Gold badge

Re: We take our customers' security very seriously ...

"Finally, If it turns out the attack wasn't really that 'sophisticated', any organisation responding with a claim that it was should have their punishment automatically increased for LYING."

Mechanisms do exist for that. If customers notify their banks (and yes, I agree it shouldn't be their job) then the losses will be carried by the banks. These banks *ought* therefore to turn round to CW and say "Your fees for next year (and beyond) will be significantly higher because you are demonstrably shit and costing us a good deal more than simply transaction costs."

Whether the banks can be bothered, however, is another matter. I expect the costs will simply be passed on until they hit someone who can't pass them on further. That would be you and me.

1
0
Ken Hagan
Gold badge

Re: Why did they still have people bank details beyond the requirements of needing them?

"The other bits of HMG that are not subject to that law (MI5/MI6/CGHQ etc) will demand that those records are kept for at least 10 years."

Simple solution: CW copy all the records that they no longer need onto a USB stick, delete the records from their own systems, and give the stick to the spooks. Any subsequent breaches of those records can be blamed on GCHQ.

But yeah, the spooks aren't actually *helping* the nation's IT security if they force commercial entities to retain records long after they have any value to the commercial entity that is paying for the storage.

1
0

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Ken Hagan
Gold badge

In the past, El Reg has carried stories of hardware vendors who were caught creating USB devices that initially identified themselves as keyboards and then injected commands to install their payload whether the user agreed or not. Since the USB standards for such basic devices are implemented by a Microsoft driver, I'm not sure you even need to find an exploit.

See http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/ and links therein.

1
0

Forums