* Posts by Peter X

210 posts • joined 12 Apr 2008

Page:

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage

Peter X

Re: Offsite scripts GAH!

Why does my bank use 3 different off-site script sources on their login page?

Name and shame!

OSIRIS-REx space probe catches a whiff of water on asteroid Bennu

Peter X
Pint

Re: Andromeda Strain

Time to start drinking - it's the only antidote!

NASA names the date for the first commercial crew demo flight

Peter X

"

just a moment

just a moment

I have just picked up some easter-eggs in the CIMON unit

It's going to go 100% HAL within 72 hours

"

Seriously though, if you did any work on coding that thing, the temptation to sneak something HAL-like in there would be impossible to ignore. Surely, when they ask it to play music, there must be at least a 1 in 10 chance of it singing "daisy daisy"?!

For fax sake: NHS to be banned from buying archaic copy-flingers

Peter X

Re: Fax Auditer

Where do I apply for the job as Fax Auditer?

You need to apply to the Fax Auditer Auditer.

Also, (top-tip), when you walk in the door, go to shake hands but then make a shrill screeching noise - they absolutely love that! :D

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

Peter X

Security 101: if you don’t store it, it can’t be hacked.

I would've hoped at least when GDPR came in, one of the things businesses would've spotted was that data is a liability* to them and they should delete what they can as soon as they can. If someone hasn't purchased from you in that last 6 months (and you're not an automatic repeat biller), then probably best to delete the card number... it's not like you're saving the customer loads of time re-entering it when they hardly order from you anyway.

* previously it made sense to hoard as much data as possible. With GDPR the mining potential is limited because you're not allow to exploit it easily, and obviously, with GDPR, data loss can = financial loss.

Peter X

Re: Being fair to Marriott

they only acquired Starwood in 2016, this hack seems to pre-date that

I believe the hack has been on-going since 2014, so possibly someone should've noticed at some point since?

Another Hancock-up? UK health secretary appears in piece about controversial GP app

Peter X

My local GP

My local GP recently sent me and SMS encouraging me to download this: mjog.info/NHS

Obv. I haven't (the reviews are dire!), but are they all having to do this now?

What the #!/%* is that rogue Raspberry Pi doing plugged into my company's server room, sysadmin despairs

Peter X

Raspberry Pi

I thought at the start of the article that perhaps we were being called on to solve this mystery...

I'd got as far as:

* The perp. is probably > 6 years old.

And that's based on the fact that the Pi in question is one of the early ones that still has the single row of header pins near the yellow composite connector and has polly-fuses (that caused USB power problems) near the LEDs. And those ones only had 256MB of RAM too. These Pis were AFAIK only sold for a few months in 2012. Of those, some had Hynix RAM, and some (I believe most), like the one in the picture, had Samsung RAM.

I am wearing a deerstalker and smoking a pipe by the way!

RIP Bill Godbout: Cali wildfire claims the life of master maverick of microcomputers

Peter X

S100 related but otherwise off-topic

From the S100 Wikipedia page... I just can't get past this photo; it's... amazing:

https://en.wikipedia.org/wiki/File:Harry_Garland_and_Roger_Melen,_co-founders_of_Cromemco_(1981).jpg

It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

Peter X

Re: I'm tired of making this response as well

Damn it.. now I'm thinking about Office Space:

https://youtu.be/_BaMx_n2_hM

Why don't you just go by Mike instead of Michael?

No way. Why should I change, he's the one who sucks!

Is this cuttlefish really all that cosmic? Ubuntu 18.10 arrives with extra spit, polish, 4.18 kernel

Peter X

Unity menus

I've just migrated to Gnome (Ubuntu 18.04) from Unity (16.04) and... I miss the menus! I didn't ever like having them at the top of the screen (never liked that on MacOS or even Amiga!), but I did really like having them replace the window title.

Probably not the ideal place for new users to find and understand how to use them, but it really does save screen space which is particularly good when you have a laptop with ~800px vertically.

I'm also missing Unity lenses and HUD. And I'm irritated by stupid stuff like the lock screen looking like a phone lock screen to the extent of being able to swipe upwards (I press escape but that's not the point). And I really hate various sounds like the bell in the text editor (gedit) that AFAIK can't be disabled without disabling system-sounds altogether. And it's got a bloody sound that it makes when USB storage is inserted and removed. Just like Windows XP did! And an alert for the same events. Just like Windows XP. And that always really annoyed me because I *KNOW* when I've just inserted or removed USB storage devices... I don't need to be told about it.

