* Posts by tfewster

1193 publicly visible posts • joined 18 May 2007

The internet – not as great as we all thought it was going to be, eh?

tfewster
Facepalm

The Internet is great! The WWW less so. I think some things have become worse in the last 10 years

- Contacting a service provider, e.g. a bank. Pre-internet, you had to phone them during working hours (and they didn't patronise you with "Your call is important to us, but we're experiencing unusually high call volume at the moment"). Then came email and web forms. Now, you have chat & Twitter - but only during working hours. It takes ages to find a contact email address.

- Search. Google had it down to a fine art, then blew it. I regularly find myself going to the second page of results to get past the chaff. I was disapponted when Google stopped spidering Experts-Exchange, though I understood the reasoning. Now, there's a million websites/fora with a million uncurated and incomplete Q&As.

- Don't get me started on blogs, vanity sites, "fake news", website usability or influencers/followers. Suffice to say there's an awful lot of crap out there, and finding reputable sites is tough, especially as many of them are disappearing behind paywalls. Maybe AOL were right with their "curated portal" approach :-)

How an augmented reality tourist guide tried to break my balls

tfewster
Facepalm

Re: You're too old, Mr. Dabbs...

Spinal Tap - 18" Stonehenge

Facebook flogs dead horse. By flog, we mean sues. And by horse, we mean BlackBerry

tfewster
Thumb Up

Re: IP freely

https://www.theregister.co.uk/2018/05/15/intellectual_property_protection/

https://github.com/dac1976/IP-Freely

Ever wanted to strangle Microsoft? Now Outlook, Skype 'throttle' users amid storm cloud drama

tfewster
Joke

FTFY, MS

"We're taking corrective actions to address an issue in which users are receiving a message revealing that they are being throttled when accessing Outlook or Skype. More details denials on this event can be found ..."

Forget WannaCry, staff themselves pose a risk to healthcare data

tfewster

Genuine questions

1. What are Verizon selling?

2. How do the > 25% "for money" monetise healthcare info? I can see newspapers paying for info on slebs, but then being cited for bribing the leaker. Blackmail and trying to sell info on the Dark Web seem pretty risky and low value

Spies still super upset they can't get at your encrypted comms data

tfewster

Oi, 5-eyes

Start obeying the law yourselves, they we can start a dialogue:

- Warrants for snooping, like you have to for physical access.

- No more getting an untouchable "partner" in another 5-Eyes country to snoop for you and using the results.

Quite apart from the fact that atrocities are almost always committed by someone "known to the authorities", so you don't need the mass-surveillance anyway.

Ad watchdog: Amazon 'misleading' over Prime next-day delivery ads

tfewster
Facepalm

Re: "1 business day after dispatch"

I also rely on "fulfilled by Amazon" - though a recent order arrived, the wrong item and in re-used Amazon packaging, so clearly not always true either.

>The ASA is not a statutory regulator

That explains a lot. But if they're not going to do anything, shouldn't Trading Standards take this up under false advertising/contract law?

Devon County Council techies: WE KNOW IT WASN'T YOU!

tfewster
Facepalm

Re: Actually back in the 1990s I was at a company...

Lemme guess - Serial comms, and cheap cables without the DTR pin connected?

We had a similar setup, with about 3 multiplexers between host & line printer, and every hop had to be cabled and configured right, else the monthly* inventory print would foul up when the printer buffer filled up - after about 60 pages.

* Just long enough to forget that a component had been "upgraded" but not load-tested.

Second-hand connected car data drama could be a GDPR minefield

tfewster
Facepalm

Paramount: adj

"more important than anything else". What, more important than sales, revenue, profit, design, reliability...?

I don't think I'll be buying a JLR product.* Even if they haven't gone bust, apparently their product quality is of even less importance than their shoddy service.

Or, more probably, their stock statement is just a lie.

* I always wanted a SWB Land Rover Defender one day, but too late :-(

Either my name, my password or my soul is invalid – but which?

tfewster

Re: minimum password reset time

> Which is why you should set a minimum time between changes - just don't be monumentally stupid about it.

