* Posts by alain williams

1050 posts • joined 29 May 2007

Page:

Sysadmin tells user CSI-style password guessing never w– wait WTF?! It's 'PASSWORD1'!

alain williams
Silver badge

Re: "They looked for the password on the CD . . ."

Some 8 years ago I opened a bank account with Santander, they did not understand security:

* they sent the username for on-line banking in a clear text email; the password was in another email sent 1/2 second later.

* we went in, took all the documents needed to open a bank account (passport, etc); they took a copy; a month later ''we have lost them, please scan and send the images by email". (I refused to do so)

* I complained that important, security related documents were lost. They assured me that they were quite safe: but were unable to explain how they knew so since they did not know where they were.

And so it went on. The account has been closed for many years, final statement showing a NIL balance - but every 6 months I get a letter telling me that there are a couple of quid there (I have checked - there is not).

Muppets

24
0

IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack

alain williams
Silver badge

Where to hide a logic bomb?

Unless you are of the mindset of a suicide bomber the most important thing is plausible deniability. Make it look like a logic error -- a bug.

9
0

Ah, good ol' Windows update cycles... Wait, before anything else, check your hardware

alain williams
Silver badge

Re: I'm confused

I don't understand how the security of a device is dependent upon its bus width.

More room for ASLR (Address Space Layout Randomisation), which makes buffer overflow attacks harder to exploit. Windows 10 uses so much RAM that there is not much left over for ASLR if all that you have are 32 bits of virtual address space.

My guess anyway.

8
1

Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds

alain williams
Silver badge

Re: Certificates

But were the packages not signed with the public key of the software vendor/distributor ? Or are we dealing with a bunch like slack ?

OK: I don't know how this is done in the windows world, and if you have never installed anything from the vendor you will not have the key (so getting it could be spoofed) ... but Skype is from Microsoft and so the Windows machine will have their signing key ... so if the installer does not complain we need to ask how the spooks got their malware signed to make it look legitimate.

0
1

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

alain williams
Silver badge

It isn't that hard to do

Even I do it for the tiny repo that I have created - mainly for my own convenience.

Words are always cheaper than actions; so do they have a blame-someone-else script already written if/when it is hacked again? I notice that it was hacked in February 2015.

9
0

UK Prime Minister calls on internet big beasts to 'auto-takedown' terror pages within 2 HOURS

alain williams
Silver badge

Please start with all T May utterances

because, by gum, she sure terrifies me. If she wasn't a woman she would be wearing a Joe Stalin moustache by now. She is not called the Pry Minister for nothing.

34
1

More data lost or stolen in first half of 2017 than the whole of last year

alain williams
Silver badge

What do you mean by ''lost'' ?

I suspect that you mean ''laptop left on train'', or similar, ie misplaced - and possibly in the wrong hands.

This is very different from ''data accidentally deleted''. There is sometimes a requirement for data to be kept for certain periods. I observe that embarrassing data, especially when asked for by a subject access request, has a propensity to become ''lost - accidentally deleted''.

These two should be counted separately.

Could we please start calling the ''left on train'' incidents ''misplaced'', not ''lost''.

1
0

Black screen of death after Win10 update? Microsoft blames HP

alain williams
Silver badge

Rather than blaming each other ...

Microsoft and HP should get together and produce a fix. Customers don't care who broke it.

31
0

What's that, Equifax? Most people expect to be notified of a breach within hours?

alain williams
Silver badge

Words are cheaper than sysadmin time

'nuff said.

21
1

123-Reg customers outraged at automatic .UK domain registration

alain williams
Silver badge

Unsolicited Goods Act 1971

This makes unsolicited goods something that the supplier cannot demand payment for. This is 123reg trying to indulge in inertia selling ... so if they renew the domain without the customer saying they want it: then they are acting illegally.

Not that acting illegally seems to bother many businesses these days.

If they grab the money from your bank account: just get the bank to reverse the charge and let 123reg whistle for their money.

20
0

How alien civilizations deal with climate is a measure of how smart they are. Just sayin'...

alain williams
Silver badge

What is meant by 'advanced civilisation'

Most people think that this means that the boffins has worked out how to do all manner of technical wonders.

