* Posts by Colin McKinnon

30 posts • joined 11 May 2007

UK cyber security boffins dispense Ubuntu 18.04 wisdom

Colin McKinnon

Re: VPNs?

Go read the linked page at www.ncsc.gov.uk.

"To meet the principles....Use a Prime or Foundation Grade IPsec VPN client configured as per that product’s security procedures to give data-in-transit protection."

This contains a link to "approved" software including IPSec VPN clients.

Now guess how many are listed for Linux. Or just follow the link and have a look for yourself.

A fine vintage: Wine has run Microsoft Solitaire on Linux for 25 years

Colin McKinnon

Personally I haven't owned a MSWindows computer since OpenOffice added support for pivot tables (but still have to use them in work). But, to get to the point, have you actually used Office365? It really is appallingly buggy. Google's offering works OK, but is limited in features and I can't get my head around how to manage large, distributed sets of files.

GNOMEs beat Microsoft: Git Virtual File System to get a new name

Colin McKinnon


Deferred loading = lazy loading,

ergo Lazy Git File System?

Microsoft emergency update: Malware Engine needs, erm, malware protection

Colin McKinnon

Is it just me?

....Millenium Edition,

Myalgic Encephalomyelitis,

Management Engine

and now Malware Engine

Stick to the script, kiddies: Some dos and don'ts for the workplace

Colin McKinnon

Am I missing something?

"Scripting is now the first choice for clued-up administrators who want to get things done quickly and in an automated fashion"

- what was it before now?

Hey, you know why it's called the iPhone X? When you see Apple's repair bill, your response will be X-rated

Colin McKinnon

HP/PC World are worse

At least Apple are selling some electronics wizardry for the price. PC World want to charge me £70 for a failed retainer clip (little piece of plastic costing pennies) when it failed after 30 hours of use and "not covered by manufacturer's warranty".

(and PC World managed to "lose" the broken part as well, so I can't claim under the Consumer Acts right)

Red Hat banishes Btrfs from RHEL

Colin McKinnon

"“lack of native file-based encryption unfortunately makes it a nonstarter"

Yeah - because we really want embed (lots of incompatible, independently developed implementations of) encryption within the filesystem rather than using well managed code sitting on top or beneath the it.

Confessions of an ebook eater

Colin McKinnon

If only....

"Insist on proper EPUB files. You will thank me for this"

....once you've found an e-book reader that works properly. Unfortunately there are a lot of bad ones out there.

Even just differentiating code from narrative by styling becomes a major logistical exercise - nevermind attempting some of the more complex typographical feats of daring-do which are run of the mill in technical books such as footnotes, callouts etc.


UK.gov snaps on rubber gloves, prepares for mandatory porn checks

Colin McKinnon

Fool rule fuels fullz

(sorry, just had to get that one out of my system)

Microsoft shrugs off report that Edge can expose user identities from JS Fetch requests

Colin McKinnon

Re: RE: Microsoft shrugs off report that Edge can expose user identities from Fetch requests

> Quite a few Opensource projects have exactly the same blind spot

....but at least you can properly investigate the problem and fix it yourself if you so choose. And you're not paying for the poor service.

How to nuke websites you don't like: Slam Google with millions of bogus DMCA takedowns

Colin McKinnon

Sympathy for the devil

When I first published "LAMP Performance end-to-end" the top hits for searches in Google (ranked above Amazon, Google play, Smashwords and other places where this is legitimately for sale) were for book club scams offering "free access" - the sites pop up like wack-a-moles.

(From what I've been able to determine there are 2 entities which are behind the majority of these, but setting up a website anonymously and artificially boosting the search rankings is very easy)

In recent months such have declined in the rankings - probably as a result of these bulk takedown notices. It might be a blunt instrument but as a result, content owners benefit and so do consumers. The only people being inconvenienced here are Google and the scammers.

UK's education system blamed for IT jobs going to non-Brits

Colin McKinnon

Not enough people studying for A-levels

"But the subject remains a minnow compared with..."

It seems to be attracting a lot more candidates than A-Level Surgery and A-Level Airline Piloting.

Hacked in a public space? Thanks, HTTPS

Colin McKinnon

Must try harder

"you need to hack the coffee shop's router" - no you don't. You even explained why this not necessary in the preceding paragraph.

"Certificate pinning, though, is limited to Google sites at present" - no it's not

"Some browsers such as Chrome use a new technique called certificate pinning" - That would be Chrome, Midori, Firefox, Opera, but not MSIE/Edge currently (not aware of status of Safari).

India continues subsidising elite IT schools

Colin McKinnon

....when Indian graduates are paying huge amounts (a tenth of the cost of a years tuition at an english university) to get an IT degree

This is why copy'n'paste should be banned from developers' IDEs

Colin McKinnon

> man true: returns true

So does `man false`

Online VAT fraud: Calls for government crackdown grow louder

Colin McKinnon

Re: Let's talk VAT numbers..


