* Posts by Lee D

1930 posts • joined 14 Feb 2013

Ah, good ol' Windows update cycles... Wait, before anything else, check your hardware

Lee D
Silver badge

Because nobody has ever proved that Windows 10 transmits anything more than already transmitted by all the previous modern versions of Windows.

Literally, it was a Reddit article that got over-hyped, and turned out to be the same Windows "Customer Improvement Program" as has been in there since about Vista. And turn-off-able using group policy if you're paranoid.

Data protection compliance is therefore no different to how it's been for the last 10-15 years, or have you only just read the EULA?

5
18

UK data watchdog swots automated marketing call pest with £260k fine

Lee D
Silver badge

1.5p per call.

I bet they paid BT more.

9
0

From the Dept of the Bleedin' Obvious... yes, drones hurt when they hit you in the head

Lee D
Silver badge

Coming next - some idiot straps an ultra powerful laser to a drone and blinds pilots with it until they crash into it.

This started as a joke, but actually I can genuinely foresee some prat doing that.

7
0
Lee D
Silver badge

Currently, they're tied up with research being conducted at the Vatican.

13
0

You've been baffled by its smart thermostat. Now strap in for Nest's IoT doorbell, alarm gear

Lee D
Silver badge

"I'm happy to deal with Google. They've done some great stuff. Just don't ask me to trust them."

Exactly. Just because I use a service, use it every day, doesn't mean I would rely on it.

4
0

Behold iOS 11, an entirely new computer platform from Apple

Lee D
Silver badge

Re: Optional

So long as you don't blame the IT guys, your criticism of school admin processes is pretty accurate.

Currently I have parents asking why I have four different systems for booking different things. It would be rude to respond "Do you know how many I have internally?". Someone goes on a course, sees a thing, another school says they have it, suddenly we HAVE to have it, we get it, realise it's the same as a module in the thing we have that we already pay a fortune for, half-ass an implementation to get it to talk to the same databases (just don't even go there), roll it out, give the parents YAFP (yet another flapping password), and then have to deal with all the differences, implementation, servers, licences, ways of working, data differences ("Oh, you want to opt-out from everything... let me just remove you manually from 20+ databases and hope the teachers didn't save your details").

We've heard of database sync. Shame most of the vendors we're forced to use haven't. I currently have... 1, 2, ,3, 4... at least 5 copies of our primary kids+adults database information in various services (everything from Google Education to an alumni software), not to mention all the little bits, assessment programs, website logins for outside services, etc. etc. etc. Of course, they all sync seamlessly and never have a difference of opinion on what's an acceptable password, email, address field (just address, or housename as a separate field, or house number, or is postcode included, does it need a town or not?), etc. and with the exception of Google, no decent import/conversion/sync routines to match them all up whatsoever. Oh, and sometimes data-import/conversion charges every time you want to actually suck in automatically more than the handful of data you could do manually.

Don't even get me started on the people who "opt-out" of communications and then complain they aren't getting the newsletters any more...

3
0

Bill Gates says he'd do CTRL-ALT-DEL with one key if given the chance to go back through time

Lee D
Silver badge

The point of Ctrl-Alt-Del was that it generated a hardware interrupt so it couldn't be faked or ignored, and someone had to be at the computer to issue it.

Nowadays... well, that's just not true. You can "send" Ctrl-Alt-Delete to a machine in a variety of ways. In fact you need to or you can't log in remotely properly. Even things like on-screen keyboards can send it.

As such STILL USING Ctrl-Alt-Delete is the mistake, not using it back then. It literally serves no useful purpose and makes it more difficult for people to use the machine if they have any unusual requirements (e.g. specialist keyboards, OSK's, voice-control, etc.) or work remotely.

For a long time, Ctrl-Alt-Delete has been useless. Before that, it was a very silly combination (the first "pseudo-DOS/non-DOS" Windows versions used it for logon, but the DOS just before that would send a soft-reboot command when you pressed it - without confirmation! So it was like saying "don't worry, just type FORMAT C: to log on"). Back in the DOS days it actually served a useful purpose in that it was pretty much uncatchable so when something went wrong and you had to get out, and things like Ctrl-Break didn't respond, then Ctrl-Alt-Delete would let you take control of the machine again (not nice, but generally worked and much more hardware-friendly than power-off).

It was a poor choice not because it took three fingers. It was a poor choice because it was a complete change of context of a well-known command to perform an action only possible at the physical machine itself that overrode just about everything else that was then turned into a "Click here to send Ctrl-Alt-Delete" thus defeating its entire purpose. I don't think IBM is to blame here (nobody wants their machine to reboot just because you hit the interrupt key, which is what would have happened in DOS, so a multi-key combination that was difficult to do accidentally was safest).

