* Posts by Dr Dan Holdsworth

482 posts • joined 16 May 2008

Page:

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?

Dr Dan Holdsworth
FAIL

Re: One would have throught...

One would have thought that after so many repetitions, the UK government would have learned not to try to impose spyware onto people. Especially not battery-draining spyware which has a possible future downside to installing it.

Oh well, seems they just have to learn the same lessons over and over again.

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

Dr Dan Holdsworth
Boffin

Re: Is this just just another example of the UK wanting to steer it's own course?

No, the situation is not different at all. In both countries you have an infectious virus that spreads through close contact with infected individuals, and the infected individuals can spread virus before clinical symptoms of disease.

The circumstances of transmission are identical.

Therefore, the contact-tracing system needs to be very similar as well.

Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more

Dr Dan Holdsworth
FAIL

Comedy time in a little while

In a year or so, the Starlink satellite broadband will be live, and based out of a non-UK country. I'll be watching with interest the negotiations between our government and Elon Musk regarding monitoring back-doors.

Facebook sort-of blocks anti-quarantine events – how many folks are actually behind these 'massive' protests online?

Dr Dan Holdsworth
Boffin

Re: Factually incorrect

The virus enters cells using the ACE2 receptor, of which men have more than women. Levels of ACE2 receptors vary genetically, and it seems that persons of Asian or African descent have more ACE2 than do the Western Europeans; probably just founder effect more than anything else.

Once in cells, the virus as a side effect of its reproduction causes blood problems. These are exacerbated by conditions like diabetes, high blood pressure and so on (which these BAME minorities suffer from more than do Western Europeans).

Finally, there is a weird oddity whereby nicotine seems to decrease the numbers of ACE2 receptors. Smoking, the primary nicotine administration route, causes circulatory issues so ex-smokers may be less prone to complications from the virus, and active smokers more prone.

So how do the coronavirus smartphone tracking apps actually work and should you download one to help?

Dr Dan Holdsworth
Boffin

Re: Good for data-less phone plans

If you can make a watch or other timepiece, with an e-ink display to reduce power consumption and a Bluetooth proximity detector as described, then this would likely be the most acceptable form of location tag.

It would first of all be useful, so people would have more reason to carry it. It should not have wifi, but should have induction charging. Limit the storage capacity to, say, 30 days max but set a software limit to 14 days initially, and give no way to access the data other than Bluetooth via an authorised (by cryptographic key) Bluetooth station or electrical contacts actually on the device its self.

In other words, you want a tag that is useful and does only the minimum that you want it to do and no more. Possibly a time-signal receiver as well, but definitely no WiFi system.

Finally, make the devices freely available and explicitly permit people to dismantle them, complete with schematics and tamper-evident seals, to see what is inside.

BOFH: Here he comes, all wide-eyed with the boundless optimism of youth. He is me, 30 years ago... what to do?

Dr Dan Holdsworth
Pirate

Re: I can relate to this

I've leapfrogged the nicotine addiction and gone straight to an SSRI, by way of propranolol (which didn't work). I dare say I ought to also explore the misty recesses of vapour-delivered cannabindiol as well as nicotine, just to be on the safe side.

You'll never select all and mark as read again after this tale of peril... Oh, who are we kidding? Of course you will

Dr Dan Holdsworth
FAIL

Re: Takes me back

Far, far back in the mists of time I was a humble PhD student in a certain exceedingly old research station in Hertfordshire and, one night having signed into the buildings I was going to be working in, went perambulating from Entomology/Nematology over the road to Insecticides/Fungicides.

I let myself in via the outside door, locked but the general key did the trick, and stepped forwards into the dark corridor. I took perhaps three steps, then the next one simply wasn't there.

It was an open manhole, and I was lucky to have been striding forwards, since I fell over the thing and could scramble out again. This I did, and forgot all about whatever research I was doing and merely reported back to Security, reported the accident and handed in my key.

Next morning, instant bollocking from Head of Department. It seemed that Security had quietly doctored the sign-in records so I didn't look to have signed into the second building, thus in their tiny minds making it my fault that I fell down a hole, not theirs for not having barriers up and the door deadlocked.

