* Posts by Dr Dan Holdsworth

410 posts • joined 16 May 2008


Visited the Grand Canyon since 2000? You'll have great photos – and maybe a teensy bit of unwanted radiation

Dr Dan Holdsworth Silver badge

Re: when he wore

A chap I know of, now a school teacher hence no names given, was always known as "Pants", owing to a vile yet extremely practical joke someone played on him involving some Deep Heat embrocation and a spare pair of his boxer shorts...

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

Dr Dan Holdsworth Silver badge

The only way is OATH

Basically, this only goes to confirm what the banks have known for ages: passwords are not a secure way to limit access to anything. To do it securely, you need:

An identifier

A secret

A physical token that you can verify possession of

Hence OATH protocol devices such as Google Authenticator; these are all devices that generate authorisation codes when asked to, and the authorisation code is verification that the intended user has possession of the code-generating device. Some banks even force the end user to remember a secret code to make the authorisation token spit out a code, for added secrecy.

If you do this, you make the stealing of password hashes pointless, since you also have to steal or otherwise access the OATH token generator. If you make the item to be stolen valueless then thieves will simply try something else.

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Dr Dan Holdsworth Silver badge

As ever, Simon Travaglia (who writes the BOFH column) is way ahead of you:


Dr Dan Holdsworth Silver badge

Re: Unintended consequences

That happened to the University of Hull (I think); they enacted a rule banning anything pornographic which was so broad that even pornography sent to a person's user account could get them banned via an automated process of some sort.

This rule was rapidly rescinded after several hundred students independently got hold of non-Uni email accounts and proceeded to bombard the senior staff with what can only be described as a quite bewilderingly wide variety of sexual imagery; a veritable pictorial proof of Rule 34.

Why on earth don't these lawmakers run their prospective laws past somewhere like, say, 4chan before they try enacting them?

Dr Dan Holdsworth Silver badge

Re: Goodbye Youtube?

This is how the yet-to-be-implemented anti-pornography law came to be implemented. Someone in the Civil Service asked for an excuse to snoop, and the politicians went and ran with it until they had a de-facto internet censorship law. The fact that nobody in their right mind will sign up to the Government Age Proof List and will instead get a VPN account is why quite a lot of spooks will even now be quietly crying into their beer.

Time was when VPNs were the province of business people, professional paranoids and a vanishingly small number of actually dangerous terrorists. Separating business from interesting was a relatively simple task.

Now that we've got a censorship law in place, the pool of VPNs goes wanker, wanker, wanker... and so ad infinitum; you don't make searching for a needle in a haystack easier by adding a few teratonnes of hay onto the stack. Here we have the reality of modern law-making; utterly ineffective at the stated aim, and massively counter-productive since it makes other necessary espionage so very much more difficult.

Pandas so useless they just look at delicious kid who fell into enclosure

Dr Dan Holdsworth Silver badge

Re: Get Informed

Pandas are going down the same sort of evolutionary path as the Ice Age cave bears did; they are becoming grazers. The thing with pandas is that they made the change relatively recently in evolutionary terms; they are still mostly anatomically omnivores with a preference for meat. In captivity they will happily eat meat and do quite well on it too.

To be honest, if we want pandas to survive as a species, we're going to have to do a spot of genetic engineering. Give them either a hindgut fermentation system such as horses and elephants use, or a foregut fermentation system like cows. If we really want to push the boat out, the gut structure of a koala with both a foregut fermentation system AND hindgut fermentation but with different bacteria in each area is the only way to go, although the other adaptations of koalas, namely a very reduced brain, might be a bit far to go.

Hungover this morning? Thought 'beer before wine and you'll be fine'? Boffins prove old adage just isn't true

Dr Dan Holdsworth Silver badge

Re: I can offer dissenting evidence

If you are using a drinking session to cozy up to the boss, always stand the first round. Sober memories are remembered when sober, drunk ones when drunk so this way, you will feature in said worthy's memories as that nice chap who was really generous with the first or second round.

Leave it to your less Machiavellian colleagues to be remembered as "That silly tit who can't take his beer and gets hopelessly piddled and acts like a drunken twerp at the slightest".

Dr Dan Holdsworth Silver badge

Re: Well someone's been on a heavy drinking session

To this I would add that if a friend says that he knows how to make some really lovely-tasting cocktails, and these then involve much pineapple juice then avoiding them at all costs would be a very sensible course of action. The memory of the morning after such a night has stayed with me for decades (the night before, not so much).

