* Posts by Lotaresco

1126 posts • joined 24 Sep 2007

Page:

Yes, you can remotely hack factory, building site cranes. Wait, what?

Lotaresco Silver badge

Some hysteria

Cranes used for materials handling have other safety systems besides software. They have to, because having a crane suddenly drop stuff isn't a desired outcome. So entertaining as it may be to speculate, speculation should take into effect the mechanical controls and also the (usually) ladder logic controls built into limit the cranes being used unsafely or becoming unsafe as a consequence of mechanical, electrical or electronic failure.

I'm not daft enough to say "never", but do bear in mind that safety controls are overlapping and it takes a cascade of failure rather than a single event. Yes, I know cascades happen but the guiding principle is ALARP, not "never fail under any circumstances".

Army had 'naive' approach to Capita's £1.3bn recruiting IT contract, MPs told

Lotaresco Silver badge

Re: Lieutenant General Tyrone Urch

"For some reason I had a flashback to 1970s television: an image of a gorilla wearing a bizarre helmet and riding a horse."

A gorilla wearing a bizarre helmet and riding a horse? You mean Harvey Smith?

Lotaresco Silver badge

Re: "What they brought was an expertise we didn't have."

The claim that Crapita brought something that the Armed Forces did not have is complete and utter horse-feathers. Crapita had no relevant experience and certainly had no L33t Skillz previously absent. The previous contract had been run well by an organisation that understood military recruitment. Crapita had no experience of military systems to draw on.

As you say, the only experience available was negative.

Lotaresco Silver badge

Re: Actually...

"If I was feeling really cynical, I'd say that it is just the another step of the ongoing attempts to privatise the entire British state."

You can be as cynical as you like, but Army recruiting had been privatised years ago. Capita just bid for and got the contract that had previously been awarded to and run by another systems integrator. The odd thing, and a thing the Select Committee didn't focus on, was that the previous contract was run well and didn't suddenly leave the Armed Forces without recruits.

Once can only assume that the Capita bid was "reassuringly cheap" and that those awarding the contracts were blinded by the cheapness.

Goddamn the Pusher man: Nominet kicks out domain name hijack bid

Lotaresco Silver badge

Re: lesson ?

Well, duh. But sometimes it goes wrong. I lost a domain set to auto-renew because the registrar took the money and forgot to renew it. However if you check the contract, all you can get back is the fee. Still, the loss of the domain wasn't an issue for me, and I told the Russian cyber-squatter who tried to hold me to ransom over it to take a hike.

From time to time I check the domain, as in "just now" and yes, the idiot is still sitting on the domain and it has cost him more than I paid for it, ten times more, to maintain it. He's an idiot.

Who cracked El Chapo's encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager

Lotaresco Silver badge
Coat

Re: Well at least that soles the mystery

"... soles the mystery"?

Sounds like cobblers to me.

Attention all British .eu owners: Buy dotcom domains and prepare to sue, says UK govt

Lotaresco Silver badge

Re: Simple solution: e-residency

"I'd guess hmrc will take a very dim view of you declaring your income in Estonia when you are sat in the UK. Good Luck!"

I'd guess that you don't understand the difference between personal and corporate taxation.

Lotaresco Silver badge

Re: Simple solution: e-residency

"I hate to think what else it has committed you to but I guess any business now done in the EU is taxed in Estonia."

Gosh yes, that would be terrible. Having to pay a flat rate (proportional, not "progressive") tax rate of 20% with no higher rate tax, no Corporation Tax, no withholding tax. How do those poor Estonian's manage, eh? Oh, by being wealthy, happy, most digitally switched-on in Europe with universal free education, free healthcare and the best maternity leave in Europe. And they are full-fledged members of the Euro. Life must be hell.

Remind me, why are we leaving the EU?

Lotaresco Silver badge
Happy

Re: Simple solution: e-residency

"It costs €100 (one-off payment) to apply for e-residency in Estonia"

Blimey, first useful advice ever in these forums, thank you.

