* Posts by Adam 52

1124 posts • joined 18 Jun 2009

Page:

El Reg straps on the Huawei Watch 2

Adam 52
Silver badge

Re: Does it do WiFi and tethering?

Hmm. BMR of 80W, smartphone consuming 2W. Means a 40 yr old can eat like a 20 yr old. I like it!

Probably won't be able to eat whatever I like though if I've only got a few watts to play with.

0
0

Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice

Adam 52
Silver badge

Re: The long arm of the Law

Still a crime in Ireland though:

http://www.irishstatutebook.ie/eli/2001/act/50/section/9/enacted/en/html#sec9

7
0

Microsoft court victory prompts call for data-grabbing regime

Adam 52
Silver badge

The NYT has quite a nice article on this subject. If you can read to the end then they start to talk about other leaks that they, and I suspect most other people, feel were in the public interest.

https://mobile.nytimes.com/2017/05/25/world/europe/manchester-bombing-leaks-donald-trump.html

2
0

T-Mobile goes Apple/Google route by separating phone numbers and devices

Adam 52
Silver badge

What's the betting that the App will want permission to everything and come with a whole load of terms and conditions that say T-Mobile's can abuse them to their heart's content?

3
0

UK ministers to push anti-encryption laws after election

Adam 52
Silver badge

Re: Banning encryption is unenforceable

https://en.m.wikipedia.org/wiki/Steganalysis

0
0
Adam 52
Silver badge

Re: Politicians - technically ignorant at best.

That seems somewhat uncalled for. Jaitch has a reputation here and doesn't hide behind an Anonymous username. On first inspection his English is better than yours, certainly more erudite; although criticising someone for not speaking English as a first language​ does make you seem a little racist.

5
1
Adam 52
Silver badge

Re: The encryption horse is free

"If this were the case, then why did May cut funding to the police when Home Sec"

Because May wants the Police to be (a) employees not independent Crown servants [and therefore able to tell her to eff off] and (b) privatised [ideally to her husband's company].

5
0
Adam 52
Silver badge

...Or Labour. Although Labour promise judicial oversight they propose to keep the surveillance pretty much unchanged.

3
2
Adam 52
Silver badge

Re: There was a time.....

Getting re-elected by turning another group of people into villains has been standard practice for politicians for millennia.

5
0
Adam 52
Silver badge

Re: The encryption horse is free

"No encryption means..."

Nobody is proposing no encryption. Not even an unnamed source in a dodgy newspaper just before an election. There's enough to be worried about here without making up ghosts.

5
16

Google wants to track your phone and credit card through meatspace

Adam 52
Silver badge

Re: Google may be afraid someone is about to discover the king is naked...

The way it was done in the old days of TV advertising was simple. You sell x widgets. You advertised during Coronation Street and you sell x+n widgets. You stop advertising, your sales drop, you start your sales increase. Correlation is not causation but who cares if you've got a lever that makes sales go up.

These days there are some hugely clever stats PhDs and more logs to mine but the basics are the same.

As the poster above says, the Internet has massively increased the available ad space with a corresponding drop in price.

And that's before we even get started on real-time bidding.

0
0
Adam 52
Silver badge

" If I want to buy something then I research it then buy from a trusted retailer or one that offers a good price."

What makes a retailer trusted? Personal experience, yes, but also that they have invested in the brand. Part of that is advertising. A brand that has invested in advertising is more likely to care about quality and more likely to fix problems, out of brand protection.

The point of a large amount of Internet advertising is to influence the research prior to the purchase decision, to stimulate demand and to influence decision making.

The AC above hasn't seen the numbers. I have. Dr Syntax says we can lie with stats; we can but I don't (often) lie to myself. More importantly my data mining algorithms don't have a bias, and they tell me advertising works with a huge degree of confidence.

As for those of you claiming never to have seen an Internet advert in your life ever. Well, I suspect your memory may be faulty.

1
2
Adam 52
Silver badge

"Has anyone ever bought anything on the strength of a web advert? I know that I haven't."

Short answer is yes. Lots of people, almost certainly including you.

5
13

EU ministers approve anti-hate speech video rules

Adam 52
Silver badge

Re: And counting down

This is not an EU thing. You'll note from the article that the Westminster government wants the same thing.

4
0

Redmond puts wall around Windows 10 for Chinese government edition

Adam 52
Silver badge

Re: A tough choice, who to trust

You don't have to trust either, just rely on their self interest. Microsoft want to sell you stuff, the Chinese government want to blackmail and steal intellectual property.

So for work use Microsoft, at home the Chinese government. Unless you are a particularly attractive blackmail target.

