* Posts by Nick Ryan

2398 posts • joined 10 Apr 2007

Pandas so useless they just look at delicious kid who fell into enclosure

Nick Ryan Silver badge

Re: Get Informed

Giant drop bears. Giant black and white drop bears.

Skype goes blurry, Office gets a kick in the privacy, and Microsoft takes us back to 1990

Nick Ryan Silver badge

Re: Yes but...

If you are thinking of the "live" video cast where kids came on... that was his wife.

Who are the last people you'd expect to spill thousands of student records? A computer science dept? What a fantastic guess

Nick Ryan Silver badge

Security always happens elsewhere. As long as you don't know where to look for insecurity then a system is secure.

Nick Ryan Silver badge

Re: email recall

It works as long as everything is internal and online within Microsoft Exchange Server. And if the current phase of the moon is in your favour.

Nick Ryan Silver badge

Re: Confidential?

It still baffles me with the utter, and persistent, stupidity around SSNs. They are not secret and never have been. Pretending that they are and using them as if they are takes stupid to a new level.

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

Nick Ryan Silver badge

Re: Oh well

Certainly anything from Samsung anyway. They have corporate amnesia about most of their devices from around six months from first release for many of them... But then I've yet to figure out quite they need so many models.

Case in point: Samsung phone bought last November. Security patch level: 1 November 2018.

Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it

Nick Ryan Silver badge

Security through obscurity

...or in other words, pretending that because you can't see it, there isn't a problem.

El Reg talks to PornHub sister biz AgeID – and an indie pornographer – about age verification

Nick Ryan Silver badge

Re: This Identity thing is the key

Well, apart from the MPs who have been caught with porn on the "work" computers and when challenged either chose to lie about not knowing how it got there or blame it on somebody else having their password. So we have an MP that is either a liar or cares shit all about security and gives their password away? Or, probably both really...

Nick Ryan Silver badge

Re: Huge loophole?

Well, of course:

They will require visitors to prove they are over-18 in order to access a site where adult content makes up more than one-third of the material.

Is total bullshit, but then we should expect nothing less from our vacuous Daily Mail touting lizard-wannabe ruling classes... Various metrics have to be taken into account:

  • What is adult content
  • How is this measured? Seriously, by file size (what format), quantity of files, size of image, amount of "adult content" in each frame of a video or image? Screen estate compared to useless wasted space? If a video has 20 seconds of whatever legal boilerplate is required in whatever "god fearing" nation at the end of a 40 second flick where 15 seconds the participants are dressed, does that count?
  • What constitutes "access"? Visiting the site's search page? Attempting to subscribe? Searching for content through some other search method other than the site's own?

Ooh, my machine is SO much faster than yours... Oh, wait, that might be a bit of a problem...

Nick Ryan Silver badge

Re: Well that was an invisible problem

We had to do something similar on a 4GB drive because some bits of software could only cope with up to 2GB free space and anything higher than that wrapped around to become negative space. So we bought a 4GB drive filled it past halfway with empty files and waited until we could remove them...

Just forget what Gartner said about AI in June 'cos CIOs are all over it now apparently

Nick Ryan Silver badge

Re: Not technically entirelly worthless ?

Well it's not worthless to Gartner... some mug paid them money.

Nick Ryan Silver badge

Re: This is not the report you are looking for

It's Gartner. The only interesting thing about a Gartner report is trying to guess who paid for the worthless thing. OK, it's not technically entirelly worthless as some mug organisation paid Gartner to "prove" or "demonstrate" how their products are useful therefore it has some value... and some "impressionable" (I'm being nice here) PHBs still believe Gartner reports.

Man drives 6,000 miles to prove Uncle Sam's cellphone coverage maps are wrong – and, boy, did he manage it

Nick Ryan Silver badge

Coverage Cowboys

Or "mobile phone operator" as they may otherwise be known. When not termed as "dirty rotten liars" of course.

Microsoft partner portal 'exposes 'every' support request filed worldwide' today

Nick Ryan Silver badge

Yes, they are considered Personal Data because they identify an individual. There is a bit of fuzziness around business to business communications particularly as jsmith@example.com would relate to an individual, it's the context and exposure that is important.

...and yes. El'reg should have done the correct thing and obscured the email address.

Are you sure your disc drive has stopped rotating, or are you just ignoring the messages?

