* Posts by veti

2108 posts • joined 25 Mar 2010

Democrats go on the offensive over fake FCC net neut'y cyberattack

veti
Silver badge

Re: Witch hunts sometimes don't start at the top.

Pai did the right thing here, yes - but doesn't that make his hyper-partisanal statement, quoted at the end of the article, even more anomalous?

I think that statement was baiting a trap, and the Democrats have predictably walked right into it. That makes two in as many weeks. Honestly, I begin to despair of American politics ever returning to sanity.

8
0

Space, the final Trump-tier: America to beam up $8bn for Space Force

veti
Silver badge

Re: Spaceballs ? Nah!

You're all way too optimistic. The name we should be thinking of is Zapp Brannigan.

"My strategy is so simple, an idiot could have devised it."

4
0

Stress, bad workplace cultures are still driving security folk to drink

veti
Silver badge

Re: Sounds about right

Doesn't come close. Toilet cleaners may not be much appreciated, but at least they're not actively vilified and abused on an hourly basis.

4
0
veti
Silver badge

Sounds about right

"Infosec", if that's a dedicated job, has to be the most thankless job in any organisation. It's like being an auditor, and a quality management engineer, and a test manager, all in one.

Everyone will blame you when it goes wrong, but the twist is that everyone will still blame you even if you do everything right. You'll be the one telling salespeople what cards and transactions they can't accept. You'll be the one telling Marketing that that "one little feature" can't be added to the next release. You'll be the one sending arse-covering emails to management saying that of course you quite understand they want to bypass your 4-week test cycle, but you'll need them to put that instruction in writing and to acknowledge your warning on the subject. Pretty soon you'll be excluded from product meetings because of your sheer aura of negativity.

And that's if everything goes right. When it goes wrong, you'll be stood directly in front of the fan, if you know what I mean.

Disclaimer: I've been a quality engineer and a test manager, and I've experienced a small fraction of the above. But an infosec manager? - must have it twenty times worse. They can keep it.

30
0

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

veti
Silver badge

Re: Old fashioned

Please don't get me wrong, I'm a big fan of pen-and-paper voting. I'm just cautioning against complacency. Just because the votes are recorded and counted auditably, doesn't make the system immune.

5
0
veti
Silver badge

Re: Old fashioned

And that will work just fine until someone, let's call him "Boris", hacks into the list of registered voters and transfers your record to the next constituency over, so you turn up at your local polling station to be told you're not on the list...

Or they hack the published list of polling stations, so you turn up and vote exactly as you expect, but the official polling station is two blocks away, and the ballot box you just used goes straight to recycling...

Or they change your name from 'LenG' to 'Glen', so now you're not on the list at all. Are they still going to let you vote? I'm pretty sure voting under a false name is a crime.

Or... oh, I'm sure you can see the possibilities. Suffice to say, hacking the actual vote is only the tip of a very large iceberg of mischief.

3
13

Almost 1 in 3 Brits think they lack computer skills to do their jobs well

veti
Silver badge

If you lack the IT skills necessary to do your job...

... then your manager has failed and needs either retraining or firing. Because it's their job to make sure that this is not the case. That's, like, literally the most important thing they're paid to do.

And they're paid more than you, which means their fuckup is bigger than yours.

What do people understand by the phrasing "do their jobs well"? Everyone imagines that a computer system can be super-efficient, one-button no-errors all-singing Dolby-surround digital perfection. Now, we hardened veterans know it's never (ever, ever) like that, nor likely to be - but at least one-third of all people imagine that it should be, and then blame themselves when errors happen.

When the fact is, the interface/app they're using is likely so shite that unless you perform steps A through J in the correct order and at the right time (which you have no way of telling, and neither does anyone else because it's undocumented and probably, frankly, completely untested...) - it will go wrong.

If you're lucky, it will go wrong in some obvious way, but many people are so deluded that they actually see this as a failure, rather than designed and intended behaviour.

TL;DR: if your job requires you to have skills you don't, in fact, have, then it's the job that's badly designed. Not you.

This XKCD also seems appropriate.

7
2

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

veti
Silver badge
Trollface

Dear Mr Pai,

You might want to rephrase part of your communication there.

If some people in your organisation "didn’t feel comfortable communicating their concerns to me or my office", that at least is one thing you can't blame on "the previous administration". It's a truly heroic admission of fault on your part, puts you head and shoulders above most Trump appointees. Hats off to you, sir.

