* Posts by Jonathan Richards 1

880 posts • joined 10 Jun 2009

Page:

Police anti-ransomware warning is hotlinked to 'ransomware.pdf'

Jonathan Richards 1
Bronze badge
Joke

Re: We chose not to open the PDF file

What is this keming of which you speak?

2
0

Bloke charged under UK terror law for refusing to cough up passwords

Jonathan Richards 1
Bronze badge
Black Helicopters

Re: Location, Location, Location

> when she got her laptop back after a search at LAX

If your device has been out of your sight in the hands of Security Services, and especially if you unlocked it for them first, then you should never trust it again. Back-to-the-wood re-formatting of storage, and reflashing the BIOS might work...

14
0

WannaCrypt 'may be the work of North Korea' theory floated

Jonathan Richards 1
Bronze badge

More nonsense

> If you['re] reduced to using the timezone as "evidence"...

In the same vein, I noticed that the killswitch domain name is significantly non-random, and probably chosen by keyboard mashing. Here's how a classic touch typist on a QWERTY keyboard would achieve those characters [1]:

KILLSWITCH DN: IUQERFSODP9IFJAPOSDFJHGOSURIJFAEWRWERGWEA

TYPING HAND: RRLLLLLRLRRRLRLRRLLLRRLRLRLRRLLLLLLLLLLLL

QWERTY ROW: 11111221210122211222222121112221111112112

Note that only the top two rows of letters are used, and only once does it stray into digits; the nine is probably a near-miss for the subsequent I. It seems to me that the mashing was almost certainly done on a QWERTY keyboard. However, APTs will probably be using such keyboards anyway; all the information I can find about N. Korean PCs indicates that their layout is QWERTY, too.

Hey, I *like* it here at the bottom of the barrel!

[1] transposed to uppercase for clarity; paste somewhere in a monospaced font to make it line up.

1
0

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Jonathan Richards 1
Bronze badge

Mission critical systems

When Microsoft published EULA documents that were (a) accessible and (b) halfway comprehensible, I recall that they used to warn against deploying WindowsTM in mission critical applications. I just tried to find out whether that's still the case, and I can find any deity's amount of information on what I might need to pay in any given circumstance, but no information on what my rights and responsibilities are for licensed MS software.

1
0
Jonathan Richards 1
Bronze badge
FAIL

Re: You are missing the point [and how!]

Crap! Here we are going around with nerves on edge, worrying about spearfishing wannacrypt vectors, and an AC posts a text url for an anonymous JPG file, with a hashtag indicating 'cyberattack'. Hands up who thought "Oo, that looks interesting, I'll just paste that into the address bar right here..."

5
0

Google DeepMind's use of 1.6m Brits' medical records to test app was 'legally inappropriate'

Jonathan Richards 1
Bronze badge

Re: There's a more interesting ethical question than just "the rules"

> having trained the model they realised they had identified people who needed kidney treatment

If DeepMind works like other neural network AIs, one trains the system by presenting it with known outcome data, so e.g. by feeding different representations of the letter "A" you can train a text-recognition algorithm to return a diagnosis of "A", even from a representation that it hasn't "seen" before. In this instance, one would have fed it millions of pieces of medical information for previous patients with, and without, kidney disease as diagnosed and confirmed by a trained human, and ended up with a diagnostic app. What would then be unethical, given the approvals that were given in the first place, would be to let the app loose on new patients.

One point six million is a lot of records. I'm supposing that these came from all over the National Health Service, not just from the Royal Free's patient list?

1
1

America 'will ban carry-on laptops on flights from UK, Europe to US'

Jonathan Richards 1
Bronze badge

Another impact on airlines

I recently came across a new[1] phenomenon: in-flight entertainment without a seat-back screen or common-viewing screens overhead. The concept was that passengers would place an inflight entertainment app onto their personal devices, and consume the stuff that way. I suppose I *could* watch a two-hour movie on a tiny phone screen, but it would be stretching the definition to call it "entertainment".

Airlines relying on people having tablets etc. about their persons will be in a quandary.

[1] New to me, anyway.

