* Posts by Alister

3335 posts • joined 19 May 2010

Laptop search unravels scheme to fake death for insurance cash

Alister Silver badge

Re: "nice prosumer Canon camera."

But who was the unidentified body?

Yes I thought that - surely it must be some sort of crime to obtain a dead body in the first place, even in Moldova

Pasta-covered cat leads to kid night operator taking apart the mainframe

Alister Silver badge

Re: Got to love undocumented fixes

how did it get to the point of having the printer stripped to components (i.e. who authorised it?)

Initiative - not always the right thing...

Bordeaux-no! Wine guzzling at UK.gov events rises 20%

Alister Silver badge

so you might say there's been something of a Cabernet reshuffle.

You should burn in hell for that...

:)

Analogue radio is the tech that just won't die

Alister Silver badge

It's not so much the audio quality that bothers me, it's the inconsistent signal.

Using a DAB radio at a friend's house, which is situated on top of a hill, with line of sight to the nearest transmitter, we still get regular signal dropouts. I would imagine it's unusable in a car round here.

Is this push for DAB just so they can sell off the radio spectrum, or is there actually a sound technological reason to use it?

Black Friday? Yes, tech vendors might be feeling a bit glum looking at numbers for the UK

Alister Silver badge

It's worse than Christmas...

So my understanding is that Black Friday originated in the US as the day after Thanksgiving - essentially their equivalent of Boxing Day.

However, here in Blighty, retailers have tried to co-opt this as yet another sales opportunity.

Only as usual, they can't leave well alone, and what started as a single day of sales, has somehow morphed into Black Friday Week, and then Black Friday Month.

Is it any wonder then that the public, in general, have gone MEH!

Behold, the world's most popular programming language – and it is...wait, er, YAML?!?

Alister Silver badge
Windows

Re: Yet another

2001 is recent? Nearly two decades ago?

Oh my, is it really? It only seems like five minutes ago that 2001 was the bright shiny future we were all looking forward to.

The icon is for grumpy old bastard...

Alister Silver badge

Re: until very recently

@PerlyKing

Dear gods is it that old?

I was just looking at it only the other day thinking "stupid new-fangled rubbish"...

Now I really feel old and grumpy.

:(

Alister Silver badge

Re: Miss the point much?

@PerlyKing

Just because yaml.org have tried to rewrite history doesn't make it true.

When it was first introduced, YAML was indeed Yet Another Markup Language, and not the pretentious self referential bollocks they are now claiming in an effort to make it a look like legitimate programming language.

Alister Silver badge

The world's most popular programming language, according to devops biz Datree.io at least, it not Java, JavaScript, nor Python. Rather, it's YAML

<Cough> Bollocks </cough>

Oh, I'm sorry, did I type that out loud?

Big Falcon Namechange for Musk's rocket: BFR becomes Starship

Alister Silver badge

Re: Starship

If he'd stuck with names from Ian Banks novels, he could have had: "Prosthetic Conscience" or "So Much For Subtlety" either of which sum up Mr Musk, I thought.

Vision Direct 'fesses up to hack that exposed customer names, payment cards

Alister Silver badge

Having a good score on securityheaders.io does not mean your system is secure (e.g. unpatched CVEs, insecure server config, etc) but having a bad score does tend to indicate that the devs are probably not paying attention to best practices

That's nonsense, it simply means that the devs haven't implemented all the headers that Scott feels should be there - two of which, by the way are still very much experimental, but he still marks you down for.

You might notice that www.google.com only scores a "C" on Scott's site, but that doesn't mean they are shoddy or third rate, it just means they've chosen not to implement CSPs etc.

if they haven't bothered to set CSPs or the HSTS header (on an e-commerce site which should be all-HTTPS all-the-time)

The HSTS header serves no useful purpose if your site / server only responds on HTTPS, and has no HTTP bindings.

As for Content Security Policies, they are fine if you control all of the content appearing on the site.

However in practice, if the site is hosted by one company, on behalf of the client (in this case Vision Direct) and the client regularly employs SEO consultants who change their minds every 3 months, or the client wants to generate Ad revenue, then you end up with a site full of javascript from multiple domains, none of which you have control over.

It becomes impossible to create CSPs that don't inadvertently break one or other tag manager, tracking pixel or whatever.

I'm not advocating that this is right or proper, but it is the reality of hosting e-commerce sites on behalf of third parties.

It would be great if we could dictate to clients that they must only use content providers we approve, or not use third-party script etc, but we wouldn't have a business for very long if we did that.

Alister Silver badge

As always with PCI, if there are compensatory controls in place and documented, then it can be PCI compliant.

One of our environments has to still support TLS1.0, because a high percentage of the clients connect using it, and we have no control over the clients.

That's why I said it would be a business decision. If turning off TLS1.0 breaks your site for 40% of it's users, then you don't do it. It is entered on the risk register, and the QSA will sign it off.

Alister Silver badge

however they had completely inadequate security against an attack like this and were not following PCI best (required?) practice.

That's rather a large assumption to make based on Scott Helms' IO headers site, which is mostly bollocks.

