* Posts by Alister

3178 posts • joined 19 May 2010

Big Falcon Namechange for Musk's rocket: BFR becomes Starship

Alister
Silver badge

Re: Starship

If he'd stuck with names from Ian Banks novels, he could have had: "Prosthetic Conscience" or "So Much For Subtlety" either of which sum up Mr Musk, I thought.

8
0

Behold, the world's most popular programming language – and it is...wait, er, YAML?!?

Alister
Silver badge

Re: Miss the point much?

@PerlyKing

Just because yaml.org have tried to rewrite history doesn't make it true.

When it was first introduced, YAML was indeed Yet Another Markup Language, and not the pretentious self referential bollocks they are now claiming in an effort to make it a look like legitimate programming language.

9
0
Alister
Silver badge

The world's most popular programming language, according to devops biz Datree.io at least, it not Java, JavaScript, nor Python. Rather, it's YAML

<Cough> Bollocks </cough>

Oh, I'm sorry, did I type that out loud?

47
0

Vision Direct 'fesses up to hack that exposed customer names, payment cards

Alister
Silver badge

Having a good score on securityheaders.io does not mean your system is secure (e.g. unpatched CVEs, insecure server config, etc) but having a bad score does tend to indicate that the devs are probably not paying attention to best practices

That's nonsense, it simply means that the devs haven't implemented all the headers that Scott feels should be there - two of which, by the way are still very much experimental, but he still marks you down for.

You might notice that www.google.com only scores a "C" on Scott's site, but that doesn't mean they are shoddy or third rate, it just means they've chosen not to implement CSPs etc.

if they haven't bothered to set CSPs or the HSTS header (on an e-commerce site which should be all-HTTPS all-the-time)

The HSTS header serves no useful purpose if your site / server only responds on HTTPS, and has no HTTP bindings.

As for Content Security Policies, they are fine if you control all of the content appearing on the site.

However in practice, if the site is hosted by one company, on behalf of the client (in this case Vision Direct) and the client regularly employs SEO consultants who change their minds every 3 months, or the client wants to generate Ad revenue, then you end up with a site full of javascript from multiple domains, none of which you have control over.

It becomes impossible to create CSPs that don't inadvertently break one or other tag manager, tracking pixel or whatever.

I'm not advocating that this is right or proper, but it is the reality of hosting e-commerce sites on behalf of third parties.

It would be great if we could dictate to clients that they must only use content providers we approve, or not use third-party script etc, but we wouldn't have a business for very long if we did that.

0
0
Alister
Silver badge

As always with PCI, if there are compensatory controls in place and documented, then it can be PCI compliant.

One of our environments has to still support TLS1.0, because a high percentage of the clients connect using it, and we have no control over the clients.

That's why I said it would be a business decision. If turning off TLS1.0 breaks your site for 40% of it's users, then you don't do it. It is entered on the risk register, and the QSA will sign it off.

1
0
Alister
Silver badge

however they had completely inadequate security against an attack like this and were not following PCI best (required?) practice.

That's rather a large assumption to make based on Scott Helms' IO headers site, which is mostly bollocks.

If you use htbridge.com or ssllabs.com then the site scores an "A" in both cases, and if you look at visiondirect.co.uk it scores "A+" even though it still supports TLS1.0 - which is probably a commercial decision.

3
0
Alister
Silver badge

Should have gone to SpecSavers

Well someone had to say it...

18
0

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

Alister
Silver badge

Re: Just use Tor.

There are many cases where hostile sites block Tor exit nodes

That's probably because a high percentage of the traffic coming from Tor exit nodes is malicious.

7
0

Britain may not be able to fend off a determined cyber-attack, MPs warn

Alister
Silver badge

They wouldn't have to invest so heavily in "cyber" security if they hadn't systematically pushed the utility companies into using the Internet for their critical infrastructure.

Time was when electricity, gas, water, railways, nuclear etc, etc used private circuits to do all their internal telemetry and monitoring over, and you would have had to work quite hard to break into them.

11
4

Finally a platform for train puns: IBM Halt station derailed

Alister
Silver badge

There's some great place names in that song.

"At Chorlton-cum-Hardy or Chester-le-Street"

1
0
Alister
Silver badge

@ Ian Johnston

Well going by that list, most of Wales and the Highlands of Scotland should have their rail services discontinued as well...

Shhhh, don't give them ideas!

6
0
Alister
Silver badge

So it will no longer be IBM's Platform-as-a-Service...

28
0

Where to implant my employee microchip? I have the ideal location

Alister
Silver badge

Re: 'One day he'll give up and take a dump on my pillow instead'

Blimey! Are you Pterry re-incarnate?

I've never seen so many footnotes. (No, not even on AFP).

10
0

Court doc typo 'reveals' Julian Assange may have been charged in US

Alister
Silver badge

That's unfortunate, it gives the whinging twat the opportunity for lots of "I told you so" smugness.

I was hoping he would just whither away in obscurity.