5
0
Jonathan Richards 1
Bronze badge

Re: Promoting US Cloud services

> people wont take a business laptop with them or at least not one with anything important on it

Good business information assurance policies would make sure that the laptop was encrypted. This would protect against the risk of unauthorised disclosure should the device be stolen, and make it much harder for state-sponsored industrial espionage should the device be imaged by security authorities. Plausibly-deniable encrypted partitions are a thing, if your situation demands it. You could put encrypted material into cloud storage, of course, but you'd have to be confident about the strength of your encryption.

1
0

Mozilla to Thunderbird: You can stay here and we may give you cash, but as a couple, it's over

Jonathan Richards 1
Bronze badge
Go

Re: I use Thunderbird and I want to support it

> where do I send the money ...?

See the first comment (by the author) on the announcement of the split [mozilla.org]. The short answer to the question is to head for https://donate.mozilla.org/en-US/thunderbird/, which is a Stripe or Paypal payments page.

1
0

UK prof claims to have first practical blueprint of a quantum computer

Jonathan Richards 1
Bronze badge

Bloody idiots...

You don't want to set the first working quantum computer (Solves billion-year problems in days! Sale must end soon!) onto factoring big semi-primes. You want to set it on designing the second working quantum computer. Assuming, of course, that it won't quickly deduce the existence of rice pudding and income tax, take the next step of working out that its real problem is not making itself redundant, and then proceed to sit in a corner, pondering the life prospects of some German cat.

0
0

Prepare your popcorn: Wikipedia deems the Daily Mail unreliable

Jonathan Richards 1
Bronze badge

Re: Hmm

> we are definitely not to blame for almost all of that[citation needed]

Humans have been clearing forests and hugely altering ecosystems since at least soon after the last ice retreat; I say no more than that I think your "definitely" is possibly misplaced.

1
1

Want to come to the US? Be prepared to hand over your passwords if you're on Trump's hit list

Jonathan Richards 1
Bronze badge

Re: Language?

Nations plural. Northern Ireland is one of the nations making up the United Kingdom; the Republic of Ireland is a different nation. This is at the very nub of much bloody and explosive conflict!

> Maybe you're including the US.

Boston, MA, may or may not qualify as a third Irish quasi-nation. Many of its inhabitants were enthusiastic supporters of terrorism a few decades ago.

0
0
Jonathan Richards 1
Bronze badge

Re: Language?

> ... DHS, at every border crossing and airport ...

I think you misunderstand - certain travellers to The Land of the Free will, under Gen. Kelly's plans, have to cough up their passwords before travelling, e.g. when applying for a visa, or an ESTA.

Others have pointed out that disclosing passwords is uniformly a breach of Terms and Conditions, and presumably it will harm your application for the visa if you change the password during the period when DHS is getting around to logging in with the extorted credentials and having a rummage. At a stroke, Gen. Kelly sacrifices the security of *all* his target travellers, for the sake of an outside chance of identifying the tiny fraction of them that might be undesirable.

However, it is clear how the current administration views travellers from certain (coincidentally Muslim) countries. They're all undesirable. If the criteria really did have to do with countries with a history of terrorism, then the Irish nations would be on the list too, wouldn't they?

8
0
Jonathan Richards 1
Bronze badge

Re: So will I be barred ?

Someone possibly masquerading as an Andy Tunnah wrote:

> I *do* have a facebook ...

This use case for Facebook (TM) seems a bit eccentric, akin to using a hammer to drive a screw. If one wanted a method for closed-group communications between friends, e-mail would seem to answer better than putting one's more-or-less sweary opinions on Mr Zuckerberg's servers. It may be that the posts are non-public, but if they were of apparent interest to The Security Services, they'd be able to de-anonymize you in a heartbeat.

3
0

Last Concorde completes last journey, at maybe Mach 0.02

Jonathan Richards 1
Bronze badge

Gate guardian at LHR

> replaced it with some modern tat.

Some Emirates-branded tat, too. "Britain is open for business sale".