Call us immediately if your child uses Kali Linux, squawks West Mids Police

Dr Dan Holdsworth
Joke

Re: When I was young...

It's this internet thing, it is simply deadly to everything!

https://folk.uio.no/joakimt/tull/cake.html

Parks and recreation escalate efforts to take back control of field terrorised by thug geese

Dr Dan Holdsworth
Pirate

Re: Funny...

Birds like wild geese are typically very frightened of weird, fast-moving unidentified things, and a spot of laser light from a nice bright green laser looks to birds like an extremely dodgy thing, especially when the laser is waved around in a threatening way.

Effectively all you need is a fairly persistent and childish individual with a laser to frighten geese all day long, until they get fed up of being tormented and depart for somewhere else.

Game over, LAN, game over! Windows software nasty Emotet spotted spreading via brute-forced Wi-Fi networks

Dr Dan Holdsworth

Re: How long would it take

So rent an office on the tower block next door, and use a directional antenna to hack their wifi directly. Odds are they'll have very vulnerable wifi "because nobody can ever get an attacking device close enough to be harmful".

Even if this isn't possible, a wifi pineapple mounted on a drone would do the same thing, only more expensively. Once you've broken their security (if you even have to break anything), you use the drone as a relay station to attack that network.

Simples...

He’s a pain in the ASCII to everybody. Now please acquit my sysadmin client over these CIA Vault 7 leaking charges

Dr Dan Holdsworth
WTF?

I rather think that a large amount of hand-waving and systematic bullshit will be used to try to baffle the jury into accepting the prosecution view of things.

Were I in charge of setting up a system to hold secrets, I would make very sure that the security of the system was based around centralised tokens and preferably several separated central token-issuing servers to get into any particular secure vault. I would also try my best to ensure that as little as possible was kept on the client machines as possible, using encrypted network filesystems and encrypted local disks. Thus when I lock out a client, I simply void all their central tokens and force them to re-authenticate to get back in, and with a lower security clearance they aren't going to get at very much. With next to nothing stored on the client machine stealing data is going to be challenging.

The CIA are trying to imply that far from being a masterful agency of computer security experts, they are actually really quite stunningly stupid, and rely on client-side authentication to control access. Furthermore, their client-side tokens don't seem to be time-stamped thus when the accused rolled back his workstation to an earlier version, the changed timestamp on the authentication tokens wasn't noticed! The CIA argument may well be on the lines of "Yes, our security sucks and we trusted a man we shouldn't have trusted, and we may have accused the wrong man, but we're the good guys so trust everything we say whilst we frame this possibly-innocent but very unlovable man".

It will therefore be rather interesting to see how this one pans out; I doubt that the CIA will come out of this one smelling entirely of roses.

At last, the fix no one asked for: Portable home directories merged into systemd

Dr Dan Holdsworth
Boffin

Re: Jeez

Really, it should be renamed "Sacculina" in recognition of what it is doing.

https://en.wikipedia.org/wiki/Sacculina

Elon Musk shows world that he is truly awful at something

Dr Dan Holdsworth
Stop

You could always get Richard Stallman to do some backing vocals, I hear he quite likes singing...

CES la vie: Shrunken Ultrabooks, muted mobiles and Segway's adult prams at world's biggest consumer tech show

Dr Dan Holdsworth
FAIL

Re: The user signals Ballie and it rolls towards him

OK, so the Ballie is a ball-shaped robot with a camera at floor level, looking up. Now, imagine the view it will get if it encounters, say, a Scotsman wearing a kilt in traditional fashion?

No, that isn't an image I'd want broadcasting to the world either.

Basically this thing is a sexual harassment offense waiting to happen. What on earth were Samsung thinking of?

Having trouble finding a job in your 40s? Study shows some bosses like job applicants... up until they see dates of birth

Dr Dan Holdsworth
FAIL

Re: HR is the problem

They get the donkey work of filtering the hundred-odd CVs that most tech jobs attract to weed out the absolute no-hoper candidates. The problem is that HR, whilst trying their best, aren't much good at this and don't quite know how to tell the difference between a crap CV from a superstar and that of an idiot.