1
1
Adam 52
Silver badge

This could be interesting. So it is technically possible for MS to build this OS without the telemetry. So the required by law, necessity and corporate interest basis for processing allowed by GDPR wouldn't apply to Windows. There's clearly no safety of life justification so Microsoft are going to have to rely on consent. How many people are going to explicitly consent?

Anyone want to join a collective action (allowed by GDPR) to get Microsoft one of those 4% of global turnover fines?

Internet Explorer bundling all over again.

6
3

IT firms guilty of blasting customers with soul-numbing canned music

Adam 52
Silver badge

Re: LiveChat with support staff

Virgin media, for example. Their Indian call centre is much better than the UK one.

2
0
Adam 52
Silver badge

Re: To be fair...

"Woah, customer service lines in the UK are premium lines?"

They aren't. In fact the rules for premium lines specifically prohibit it.

But we do have a set of not-strictly-premium but not-bundled and therefore more expensive than usual numbers where the called party gets a cut of the termination fee.

Basically our incompetent regulator created loads of loopholes and the ingenious phone companies drove a horse and cart through them.

0
0

Amazon Drive bans rclone storage client

Adam 52
Silver badge

Inadvertently committing API keys is easy. That quick one-off script with embedded credentials because it was only supposed to take a couple of minutes to write and then be discarded, or later version that reads from config but the config lives in the same directory and got swept up in a git add. Or when your tried and trusted .gitignore got left behind.

Or you coded everything right but put a screenshot of the config file in the documentation to show others how to do it, because you're conscientious like that.

It's a problem because even the simplest credentials file rapidly becomes too complex to remember so a template needs to be stored somewhere.

AWS would push server roles, but that comes with a whole load more 'anyone who compromises one server compromises all the cloud stuff it has access to' issues.

As with all these things; there are those who've done it, those who will do it and Reg commentards who criticise from the sidelines.

3
0

Why Uber threw top engineer Levandowski under self-driving bus

Adam 52
Silver badge

Re: Thief being betrayed by thieves

I would wait for a court decision before making those sorts of extremely libellous allegations. Nobody knows the facts yet.

0
2

Google cloud glitch hits at Beer O'Clock Friday, fix coming Monday

Adam 52
Silver badge

Have you read the standard Google T&C and the SLA? If you're expecting any meaningful compensation for any sort of outage, data breach etc. then you'll be sorely disappointed.

Supposing Google lose your Cloud SQL backup and you get fined €10 million by the regulator. Google will compensate you about $3000, and it'll cost you thousands in Californian lawyers to get it.

3
1

Wannacry: Everything you still need to know because there were so many unanswered Qs

Adam 52
Silver badge

Re: This sure beats reading newspapers

"Indeed, all the "experts" using this as an excuse to bash the NHS are looking pretty silly right now"

I don't think I am. I asked:

"As we discovered last time the NHS had a ransomware attack - which must have been all of a few months ago - everyone has full permission on everything at an SMB level.

If this turns out to be spread via SMB or anything below layer then someone needs to explain how the network was configured so badly."

It still seems a perfectly reasonable question.

3
0

LastPass now supports 2FA auth, completely undermines 2FA auth

Adam 52
Silver badge

Being a bit pedantic LastPass doesn't do 2FA. Because LastPass in non-2FA mode doesn't do any authentication, it just lets anyone who knows the decryption key decrypt, LastPass's 2FA is their one and only means of authentication.

0
0
Adam 52
Silver badge

Re: Better alternatives...

"This is no less secure than using Google Authenticator app separately,"

With Authenticator your 2FA seed is held locally. With LastPass's version it's at LastPass and therefore vulnerable to an attack on LastPass.

"Much like KeePass, if they get your master password they're still in your vault."

No they can't, just having a KeePass password doesn't help you without the database whereas a LastPass vault can be accessed from anywhere worldwide if you know the password.

" Alternatives like KeePass don't even have the capability to implement 2FA"

Oh yes they do.

"let alone have it exploited :-/"

LastPass's authenticator leaves all your 2FA vulnerable, not just you LastPass vault.

Oh, and whoever preferred the LastPass GUI to KeePass. Each to their own but you are weird! Why on earth would "add item" in a shared folder add a private item? Why do you have to add an item to a private folder, then find it, the click share to share it? Why is there no way to tell the difference between a genuine LastPass user and a random phishing address when sharing secrets? The list goes on.

1
0

Julian Assange wins at hide-and-seek game against Sweden

Adam 52
Silver badge

Re: big savings

It's a embassy. The Met will have someone there anyway. This way they get to charge for that person against two budgets and spend the spare cash elsewhere.

6
1

ZX Spectrum reboot firm slapped with £52k court costs repayment order

Adam 52
Silver badge

Re: Lawyers

The sums are fairly simple. There was £600,000 in the business and the lawyers got £50,000.