1
0

Ex-NSA contractor Harold Martin indicted: He spent 'up to 20 years stealing top-secret files'

Jonathan Richards 1
Bronze badge

Re: NSA security - Level Zero?

Aye, and beginning in 1996, too. There were few CD-R drives, memory sticks or unobtrusive portable mass storage boxes, back then. Floppy disks carried no more than 1.38 MiB, which I suppose is big enough for a few documents, but Top Secret networks typically didn't have floppy disk drives. The earliest stuff was probably carried out through a security checkpoint in good old paper files.

[1] Certainly no office-based ones in NSA establishments, I expect. See Wikipedia entry

2
0
Jonathan Richards 1
Bronze badge
Thumb Up

Re: It's traitors like these...

> orange fruitcake

Oo! I wonder if that can be on the afternoon tea menu at Buckingham Palace when the President makes his State Visit to Her Majesty's United Kingdom (supposing that he accepts the invitation, of course).

I'm off to research a recipe.

2
0

Crumbs. Exceedingly good cakes, meat dressing price hike in wake of the Brexit

Jonathan Richards 1
Bronze badge
WTF?

Mathematical inexactitude

> rises around the mid-single digit mark

That's so elliptical as to be a waste of oxygen to enunciate. If you were to conclude that Premier Foods might add somewhere between four and six pounds sterling to the price of everything, it wouldn't be contradictory.

1
0

Like stealing data from a kid: LA school pays web scum US$28,000 ransom

Jonathan Richards 1
Bronze badge

Re: Live and learn, the hard way

V1.0 said "This is a school system - probably with a system administrator who is getting paid a pittance"

From TFA: ... the campus' 1,800 staff and 20,000 students

That's twice the size of the university I went to (admittedly a long time ago!) so there will be more than one sysadmin.

In fact, the LA Community College District named in the article comprises NINE colleges with a total enrollment in Fall 2015 of over 130,000 students [1]. The ransomware attack was at Los Angeles Valley College [2].

[1] LACCD Fast Facts

[2] LACCD Chancellor’s Statement [PDF]

0
0
Jonathan Richards 1
Bronze badge
Stop

Re: Live and learn, the hard way

> the unpalatable one becomes more desirable from the perspective of continuation of normal business activities

But paying ransom to cyber-criminals isn't a normal business activity, is it? I agree in principle with your cost-benefit analysis, but you ought to factor in (a) the extra cost of iron-clad protection against another attack, since paying up identifies you as an easy mark, (b) the time and risk involved in undertaking decryption (you'll be running software from a known bad supplier with no performance guarantees), and finally (c) the risk that the scum-bag that you pay may not give you the decryption keys anyway. Good luck requesting a refund.

0
0
Jonathan Richards 1
Bronze badge

Re: Live and learn, the hard way

@Paul Crawford

+1 Informative, thank you

0
0
Jonathan Richards 1
Bronze badge
Unhappy

Re: Live and learn, the hard way

> triggering when enough time has elapsed for offline data to be encrypted along with the online version

How would that work? I would expect the attack to be immediately obvious to an enterprise of this size, and the very first thing one would do is to isolate the backups and shut down the network, probably invoking the business continuity/disaster recovery plan at the same time. In the past, when we used to do backups to half-ton tape drives, the backups were 'grand-fathered'. I don't know how modern backup technologies work in this respect.

1
0

For Fark's sake! Fark fury follows 5-week ad ban for 5-year-old story

Jonathan Richards 1
Bronze badge

New Year's resolution @voland's left eye

... to read the whole article before posting!?

Yes, of course Googletm is too powerful. We've often observed that folk who just use the WWW without much thought about how it all works believe that Google is the Internet.

7
0

You have the right to be informed: Write to UK.gov, save El Reg

Jonathan Richards 1
Bronze badge

Enables, but does not oblige

> If the court feels the circumstances are appropriate that provision enables them to dump the defendant's costs on the plaintiff.

Aye, there's the rub. Frivolous plaintiffs could end up with a shock. To make that happen you as defendant have got to engage a lawyer good enough to convince the judge that all the circumstances mean he or she can overturn the statutory award of damages. It's three levels down in the error-trapping code, and certainly not as good a protection as "Truth === no award of costs".