Just as important is: have the politicians grown up enough to not destroy the planet. I used to think that this meant not throwing nukes around, but increasingly realise that it means controlling expansion and population growth to what the ecosystem can sustain.

Of the two: the harder is the politics. Politicians are just big children who have the gift of the gab and persuade the rest of us to vote for them (or self interested psychopaths who become dictators). They have little interest in the long term of anything (including the ecosystem) as long as they get what they want now.

8
3

Close Encounters of the Kuiper Belt kind: New Horizons to come within just 3,500km of MU69

alain williams
Silver badge

It is a long way away from the sun

how much light is there there for taking pictures ?

2
0

80% of IT projects in public sector delayed due to IR35 – report

alain williams
Silver badge

The duty to pay taxes ...

is something that middle class people must do. It is not a burden that is to be felt by the very rich or by large corporations.

If large corporations were made to pay taxes just like the rest of us: where would all those nice consultant type jobs come from once MPs and top civil servants retire ?

20
1

Chinese smartphone cable-maker chucks sueball at Apple

alain williams
Silver badge

I can see the value in certification

to assure users that the the cable/... will not damage their expensive iBling.

I cannot see why Apple would want a chip in the cable ... to me this smells like printer vendors putting chips in printer ink cartridges - as a means of trying to stop perfectly good independent suppliers from undercutting their overpriced stuff.

27
2

US government: We can jail you indefinitely for not decrypting your data

alain williams
Silver badge

There is an easy way out ...

He needs to get a diagnosis for Alzheimer's disease -- hard for the prosecutors to then show that he can remember any passwords. Once he is released he just needs a quick visit to Ernest Saunders' physician and can resume his life.

18
0

Mazda and Toyota join forces on Linux-based connected car platform

alain williams
Silver badge

If I don't want any of it ...

will it still play the radio and CDs without needing to pollute my 'phone with some privacy destroying app ?

5
0

Boffin rediscovers 1960s attempt to write fiction with computers

alain williams
Silver badge

Computers that write fiction ?

Happens all the time -- look at anything that generates management reports.

26
0

Intel ME controller chip has secret kill switch

alain williams
Silver badge

Re: I guess I know what architectures to avoid...

What would be far more useful is a list of architectures that I can trust.

16
0

VW engineer sent to the clink for three years for emissions-busting code

alain williams
Silver badge

Good start ... what about

the managers who knew about it and probably asked him to write the code. This needs to go up as high as possible in the management structure. Most of them are probably happy that someone else has taken the blame.

The only way of making change is my making it so painful for the read decision makers that they, and their successors, will never do this again.

14
1

Forget trigonometry, 'cos Babylonians did it better 3,700 years ago – by counting in base 60!

alain williams
Silver badge

Re: So much for digital

I always thought that they used 60 because 6*60 gives you about the number of days in a year and that a circle has 360 degrees because every day you move about one degree around the zodiac.

9
0

Identity fraud in the UK at 'epidemic' levels as cases rise 5% – report

alain williams
Silver badge

"It won't hurt me"

is the comment that most of my friends make when I tell them to be careful, use different passwords, ...

They just think me strange because I am careful about security and privacy.

16
0

Ubuntu sends trash to its desktop's desktop

alain williams
Silver badge

Trash can icon ?

Don't use it ... the rm command works nicely for me.

6
1

Nosey ex-NHS staffer slapped with fine for illegally peeking at medical records

alain williams
Silver badge

How many more ...

do this but are not caught ?

8
0

Revealed: The naughty tricks used by web ads to bypass blockers

alain williams
Silver badge

Computer misuse act ?

They are deliberately acting against what they know that the PC owner wants and getting his PC to do things that they know that s/he does not want to do. A prosecution would be nice. Company is in the USA so go after some of their UK based clients.

22
0

PayPal splashes cash on biz that persuades folks to splash cash online

alain williams
Silver badge

Is PayPal giving purchase history ?

PayPal is in a good position to know what people have bought. So does 'partnering' mean 'we tell you about what they have bought so that you can send them more spam' ?

If so then this is one less reason to go anywhere near PayPal.