What I blame them both for is NOT having a "PASSWORD MODE" on the keyboard. A physical, un-overrideable switch that puts the computer into a special mode outside OS control where you can then type in a password without possibility of software eavesdropping your keypresses, then you switch back to "normal" mode and carry on typing. Basically a UAC that was hardware-enforced and stopped people typing their passwords into website, random programs, getting their context switched on their mid-way, software keyloggers, and provided an obvious, secure and unfakeable place where it was safe to type passwords (Literally turn the keyboard red while the switch is flicked). We have junk like SysRq, two Windows keys, Scroll Lock / Pause / Break - which all served a purpose once -, etc. but not a secure way to type in something that we're ALWAYS needed to have a complete mode switch to type in securely.

8
3

AI slurps, learns millions of passwords to work out which ones you may use next

Lee D
Silver badge

Re: Feed this

Why would you ever let someone watch you type a password?

That's got NOTHING to do with the complexity.

I guarantee you that if you type on a keyboard in my field of vision, I can get the majority of your password instantaneously, sometimes before you can press Enter at the end, just by the sight of the motion of your fingers.

I don't even care what the characters you hit were, or if the keyboard is foreign language, I can see the pattern you typed, including modifier keys. Everything from cybercafes in Europe to people on front-desks at hotels, to my own users who then say "Would you like me to write down my password?"... no thanks, I've just got it. To be honest, I have passwords myself that I don't even know what they are unless I type them out on a keyboard, so weird characters and foreign layouts wouldn't hinder me at all.

Don't type passwords in front of people, ask them to look away or move to a token system if you absolutely can't avoid it. That's got nothing to do and you're not protected AT ALL by the complexity of your password in that case (only by the sight skills of someone watching).

P.S. It's a pain. Because I can tell you that 99.9999% of all actors NEVER TYPE what they are claiming to type. Even when it's not obviously home-row scatterings to "look good".

6
2
Lee D
Silver badge

Re: Feed this

Length of password.

Everything else is a nonsense.

All the special characters in the world just make your password harder to remember, harder to type (especially on a mobile device). And it's not as effective as just adding another character to the end of your existing, normal, boring password.

(number of characters available in alphabet) ^ (length of password)

The latter grows the complexity of a password FAR quicker than the former.

An 8-character, all-ASCII password would be 256^8

It's beaten by an alphanumeric (A-Z, a-z, 0-9) password of length 11: 62^11 (three times as large a number).

And nobody can use/type most of the ASCII character set anyway.

15
0
Lee D
Silver badge

People already know it's pointless.

GCHQ and NIST advice is to NOT force people to change passwords regularly. It's counter-productive.

Anyone who keeps up with industry best practice knows this. When was the last time your bank forced you to change your password / PIN?

Don't force password changes. Just make sure you can detect and limit brute-force attacks, and discourage particularly weak passwords in the first place.

27
0

Compsci degrees aren't returning on investment for coders – research

Lee D
Silver badge

Re: More!

I believe it's not a new idea to both study and earn money simultaneously.

"Gaining experience" is a problem only for really-blinkered HR departments who don't consider 3 years of intensive, controlled, assessed, study at a registered university as "experience". To be honest, in my experience, having a degree and less years of experience pays more and gets more jobs (and gets them easier) than all the people without a degree but "years of experience". In fact, it often costs those other people their jobs when I turn up and say "Why the hell are you still doing that?"

A degree proves that people can learn, learn fast, learn complicated things, learn boring things, learn things that they don't necessarily have any interest in at all, and then retain them. That's a skill that cannot be assessed in the workplace easily. It barely matters what subject they studied either.

I've known people who've been "in industry for decades" who actually don't have the first clue about what they're doing. It's generally those people who don't WANT to learn. I've been in IT for nearly 20 years and observed that people with that experience or more without the benefit of a degree are very prescriptive in their processes and systems and unwilling to change and unaware of what's possible, and inflexible and unable to do research and change their ways of working to reflect new practices.

It's a generalisation, yes, but it's certainly present.

In terms of career progression, I've never been hindered by my three years "out". In fact, at least two job interviews have explicitly flagged it as an advantage over other contractors / employees / candidates. Even over candidates with industry certifications coming out of their ears (I've actually run into MANY places that hate industry certifications after having relied on them with new staff only to discover they weren't suitable at all - note: I have no industry certifications, just my degree).

Am I a genius with a first from Cambridge? About as far from it as is possible, in fact.

Am I applying to high-end jobs at the top end of academia? No, I manage the IT for schools.

Do I earn above the average for people in my position? Yes. In fact, I refuse to unionise because it would mean all kinds of problems, and one London Borough had to create a salary category just for myself at the insistence of a headmaster.

I've met very few people whose degree was worthless to them. And you don't just get a degree "to get a better job". That's about the worst reasoning EVER. If you go into it expecting that, you'll almost certainly be disappointed but not because of the degree, it's the way of thinking "I have a degree, therefore pay me more" is wrong. It's "I can show you that I can do this better, because I can learn how to, here's proof that I can learn" at best.