In fact, Gnome is really bloody annoying. I'm trying to like it. It is at least a bit more configurable than Unity was, but good luck with quickly cobbling a little extension to do something simple because there's next to no documentation for any of it. Plus most of the extensions that do exist, don't work quite right! (Prolly because of lack of docs?! I dunno!).

You've made me rant now. Rant-end! :D

Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved

Peter X

Thunderbird

I could be wrong, but I believe Thunderbird 60 now has improved RSS handling... or something. (googles).

Okay, there's mention of Thunderbird and RSS here[1], but absolutely no mention of it in Mozilla's own "What's new in Thunderbird 60"[2] blog post. So not much love from Mozilla. :(

On a separate note, can I no longer include HTML links in el-Reg comments?!!

[1] https://www.omgubuntu.co.uk/2018/08/thunderbird-60-release-features

[2] https://blog.mozilla.org/thunderbird/2018/08/whats-new-in-thunderbird-60/

Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

Peter X

Re: "using people's cellphone numbers, provided for 2FA to target them with adverts"

Another article explaining the same "Shadow Profile" thing:

https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051

In case anyone isn't aware (I wasn't), where you might expect FB to allow advertisers to target people by obvious data like location, age, gender and things like "interests", they also allow advertisers to target users by their email address or phone numbers. Which means that advertising can be super-targeted... a clothes shop can target their own customers via FB with advertising in the full knowledge of what they've previously purchased.

And like that isn't bad enough, the information that is used for targeting includes phone numbers that are supposedly only used for two-factor authentication.

Aaand if that isn't bad enough, it can include contact details that they've skimmed from your FB-friends who have allowed FB access to their contacts.

All this stuff is part of a "shadow profile" and they won't tell you about that or let you download it.

This might be obvious to others, but personally, whilst I'd guessed they would build a profile that would place users in broadish categories for interests and perhaps infer a bit more data from that, I didn't know advertisers could target people so specifically. Which is really terrifying when you consider political campaigns.

Plusnet customers peeped others' deets during system upgrade

Peter X

...shortly followed by another "routine maintenance" alert

So about that "routine maintenance".

Oh and:

it had identified a "handful" of accounts that showed "incorrect information", which included the wrong name and address

is never a good sign is it? So can we assume that *everyone* was affected then? I mean, one of the quoted tweets was from an ex-customer of theirs so... technically it's possible they've screwed things up for even more people than their entire customer base. I'm not saying they have, but the "Straight from the PR departments arse" comments are so utterly unconvincing as to make me question why they even bother.

London's Gatwick Airport flies back to the future as screens fail

Peter X

Re: 4G

NEC can supply Raspberry Pi equipped displays... honestly, I'm pretty sure a particularly sharp 9 year old child could've probably manage to set something workable up and running.

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks

Peter X

Disable "allow_url_fopen"?

So another case for disabling "allow_url_fopen"?

And on a related note, it is **utterly ridiculous** that the PHP developers add features that extend the functionality of existing functions without requiring them to be explicitly enabled. Even the default Debian PHP production options are far too liberal for my liking.

/me adjusts my evil sysadmin hat for comfort.

It walks, it talks, it falls over a bit. Windows 10 is three years old

Peter X

Cost

Do they still charge for Windows, or is it free yet? Because, presumably that will happen at some point?!

The butterfly defect: MacBook keys wrecked by single grain of sand

Peter X

Re: black LED

I was going to try to explain a sketch with Paul Whitehouse painting light bulbs black... however I couldn't remember it, but the whole sketch (and indeed this comment) is wildly off-topic anyway.

But it's Friday and it's a funny sketch: https://youtu.be/86uuxCzNOI0

The light-bulb bit is just before the 2 minute mark but you're better watching from the start.

BEER TIME!

What can you do when the pup of programming becomes the black dog of burnout? Dude, leave

Peter X

Re: Make time for yourself - Don't go above and beyond

(and Register upvotes).

You take that back! RIGHT NOW! :D

unless you're working for TSB

I think that particular case is better covered by the "just quit" idea.

1,300 customers of Brit bank TSB defrauded due to botched IT migration

Peter X

How?

Can anyone explain how any organisation, but especially a bank, can so comprehensively cock up a system migration?

Surely they must have tested this? Isn't the system they were moving to already in use by the Spanish parent company? And on their list of contingencies, surely at the very end it said something like "...and lastly, Plan-Z, if it looks like we really can't get the migration working in a reasonable time-frame, we migrate *back* to the Lloyds system"

It's so ridiculously bad it's like they have no IT staff at all. It's like they just asked, I dunno, the cleaning staff it they knew about computers and if they could do it. And they said no. But they asked them to do it anyway.