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP

Lotaresco Silver badge

Things I miss:

demon.service

demon.local (aka demon.loco)

EvapOr8 (a being of pure thought)

Iolo Davidson

alt.pave.the.earth

Things I don't miss:

The scientology flame wars

james g. keegan (jr)

All the other net-loons who, TBH, now look quite rational compared with the Twitterati.

Lotaresco Silver badge

Re: Sad News...

"a lifes supply of fake tanning lotion."

Don't forget the pink Rolls-Royce!

Lotaresco Silver badge
Devil

Re: Bye bye.....

"I think I was one of Demon's first thousand;"

I was, IIRC Demon's twenty fourth customer. Having been aware of Giles Todd at university I got a tip-off that the service would be starting and knew that I could trust the Demon team who were all well-known among geeks at the time. I lasted as a customer up until Godfrey vs Demon Internet and the sale of Demon to Thus plc. at which point the Demon "Crack Legal team" swung into action and demanded that customers sign an open-ended agreement to indemnify Demon without limit for any future libel action. I declined the offer to underwrite Demon's costs and went elsewhere around 2002, I think. That was when their "Crack Legal Team" started to get all shouty and threaten disconnection unless I signed a document that no one in their right mind would sign.

Boffins don't give a sh!t, slap Trump's face on a turd in science journal

Lotaresco Silver badge
Boffin

Re: Curious precedent on what is allowed

"So the fact that the USA is the only industrialised country to REDUCE CO2 emissions must please you?"

That sort of claim is so easy to debunk. When you say "only industrialised country to REDUCE (sic) CO2 emissions" all someone needs to do is to provide evidence that a single industrialised country has reduced CO2 emissions and you end up with egg on your face. Not only that, but if the USA has actually increased its CO2 emissions you end up egged from head to foot.

Consider yourself egged. The UK has reduced its CO2 emissions from 600Mt to 379Mt, a 36% reduction, and is on target to meet its Second Carbon budget (internationally agreed) emissions. Meanwhile the USA's CO2 emissions have *increased* from the 1990 baseline (5 billion tonnes in 1990, 5.2 billion tonnes currently).

I suggest that you do a little bit of research before making bold statements and that you cease obtaining your news from the US propaganda machine.

Virgin Galactic test flight reaches space for the first time, lugging NASA cargo in place of tourists

Lotaresco Silver badge
Headmaster

Re: 80km?

"Not even close. The highest jet-powered/non-rocket-powered aircraft so far is the Ye-266, which is a modified MIG-25 that reached 37.65km."

SpaceShip One piloted by Brian Binnie reached 112,010 m (367,487 ft), quite a bit higher than the 37.65 km achieved by the Mikoyan Gurevitch E-266M. SpaceShip Two should be able to reach the same height as SpaceShip One, although probably not when full of paying guests. SpaceShip One currently holds the altitude record for a manned aeroplane.

Cambridge Analytica's administrators misled judge, High Court told

Lotaresco Silver badge

Re: Er, what?

It makes sense, but you need to read carefully through the guarded language used by barristers.

Instead of overtly stating that CA was operated fraudulently, they have to tease out the evidence on piece at a time. The information that Emerdata were funding CA's costs is (IMO) damning because it shows that Emerdata are effectively cutting CA free in the hope that the problems with CA are not then traced back to the wider group of companies and that Emerdata don't have to face any legal consequences. If they succeed, and it looks as if they have, then they get to open another CA-like company and do it all over again. The picking around Green's involvement appears to be trying to highlight that CA wasn't necessarily bankrupt but was positioning itself to become bankrupt in the hope that would kill off any SARs.

Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'

Lotaresco Silver badge

Re: First step - ID cards...

"Second step - centralised database linking all government data"

Already exists.

"Third step - mandatory registration of CCTV systems with government"

Already required.

"Fifth step - mandatory tracking of all vehicles..."

Already done.

"... to replace outdated fuel duty and VED."

Probably a good idea.