The result is that to get to the hiring stage, you have to pass the not-very-good filter system.

The silence of the racks is deafening, production gear has gone dark – so which wire do we cut?

Dr Dan Holdsworth
Pirate

Re: When your stomach sinks to your shoes

There are worse things than noisy AC and silent racks. One of these is silent AC and noisy racks, because the blissful silence of the lack of AC is very soon punctuated by screams of panic and the sound of big unix kit being emergency shut down.

Yes, this happened at a site I know of. It is quite an old centre for computing excellence, which once produced a book on why outsourcing was a bad idea right at the same time as an outsourcing attempt was going wrong...

IT contractor has £240k bill torn up after IR35 win against UK taxman

Dr Dan Holdsworth
WTF?

Re: They once claimed...

They have been complicit with the Government in producing the largest tax code in the developed world. The end effect here is that neither HMRC nor the contractors nor anyone else actually understands all of the tax code.

Hell hath GNOME fury: Linux desktop org swings ax at patent troll's infringement claim

Dr Dan Holdsworth
Joke

I do believe our very own BOFH had something to say on a topic very like this one:

https://www.theregister.co.uk/2004/03/09/bofh_protecting_bodily_waste/

The safest place to save your files is somewhere nobody will ever look

Dr Dan Holdsworth
Black Helicopters

Reminds me of a tale of espionage

Way back in the days of the Cold War, it was well known to absolutely everyone who mattered that Soviet soldiers were amazingly tough individuals who positively thrived on not having any luxuries whatsoever. As a result of this knowledge, the Soviet forces on exercise in various Eastern Bloc countries would sally forth unequipped with any form of toilet paper.

The actual forces themselves, however, were actually quite used to the concept of toilet paper and of wiping one's backside on completing one's business in the privy and bitterly disliked this paperless policy. As a result they got into the habit of using any old waste paper they could get their hands on, and this tended to include even quite highly classified military documents. Digging into an old latrine pit one day, someone with connections to Western intelligence noticed the abundance of printed pages and forwarded them, suitably decontaminated, to a spying organisation.

Thus were born a couple of the worst Cold War jobs in history: dunnykin diving for documents, and processing said treasures to produce a readable output cleaned of the *other* output which could be photocopied and sent off to Western spooks.

BOFH: We must... have... beer! Only... cure... for... electromagnetic fields

Dr Dan Holdsworth
Boffin

Re: solution

Statistical testing of people claiming to be electrosensitive demonstrated conclusively that whilst they were not able to tell if a completely blank wifi access point was powered up or not, they did start getting strange headaches whenever the blinkenlights were on...

The top three attributes for getting injured on e-scooters? Having no helmet, being drunk or drugged, oddly enough

Dr Dan Holdsworth
Boffin

Re: That's all very well....

If you're cycling, then a few factors do tremendously improve your chances of not getting hurt. Wearing bright and reflective clothing, preferably clothing made to the relevant UK/EU visibility standards (as opposed to what some cycle clothing designer thinks looks good) means that motorists can see you from a long way back. A daylight-rated rear light also helps immensely; these are bright and have an irregular flash pattern to catch motorists' attention.

Not riding like an idiot, not riding up the inside of traffic queues, and not undertaking traffic when it is waiting at lights is also most effective; you're aiming to be seen and not to be annoying. Do that and motorists will be a lot more polite, and politeness all round helps immensely. Where big vehicles are concerned, stay away from them.

Dr Dan Holdsworth
WTF?

Re: Scooter stoopid

For years, the cycling and mountain biking world has been grappling with the knotty problem of rough tracks and wheels, and the tendency of front wheels to vanish into pot-holes, stop and send the rider flying. There is even a joke club for those thus affected: The Over-The-Bars Club or OTBC, and pretty much every cyclist is a member.