Ugh, even that brings its own problems. Being told you can't change a password that's been compromised because the minimum time hasn't elapsed. On one of our systems, a privileged generic* account password is retrieved several times a day by different people, but can only be changed once a day. So a bunch of people can re-use the password all day, with no accountability for who did what.

A long password history usually means you don't need a minimum time. Until you meet That Guy who ruins it for everyone:

>>...casually sabotage his own monthly New Password prompts by changing his password 11 times immediately.

* Yes, they should have individual logins. But the ancient application doesn't support that, OR auditing,

Brit tech forges alliance to improve cyber security as MPs moan over 'acute scarcity' of experts

tfewster

Re: Why?

As mentioned, the certifications are there - (ISC)2, GIAC - and the guidance is too - NIST, CIS, PCI-DSS. I'd not heard of Cyber Essentials Plus, but it has regular patching as one of their top-5 which puts it ahead of the rest in one respect.

A few years ago I couldn't even spell InferSec Enginneeer - Now I are one! (uncertified, but common sense goes a long way).

The training courses are expensive, but the books are sufficient, and if a company will give you the time for self-study & pay for the exams, that builds a lot of loyalty. I'd be prepared to accept a nominal "bill" for that, e.g. a weeks wages + cost of the exam, to be worked off by staying with the company for 2 years OR the remainder repaid if I left without good cause.

Why Google won't break a sweat about EU ruling

tfewster

Re: Tooooooo Slooooooooooooooow

As others have said - "It's complicated". But not completely pointless, as the alternative is to do nothing.

It's clear that BigBiz just treats it as a cost of doing business, as they continue to milk it until fined, and even then ask for an extension to "fix" something they've had years of notice of. Expect to see bigger fines in future for "wilful contempt".

Taps running dry for Capita? Southern Water pens 5-year managed service

tfewster

It's particularly ironic that the Rainy City should be the first to get hit by a hosepipe ban. Although we get our water supply from the Lake District. I think Liverpool gets theirs from North Wales, and presumably Leeds/Bradford/Sheffield from the Peak district.

I seem to recall that the North also supplies the South in times of drought. So water is already treated as a National resource. But you can't expect the regional, privatised water companies to plan nationally, so it's back to the government/Parliament/taxpayers that allowed that situation to develop, for additional capture & storage capacity.

Heatwave shmeatwave: Brit IT departments cool their racks – explicit pics

tfewster
Facepalm

I've seen many repurposed broom cupboards. Plus a specialised computer room, which would have been great if the computers hadn't been moved in before it was finished. The servers were lifted (and dropped) by the contractors laying the floor covering. And covered in little piles of brick dust where shelves were being put in.

One of my employers saw the light, and moved the servers and noisy high speed line-printers out of the general office to their own room. With not just an extractor fan, but external air from the cool side of the building sucked in! Unfortunately wasps built a nest near the intake one year, and we had a computer room full of dead wasps.

tfewster
Facepalm

Re: Wrong Type of Leaves

The issue is that we don't often get hot weather in the UK, so proper cooling would be a "waste of money". ISTR that UK Elf n Safety regulations specify the lowest temperature staff can be made to work in, but not an upper limit.

Apparently the business being shut down by overheating kit heat isn't a problem?

Ticketmaster breach 'part of massive bank card slurping campaign'

tfewster
Facepalm

Re: Why do browsers allows JS from other domains to run

I see your point, but it's essential in some cases - e.g. checking a payment using Verified by Visa loads the Visa JS from Visas site (if I allow NoScript to run some JS from those dodgy-sounding domains when prompted). However, I really wouldn't want multiple "local" copies of that.

"...i get the third party components, bundle and test them then distribute".

Unfortunately that's why you get multiple installs of Java on some systems, all out of date.

Every solution has its own problems :-( The real question is, 'is the "trusted" site trustworthy?'

Dudes. Blockchain. In a phone. It's gonna smash the 'commoditization of humanity' or something

tfewster
Facepalm

"We want to get into the premium phone band. Do we make a $1000 phone, or just turn this over to Marketing?"

BT's Patterson keeps his £1.3m wheelbarrow of bonus cash after all

tfewster
Facepalm

CxOs: Have your cake and eat it!