39
1

Amazon meets the incredible SHRINKING UK taxman

veti
Silver badge

Re: How it works:-

If they turn over billions, then of course they pay tax. National insurance contributions for their employees (who also, of course, will be paying their own taxes), and VAT on most of their sales.

Corporation tax is never more than icing on the cake.

13
1

Basic bigot bait: Build big black broad bots – non-white, female 'droids get all the abuse

veti
Silver badge

Re: You can "dehumanize" robots?

You may take that attitude. But what this research shows is that a significant number of people don't. Don't you think that's interesting?

6
2

Beam me up, UK.gov: 'Extra-terrestrial markup language' booted off G-Cloud

veti
Silver badge

Re: Wait .. tell me I'm not misunderstanding this?

Hey, if you want the gov't to be able to spot a scam, you've gotta allow them time and resources to do it.

The more you insist on taking up their time with trivialities like the Irish border question, the less time they have to look at the proposals and contracts that get dumped on their desks by the handful on an hourly basis. That's one reason why cutting taxes is self-defeating - it makes a government more wasteful, not less.

7
0

Australians almost immune from ransomware, topping lists for data safety

veti
Silver badge

"Notifiable" breaches?

So, I looked at the links - and it's not clear that a ransomware attack should even be notifiable. Ransomware scum don't commonly, so far as I know, steal records - they just make them unusable.

2
0

The internet's very own Muslim ban continues: DNS overlord insists it can freeze dot-words

veti
Silver badge

Dear ICANN,

Don't create a new TLD unless it is 100% crystal clear from the get-go, beyond any question of debate, who it should belong to, and what authority should get to say who administers it.

This isn't hard. National TLDs are administered by an agency nominated by their respective governments. Similarly I have no objection to creating ".disney' or '.pepsi' if you really must, though I think it's a shocking waste of everyone's time.

But taking a regular word with no specific trademark attachment and making it into a TLD? Just don't fucking do it. And revoke the ones you've already done, starting with ".info'. We won't miss them.

73
1

BBC websites down tools and head outside into the sun for a while

veti
Silver badge

Re: Scary

I'm sorry to break it to you, but your "not all that long ago" was half a lifetime.

BBC's Breakfast TV schedule launched in 1983, which is fully half of threescore and ten years ago now. Channel 4 launched a year before that.

Ob. XKCD.

4
0

Politicians fume after Amazon's face-recog AI fingers dozens of them as suspected crooks

veti
Silver badge

New training rule needed

Looking at the photo accompanying the article, it seems to me: you can fairly safely assume that anyone who poses in front of a flag is up to no good.

31
1

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

veti
Silver badge

The truly appalling thing about this story

is that, in the stock photo, someone has put ice in the whisky.

Dear El Reg: you're British, you should know better than that. Ice in whiskey? OK, if you like. Ice in whisky? - awa' wi' ye, heathen.

1
1

Here's why AI can't make a catchier tune than the worst pop song in the charts right now

veti
Silver badge

Re: Looking through the wrong end of the telescope?

The "Does it sound OK?" judgment is likely quite hard for an AI to answer.

I suspect that your personal aesthetic judgment plays a larger part in the process than you consciously allow.

0
0

No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities

veti
Silver badge

Re: More detail please

You can always read up on Stuxnet, which did exactly this. The Russians' approach might be similar. Or it might be completely different, they've got the skills.

12
0

Fake prudes: Catholic uni AI bot taught to daub bikinis on naked chicks

veti
Silver badge

Re: As C.S. Lewis said...

I'm sure Lewis would have known how to spell "whisky". And cigarettes? Surely those didn't become sinful until the early 80s.

I don't know much about Lewis's life, but that linked article doesn't fill me with faith in the rigour of its research and writing. To parlay one drunken incident at a student party into his being "a big Marquis de Sade fan" does not, to me, look like research conducted in good faith.

6
1

Either my name, my password or my soul is invalid – but which?

veti
Silver badge

Re: Idiot password checkers

(unless they limit length too short)

Which they normally do. Honestly, what percentage of sites even allow you to have a password of more than 16 characters?

Worst of all, those that allow you to enter such a password, but silently truncate it without telling you. Then reject the full password when you enter it later.