If you're a disgruntled investor or customer then you might want to ask where the other £550,000 went.

3
0

Sorry Google, it's boring old workloads that are pumping up AWS and Azure, not sexy AI

Adam 52
Silver badge

Re: "to pay big dividends..

"P/E ratio of 112. That would be 112 years to double your investment, if it distributed its profits this year."

And your point is? Clearly they have no need to pay a large dividend to maintain perceived shareholder value. Unlike, for example, Railtrack, which had a P/E of 12 just before all the investors lost everything.

"migration to other data centres in the event of failure ... then in February the AWS East-1 data centre went titsup."

And again your point is? us-east-1 had an outage on one service, and people migrated elsewhere just like the promise.

0
0
Adam 52
Silver badge

Re: Google sure is full of themselves

Google's VM tech is substantially different to AWS's. Amongst other things it lets them spin up VMs more quickly than AWS and lets them offer customer selected memory/CPU options (as opposed to the families that Azure and AWS offer).

That, in turn, let's them offer things like BigTable and BigQuery. AWS can match, but not as efficiently because they have to keep more spinning reserve.

And then there's stuff like Spanner.

Look at something like AWS Athena. A Google idea copied by some Hadoop folk at Facebook, commercialised by AWS and released 7 years after Google published.

2
0

Bloke charged under UK terror law for refusing to cough up passwords

Adam 52
Silver badge

Re: Life sentence

"Yeah, it's 3 months in prison. And when he's released, plod is waiting outside the gates to ask him his password."

No it can't. If only because nobody is arguing that there is an authority under terrorism legislation to demand a password at prison gates. The authority at a port is yet to be clarified by the courts.

The courts have been clear that passwords under other circumstances cannot be demanded in this way and the police/SCA/customs must use RIPA.

1
0
Adam 52
Silver badge

Re: IIRC there already was legislation for password request and it's got a 2 year sentence

Almost completely wrong on all counts.

RIPA was introduced in 2000, during Tony Blair's premiership.

The Terrorism Act was also introduced in 2000, and included various search powers, some of which have been amended or repealed since.

Section 7 applies to ports and airports, and says:

"A person who is questioned under paragraph 2 or 3 must—

(a)give the examining officer any information in his possession which the officer requests;

...

(d)give the examining officer on request any document which he has with him and which is of a kind specified by the officer.

This new interpretation of refusing to disclose a password as obstructing a search is novel. It is not a power explicitly granted by the terrorism act and is a Police/immigration use/abuse, although the CPS clearly concur.

Expect a conviction at the magistrates and then an interesting appeal before a proper judge who actually understands law. I wouldn't want to call it (although once the judge is named we can have a good guess).

19
1

Sick of Java and C++? Google pours a cup o' Kotlin for Android devs

Adam 52
Silver badge

Re: Statically typed languages. Whatever will they think of next?

The goal was to reduce verbosity...

2
0

Clouds' crazy kinks can spin your wheels and lead you to mistakes

Adam 52
Silver badge

Re: Top AWS and Azure IaaS mistakes you'll want to avoid

"Let me get this straight, the 'cloud' fails at basic file transfer"

I wouldn't say fails, but the vendor supplied tools are basic and the APIs require you to understand how to make best use of a WAN link. Sort of thing that used to be considered basic programming. There is a niche for products like s3browser.

" and automatic backups?"

He didn't say there was anything wrong with the automatic backups, just that you need a backup strategy. Lots of products don't have automatic backups and it would be prudent to know what those are. Possibly the most obvious is ec2.

" The entire raison d'être and selling point of moving to the 'cloud.'"

I would say that if that's your reason for moving to the cloud then your reasoning is fundamentally flawed.

0
0
Adam 52
Silver badge

This is one of the best articles I've read in a long time. Sorry, nothing more constructive to add, other than to second the recommendations.

3
0

Virtual reality upstart UploadVR allegedly had in-house 'kink room,' drugs, rampant sexism

Adam 52
Silver badge

Re: Social skills..

Hint for those lacking in critical thinking skills. If a story appears completely one-sided and describes an extremely implausible situation then the chances are that it is inaccurate.

0
0
Adam 52
Silver badge

Re: The law?

Every other post that attempted to examine the veracity of the comments has been deleted by the mods, presumably because El Reg is concerned about republishing libellous allegations. I expect yours to go soon!

0
0
Adam 52
Silver badge

Re: Sour grapes

"So, in the interest of full disclosure: you think an executive telling a female employee that he has a boner and needs to go masturbate is appropriate?"

Turn the question around. Would a female exec saying that she's a bit turned on and needs a private moment be a headline story on El Reg?