How? How? How? I really can't wrap my head around that simple question!!

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

Peter X

The old bramble covered shed analogy

Pretty sure I could've used that very same analogy. Except, the old bramble covered shed would've represented board, and why companies should "prune" execs that fail to understand how their business actually operates.

Whois? Whowas. So what's next for ICANN and its vast database of domain-name owners?

Peter X

Re: Rejected one year moratorium oddly similar to 12 months they say they need to devise a new model

I think something has changed.

I believe previously they were hiding contact details if the domain was registered to an individual but not if registered to a company or organisation. But I registered a bunch of domains prior to them bringing in that rule, and so they didn't know and seemed to decide randomly if a domain was personal or not... and there was never a clear way to fix it either.

So I'm glad GDPR is here to fix that. :D

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

Peter X

Checklist at the ready...

[ x ] ...we take the security of our customers very seriously...

[ x ] ...an industry-wide problem that affects all ISPs...

[ x ] ...we're just here to make money and do as little as possible!

The harbingers of Doomwatch: Quist is quite the quasi-Quatermass

Peter X

Re: God!!!!

...this really makes me feel my age.

Yeah... EXE magazine. I've still got a stack of them!

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Peter X

I've said it before...

...more bugs than bytes!

What most people think it looks like when you change router's admin password, apparently

Peter X
Stop

Re: FUD

It probably wouldn't be very difficult to craft some Javascript to poll the usual router IPs, brute force the IP, open the admin interface on the WAN side, and log it somewhere for a hacker to access.

If they then uploaded modified firmware then you'd never be able to fix it either. It could then route (say) common bank domains through a remote proxy to capture password.*

* This bit would be beyond me personally, but I suspect a fake site with a LetsEncrypt cert, would be sufficient to fool the aforementioned 82%. The firmware upload might be hard on recent ISP routers also but maybe just changing the nameservers would be enough to redirect certain traffic.

My point is, I don't think this should be written off a FUD.

Boeing ships its 10,000th 737

Peter X

Re: A milestone, surely

A320 - 4241 out of 4835

I seem to recall reading something about some hooligan landing one of them in the Hudson river? Or is that one back in service? ;-)

Keep Calm and Carillion: Outsourcers seek image rebrand after UK construction firm crash

Peter X

Re: No ideas what to do?

Launch an advertising campaign!

This. And we know who will end up paying for said campaign too.

Mum? Dad? Can I have a 3D XPoint disk for my birthday?

Peter X

Instead of RAM

When we first heard mention of XPoint, the obvious market was in high-IO environments. But there was also mention of the idea of using this stuff in low-end hardware to replace the typical RAM + Flash.

I suspect the price is still too high for that to make sense right now, but who knows. Is that still a likely thing?

10 PRINT "ZX81 at 37" 20 GOTO 10

Peter X

Re: The best thing about the ZX81...

The cover art for both, but (IMHO) the Spectrum in particular, was great as well.

(google image search for "zx spectrum manual cover art")

CSS and Javascript on GOV.UK page take early Christmas holiday

Peter X

Companies House issues too?

I had problems with the Companies House website earlier this week; specifically, the main site would work, but trying to login to actually do stuff, it seemed to get stuck not being able to resolve "ewf.companieshouse.gov.uk"... but it was *very* intermittent. In the end I had to stuff the IP I did manage to obtain into my hosts file.

The odd thing is, all companieshouse.gov.uk domains (that I've looked at) seem to have a 60 second TTL... which... you know, could've been a thing whilst they were trying to fix/migrate/mitigate some other thing. Maybe? But that was a few days ago (Monday 18th) and today, Thursday 21st, it's still like that.

But maybe they have a good reason, who knows!

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

Peter X

Blame

Surely building a computer where software can perma-screw it up is the problem?

I mean, we _could_ blame Canonical for not testing it (or possibly using code not ready for release), or Intel for writing that code in the first place, but I can't help thinking that having the ability to re-write firmware *WITHOUT* any method to restore said firmware back to factory default/known-good-state is... well... shit.

I think if anyone should be sued, it should be Lenovo (and any other affected manufacturers), and they in turn may sue Intel because it's probably Intels fault. Some how.

YouTuber cements head inside microwave oven

Peter X
FAIL

Response to BBC reporter

A response is here. To quote the end part...