I've learned to limit myself to 10 characters. Most places accept that. OK, it's not as secure as it could be, but like the old joke says: "I don't have to run faster than the bear, I just have to run faster than you". There are plenty of people way easier to hack than me, and that's what matters.

0
0
veti
Silver badge

Re: Idiot password checkers

That's fine, but is it any more memorable than just a random string of gibberish?

I've tried lots of approaches over the years. This is my current favourite.

5
1

Mmm, yes. 11-nines data durability? Mmmm, that sounds good. Except it's virtually meaningless

veti
Silver badge

Re: An object by any other name

This is what I was thinking. You don't have to lose a whole "object" to be screwed, the corruption of a single byte can do the job.

And since "objects" are commonly highly interdependent, the corruption of a single object could quite easily render your entire backup useless.

5
0

Trump wants to work with Russia on infosec. Security experts: lol no

veti
Silver badge

Why should the US continue to support them if they will not at least spend the agreed amounts?

Conversely, why should the Europeans raise their military spending, when Trump shows just as much contempt for those who do meet or exceed their 2% threshold as those who don't? And is willing to change the rules at whim?

What's the point of trying to please such a man? Might as well just ignore him, it's a lot cheaper - and will win a lot more votes - and the outcome is the same in the end.

19
2

Y'know... Publishing tech specs may be fair use, says appeals court

veti
Silver badge

Dear Reg editorial staff:

Much as I personally would like to see Diana Ross nominated to America's highest court, I don't think it's going to happen.

So could you please, pretty please, stop calling them "The Supremes"?

15
3

No, seriously, why are you holding your phone like that?

veti
Silver badge

Re: Damn

I'm sure the smart meters can be hacked, if someone with sufficient resources gets sufficient motivation to do it.

But the resources would need to be high, because the security is pretty good. And it's not clear what the motivation would be, because the information or other benefits they could gain are just not very interesting. Seriously, who do you imagine is willing to spend weeks of their time on finding out whether you get up at 6:00 or 6:30?

Bad actors have many more tempting targets, that are both less secure and more profitable.

4
5

I see you're trying to leak a file! US military seeks Clippy-like AI to stop future Snowdens

veti
Silver badge

Re: So then people rely even more on the system, what if it fails?

The difference between "education" and "automation" is:

Automation costs a fortune, works most of the time, and reduces the pressure on humans. Education costs a bigger fortune, almost never works, and increases the pressure on humans.

2
3

Did you know? The word 'Taiwan' would crash iOS thanks to a buggy filter for the Chinese govt

veti
Silver badge

Re: Denying reality for the sweet, sweet cash

You'll always have to make some compromises with reality.

Example: thinking back a couple of years now, how did your timezone databases list territory that was controlled by ISIS?

My guess is, it simply denied its existence.

2
16

US taxman wants AI to do the security checks it seemingly can't do itself

veti
Silver badge

Re: I disagree: this is becoming routine and the IRS should be doing it as well.

This seems to be about hacking rather than fraud, but I agree with you anyway. Security is an area that AI techniques should adapt well to. The environment is finite and comprehensible - more so to software than to humans. The "normal" usage patterns are well known, and deviations are easy to spot. (Whether a particular deviation constitutes an attack, that's another matter. But that's where the "AI" comes in.) And a large part of the job is simply "being awake 24/7", and computers are good at that.

0
0

UK.gov IT projects that are failing: Verify. Border control. 4G for blue-light services. We can go on

veti
Silver badge

Presumably they would need to add new colours to the spectrum to capture the full awfulness of the Brexit "project".

I suggest octarine, since clearly the whole thing will only work by magic.

3
0

Euro privacy watchdog raises eyebrows at mulled EU copyright law

veti
Silver badge

Yes, there should really be a caveat on this opinion:

When interested parties are directly involved in the drafting of a law, the probability of its being both worded poorly and applied badly rapidly approaches 1. Therefore, the actual law, if any, must be drawn up by people who have no contact whatsoever with any of the companies concerned. That way, there is at least a fighting chance that it won't be deliberately sabotaged.

0
0

Smash-hit game Fortnite is dangerous... for cheaters: Tools found laced with malware

veti
Silver badge

Let me be the first to say...

<voice="Nelson Muntz">Ha ha. </voice>

26
1

Foot lose: Idiot perv's shoe-mounted upskirt vid camera explodes

veti
Silver badge

Re: The real question is...