Don't get me wrong, there may be a core of truth to these allegations - and at the moment they are just unsubstituted allegations - but I think they've been garnished with salacious and irrelevant details precisely to blackmail the company into settling to avoid a public embarrassment and a the plaintiff having to prove the allegations in court.

6
5

This post has been deleted by a moderator

US judges say you can Google Google, but you can't google Google

Adam 52
Silver badge

Re: If Bing was more popular

I've just finished a foundation degree. I only noticed after a few bad marks that the coursework answers that the examiner wanted were all on the front page of Google but nowhere to be found on Bing and Startpage.

2
0

German court set to rule on legality of IP address harvesting

Adam 52
Silver badge

Re: Please don't

"which we can identify where attacks come​ from"

You can do the same with a hash of the IP address and the network block, you don't need to store IP.

It's called privacy by design, and is about to become a lot more important.

3
0
Adam 52
Silver badge

I fear this may be badly argued and set a poor precedent. IP addresses often do identify an individual - as the Article 29 working group concluded - and their use in conjunction with other available datasets almost certainly will.

But some wannabe hero on a piracy crusade going to mess it up. Better to get the precedent set on a case about the government tracking abused children or something not some nerds wanting to get away with copyright infringement.

2
3

Google DeepMind's use of 1.6m Brits' medical records to test app was 'legally inappropriate'

Adam 52
Silver badge

Re: Paper Tigers

Couldn't agree more. Although it would be the GMC that fails to do do the striking off, not the BMA.

4
1

16 terabytes of RAM should be enough for anyone. Wait. What?

Adam 52
Silver badge

Re: Back in the day...

"A humble old 8086 would take about 6 months just to zero that lot."

Too often people forget this. The current generation of in-memory systems that this box is aimed at can quite easily become memory bandwidth limited. There's a tendancy to assume in-memory will be fast and you can use simple data structures (looking at you SQL Server and TimesTen), but at this scale that's not necessarily true. That Intel CPU will do 85GB/sec according to the spec sheet (not sure if that's bytes or bits) so it'll take a minute and a half to table scan 8TB - which is a long time for someone expecting interactive performance.

9
0
Adam 52
Silver badge

VPC

"But this instance type will only be sold as a virtual private cloud"

I don't think the author understands what this means. ec2-classic has been deprecated since 2014 almost everything ec2 these days runs in VPC mode, it's nothing special.

4
0

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

Adam 52
Silver badge

Re: Liability question

Crown immunity went in the 80s and doctors are answerable to the GMC (and the courts). The BMA is more of a trade union (although, ironically, more pro-patient than the GMC)

0
0
Adam 52
Silver badge

Re: If you cannot patch it quarantine it

If you look back up the thread to the OP, "they" is the "criminally incompetent people running NHS IT and their bretheren". Criminality remains, of course, unproven.

NHS IT covers everything I mentioned, and it's all part of the same government department. If it were one trust we were talking about you may have a point, but it isn't.

0
3
Adam 52
Silver badge

Re: Liability question

The NHS Trusts aren't in the clear. The medical professionals are still on the hook for professional misconduct, and that's a personal responsibility that they shouldn't (in theory, but will be able to in practice) be able to duck.

Patient data should be secure. Running insecure software on an insecure LAN isn't in any way an "appropriate technical measure".

8
0
Adam 52
Silver badge

Re: The lull before the next storm rolls in

How many vulnerabilities would there be in an unpatched Linux from 2001?

And (this may be controversial) how easy would it be to upgrade to a 2017 version? I have a sneaky feeling that XP -> 10 breaks much less than Redhat 6 to RHEL 7. That's assuming you'd move from Redhat to RHEL and suck up the cost.

4
11
Adam 52
Silver badge

Re: If you cannot patch it quarantine it

"From my (limited) experience with them, they don't have enough staff time to do that."

They have enough time and budget to run an entirely pointless £10bn IT project.

They have enough budget to replace a perfectly good phone system with one that doesn't work.

They have enough time to bulk export patient data for Google and the Department of Health.

The sad truth is that protecting patient confidentiality and keeping the NHS actually treating patients takes a back seat to vanity projects.

The NHS budget is £123bn. That sort of money buys a lot of negotiating power with suppliers. Or it would if wielded properly.

7
16

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Adam 52
Silver badge

"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media."

Oh dear, an IT manager dinosaur. You guys are in trouble. Securing the perimeter is a hopelessly outdated model.

If you make your systems unpleasant to use people will work around your restrictions.

Accept that your network will be compromised and design everything with that scenario in mind.

6
8

Page:

Forums

Biting the hand that feeds IT © 1998–2017