Whisky is one beverage to avoid drinking in any amount at all if you wish to avoid a hangover. Ethanol isn't the only thing which contributes to a hangover (although it is the main cause); various other higher alcohols and methanol are also strongly involved in causing hangovers. A gin distiller will, when distilling a batch of fermented wort to make alcohol, discard the low boiling point distillate and also the distillate which comes off at higher temperatures. By contrast, whisky distillers just chuck those back into the pot for another time around, relying on the maturation process to get rid of most of the nasties.

Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that

Dr Dan Holdsworth Silver badge

Re: The old Reply-ALL

Oh, but this can get even worse than that.

Picture a business conference in the early nineties where the attendees of one conference all have Apple Macs, complete with cameras and good video cameras (as opposed to the frankly stone age tech on Windows laptops of the time).

One female attendee decided that she really liked a different attendee, and that this "really liked" would best be discussed one to one in her hotel room. So, she sent a video invite to her intended guest, which included a video of her wearing just a towel, dropping the towel and giving what was later described in court as "a little shimmy"; the email subject was "Come to my room and this is what you'll get".

Unfortunately, the email somehow went to <company_all> and quite a large number of happily married techies got an entirely unexpected eyeful. The court case was essentially a result of that extremely American habit of airing one's dirty laundry (not that she was wearing any) in public, and consisted rather of a public slanging match with very high expenses.

The take-home message here is when using email, keep it formal, keep it polite and above all don't say anything that the other party, ANY other party, could possibly take the wrong way. Unless you happen to be Pressdram's lawyers and wish to inform a disgruntled businessman that the story in Private Eye checks out as true and that their threats will not be going anywhere much.

How I got horizontal with a gimp and untangled his cables

Dr Dan Holdsworth Silver badge

Re: Brilliant

Nasal filter plugs are a thing, and come in several different sizes. I bought some as I suffer from hayfever but found them rather useless.

Civil liberties groups take another swing at Brit snooping regime in Euro human rights court

Dr Dan Holdsworth Silver badge

Re: You've all been very naughty boys and girls

Given that Matron is just about to enact a law which will make grown adults in the UK have to either sign up to what amounts to a register of one-handed typists, or else buy access to a VPN service which terminates in a non-UK country, this mass surveillance may soon come to a screaming halt.

It should be common knowledge that any source of information given to the UK government will be abused, and will in part be left unencrypted on a memory stick on a random commuter train somewhere. As such, I would predict that almost nobody with any sense will sign up for the UK's Proof of Age / w***ing list.

So, a large part of the UK internet is going to go opaque soon as far as MI5 are concerned, and I have no doubt at all that quite a few MI5 operatives are quietly crying into their beers over this outrage; nobody ever thinks of the spies when these Great Cunning Plans are thought up.

El Reg talks to PornHub sister biz AgeID – and an indie pornographer – about age verification

Dr Dan Holdsworth Silver badge

Re: Meh

Somewhere in Cheltenham, a number of MI5 employees are quietly crying into their beers.

Time was when you could look at internet links, scan for VPNs and say:

Businessman, businessman, paranoid idiot, businessman, businessman, dodgy (investigate further), businessman...

After that law comes into force, it'll go:

Wanker, wanker, wanker, wanker....

They'll have lost a valuable way of spotting suspicious characters, lost under a haystack of one-handed typists. It won't even stop the teenagers from accessing dodgy material; I'd guess that pretty much nobody will even bother with the Government ID unless they have a non-porn need for it.

Dr Dan Holdsworth Silver badge

This Identity thing is the key

The basic problem with any system which requires the user to prove their age is that this requires exposing identity documentation to an unverified third party. However many layers of obfuscation are put in, this problem remains: someone has a list of identities, someone else has a list of what they've been looking at.

Given the unenviable record that civil servants have of bypassing privacy checks and carelessly losing data, this ought to worry any sane person. I'd give it three months before a dataset linking names to porn viewed is accidentally left on a train somewhere.

A much easier way around this problem is to pay for a VPN service. The only info exposed to the VPN supplier will be payment info, and URLs visited; not content, not identities, and not anything really damaging. As the reputation and business model of a VPN relies on secrecy, many simply do not log this data, meaning that what they don't have cannot be leaked.