One problem with conspiracy nuts is that they don't seem to be aware of which systems have already been implemented. ID Cards will be the last piece of the jigsaw, not the first.

Lotaresco Silver badge

Re: Why don't we have a referendum...

"We can piggyback it on the second EU referendum."

I think you mean the third referendum. We already had two.

Lotaresco Silver badge
Facepalm

Re: "...universally acclaimed digital ID system which nowhere in the world has yet,"

"Try Turkey"

Are you sure that you want to use Turkey, with its dreadful human rights record, as the poster child for ID cards? It's a country where people practice self-censorship because they know the cost of speaking out against government abuse of power.

Even membership of Amnesty International can see one facing charges of being "a member of a terrorist organisation". And the Turkish government has a clever wheeze of putting people into indefinite "pre-trial detention" so that they don't even have to take them to court.

"An ongoing state of emergency set a backdrop for violations of human rights. Dissent was ruthlessly suppressed, with journalists, political activists and human rights defenders among those targeted."

--Amnesty International

NHS supplier that holds 40 million UK patient records: AWS is our new cloud-based platform

Lotaresco Silver badge

Re: Red flag

"unprecedented levels of protection"

Having no protection at all is unprecedented.

NASA's Mars probe InSight really has Mars in sight: It beams back first pic after touchdown

Lotaresco Silver badge

Re: A Mercury Tooth Filling?

If they do hit a mercury filling it will be evidence that they have identified the root canal, proving Giovanni Schiaparelli was right all along.

NASA has Mars InSight as latest lander due to arrive today

Lotaresco Silver badge

Re: Dusty

"Got this damn image of Chrichton "

Whom?

That robot from Red Dwarf.

Excuses, excuses: Furious MPs probe banking TITSUPs*

Lotaresco Silver badge

Beancounters don't want to see the obvious.

Over a decade ago I was appointed by a client to look at the resilience of their operations. They wanted proper 24/7 always on operation but they had a single data centre and that was handily located under the final approach to "a major airport". The "backup strategy" consisted of making tapes stored locally, some of which were migrated to a "secure location". From time to time. I wrote a report detailing the flaws in their approach. Surprisingly they took it quite well and decided to spend the big bucks creating a second data centre to provide remote backup and failover. That was also situated at the end of a runway.

I pointed out that this was just the same as their current, flawed, installation and got the message "Don't be silly, what are the chances of having two crashes on the same day?"

At the planning stage it was zero cost to ensure that both DCs had different risk profiles. In fact a very good location (old nuclear bunker) had just come up for sale which would have cost a fraction of the price of the new build that they did. However that had been rejected because it was in a location that didn't attract government grants; even though with the grants the new build option was still more expensive.

Windows XP? Pfff! Parts of the Royal Navy are running Win ME

Lotaresco Silver badge

Re: Front Line Opinion

"Anon Ex-RN IT administrator"

There's a horribly high probability that I trained you :-)

Even Sanctuary is outdated since it's now HEAT.

Lotaresco Silver badge

Re: Boatnotes?

"Surely this should be filed under "Shipnotes", as a Boat in Navy parlance is a Submarine?"

A submarine is a type of boat, not all boats are submarines.

Lotaresco Silver badge
Alien

Re: The Enterprise runs Windows ME?

"Does that mean Captain Kirk & the others were talking to Clippy?"

"I see you are trying to remove Klingons. Would you like more paper?"

Lotaresco Silver badge

Re: Few comments

"Been working on trying to PXE boot to a Linux installation that can image the hard drives. Backups via 2.5" floppy drive are painful in so many ways."

Same advice as before, buy an appropriate adapter card and sidegrade to CF or SD card. You can get adapters designed either to use inside the case or fitted into an ISA card to give external access to the socket, allowing you to backup to a CF card.

Lotaresco Silver badge

Re: Few comments

"The 200-500GB drives I had didn't work and didn't have a jumper for 32GB compatibility..."