The smaller the wheel, the greater the risk of a pothole-induced dismount. This is why mountain bikes started out at 26" and are currently around 29" or even more on e-MTBs. This is also why road cycles use wheels around the 27" size, and why only the craziest of folding bike users go below 18"; the smaller the wheel, the more dangerous the bike.

Scooters have wheels around 6" in diameter. They are death-traps, and this is why.

I couldn't possibly tell you the computer's ID over the phone, I've been on A Course™

Dr Dan Holdsworth
FAIL

Demotivation

Way back in the mists of time, I was working for an ISP which was essentially just a tax fiddle for a certain (now defunct) large PC seller. Every few days, a database transfer from the PC seller's systems went into the ISP database, and a Perl script of mine ran to try and pull out the details of any user daft enough to hand over their phone number to the box-shifter, and discerning enough not to sign up with the ISP.

These poor people would then get a phone call from the box-shifter asking why they hadn't signed up with the lovely ISP, and wouldn't they like a free month's service or something? This all worked very well, until disaster struck: my script spat out the name and phone number of someone who was vaguely related to the owners of both companies.

The result: I get a bollocking because apparently my script is supposed to be psychic and not do such terrible things as this, despite my not knowing any names or addresses that I ought to have been avoiding. Pointing this out was hopeless; a bollocking had been ordered, therefore I had to receive a bollocking and no, I was not to get an avoid-list to prevent future trouble. Discarding a certain common Asian forename would have done the job, but being where this company was this would have dropped the number of victims down to a trickle.

I left the company soon after this, and was most amused to later hear of their going bust; they bloody well deserved to go bust for being such an unremittingly grim load of arseholes!

Police costs for Gatwick drone fiasco double to nearly £900k – and still no one's been charged

Dr Dan Holdsworth
Black Helicopters

The investigation is now dead, and should be stopped immediately. Airport CCTV didn't spot any drones. Airport plane spotters didn't spot any drones. Myriads of tourists with smartphone cameras didn't spot any drones, nor even any flies photographed very close up. Hundreds of highly motivated amateurs and paparazzi with state of the art cameras and very high motivation to photograph drones didn't see any. We haven't even had any enterprising teenager with a mini-drone flying it with the airport in the background trying to claim footage.

Lots and lots of very good witnesses equipped with amazingly good kit and with very strong motivation to get a shot of a drone, and nobody spots a bloody thing.

There weren't any drones.

It was all mass hysteria, on the lines of African "penis theft" panics and the like.

Dr Dan Holdsworth
Black Helicopters

Re: Millions

To be honest, it is difficult to see why the UK police and UK taxpayer should be doing anything other than trying to diplomatically light a fire under the Portuguese police force. The disappearance happened under the jurisdiction of Portugal, and international convention is that each country's police force is responsible for each jurisdiction. So, prod them but it ain't any business of UK plod.

Side-splitting bulging batts, borked Wi-Fi... So, how's that Surface slab working out for you?

Dr Dan Holdsworth
WTF?

Re: 1 year warranty? I don't think so...

If you're going to buy kit for work use, then there are two routes you can go. Firstly, you buy really good stuff that can be expected to last for ages, like Apple kit used to do (but doesn't any more), or you buy the cheapest stuff you can find that will still do the job intended, in the expectation of a horrendously high failure rate.

Chrome books fall into the latter category, with the added benefit that they have very little user-side storage on board, thus the users have little scope for filling them full of valuable data which they can then lose (forcing the secure encryption of mobile devices is an on-going but necessary headache for us techies).

What you don't want is expensive kit that falls into semi-disposable chrome book territory. The Sale of Goods Act and similar consumer protection laws were designed to cover this sort of thing, so the retailers can expect to be on the receiving end of legal action from customers if this sort of thing carries on (under UK and EU law, the company the customer bought the goods from is liable for sorting out the problems; doesn't matter if they consistently whinge that this is the manufacturer's fault, they have the legal responsibility for sorting out faulty goods sold to customers).