And in order to tell whether it was "for salacious purposes", obviously you'd have to peep. To see if she's riding the pommel suggestively, or has tassels on her... extremities.

So that's Tom off the hook too. He was just doing his civic duty, however unpleasant.

0
0
veti
Silver badge

Re: The real question is: did he want to get arrested?

Yeah, that was my thought too. Perhaps it's just a plea for attention.

Or maybe he just couldn't think of a plausible innocent reason for having a camera mounted in his shoe in the first place. I could relate to that.

2
0
veti
Silver badge

Re: Is it too early to ask....

Well, if he has any sense, obviously he'll sue the manufacturer of the camera for that. Plus a whole lot more to cover his pain, inconvenience and embarrassment.

4
0

Infamous 'Dancing Baby' copyright battle settled just before YouTube tot becomes a teen

veti
Silver badge

Re: Its too bad the EFF couldn't continue to fight in her name

There's nothing left to fight. The courts have spoken, the mother won. She may or may not want to further her career in campaigning on this issue, but that's really down to "what does she want to do with her time?" And if she thinks she's already spent quite enough of her energy on it, I for one sympathise completely.

As for the EFF, I'm sure that when the next case comes along they'll make a reasoned decision then whether or not to take it up.

7
0

Labour MP pushing to slip 6-hour limit to kill illegal online content into counter-terror bill

veti
Silver badge

Re: In theory, and practise

@TechyLogic: your link (that isn't linked) points to a story that links to a story that doesn't link to alleged materials allegedly used by the US Department of Defense. That's pretty tenuous. Even if it's true (and no final link means that can't be verified), it's (a) a completely different government and (b) a department of that government that has nothing to do with domestic law enforcement.

The phrase "So, legally speaking" is therefore gross exaggeration. Training materials produced by the DoD have zero legal weight even in the USA. In the UK, it's hard to imagine anything less relevant.

1
0
veti
Silver badge

Re: It is impossible.

@The Vogon:

China seem to manage it.

China's approach to censorship is more sophisticated than that. Yes, they do have the Great Firewall, but they've also realised - like the Russians - that the truth can be just as effectively suppressed by bombarding people with false, or simply irrelevant, information, so that the information you want to cover up gets - literally - covered.

That's why China has huge and thriving social media companies of its own: they're part of a deliberate government strategy to do to its own population - the same thing that the populations of the West are doing to themselves voluntarily.

3
0
veti
Silver badge

Re: Who decides what is illegal?

@Yet Another Anonymous Coward

Then so should the network companies that carry it.

That's a complete non-sequitur. The Royal Mail doesn't get prosecuted for delivering dodgy materials in a plain brown wrapping. Vodafone doesn't get prosecuted if you shout abuse at someone over the phone. Nobody prosecutes Highways England for maintaining the roads that criminals drive on. It's the publisher who's responsible, not the carrier.

@Loyal Commenter:

There you go, FTFY.

Nonsense. All of those publications have highly trained journalists, and editors, who know to an inch what the libel law says - and more importantly, what it doesn't say. I suggest you do some research on it yourself, then maybe you'll understand why they do things the way they do.

@Graham Cobb:

Policing forums is not at all related to publishing. The publisher is the person putting up the post. All Google/FB/etc are doing (in these cases) is providing transmission capability (just like BT and the Royal Mail).

That's like saying "the journalist is the one publishing the story, the newspaper is just transmitting it". It's - just wrong.

Facebook and Google - their entire business model is based on drawing people's attention to content that they wouldn't otherwise be aware of. If that's not publishing, what is?

3
4

So woke: Microsoft's face-recog can now ID more people who aren't pasty white blokes

veti
Silver badge

Any guesses, what "reducing an error rate by up to 20 times" might mean in English?

3
1

Dot-Africa saga going to jury trial... thousands of miles away in America

veti
Silver badge

Re: How about no .africa

Every country already has its own TLD. Fine.

If other organisations want to, and are prepared to go to the trouble of administering them, then - OK, let them do it. Mind, there should be some solid commitment to meet a defined standard of maintenance, and failing to do that would result in the entire TLD being basically blackholed from the internet.

But what ICANN decided to do was create all these stupid, stupid TLDs that have no clear owner, in the (well founded) hope that various thugs and hucksters would bid for them. The outcome of that was always going to be recrimination and corruption, and it hasn't disappointed.