For future reference, we had similar problems in the past. It's possible to get CF Card to ATA connectors, which means you can use a 32GB CF card or add another layer of kludge by using a CF card to SD card adapter. Possibly a good idea to get some of the adapters now while they are still available. They cost all of £2 to £4 for the adapters and they are available for 2.5" and 3.5" pin configurations.

Lotaresco Silver badge

Re: Few comments

"You do realise that the flagship of the Royal Navy is a First Rate Line of Battleship, which was laid down in 1759 and predates the formation of the United States of America?"

You forgot to mention it has no headroom and it leaks like a sieve. It's possibly not a great example to wave around.

F***=off, Google tells its staff: Any mention of nookie now banned from internal files, URLs

Lotaresco Silver badge

Re: FFS

"I work for the US Navy with coworkers"

How many cows do they ork each day?

What could be more embarrassing for a Russian spy: Their info splashed online – or that they drive a Lada?

Lotaresco Silver badge

Re: @mark i 2

"They were better made than the Ural a friend rather foolishly bought"

The Belgian Lada distributor also sells UAZ trucks, for incredibly high prices. Crash protection, none. Design fossilised about 1947. I can't imagine that they sell many of them.

Lotaresco Silver badge

Re: 6 downvotes and counting

"A friend owns and operates an auto service company here in the States that specializes in Bentleys, Rolls-Royces, Land Rovers, and Jaguars, as well as Mercedes and BMWs. He has often said 'If you know 30 people who own British cars, you've got a reliable monthly income.'"

None of the cars that you list are British. German, German, Indian, Indian, German, German. Now, if he had a Morgan franchise...

Lotaresco Silver badge

Hmmmm

I'm thinking of buying a Lada, I wonder if this will instantly identify me as a Russian spy? After what feels like a very long absence from the European market, because they couldn't meet emissions standards, the Lada 4x4 is back on sale in Germany and Belgium. They are are great rough and ready alternative to the Faux by Fours sold by the major manufacturers.

Lada Niva, Germany

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

Lotaresco Silver badge

And there's another...

... place to add to my list of sh*tholes that I won't travel to.

Not long before I add "The UK" to that list.

Manchester nuisance-call biz fined £150k after ignoring opt-out list

Lotaresco Silver badge

Re: 0161 = block

"Although the 'babs from Camel One in Rusholme were supreme"

I did six years at Owens. I can honestly say that I have no idea what you are on about. The salubrious joints of my day were the Conti (New Continental Club), Band on the Wall, the Russell Club and dodgy café behind the medical school that sold suicide specials.

Lotaresco Silver badge

Strict Liability

One of the many things that the EU and US FDA did in the past was to introduce "strict liability" for the pharmaceutical industry. This means that directors get to go direct to jail without collecting their pay cheques in the event that the pharma company does something bad, like knowingly selling drugs that cause harm.

The fallout inside the industry was impressive. In the 80s company directors largely were deaf to scientists saying "This drug does very little good, and could actually harm people." If it could clear the FDA hurdle it was going to be sold. After strict liability the directors scrambled to enhance the powers of regulatory compliance within the companies.

The same should apply to all businesses, TBH.

A story of M, a failed retailer: We'll give you a clue – it rhymes with Charlie Chaplin

Lotaresco Silver badge

Profitability

"From a gross profit perspective, Maplin was incredibly profitable (the full accounts made up to 28 December 1996 show gross profit of £15.6m on turnover of £32.6m), a result, perhaps, of its broad appeal to a mix of different clients "

I'd say the reason for the profitability was the ludicrous prices charged in Maplin stores. And there lay the roots of the demise. It wasn't "online" that killed Maplin it was "competition". Maplin had originally, in the catalogue days, been both competitive and extremely helpful. The catalogue was a brilliant source of information and something I looked forward to receiving each year. The many examples, plans and technical info sections in the catalogue encouraged experimenting and that lead to buying components, cases, etc from Maplin. The shops were originally the same, staffed by people with an interest and willing to help. The shops were also well stocked.