11
0

Autonomous driving in a city? We're '95% of the way there'

alain williams
Silver badge

Caesium Microsoft-Azure-based shuttle management system

Ohh, err .... building anything that people's lives depend on top of a Microsoft system is ... foolish to say the least. Look at the recent Wannacrypt debacle, or lots of unexpected shutdowns, ...

No way!

11
8

Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested

alain williams
Silver badge

Gary McKinnon

This is much the same thing. Guy discovers gaping hole in computers, is held to blame and arrested - this is an attempt by the site owners (in this case USA military) from having to admit that their own staff are incompetent. It is called saving face that just ends up showing the site owner to be arrogant & stupid.

5
10

Moneysupermarket fined £80,000 for spamming seven million customers

alain williams
Silver badge

Re: £80,000 for sending 7.1 million

Fine £80,000 - new business as a result £xxx ??? The fine should be in excess of what they gained otherwise fines will just be seen as an extra cost.

Also: 1/2 the fine should be paid by board members, personally - out of income after tax. Unless it hurts someone in authority: behaviour will not change.

12
0

School of card knocks: Russophone criminals offered online courses in credit card fraud

alain williams
Silver badge

I hope that PC Plod ...

will pay up and send a delegate on this course. Probably nothing new for him, but there might be a novel trick. Next Plod should have a publicity campaign on how to avoid being duped by the new crims who learn their trade on this course.

3
0

Nearly three-quarters of convicted TV Licence non-payers are women

alain williams
Silver badge

Re: How can they make a profit from it?

The website where you can register as not having a TV asks for too much information.

Why do you need to register that you don't need one ?

If you really do not need one, then just don't buy one. If they come round, just say that you don't need one. You don't need to tell M&S that you do not need any new shirts.

If you are feeling nice you could write them a letter, but I cannot see why you are under any obligation to do so.

28
0

Wi-Fi firm Purple sneaks 'community service' clause into its T&Cs

alain williams
Silver badge

Re: Form Gov.UK

So unfair terms are not enforceable if you want to challenge them. AKA call trading standards.

Good luck with that. If you 'phone them these days you are generally routed to Citizens Advice. Neither of these have much money and tend to ignore what you tell them.

5
0
alain williams
Silver badge

I am a nerd, I read T&Cs before clicking 'agree'

I have not taken some 'services' because I did not like the T&Cs.

Some, unfortunately, one does not have the choice - like some government sites where the T&Cs are complete cobblers.

The clause that I hate the most is the one that says ''we may change these T&Cs at any time, you agree to check for updates'' - how often am I expected to read umpteen pages of drivel with no indication of if (and where) changes have been made?

These clauses should be outlawed.

38
0

Slower US F-35A purchases piles $27bn onto total fighter jet bill

alain williams
Silver badge

How many hospitals is that ?

If we spent 1/2 of that money on the NHS instead how many more lives would we save ?

27
10

Better mobe coverage needed for connected cars, says firm flogging networking gear

alain williams
Silver badge

Re: STOP this nonsense forthwith ...

it won't have a kill switch in it

A few minutes with a pair of pliers will soon fix that, or wrap its aerial up with a bit copper sheeting.

I'll probably need to re-enable once a year as the tossers will likely make their spy system part of the MOT.

2
0

FREE wildcard HTTPS certs from Let's Encrypt for every Reg reader*

alain williams
Silver badge

What is the GCHQ/NSA take on this ?

Given the ongoing set of wikileaks revelations I would be surprised if they did not have a means of subverting Let's Encrypt.

5
0

While USA is distracted by its President's antics, China is busy breaking another fusion record

alain williams
Silver badge

Who still uses farenheight for things like this ?

and giving both Kelvin & Centigrade is really not needed. I might understand if this was Fox News or The Sun ... but I most El Reg readers are reasonably bright, I doubt that anyone would not grok Kelvin.

36
2

Civil rights warriors file US lawsuit: Let us see Five Eyes agreement

alain williams
Silver badge

And if they get something ...

how good a description do they expect it to be of what actually happens ?

8
0

Feelin' safe and snug on Linux while the Windows world burns? Stop that

alain williams
Silver badge

They backport security fixes so that holes get closed without affecting any of the functionality of the software in question.