4
0
Jonathan Richards 1
Bronze badge

At the mercy of the court

+1

> Even if El Reg was 100% correct in what they write, they still get lumbered with the bill.

There's a bit of nuance to this, as other people have mentioned in these comments.

Section 40

(3) If the defendant was not a member of an approved regulator ... the court must award costs against the defendant unless satisfied that—

...

(b) it is just and equitable in all the circumstances of the case to make a different award of costs or make no award of costs. [omissions for clarity]

That's quite a high bar to cross, though; to convince the judge, in the face of inevitable opposition from the plaintiff's lawyers, to vary the statutory award because it's "just and equitable in all the circumstances" [emphasis added].

This is where the law isn't like a program. There's very little IF ... THEN ... ELIF ... ENDIF.

8
0
Jonathan Richards 1
Bronze badge

Re: Question

Hmm. The Guardian counts as major dead wood publication, I think, and they covered PRP recognition of Impress in October: Max Mosley-funded press regulator recognised as state-backed watchdog.

1
0
Jonathan Richards 1
Bronze badge

Re: "The part that says that a publisher has to pay all costs, even if they win in"

> does not come in to force until a Regulator is set up

... which happened back in October when Impress was recognised by the Press Recognition Panel.

3
0
Jonathan Richards 1
Bronze badge

Re: I want to sign but...

Attempted explanation of the dilemma faced by El Reg, though IANAL either:

Key point: there is currently no choice of "approved regulator". Only Impress has received approval, and for the reasons Gareth explains, submitting to regulation by (and paying subscription fees to) Impress is unpalatable. IPSO is the industry's response to the widespread call for a regulator to curb excesses of The Press (phone 'hacking', making stuff up, etc.) following the Leveson report, but it's not approved so membership doesn't give a publisher the protection from the Section 40 jeopardy.

Corrections/amplifications welcome.

References:

Impress recognition [guardian.com]

Impress site [impress.press]

12
1

FBI let alleged pedo walk free rather than explain how they snared him

Jonathan Richards 1
Bronze badge
WTF?

Re: Not proven

> I would like to keep the world's paedos in doors wanking to pictures ...

Would you like to volunteer your own children to take part in the photoshoot for those pictures, perhaps?

0
8
Jonathan Richards 1
Bronze badge
Stop

Re: 'We...

> Do the images protect our kids after all?

One thing is certain. Unless the images are cartoon/CGI then one or more real children have been abused and exploited to make it. Stamping out the incentive to create images like that will protect children other than mine, and that's a fine objective, right there.

8
5

Dotdot. Who's there? Yet another IoT app layer

Jonathan Richards 1
Bronze badge

Domain naming opportunity

I suppose there's no chance that someone will decide to document the rush to implement this (ha!) at dotdotdash dot com, morse the pity.

That still reads better than 'colonpipepipe', though, which has unpleasant overtones of, um, irrigation...

3
0

Twas the week before Xmas ... not a creature was stirring – except Microsoft admitting its Windows 10 upgrade pop-up went 'too far'

Jonathan Richards 1
Bronze badge
Thumb Up

Re: M$ Long History

Version 1.0 proposed a toast:

> a big Christmas Cheer to the unsung coders

If I remember correctly, most device drivers were written by the device manufacturers, not by Microsoft. Before the internet was a useful channel for software distribution, one got a floppy disk [1] (maybe even a Compact Disc <gasp>!) with drivers thereon, bundled with the hardware device. The ISA card manufacturer (per your example) would have been on the hook for supplying and debugging device drivers, not Microsoft.

I subscribe to the sentiment re the unsung coders, though!

[1] Exhibit A: ftp://ftp.msan.hr/drivers/LAN/3COM/3C509B-tpo/README.TXT

1
0

Peace comes to troubled embedded-Linux-for-routers community

Jonathan Richards 1
Bronze badge

Called it

Just sayin' :)

9
0

Sneaky chat app Signal deploys decoy domains to deny despots

Jonathan Richards 1
Bronze badge

Agreed

> I think Signal underestimate how much control these places want over their populaces

Indeed. Outside the USA, not many of us use google.com. If the authorities block google.com, would users still be able to reach google.com.eg? Signal developers may have bought into the 'Google is the Internet' idea.