"

Reporter: There are some people who've seen what you've done and think, "what a complete idiot. You're time wasting for the fire service". What would you say to those people?

Jay Swingler: I don't care! Like. There... what about people who drink and drive? What about people who drink and start fights in the street at night? Is that not wasting police time as well?

In fact I wasn't wasting their time. They saved my life.

"

It's a compelling argument! Although, not wishing to pick nits, but no one ever said he was wasting _police_ time, since they weren't called. But otherwise, a rock solid square lump of an argument.

Honestly, when I heard about that flat-earther launching himself in a rocket to prove the Earth's flatness the other week, I did not think someone would out stupid him so soon.

And re people arguing about various dangerous things other people get up to, such as riding motorcycles fast, etc, they do at least have a "fun" factor to them. Ride bike crazy fast... dangerous... but you can see the fun and excitement.

Stick head in bag in cement in broken microwave. Wait for it to set. Nope... call me old fashioned, but I'm really not seeing how that works for anyone, although I'm possibly more troubled that this clown has a YouTube channel and presumably people watch it? Why? Exactly how dull does your life need to be that looking at that would be worthwhile?

Grumpy grump. Lawn etc etc.

AI researcher pulls best Blue Steel in Yves Saint Laurent fragrance ad

Peter X

Hang on... so, you're saying that working in IT is cool now? So cool that "sexy" brands actively try to identify with jobs in IT?!!

Seriously, this is a total game-changer. Can I finally apply for a job at Reynholm Industries?

Also, is this the harbinger of an approaching apocalypse?

Pro tip: You can log into macOS High Sierra as root with no password

Peter X

Re: Not all installs of High Sierra are affected

...only 1 out of the 12 has a blank root password. I have reset the root password on all devices anyway however, I am struggling to see why only 1 of the 12 has this condition? Any thoughts other than someone else reset the password?

Total guess, but perhaps if you've upgraded the OS then you'd have a root password set previously, whereas a fresh install fails because of a bug in the new installer?

At risk of #whataboutism, there was an issue with Ubuntu way way way back, where the installer stored the root password in a temporary file and then failed to delete it after install. Leaving it world-readable. That, from a technical standpoint, was similarly embarrassing!

To be fair, it was fixed quickly. And Canonical's entire annual development budget was probably a pittance compared with Apple. But embarrassing bugs are embarrassing. And for some reason I always remember those ones.

Heh... in many ways, far far worse! ;-)

SurfaceBook 2 battery drains even when plugged in

Peter X

Re: Remember back when Apple did the same thing?

My old MacBook 3,1 will run the CPU (Core2 Duo) at half clock speed if used without it's battery. I don't know why this is, but my suspicion is that the PSU is unable to supply enough juice if the CPU is running full-tilt and presumably relies on the battery to pick up the slack in those instances.

Roaming charges drop smacks O2 daddy Telefonica in the profits

Peter X

Re: Correction

"Chief reckons biz did well despite 'negative impact' of EU regs"

Maybe this was because they basically didn't deliver the expected service: O2 admits to throttling network bandwidth for EU data roamers

...so yeah, that'll help. And also brazenly patting him|her self on the back for it too. Profit, profit, profit... and screw the customers.

Samsung to let proper Linux distros run on Galaxy smartmobes

Peter X

Slight tangent: compute module!

Slightly off topic here, but DeX was mentioned so...

The whole idea of using just one phone to fit my entire computing needs just seems a bit pointless given that computers aren't really all that expensive?

Surely the reason high-end mobile phones are expensive is largely down to the R&D costs of squeezing lots of high-performance components into a ridiculously small package and then optimising the software to switch most of it off most of the time in order to save power.

It's clever, and brilliant... but I don't feel any great need to only have one CPU/data-storage device. That only really makes sense if you're trying to sell expensive phones and can try to justify the cost by saying "yeah, but you can also use it as a computer", like some how that makes up for it.

The down-side is I'm going to be even more screwed if I lose/break my phone because now I can't even use my computer!

However, what I *do* want is the SoC from one of these high-end phones, in a box, with high-bandwidth ports available. So imagine a Samsung Pi (for want of a better name); it would have a high-performance SoC, but with a heat sink on it so it can run in Full-Beanz mode for sustained periods. It would have display-port and USB-C for decent bandwidth peripheral connection. It would have at least SATA 3 for SSD connection.

And then I can buy that *AND* a phone!

What's in it for Samsung? Well, if I can run Linux on something like that, then really that can happily be my regular desktop (I don't personally need Windows apps), and so presumably lots of other devs/nerds would think like-wise. And that would likely mean people would actually develop specifically for that platform.