New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption

Dr Dan Holdsworth
Thumb Down

The Home Office has the reputation of being something analogous to the tar-pit of the Civil Service, where the terminally thick are sent to languish until retirement if they cannot be sacked. Thus we have this repeated series of attempts to make the laws of humans triumph over the laws of physics and mathematics.

Once more the same points will have to be made: strong encryption methods exist already in the wild and people know what they are and how to use time. Unbreakable encryption such as one-time pads also exist, and people know that these are unbreakable if used correctly (and thanks to innumerable Cold War spy dramas, everybody knows how to use one-time pads; the clue is in the name).

So, if you try to insert holes into encryption products, people will simply layer more encryption over the top of the leaky product and defeat you.

Meet ELIoT – the EU project that wants to commercialize Internet-over-lightbulb

Dr Dan Holdsworth
Boffin

Re: 'Unlightly' to happen.

Actually, we're steadily heading in this direction already. 2.4 GHz wifi penetrates walls quite well, 5 GHz has better bandwidth but much less range, and 5G mobile telephone signals are even higher frequency and penetrate solid objects even less well.

Skipping a section of the EM spectrum and moving on to near infrared or visible spectrum is just a logical next step, which would once again increase the possible bandwidth and would allow/force more transceivers to be put in close proximity.

Sleeping Tesla driver wonders why his car ploughed into 11 traffic cones on a motorway

Dr Dan Holdsworth

Re: Not-an-Autopilot

I strongly distrust technology like this, mostly because I have encountered Nissan's take on this and have found it to be an utter pain in the bum.

Nissan cars have a millimetre radar unit hiding behind the logo panel. This millimeter wave is supposed to detect obstacles in the road ahead, but the defective unit my car was supplied with (now replaced under warranty) detected a whole lot more than that. Road signs, for instance, were thought by it to be deadly obstacles worthy of jamming the brakes on to avoid, which doesn't half wake the tailgating driver behind you up.

The replacement unit is fully working, or as working as this wretched abomination ever can be. The radar is absorbed by water, so a rainy evening or even slight sleet will render this autonomous braking unusable (the machine shows a warning that it has deactivated the autonomous braking system).

Worryingly, Nissan is now working on an even more sophisticated system, which also ropes in a camera into this mobile circus of a system (although Nissan's response to the diesel NOx problem is rather more robust now, and involves adblue).

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Dr Dan Holdsworth

Re: Technically Do-Able

It is actually easier to deal just with metadata than with content, given the number of bullshitting blowhards on the Internet. People tend to talk a load of complete crap on the Internet, so some silly billy busily ranting away at the evils of the current government and how everything is a conspiracy run by the Milk Marketing Board is not actually very much in demand by the security services.

What they would like to know about are people who know people who are on one side competent chemists, and on the other extremist religious sorts. That's a mix you don't want to encourage, unless they are playing with fluorides and fulminating oils in which case at some point you're going to be scooping up their remains with a brush and shovel after the decontamination people have finished.

Metadata is everything in the spying game, and has been so ever since the days of the Spanish Inquisition (who were remarkably modern in some respects, along with being thoroughly medieval god-bothering nutcases in others).

Fantastic Mr Fox? Not when he sh*ts on your lawn, kids' trampoline and your soul

Dr Dan Holdsworth
Mushroom

Re: RTFA

The original author is clearly a coward, a complete wuss and lacking in the knowledge of the more adventurous chemist. To get rid of things, fluoro-oxy-oxy-fluorine is clearly the best agent going, although a Heath-Robinson contrivance to mix hydrazine and hydrogen peroxide is probably the next best thing.

Dr Dan Holdsworth
Happy

Provided you use a firearm of suitably high muzzle energy, know where to aim and can hit what you aim at then shooting foxes is not illegal in the slightest, provided the shot does not leave your land and no other firearms laws are contravened.

In most urban settings, the best option is to get the foxes used to the idea that food is available, then put out traps baited with the same stuff, then humanely kill the trapped foxes somewhere where you do have permission to be using a firearm. You will end up killing an awful lot of foxes since the remainder will spread out their territories as members of the local population are killed, but eventually you'll mitigate the problem.

