* Posts by Robert Carnegie

2815 posts • joined 30 Sep 2009

Iron Mike Pence blasts Google for its censor-happy Dragonfly Chinese search engine

Robert Carnegie
Silver badge

It exists now.

(As reported.)

0
0
Robert Carnegie
Silver badge

And this "Dragonfly" thing... exists?

Are we sure about that? Just asking.

0
1

Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln

Robert Carnegie
Silver badge

Credit where due

I think when a cool name is given to this bug, it should honour Alan Turing, since the theoretical (?) attack is a weaponised version of the unsolvable "Halting Problem". It may be logically impossible to fix it??

https://www.google.com/search?q=%22alan+alan+alan+alan%22 "Alan, Alan, Alan, Alan, ..."

3
0

China's going to make a mobile OS and everyone will love it, predict ball-gazing analysts

Robert Carnegie
Silver badge

Re: "ball-gazing analysts"

I don't say I wanted to know, but I wondered.

3
0

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

Robert Carnegie
Silver badge

"real criminals"

You may imagine that real criminals are devious masterminds. But they are just ordinary people who are doing naughty thing. Some are even of less then ordinary intelligence.

Taking at face value https://www.bbc.co.uk/news/uk-scotland-tayside-central-45731642

Three Scotsmen recently tried to fly assorted drugs by drone into Perth Prison. The drone was found by a prison officer.

It had a video camera and it had filmed the men's faces, the drugs, their house door with the number on it, and their car, while they were loading the stuff in and then presumably taking the drone to the prison.

Presumably they did not know this.

The pictures are quite good quality as home video by my standards, but I'm not a connoisseur.

Two men in the video are now in jail and one apparently hasn't been recognised yet, so, if he looks familiar, feel free to call the Police Scotland Clypeline.

5
0

Sysadmin misses out on paycheck after student test runs amok

Robert Carnegie
Silver badge

Re: Naming Schemes

A probably former admin set us up the obscure long mineral names. What a clinoamphibole.

3
0
Robert Carnegie
Silver badge

Re: "Snoopy characters"

The star - or the would-be star - is the show's unique selling point, so you name it after them, and not a snappy title that the audience is still less likely to remember. In some cases, "The Name Of Leading Performer Show" also has a different setting and even cast each week, aside from that one constant element. "Hancock's Half Hour" for instance didn't particularly start like that but ended up that way.

It's also a case where the star plays a character with the same name, which could confuse a stupid person and worries me - although with "Hancock", the show tended to be about what the cast of the show got up to when they weren't performing the show... except that that was, in fact, the show. Even more confusing. But it did make sense for Mr Tony Hancock to appear as Mr Tony Hancock.

1
0

NHS smacks down hundreds of staffers for dodgy use of social media, messaging apps

Robert Carnegie
Silver badge
Joke

Re: deeper than that

A root vegetable is one thing, the legendary Maltese Falcon is another! :-)

0
0

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Robert Carnegie
Silver badge

A year is too long AND not long enough for a password

The article makes the point that a password can be compromised, and not used... until someone in the department gets a Nobel Prize, or you migrate your application interface to the cloud, and a new opportunity is created.

Up to a limit, passwords can be remembered by the user; my limit is 6 letters and 2 digits for several different passwords, making up little phrases to remind of the letters (the numbers usually come to mind when the letters do), and if possible not changing all of them at once. I may do better if I have to. As it is, I have one format that satisfies nearly everyone's rules. 69soddit! if necessary. ;-)

But without the exercise of regularly remembering new passwords, you won't be able to do it when you do have to. It needs practice.

1
1
Robert Carnegie
Silver badge
Joke

Punctuation

"We take customers security and privacy. Very seriously." FTFY

1
0

App-y, app-y, joy, joy: Pain-free software installer Flatpak (kinda) works on Windows Subsystem for Linux

Robert Carnegie
Silver badge
Joke

"BSDSW"

I don't know what it is but I suspect it is painful. :-)

0
0

Brit airport pulls flight info system offline after attack by 'online crims'

Robert Carnegie
Silver badge

Although

If flight times were disrupted during this incident, how would we know it? Not to doubt them, but no data means no data.