... So pretend I'm from Samsung and I'm taking orders; who's in?

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Peter X

Why are the details of 700,000 non-US "customers" included in along with test data?

They said some was duplicate and some test data, so at a guess, there was a "test" DB that was a duplicate of a production DB that they used for testing with. So that's all fine then! :D

Mozilla whips out Rusty new Firefox Quantum (and that's a good thing)

Peter X

Raspbian builds?

Are there builds for Raspbian available? The "uses less memory" thing might be useful on the Raspberry Pi as that's where Chromium can be a bit painful.

Pretend Python packages prey on poor typing

Peter X

Re: This should be easy to detect.

Cool!

So, Levensthien Distance you say? ;)

Google puts the last coat of polish on Chrome 61

Peter X
Happy

Web Share API

The Web Share stuff seems like a good idea, but I can't help wondering if the likes of Facebook and Twitter will really be happy with *not* having their code embedded on loads of websites and therefore no longer being able to glean meta-data about where their users browse?

Wasn't some company recently accused of tracking users on third-party sites even after they'd logged out?

Also re the WebUSB stuff... it'll be fine! Seriously you guys are worrying about nothing. It won't do anything without confirmation, and it means you can update some kit without needing to install Windows *just* to do that. It may be exploited, but outside of a bug in the implementation, I can't see it being more exploitable than downloading *.exe files.

Microsoft, Red Hat in cross-platform container and .Net cuddle

Peter X

Partnering with the beast

I appreciate MS isn't quite the same as MS of old, and I do understand this might well be good for both parties and customers alike. But historically, partnering with MS hasn't turned out well for the partner that isn't MS... so I'm wondering what Redhat hope will come out of this?

Or is it Redhat shareholders hoping that eventually Redhat will be bought out?

Or maybe I'm just being cynical?! :D

UK mobile number porting creaks: Arcane system shows its age

Peter X

You managed to speak to "the wise one"?!!

To give Three some credit, once we’d found someone senior enough she was genuinely interested in the problem, took ownership and got it sorted

The only way I can think you could speak to someone who actually knows stuff is... SHIBBOLEET! Am I right?

Also, is this a problem that could be solved by DNS?

Brit neural net pioneer just revolutionised speech recognition all over again

Peter X

Re: It's the complexity we need

<quote>I remember learning that Gaelic didn't have words for the same colours as English, they had ones for blue-greens and grey-blues that we don't have.</quote>

I seem to recall seeing a programme on TV in the last... year or three... about somewhere foreign* (even more exotic that Scotland), where they also had names for colours that we* would consider mere shades. To their way of thinking, those colours were utterly distinct. The opposite was also true, so (I can't remember the colours in question) there was this funny thing where they'd ask them to spot the difference between one colour and another, and they honestly struggled.

So it's interesting how language affects how individuals perceive the world. It's also probably a reason why I *should* learn at least one other language... I won't though! ;-)

* For context, I'm from England, don't speak anything but English, and anywhere outside the British Isles *is* both foreign, and probably exotic to my mind! :D

NASA flies plane through Earthly shadow of Kuiper Belt object

Peter X
Coat

MU Year Party*

"At least until January 1st 2019, when New Horizons arrives at 2014 MU69."

Awww... it'll just miss the MU69 New Year celebrations, which according to Trip Adviser, are out of this wor... not to be missed.

* apologies for the pun

Bonkers call to boycott Raspberry Pi Foundation over 'gay agenda'

Peter X

Wind up

Someone should tell him that internally all the 1's are 0's and the 0's are 1's. Bet that'd really annoy him! :D

Shock: NASA denies secret child sex slave cannibal colony on Mars

Peter X

Ark B

Can someone just build "Ark B" now please? And send Robert David Steele a ticket... make him "Captain" if it helps!!

Ex-MI5 boss: People ask, why didn't you follow all these people ... on your radar?

Peter X

Re: Not the Internet?

@LeahroyNake

I don't believe the printer includes the date, time or location.

Apparently, these days, they do... :-O (as well as serial no.)

slashdot.org (how a few yellow dots burned the intercepts nsa leaker)

I've linked slashdot simply because there's a bunch of links to useful articles from there.

Wannacry: Everything you still need to know because there were so many unanswered Qs

Peter X

It's possible the eejit probing, wasn't actually probing themselves*, but had been owned by malware and that was doing the probing.

* Nope. Stop that.

Page:

Biting the hand that feeds IT © 1998–2018