That's the light side. The dark side is what happens when a teenager who has not got any way to pay for anything online tries looking for porn. They are the group most hormonally motivated to want to see this material, and the group least intellectually able to choose a safe means of doing so. They are the people who'll use free VPNs, and thus the people whose every online move will be tracked by the mostly Chinese-owned free VPNs.

This raises the spectre of kids seeing exactly the same imagery that they got before, but having all this behaviour tracked by criminals who can then use it as extortion material. In other words, nice one UK Law-makers; you made a situation much, much worse through your actions.

Serverless is awesome (if you overlook inflated costs, dislike distributed computing, love vendor lock-in), say boffins

Dr Dan Holdsworth Silver badge

Re: No, it really is "serverless".

As far as I can make out, there isn't actually any great innovation going on here. What we are arguing about is the cost of doing everything in-house versus the cost of using specialists from outside to do stuff, with a sliding scale in between these two.

On one side is the bedroom geek who runs a mail server, web server, his own DNS and pretty much everything off his own power generator with only the link to the internet being outsourced.

On the other side is the person with a rented mobile phone, whose email function is served by GMail, whose website is hosted by an external supplier and so on.

In between these two hypothetical examples are everyone else, trying to find a sweet spot between paying someone else to do everything and doing everything themselves, and all we are arguing about, the sum total of the argument, is where to sit on that sliding scalar between the two extremes.

Serverless, Cloud computing, and all the other marketing terms are just ways of saying "Pay someone else to do it".

The only other factor we have to take into account is networking. The Internet as designed was a net-like network. It had redundancy, and if a few nodes went off-line (such as from someone else dropping a nuke on them) the network coped. The modern Internet is much more efficient than this, with far fewer redundant links, meaning that it doesn't take much to completely knacker connectivity. Thus we also have to take into account the distances between user, cloud servers and target audience, since the longer the distance, the greater the chance of network problems there is.

Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong

Dr Dan Holdsworth Silver badge
Black Helicopters

For phone phishers there are time-wasting systems that effectively just play random noncommittal crap at the phisher whenever there's a gap in the conversation. These do tend to string the average microsoft support scammer along for quite a while, since such scams don't attract exactly the greatest brains in the world at the sharp end.

For email scammers, similar spoofing systems exist to string them along until they get bored with trying to out-think an infinitely patient machine. Alternatively quite a few people view scammers like this as entertainment. The Scamorama site is one such; some of their better efforts include pretending to be a man who was "a failed recipient of a whole-body transplant", who ekes out a miserable existence on a life support system in a university cellar as a disembodied head (typing with his nose). Needless to say, the efforts of the scammers to extract money from this poor chap are long-winded, amusing and ultimately fruitless.

Yes, you can remotely hack factory, building site cranes. Wait, what?

Dr Dan Holdsworth Silver badge

Re: Some hysteria

This isn't hysteria at all. Say you, a construction company, wished to gain a better market share. Given that your methods would be as near optimal as makes no difference, your only options are to shave margins, cost-cut or perhaps inflict some reputational damage on your competitors. However, casual website defacement will only go so far, so how's about messing about with their heavy plant remotely?

The thing is, you do not actually have to do very much to a remote-operated crane to make operating it dangerous to the point of site Health & Safety shutting everything down pending investigations. Listening to the chatter from operator to crane then replaying segments back at the crane would do, if the systems are as insecure as this article suggests.

Brief replays would make the crane overshoot targets and bang into things, behaviour that seriously upsets people where heavy weights are concerned. Five minutes messing with a crane remotely and site H & S shuts everything down to investigate. The attacker waits a day or two, then repeats at random intervals. With a parabolic antenna they don't even need to be very close to the target; half a kilometre or so would do.

All of these shennanigans push the project over time. Builders who overrun don't get repeat business.

Want to get rich from bug bounties? You're better off exterminating roaches for a living

Dr Dan Holdsworth Silver badge

Things may change in future

It turns out that exterminating cockroaches is actually quite easy, if you use modern science to help you out. The problem with most methods of killing cockroaches is that the cockroaches have tremendous selection pressure to evolve ways of not getting killed. The way around this is to use a method which they will find much more difficult to evolve out of.