If you use htbridge.com or ssllabs.com then the site scores an "A" in both cases, and if you look at visiondirect.co.uk it scores "A+" even though it still supports TLS1.0 - which is probably a commercial decision.

Alister Silver badge

Should have gone to SpecSavers

Well someone had to say it...

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

Alister Silver badge

Re: Just use Tor.

There are many cases where hostile sites block Tor exit nodes

That's probably because a high percentage of the traffic coming from Tor exit nodes is malicious.

Britain may not be able to fend off a determined cyber-attack, MPs warn

Alister Silver badge

They wouldn't have to invest so heavily in "cyber" security if they hadn't systematically pushed the utility companies into using the Internet for their critical infrastructure.

Time was when electricity, gas, water, railways, nuclear etc, etc used private circuits to do all their internal telemetry and monitoring over, and you would have had to work quite hard to break into them.

Finally a platform for train puns: IBM Halt station derailed

Alister Silver badge

There's some great place names in that song.

"At Chorlton-cum-Hardy or Chester-le-Street"

Alister Silver badge

@ Ian Johnston

Well going by that list, most of Wales and the Highlands of Scotland should have their rail services discontinued as well...

Shhhh, don't give them ideas!

Alister Silver badge

So it will no longer be IBM's Platform-as-a-Service...

Where to implant my employee microchip? I have the ideal location

Alister Silver badge

Re: 'One day he'll give up and take a dump on my pillow instead'

Blimey! Are you Pterry re-incarnate?

I've never seen so many footnotes. (No, not even on AFP).

Court doc typo 'reveals' Julian Assange may have been charged in US

Alister Silver badge

That's unfortunate, it gives the whinging twat the opportunity for lots of "I told you so" smugness.

I was hoping he would just whither away in obscurity.

Creepy or super creepy? That is the question Mozilla's throwing at IoT Christmas pressies

Alister Silver badge

Re: Rotate the Pod Door, HAL

I'm sorry Dave, but the Pod door cannot rotate. I can open the Pod Bay door for you, or rotate the Pod for you, which would you prefer?

Japanese cyber security minister 'doesn't know what a USB stick is'

Alister Silver badge

A prime example: Michael Gove.

He's been, successively, Sec State for Education, Sec State for Justice, Sec State for Environment, Food and Rural Affairs, and now they want to make him Sec State for Brexit.

I doubt that he has any expertise in any of those diverse subjects.

Alister Silver badge

Re: That's nothing

"There's desktop engineers still walking about that couldn't tell you what USB stands for."

Useful Sticky-in Bit

Openreach v Ofcom dark fibre legal bill bounced back to Competition Appeal Tribunal

Alister Silver badge

such a pawltry amount

NIce! a cross between poultry and paltry. maybe?

That Old Time 2018 IT songbook: Verity, Verity - give us your lyrics, do! We're half crazy, all for the love of you

Alister Silver badge
Thumb Up

Re: Yay! Stob!

@Geoffrey W

You're absolutely right, I missed the September one. Thanks!

Alister Silver badge

Yay! Stob!

Far too long since the last one, but thank you, it was worth waiting for.

Now wandering round the office singing:

"Six foot, seven foot, eight foot BUNCH! Daylight come and me wan' go home"

RIP Dave Neal.

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

Alister Silver badge
Thumb Up

Re: No way ready!

Dammit Lee, stop writing things I agree with...

;)

Microsoft lobs Windows 10, Server Oct 2018 update at world (minus file-nuking 'feature') after actually doing some testing

Alister Silver badge

PCI compliance

We got marked down the other day for some of our Server 2016 instances, as they hadn't got the latest patch applied - fuckwits.

You can't win, can you. You either roll-out patches immediately, and risk being an unwitting beta-tester, but be compliant, or you wait, and test, and wait for Microsoft to fix it, and then get called out for being cautious.

Gaaaaaah!

Rocket Labs mean business, Brits stick pin in Mars map, and Japan celebrates HTV-7’s dive into the atmosphere

Alister Silver badge

Re: Ooh err missus--

Bloody stupid computer autocorrect that doesn't recognise the word ether.

AI - yeah, right...

Bloke jailed for trying to blow up UK crypto-cash biz after it failed to reset his account password

Alister Silver badge

Re: Counter Terrorism Command?

@jake

Every major city that I am aware of (and quite a few minor ones!) has had a Bomb Squad a lot longer than the current fad of calling anybody who sneezes at the wrong time a "terrorist" has existed.

That may be the case in the US, but it's not in the UK.

Most bomb disposal teams are provided by the armed forces. Individual Police services are unlikely to have EOD abilities, with the exception maybe of the Met.

Alister Silver badge

Re: Counter Terrorism Command?

I would suppose that the necessary skills for dealing with bomb attacks fall most easily under the counter terrorism umbrella, rather than any other branch of the law enforcement services.

Junior dev decides to clear space for brewing boss, doesn't know what 'LDF' is, sooo...

Alister Silver badge

Shrink an LDF file?

Back when I was less old, and less bitter and twisted, I remember asking the boss how to shrink an LDF file on an older version of MS SQL.

His response was that I should stop the server instance and delete the LDF file, then restart the service, and it should create a new smaller one...