I've met orders of magnitude more people that regret not having studied when they were going to have it part-financed, when their expenditure and financial obligations were minimal, when they didn't have families, when they could couch-surf to save money without it feeling wrong. Hands up who has taken 3 years out of their career to go back to uni? Now compare to those who went to uni when the natural opportunity presented itself after school instead?

P.S. My degree is in mathematics. I've literally never needed to use the subject. It comes in handy knowing the subject, for everything from binary to programming, path-finding to balancing a department budget. But I've never NEEDED to have use of the subject. That's NOT why you get a degree. And a career in any kind of finance, etc. would be my worst nightmare, I'm afraid. I studied maths because I had a massive interest in it and it came easy, but it's a purely academic pursuit. I work in IT because I have a massive interest in it and it came easy, and can be used to earn me money.

22
7

Behold, says robo-mall-cop maker: Our crime-busting dune buggy packed with spy gear

Lee D
Silver badge

I'm waiting for the first time someone bundles one of these things into the back of a van (presumably GPS-shielded) and then strips it for parts. Even Robocop didn't escape that fate.

More seriously, I honestly wonder about the liability issues. If that thing falls over / drives over someone, then presumably the robot company pays the bill. "We're only paying for their services, we don't own the robot" is indeed the best thing at that point. Their problem, not ours.

It does make me wonder why you can't just hire a guy for less than $60,000 to do the same job, though.

11
0

Google parks old pay-to-play auction in front of European Commission – reports

Lee D
Silver badge

And I still just scroll past all that gumpfh and go to a storefront I trust, or the search results themselves, rather than random ads at the top of the page put there by the highest bidder.

Seriously, if I wanted a camera, I'd try Amazon first. Then camera shops. Then a search for a model of camera. At no point would I click top/side ads on any of those pages/sites.

16
3

IBM packs 120TB into a carry-on bag, for snow-balling cloud uploads

Lee D
Silver badge

Re: The return...

Never underestimate the bandwidth...

11
0

Samsung's Galaxy Note 8 is hot, but not much more than the S8+

Lee D
Silver badge

Re: The single failure with all "Flagship" these phones..

@Anon: Vodafone. All the damn time.

0
0
Lee D
Silver badge

Re: Mathematical notation?

Mathematical notation on anything like this is going to be a nightmare.

I never managed to find a single device useful for this when I was at university, the tolerances and accuracy just aren't there and it makes it slower than just using pen-and-paper. Even 75"+ interactive whiteboards are a struggle.

I still contend - despite being an IT guy for 20 years - that there is no sensible way to record mathematical notation on a machine outside of formal LaTeX-/MathML-like languages (even if done through a GUI), or by hand. There's far too much scope for "did you mean to the power of x, multiplied by x, x-bar, absolute x, x subscript, Chi, etc." with any kind of automated interpretation so that, like voice recognition, you spend half your time going back and correcting things rather than typing them. And that's REALLY not what you want in an equation where one mis-placed or mis-interpreted symbol destroys an entire paper.

And if I was in a lecture taking maths notes or trying to "invent" new maths, I would not want to be hindered by technicalities while the thoughts are flowing and have further x's and Chi's thrown at me.

2
0
Lee D
Silver badge

Re: The single failure with all "Flagship" these phones..

"What use is a Quad HD screen, apart from killing my battery?"

To be honest, I watch movies on my S5 Mini. At night, phone on chest, SD-purchased movie, it looks just fine. When I'm reading web pages, I can't see a single pixel, no matter how hard I try. Whether that's aliasing or just sheer screen res, I don't really care.

At the kinds of distances these things are used, even HD isn't worth the effort (in fact, I save a few quid by only ever buying the SD-version, because I can't tell the difference and because the stream-bandwidth is less if I do that).

Same with quite a lot of the specs nowadays. As you say, the things that matter don't seem to change. I don't care about ultra-thinness. I'll happily have a slab in my pocket if it provides benefit. I don't care about ultra-light-weight. Sometimes it's nice to know the phone is in my pocket and you can't really go mad anyway given the single criteria "phone-sized". I'd rather have a thicker, heavier phone with longer battery, more ports, and more oomph (but not much, because pretty much the phone I have does everything I need at the speed I need it to) than edge-to-edge screens, HD screens, 4K screens, entirely-touch screens,ultra-thin screens, and no way to plug the damn thing into the things I want.

To be honest, even the mini-micro-nano-SIM / mini-micro-nano-SD junk drives me mad. Just give me the big slot and if the card I want to plug in is too small, I'll put an adaptor on it. I can't do that the other way around, plugging a big SIM into a nano-SIM slot.

Oh, and dual, triple, quad SIM while you're there. Gimme a Nokia-style brick, with modern hardware and all the trimmings. Then I'll consider it worth paying more than a couple of hundred quid for.

3
0

Black screen of death after Win10 update? Microsoft blames HP

Lee D
Silver badge

Re: God, Windows is such a mess, and then Microsoft let HP's finest loose on it...