That way is developmental disruption. A cockroach life cycle is a simple one; it hatches from an egg into a miniature cockroach, then goes through a series of instars, shedding its exoskeleton each time and inflating internal air sacs to make the soft new one a bit bigger than the old one. All the time this is happening, a gland in its head is pumping out a hormone called Juvenile Hormone, for which there is no equivalent in vertebrates. About halfway through the last juvenile instar the gland stops producing juvenile hormone, and the final exoskeleton that forms is a little different from all the previous ones; it has genitalia and other adult characteristics.

If you produce an artificial analogue of juvenile hormone and keep giving this to last instar cockroaches, then their adult exoskeleton looks just like a juvenile one; no genitalia. Such animals cannot breed, and do not undergo any further moults either; they live out their lives without breeding. Juvenile hormone analogues that are thousands of times more bio-active than the real one, and much more persistent have been developed.

This means that if you want to permanently keep the cockroach population in a building near to zero, all you do is periodically saturate the place with a juvenile hormone analogue. You'll always have a few cockroaches coming in from the surrounding area, but the offspring of these incomers never themselves breed.

xHamster reports spike in UK users getting their five-knuckle shuffle on before pr0n age checks

Dr Dan Holdsworth Silver badge

Re: They won't apply to sites on which porn makes up a third or less of the content

This looks like a backdoor around this most ill-advised of laws. Simply use redirect links to refer to a huge amount of non-porn material (Wikipedia, say) and claim that the porn is but a small part of your entire site. If redirects don't work, then set up an array of random number generators that echo their output to active web pages and claim that the bulk of your service is providing huge amounts of guaranteed-truly-random entropy, along with something for the weekend.

The fact that this "bulk of your site" is of absolutely no interest to anyone doesn't really matter, does it? It gets around the law and that is all that really counts.

More nodding dogs green-light terrible UK.gov pr0n age verification plans

Dr Dan Holdsworth Silver badge

Re: So...

I am told that there is even Victorian age porn out there of quite unsurpassed filthiness, which probably counts as a historical document these days...

Dr Dan Holdsworth Silver badge

Re: access cannot be stopped

Two mobile phones with NFC turned on (as quite a lot have now) are pretty much designed for getting around this sort of thing, by transferring files phone to phone.

Dr Dan Holdsworth Silver badge

No, they won't share it. They'll just leave the entire database dump on a USB stick on a train unencrypted, or send it through the post on an encrypted DVD (with the password written on the DVD).

Dr Dan Holdsworth Silver badge

Re: Just like buying a magazine.

OK, if we start from the situation of now, where porn is freely available to any sprog with the minimal wit needed to Google for it, then can we at the present time detect any real harm being done to kids because of this?

I personally doubt that any harm is coming to kids at all that was not equally prevalent a century ago.

However, if we now try to restrict kids from finding porn, then very quickly a couple of concepts will rapidly become prevalent:

1) The government are a bunch of control-freaks who want to control everything you see and do

2) These government control-freaks are in fact quite incredibly stupid and as long as measures are taken to avoid their gaze, they cannot do anything to us.

So there you have it. At a stroke, all respect for the rule of law is gone, replaced with the Eleventh Commandment: Don't get caught. Teach kids this, and they are likely to generalise. Dodging paying tax? No, nothing morally wrong with that at all, just don't get caught doing it. Breaking numerous laws? Nope, still no problem as long as you don't get caught, and if you are smarter than the really very stupid Government, you aren't going to get caught.

It's 2019, the year Blade Runner takes place: I can has flying cars?

Dr Dan Holdsworth Silver badge

Re: The real hangup is an instinct for self-preservation.

I remember an incident from decades ago, whilst I was training to fly hang-gliders. The training involved a lot of top to bottom glides down hills, preferably those with a decent breeze blowing up the hillside. On one such occasion we were in the Dales, near Kilnsey, on one side of a big U-shaped valley. The wind speed was steadily increasing over the day, and when it came to my turn for a trip down-slope, it seemed that a critical speed had been reached.

Starting a hang glider flying is quite difficult. Merely jumping off a cliff is a recipe for sudden death; insufficient airspeed. The way you do it is to run downhill into a wind; when the airspeed gets high enough, the kite lifts you off your feet. On this run it didn't, and having run flat out down a steep slope and failed to get a glider to lift even a little bit, you tend to feel something of a fool.