All decent OS vendors do that. RedHat do the same (Red Hat Enterprise, CentOS), as do Suse and, I suspect, other Linux/Unix distros. Microsoft seem to as well ('seem' - this is what I read, I don't use any MS product).

Where they vary is how quickly they backport fixes and how far back they do it - ie how long something is supported for.

4
0

CityFibre snaps up Entanet for £29m and plans to raise £185m

alain williams
Silver badge

Oooh, errr

I have been with Entanet for 8 years ... maybe time to start looking at jumping elsewhere.

1
0

One thought equivalent to less than a single proton in mass

alain williams
Silver badge

Does is depend on who's thought ?

Does an Einstein thought weigh the same as a Paris Hilton thought ?

1
0

GnuPG crypto library cracked, look for patches

alain williams
Silver badge

Re: "“We show for the first time that the direction of the encoding matters:"

It's a library specifically labelled for cryptography. It's likely to have been high on their study list.

And they probably found it and would have known that their counterparts in <insert name of currently despised foreign power> would probably have also found it. But rather than protect us by having a quiet word with the GnuPG maintainers they chose to not tell anyone -- presumably hoping to break crypto on messages.

One does wonder which side the TLAs are on ? The general population or some shadowy masters ?

13
0

NASA: Bring on the asteroid, so we can chuck a fridge at it

alain williams
Silver badge

Re: Perhaps...

I read the article hoping to see that they were going to use that fridge for something really important, like keeping their beer cool ... but no :-(

3
0

Kaspersky repeats offer: America can see my source code

alain williams
Silver badge

Re: America can see my source code

Besides, if you take your argument into its logical conclusion you should not buy Windows either, in which case you no longer need Kaspersky, solving two problems at once.

1) I don't buy (or use) MS Windows

2) I don't need (or use) Kaspersky

7
6

Oh my Word... Microsoft Office 365 unlatched after morning lockout

alain williams
Silver badge

Please explain to me ...

how running an important application ''out in the cloud'' is better than running on your own machines ? It is not just subject to failures of the cloud provider, but also vulnerable to that man who goes round the country in a JCB randomly digging up network/broadband cables. Not to mention the privacy/security aspects (who does the cloud provider share your data with ?)

OK: you can save a bit by not employing a sysadmin or bothering to do your own backups, but how much does it cost to not be able to do anything for 1/2 a day (or more) ?

BTW: this is NOT a flame against Microsoft, but any vital cloud based service.

54
2

HMS Windows XP: Britain's newest warship running Swiss Cheese OS

alain williams
Silver badge

Don't need an Internet connection

Somehow I don't think warships are connected to the Internet

The SS Yorktown in 1998 was not connected to the Internet, but a rogue packet in the ship's intranet took the MS Windows XP machines down and it needed to be towed back to port.

Maybe the Royal Navy wants to shows that it is also capable of gross cock up ?

14
3

Tech giants flash Russia their code blueprints in exchange for access

alain williams
Silver badge

This is why it is so stupid ...

of the likes of GCHQ and the NSA to hoard vulnerabilities that they find. The Russians, and likely other ''bad guys'', are probably going to find the same set of vulnerabilities.

If they really wanted to do their job of protecting us they would tell the vendor and we would all be a lot safer.

15
0

Google to remove private medical data from search results

alain williams
Silver badge

Removed from search results ...

but no comment about removing it from the profile that is built about you to help google target you with more adverts.

9
0

IoT coverage for 95% of UK by 2019? We can't even do 4G, Sigfox

alain williams
Silver badge

I can see myself buying

lots of copper sheeting with which to wrap aerials for things that I buy that do not come in non IoT versions.

6
0

Operators and vendors agree that Europe is falling behind in 5G

alain williams
Silver badge

Does anyone really care ?

Good, reliable 3G connectivity everywhere that I go is what I want.

4
0

I still haven't found what I'm malloc()ing for: U2 tops poll of music today's devs code to

alain williams
Silver badge

No vocals

I find that words distract (maybe uses the same part of my brain that I use for coding), so pure instrumental works for me - classical is great, baroque is best (most modern/pop is crap anyway).

3
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017