* Posts by cbars

352 posts • joined 11 Jun 2013


U wot, m8? OMG SMS is back from dead


came to say the same, O365 spams you a new 2 factor auth message almost every ruddy time you try and login, regardless of ticking "yes, bloody leave me alone for 2 weeks". When you work in IT, and use multiple machines, multiple browsers and generally bounce about, it's annoying as hell. Better than getting hacked though, I suppose!

Ad-tech industry: GDPR complaint is like holding road builders to account for traffic violations


Making a car without seat belts is against the law. So is spaffing personal data (finally!).

Making a road that doesn't comply with safety standards is against the law (for example without crash barriers or white lines).

The car makers, in this analogy, are the companies creating the advertisements that fill this advertising space. Not the people spaffing data everywhere contrary to the law. Quiet down and take your medicine.

Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...


I'm with 6 flags

I can't sell tickets to gladiator matches anymore because of these namby pamby anti murder laws, it's anti commercial!

Tech sector meekly waves arms in another bid to get Oz to amend its crypto-busting laws


Re: You have to wonder

placing a high value on someone who understands anything beyond typing on Twitter



Re: "Is this what you wanted to see?"

I have not read the link so apologies for willful ignorance but that just sounds like a one time pad. Otherwise you can't choose your ciphertext, and you certainly can't re-use it, that is fundamental cryptography so it's likely that scheme is broken...

I remember TrueCrypt had something similar with hidden volumes but it all takes space and is detectable if you're looking for it

En garde! 'Cyber-war has begun' – and France will hack first, its defence sec declares


Bug bounty

Ok so you discover a hole in the French infrastructure (which either everyone is allowed to do, or it's a crime unless you're on the list c.f. USA). Do you sell to the French or to [insert popular enemy country name here]?

If everyone is allowed to do it, the odds are better that you get a notification (because your enemies will be looking anyway!)

However it's also more likely that someone from France sells to the enemy.

All in I'd say it's still better to leave this open to all, as if we're not running under the assumption that *most* people are half-way decent then there isn't much point. Time will tell I suppose.

Huawei’s elusive Mr Ren: We’re just a 'sesame seed' in a superpower spat


Re: Luddites = Non Sequitur

A) Show me a large multonational not connected to the government of their home country, this backs up Ren that this is an idealogical conflict

B) Unclear

C) As are 5 eyes and Iran and everyone else

D) Which country is benevolent to anyone else?! Jeez

E) The idea that a country of 1billion people is incapable of innovation or invention is hilarious

F) This is a concern, but not to do with Huawei. If countries are concerned with China's dominance in technology then they shouldn't let them build critical infrastructure (hello UK government)

IOW A) and F) have some merit, but are probably not relevant to trusting products built by Huawei, at least no more so than trusting US products

The Large Hadron Collider is small beer. Give us billions more for bigger kit, say boffins


Re: Living in a black hole?


Perhaps I was a tad harsh, if it is the same poster then I do not believe I was. I should have left the link, there's about 5 consecutive posts and as far as I am concerned there is enough rubbish in there to discount the lot

Decide for yourself :)



Re: If all you have is a hammer

are you the same AC that was warbling incoherently about the resonant frequency of the universe and how we're all living in a black hole on another forum this week?

These forums are frequented by a significant number of people who know more than you or I do; you appear to know very little beyond GCSE physics, and your explanations are akin to a Childrens TV science program, only less accurate. Please stop. Even if you use "I'm too smart for these guys, I'll let them wallow in their filthy ignorance" as an excuse, just stop.

Iran satellite fails: ICBM test drive or microsat test? Opinion is divided...


worked for North K

Maybe the Supreme Leader just wants to be mates with Trump

Oh, SSH, IT please see this: Malicious servers can fsck with your PC's files during scp slurps


Re: Class of problems inherent in file transfer, may require MAC enforcement.

It looks like you've already argued against yourself "that only really moves the problem to whether the user interface software is trusted". Yes, if you can't trust application running to do sensible, non dangerous things then you're in trouble.

That is exactly what these CVEs are. "Hey, please grab some bytes from the network card and put them here: /X"

>> "Nah, I'll just write some other files, as determined by the network card byte stream and ignore your command, silly user t(-_-)t"

This is called a software bug, and reduces the trust in the 'user interface' software in question. The more general problem of "how do we write software which we can prove we can trust" is yet to be solved.

What's the fate of our Solar System? Boffins peer into giant crystal ball – ah, no, wait, that's our Sun in 10bn years

Paris Hilton

Re: Glad they helped me understand

I'm still confused. How hot is a crystallised star in Hiltons?