0
0

Solid password practice on Capital One's site? Don't bank on it

Robert Carnegie
Silver badge

Re: I miss my old bank

Up-vote me if you meant "I used to use", but, since a dollar denominated company presumably means you're in the U.S., could be either.

0
0
Robert Carnegie
Silver badge

YOSH-OULD-DOIT-USIN-GDAS-HES☺

2
0

The Reg takes the US government's insider threat training course

Robert Carnegie
Silver badge

Re: Regarding Hamilton...

Being divorced twice is Presidential. But that's not a recommendation.

(Donald Trump is not an actor, he is a reality person, the difference being he can't act, as his appearances in films reveal.)

A purpose of the U.S. constitution supposedly is to stop the kind of thing that Ed Snowden exposed being done to U.S. citizens, so you can't really call the exposing unfair. Putting all staff of TLAs in jail would be a bit awkward but not really unjust. The fact that TLAs of various countries sometimes did the spying on each other's entire populations instead of their own and then sent each other the backups is not an acceptable loophole.

7
1

UK.gov tells companies to draft contracts for data flows just in case they screw up Brexit

Robert Carnegie
Silver badge

Re: Transfer

Once Britain leaves, the EU can legally declare war and get it back as an administered territory. I'd find that funny, but be careful what you wish for.

13
1

Microsoft accidentally let encrypted Windows 10 out into the world

Robert Carnegie
Silver badge
Joke

Ransomware Edition

$50 in Bitcoin to stop us installing it, say hello to Clippy :-O

56
1

No, eight characters, some capital letters and numbers is not a good password policy

Robert Carnegie
Silver badge
Joke

Re: Password security check

My keyboard has a fault in password mode, it always comes out as: ********

But I do log in ok so.... I may have just told the world what my password is. It is ********

1
0
Robert Carnegie
Silver badge

Re: How about limiting the number of login attempts?

If your department's accounts lock after ten bad login attempts, then I can do denial-of-service on you by trying each account ten times. You see? This is hard.

1
0
Robert Carnegie
Silver badge

I probably could get a job for Heinz breaking into people's online grocery accounts and substituting Heinz products for the other brands. (Customer relationship meddler, probably.) You won't question it if a store delivers Heinz instead of the brand you requested - that happens - until maybe the fourth time. And then you'll assume it's a bug. But it isn't a bug. It's me. Just conveying orders.

1
0
Robert Carnegie
Silver badge

Re: I've always preferred ..

If you misremember a song then it's highly secure... maybe. I don't think "ladymondegreen" will do.

1
0
Robert Carnegie
Silver badge

Re: Dictionaries

Executives' passwords are to be remembered by their secretary. Solved. Or, they get a golden key card to insert in the PC instead of a password. And it's the secretary's job to take it out after they go home.

Anyway their hardware is... limited. http://dilbert.com/strip/1995-04-03 yes that one.

3
0
Robert Carnegie
Silver badge

Re: Password security check

Mtlhrw13

But I've changed it.

What does it mean? (1) Nothing, it's random consonants. (2) It means "Metal harrow 13", which is what I remember. And which in turn doesn't mean anything, although it sounds like it does. I don't use "Metal harrow 13", because it's longer but not really more secure. But, I believe, not less secure.

1
0
Robert Carnegie
Silver badge

My hint is "here is no hint."

1
0
Robert Carnegie
Silver badge

Re: XKCD example doesn't work for me.

Can you remember "xkcd936"?

With the punctuation marks :-)

2
1
Robert Carnegie
Silver badge

Why special characters? We all know computers run on just 0 and 1. enough of those and... it's remembering them that's a pain.

Especially when one user at work needs up to six passwords. Changed on different days, if at all.

My system - 6 letters, one capital; two numerals; no vowels. Special character? Exclamation mark, you creep. Just because a smiling brown pile isn't on my keyboard... I never used APL. Wait, a black heart, that'll do. ...Apparently you're a character that The Register doesn't support, and neither do I.

Oh - no vowels. Happy now? Wlsdyn47! [ = well s*d you anyway ].

2
0

If you have to simulate a phishing attack on your org, at least try to get something useful from it

Robert Carnegie
Silver badge

Re: Too much carrot, not enough stick.

Is clicking on a link in e-mail ever a good idea?