Sad that everyone here is quibbling over the precise thresholds for compulsory VAT registration and ignoring the fact that treating sellers without VAT numbers as potential criminals demonizes very small businesses and private individuals.

Whats to stop the government legislating to require payment processors to notify them of VATable transactions?

WIN a 6TB Western Digital Black hard drive with El Reg

Colin McKinnon

Naked photos of insurance marketing exec linked to Ashley Madison incident

European Parliament reports HACK ATTACK, turns off public Wi-Fi

Colin McKinnon

Not SMTPauth - HTTP SSLStripping

The linked post seems to be of the opinion that the cause of the problem was a bogus web login page (or, SSLstripping+sniffing).

If SMTP (and POP and IMAP and active sync) were hard configured to use SSL, then no details would have been revealed - the client would not fall back to a non-encrypted connection.

It begs the question of how the attacker was able to redirect a browser to the non-SSL login page - at a guess the login page must be the gateway to a captive portal.

"wasn't encrypted [...] So a MiM attack is pretty straight-forward" - disagree - the layer at which you implement encryption is not nearly as important as how you implement the encryption.

BAN THIS SICK FILCH: Which? demands end to £1.50-per-min 'help' lines

Colin McKinnon


While I have been extremely frustrated by support services (regardless if I'm paying for them or not) it costs money to develop, man and maintain these. Recovering some of the costs from a revenue share means that the costs are not being passed on to the customer via another route.

Removing charges from support services means anyone who

- takes time to RTFM

- bothers to think about their problem

....will be subsidizing the stupid and the lazy.

But worse - it actually ecourages people to be stupid and lazy.

At least with a charged model you have the opportunity to recover at least some of the costs - when it's 'free' you'll never get your money back when it's the service provider's fault.

Buying a petabyte of storage for YOURSELF? First, you'll need a fridge

Colin McKinnon

Somewhat lacking in substance

Bit disappointed in this article - heavy on rhetoric, a bit of opinion and no facts.

BTW, how much would it cost? In 2009, the guys at Backblaze costed their solution at 74,000 UKP per Petabyte.


EE touts 4G Sim-only tariffs

Colin McKinnon

hmm, 500Mb at 20Mb/second

Even assuming that's MegaBYTES of data and megaBITs of bandwidth, that's 200 seconds to use up your quota (if we conveniently ignore congestion avoidance).

Can a user really do BI from the desktop?

Colin McKinnon

Problem in chair not in computer

Of course they can "really do BI from the desktop" the problem is a bit more complicated.

Making tools easier to use and more integrated does not resolve the fundamental problem: in order to produce accurate information from data you need to understand the structure of the data and the effects of transformations you apply.

Users have had access to spreadsheets for a long time - and in my experience, the quality of the tools they produce using such spreadsheets varies greatly. I've seen millions of pounds lost by a business due to a single bug in a spreadsheet application created by a user (tool was never tested, never documented).

Actually, I think BI on the desktop is a great idea - after all, the further we can keep *some* users from production systems the better ;) Once again, from personal experience, I've seen people without extensive IT training bringing a production system to a halt by running badly behaved / innefficient applications on transactional systems.

So we can give the users tools which are easy to use, we can train them in data structures and development processes, train them how to test their applications, provide them with version control systems and document management systems....at what point do they cease to be 'users' and become 'developers'?

Wii Countdown conundrum brands family 'SH*THEADS'

Colin McKinnon

Wow - amazing software!

How did it know they were Sun readers?

Unfeasibly vast amphibian found croaked on video card

Colin McKinnon

Maybe it was smaller...

..then ate all the bugs?

Microsoft defends Hotmail's cookie requirement

Colin McKinnon

Even from Microsoft this stretches the bounds of credibility

If third party cookies are not a security risk then why does Microsoft Internet Explorer (and every other mainstream browser) not allow them by default?

Their stated reason for using such cookies amounts to "we don't know how to, or can't be bothered writing a web-based single sign-on solution".

Does the Linux desktop need to be popular?

Colin McKinnon

Their own worst enemy?

I work in IT and like Linux, but I often wondered why other people just didn't seem to get it. Was the political and economic factors colouring my judgement of the useability of the system?

When I started my current job, I was forced to go back to using a Microsoft OS and apps desktop - I found it a big struggle. Slow, unreliable, difficult to move data between tools, hard to manage, poor ergonomics. There are some things I think MS does better - SMB makes a lot more sense than NFS for most purposes, mailmerge in OpenOffice is still painful. But compare OpenOffice's template system with that in MS Office, or try to fix a Microsoft window above others when switching betwen apps...