Nick Ryan Silver badge

Re: Error messages

To be fair, a lot of the error messages only make sense once you have worked out what is actually wrong. Except for the many, many Microsoft error messages that don't make sense then either of course.

I used to be a dull John Doe. Thanks to Huawei, I'm now James Bond!

Nick Ryan Silver badge

It's not Facebook, it's the phone manufacturer deciding to add unwanted bloatware as "system" applications. Samsung do this with all kinds of unwanted rubbish, Sony aren't much better either.

Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept

Nick Ryan Silver badge

Re: upper-bracket millennials

Try being in the crossover period when students were being lied to about the loans not being, and never going to, replace student grants.

They were touted as a "top up" to allow a student to live between terms during which the grant was meant to provide all the money that a student needed. Except for the slight hitch that due to the disparity between grants and hall fees many a student would have been left with £10 a term for everything else (not at all Uni's of course).

What type of sour dough artisan toast are you having today? :)

Excuse me, sir. You can't store your things there. Those 7 gigabytes are reserved for Windows 10

Nick Ryan Silver badge

Re: All well and good...

A real killer is the infernal WinSxS directory which merrily chews up many GBs of storage of duplicated files. In theory the "disk cleanup" process can tidy this, however this often doesn't clear up much beyond a few GB.

The "disk cleanup" is also not available on servers (Win 2016) without installing the cluster fuck of rubbish that should never be on a server that comes with the "desktop experience" package. However there are workarounds to manually install just the "disk cleanup" application itself.

Full frontal vulnerability: Photos can still trick, unlock Android mobes via facial recognition

Nick Ryan Silver badge


A photo, or a fingerprint, is an identifier. These are not suitable replacements for a password, they are, however, suitable replacements for a user identifier. By all means use these in addition to a password but they are not replacements for a password; They do not and can not adequately replace something that is secret.

But whatever... hollywood movies and all that can't be wrong can they?

I'm just not sure the computer works here – the energy is all wrong

Nick Ryan Silver badge

Reminds me of a very similar issie in a previous life / company we supplied AV PCs that went into pubs, clubs and so on. In one of these clubs within a shopping complex the supplied PC just kept failing with disk errors and this problem kept reoccuring even with new replacement systems. We even tested one replacement system in the office for three weeks before deploying it to site at which point it failed with data errors within a couple of days. After too many site visits we lucked out and saw an electrician working on the site. It turned out that the particular innocuous looking pillar, there were others that looked the same, that the DJ console was built around, and the PC was sat next to, had the three phase supply for the complex running through it and with the short distance and inadequate shielding the data on the hard disk was being corrupted. We moved and rewired the PC to a different cupboard and this stopped the problem.

Error pop-up? Don't worry, let's just get this migration done... BTW it's my day off tomorrow

Nick Ryan Silver badge

Re: Reminds me of...

I used to go pretty much stratospheric at developers any time I saw anything such as "on error resume next". Making stupid assumptions about anything always causes problems somewhere, this used to be one of the worst...

Is Google purposefully breaking Microsoft, Apple browsers on its websites? Some insiders are confident it is

Nick Ryan Silver badge

Re: Brittle software?

You don't understand. You HAVE to disable hardware acceleration in that case, because Javascript could rewrite that empty tag to make it contain something which might be over the video window, which would require software rendering.

You do realise that with utterly trivial JavaScript code pretty much any element in the page could be made to overlay the video window? Therefore this supposedly awful empty DIV element really doesn't matter?

In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes

Nick Ryan Silver badge

Re: I want choice

Spec-ex is where the performance gains are. Why? Because OSes like windows and the applications that run on them aren't sufficiently parallel therefore serial processing speed has to be concentrated on even with the burden of context switching.

The difference between, for example, Intel Atom processors without spec-ex and Intel chips with spec-ex is quite phenomenal and a testament to the succes of the technique. Shame that Intel sacrificed security for performance so badly.

Non- x86 chips can also suffer from the same problems, it really depends on where the MMU boundary checks are applied. In Intel's case it's outside of the spec-ex, giving them a serious performance boost, compared to chips where the checks are applied within the spec-ex context. Technically, both are as valid as each other it's just that using timing tricks it's possible to derive data where the checks are applied outside of the spec-ex execution.

Nick Ryan Silver badge

Re: Efficiency Strategies

Spec-Ex doesn't need to be costly, and the gains are almost always more than 50%. Why? Because most iterations last longer than that and therefore an iteration for even just 10 cycles with one spec-ex clash at the end is considerably faster than 10 cycles without spec-ex.