Nope:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications

Looks like HP tampered with / inadvertantly included some .NET framework and Visual C++ runtime settings in their default image, which don't correspond to what's actually installed.

Sure, shouldn't bring things to a crashing halt (MS fault), Windows should be made to look for this on update from now on and forever more (MS fault), but at the same time, HP appear to have tinkered with things that they shouldn't have been tinkering with or not using proper slipstreaming processes to build their images.

10
1
Lee D
Silver badge

Re: Yeah

Are you under the impression that the nature of the registry is fundamentally different?

They are both key-value stores, broken down by a section. Sure, the section is represented by a tree now, but there's nothing stopping a section called:

[HKEY_LOCAL_MACHINE\Whatever]

The same as anything else.

The fact is that the registry is opaque, proprietary, not easily edited, not documented AT ALL in any kind of depth, and the very basis for everything from driver .inf files (cough...) to MSI install scripts (cough...) to group policy templates (nothing more than lists of registry keys with "nice" text).

The problem with the registry is that there is no failsafe, default, rollback, etc. for many things. If you hit the wrong thing, you can stop Windows booting. That's just ludicrous. In some cases there is literally NO CHOICE but to registry-edit to remove things (e.g. stale network printer entries - you think you can do it with command-line tool, print-management, etc.? Think again) but the documentation of what each section - even under Microsoft Windows - even does is completely absent or opaque.

The only advantage of the registry over WIN.INI is per-key permissions. But even that's a misdirection as if you have access to the registry then you're only a short path away from causing havoc anyway, same as you shouldn't ever have let ordinary users edit WIN.INI

To be honest, gconf is basically the same thing on Linux distros, etc. But there's a reason that most config in /etc/ is still in plain-text single files.

There's nothing wrong with having a central registry, as such. It's just entirely misused, completely misorganised, doesn't have effective control/rollback (it just keeps a copy, which is entirely useless), and has never been documented to any significant extent. Things like \Software are pretty much a free-for-all, like My Documents has become.

Personally, I think that each application should have a "registry" for each user that runs it. Get rid of those horrible NTUSER.DAT files in the user profiles. Isolate all the application settings away from things like Windows internals. Isolate one user's settings from everyone else's (without having to dig into user SID's etc.). And if you want to clear someone's, say, Chrome settings, just wipe out Chrome.reg in that user's profile folder.

But, to be honest, I want to move all that stuff into a single file per application too. There's no need for everything to access My Documents, make its own folders, spread into Application Data, add registry entries, etc. etc. etc. When it comes time to remove or find things it's a nightmare. One file, per application, inside a user's profile. You can have one file, in a "computer" location, that overrides that if you want.

The registry is a mess, but not because of it's storage format. Because it's completely unmanaged and undocumented.

39
4

DRM now a formal Web recommendation after protest vote fails

Lee D
Silver badge

Re: Time matters

Flash is dead.

As is Silverlight (even more so).

They have been for quite a while now, over a year since outside-plugins were turned off by Chrome and Firefox, for instance. Flash got a special reprieve for a while but that's gone too.

It'll be a year before everyone is used a browser with this stuff in, and video-slinging sites have upgraded to support them.

This places DRM at the forefront of browser-support, architecture compatibility and security. It's a damn stupid idea. Is the DRM going to be supported on, say, a Raspberry Pi? A Steambox? A Linux laptop? Probably not. So the platform-independence of a modern web browser is abandoned once again so people can watch cats on YouTube and charge people for that microsecond of pop song in the background.

And the web is dead for the most part, in the context of the OP. You can't link to anything any more because it's all tucked behind dynamic menus and fancy tricks that when you copy/paste the URL either don't work, carry a ton of information you don't want to publicise, or just link to the front page only rather than the exact bit you meant. As a "web" it's more like a signpost. "Yeah, it's over there somewhere."

18
5

Mad scientist zaps himself to determine the power of electric eel shocks

Lee D
Silver badge

Rubber gloves.

Is it really that hard?

0
0

Apocalypse now: Ad biz cries foul over Apple's great AI cookie purge

Lee D
Silver badge

Re: Remembering details

Yeah, that's a good idea, so some other program can also store all the passwords encrypted just the same as Chrome etc. do. That makes a big difference.

P.S. if a program has access to your computer such that it can read your browser / password management data files, then it's game over before you start.

To be honest, putting all my passwords in one place, under the control of a problem that can interfere with my browser and/or auto-update from the net is my idea of a security nightmare.

How about have it memorise your username and type your password as required.

3
6

Microsoft Office 365 Exchange issues for users across Europe

Lee D
Silver badge

Re: Obligatory "Office 365" Joke

To be honest, I'm only running a tiny little place here (a prep school) but:

Better than 1 day of downtime a year in the last few years (in fact, I'd say about 48 hours total over those years over 4-5 incidents).

