* Posts by alain williams

991 posts • joined 29 May 2007

Page:

DJI: Register your drones or no more cool flying vids for you

alain williams
Silver badge

DJI are ripping off open source

I was given one of these ... it would not talk to my Linux machine, I then found that the firmware and MS .exes were built on Open Source (GPL) software. I asked for a copy of the source, they did not reply. this is all that I can find now.

1
1

7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

alain williams
Silver badge

It ought to have a pay-load

A dialogue box that pops up every 5 minutes that says:

You stupid pillock - you still have not applied the update from Microsoft. Do you want to be owned by something really malicious ?

4
0

Biz overlords need to give a stuff about what they're told by IT crowd

alain williams
Silver badge

responsibility to control access to data

only 46 per cent of CMOs and 44 per cent of IT staff thought that they had a responsibility to control access to personal data.

Maybe these people should look at the 7th Data protection principle:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

It would be interesting to see how many organisation break the 8th principle by exporting data to the USA - which does not have adequate protection in law of personal data.

5
0

Windows 10: Triumphs and tragedies from Microsoft Build

alain williams
Silver badge

Putty ....

You generally install it. But if you do so on Window 10 then you are compromising the *nix systems that you login to - that telemetry that can log all your key strokes.

11
11

Great Ormond Street children's hospital still offline after WannaCrypt omnishambles

alain williams
Silver badge

Any idea total cost ?

Anyone any idea of the total cost to the NHS of this debacle ? Human as well as financial.

Any idea of the cost world wide ?

3
0

Do we need Windows patch legislation?

alain williams
Silver badge

The blame here is firmly on those still using an operating system that is 16 years old.

Today is some 16 years after Windows XP was first released, but the important date is when machine were last sold with Windows XP - this was some time near 2010; so for those machines XP is only about 7 years old, but support ended in 2014 - when those machines were 4 years old. It seems to me that a computer that is 4 years old is still quite young, support should have continued longer.

9
4

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

alain williams
Silver badge

Blame those who did not replace ancient kit

*all* systems are capable of being 'owned' - assuming anything else is reckless. If you use such a system then you must accept that something bad could happen; air-gapping will provide a degree of protection but not a guarantee.

So: who uses ancient hit ?

* old desktops - not excuse; replace them

* embedded kit (eg ATMs, Point of sale terminals, MRI scanners). How long is this expected to work for ? If the manufacturer of a £150,000 MRI scanner gives the expectation that this will work for 20 years then they *must* provide security updates for all of those 20 years - no excuses. They will provide hardware support but just shrug their shoulders when asked about operating system updates. So the needed updates do not happen and they leave their customers open to the sort of thing that happened last week. Part of the reason is that they cannot update an old operating system - they do not have access to the code to do so.

Building long lived kit on top of Open Source software (eg Linux or a BSD) does give the maker the ability to back-port fixes to vulnerabilities. This is the only sane way of building kit that is expected to work for more than a few years.

4
2

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

alain williams
Silver badge

Re: Using Windows?

We use Windows PCs because a lot of the dedicated software we use won't run on anything else.

Aw, come on! The NHS is a large enough customer that if they wanted it on a Linux or BSD system the supplier would do the port.

10
8

Microsoft's Windows 10 ARM-twist comes closer with first demonstration

alain williams
Silver badge

Oh goodeee

it looks as if this will result in the market coming up with a better choice of ARM based laptops that I will be able to install Linux onto.

13
1

Beeb hands £560m IT deal to Atos. Again

alain williams
Silver badge

Cost of divorce

which is why when considering marriage, be that outsourcer, software supplier, ... part of the calculation should be: what will it cost to move away at the end ?

The supplier will, however, be doing its best, once the deal has started, to ensure that the divorce costs just rise. Think of the numbers who would like to move away from Oracle or Capita.

10
0

Just 99.5 million nuisance calls... and KeurBOOM! A £400K megafine

alain williams
Silver badge

0.4p per call ?

How much were they paid per call - the fine should be closely related to that.

Getting the fine from the directors: how about using the proceeds of crime act ?

15
0

Realistic Brits want at least 3 security steps on bank accounts

alain williams
Silver badge

Stop using your mobile 'phone

Not using a mobile phone would figure highly on my list of how to keep my bank a/c safe. Next: not to login there from a MS Windows machine.

It would help a lot of the banks stopped 'phoning their customers about whatever and as a first step ask the customer to verify who they were by answering security questions!