Man arrested over UK's Lancaster University data breach hack allegations

Dr Dan Holdsworth
Joke

Re: State sponsored ?

The line is actually "Baht aaht", and given the physiology of the average computer geek, this is actually more frightening still.

Dr Dan Holdsworth
Boffin

Re: How much of a "hack"

About time the old 2FA for login was rolled out, eh?

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

Dr Dan Holdsworth
FAIL

Re: Its not the algorithm....

If you are a terrorist and wish to further your cause, then you need to recruit followers. Recruiting followers by definition means talking to people whom you do not know, in an open and entirely clear-text sort of way. You have to have publicity, and it is this need for publicity that enables law enforcement to make a list of potential suspects.

Once you have identified a recruiter and started to analyse the terrorist network, you once again do not need to break their codes. It is nice if you can, but most of the time knowing who is talking to whom is much more use; this again does not need encryption compromise.

Finally, when you have a terrorist network identified, then you will have a network of cells who mostly don't know each other. The thing here is that you don't need to know what this lot are saying to further compromise them; repeatedly getting local law enforcement to pick up key figures and then let them go without charge very quickly is one good way of convincing the rest of the paranoids that their network is compromised and that these key figures are police stooges.

Mostly, you do not need to be able to break terrorist comms to disrupt their networks.

Dr Dan Holdsworth

Re: ...mechanisms that can be used by investigators...

I am reminded of a tale from way back in the 1960s, where a cafe frequented by many folks that the police and authorities greatly distrusted were wont to gather and talk. Whenever anyone got up to leave this cafe, the owner would step over, hand them a coin and a the cafe's phone number on a piece of paper and ask them to phone the cafe from a phonebox a long way away, any phonebox as long as it was not the same one all the time.

The patron would call the cafe, and be told that the riot was to be at such-and-such park on a set date.

The day of the riot came, and the police were all there, arrayed in their ranks with full firearms, TSG and air support. Hundreds and hundreds of them were there, waiting for the trouble. Also present was a very elderly man with an even more antiquated scottie dog.

The moral is this: if criminal know that a medium is mnitored as that phone was, they'll send false messages. The police appear to have forgotten this.

We don't mean to poo-poo this, but... The Internet of S**t has literally arrived thanks to Pampers smart diapers

Dr Dan Holdsworth
Joke

Re: Push Notifications?

I presume that all this data will be logged somewhere...

Experts: No need to worry about Europe's navigation sats going dark for days. Also: What the hell is going on with those satellites?!

Dr Dan Holdsworth
Boffin

Re: Seems to me that adoption of eLoRaN would be a better post brexit solution for the UK...

I once did roughly the same thing with potato plants in hydroponic baths, in the back of a Ford Fiesta together with a 12V compressor to aerate them. It didn't work very well.

I don't have to save my work, it's in The Cloud. But Microsoft really must fix this files issue

Dr Dan Holdsworth
Pirate

An exam is a test of intelligence, memory, knowledge and of course the ability to follow instructions. It is, basically, a filter to separate those who can from those who can't.

If the poor wee mites cannot follow simple instructions and fail the exam as a result of this, then the exam is working as designed.

Here's a great idea: Why don't we hardcode the same private key into all our smart home hubs?

Dr Dan Holdsworth
FAIL

Re: "smart home product manufacturing 101"

To be honest even manufacturers of old-fashioned mechanical locks can turn out some astonishingly crap devices. The American manufacturer Masterlock is the most famous of these; their padlocks are normally very robust against the standard "Ape with big hammer", but the moment said ape grows a brain and uses even a modicum of intelligence, their products often fail and fail badly. For instance, if one puts tension on some of their padlocks then taps gently and repeatedly with a hammer, the locking pawls creep open and the lock fails.

Masterlock locks are also noted for not using any of the many techniques available to frustrate bump key users and novice lock pickers. They have even included the classic "one key-like device opens everything" on some models, by leaving a bypass vulnerability open.

Like all the Internet of Things makers, they are relying on thieves being uncommon and generally spectacularly stupid, so even a little security will defeat them.