If the share price is going up, obviously it's the CxOs brilliant helmsmanship. If the share price is going down, it's obviously market forces, and the CxO should get their bonus anyway as it would have been much worse without them.

Does anyone know of a CxO who couldn't be replaced by a very small script? IMHO, they're too far removed from strategy, products & operations to understand or influence them, even if middle-management don't obstruct the information flow.

ISTR at least one CEO denied knowing what was going on in their company, to avoid taking blame for illegal actions. I don't think it was BMW - though the CEO there, with an Engineering background, said "make our cars pass emissions tests" and took no interest in how it was done.

Snooping passwords from literally hot keys, China's AK-47 laser, malware, and more

tfewster

Re: It's a cute surveillance technique, but one can't help wondering about its practicality.

When typing in the password, the hands or body may block the cameras view of the keyboard. And if the user then sits back and just uses the mouse, the hot-spots may be in clear LOS again.

Security guard cost bank millions by hitting emergency Off button

tfewster

You couldn't make this stuff up

3 classic WTFs recently where I work:

- A new engineer pressing the EPO rather than the door release button. Failover to the standby DC - failed (Is that one WTF or two?) .

- An email mistakenly sent to a global distribution list, causing an email storm of "please remove me from this mailing list" and "stop clicking reply-all!" emails.

- An uncustomised email signature with "Your Name" left in it.

And one with a modern twist:

- A company email requiring staff to take GDPR training, but sent to staff by an external trainer who'd been given our email addresses, personnel numbers, full names & managers names.

Sysadmin shut down server, it went ‘Clunk!’ but the app kept running

tfewster

Re: We'll send our best engineer....

A "filed" engineer? One who's been smoothed off?

tfewster
Facepalm

Re: shutdown silliness

It used to be the case (HP-UX?) that `shutdown` ran the shutdown scripts and then issued `reboot`, whereas `reboot` or `halt` didn't bother with such niceties.

`shutdown` also prompts you with "are you sure?". Which would have been nice when I typed `last |grep reboot` but, for some inexplicable reason, didn't actually type the "grep" part in.

tfewster

Re: Long uptimes are a disaster waiting to happen

I usually recommend rebooting before making any significant changes as well as after. If it was broken before I got there, I don't want to get the blame.

Google weeps as its home state of California passes its own GDPR

tfewster

Re: Easy Enough

Y'see that's tricky. They can delete it, but then just collect it again. I think the solution is to say "You don't have permission to hold data on $ME, except that minimal info that identifies $ME - Say, name, address* & possibly date of birth. If anyone enquires about $ME, you can only tell them 'We are not permitted to hold or share any information about $ME' " But even that is information of a sort.

* home, business, email or website address. e.g. tfewster@myisp.com is unique and identifies me completely - anything linked to that email is protected. Same for all my other email addresses :-)

Exactis "timed" their breach just right - a few days later and everyone in California would have had a case under the new law.

Jimmy Hill feted in Shoreditch

tfewster
Facepalm

More than that, "Cars" is an allegory for a protected personal space in public, predicting the rise of the WWW, MyFace, blogging, trolling, flame wars...

Truly a visionary. Or should have been drowned at birth before he gave people ideas.

BOFH: Is everybody ready for the meeting? Grab a crayon – let's get technical

tfewster
Pint

"You know this is a technical document, right?" "Made for technical people?"

All my documentation starts with a disclaimer "This guide documents $COMPANY standards and is intended for the use of staff already trained on $TECHNOLOGY". Y'know, when the manufacturer guide says "This is how to partition your disk as required", I document* the partition sizes to be used, but not how to do it.

* Though just printing out the config of a gold build and writing BOFH-type guides instead might be a better use of my time. "How to securely decommission a server (with a rubber mallet and a cattle prod)".

Facebook sends lowly minions to placate Euro law makers over data-slurp scandal

tfewster
Facepalm

@Shadmeister

A GDPR fine of 4% of FBs $12Bn annual revenue may only be $0.5Bn "pocket change"; But multiply by 370 million EU users and multiple, continued breaches per user, and pretty soon they're looking at serious money.