15
1

We are 'heroes,' says police chief whose force frisked a photographer

alain williams
Silver badge

Legislation will never be abused ...

we are always told. So why is anti terror legislation being used to terrorise photographers, I wonder what plans are being drawn up on who to abuse with the Investigatory Powers Regulations 2017 ?

3
0

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

alain williams
Silver badge

1 in 6,500 real time snooping

comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.

That makes the assumption that each person only has one Internet connection. For many it is 3: home, work & mobile. So double that number - at least.

1
0

Just delete the internet – pr0n-blocking legislation receives Royal Assent

alain williams
Silver badge

Anything in there about religious sites ?

Religion screws up far more young, impressionable minds than does porn.

41
2

Hackers uncork experimental Linux-targeting malware

alain williams
Silver badge

Run nmap occasionally ...

just in case you forgot to close that port that you opened for a 5 minute test last month:

nmap -A -T4 my.host.name

1
0

Uber cloaked its spying and all it got from Apple was a slap on the wrist

alain williams
Silver badge

Honesty

seems to be considered optional by many CEOs these days. However if you, as an individual, breach their terms of service they see no problems in acting against you.

23
0

Microsoft promises twice-yearly Windows 10, O365 updates – with just 18 months' support

alain williams
Silver badge

Re: Twice yearly roll out of incompatabilities

Eh ? (Please explain how they're going to break Linux)

How about change details of the SMB protocol and thus mounting of SMB shares no longer works.

3
2
alain williams
Silver badge

Twice yearly roll out of incompatabilities

Now that Microsoft has got a large number of machines being upgraded when it wants it can start to roll out code that breaks other systems; be they those who are still running old versions of Microsoft Windows (ie not 10) or those who run non Microsoft operating systems or applications. Eg Linux or LibreOffice. They roll out applications that handle a new file or wire protocol in March and then make it default in September, removing use of old protocols next March, so software more than 1 year old will then not interoperate with the latest stuff.

They will claim that this is all in the name of progress or fixing security vulnerabilities; but the real reason will that they will start saying how non Microsoft software is incompatible, not good enough, ... So LibreOffice (and similar) developers will have to waste a lot of time playing catch up while Microsoft sniggers.

Other software vendors play this game, eg Autocad is continually updating file formats which makes it hard for users of old versions to read files from a user of the latest versions.

This will also help with forcing people to take out a subscription: no subscription so you don't get the latest Microsoft Word ...

7
3
alain williams
Silver badge

Re: It wouldn't be a problem

A boon to hardware vendors -- "your wifi no longer works with the latest MS Windows; we do not support drivers for hardware more than 3 years old from time of first sale of that model"

7
2
alain williams
Silver badge

Re: Dear gods...

It took us about two years to migrate from RHEL5 to 6.

And now you don't need to do it again for 10 years - which is how long RHEL 6 is supported for (or longer if you want to pay a bit). Then you jump to RHEL 8 (or whatever is new then) and get another decade of stability.

11
1

Zuckerberg's absolutely mental: Brain sensors that read YOUR MIND at 100 words a minute

alain williams
Silver badge

Words per minute ???

Surely the wrong units; if you get a direct feed into the brain the units of information are going to be something like: memes or gestalts.

A word is only one way that we communicate these internal entities to others; it is because of the limitations of our input/output hardware (ears/mouth/...). If you can interact directly with the brain then you can access the underlying units of thought.

1
0

Alert: Using a web ad blocker may identify you – to advertisers

alain williams
Silver badge

Computer misuse act ?

All that code that these ad slingers are running on my machine (in my browser). Did they ask me permission to do that ? No! I give implicit permission for Javascript to help with the page layout, form manipulation, ... but not for them to Sherlock who I am, if I want to let them do that then I agree to keep one of their cookies -- all else is without my permission.

Having said that our chocolate teapot that is the ICO would just find an excuse to not do anything.

So: should they have to ask permission to run this stuff, how many users would that turn away ?

1
0

Linux remote root bug menace: Make sure your servers, PCs, gizmos, Android kit are patched

alain williams
Silver badge

android ecosystem ...

like my Samsung smart-phone - they stopped producing updates very quickly. I asked and was told that they had determined that ''the last update provided what their customers needed'' - translation ''we have sold it and can't be bothered to maintain it, we would rather that you bought a new one''.

18
0

Hundreds of millions 'wasted' on UK court digitisation scheme

alain williams
Silver badge

Agile is OK for ...

* small projects that are easy enough for people to fit all the components into their heads at once.

* prototyping/mock-ups.

Anything seriously big needs proper design, otherwise the obvious things are done and the corner cases forgotten and the various pieces don't quite fit well with remote components.