Hmm... yesterday I sent some third-party public site links in internal e-mail.

That's probably all right but perhaps I should have used a nice zip file?...

0
0

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Robert Carnegie
Silver badge

Re: Linux 4.19?

Currently it's The Nigerian Candidate.

That is, Release Candidate.

After all, the wealthy Nigerian - usually based in Amsterdam for some reason, the last that I heard - is just a new version of "The Spanish Prisoner".

2
0

Quit that job and earn $185k... cleaning up San Francisco's notoriously crappy sidewalks

Robert Carnegie
Silver badge

Re: Solution was already animated

My mental image is of the "Ghost Busters" - 1980s version - in their affordable on-call vehicle. I can't get rid of it.

1
0

IBM slaps patent on coffee-delivering drones that can read your MIND

Robert Carnegie
Silver badge

Re: Judging from the pictures...

Is swatting the problem or is it the solution?

1
0

It liiives! Sorta. Gentle azure glow of Windows XP clocked in Tesco's self-checkouts, no less

Robert Carnegie
Silver badge
Devil

Suggestion for backpackers

Carry a single use bag, life bag, or cotton bag; put that on scales to pack shopping into, then transfer the entire bag into your backpack. I caught cotton bags with Harry Potter logos at Poundland that fit in my new Ridge bicycle panniers. To avoid nerd conversations I chose Slytherin House bags. Working so far!

3
0
Robert Carnegie
Silver badge

Re: Bag for life.

Upvote for the "subtotal" tip for Tesco, provided that it works. Maybe I can use it at the Co-op just east from Central Station in Glasgow, where the self-service stations are clever but cramped.

Several shops seem to give me an issue of accepting a bar code but not letting me bag the item. I might get into trouble for dealing with that by laying the charged but unweighed item next to the scanner and then taking it with me after I pay for it and for everything else - but I don't see it as doing wrong. I must look honest, anyway.

0
0
Robert Carnegie
Silver badge

Re: Some taxis still run XP

Well, 4 years ago, Windows XP was legal!

2
1

Cisco smells a RAT in Breaking Security's Remcos PC wrangler

Robert Carnegie
Silver badge

Re: Every Tool is a Weapon -- Revocation Lists

It depends if the software is being sold to hackers, or being pirated by them...

It could for instance be made to check the date and time on an Internet time server, and if that's too late then this copy won't run. You need the update.

0
0

The future of humanity: A Bluetooth ball hitting your face – forever

Robert Carnegie
Silver badge

Re: Just great!

Kids should play old fashioned games, such as football, no, wait. That causes just as much trouble.

Robert Carnegie, cyclist and baller. Not footballer.

1
0
Robert Carnegie
Silver badge

It can't be as dangerous as you say, it's just a rubber ball and they didn't send you one to play with in the office so you're sulking.

Granted, I cannot find that "moon foam" is a thing..

2
4

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Robert Carnegie
Silver badge

But they do

The other day or week it was in the news... some VPN or super-secure browser (obviously Tor? Or not) was using secure anonymous comms with web sites, but ordinary unsecured DNS on the user's machine to look up the web site address. Oops! So, not to be sniffed at? Au contraire.

1
2

Techie's test lab lands him in hot water with top tech news site

Robert Carnegie
Silver badge

Silly! Minions don't speak... English.

...I'm not going to count the word "Banana", used in the Minion epic adventure, "Banana".

7
0

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

Robert Carnegie
Silver badge

Infamy! Infamy!

Or of course "en famille"...

They've all got it - oh, no they haven't.

3
0

Faxploit: Retro hacking of fax machines can spread malware

Robert Carnegie
Silver badge

Sure, here's how I did it yesterday (not really).

As bad guys know already: there are historic bugs in widely used versions of JPEG image data handling library. JPEG is basically Zip file for pictures. Fax machines can handle JPEG data, and due to either a new bug or an unpatched old one, you can send binary data and code in the format of JPEG - maliciously malformed data - to a fax machine, and it will hit the bug and START EXECUTING THE PROGRAM CODE IN YOUR JPEG STREAM INSIDE THE FAX MACHINE. Well... there is some more work to do to get there from "buffer overflow" or "chair stacking", but it's not -difficult- work.