This however was caused by the windspeed getting too fast. We'd gone from laminar flow down one side of the valley and up the other to turbulent vortexes spinning off the far side and actually briefly reversing the wind direction on our side of the valley; this closed down flying for the day.

The point I am trying to make is this: just a small change in conditions invisibly changes flying conditions from good to lethal. Large areas of the country will be completely off-limits to flying cars with only minimally-qualified pilots simply because these areas are potentially too dangerous. Flights over cities will similarly be forbidden; over somewhere like London the only safe crash zone is the Thames, and try getting an insurer to cover a flying vehicle that is actually programmed to ditch into a river in case of trouble!

This is what will, and does kill flying cars: insurance and difficulty. You cannot permit flights over cities, for fear of harming whatever is underneath the craft. You cannot permit flights over seas, or over rail or motorway infrastructure and so on, and you have to keep idiot pilots away from things like power lines. GPS isn't safe enough, Galileo isn't safe either, and so it goes on.

Self-driving cars are the best we're going to get.

London's Gatwick airport suspends all flights after 'multiple' reports of drones

Dr Dan Holdsworth Silver badge

Re: I wonder if...

I would think that there is much more to this than meets the eye. I think that this whole event was staged now, at this date, for a very, very good reason.

There are people in this world who are, to put it bluntly, quite startlingly stupid. Such people look at an entire airport shut down because of drones and think "Kewl, I want to try that!". These people are often teenagers, and a sizeable number of these teenagers will very likely be getting drones as Christmas presents.

As soon as the morons get their Christmas drones, then unless the perpetrators are caught and a guard is put up at *every* UK airport to prevent the flying of drones near the airports, then an awfully large number of cheap Chinese mini-drones are going to be flown over, around and into airports next week.

We badly need a cheap, throw-away anti-drone system of some sort.

Dr Dan Holdsworth Silver badge

We do have the technology. At ranges below 100 metres, a decent goose gun will do the trick.

A drone flying higher can be severely affected by flying a helicopter over it; the downwash will likely down the drone. Of course, you first have to find your drone, then clear all air traffic, then launch the helicopter and by then the drone operator will have achieved what they wanted to achieve (total air traffic shutdown) and likely scarpered.

Dr Dan Holdsworth Silver badge

Re: Pictures?

Have you seen the normal picture of a UFO taken with a mobile phone?

Mobile phones generally have fairly wide angle lenses; they are designed for taking pictures of people or animals at fairly close ranges; zoom is generally non-optical so the more picture is cropped away, the lousier the image becomes.

So, the likely mobile phone footage of a drone buzzing an airfield will be a huge dark field with a tiny flickering, flashing light dancing around randomly somewhere in the field; this could be absolutely anything.

'Bomb threat' scammers linked to earlier sextortion campaign

Dr Dan Holdsworth Silver badge

There's a sporting chance that the people responsible for all of this are from a country where the law enforcement is patchy to say the least, unless someone big in the government is spurred into action. At this point the law enforcement reaction generally tends to overkill, with the emphasis on "-kill".

Quite frankly I rather hope that this actually happens to a few of this gang. Random extortion like this really ought to be stamped upon if only to force the perpetrators to up their game somewhat.

LG's beer-making bot singlehandedly sucks all fun, boffinry from home brewing

Dr Dan Holdsworth Silver badge

Home wine kits also have other uses. One enterprising home vintner and forger worked out that there are people in this world who are daft enough to believe that wine is an investment. They buy bottles of rare and expensive wine, and keep them hoping that these will accrue in value.

Because the wine is so valuable, they rarely if ever drink the wine.

This cheeky chappie reasoned that if someone is never going to actually drink the expensive investment wine, then as long as the bottle and label are correct, you can put any old plonk inside the bottle and sell the whole thing on as an expensive investment wine.

He was finally caught by getting too greedy and not paying enough attention to getting the forgery of the label exactly "right"; when checked the expensive liquid in the bottles turned out to be home-brewed wine.

Dr Dan Holdsworth Silver badge

Re: Beer in the Sodastream?

I once tried sticking sliced banana in a freeze dryer, after a quick sojourne in the minus-70 freezer beforehand. On the plus side, it did produce vaguely edible freeze-dried banana. On the downside, the texture was rather like discs of banana-flavoured plastic.