As noted elsewhere, one of the problems is due to sacrificing security for permance - as in only checking for access levels on presentation of the data rather than during the spec-ex fetch. While this seems reasonable the time difference between the two is noticeable and with caching allows the contents of the request to be derived. Slow, admittedly, but given the speed of modern processors not impossibly so.

So "office" applications or gaming, spec-ex markedly improves performance. Just in the case of Intel, in particular, it's a case of security vs performance.

RISC-V has spec-ex, however the spec-ex fetches go through the same MMU boundary checks as any other fetch. This doesn't that timing based differentials, and therefore data leaks, are impossible, just that they are considerably harder. A properly secure system would exhibit exactly the same outward performance regardless of a cache/security hit or not. Unfortunately that pretty much requires that spec-ex is disabled.

Nice phone account you have there – shame if something were to happen to it: Samsung fixes ID-theft flaws

Nick Ryan Silver badge

Samsung: good hardware, appalling software. However fair play that they accepted the faults and fixed them (hopefully)

College PRIMOS prankster wreaks havoc with sysadmin manuals

Nick Ryan Silver badge

Re: Poorly configured systems - how about no password on SYSTEM!

It is a shame because these days utterly fictitious values of cost will be assigned to relatively trivial student "experimentations" where no real harm has been done. Yes, you used account time that wasn't yours but if the institution owned then systems then were was no real cost to them, just time slices and a bit of electricity.

I got banned for a couple of weeks too, and one point I wound up sitting at the student help desk and particularly annoyed the staff there by clearing the queue of students with computer issues quicker than they would have - and genuinely helped them too.

To show the difference, rather more recently I browsed a colleget network and came across a student PC with an open/anonymous share with rather a lot of pornography on it. I could have pretty much cost them their course by reporting them but instead messaged them and advised them that open shares with such was ill advised and they should stop doing it. The fear from them was ridiculous bearing in mind it was just content that anybody with a non-College network could have accessed easily. I think they appreciated the gentle hint rather than a full censure. On the other hand, September was a terrible time for the network... thousands of new, unpatched and utterly vulnernable PCs from (new) students hitting the network made things glacial at best.

Nick Ryan Silver badge

Re: BBC Micros at college

My alternative was less hi-tech. At Uni (sorry guys) I wrote a simple program that looked exactly like the login system (custom screen, easy to mimic and logged out the current user, me, after recording login details) and ran around a computer room or two, logged in as myself, ran this application and merrily harvested the login details of countless students and staff. They had a bit of a sense of humour failure (sorry, again) when I presented this list to them - including a sys admin login or two.

Students. We were probably all dicks at some point in time.

Oh, and I also worked out how to get free laser printing.

BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol

Nick Ryan Silver badge

Re: Ah HA!

I'd say that HP have excelled themselves and implemented variants of this system in multiple places just to ensure that what should be a relatively simple process of them replacing (yet another) DOA laptop (with the same faults as the previous ones) winds up involving multiple departments that cannot communicate with each other and many days of delays.

It's official. Microsoft pushes Google over the Edge, shifts browser to Chromium engine

Nick Ryan Silver badge

Re: Bloatware

That and not having the cretinous, and cretinously annoying, cortana "assistant" rubbish shout at you on every clean install. It's not necessary, it's never necessary and most of all has no part in being in the clean install process. Every time it involves trying to hit the mute on the keyboard as quick as possible...

Nick Ryan Silver badge

Re: Worst possible outcome

Chromium and Chrome are different things - Chromium is an open sourced rendering engine, Chrome is just another web browser that users Chromium to render pages. The browsers that use the Chromium engine have a lot of leeway into how the content is managed, presented and filtered.

Keen for much-hyped quantum computing to finally land? Don't expect it for a decade

Nick Ryan Silver badge

I'd rather that a genuine "AI" didn't drive my car thanks. On the other hand, a computer system with outstanding sensors, control and prediction systems... yes.

The problem with the cure for cancer is that most people don't understand that cancer is not a disease as such. It's "just" the body's own cells mutating/malfunctioning, which they do all the time, and getting themselves into a state where they are not shut down automatically (the fate for most mutated cells) and reproduce in an uncontrolled way. If cells never mutated then we would not exist, it's a fine balance. So targettting our own cells which are malfunctioning when our own body's defences against malfunctioning cells have missed them is a tall order.