Now I'm not running any number of seriously major services, but I have websites, databases, 100's of people accessing information 24/7, remote desktops, in-house desktops, hundreds of mobile devices, email, etc. etc. etc.

The day of downtime is usually only "the power is going off" (notification from the electricity board) and it's usually a Saturday (so not at all critical).

Achieving decent uptime isn't difficult. GUARANTEEING it is incredibly difficult. I couldn't, at any point, have GUARANTEED we'd be up the next day to any serious extent. The leased lines aren't THAT reliable. The servers might well fall over. I could easily fudge the network config and take things down. Microsoft could de-activate all my servers. There's a range of things outside my reasonable control as just an IT department.

But *achieving* better rates than that isn't difficult. Does that give me place to trash-talk MS? In jest, sure. In all seriousness, no, we're in entirely different businesses with entirely different requirements.

What irks me, though, is companies complaining about 365 Exchange downtime when they don't have any other kind of backup. Is it not possible to have a local Exchange server work in collaboration with the 365 Exchange to ensure you're up even when it's down? Or to failover your MX to the secondary mail for your domain? I thought this was the first lesson in "enterprise IT", no?

Use 365/Azure, by all means. But there's nothing stopping you having backups, alternatives, failovers, secondaries etc. to keep yourself running.

Complaining that your single points of failure are down is really a show that you didn't specify the system well enough to start.

19
2

Microsoft teases web-based Windows Server management console

Lee D
Silver badge

Re: GUI good

Please enable a particular feature for all users within a particular OU that are not contained in their own group and who don't have a mailbox, or find all things created after a certain date that don't begin with the word "OLD".

By the same token, random selection - like manually picking out "those people who are going to work in that building we just built", which involves moving people/computers into OU that didn't exist before - is MUCH easier done on a GUI than a CLI.

Though possible with both, it very much depends how well the interface was written and whether or not it was created with such specifics in mind.

GUI's are good for lots.

CLI's are good for lots.

Choosing one over the other as a global default is usually a mistake and always results in loss of flexibility even if - technically - one could sit there and press buttons / select boxes manually to achieve the same.

2
0

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Lee D
Silver badge

Does it also explain why a database with hundreds of millions of people's details did not have any intrusion detection, query limits, isolation from the front-end web-app, etc.etc.etc.

Even with complete root access to a web-app server, you shouldn't be able to just suck out the entire database without SOMETHING noticing.

15
0

Just how are HMRC’s IT systems going to cope with Brexit?

Lee D
Silver badge

Re: How?

Because licensing costs.

I agree it's probably not the same level of performance. Trust me, I'm no Microsoft fan.

But with virtualised architecture nowadays, there's almost nothing in the way of Microsoft OS staying up long enough to allow you to do this on the same hardware. We're not talking "I put Linux on a PC", we're talking dozens of hypervisors in separate datacentres running hundreds of virtual machines. HyperV - and the High Availability clustering tools in Server 2012/2016 - are more than capable of keeping them all up, moving them around, spinning up new instances and isolating runaway processes inside them.

You want to know how you know that? Office 365. Windows Azure. Just about all the web services running on Microsoft OS.

Please stop parroting the arguments against 80's/90's Windows installs. It makes us look out of date and stupid.

Now... why does CERN and the top supercomputer not run it? Because you can't code it to optimise to get 100% out of it. You can literally alter the OS on Unix/Linux if you so desire. That's why they do it - to get every inch out of machines that are constantly at full load. Customisability. Doing things not envisioned by Microsoft with the OS. Pruning every last unwanted line of code out of it. And not paying per-core for MILLIONS of cores. That's why.

Could you do it on MS? Quite likely. It'll take a performance hit but there's no real reason you couldn't. The problem is more that it's not designed for that. There's things like HPC Server and compute-cluster versions of Windows. They don't make those just to keep them in a box at MS. People use them. And pay for them. They've been in the Top100 supercomputer lists. It's perfectly feasible and viable.

So please, stop that nonsense. Yes, if it were me, there would not be a single copy of Windows running anywhere. But to say it's not capable of the above, where Top100 has requirements LUDICROUSLY above even things like "running a national government database", is a nonsense. It's more than adequate, easy to source, easy to maintain, easy to manage etc. to do the latter task. Otherwise people who make those big-end clusters and racks full of servers would never even support it, let alone actual build, sell and use it.

To be honest, for a HMRC IT system, you could set it up today and get yourself as many 9's as you wanted, so long as you paid the price on hardware and infrastructure, not even so much the software.

9
2
Lee D
Silver badge

Re: How?

No matter what OS you use, you need to restart to update kernel level code (kernel trampoline? Yeah, pretty much still unused / in it's infancy as a revamp), which is why you don't make it run off one machine.

You just put 50 machines on it. Update them at different times, reboot, and services should be ENTIRELY UNAFFECTED. Otherwise you never had any idea how to design a proper nationwide critical service.

