Posts by Steve 20 publicly visible posts • joined 6 Mar 2008
"Google is providing a service free of charge
There is no requirement to use said service"
Unless you go to one of the millions of sites running the google urchin system, which in nearly every case is used by an imbecile who has no idea what sort of security risks they're presenting their users and themselves by such action, but they do to see some pretty graphics (sorry, useful statistics) for free.
A block list of IPs just doesn't work.
I had trouble a while back when a number of websites I deal with all disappeared from Virgin. After some discussion with Virgin's techs, it was determined that these sites were on their blocklist (a copy of which was sent to me for analysis). Because these sites were hosted by a server that handles many websites (the most common way small websites are hosted), they were on the same IP as a single dodgy site. Further discussion revealed that normally such all catching blocks aren't employed because, as in this case, it may remove a single dodgy site but in the process takes out thousands of legitimate websites.
Took Virgin 4 days to remove that block, along with the others wrongly applied by their PFY.
They weren't sure about unblocking at first, but the idea of a court case caused by thousands of sites losing business from a potential 50% of the UK's internet users may have been a contributing factor to removing the blocks.
Paris, because she doesn't want things blocked willy nilly either!
So, they've lost a bit of data and "PA Consulting" will be stripped of other work totaling X million pounds.
10-1 they hand the work to another external team, "PA-2-1 media Consulting" for example
Let's face it, most of these consulting companies could easily tweak their name and everyone wins. UKGov looks like it cares, the company carries on and everyone's unware of what's actually happened.
Besides, 8 million for government work sounds like very small projects...
"If one is worried about Google, it's spying and data retention practices there is a solution: Don't use them."
good luck avoiding the many sites that now use google urchin/google syndication.
Of course, these can be blocked by that's less likely than users not typing google for searches, or accidentally having google search bar installed by a friendly app.
Paris - knows all about googling.
As others on this board, I used to use Dabs as the preferred supplier.
However, back in 2001 they spent nearly a week going over "security footage of their packaging" to see if they could proof the 80GBP motherboard that was missing from an order was actually packed. This delayed a contract to build machines for someone, and upset my customer.
Since then I've been very wary, though the occasional order has been made. No more though, as they won't allow you (the customer) to choose the courier, instead deciding to randomly choose. Having had hard drives stepped on and kicked by Home Delivery Network (boot prints clearly visible, reliability of drive single figure pecentage) and having parcels delayed because "I was too busy yesterday", Dabs have for the past 3 years been used only as a *very* last resort.
That another company owned by them is suffering is most likely due to that (previous excellent) company's basic mismanagement.
To save the other parts, they should allow the customer asking to place an order for 10KGBP the choice of courier. They refused, even knowing that it could lead to many other similar orders... they lost the business.
I had a word with them about this a few weeks ago, and it's fixed in the latest version.
Go to tools->advanced settings->ignore faulty conditions and tick link scanner.
I'm standing by AVG in general because it's small, fast and does a good job. The firewall doesn't cause any noticable slowdown and, at whoever suggested it wasn't needed with SPI in the router, well, let's just hope another machine on the network doesn't get infected, eh :)
Still think the link scanner is a dumb/dangerous waste of effort. Wait til I choose to click, then check what it's returning. That's all I want the software to do.
But 5 minutes after upgrading to AVG 8.0 I turned off the linkscanner and moaned at them about it on the grounds that if a search result link was suspicious, I probably wouldn't have gone there but now my IP would have communicated with their system. Lovely :0
This could lead to other issues too, such as visiting "honey trap" sites that just happen to come up in the search list inappropriately (a mother searching for new design of childrens swimwear, for example).
I agree completely with the advice of tempemeaty; get one built to order from a friendly local place.
Dell was used in the office years ago, because they were "good value"... Hmmm. They supplied a couple of machine without sound cards due to a shortage, and sent an engineer to install them on-site several days later. Someone had to show him how to install said sound card.
Then of course, there's the machine that went faulty within a few weeks. The engineer came on-site and agreed it was faulty, then reported it was fine to his line manager. This went on for a couple of weeks, until they blamed the attached development hardware as being incompatible. Only after I suggested I tell the manufacturers of said hardware (two 'small' Japanese companies names ending in ony and ega) that Dell have said their system can't be used with their development kit did Dell replace the machine (rather rapidly too for some reason).