12
0

White House calls its own China tech cash-inject ban 'fake news'

veti
Silver badge

Re: Please Donald, put an export ban on the F-35

Putin may be America's enemy, but he's Trump's friend. Trump has no issue with Putin, or Erdogan for that matter.

(Note, the Senate voted to block the sale of F-35s to Turkey entirely. Turkey responded by threatening to buy arms from the Russians instead, whereupon the US gov't quietly dropped all opposition. The Turks, of course, went on to buy the Russian missiles anyway, and quite right too.)

0
0
veti
Silver badge

Re: Tired of Euphemisms

Doesn't matter. A sufficiently sophisticated Trumpkin will tell you, it doesn't matter that he's lying all the time, because they know what he means and what he's doing - he's confusing the enemy (a category that includes all liberals and liberal media, as well as foreigners).

You can point to him contradicting himself in the very same statement, and they'll just shrug and say "that's what he does".

Only the liberal media obsesses with this "truth" thing. Trump has transcended it, at least to the extent of making it politically irrelevant.

Pretty soon he's going to declare his trade war won. You watch. The media will all point out "but nothing's changed, at least nothing good", and his followers will laugh and say "they still don't get it, do they?"

26
0

Happy birthday, you lumbering MS-DOS-based mess: Windows 98 turns 20 today

veti
Silver badge

Re: The ONLY things going for it were

95 was a revolutionary change, it's to be expected that it would be a bit buggy. 98 was an upgrade from 95, but I would dispute that it was worth waiting 3 years for that benefit.

I still have a soft spot for 95, relative to 98. It's like - Vista to 7. I loathed Vista with a violent passion, but it had this much excuse: that it was at least trying to be something different. 7 learned (and benefited) from Vista's mistakes.

3
1

In huge privacy win, US Supreme Court rules warrant needed to slurp folks' location data

veti
Silver badge

Re: Gorsuch's dissent FTW.

The question is, would "burning third party to the ground and pissing on the ashes" result in a different decision in this case? It's a yes/no question.

If no, then the question remains "why vote against the majority?'

If yes, then the question becomes "how do Gorsuch's high-minded opinions actually represent a net improvement to the private citizen?"

0
1
veti
Silver badge

Re: Gorsuch's dissent FTW.

If Gorsuch believes all that, then why did he dissent from the judgment? You're allowed to add a minority opinion even if you voted with the majority, you know.

Words are all very fine, but at the end of the day what sets the precedent is the decision.

12
3

Want to know what all that Fortnite hype is about? Whoa, Android fans – mind how you go

veti
Silver badge

Re: Not going to mention?

I don't see anything in that list that would deter - well, just about anyone I've ever met between the ages of 10 and 25.

8
0

US Supreme Court blocks internet's escape from state sales taxes

veti
Silver badge

Re: Better still ...

What on earth makes you think I'm blowing 90% of my income on stuff I don't need?

Newsflash, most of us working people actually budget quite carefully. Sure there's some wastage, but it's closer to 9% than 90%, and usually well below even that.

2
0
veti
Silver badge

Re: Easy prediction

Exactly how "off grid" can you be, and still have internet access?

6
0
veti
Silver badge

Re: Death and Taxes

What about the rates for a new item, not yet in anyone's database? Every jurisdiction has its own rules about how you decide what rate applies to what item. Who's gonna take responsibility for applying all those?

And once you've got this database up and running, and some idiot in Dogtown, Alabama decides to add a $0.10 levy to all drinks sold in bottles larger than 2 pints and containing more than 6.4% sugar content - who is going to update it with that information?

1
1

Shared, not stirred: GCHQ chief says Europe needs British spies

veti
Silver badge

Re: Coup

Oh yes... the army and the queen collaborating (!) to overthrow a duly elected government, in order to overturn a referendum decision.

What a brilliant idea, I can't begin to imagine how that might backfire.

No, wait a minute - that should have read "I can't begin to imagine how that could do anything other than backfire in the most horrible and explosive way possible".

If you want to see England (not the UK any longer) led by President Farage, locked in a civil war against Generalissimo Corbyn, then that might be the way to do it. If you'd rather go on living in some semblance of peace, however, it's probably not such a good idea.

0
2

Forums

Biting the hand that feeds IT © 1998–2018