13
2

123-Reg customers outraged at automatic .UK domain registration

Lee D
Silver badge

"You can opt-out" is not the same, legally speaking, as "You have opted-in".

I didn't opt-in. Therefore you don't have permission.

And once GPDR comes in, it's even more explicit about this to reflect current case-law in this area.

1
0
Lee D
Silver badge

Re: Unsolicited Goods Act 1971

One time I actually received a parcel from a supplier that I hadn't ordered.

Inside was a ton of random stuff that I had not ordered or had any need for.

I phoned the company. Told them. Phoned them again. Told them. Etc. Recorded details of every call. "Someone will come and pick them up".

They came to collect many months later, and I told them: "Sorry. They're mine now. I sold them."

They argued. At which point I passed over to my barrister-in-training wife who ended the conversation rather quickly after she pointed out the relevant laws.

Basically after (60/90?) days, if you have notified the company of their error, they become your property. So we flogged them on eBay.

But to be honest, I don't WANT the .uk to become my property. I'll don't see how you can force someone to take possession of something, nor how you can do that without their consent just by having an opt-out. "I have a ton of old fridges. They're yours now. Remove them by the end of the week, they're stinking up the place." That's not how it works.

Were I a 123-Reg customer (haven't been since they screwed me over several times when paying customers demanded I use them), I'd fold this into my "pet legal / complaint project" folder. I don't mind sending emails/letters back and forth arguing about the legality of it. And, no, I won't be "opting out". I'd wait until they made it my property and deliberate never click Accept on anything they pushed my way, and then complain my backside off when they claimed it was mine.

Pretty much, it's a nice stress-relieving, intellectual pursuit backed by the satisfaction of pretty much winning every time and costing these companies more money than just leaving me alone or doing what I reasonably asked would have cost them.

3
2
Lee D
Silver badge

Re: Little to do with automatic renewal

I'm going to charge you a million pound next year.

You can just turn it off in the control panel.

Oh, by the way, you'll find out about it from a IT news website.

What's the problem?

Now multiply by EVERY COMPANY YOU DEAL WITH and who has your card details, for EVERY PRODUCT THEY WANT TO PUSH. You going to log into them all? And when you miss one are you going to be to blame?

Or will you just tell them all to f*** off with that tactic because it's actually illegal?

No matter what contract, terms or anything else say, you cannot do this. It's against the law. In fact, under the law, such things could also be fraud / passing off if they involve a trademarked domain.

33
1
Lee D
Silver badge

No problem.

I'm going to* sign up you for every free trial I can find on the Internet that turns into an auto-renew pay for package after a period of time, is that okay?

"Hey, it's only a tenner." is the refuge of those people who took a tenner without permission.

I don't even let people send me an email unsolicited, what makes you think I allow an existing supplier to sign me up with a product I didn't ask for, that's publicly visible, carries my name and/or trademark, will be registered to me as the responsible user, and which will ask for payment at some point (if it doesn't just auto-renew with the base contract, like such things sometimes do) without my explicit consent?

Hey, man, did you like your U2 album?

*P.S. not a threat, you understand, I don't prank people. It's to show my point.

12
0
Lee D
Silver badge

I'm sorry.

Where did they get the data to register the WHOIS for the new .uk domain?

Did they obtain customer consent to use that data for that purpose? Did the customer agree to the terms and conditions of Nominet for use of that domain? Did, in fact, 123-Reg register for these domains without the trademark holder's consent, or provide false representation in doing so?

Oops.

Whether or not it had cost me a penny, there would be a letter winging its way to the ICO if I were a customer.

There's a difference between "we can do that for you" and "we have done that for you" as Apple found out with a certain album.

Just because you give something for free doesn't mean you can just sign me up without my consent.

11
0

Web crash and pricing errors hit Argos

Lee D
Silver badge

The question really is:

At what point would Argos consider it "goodwill" to honour it, rather than have to go to court to argue the definition of reasonable if someone were to make a fuss?

I'm guessing a couple of hundred quid for a "one-off gesture of goodwill" is cheaper than admission of fault, or a court case

0
0
Lee D
Silver badge

Indeed.

According to consumer law, if the price could be considered reasonable and there was offer and acceptance of contract, Argos would be legally obliged to give me the console for that price.

Sadly, that trumps any T&C's on any website in the known universe if I'm a UK buyer buying from a UK company's website or even store.

6
0

UK attorney general plans crackdown on 'trial by social media'

Lee D
Silver badge

Re: Why change anything?

Because not only does such an instance "corrupt" the jury's opinion, it could make it difficult to find future jurors who are blissfully unaware or unaffected by previous dissemination of information (e.g. those in the jury for a retrail will have heard about the rumours that got the previous guy done for contempt when he told everyone about them).

It's about eliminating the need for charges because people don't do it, and seeing how prevalent it is and whether it *does* affect anyone / any case, rather than saying it must immediately be clamped down on more harshly than it already is.