Will that old Vulcan's engines run? Bluebird jet boat team turn to Cold War bomber

Dr Dan Holdsworth

Re: Not British

The SR-71 engines were notorious amongst the pilots for being finicky, temperamental and downright difficult beasts to use. That was largely down to their complexity, since they had to function in a very wide range of conditions from sub-sonic right up to quite a high mach number (the exact details of which are classified). The basic problem they had to solve was how to deal with a supersonic airflow; they did it by slowing the air down to sub-sonic speeds and then speeding it up again inside the engine.

Smash GandCrab: Free tools released to decrypt files scrambled by notorious ransomware

Dr Dan Holdsworth
Pirate

Re: Why is this still a thing?

The basic problem is that Windows still has not got the appropriate balance between security and usability, and still doesn't have things like selinux set up as default on systems. Tricks such as nosuid and other switches and not letting email clients run things by default (or at all) can also go a very long way to making the life of the malware author really difficult.

The other way to stop ransomeware working is to chase the money. There are two sides to any extortion scam; the first and easiest part is actually setting up the scam and stinging the mark for their money. The hard part then is providing a plausible explanation for how you, Baldrick the unemployed nobody from nowheresville has suddenly become fabulously and incredibly rich. To this end I would personally be getting VERY interested in various dubious lotteries across the world, since a lottery is one of the better ways of laundering money.

Blighty's online pr0n gatekeepers are begging for a regulatory beating, says digital rights org

Dr Dan Holdsworth
FAIL

Re: nasty breaches ahoy

As the recent spate of "We know your password, pay us bitcoin or else" extortion scam emails demonstrate, the average internet extortionist does not actually need actual dirt to make a small profit. All such criminal vermin need is a vaguely plausible story to try to convince the marks that they are genuine.

So, picture this scheme a few months in. The Do-It-Yourselfer's Register now has a few hundred thousand people on it, most of whom are the dimmer sectors of society who don't know about VPNs. A story goes round about how this roster has been leaked, in part or toto. Given the reputation of UK civil servants for hamfisted incompetence and knuckle-dragging stupidity and subversion of sensible rules (encrypting data, and writing the password onto the encrypted disk), hardly anyone will believe assurances that this honeypot of data has not been leaked.

So off we go again with the extortion emails: "Greetings, $NAME, you do not know me but I know you, and I know that you have signed up to the one-handed-typists register. Pay me 25 magic beans (instructions on how to do so here) or I will tell everyone you know about your solitary exploits in front of the computer".

Now, I'll grant you that this is implausible on many levels, but extortion scammers play the averages. Send the message to enough people, and sooner or later you strike lucky.

'Cynical and bullying' TalkTalk hackerhacker getsgets 4 yearsyears behindbehind barsbars

Dr Dan Holdsworth
Devil

The problem is that whilst he may be skilled enough to get into various systems, he probably isn't all that much use at actually useful and marketable things. Hence the course assessors only wanting him on the lower skill level course.

Employing poacher-turned-gamekeeper people is always a risk. By the time you actually catch them, they've normally been doing naughty things for easily long enough to have gotten used to the inability of the authorities to catch them most of the time, and have grown deeply cynical about the long arm of the law. Thus you have this problem of how much you actually trust them.

Idle Computer Science skills are the Devil's playthings

Dr Dan Holdsworth
FAIL

Re: Friend did something similar

There used to be quite a few virus scanners that would try to open any zip file they came across. Cat /dev/zero | gzip > nasty.zip was a quick way to create the magic expanding zip file, which when the simple-minded virus scanner found it would crash the system after eating all of its memory.

In a similar sort of theme, the senior staff of a certain Yorkshire university discovered that they had a problem with pornography being emailed around the place, and insisted upon punishment for anyone receiving such filth by email.

Inside of oh, about five minutes, the entirety of the senior faculty were magically receiving both barrels of "rule 34" pornography; indescribable stuff that presumably someone somewhere likes, but which otherwise triggers gag and vomit reflexes whilst at the same time violating anti-porn rules in quite a staggering number of ways.