The other thing about this project is that it will result in UK government outsourcing a lot of work to call centers, etc, India at a loss of UK jobs and skills - it might save MoJ some money but will end up costing the treasury many times more: less tax receipts and more dole money.

13
3

Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

alain williams
Silver badge

Start a croudsourced fund ...

how long before we raise enough $$ to buy and publish D Trump's web browsing history ?

13
1

UK digital minister Matt Hancock praises 'crucial role' of encryption

alain williams
Silver badge

Re: Can do. But shouldn't?

ALL the information you need to reverse-engineer the private key is present in the public key, but there is NO practical way to recover it.

But how do you get the public key ? You get it over the Internet. This makes you vulnerable to a man-in-the-middle (mitm) attack -- where someone sits between the 2 parties and decrypts/re-encrypts the data. This would be expensive for the spooks to do, but they could do it for individual high interest targets.

This is why we have CAs (Certificate Authorities), they allow the web browser to check the public key so that a mitm attack cannot work. This relies on the CA's own certificates being kept private.

There is no guarantee that the CA's certificates are not known by the spooks. I would be surprised if NSA/GCHQ did not have most of them.

Because PGP allows you to check a remote user's key by other means [remember key signing parties ?] its keys are not so easily compromised.

Summary: public key exchange encryption can already be broken. PGP looks still safe.

0
0

Microsoft delivers secure China-only cut of Windows 10

alain williams
Silver badge

Re: So...

Do they actually get a non-spying version of windows 10 or just one where the chinese government is spying on them ?

That is one of the advantages of closed source software: the users do not know.

17
2

DNS lookups can reveal every web page you visit, says German boffin

alain williams
Silver badge

www.theregister.co.uk

I got different from the one in the article, but they use cloudflare - a CDN.

More importantly: the addresses are IPv4 ones, when is El-Reg going to go IPv6? Even Virgin Media say they will support IPv6 - so why not El Reg ? I have had it at home for 6-7 years.

0
0

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

alain williams
Silver badge

How long do you want to eat porrige for ?

The sentence for 'forgetting' a password, or the sentence for having files that contain: kiddie-porn/bomb-making-instructions/... ?

Work out which is the shorter before you decide if you can remember the password.

2
0

Dormant Linux kernel vulnerability finally slayed

alain williams
Silver badge

Should have used Windows...

Where, because it is closed source, you don't have a clue what bugs have been fixed let alone how long they have been there.

7
1

Do you use .home and .mail on your network? ICANN mulls .corp, .mail, .home dot-word domains

alain williams
Silver badge

.local

Well, at least they have not proposed a TLD of .local -- yet.

6
0

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

alain williams
Silver badge

Sometimes I can't use a long password

There are some systems that: impose a maximum length on passwords, fold upper to lower case, complain if I use anything other than alpha numerics, ...

Let's start complaining about the systems that prevent the use of good passwords.

61
0

Cold callers illegally sold Aussie farmers 1,700 years worth of printer ink

alain williams
Silver badge

Who paid the fine ?

Should have been paid by the cold calling individuals - not the company. Penalise the individuals and they might change their behaviour. Penalise the company and they will see it as just another business cost - this time they got caught, plenty of other ones they did not.

This is what is needed in the banking system - but will not happen, politicians get too many lucrative consultancies once they have left office.

1
5

URGH – bitter taste! Sage hikes One SaaS price 50 per cent

alain williams
Silver badge

Re: Locked and loaded

The big bonus is that when you go bust ...

the receivers don't sell my confidential data to the highest bidder; might not be allowed in the UK but it does happen in the USA.

1
0

YouTube TV will be huge. Apple must respond

alain williams
Silver badge

Re: Once you have accustomed people to watch things for free...

Watching Youtube was never for free. Granted you did not fork out cash but you paid by watching adverts and helping google build its profile of you (what you like to watch) so as to better push adverts at you.

Free is one of the most abused words on the Internet.

5
6

Linus Torvalds lashes devs who 'screw all the rules and processes' and send him 'crap'

alain williams
Silver badge

Which bridge is being repaired today ?

Something must have caused the Redmond loving trolls to come out into the sunshine.

16
3

Awkward. Investigatory Powers Act could prove hurdle to UK-EU Privacy Shield following Brexit

alain williams
Silver badge

It will be fudged

as ever with this sort of thing. Our Pry Minister (T May) will never give up on the ability to stick her nose into everyone's business.

If really pushed hard, they will change the law and just do it anyway under some obscure ministerial power.