In courts, you are a robot. You hear evidence. You are sometimes asked to DISREGARD statements. Then you have to judge as if you'd never heard them. Some people can do this (i.e. I see people's salaries all the time because I manage several IT finance / HR systems, but I cannot ever act upon that information even if I could do so privately), others can't. If people are going to be on a jury, they are deliberately (in the UK at least) random members of the public and thus from a wide range of education and vocational backgrounds, and it's not up to them to think for themselves about the case. It's not "do you think he actually did it", as some people think. It's "has the prosecution put forward a case that proves he did it beyond reasonable doubt, based solely on the evidence you've heard in this room and been told to consider". They are very different interpretations and it's hard to make juries understand that.

Removing any kind of temptation to subvert that (by punishing even the most flippant of abuses harshly) is the only way to make people say "Well, I SUPPOSE I have to find him innocent based on this evidence, even though I *know* he did it, because otherwise I'll get into trouble".

As it is, I believe that juries have their phones handed in, are isolated on long cases etc.

21
0

User worked with wrong app for two weeks, then complained to IT that data had gone missing

Lee D
Silver badge

Re: TBH

Nope.

Colouration is fine.

The cretin is the person who didn't splash TEST SYSTEM over every dialog box and window title to ensure that no matter what colour was chosen it couldn't be confused with the live system.

I'd even put in a big scary warning when you load it up or close it down.

The user isn't at fault, as such, but not rebooting your computer because "it takes a long time "means the IT team are rubbish or the user is paranoid (reboots on my systems are on the order of 20-30 seconds and I don't do anything particularly special, and only a handful are actually SSD).

If you have colouration options, those also NEED TO BE TESTED don't forget.

But there's no reason not to have big annoying warnings everywhere to discourage you from using the testing version for anything serious.

52
5

Would you get in a one-man quadcopter air taxi?

Lee D
Silver badge

I don't think you want to be parachuting out of a low-altitude quadcopter that's still in motion.

That's not even a Bond stunt, that's just suicide.

4
2

Act fast to get post-Brexit data deal, Brit biz urges UK.gov

Lee D
Silver badge

They need their own data to be processed in a legally-compliant country more than either.

As such their data is gone. They can still process our data if we want to let them. We can't process their data, though, without negotiating an exception, which means they can't bring their businesses over.

Every EU-owned company just got told to cut off the UK arm of their business, effectively, if they process EU data.

2
0
Lee D
Silver badge

I think some people miss the point. It's not about where we process our data, it's about whose data we are allowed to process

Though you could process UK citizen's data, for example, you would not be able to touch the EU data. Thus 28 countries' data won't be able to just "be processed" in the EU and then shipped back to Blighty. Literally all that's gone. We would be a non-compliant country, to all intents and purposes, and like a UK company saying they process all your personal data in the Bahamas (currently illegal), we wouldn't be able to process any of the EU's data. They wouldn't give it to us, and we couldn't take it.

That harms us more than it harms the EU. We've just taken ourselves out of that game and made life difficult to do business with them. As such, they'll do business with one of the other nations that can process their data without having to do a thing but tell their own data controller, rather than with us with whom it would be illegal to process their data.

When you consider that we're the financial centre, banks will flee. Suddenly porting personal data between the EU and the UK is like trying to get blood out of a stone rather than an automatic sharing checkbox exercise.

If you're an EU-wide bank with a UK headquarters - you have to set up and move everything back abroad anyway. May as well just go and leave a small UK-only business behind that is entirely separate. But you MUST move your data, so you must move your headquarters and the core business back to the EU.

Literally, in terms of data, we can say "Don't go" as much as we like, but even for a multi-national company trading in all the EU countries, it would be illegal for them to process the majority of their own business's data in the UK, as it wouldn't be under EU-compliant data regulations. Unless we have exceptions from day one with EU sign-off, those foreign companies will splinter off a UK branch (at best) and then just disappear.

That's a lot of business to lose. The same applies to everything from mobile phone providers to banks. Every EU-owned international company now has to effectively legally separate itself, and every UK-owned company has to jump through all kinds of hoops to try to do business with the EU as a foreign entity. It's not just as simple as "we'll do it ourselves". We would become a legal persona-non-grata in terms of processing any data to do with them, from the tiniest company up to the largest bank.

We've effectively locked the door and then battened it shut, in a legal sense, and then expect people on the other side to do business with us. It took four years to sort out a small, quite-friendly, neutral and sensible country's data access. I wouldn't like to think how long it will take to get data compliance for the UK. I'm guessing a LOT longer than the UK has to do so.

2
1

El Reg is hiring an intern. Here's the lowdown...

Lee D
Silver badge

That's the software. That's the boring bit.

0
0
Lee D
Silver badge

Re: My first job!

"Go and get me a copy of Macromedia Flash for the iPad."

"Plug my 3.5mm headphone cable into my iPhone"

"Put Siri on my Windows Phone for me."

"Ask the guy in the store for a USB-C -> iSCSI cable"

3
0
Lee D
Silver badge

Re: My first job!