Do not adjust your set: Hats off to Apple, you struggle to shift iPhones 'cos you're oddly ethical

Nick Ryan Silver badge

Re: Losing customer

My Nexus 5X died recently (all round fantastic phone, particularly for the price). I bought a Samsung J3 for about £100 as a very quick purchase because I needed a phone up and running pretty much straight away (and wanted one with the NFC for contactless payments). The camera is a bit crap, and while the performance of the phone itself isn't stellar once I'd removed all the awful Samsung shovelware and hugely sub-par versions of other applications the speed isn't noticeable and it has about 50% more battery life now compared to before. Alternatively I could have spent hundred more on a phone that when it comes to most practical use (for me), isn't much better. I do miss the 5X's camera thouugh...

Adobe Flash zero-day exploit... leveraging ActiveX… embedded in Office Doc... BINGO!

Nick Ryan Silver badge

ActiveX? Again. A ridiculously stupid idea from the outset... as in cobbling together one layer of dangerous instability on top of another layer of dangerous stupidity on top of another layer of dangerous stupidity?

Combine with Flash? Seriously? The most insecure mess since, erm, anything else that came out of Adobe. Or Microsoft. or possibly Sun.

What's the commonality in this mess? Largely unnecessary proprietary extensions in place of standards. It's not that standards based systems are invulnerable (far from it) but their legacy is much less. And they can be fixed. ActiveX can never be fixed - ban and block it. Flash almost certainly can never be fixed either. As for the other insecure stuff that comes out of Adobe, as in a document format (PDF reader) that suddenly "needs" Flash, JavaScript (homebrew abortion version of course) and local system access to all kinds of unnecessary resources... just no. No. never.

No, you haven't gone deaf – the Large Hadron Collider has been wound down for more upgrades

Nick Ryan Silver badge

That's a different experiment. Nearly.

Facebook spooked after MPs seize documents for privacy breach probe

Nick Ryan Silver badge

Re: History lesson

There have always been different classes/categories of shares. It's entirely up to the organisation involved and up to the investor to pay due care. In the UK at least there are various laws around the dissolution(?) of shares as in if you have a particular type of shares these may not be expanded upon and offered to others without being given the opportunity to purchase more at the same effective ratio. Or something similar - in any case the laws are surprisingly fair.

I've often wondered about the exit strategy or just business model of various of these companies. I still don't quite get how FB isn't losing money at a phenomenal rate, on the other hand they have developed, and patented (start argument here) quite a few technologies and they have in their posession a very well profiled database which they can, and are free to, utilise to promote third party services. Even at its most basic level, the hosting, development and support services have to be paid for somehow. If you're ever in doubt, follow the money trail.

Nick Ryan Silver badge

Re: Why?

Stupidly the UK police tried something similar with the raid on Noel Edmonds. Or was it some other celebrity? I've steadily lost the will to care... Whoever it was, the press should not have been along for the raid as it happened - fine for them to catch up based on public reports of something "interesting" happening but never anything more.

Nick Ryan Silver badge

Re: Off to the tower with Zuck

Precisely. Russia, given their alleged use of Facebook for their own cyber influence reasons, would not want to close Facebook down. FB's influence is considerably more in Russia's "enemies" lands therefore it is an asset, albeit a little double edged at times.

Nick Ryan Silver badge

It doesn't matter what the US constitution (and it's many, many amendments that adjust it for various lobby's purposes) reads.

This was in the UK and despite what many US politicians may think, US laws don't apply here, UK laws do. If UK laws, even rather antiquated but occasionally useful ones, are in effect then they are usable and in this case have been. For once, UK politicians, or more likely civil servants, have done something sensible used the appropriate powers that they have in order to deal with an organisation that is treating UK laws/government with contempt. We may be a distinctly third world country (read the UN reports) however at least there is some sense remaining somewhere.

Office 365 Exchange enjoys a less than manic Monday. Users? Not so much

Nick Ryan Silver badge

Re: Available to your Office365 admin

Well it wasn't very honest or helpful anyway:

Title: Can't access email

User Impact: Users may be unable to connect to the Exchange Online service

At least it's been updated a bit now.

Title: Can't access email

User Impact: Users may be unable to connect to the Exchange Online service.

More info: Affected users may be able to able to access the Exchange Online service if they refresh their connection.