Still, a worthy experiment, unlike the time I told some Computer Science students that the local garden centre was selling large boxes of Nitrate of Potash which even lacked the now-mandatory flame retardants. Now that was a spectacular experiment...

College PRIMOS prankster wreaks havoc with sysadmin manuals

Dr Dan Holdsworth Silver badge

Re: A decade of poor configuration

Another university that shall remain nameless had, in the mid nineties, a fair number of unix machines of various sorts (very few Linux systems back then) all of which had unsecured X sessions on them. As a result, pranks of all sorts abounded; screen flips, random windows popped up on other peoples's X sessions, screen meltdown spoofs and the like.

All fairly detectable; all you had to do was turn round and look behind you for the most virtuously innocent-looking person in the room, and there was your culprit.

Mind you, the other trick often played was to log into someone else's system using rhost, start off a Netscape process (a notorious CPU and memory hog) and echo it back to your own machine. Hey presto, your system was still nice and responsive and someone else had a sluggish system with a foreign web browser process running on it. This generally lasted until the victims found out about top.

This is the beauty of universities; wonderful teaching environments, whether you want to learn or not!

Brit bomb hoax teen who fantasised about being a notorious hacker cops 3 years in jail

Dr Dan Holdsworth Silver badge

All of this sounds rather like the fool has looked up a check list of some of the more notorious serial killers (of humans) and is busy working his way down the list.

History of killing small animals: check.

History of poor impulse control: check.

History of sociopathy and difficulty interacting with people: check.

Prison sentences for assorted petty crimes: check.

This man needs to be on the list of potentially dangerous individuals and ought to be ordered on pain of a fairly long prison sentence to always tell the police where he is living.

As sales slide, virtual reality fans look to a bright, untethered future

Dr Dan Holdsworth Silver badge

Re: Lack of decent content.

Actually, VR might well be something of a killer app for business purposes.

Take a lot of miserable staff in a big, open-plan office. Add in VR or AR systems so each team are presented with their own little space (a walled garden with a shady tree overhanging it would work fairly well), and add in headphones so the user can choose if they want to just hear chit-chat from their own team area, their own music or general noise.

Done well, VR/AR could also replace the usual forest of monitors with virtual windows hanging in space in front of the user; instant mega-big screen.

It wouldn't quite be a substitute for decent office space, but could improve existing poor office space somewhat.

Space policy boffin: Blighty can't just ctrl-C, ctrl-V plans for Galileo into its Brexit satellite

Dr Dan Holdsworth Silver badge
Thumb Up

Actually, this may be a well-disguised win

Think, if you will, what a high-grade positioning system is actually good for. Most civilians will just carry on using assisted GPS and quite like it, since it does everything required. The various armies will similarly just carry on as normal. The only thing that will be very affected will be the UK Home Office's plans for road pricing.

Road pricing can be done many ways, but if you are a moderately dim civil servant without much conception of how bloody devious the general public can be if money is involved, then a road pricing scheme involving Galileo looks like a really, really good idea. Civil servants have a certain rigidity of thinking that means that once they set off down a certain path, they do not deviate even under severe pressure.

A lack of Galileo therefore means that we, the vehicle-using public, may well have ducked a bullet here. The easy road-pricing system is denied the civil servants; they will therefore have to do something that civil servants really, really hate doing: thinking for themselves. This and Brexit ought to keep the meddling little elves of the Home Office very busy for quite a long time to come.

Support whizz 'fixes' screeching laptop with a single click... by closing 'malware-y' browser tab

Dr Dan Holdsworth Silver badge


I remember the tricks of getting PCs to ork with dodgy peripherals. Some places had but one keyboard that was fully working, and this keyboard travelled around the room being plugged into machines to let them start without error, after which the usual keyboard got swapped back in again. Keyboards that threw errors on start-up check quite often worked perfectly otherwise, you see.

Dr Dan Holdsworth Silver badge

Back when I worked for a rather dodgy ISP in Accrington, we had continual virus problems. Strangely though, these always followed a fairly well defined infection pattern which led me to believe that the user has a lot to do with computer virus infections.

Virus trouble always started in Sales or Marketing, and spread from one to the other. Then the same few senior managers would get infected machines, then some of the Web designers. Not all, and always the same ones.

Over in the NOC, the database engineers on completely susceptible Windows machines never got viruses. Neither did any of the engineers, but then we were using RedHat Linux.