"Spend a week learning C while QAing on Powermonger (SNES) and Populous II (Megadrive). Then design some maps for Syndicate, before helping write Theme Park. ;)"

Git.

2
0

Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

Lee D
Silver badge

Re: Wasps

Emergency calls are another matter entirely. If *ANYTHING* technologically gets in their way, Apple have not just failed but broken the law too, most likely.

More likely: Someone broke my nose last night and now I can't call my parents. Put on your makeup and it doesn't recognise you any more. Train it to the makeup face and it doesn't recognise the un-made-up one. Change your hairstyle and it won't let you in, etc. etc. Drag queens are really going to have a hard time, or start carrying two iPhones...

Though it should have a passcode, we've basically gone back to the lock screen being as secure as a passcode. Maybe slight convenience added, but if that's at the cost of ANY security whatsoever, then it's downhill.

0
3
Lee D
Silver badge

Re: Biometrics

@FIA: People said the same about fingerprint readers, and then Gummi Bears foiled us all.

I'm not saying they haven't looked. I'm saying that the chances of them defeating that kind of attack are slim.

The precision to which you can measure a face depthmask, but still recognise it from any angle in any circumstance, with any hairstyle, etc. are very limited. Limited enough that it would be a viable attack still, no matter the amount of technology involved.

The fuzzy logic that must be involved alone gives you huge scope for simple tricks.

When the device is available to the general public, I give it a week or so before a viable bypass is found, with, say, even a low 10% success rate (hell, we can just have as many goes as we need to, really, just make them flux quick so they iPhone just thinks the videostream is one jerky stream of bad images rather than someone actually trying to brute-force the proper depth map).

I imagine it wouldn't be outside the realms of possibility to have some kind of overlay on the camera sensor that can actually "fake" any depth you like to the same kind of resolution, either, if it's just IR.

7
1
Lee D
Silver badge

Re: Like fingerprints

Fun prank.

Press everyone's button five times, and see if they remember what the passcode they set up months ago was supposed to be....

21
3
Lee D
Silver badge

Re: Password Policy

Their new face must include a scar at least 8 inches long, at least one leg and at least one cleft palate.

12
0
Lee D
Silver badge

I thought it was something to do with the Japanese for nine? Though "nein" also has negative implications, if you used the digit it would actually just be pronounced "Windows Neun" by any German speaker.

4
0
Lee D
Silver badge

Re: Like fingerprints

No different to fingerprints. Get you to touch ANYTHING (not even the phone) and they could unlock your phone.

This is why we do not use biometrics as authentication, only identification.

Identification = "I'm claiming to be Mr X"

Authentication = "I have proven that I am that person".

22
0
Lee D
Silver badge

Re: Biometrics

I am by no means an expert but I'd go for:

- Bit of paper with a full-page photo, folded to the shape of the face that's on it?

- Bit of paper with a full-page photo, wrapped around a mannequin head.

- Bit of paper with a full-page photo, held over the attackers own face.

Sure, it might take a bit of squidging and folding to get it right but you only need to get in once.

I'm still struggling to work out why using face-rec to unlock a phone isn't viable just because the user is asleep. I don't buy that one at all. I mean, maybe a pair of Goggly Eyes might come into play to convince it that they have their eyes open, but I don't think we're talking hi-tech.

Biometrics are not authentication.

They say "I am shortly going to prove that I am this person" and then tell you which person that is. They DO NOT PROVE that you are that person. That's what actual authentication is.

18
1

Regulate, says Musk – OK, but who writes the New Robot Rules?

Lee D
Silver badge

Then it should TAKE NO ACTION.

Until it's something capable of reasoned thought such that it could explain it's reasoning in a court of law (i.e. decades away from happening).

In your thought-experiment example, the machine has no concept of whether the 5 people who die if it does nothing are terrorists chasing the one innocent person who would die if it pulled the lever.

Whichever way around you put the lever (i.e. to squish or not squish either party/parties in the absence of further command), it cannot make that decision in a reasonable manner without contextual understanding of the implications.

Until it's capable of that reasoning, and it's proven in a court to be that capable, the MACHINE should not be left in any position where inaction will cause more harm than ANY SPECIFIC ACTION. This is why industrial controls are "fail-safe", etc.

Even then, it's a horribly contrived situation with no right answer (i.e. even a human would struggle depending on a very, very, quick split-second decision and getting the right answer, e.g squishing the cop chasing the group of muggers instead of the muggers because it's "less people dead" and a court would recognise that and hold them pretty blameless).

It's either responsible for all its own actions (in which case it gets brought before a court as an independent entity and has to find its own representation, etc. and the manufacturer won't defend it or take responsibility for it) or it's not (in which case it's a machine made by a company which gave it poor defaults and put it into a situation where it was required to think when it wasn't capable of that).

0
0

Forums

Biting the hand that feeds IT © 1998–2017