* Posts by lotus49

224 posts • joined 26 May 2010


McKinsey’s blockchain warning irks crypto hipsters


Blockchain is the new PKI

I used to be a consultant at one of the Big 4 firms and one of my areas of specialism was asymmetric key cryptography, Public Key Infrastructures and Trusted Third Parties. It was a fascinating field. It was technically challenging, which I loved and there was a huge number of potential uses.

Fortunately, I went on to specialise in information security more generally because despite all the hype, PKI never took off in the way that many people (including me) hoped.

The issue with a lot of crypto technology is that the underlying principles are often elegant and reasonably easy to explain as long as you don't get into the maths. The same could not be said for the implementation. Cryptography is often extremely hard to implement in such a way as not to break anything. The implementation details mattered and in the long run, they were very often a major stumbling block when going from a simple POC to a full implementation.

Blockchain looks very similar to PKI from where I'm sitting.

Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges


Re: "Sure, so where does that put let's say Swiss police?"

I saw the word sheeple and automatically knew that whatever the rest of the post contained, it was written by an incoherent extremist nutter so I stopped reading.

IBM bans all removable storage, for all staff, everywhere


Re: Or maybe they just want to spy on the contents of your files

You may not but it is my job to want to know what's in our staff's files (or at least anything they share).

You surely must have heard of the Data Protection Act and the General Data Protection Regulation. Companies are required to implement "appropriate technical and organisational measures". Doing nothing is not an appropriate technical or organisational measure.

The files to which you refer are the property of the company, not the individual. As the person responsible for protecting data belonging to our customers and to our staff, I have every right - both legal and moral - to examine what people share and that is a right I exercise.


Re: Humm, did they forget about Cell phones??

We didn't.

I made sure when we introduced a similar policy that not only is all removable storage (which includes phones) banned from corporate devices, we installed a DLP agent on corporate laptops that blocks certain types of data being copied by any mechanism.

It's not foolproof but it would stop the vast majority of our staff doing anything I don't want them to do.

It's also worth pointing out that simply defeating the control is not sufficient to protect a malefactor. I have personal experience of several instances where controls were in place but were circumvented. In every case the culprit was identified as a result of a forensic investigation.


You have entirely missed the point.

No-one is suggesting that restricting the use of USB sticks will entirely mitigate the risk. I don't know where you work but setting up "a netcat transparent proxy" is something 99.9% of our staff would have no idea how to do. As long as the risk is limited to 0.1% of a company's staff, they have achieved a pretty impressive level of risk reduction.


Re: Trust your staff

I venture to suggest that you are not a CISO.

It's fine to say this in a business that employs 5 people. It makes no sense where I work - we employ well over 100,000 people. I know from personal experience that trusting everyone can backfire. I also know that the ICO does not regard simply trusting one's staff as "appropriate technical and organisational measures".


I am the CISO for a FTSE 100 company and we have had the same policy for more than two years.

If a technically competent person wants to steal data to which they are given any sort of access, they will likely succeed. However, implementing restrictions like this has two big benefits.

Firstly, it forces staff to use a more controllable and auditable approach to data transfer. When our staff share information on Google Drive, for example, they can retain a considerable degree of control over what is done with that data including revoking access and preventing further sharing. My team and also monitor transfers (including examining the content for personal information) and keep a forensic trail. This reduces the risk of mistakes and permits my team and me to examine the circumstances of mistakes.

Secondly, this limits the ability of less technically competent but malicious members of staff to harm our business.

Can I absolutely stop people stealing our data? Probably not. Can I reduce the risk that someone will do something stupid or malicious? I absolutely can and I have. The sky has not fallen in. In fact, no-one really cares.

Are you able to read this headline? Then you're not Julian Assange. His broadband is unplugged


More claptrap from Assange

He has not been exonerated.

The Swedish authorities have stopped chasing him because of an expired time limit. It is absolutely not the case that he has been found not guilty. Giving up is not the same thing as exonerating, as I'm sure he is aware.

1Password won't axe private vaults. It'll choke 'em to death instead


I like the cloud but I like to choose my own

I have been a satisfied customer of 1Password for several years. I am quite happy to store my encrypted credentials in the cloud but not 1Password's cloud. I sync my local vault with another cloud provider that has nothing to do with 1Password.

Well, that escalated quickly: Qualcomm demands iPhone, iPad sales ban in America


It couldn't happen between a nicer pair of companies.

I hope they both lose.

It's time for a long, hard mass debate over sex robots, experts conclude



You need to brush up on your biology. Women do not constitute a race, they are a sex.