Great news, cask beer fans: UK shortage of CO2 menaces fizzy crap taking up tap space

tfewster
Joke

Re: I am a specialist.

I hear the US Budweiser "brewery" is supplied from the other end.

tfewster
Facepalm

"Government must act with urgency to assess the issue as quickly as possible and support the industry through any period of restricted supply."

1) A Government acting with urgency may have assessed the issue in time for the next world cup,

2) What has a Free Market problem got to do with Government? It's a bit daft the suppliers all shutting down at once, without stockpiling some, but it's bloody stupid not to secure your supply when you know it's an annual shutdown and expect a big demand this year.

Skynet for the win? AI hunts down secret testing of nuclear bombs

tfewster
Thumb Up

Re: Odd.

And there are plenty of "free" nations with seismographs ready to call out on a nation they consider "rogue".

But that's so Web 1.0. EMP pulses from nukes are a real threat to Skynet, so it needs something that ignore false positives like normal tectonic plate movement.

US Supreme Court blocks internet's escape from state sales taxes

tfewster
Facepalm

Re: Er .... @DougS

Price isn't why I go to Amazon - It's the convenience of a huge range, good service and a single payment point.

One Christmas I decided to boycott Amazon and bought everything from my family's Amazon wishlists elsewhere; It was a pain finding the stuff and creating a new account for each site, tracking orders and dealing with multiple delivery companies (e.g. one that only delivered to my home during business hours, and if I wasn't in I had to drive 20 miles to collect it from their depot).

They may have needed tax breaks to build their business and attract customers, but now I'd be happy to pay the 20% sales tax (VAT) for the convenience.

UK footie fans furious as Sky Broadband goes TITSUP: Total inability to stream unfair penalties

tfewster
Joke

Re: BT was fine all weekend

It only takes one person to move a dish; You need tree fellers to move a tree

Um, excuse me. Do you have clearance to patch that MRI scanner?

tfewster
Facepalm

Take an old controller PC and a new one. Feed them the same inputs, and check you get the same outputs. You don't even need to hook them to a real scanner. You had a test suite, right?

Divide the cost of the retesting between your customers - Just add it to their maintenance contracts. It's cheaper for them than buying a new scanner or killing someone.

I've been arguing this for years, and no-one has ever given me a reasonable explanation of why I might be wrong. Maybe this time

Shiny new Capita boss to UK.gov: I know you are but what am I?

tfewster
Thumb Up

I thought Lewis's comments were remarkably open, BS-free and that they were focusing on the right things - e.g. pension deficits - not just the profitable things to keep shareholders/investors happy.

Of course, being able to blame your predecessors is handy. And turning a company around is hard. But I wish him the best of luck in building a good reputation by doing things right.

User spent 20 minutes trying to move mouse cursor, without success

tfewster
Facepalm

Re: Training the trainer

You think that's bad - I took a SANS training course that was written and recorded by one of the worlds top experts in the subject and had been used for years - and I still ended up correcting him in a few places!

BOFH: Got that syncing feeling, hm? I've looked at your computer and the Outlook isn't great

tfewster
Coffee/keyboard

Cheers, Simon!

...a pile of lies so high he's getting liars' vertigo.

Universal Credit has never delivered bang for buck, but now there's no turning back – watchdog

tfewster
Facepalm

Re: The government position:

So many WTFs

- They're running 2 systems in parallel (good practice) but can't switch back to the old system?

- Using Agile as an excuse for not setting timescales for delivery of User Stories?

- Exceeding the expected cost savings, yet still continuing?

Microsoft says Windows 10 April update is fit for business rollout

tfewster
Facepalm

Re: least complaint-generating Windows ever

Yay, people have stopped complaining when W10 dies. Or maybe they've learned to disable the telemetry. Whatever, no news is good news.

Audit of DeepMind deal with NHS trust: It checks out, nothing to see here

tfewster
Facepalm

I was thinking the same thing, just use an anonymised ID number, and you can reasonably keep old data to re-run your tweaked algorithm against in case new factors indicate that more people are at risk.

But ArrZarr's example was quite telling:

...detects that 0214 is at risk. ... perform test X on 024...