Current status: We've determined that availability dropped below acceptable thresholds due to a networking issue. We've restricted some replication and migration requests through the affected infrastructure and while increasing connection points on alternate infrastructure to remediate impact.

Scope of impact: Impact is specific to a subset of users who are served through the affected infrastructure.

Start time: Monday, November 26, 2018, at 10:10 AM UTC

Next update by: Monday, November 26, 2018, at 2:30 PM UTC

Nick Ryan Silver badge

Seemed to be a partial failure of some systems, and guessing from how things panned out across devices most likely the non-standard interfaces that Outlook uses rather than any standard interface. Webmail Outlook started to give up later doubtless because too many victims had to use it.

Microsoft: You looking at me funny? Oh, you just want to sign in

Nick Ryan Silver badge

/sigh. Face ID is not a suitable replacement for a password. It's a suitable replacement for a username.

Facebook's Sheryl Sandberg can't remember smear firm, but 'some of their work' crossed her desk

Nick Ryan Silver badge

Research into critics

I'd be happier if they did admit that they hired an agency to research critics of them. There is nothing wrong with that, and knowing if the critics are genuine (as in not a smear campaign) then it can provide a lot of valuable input to fixing things. Targetting critics as a result is not on at all though.

1,700 lucky Brit kids to visit Apple Stores for 'Year of Engineering'

Nick Ryan Silver badge

A good start would be to reclaim and protect the word Engineer for its real meaning, just as the title Doctor denotes a certain level of either academic achievement or medical training.

The person who fixes the photocopier is a technician and not an engineer, no more than the (invaluable and useful) person who takes X-rays is a doctor.

A fine concept let down by semantics. Could you define when someone stops being a technician and becomes an engineer?

Very similar to the discussion regarding what is a scientist and what is an engineer? There is a very large grey area in the middle therefore how and where is the division made?

Nick Ryan Silver badge

Re: "...trying to work out what the Year of Engineering actually is"

Nearly... roughly 3/4 of them are 365 days of bacon fuelled bliss. The others are 366 days of bacon fuelled bliss! More bacon!

Microsoft sysadmin hired for fake NetWare skills keeps job despite twitchy trigger finger

Nick Ryan Silver badge

Re: Nothing beats them

I believe the word you may be looking for is "tools"...

Need electric propulsion for your satellite? Want a 'made in Britain' sticker? Step right this way...

Nick Ryan Silver badge

All electric

Maybe it's just me, but how can it be described as all electric if it requires Xenon as a propellant?

Budget 2018: UK goes it alone on digital sales tax for tech giants

Nick Ryan Silver badge

Re: There will be £10m for a scheme to identify ways to keep physics and maths teachers in schools

@ Intractable Potsherd

I agree, it is a very strange situation to be in - wanting the best for your own children while not wanting a society where those that are able to be successful and those that aren't is dicatated by the level of education that they have available, or where they were educated. Because thisn't good for your own children either.

If the state schools were better, would you send your children to them then? Then the solution is there to see...

Nick Ryan Silver badge

Re: There will be £10m for a scheme to identify ways to keep physics and maths teachers in schools

There's one guaranteed way to have the government improve state schools... Close all non-state schools and make it an offence to pay for education. This way all politicians' children will also have to enjoy a state school education and with this in mind it's likely to be amazing how fast government education spending would improve.

Britain's rail ticket-booking systems go TITSUP*

Nick Ryan Silver badge

Sensible error handling is so last century. It is much better to not do any error checking and to throw exceptions for relatively expected events and to then process these in the usually unhelpful "an error may have happened" kind of response.

Muppets. While there are near religious flame wars about error handling vs exception handling, they both have their place. Error handling is for the expected failures, exception handling is for the unexpected ones - use both to their advantage in other words.

Nick Ryan Silver badge

Meh. It's been impossible to buy a season ticket from Chiltern Railways for the last two weeks due to configuration and deployment issues. Because the incompetent web managers can't grasp that in-house staff accessing the same system may, in fact, be accessing a different system (internal vs external DNS) they have been carefully denying the problem. Only little gems like "pick a station from the list" followed by "station not recognised" and wonders of "modern development" like that and different station lists appearing depending on whether or not the user is in-house or not.

This is on top of the standard issues with idiot web developers attempting to replicate standard browser functionality using JavaScript.

Biting the hand that feeds IT © 1998–2019