Re: Men don't get a say, apparently...

Sucks to be you.


Evolution in action

I'm all in favour of sex robots. They would have the beneficial effect of weeding out the genes of anyone not likeable enough to be able to find someone prepared to have sex with them.

The eternal battle for OpenStack's soul will conclude in three years. Again



"...much of it’s youth..." - ouch.

Come on, Reg. Apostrophes really aren't that hard.

Rhode Island sues HPE for making its DMV even more miserable


Re: Curious

Most of the time I've seen IT projects go spectacularly wrong (and I've seen a few in my time as a Big 4 consultant), they were big ones. I am no project manager but it appears to me that project difficulty grows exponentially with project size.

Government projects are usually big and have the additional drawback of being overseen by the Government.

Virtual reality is actually made of smartphones


Re: Hmm the reality distortion field is strong with this one

I had one of those too and I liked it.

No-one else really did though so you cannot possibly compare something like that, which was a niche gadget for pointy heads like us, not a game changer like the iPhone.

MacBook headphone hell


I loved my last MBP. It was probably the best all round computer I have ever had. It's now dying but the cost of replacing it, particularly after the most recent price hike, is utterly ridiculous. I'd be embarrassed to spend that much and be taken for a sucker.


Re: There is zero need for a 3.5mm to Lightning converter

I recently bought a replacement original cable for a very good pair of Sennheiser headphones that were more than 15 years old.

The cable was grossly overpriced but nothing like as bad as spending another £300.

UK IT consultant subject to insane sex ban order mounts legal challenge


Re: Some women fantasise about being raped

It sounds like you are.

Sex is not about who dominates. Not in the mind of a reasonable man at least.


Re: Welcome to the post-feminist-era new normal

Boo bloody hoo. Cry me a river.



Re: Judges doing the best they can

Did you actually read anything about him? He isn't "kinky" he is dangerous. He has admitted enough that I'd be happy to see him incarcerated for what he has said.

This man will do something terrible sooner or later. I don't care about his freedom. People here are sticking up for him like he's some sort of Edward Snowden character. He isn't.


Re: "He was found not guilty, therefore he is innocent"

"People like who?"

How about people who admit that they are only sexually aroused when their partner (victim?) is scared, that's who. He has effectively admitted to being a dangerous and deviant individual so bollocks to his freedom. I don't know how many of the commentards here have a daughter (very few I'd guess) but I'd be interested to know whether those of you who do would be happy for her to be exposed to a man like this. Those of you who don't and are men are expressing a view on something that will never affect you.

A court of law is not the only way to establish whether someone is a danger to society.

Emacs and Vim both release first new updates in years


Re: An interesting game of catch-up?

Everything has been in Emacs for a quarter of a century. That's the problem with it.

I don't want everything. I just want a text editor so it's vi all the way.

Shock: Apple patents the phone book


What's the point?

Why would anyone want several data plans?

My phone (and presumably just about every recent Apple or Android phone) works very well as a wireless hotspot. Out of curiosity, I just got my phone out of my pocket and turned on the hotspot. It took me the grand total of 4 seconds. Why would I want dedicated hardware in my laptop?

I just returned from a family holiday in the UK where everyone used my phone for data while we were staying in the cottage and driving about. We got through > 20GB without a word of complaint from anyone and believe me, my children complain within approximately 1.5 seconds if there is any wifilessness.

This looks like a solution to a problem that we no longer have.

Encyclopedia Dramatica user hit with £10k damages after calling ex-councillor a 'paedo'


Re: Smith

I'll tell you what, why don't you publish your real name and invite the sage users of ED to do the same to you and show us how you can just laugh it off.

I'm sick of pathetic lowlifes thinking they can be as obnoxious as they like simply because it's the internet. The more of these arseholes that get locked up or face large fines, the better.

Chrome OS is not dead, insists Google veep in charge of Chrome OS


Chrome OS would be missed (at least by me)

My employer (FTSE 100 for which I am the CISO) is likely to roll out Google Desktop (particularly email, calendar, Drive) in the near future so I have been evaluating Chrome OS as part of the future road map.

It takes a bit of getting used to but Chrome OS has some real advantages in terms of OS verification at boot and simple management. I would be very disappointed if it were to be killed off.

Chrome OS use has ramped up slowly but it fits neatly with Google's cloudy strategy. Being able to run Android programs would be useful but killing it off entirely would be a shame.

New Nexus 5X, 6P smarties: Google draws a line in the sand


Re: These are not the droids I'm looking for...