14
9

Creepy or super creepy? That is the question Mozilla's throwing at IoT Christmas pressies

Alister
Silver badge

Re: Rotate the Pod Door, HAL

I'm sorry Dave, but the Pod door cannot rotate. I can open the Pod Bay door for you, or rotate the Pod for you, which would you prefer?

2
0

Japanese cyber security minister 'doesn't know what a USB stick is'

Alister
Silver badge

A prime example: Michael Gove.

He's been, successively, Sec State for Education, Sec State for Justice, Sec State for Environment, Food and Rural Affairs, and now they want to make him Sec State for Brexit.

I doubt that he has any expertise in any of those diverse subjects.

36
1
Alister
Silver badge

Re: That's nothing

"There's desktop engineers still walking about that couldn't tell you what USB stands for."

Useful Sticky-in Bit

36
0

Openreach v Ofcom dark fibre legal bill bounced back to Competition Appeal Tribunal

Alister
Silver badge

such a pawltry amount

NIce! a cross between poultry and paltry. maybe?

3
0

That Old Time 2018 IT songbook: Verity, Verity - give us your lyrics, do! We're half crazy, all for the love of you

Alister
Silver badge
Thumb Up

Re: Yay! Stob!

@Geoffrey W

You're absolutely right, I missed the September one. Thanks!

1
0
Alister
Silver badge

Yay! Stob!

Far too long since the last one, but thank you, it was worth waiting for.

Now wandering round the office singing:

"Six foot, seven foot, eight foot BUNCH! Daylight come and me wan' go home"

RIP Dave Neal.

17
0

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

Alister
Silver badge
Thumb Up

Re: No way ready!

Dammit Lee, stop writing things I agree with...

;)

8
0

Microsoft lobs Windows 10, Server Oct 2018 update at world (minus file-nuking 'feature') after actually doing some testing

Alister
Silver badge

PCI compliance

We got marked down the other day for some of our Server 2016 instances, as they hadn't got the latest patch applied - fuckwits.

You can't win, can you. You either roll-out patches immediately, and risk being an unwitting beta-tester, but be compliant, or you wait, and test, and wait for Microsoft to fix it, and then get called out for being cautious.

Gaaaaaah!

7
0

Rocket Labs mean business, Brits stick pin in Mars map, and Japan celebrates HTV-7’s dive into the atmosphere

Alister
Silver badge

Re: Ooh err missus--

Bloody stupid computer autocorrect that doesn't recognise the word ether.

AI - yeah, right...

3
0

Bloke jailed for trying to blow up UK crypto-cash biz after it failed to reset his account password

Alister
Silver badge

Re: Counter Terrorism Command?

@jake

Every major city that I am aware of (and quite a few minor ones!) has had a Bomb Squad a lot longer than the current fad of calling anybody who sneezes at the wrong time a "terrorist" has existed.

That may be the case in the US, but it's not in the UK.

Most bomb disposal teams are provided by the armed forces. Individual Police services are unlikely to have EOD abilities, with the exception maybe of the Met.

1
0
Alister
Silver badge

Re: Counter Terrorism Command?

I would suppose that the necessary skills for dealing with bomb attacks fall most easily under the counter terrorism umbrella, rather than any other branch of the law enforcement services.

5
0

Junior dev decides to clear space for brewing boss, doesn't know what 'LDF' is, sooo...

Alister
Silver badge

Shrink an LDF file?

Back when I was less old, and less bitter and twisted, I remember asking the boss how to shrink an LDF file on an older version of MS SQL.

His response was that I should stop the server instance and delete the LDF file, then restart the service, and it should create a new smaller one...

So I did...

Good thing I copied the LDF file to another location, 'cos when I tried restarting the service it wouldn't come back up, and it definitely didn't create a new fresh transaction log like he said it would!

25
0

My hoard of obsolete hardware might be useful… one day

Alister
Silver badge

@Kubla Cant,

I agree, if it were me I'd have done it in the living room :)

There was a very nice little winch and a big RSJ in the roof over the loft hatch. He'd obviously planned it carefully...

But that said, he still would have had to lug the engine, and all the tools, up the stairs.

7
0
Alister
Silver badge

My wife's uncle died earlier this year, and the family gathered round to undertake the task of clearing his house (he lived alone). He was a motor mechanic, who at various times had worked for a number of race and rally teams.

The house was as you might expect from a long-term batchelor, with car magazines piled up in stacks in the living room, new forms of life growing in the kitchen, and take-away food containers and pizza boxes much in evidence.

Upstairs (in a three-bedroom house) one bedroom was in use, the other two were full of all sorts of junk, masses of broken car parts: old batteries, cylinder heads, carburettors, you name it, it was there, covered in oil or rust or worse.

Climb up into the loft, and it was a different world!

A clinically clean, white painted room, with work benches round the walls, racks and racks of tools all carefully placed in order of size, and various bench tools - small lathe, grinder, pillar drill etc, all immaculately clean, and in the center of the floor, on a stand, a Ford Cosworth V6 engine in the process of being rebuilt.

We were at a loss with what to do with it all - we certainly couldn't just let a house-clearance gang touch that lot!