I recently bought a new laptop for my daughter (aged 10) - it came with Vista, so I thought I would try it out before wiping it. Gettnig the system installed (OEMs don't ship PCs with Vista pre-intalled - merely copied onto the hard disk with a bootstrap) took hours of effort (do you really want to run this program? HTF should I know what it does?). But I persevered and got a useable system set up.

My daughter is now pestering me to install Linux on it because its so much slower and flaky than the (also 10 year old) laptop it replaced running Linux.

I welcome the fact that she's got access to Apple Macs and MS Windows machines - I think there is tremendous value in being exposed to different tools when learning about computing - it enhances the learning of the computing rather than just learning your way around a single application.

Open Source is certainly no less useable/functional as the commercial alternatives. As far as I can make out, the issue is only one of market penetration/perception.

I would agree that, with no barriers to entry, there is a lot of badly written open-source software freely available - but this is irrelevant to what most people are actually using computers for.

Spooks' favourite IT firm tells Reg readers to grow up

Colin McKinnon


I'd like to believe that Mr Sutherland bases his opinions on a rather idealised view of civil liberties.

Under his proposals, I would be a terrorist suspect if I am seen to behave like a terrorist (by which I mean shopping in the same places, accessing the same websites - rather than more blatant terrorist behaviour like blowing things up).

I shouldn't be too bothered about being a terrorist suspect since surely our criminal investigation bodies would never tamper with evidence, the courts would never convict someone wrongly, and I wouldn't be disadvantaged indirectly by, say getting the sack from my place of work due to investigation as a terrorist suspect?

Except there are lots of documented cases where exactly that has happened.

At least I am innocent until proven guilty, and can't be jailed without a public trial? Wait a minute....no, that's not the case any more.

While we do have to put up with people pimping there warez regardless of their effectiveness, I think its sad and pathetic that in the past 15 years we have replaced a legal enforcement structure deigned to protect the innocent with one designed for punishing the guilty (with little regard to the collateral impact on the innocent).

Civil liberties have intrinsic value for protecting the innocent.


Pig flu promises holidays for all

Colin McKinnon


Just tried tried the online symptoms checker.

'Wild West' internet needs a sheriff

Colin McKinnon

Follow the money.

+ instead of either acting itself or providing incentives for the private sector

+ the government insists that users are ultimately responsible for their own security

...but apparrently not *liable* for their failures. If someone runs an open SMTP relay, or fails to install patches or does not have an adequate firewall they will become the unwitting accomplices of the black-hats. While establishing a basic standard of culpability is nearly impossible (although IIRC the London Stock Exchange require listed companies to demonstrate compliance with at least part of BS7799) without accountability in such cases there is little hope of decreasing the amount of abuse and the authorities have little opportunity to track back to the origin of the problem.

It is not simply a problem of jurisdiction which prevents states from implementing effective controls - the biggest barrier is that the problem has already got totally out of control.

I'd like to believe that the newer generation will pressure service providers to provide good and effective security which works both ways (other than its SSL certificate - how does your bank/betting site/ISP... demonstrate that it truly is the organisation you have chosen to place your trust in?) but am far from impressed by the quality nor the independence of IT education in schools.

+ In the case of phishing sites, surely the first defence should be that the ISP

+ running the phishing site has an 24 hours per day instant take-down

+ obligation

Please! This would open the flood gates to a whole new denial of service vector - one which is already being exploited, but fortunately only in a few cases. I can see this would be attractive to the state because it moves the problem out of their domain into that of private litigation. This would automatically favour those who would abuse the system and disadvantages the ISP, the site owner and the end user.

I don't have the answer to these problems (unless its to install Linux!). Certainly as far as the vendor is concerned it seems to demonstrate how a market for lemons evolves and the problems inherent in monopolies.


DTI poses perennial sci/tech problem

Colin McKinnon

yes, the money - but whose opinion is this?

"Chaired by Microsoft with the DTI and several key industry representatives..."

Forget the long spoons - looks who's hosting the party.

While I couldn't agree more with the sentiments expressed in "I've said it before and I'll say it again" I worry that there are other agendas at work here. Should we allow corporate bodies (particulary foreign and multi-nationals) to have a controlling hand in steering education policy?

I'm sure every experienced IT professional has at least one story about the industry certified programmer/operator/administrator who demonstrating a complete lack of knowledge outside the approved curriculum. But at the moment, the primary and secondary education systems only seem able to provide ICT facilities by jumping in to bed with a single vendor.

Education, at least within schools, should equip our children with lifetime skills and a basis for making value judgements. I would rather my children were denied access to ICT than exposed to a corporate driven regime.

Biting the hand that feeds IT © 1998–2019