This works but it has a very big drawback compared to an SD card in that you have a large cable sticking out of the bottom of your phone which, if knocked hard, may completely break your phone.

I bought a Nexus 6 despite the lack of an SD card slot. It's less of a shag than I expected but it's still a shag. 64GB isn't that much these days and I too have a very large music collection (a lot more than 64GB). I miss the SD card slot on my previous Galaxy S4.

Ubuntu 15.10: More kitten than beast – but beware the claws


Ubuntu scroll bars are terrible

I am considerably older than GUIs and I'm struggling to think of a UI feature that I have detested as much as the disappearing scroll bars. Who, in God's name, thought that it was a good idea hiding important GUI elements such that careful hovering in exactly the right place was required to reveal them.

When the article said that the scroll bars had changed, I foolishly hoped that they had gone back to being usable. Canonical, get your act together.

FATTIES have most SUCCESS with opposite SEX! Have some pies and SCORE


One sexual relationship in 32 years

I've only had one sexual relationship in the last 32 years (I should point out that it has lasted 32 years - it wasn't a one night stand 32 years ago) and I have to say that I would regard that as a success. I also sit firmly in the middle of the BMI chart despite being tall.

One thing that this research does show is that being plump, while it may or may not result in short relationships, does not result in no relationships. However, in a country where almost everyone is overweight, people don't have much choice other than go thirsty.

It's alive! Farmer hides neglected, dust-clogged server between walls


A UK financial institution...

...I did some work for as a consultant had a similar experience. There was a server running OS/2 (this was a few years ago but even then it was old) but no-one knew where it was. It ran a really specialised piece of software that had performed its function perfectly for years so it was left to its own devices.

Eventually we decided to find it for DR purposes and we had to work out which ethernet cable belonged to it and follow it back. This server was also in a wall void although it wasn't very dusty so it wasn't too filthy. We moved it and shortly afterwards, it was replaced. I wish we'd left it where it was and it could have been a sort of computing time capsule.

Hello? HELLO? Major Skype outage hits folk WORLDWIDE


Re: Repeat after me

Clearly services that aren't cloud based never go down, which makes them so much better.

If all the services I use were as reliable as Skype has been over the years I've used it, I'd be pretty pleased.


It's a bloody disgrace

They give me something for nothing that has worked pretty well for years and then gets a bit flaky for a few hours.

It's outrageous. I expect 100% availability for a service if I've paid £0 for it. If they don't buck their ideas up, I'll take my £0 elsewhere.

The most tragic thing about the Ashley Madison hack? It was really 1% actual women


Re: Paying money to cheat on your wife

Men signed up and paid money in the hope of cheating on their wives. At least at a knocking shop men actually got what they paid for. Ashley Madison appears to be no more than a fraud perpetrated against men who were too sad and unattractive even to have an a successful relationship with their wives much less another woman.

OnePlus phone fanbois flock for a shiny phondle


Not going to jump through hoops

I had been intending to buy a OnePlus One so I joined the forum (and the queue for invitations) and waited. And waited...

Eventually they sent me an invitation but because I didn't see the email for more than 24 hours, it was too late (they were only valid for 24 hours). At that point, I decided that any company that could bollock up something this badly was not to be trusted to provide reliable support so I fell into the arms of Google and I now own a Nexus 6.

The OPO was a well specced phone for the price and I dare say that the OPT will be as well but I don't trust a company that is prepared to piss so many people off.

Even a broken watch is right twice a day: Not an un-charged Apple Watch


Re: Odd

I haven't worn a watch since I was seven. As a consequence, I am very good at estimating the time. It's unusual for me to be more than 5 minutes out and I can usually guess more accurately than that. I use my phone more often than I need to tell the time so having the time on my wrist is absolutely no use to me.

Man the HARPOONS: YOU can EASILY SLAY ad-scumware Superfish


I bought my son a Lenovo laptop about 9 months ago. It took me at least two hours to clean up all the adware/spyware/malware it came with. I blamed Curry's (amazingly it was the cheapest place) for it. It now appears that it was all Lenovo's fault.

Fortunately, I am paranoid so I inspected all the software and certs I could find to see what it was and removed everything I wasn't familiar with (which was pretty much all the 3rd party software)but some of it was very difficult to remove and would probably have been beyond the ability of the average user.

I am not impressed.


Re: Ain't that a kick in the head

Chutzpah is a Yiddish word that means barefaced cheek (a classic example is the man who murdered his parents and then threw himself at the mercy of the court because he was an orphan). You cannot wear a chutzpah.