2
1

Virgin America mid-flight panic after moron sets phone Wi-Fi hotspot to 'Samsung Galaxy Note 7'

Jonathan Richards 1
Bronze badge

Re: Not just US

Definitely not just US. I flew a lot in South America recently, and all the regional airlines we used had announcements during boarding, telling passengers that Galaxy Note 7 devices were banned.

3
0

Support chap's Sonic Screwdriver fixes PC as user fumes in disbelief

Jonathan Richards 1
Bronze badge

It really was the EM field!

Scene: 1994, office with synthetic fibre carpet and wheeled office chairs with which to sit at desks bearing computers running Windows 3.11.

If one scooted the chair across even a moderate stretch of carpet, a static charge built up which was quite painfully discharged once one touched an earthed surface. I got into the habit of discharging by touching my wedding ring to the metal desk frame, (which produced a nice fat spark but no pain!), and noticed that doing so would frequently lock up my PC. For a while we worried about the quality of the electrical earthing, but all was well there. We conclusively demonstrated that moving the keyboard a foot or so up off the desk prevented the lockups: apparently the discharge through the frame induced a voltage spike in the keyboard that was transferred to the PC (keyboards had PS/2 connectors then, not USB) and the motherboard didn't like it.

2
0

Crim charges slapped on copyright trolls who filmed porn, torrented it then sued downloaders

Jonathan Richards 1
Bronze badge
Devil

Re: Not News!

> Go read Ken White's account ...

+1

Here is the link to the latest of Ken's articles, which the good Dr Syntax unaccountably failed to supply.

0
0

Houston, we have a problem: 'App dev stole our radio station'

Jonathan Richards 1
Bronze badge
Facepalm

Re: one side of the story

I've come late to this thread, and the AC twerp who posted 'one side of the story' has had his post deleted by a moderator. I can piece together part of the yarn from the quotes in the replies, though. What a colossal idiot! Cue a request for web logs to El Reg from The Plod in 5, 4, 3, 2, ...

0
0

Galileo! Galileo! Galileo! Galileo! Galileo fit to go: Europe's GPS-like network switches on

Jonathan Richards 1
Bronze badge

>For what purpose?

"connected services for drivers, including real-time traffic and weather reports and accident or road works warnings"

Apparently.

Source: https://www.gsa.europa.eu/newsroom/news/satellite-navigation-core-future-connected-car-systems

11
0

Uber to Cali DMV: Back off, pal, our 'self-driving cars' aren't self driving

Jonathan Richards 1
Bronze badge
Stop

Re: Typical Uber

> the money you're paying them isn't paying them

Prolly, it isn't money at all... which means it can't be taxable! Doubles all round!

Uber's corporate behaviour reminds me of that of a bolshy teenager, always trying to find a smartass way to get one-up on long-suffering parents.

14
0

A single typo may have tipped US election Trump's way

Jonathan Richards 1
Bronze badge
Unhappy

Gut feelings === FA

Ah, but this is the post-truth world, where we are tired of experts, and irritated by facts. Expect more insane court decisions shortly!

I considered the Joke icon, but this one is more appropriate =>

11
1
Jonathan Richards 1
Bronze badge

Re: legitimate/illegitimate

It takes a little time, but if everyone re-read what they had just written before committing the message, fewer mistakes would be made [1]. I'm a bit too far the other way in this respect: I will now click 'Preview', check for spelling mistakes, repunctuate, 'Preview' again ...

[1] ... and add footnotes. The trick in proofreading your own work is to dis-remember what it was that you *think* you have written (because that's what your brain will see, half the time). Advancing age is a great help :)

[2] repunctuate seems not to have been a real word... until now.