The rule was rescinded remarkably quickly, with quite a few senior academics forswearing off computers for life.

Dr Dan Holdsworth
Black Helicopters

Re: Hire immediately

To be honest, the list of potential trouble-makers was probably an informal one compiled by the local technicians very early in an undergraduate's career at a university. At the time I was at university in the early nineties, universities were not engaged in the current "bums on seats" education method and could thus afford to be choosy with their students.

Thus on the biological sciences course I was on, dissection practicals were introduced fairly early on, the better to identify and get rid of those nitwits who signed up to a zoology course without being prepared to work with dead animals (later on, when "Bums on Seats" was an overt policy, I did hear of zoology students objecting to being told to do dissections, and asking if instead someone else could do the actual dissection whilst they took notes. To his credit, the head of zoology simply said "No, do the practical or not, and if you don't you don't get a mark for it").

The duffers, the stupid, the incautious around sharp blades and hot things were rapidly identified in those early practicals and the informal list made up; subsequently this would determine career pathways for many an undergraduate.

I'll just clear down the database before break. What's the worst that could happen? It's a trial

Dr Dan Holdsworth
FAIL

Re: There needs to be something visible

No, you do NOT colour-code safe versus dangerous in the two colours most likely not to be recognised by the most common form of male colour blindness.

Yellow-orange versus blue-green is a much better pair of colours; at least then the colour blind have a sporting chance of not cocking things up (and, moreover, much less excuse).

Dr Dan Holdsworth
FAIL

Re: BTDTGTTS

I once managed to delete the only copy of the 40-day churn file of a particularly dubious (and now defunct) ISP whilst I was working there. Fortunately we had plenty of backups of the Radius logs, so these were run through the Perl script which generated the 40-day churn file, whilst I lurked somewhere else in deep disgrace.

Planes, fails and automobiles: Overseas callout saved by gentle thrust of server CD tray

Dr Dan Holdsworth

Re: This too was in the middle of nowhere in North Wales

No, North Wales may be the Land of the Gogs and notably short on good pubs, but it isn't the middle of nowhere. That honour goes to a very large area of mid-Wales known locally as the Green Desert, which is devoid of anything but green stuff, sheep and the occasional Welsh local (who, contrary to popular belief, are not overly-fond of sheep).

The Green Desert is literally mile upon mile of roughly vegetated nothing much. Stocking levels are about a quarter of a sheep per acre, if you can be bothered because if you let 'em out then sooner or later you have to find the sheep and fetch 'em back in again.

Dr Dan Holdsworth

Re: airport security

Years ago I was subjected to the hideously inconsistent security of Aintree Racecourse at the Grand National. I had paid for on-site parking and entry to the Tattersall's ring, though not unfortunately for a seat in a grandstand (Aintree are scalpers; everything they can make you pay for, you do). Knowing that the security would be paranoid, I had removed anything dubious or sharp from my person and from the car, or so I thought.

First contact with security was in the car park. Unsurprisingly they wanted to search the car. Look under bonnet: OK. Mirror under body: OK. Root round inside car: OK. Search boot and oh my goodness, clear evidence of terrorism, criminal tendencies, intent to detonate nuclear weapons and anything else they could think of!

They had found one shot 10M air rifle target.

Cue car being re-searched, and a grilling for me: "Where's the rifle?"

"At home, in a locked firearms cabinet fifty miles away."

"Are you sure?"

"Yes, the rifle is about five feet long, shiny black and silver, really bloody noticeable and NOT IN THE CAR. Would you perchance like to have another look round with the mirror onna stick?"

With much chuntering and bad grace I was then permitted to park up and enter the racecourse, although they did keep the target card.

As soon as I got to the main gate, more security. Knowing of old what Aintree is like in early spring, I was dressed for the occasion in winter woolies and my biggest, most insulating overcoat. Security take one look at me and my mother, and wave us straight past the metal detection arch and so on, and go back to meticulously searching twerps in off-the-peg suits and women in summer dresses (who would then go on to quaff anything alcoholic in an attempt to keep warm).

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020