4
1

Smart meter firm EDMI asked UK for £7m to change a single component

alain williams
Silver badge

You forgot to mention: sell your energy use profile to ... someone will want to buy that; even if only ''private'' deals between energy staff and their burglar mates who want to know when you are away on holiday.

4
0

Gov wants to make the UK the 'safest place in the world to go online'

alain williams
Silver badge

Trying hard to give the appearance of being useful

Government just chasing the wrong target - again; they seem to think that the only people who matter are tut-tutting Daily Mail readers. This is the lot who have come out with the mind boggleinglly stupid guidance that Streets should not be named after local heroes ‘in case they are paedophiles'.

Do we know what is current government guidance at tilting at windmills ?

8
0

How to nuke websites you don't like: Slam Google with millions of bogus DMCA takedowns

alain williams
Silver badge

Re: Not accidental

Maybe make a complaint about the lawyers doing a DDOS. I suspect that if we thought hard enough about it we could find a way of making them guilty under a computer misuse act or similar.

7
0

Elon Musk promises Tesla investors Trump won't send him to Mars

alain williams
Silver badge

Of course they would say that ...

they want to catch him unawares when they bundle him into that rocket ...

1
0

Intel scales Atom to 16 cores, updates Xeon SoCs

alain williams
Silver badge

Get into cars !!!

I do not want the VM that is controlling my car brakes to be on the same piece of silicon that was running the kids' shoot-em-up game (or grand theft auto). Even with best effort today some future exploit could slow down the brake VM. In fact I would be even happier if non-core car driving functions were isolated onto a separate network within the car.

Sorry Intel: I'll just say ''no''.

7
0

EU privacy gurus peer at Windows 10, still don't like what they see

alain williams
Silver badge

Re: What information does Win 10 slurp?

OK: that is what they say. How can an owner of a MS Windows 10 machine actually see (read) what is being sent to Redmond ? Until the owner can see (in plain text - with good documentation that fully describes the XML or whatever) then it is not transparent.

7
0

'I'm innocent!' says IT contractor on trial after Office 365 bill row spiraled out of control

alain williams
Silver badge

Re: Depressingly familiar

No need to put it in the contract, just something at the bottom of invoices reminding them of the 'Late Payments of Commercial Debts Regulations'.

I wrote a calculator for the statutory interest that you can claim: Statutory Interest Calculator

8
0

Corpse of US anti-spying law unearthed, reanimated, pushed blinking into the sunlight

alain williams
Silver badge

When has that ever stopped them ?

How many years before they are given retrospective permission ?

3
0

GRAPHENE: £120m down, UK.gov finds it's still a long way from commercial potential

alain williams
Silver badge

Only £120 million & a few years ???

and the muppets expect a huge return! They don't have a clue as to how real new science and innovation works. It is not like a bank/stock-market where you give them some money and they rip others off to give you a return; for a start £120 million would not be enough to get bankers interested.

We are looking at something completely new.

Some organisations will be taking paths that lead somewhere useful, others down blind alleys. The only way to tell the difference is to walk the paths.

With innovation: there is no timetable and no guarantee of anything!

15
1

Brave VMs to destroy themselves, any malware they find on HP's new laptop

alain williams
Silver badge

When is this activated ?

It seems to me that this will depend on the user doing something. That depends on:

* the user being aware that something untowards has happened

* the user knowing that they can or should do something - and what that is

* the user caring: ''it is an IT problem''.

4
0

Oracle settles court spat with fired cloud 'sales inflation whistleblower'

alain williams
Silver badge

Where should the buck stop ?

Surely anywhere other than the very top would be wrong. It is Larry who sets the culture and is the one who could change it.

However: it seems accepted that those working in corporations can lie and get away with it. It is not just politicians who lie, although maybe that is the reason why nothing is done about it.

3
0

Thought your data was safe outside America after the Microsoft ruling? Think again

alain williams
Silver badge

Re: America's increasing isolation

Once US law compels multinationals to violate other nations' laws, I think it's pretty much inevitable that America will become ostracised (both digitally and in many other ways too) from the rest of the world,

I would love to agree with you. However who cares ? :

* corporations: don't give two hoots about (their customers') privacy. If using infrastructure in the USA saves them 0.5% costs they will do so. They will give lip service to privacy, just another corporate lie.

* governments: most of them want access to all your data and will strike private deals with the USA. A few push back, England is not one of those.

* individuals: most look at me puzzled or think "there goes Alain again" when I talk about privacy and turn to look at their facebook page.

* el-reg (& similar) readers: but we are in a minority.

Sigh :-(

24
3

Page:

Forums

Biting the hand that feeds IT © 1998–2017