And since the fax machine these days is networked, once it's pwned, you have an enemy inside your camp - or your network.

So, no, please don't publish details, such as a QR code of the data file needed to hack any fax machine.

1
0

Dropbox plans to drop encrypted Linux filesystems in November

Robert Carnegie
Silver badge

Re: Filesystem choice

Dropbox is to sack up your files automatically to the cloud, yes? That sort of is about disk management, then.

0
9

It's official: TLS 1.3 approved as standard while spies weep

Robert Carnegie
Silver badge

Re: no-brainer for sysadmins

Tell management that all the kit will stop working at the end of 2018. In terms of working securely, that's not so far wrong. Y2K18 Bug: This Time It's Spurious. You could probably even persuade them that "spurious" means "very, very bad." Serious and worse. So when they ask the consultants, "Our guy says this threat is spurious, do you agree?" "Oh yes, it's the most spurious that I've ever seen."

I suppose this is a Man In The Budget Freeze Attack:

15
1

Prank 'Give me a raise!' email nearly lands sysadmin with dismissal

Robert Carnegie
Silver badge

https://www.theregister.co.uk/Tag/on-call

And it turns out:

https://www.theregister.co.uk/Tag/who-me

But no longer

https://www.theregister.co.uk/Tag/line-break

which I guess was kind of tech-ie for readers.

3
0

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Robert Carnegie
Silver badge

Re: was it the red wire or the blue one to disarm the bomb?

Perhaps the detonator has a tamper switch. Start to pull out the detonator and boom.

On the other hand, there's an argument that terrorists' home-made bombs are built with an off-switch for safety, as they are liable to be precarious otherwise. But once you place the bomb, you may remove the off-switch. Then, you know, run.

The off-switch appeared in a TV programme I watched recently; I won't say which as it may spoil the surprise i.e. not wiping out the cast of the show. (That is, the characters, but with some special effects, who knows.)

1
0

Devon County Council techies: WE KNOW IT WASN'T YOU!

Robert Carnegie
Silver badge

Re: dispatch or despatch

I'd write "send". With despatch, or with dispatch if I feel like it.

Since the 1960s and mostly in Scotland.

3
0
Robert Carnegie
Silver badge

Re: Thanks, Labour

Wikipedia has incomplete records for recent Devon County Council elections, but they appear to have been Liberal Democrat after 1997 and before 2009, since when they've been Conservative. And UK.gov put the screws on state school term-time holidays in 2013 (and I'm disinclined to disapprove). So, "thanks, Labour" not so much. Good news is that there won't be any state schools left soon, and, leaving your daughter in the pub after a good lunch - presumably still fine, and by "fine" I don't mean money taken off you. Unlike Devon Conty Cuncil.

35
9

Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt – and how bitter tech rivals teamed up

Robert Carnegie
Silver badge

Re: replace their processors??

Well, if the flaw is firmly baked into the hardware, the speculative execution microprocessor, then the only way to remove the flaw is to remove the processor and replace it - or replace the machine that contains the processor. This obviously is inconvenient but it would be the only way to stop the flaw properly. Or run a really, really good anti-virus - but that's not a 100% answer.

It's like if your equipment will all stop working at all at the end of, oh, the year 2000 - in that case, you simply have to plan to scrap it then, or, before then. And sue the supplier, of course.

The alternative was a lot of work.

2
0

Time to party like it's 2005! Palm is coming BAAAA-ACK

Robert Carnegie
Silver badge

Re: Awesome! I love Palm!

PalmOS emulation is in existence. But I don't know if it will be included in these devices.

1
0

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

Robert Carnegie
Silver badge

Re: Old fashioned

If I go to your UK voting centre first I can just say that I'm you. And more people don't vote than do, so they might never know. Maybe we should improve the system, although the main motivation for doing so presumably is to stop political left-leaning people from voting.

3
11

Oi, clickbait cop bot, jam this in your neural net: Hot new AI threatens to DESTROY web journos

Robert Carnegie
Silver badge

Re: what exactly is a clickbait headline? It's a tough question

I count Register puns - not to mention the rhyming headlines - as a reason not to read. If your story doesn't hold your own attention......

0
3

Forums

Biting the hand that feeds IT © 1998–2018