So I did...

Good thing I copied the LDF file to another location, 'cos when I tried restarting the service it wouldn't come back up, and it definitely didn't create a new fresh transaction log like he said it would!

My hoard of obsolete hardware might be useful… one day

Alister Silver badge

@Kubla Cant,

I agree, if it were me I'd have done it in the living room :)

There was a very nice little winch and a big RSJ in the roof over the loft hatch. He'd obviously planned it carefully...

But that said, he still would have had to lug the engine, and all the tools, up the stairs.

Alister Silver badge

My wife's uncle died earlier this year, and the family gathered round to undertake the task of clearing his house (he lived alone). He was a motor mechanic, who at various times had worked for a number of race and rally teams.

The house was as you might expect from a long-term batchelor, with car magazines piled up in stacks in the living room, new forms of life growing in the kitchen, and take-away food containers and pizza boxes much in evidence.

Upstairs (in a three-bedroom house) one bedroom was in use, the other two were full of all sorts of junk, masses of broken car parts: old batteries, cylinder heads, carburettors, you name it, it was there, covered in oil or rust or worse.

Climb up into the loft, and it was a different world!

A clinically clean, white painted room, with work benches round the walls, racks and racks of tools all carefully placed in order of size, and various bench tools - small lathe, grinder, pillar drill etc, all immaculately clean, and in the center of the floor, on a stand, a Ford Cosworth V6 engine in the process of being rebuilt.

We were at a loss with what to do with it all - we certainly couldn't just let a house-clearance gang touch that lot!

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

Alister Silver badge

@mark jacobs

You seem to have a misunderstanding of the "breach".

Thieves used valid usernames and passwords leaked from other sites, not from the HSBC site, so whether HSBC salted their hashes or used HTTPS is irrelevant.

Alister Silver badge

I don't know about the US HSBC Online Banking site, but for the UK one you have to use a unique numeric ID, a passphrase, and an electronic pin generator to access your account. It would therefore be unlikely in the extreme that you could use the same credentials anywhere else.

'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

Alister Silver badge

the charge of "Damage to a Protected Computer"

Really?

DDoS is "damage" now, is it?

Mything the point: The AI renaissance is simply expensive hardware and PR thrown at an old idea

Alister Silver badge

Re: at Last

I would love to hear a comment on the state of the game from an actual AI researcher

Um: Andrew Fentem has worked in human-computer interaction research and hardware development for over 30 years

Not good enough for you?

Alister Silver badge

Thank you!

Thank you for a reasoned, common sense article on the realities of AI.

And thank you particularly for reminding me about Thompson's designer, I too remember reading about it in the 90s, and being fascinated that the circuit evolved to use properties of hysteresis and electromagnetism within the FPGA.

It seems that this, and things like Aleksander's WISARD discrete neural nets are being ignored in favour of software based solutions, and yet they were, even in the 80s - 90s, achieving things that software based AI still struggles with.

Has science gone too far? Now boffins dream of shining gigantic laser pointer into space to get aliens' attention

Alister Silver badge

Next door neighbours

Imagine how annoying it would be, if a next-door neighbour decided to set up a massive security floodlight in their backyard, pointing at your bedroom window, and let it switch on every time the wind blew the trees about.

You'd be tempted to chuck rocks at it, or something, wouldn't you?

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

Alister Silver badge

Re: Astrology??!!

He was also a noted alchemist, so quite possibly an astrologist as well

Roscosmos: An assembly error doomed our Soyuz, but we promise it won't happen again

Alister Silver badge

@boltar

I modded you down, because of your clear assumption that the behaviour of a Russian, (or Ukranian, or wherever) assembly line worker would bear any resemblance to that of the work-shy British factory workers, who had the privileges and comforts of living in the West.

Now Europe wants a four-million-quid AI-powered lie detector at border checkpoints

Alister Silver badge

you forgot one.

But that would be sexist...

;)

Alister Silver badge

Re: British implementation

Boris, you were set up for that one...

Alister Silver badge

@Grunty McPugh

It worries me that you might have both saliva and blood traces in your underpants - not to mention a kidney!

Perhaps a visit to your physician is in order?

:)

Alister Silver badge

Re: AI...

so for the UK a tandoori chicken

No, no, no, it's chicken tikka masala, isn't it?

Alister Silver badge

fingerprinting, palm vein scanning and face matching

...and the anal probe, fecal sample, urine sample, saliva sample, blood sample, and one of your kidneys...

'He must be stopped': Missouri candidate's children tell voters he's basically an asshat

Alister Silver badge

Re: Godwin's Law

It's not often that Godwin's Law shows up so obviously and repeatedly amongst comentards... but dear goodness! Today must be "special".

Did you actually read the article?

Given that Mr West (the subject of the article) is alleged to have said that "Hitler was right" I think it's a bit difficult to avoid, don't you?

Alister Silver badge

Re: Can't believe this

so kids hatch revenge plot with fake comments to rubbish off his election chances

You seem to have missed the fact that the Republican party have disowned him because of his views - or perhaps you think he tried grounding them as well?

Biting the hand that feeds IT © 1998–2019