Dr Dan Holdsworth Silver badge

Re: Push volume button to mute

On older Vauxhall cars, the headlight control was a rotating dial on the dashboard. The interior light control was there at all; to turn the interior light on, you pulled the entire headlight control towards you.

You could always tell a Vauxhall that had been a hire vehicle, because it would always have a dirty mark around the roof light where people had tried feeling for the control switch, and hadn't found it...

Dr Dan Holdsworth Silver badge

If this is a corporate machine, then the user should not have had the admin rights to install anything, and should not have any data sitting on the (encrypted) machine in any case; furthermore the local antivirus and anti-malware software should also have been active.

In such a case, I would quarantine the machine for "further tests" and proceed to scan the hell out of the local drive to make certain that nothing actually got onto it, whilst making the user cool their heels waiting for this to run. Kicking about for 20 minutes is generally unpleasant enough to get the message about not visiting dodgy sites over to users without actually harming anything.

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

Dr Dan Holdsworth Silver badge

Re: I know it's unlikely

To be honest, this sounds like a small amount of prankster stuff, and quite a lot more Dell hardware being a bit crap. Add in a luser who is paranoid and hey presto, said luser goes into ultra-defensive mode and tries to attack the employer for not having protected her.

A more mentally robust person would have either tried to discover the prankster and returned the favour, or else simply fired off pranks randomly in the hope of hitting the original joker by accident. Do enough of this and the entire group will get a local reputation as a bunch of "work hard, play harder" lunatics whom nobody wants to mess around with.

I am however surprised that the base OS was Windows for all of this. Yes, it is the corporate OS of choice, but surely a security consultant would want to start off by securing the hardware and base OS and about the only thing that'll do that is an old-school Linux such as RHEL or similar. The thing here is that the firewall can be very precisely controlled, and SELinux can also be used (although mainly to generate grey hairs on the head of the operator).

If the base Linux OS worked OK, then I would blame the Kali Linux underlying it. I don't have much experience with Kali Linux, but I would imagine that it isn't going to be very stable if used aggressively; but surely then this is the point of using virtual instances of Linux? Set up a stable VM, snapshot it and play around with the snapshot, then when something goes wrong you reinstate the known-good original.

Well that's just spliffing: UK Amazon merchants peddling Mary Jane

Dr Dan Holdsworth Silver badge

I'd have been very tempted to buy some and have it sent to them in a gift-wrapped box, together with a stern note regarding not sampling the produce before combing the web...

Wombats literally sh!t bricks – and now boffins reckon they know how

Dr Dan Holdsworth Silver badge

Re: IgNobel prize incoming

You'd be amazed what has been researched over the years.

Many, many years ago a chap by the name of Pickett did sterling work in the field of insect sex pheromones and how these might be used to control insect populations (if a male is flapping around with antennae full of sex pheromone, he isn't going to find many ladies).

Somewhat later, I did the same only for potato cyst nematodes. For a mercifully short time (until the videotapes were recycled by my PhD supervisor for recording Eastenders, or Pobl Y Cwm or something), I was the proud owner of the world's most boring sex-related videos.

Sex-related because this was film of male nematodes responding to scent gradients of sex pheromone on agar plates. Boring, because a male nematode in a hurry with love on his mind (and since males don't eat as adults, they always have love on their minds) travels at a few millimetres per minute, and to see any real speed the videos had to be watched on fast forward.

The research, whilst worthy of an igNobel, never got the publicity it deserved through not being around in the days of Youtube, not that this prevented the famous TCP Sliding Window video becoming famous (this was also recorded around this time).

Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

Dr Dan Holdsworth Silver badge
Black Helicopters

Re: Hostage situations...

One useful way around this trigger-happiness of US police would be to add in some more technology. Specifically, when responding to an incident involving a report of armed suspects, send in a robot of some description which doesn't look in the least little bit human, and which is not armed with anything in the slightest bit lethal.

This de-escalates the entire situation; if the suspect is innocent then they will comply with the cop talking through the robot's transceiver to put their hands into the handcuffs and kindly walk out and say hello to the SWAT squad.

If on the other hand they are armed and want to shoot something, then they can have a briefly entertaining time blowing hell out of police property that isn't alive and the shooting of which is no more than criminal damage, after which the human police will point guns at them and demand surrender.

This sort of thing ought to help reduce the carnage caused by police who think that they have no alternative save shooting.