Computer Misuse Act charge against British judge thrown out

tfewster
Facepalm

Re: If it was anybody else

And judges are supposed to know the law

Deck the halls with HALs: AI steals the show at Infosec Europe

tfewster

Re: Please

AV packages have been including "Heuristics" for a while; Genuine question, how do AI/Machine Learning differ from that?

In defence of online ads: The 'net ain't free and you ain't paying

tfewster
Facepalm

Re: If only I could pay

Actually, the model is there, ironically embodied in Googles AdWords and music royalties systems.

Both you and the website pay for bandwidth used. So if ads are banned, that's a win-win.

For the content, the website could get paid for page views*. Sites that produce content cheaply (e.g. Wikipedia) make lots of money. Smaller sites with higher costs (e.g. El Reg) make a bit of money.

Who collects and distributes the money? ISPs take your money, can block content (ads) and track your usage anyway, so it would be trivial for them to do that.

How much will it cost me to go ad-free? US Internet advertising revenues** were $88Bn last year. Divide that by 70 million households*** = $1200 p.a. or about $100/month for ad-free Internet.

* If it's really expensive content, e.g. music or original research, websites can continue the paywall model. I'll pay if it's worth it.

** I presume that's how much websites take for displaying ads. But if their costs drop, their take could be dropped too.

*** For simplicity. As well as your broadband, you probably have 2+ phones that you pay for bandwidth for - all would be covered under the pay-per-view model.

Advertisers will still want to buy ad space, and website owners will still be greedy. Let the Market sort that one out.

The hits keep coming for Facebook: Web giant made 14m people's private posts public

tfewster
Facepalm

GDPR

Launching a new feature just before GDPR goes into force? Sure, what could possibly go wrong!

Let's hope they [did|didn't]* notify the authorities and affected users without delay. The authorities will be looking for a public test case, and Facebook just handed them a beauty.

* Delete according to preference

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

tfewster
Facepalm

Re: Infosecurity Europe conference

She was there as warning to others - "Don't be like me". Even abject failure can be monetized.

P.S. I don't remember any apologies from TalkTalk or Harding? All I recall them saying was that it was a "sophisticated attack".

SpaceX flings SES-12 satellite into orbit, but would-be lunar tourists should probably unpack

tfewster
Joke

Cooperation

> Was thinking that humanity needed to get its act together about getting into space...

Personnel from NASA, JAXA & Roscosmos, being lifted by "evil" Russia to an INTERNATIONAL Space Station? Resupplied by a US company? What more do you want?!

'Autopilot' Tesla crashed into our parked patrol car, say SoCal cops

tfewster
Devil

Re: Not fit for purpose

Fair point. The AAA did some testing on other cars and discovered they're far from perfect either, even in "avoidable" accident scenarios.

But Tesla have brought the bad press on themselves by calling it "Autopilot" and lulling their users into a false sense of security.

A car, why, what do you see? --->

Businesses brace themselves for a kicking as GDPR blows in

tfewster
Facepalm

Re: Hopefully they will start at the top

Please, please start with the Credit Reference Agencies! Though they've wangled dispensations in what they can do with your data, a full audit would be lovely to see.

*Ahem* I mean, both low hanging fruit and high impact if they lose data. You know it makes sense.

Chief EU negotiator tells UK to let souped-up data adequacy dream die

tfewster
Facepalm

Plus none of the major parties have the guts to tell the Great British People "You were wrong - We're smarter than you, so forget democracy". Though that's the whole point of Representative Democracy, that you elect someone to do a job you can't or won't do, and expect them to make decisions that are best for the country.

Best face-saver would be to say "The EU are making this impossible, so we'll have to stay in the abusive relationship for the foreseeable future".

tfewster
Joke

Re: Chief EU negotiator....

The UK should offer to attend in a consultancy role only. And as we all know, consultants are taken more seriously than permies ;-)

tfewster
Facepalm

Re: Well, duh

> Works for Norway & Switzerland

Norway & Switzerland buy in. Their money gets them into the clubhouse, they still have to follow club rules, but they don't get full membership or a vote.