Glad they're finally receiving a slap of some sort :)
Paris, because she knows more about plugging things in than Dell's 'engineers'
The online tax return has numerous errors in it too... like not being able to enter 0 for a rounded down value and not accepting a date range in a box needing a range of dates.
2 weeks and they still haven't fixed these, though they did recommend workarounds which would require me to accept a false declaration.
For the icon, I've chosen the lovely night sight image of Gordon Brown helping the poor[9][9][9][9] himself.
many programs (including one I'm working on at the moment) require configuration data to be stored as encrypted data on the end user machine.
You end up with two situations:
1) The end user can't decode that data, so the data could be classed as whatever the investigation team want it to be. As you've played online poker, the server data file must be some form of terrorist plot.
2) The investigation team presume the data is attached to the software in question. A fine place to hide your data...
All laws should be a guideline; it's rather unfortunate that people treat them as gospel.
I'm sure there are legitimate reasons for this, and the protection of children on the roads is a pretty good one.
However, more and more powers are being given to council staff each day. How long before this is extended to the lollipop ladies being able to issue fines and tickets? Anyone else concerned that a binman (waste recepticle operative) can issue fine to a homeowner for the wrong type of recycling in a box, even when that item was placed in the box by a passer-by.
What point needs to be reached before the encroaching ends?
More and more each day considering grabbing my coat and going anywhere else in the world!
There's the infosec exhibition at Earls Ct later this month. Anyone else here going to that? If so, and I realise this may be a scary suggestion, who's for meeting up for a jar and a chin wag? Get to know your fellow posters and all that nonsense.
If nothing else, a few drinks and the world's wrong seem to be more easily sortable :)
Morning all,
-
VM
I've got a Virgin Media business account, and sort out PCs for several neighbours with Virgin residential lines.
I actually spoke to VM's lawyers about Phorm last Friday. After the public drubbing BT got, they seem very anxious to be seen to be doing the right thing.
What I got from the call was:
1) They are still looking at whether or not to implement
2) No trial would be carried out without prior notification
3) They're watching with interest what is happening with regard BT and Phorm
4) They're aware (and concerned) about Phorm's history
5) They aren't planning to implement it on business accounts (though as these pass in part over domestic network I can't see that makes any difference).
Try calling them, voice your opinions... if nothing else it's their time and call cost!
-
General stuff
That the ICO can see no breach of the DPA isn't a shock, but we should probably be writing en masse to the home secretary to ask them to investigate the breach of law vis-a-vis RIPA.
Do it by pen and paper and cc it to your local MP. If you don't get a reply, push it up the scale with a few newspapers, watchdog etc. "Home Secretary fails to look into illegal interception" is just one conceivable headline.
I'm typing my letter this morning. Anyone else joining in?
-
Paris - because even she can understand what's going on
Ahem...
First, would you care to provide a clearer description here? No? Really? What a surprise...
Second, the main problem I have is just your system parsing, in any way, shape or form, any internet traffic of any description requested by my hardware to be served to my hardware via my ISP.
You have:
1) No legal right
2) No moral right
3) No permission from me
So, no matter how clever you think you're being in your methodology, the merest act of parsing the data is unpalettable and if mandatory with an ISP should require that ISP be investigated for gross invasion of privacy.
As a tertiary issue, just how dumb would a hacking group have to be to *not* target your sytem?
I'm sorry Phorm/BT/Virgin,
I do not see how you can suddenly decide to start reading the streams of data that you're not allowed to read, for any purpose.
This is disgusting!
The only even slightly palettable way to handle this is have, at an account level, an ON/OFF option. If that account connects from any computer, the option applies.
All this playing with cookies nonsense means an excuse to read the data due to "user error".
Requiring the cookie to turn this off means people will:
1) No longer be able to block cookies for safety as yours will be needed
2) When clearing any cookies that were required (happens sometimes) they may delete your "opt out" cookie. That would mean they're opted in again.
I'm up for contacting ofcom as often as needed until this is squashed... anyone else?
I found a good solution to this; having given bt their own email address (ie. bt@...) whilst a customer, they started spamming it after I'd stop being their customer.
So, tell them to stop or all future emails automatically forward to their abuse team and their head office will a covering note explaining that they were still sending unwanted emails, before being deleted from the server.
Every now and then I'd remove the autodelete to see if it was still being spammed, and if so put it back again. It took them several months, but eventually they got the message.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