Samsung 'reveals' what looks like a tablet that folds into a phone, but otherwise we're quite literally left in the dark

Dr Dan Holdsworth Silver badge

Re: How they test matters

This sounds a lot like Apple and their extremely comprehensive handling tests done on the iPhone X, which because it was so super-secret all had to be done indoors in controlled conditions. Conditions which included making sure the hands of the test users were always dry, not-slippery and not likely to fail to get a grip on an all-glass extremely slippery and extremely impact-sensitive expensive shiny thing.

Which stole the crown of most expensive thing commonly dropped and broken from the likes of Samsung and Faberge et al.

Chinese biz baron wants to shove his artificial moon where the sun doesn't shine – literally

Dr Dan Holdsworth Silver badge

Re: Suitably Qualified and Experienced Personnel...?

He would appear not to know what he is talking about.

If you look at moth trap collections on different nights of the lunar cycle, you will start to see a pattern (allowing for cloudy nights). Quite a lot of life forms are sensitive to moonlight; in fact I would say that the majority from insects to animals to a lot of plant life are sensitive.

Now, I'll grant you that a new constant moon isn't going to have all that much effect, especially not when compared to street lights in a city, but it is going to have some effect and not none at all.

UK.gov to press ahead with online smut checks (but expects £10m in legals in year 1)

Dr Dan Holdsworth Silver badge

Re: VPNs

Opera Mobile has or had a free VPN solution. Even if that has gone, plenty of new ones which can be used to surf porn (and which also serve up adverts in order to fund themselves) will spring up, along with a crop of malicious VPNs which infect your hardware with viruses.

The kids won't care, just so long as they can get their jollies.

Dr Dan Holdsworth Silver badge

You're missing the entire point of the legislation. It isn't supposed to stop children finding porn at all; it is supposed to appease the neo-Puritan nitwits who think that anything pleasurable is bad and seek to control everyone else's lives, presumably to make them as miserable as their own existences.

Said neoPuritans generally don't have much of a grasp of technology, so a gormlessly stupid law that is easily circumvented is all that is necessary to convince them that Something Has Been Done.

Take my advice: The only safe ID is a fake ID

Dr Dan Holdsworth Silver badge

Re: It's only a matter of time...

I know a chap who used to use the names of his cats as pseudonyms for email lists. One day, a telemarketer phoned up and was most insistent in wanting to talk to "Tiddles", even after it was explained that Tiddles had not signed up to this new email list for a couple of good reasons.

Firstly, Tiddles was a cat, and secondly Tiddles had died a decade earlier hence was unavailable for comment. Such is the intelligence of telemarketers that these snippets of essential information took quite a while to penetrate.

Punkt: A minimalist Android for the paranoid

Dr Dan Holdsworth Silver badge

Re: Justified

In other words, it feels like $300 of profit margin and if you hold it to your ear, you can just about hear the Punkt management laughing all the way to the bank.

Python lovers, here's a library that will help you master AI as a newbie

Dr Dan Holdsworth Silver badge

Re: Yet another opportunity

My PhD supervisor used to derisively refer to what he termed "Statistical Stamp-collecting". This was 20 years ago, and even then it was possible to start off with a decent-sized biological database of a few thousand data points per treatment, and run an ANOVA analysis comparing each sample to every other sample, and do so whilst one nipped down the pub for an only-slightly extended lunch break.

Actually working out what the results actually meant, that was the tricky bit, as was deciding whether or not the experiments were well enough designed to support the inferences you could statistically "prove".

These days, of course, we have the famous meta-analysis. Not got the time or budget to do work yourself? Need a few more papers published to go for that professorship? Easy, munge together several other groups' work without a thought to the rigor of each experimental method, fire it all at something statistical (Like Kruskal-Wallis so not bright spark can point out that the data aren't parametric) and hey ho, a-correlating we shall go.

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

Dr Dan Holdsworth Silver badge

Re: I'm getting to the point now

Why bother carrying data at all?

Strong encryption exists, so you just keep the data in an encrypted enclosure somewhere on the net, and open a VPN to it whenever you want access.

Dr Dan Holdsworth Silver badge

Re: Have fun!

I wonder if Customs would like a copy of my personal virus collection, helpfully packaged in various ways including self-extracting zipfiles...


Biting the hand that feeds IT © 1998–2019