I suspect you may have mean the skull cap known as the kippah in Hebrew or yarmulke in Yiddish.

$10,000 Ethernet cable promises BONKERS MP3 audio experience


Re: Speed of electrons

I used to know someone who really talked like this. He has plenty of money so £10k on a pair of speaker cables wasn't that big a deal to him. I pointed out that measuring equipment was not able to discern any difference between his solid silver interconnects and £50 copper cables. He did indeed resort to the audiophile nonsense of talking about "warmth", which, according to him, couldn't be measured. He genuinely believed that there was a difference so, to him, the £10k was worth it.

Clearly, he was a fuckwit of the first order but he really thought his money was well-spent. Truly, high end (i.e. high price) audio equipment is the alchemy de nos jours.

Samsung to boot out Shin after Galaxy S5 tanks – report


Re: It's not just bloatware. Samsung forgot that we have a choice...

That was Google's fault not Samsung's. Google doesn't want users to use an SD card instead of going all cloudy. Google disabled that functionality and it's easy enough to restore if you are rooted.


Re: Good hardware... but

You can root it if you don't mind it tripping the Knox efuse.

I have an S4 that's almost out of contract. It's a great phone and I was able to root it before they rolled out the Knox-enabled firmware but I shan't be buying any more Samsung phone for this very reason.

My next phone in a month's time, will be a Nexus 6.

Notebook news: Dell does density, but Lenovo's a lot lighter


Glossy screens

I like them but then I live in Yorkshire where the sun doesn't shine all that brightly, particularly not indoors where I tend to use a laptop.

When I start using a laptop on a Californian beach, I shall start worrying about glare but I suspect that day is a long way off.


Re: Ummmm .... RAM?

You should stop using Internet Explorer then.

Coincidentally, I checked the amount of free memory on my laptop about five minutes before reading this and I had 3GB free out of the 8GB on my laptop running Ubuntu and Firefox (and Minecraft at the minute).


Re: Ye Olde Weights and Measures

That is indeed the case.

I'm 52 and I remember decimalisation but I was never taught the imperial units which are one of the most idiotic and inelegant things that I have come across in those 52 years.

When androids dream of baseball fields


Re: baseball/base ball vs rounders

Despite American claims that baseball is a uniquely American invention, it isn't.

Cricket, rounders and baseball are very closely related games. One curious fact is that the first international baseball game played between Great Britain (as it was at the time) and the US was won by the British but the first cricket game between the two was won by the US.

I know a lot of people outside the US, particularly in England, like to criticise baseball, but I love baseball and cricket and I think any cricket fan who took the time to understand baseball would enjoy it too.


Re: Pointless?

You missed one of the two key skills of baseball players. Yes, they need to spit but they also need to scratch their balls.

Are you a gun owner? Let us in OR ELSE, say Blighty's top cops


Re: @Gazthejourno

"... that has never stopped the criminals from getting them and using them."

This simply isn't true. Gun crime is extremely low in the UK. Far lower than in the US. This is largely because guns are difficult to get hold of and being caught in possession of one means a guaranteed prison stay. It is clearly not impossible to get hold of a gun in the UK ir you are prepared to run a huge risk but the fact is that the firearms-related death rate in the US is about 40 times that in the UK. A coincidence? I think not.


Re: Half cocked

I don't know where you live but owning a gun has never been normal in the UK.

I grew up in the Yorkshire countryside and there were certainly quite a few people who owned shotguns but they were never anywhere near the majority. It was almost entirely farmers and the landed gentry. In town, only a tiny proportion of people in the UK have ever owned a gun. Long may that be so.


You believe wrongly. Can you justify that fairly outrageous claim?


Re: Oh, we have a full on, media driven, breakdown in the rule of law

There are no and should be no "gun rights". What sort of a society is it that puts owning deadly weapons on a par with the right to liberty, free speech or a fair trial?

It is also worth pointing out that there is no breakdown of law and order here or in the US and nor will there be in the foreseeable future. Right wingers are paranoid and afraid and think that society is about to collapse any minute. They are wrong, it isn't. There is no need to protect oneself with a gun and the statistical evidence (of which there is a vast amount) shows clearly that people who own guns are more likely to die a gun-related death than those who do not - so much for protection.

Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?


Re: 16GB

I have > 100GB of music on my MacBook Pro. I'd really like to be able to sync the lot with my phone but I can't because it has 16GB of internal memory and a 64GB SD card. If I added in a few big apps, videos and photographs, it really wouldn't be hard to get to 128GB. 16GB is much much too small.


Biting the hand that feeds IT © 1998–2019