10
0

Military reservist bemoans frost-bitten baby-maker on Antarctic trek

Jonathan Richards 1
Bronze badge
Thumb Up

URL

Ooo! Lawyer-baiting in the URLs, is it? [icon => ]

9
0

Top tech company's IP was looted by China, so it plans to hack back

Jonathan Richards 1
Bronze badge
Go

One way links

Data Diodes are a thing.

2
0
Jonathan Richards 1
Bronze badge

RAND

Simon says this was run by the RAND corporation. They've been researching, and influencing policy, for sixty-odd years, so yes, I would expect the outcomes at least to be placed within easy reach of the policy-makers and executives. Whether they take any notice is somewhat up to people like the Reg readership - there won't be, for instance, a security quality star rating system, unless there's a widespread call for it.

http://www.rand.org/about/history.html

3
0
Jonathan Richards 1
Bronze badge
Pirate

Ground rules re: Errr

> scrap[e] search queries for ... IP ideas

Ideas are not intellectual property. No-one can own an idea: this is not some utopian ideal, it is a settled matter of law. What you can own is a state-granted patent on an implementation of an original idea or innovation. It is crucial to note that the patent MUST disclose the idea, and the innovation, in enough detail for someone else to implement it. If what we are seeking is a better way of protecting the direction of innovative research at e.g. the hypothetical Green Tech Company, then not shoving illuminating search queries into public search engines would be a hot favourite.

8
0

Linus Torvalds releases 'biggest ever' Linux 4.9, then saves Christmas

Jonathan Richards 1
Bronze badge
Stop

Re: Wrong, you are...

OK, I'll bite.

One of us is wrong, and it depends on your OS which that is. I'm running a KDE/GNU/Linux machine, and if I press Alt-Ctrl-F1 I can have a CLI from which I can shut down the GUI1 and the machine continues to run. The virtual Teletype terminals are certainly not macros sitting on top of a graphical user interface.

If you're running a recent version (like later than 3.1.1) of Windows, then yes, your CLI (cmd.exe or powershell) is an emulated terminal running in your GUI. If you kill the window manager, then your CLI disappears with it.

'Macro language' is still pretty much wrong, though. The CLI doesn't automate the GUI, e.g. by simulating mouse inputs; it provides alternative commands to manipulate operating system objects like files.

1 jonathan@Odin:~$ sudo service lightdm stop

7
1
Jonathan Richards 1
Bronze badge

PHBs from the 80s, In re: What's wrong with a CLI?

Eighties? I worked for PHBs in the nineteen-eighties (for certain values of 'pointy'), and none of them would have had a clue what to do if you had placed them in front of any sort of computer interface. GUIs then were rudimentary - Windows 1.0 was released in late '85. The rise of personal computing has been faster than we sometimes remember. It was the middle of the nineteen-nineties when giving computers to office workers as a productivity tool [1] became normal. I submit that the productivity value for PHBs even then was questionable: someone else has pointed out the whole secretary-prints-the-email thing (this still happens, and it's 2016!).

[1] Scientists and engineers had been using computers for computing stuff, and for information retrieval, for quite some time, of course. I'm talking about word processing and spreadsheets for administration.

2
0

Samsung, the Angel of Death: Exploding Note 7 phones will be bricked

Jonathan Richards 1
Bronze badge

Re: the precedent this sets if a manufacturer can

Remember the Sony Playstation update that removed much-loved OtherOS functionality?

I have to say that Samsung are in a hard spot here. Suppose they *didn't* take steps to render safe these devices, when they have a mechanism to do so. Are they then liable for increased damages? I bet you can find a lawyer who would say so.

A better change might be one that destroys the ability of a battery to hold a charge (maximum chargelevel := 1%). The phone would still work when connected to an external power supply, then. Maybe there's no way to do that with an over-the-air update.

Afterthought: you're never going to get 100% of phones turned in for refund, anyway. How many have been stolen, or dropped in the lav.?

1
1

Latest loon for Trump's cabinet: Young-blood-loving, kidney-market advocate Jim O'Neill

Jonathan Richards 1
Bronze badge
Stop

Market forces

If Mr Trump was in need of a kidney, he might buy one of mine... Only he can't afford it.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017