The rot set in partway through the 90s. The knowledgeable staff started to drift away, the availability of stock became intermittent. By the 00s that had turned into guaranteed unavailability of almost everything. I recall wanting some aluminium knobs only to be told that they weren't a stock item and the wait for delivery was two weeks. I could buy them online for a tenth of the price and have them delivered next day.

The suits were more interested in pushing very expensive tat and gouging on the price of cables and cards. I suspect that many customers stayed on though inertia but eventually everyone gave in to the fact that you can buy the leads at a fraction of the price in a supermarket / DIY store and any "unusual[1]" components like knobs, resistors, cases, PCBs, etch baths etc. could all be obtained faster and cheaper via eBay/Amazon.

National Museum of Computing to hold live Enigma code-breaking demo with a Bombe

Lotaresco Silver badge

"I used to play chess with one the Bletchley code breakers, John Herivel, as a kid."

The headmaster at my grammar school was a former Bletchley code breaker. Sadly he was a bullying martinet with a short fuse. I respect what he achieved, not what he was.

Lotaresco Silver badge

Re: Support the TNMOC

'Back then you had to wait for the TV set to "boot";'

Heavens no. Your CRT TV did not boot. Like all thermionic valve equipment of the era (RADAR, Radio, Mine detectors etc) it had to "warm up" before it could be used. Which was important for Colossus which had to be kept running 24/7 both to be ready to use when needed and also to improve reliability because components weren't subject to variable thermal loading.

UK.gov went ahead with under-planned, under-funded IT upgrade? Sounds about right

Lotaresco Silver badge
Alien

Re: Alien Agilities .... Remote Virtualised AI Facilities with SMARTR Utilities

Can someone reboot amanfromMars1 again? It seems to have a corrupted database.

Home Office opens AWS cash firehose a little wider with police IT deal

Lotaresco Silver badge

The announcement doesn't say what people think it says

The announcement refers specifically to the Public services provided by the police. That is, it refers to material that will be OFFICIAL as far as the GSC is concerned. It will be all the tedious garbage about meeting your PCSO, bicycle security stamping, public event policing, traffic, accidents and crime statistics, newsletters and puff pieces about what a wonderful chap the ACC is. It will not be a repository for criminal records, case work, forensic data etc.

Although I haven't worked on this delivery I have seen some of the other stuff heading to AWS and it's largely non-contentious. I hear from "people who know" that AWS is offering a better security model than other providers and the contracts are regarded as less painful than those of other providers. Also it's much cheaper than G-Cloud offerings.

Yes, we need scrutiny of how our money is being spent, but the HO seems to be being responsible, this time around.

Besides, a new DC costs around £25 million does anyone seriously think that an SME will build one of those? SME's just get to provide services to big integrators and in this case there seems more opportunity to work supplying services to/via AWS than expecting on of the big suppliers to let SMEs supply capability via their services. It also offers the real possibility of remote working, something that is very hard to do at present for any government IT. Although even there, attitudes are changing.

SuperProf gets schooled after assigning weak passwords to tutors

Lotaresco Silver badge
Headmaster

Re: How do they send out the new "secure" passwords?

"I admire your security principles but that's how 99.9% of password resets that are not links are sent. Let's not be too anal eh?"

That, with respect, is the old "Eat shit, 17 Quadrillion flies can't be wrong." argument rehashed. There are many more ways of distributing a password than sending them unencrypted in email. I haven't seen the emails in question, but I suspect these were not one-shot passwords based on the content in the article.

I'll even place odds that they did not use the sensible challenge/response approach of password + text message to your phone for a verification code then require password be changed on first use. Because anyone clueless enough to use your name as part of password is not going to use one-shot passwords either.

Anyway, I'm a Security Architect. Being anal about security is what I do.

Lotaresco Silver badge

How do they send out the new "secure" passwords?

My guess is that they send them unencrypted in an email. Because that's what happened to me when the company that I used for domain name registration and email sold its business to a new supplier.