38
0

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

Alister
Silver badge

@mark jacobs

You seem to have a misunderstanding of the "breach".

Thieves used valid usernames and passwords leaked from other sites, not from the HSBC site, so whether HSBC salted their hashes or used HTTPS is irrelevant.

0
0
Alister
Silver badge

I don't know about the US HSBC Online Banking site, but for the UK one you have to use a unique numeric ID, a passphrase, and an electronic pin generator to access your account. It would therefore be unlikely in the extreme that you could use the same credentials anywhere else.

9
1

'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

Alister
Silver badge

the charge of "Damage to a Protected Computer"

Really?

DDoS is "damage" now, is it?

1
1

Mything the point: The AI renaissance is simply expensive hardware and PR thrown at an old idea

Alister
Silver badge

Re: at Last

I would love to hear a comment on the state of the game from an actual AI researcher

Um: Andrew Fentem has worked in human-computer interaction research and hardware development for over 30 years

Not good enough for you?

9
2
Alister
Silver badge

Thank you!

Thank you for a reasoned, common sense article on the realities of AI.

And thank you particularly for reminding me about Thompson's designer, I too remember reading about it in the 90s, and being fascinated that the circuit evolved to use properties of hysteresis and electromagnetism within the FPGA.

It seems that this, and things like Aleksander's WISARD discrete neural nets are being ignored in favour of software based solutions, and yet they were, even in the 80s - 90s, achieving things that software based AI still struggles with.

18
2

Has science gone too far? Now boffins dream of shining gigantic laser pointer into space to get aliens' attention

Alister
Silver badge

Next door neighbours

Imagine how annoying it would be, if a next-door neighbour decided to set up a massive security floodlight in their backyard, pointing at your bedroom window, and let it switch on every time the wind blew the trees about.

You'd be tempted to chuck rocks at it, or something, wouldn't you?

5
1

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

Alister
Silver badge

Re: Astrology??!!

He was also a noted alchemist, so quite possibly an astrologist as well

19
0

Roscosmos: An assembly error doomed our Soyuz, but we promise it won't happen again

Alister
Silver badge

@boltar

I modded you down, because of your clear assumption that the behaviour of a Russian, (or Ukranian, or wherever) assembly line worker would bear any resemblance to that of the work-shy British factory workers, who had the privileges and comforts of living in the West.

13
2

Now Europe wants a four-million-quid AI-powered lie detector at border checkpoints

Alister
Silver badge

you forgot one.

But that would be sexist...

;)

3
0
Alister
Silver badge

Re: British implementation

Boris, you were set up for that one...

2
0
Alister
Silver badge

@Grunty McPugh

It worries me that you might have both saliva and blood traces in your underpants - not to mention a kidney!

Perhaps a visit to your physician is in order?

:)

5
0
Alister
Silver badge

Re: AI...

so for the UK a tandoori chicken

No, no, no, it's chicken tikka masala, isn't it?

3
0
Alister
Silver badge

fingerprinting, palm vein scanning and face matching

...and the anal probe, fecal sample, urine sample, saliva sample, blood sample, and one of your kidneys...

14
0

'He must be stopped': Missouri candidate's children tell voters he's basically an asshat

Alister
Silver badge

Re: Godwin's Law

It's not often that Godwin's Law shows up so obviously and repeatedly amongst comentards... but dear goodness! Today must be "special".

Did you actually read the article?

Given that Mr West (the subject of the article) is alleged to have said that "Hitler was right" I think it's a bit difficult to avoid, don't you?

5
0
Alister
Silver badge

Re: Can't believe this

so kids hatch revenge plot with fake comments to rubbish off his election chances

You seem to have missed the fact that the Republican party have disowned him because of his views - or perhaps you think he tried grounding them as well?

11
0

Shift-work: Keyboards heaped in a field push North Yorks council's fly-tipping buttons

Alister
Silver badge

Re: Craven District Council

@John Brown

Whoooooosh!

0
0
Alister
Silver badge

Craven District Council

Wouldn't it be funny if the keyboards turned out to be from the Council Offices...

7
0

The Chinese are here: Xiaomi to bring phones to the UK next month

Alister
Silver badge

Re: If this was five years ago...

The best phone I have had. Smooth as butter in the mouth.

Why would you put your phone in your mouth?

15
0

Florida man won't be compelled to reveal iPhone passcode, yet

Alister
Silver badge
Alister
Silver badge

I don't think anyone can be forced to _reveal their password_.

Not in the US, maybe, but in the UK, you most certainly can.

12
0

British Airways: If you're feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims

Alister
Silver badge

“British Airways can confirm that it has had no verified cases of fraud.”

This fucking annoys me, there are hundreds if not thousands of people who have reported fraudulent transactions on their cards after having used them on the BA site during the relevant period.

1
0
Alister
Silver badge

Re: Not third party code

This wasn't due to any third party code. The original breach involved somebody changing BA's own JS code to insert additional functions.

You are wrong. It was the Modernizr third-party script library that was infected. However, BA chose to host a local copy of it on their own domain.

1
0

Forums

Biting the hand that feeds IT © 1998–2018