London's Gatwick Airport flies back to the future as screens fail

Lotaresco Silver badge

Re: "no redundancy in the internet link"

"maybe look up the gate information on Gatwick's website? "

Have you tried to do that? Good luck trying it. If you're lucky you'll get departure gate information in time to watch your flight depart. If it's working as usual you will get the information 24 hours later.

I have the Gatwick app. It's never told me a gate number before the flight has departed.

Lotaresco Silver badge

Re: "no redundancy in the internet link"

"The question for me is why there was no local cache? It would have grown stale over time"

It's an Arrivals and Departures system. The data grows stale in no more than a couple of minutes. A local cache doesn't really help. What is needed is resilient comms and that is standard provision for systems like this. There should be no SPOFs in a real time system.

Lotaresco Silver badge

"Because oddly enough it doubles the cabling costs and that wouldn't do."

It really doesn't double the cabling costs. Pulling a multi-pair cable is a sensible precaution and if it is combined with the appropriate type of switch failover to an alternative pair is seamless. The switch will even notify that a pair has failed so that action can be taken by the SOA. The only difference in price is the cost of cable + switches which is minimal because labour is the big spend.

This is, quite frankly, poor practice on Vodafone's part.

Prenda lawyer pleads guilty to moneyshot honeypot scheme

Lotaresco Silver badge

Re: One of the 98% that give the 2% a bad name

"As in the UK, if the court decides that the bankruptcy was to avoid a court judgement, then it merely exacerbates the penalties."

If only that were true in the UK. Note that in the ACS:Law debacle the SRA accepted Crossley's declaration that he was "bankrupt" at face value and did not question him continuing to live in a home and driving expensive cars bought with the cash that rolled in from his "copyright infringement" activities. Despite there being a body of evidence that showed that all the participants in the "copyright infringement" actions were closely linked and that porn had been seeded to torrents to entrap punters, the SRA took a generous view of Crossley and fined him less than half the purchase cost of one of his Bentleys.

Lotaresco Silver badge

The Prisoner of Prenda?

I'm surprised El Reg didn't got for this headline.

I'm also pleased to see the way this has gone. Contrast this with ACS:Law and the vile Andrew Crossley who leaves a mucus trail behind him wherever he goes. ACS:Law was running a similar scam with evidence from leaked emails that the "copyright holder" claiming infringement of rights was closely linked to ACS:Law and that torrent sites had been seeded with porn that was not selling at all in the market. So of course the trackers were compromised from the beginning.

What's the reaction of Solicitors' Regulation Authority? They found he was guilty of "acting in a way that was likely to diminish the trust the public places in him or in the legal profession" and "using his position as a solicitor to take unfair advantage of the recipients of the letters for his own benefit". The consequence was... a mild slap on the wrist. Crossley pleads bankruptcy, gets to keep his mansion and the cars he boasted about in leaked internal emails, and suffers not at all because he's still able to practice.

The UK really needs to tighten the noose on its professions, lawyers in particular.

ZX Spectrum reboot scandal biz gets £35k legal costs delayed

Lotaresco Silver badge

Stinking barrel of fish

It became obvious that there was something extremely fishy about RCL last year when, having crashed out of Indiegogo they decided to try to raise money directly via Facebook. Many of the people replying to that "offer" were unaware of the history of RCL and were incredulous when warned that all was not as it seemed. Several declared loudly that they either wanted a console so badly that they would take the risk or that they thought that the warnings were from "trolls" setting out to blacken the names of the noble directors.

I wonder how much dosh they raised through that route?

Capita strikes again: Bug in UK-wide school info management system risks huge data breach

Lotaresco Silver badge

Re: Kit check

"I was rather hoping we'd go to the Windchester instead?"

What, *The* Winchester?

What's in a name? For Cambridge Analytica, about a quid apparently

Lotaresco Silver badge
Headmaster

Re: Data Controller

The position is explained well here:

A link helps when posting URLs.

High Court confirms the position of liquidators under the Data Protection Act 1998.

Page:

Biting the hand that feeds IT © 1998–2019