Google Play Store spews malware onto 9 million 'Droids


Re: Awww bless

I'm not usually convinced by a dictionary quote, so I will bite.

Ads can be an attack surface and therefore they make you vulnerable. Generally as a society we agree that forcing people into vulnerable situations is not ok, and you could argue that the act of forcefully increasing vulnerability is actually harm in itself.

Another argument might be that the app authors intended to serve ads, which take up system resources - thereby depriving the phone user of something. Being deprived of something is harmful, which is why we require consent for things to be taken, and call it theft otherwise.

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit


Re: what?

I was just thinking of 1)

It does 3)? Jesus. It's a good thing that the behaviour of applications is rarely dependent on configuration options being set consistently. Setting A by itself will always do the same thing, even if you set B... right?



rewriting >20 years worth of perfectly functional procedures in one fell swoop wasn't done perfectly?

I'm shocked!

They didn't even follow that antiquated "Unix philosophy" that holds everything else bank from quickly introducing new features so this is very surprising.

Dark matter's such a pushover: Baby stars can shove weird stuff around dwarf galaxies


Re: Alternate theory

Tom 7, mate..... naming something makes you an idiot? Yea.... all those idiots that named the stars, the sun, moon, watched them go around and worked out how to navigate using them - multiple times in multiple cultures.... idiots, shouldn't have bothered. Just ignore it because you don't know what it is absolutely, what a way to move human endeavour onwards. Not.

Happy new year, readers. Yes, we have threaded comments, an image-lite mode, and more...


Re: Back to home page form comments

I click on the giant banner

Boffins manage to keep graphene qubits 'quantum coherent' for all of 55... nanoseconds


I know the equation

quantum + graphene = grant_money

(jokes aside, well done boffins!)

Supernovae may explain mass extinctions of marine animals 2.6 million years ago


Re: Interesting, but radiation killing through water?

not all radiation is created equal. supernovas are quite energetic!

Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'


Re: people were perfectly happy handing over their data to tech giants

that's it, point your finger at the millennials, the brain dead fuckwits etc

it's always someone else's fault

(This one cool trick to scan your ID card has been checked and there is an increase in hot singles in your area!! Click here to find out more)


Re: another iteration

I suspect that the population used for calculating the IQ of politicians would allow them to come out quite favorably; I do not imagine, for example that they would be compared with the comentards here, which I think is likely to be toward the high end when considered c.f. all humans (I have zero evidence to support this opinion, in fact the only comentard I know to be real is myself, so things don't bode well for us)


Re: people were perfectly happy handing over their data to tech giants

well, there are 120million* UK facebook accounts, so clearly literally everyone has provided not just 'their data', but an honest and accurate reflection of it

*this might be a made up number, but without ID cards we can't be sure how many people actually live in the UK so it's our new baseline


another iteration

demonstrating that you have to continuously oppose idiocy, and you don't get a break. A bit analogous to the 'cyber-security' paradigm "you have to win every time, they only have to win once"

Official: Voyager 2 is now an interstellar spacecraft


It's actually quite emotional to be reminded of these probes. I wasn't even around 50 years ago. Well done humans

Tech support discovers users who buy the 'sh*ttest PCs known to Man' struggle with basics


Re: Alternatively...

@ MrMerrymaker

It was the icon on Zog's post that tipped me toward interpreting this as an elitist slight. Yep, we all take away different things, and there are more possible interpretations when only text and one icon is available. Having said that, the article was an extreme case where Zog is bang on, there isn't much more to say after 'put the spoon in the food and then in your mouth'...

@Zog, love the troll ;)


Re: Alternatively...

I couldn't decide whether to upvote this. While you're right that to understand some topics a prerequisite level of other knowledge is required, that's why we don't all go straight into academic research after learning to speak. But I just can't get past the arrogance of the statement. For most things, you can explain 'in laymans terms' well enough to allow another human to perform the desired task adequately. They don't need to fully *understand* it, just as I don't need to fully understand how the engine in my car works, so long as I can get it to work and understand it's bad if it's on fire...

Communication skills are key in any walk of life, explaining things is a communications skill we should all practice.

Millennials 'horrify' their neighbours with knob-shaped lights display


Re: Private, not public.

have not downvoted.... but I have two observations:

1) Offence is taken, not given.

2) It is fine to have a moral standpoint, it's fine to be proud of it, but don't wave it about in people's faces or shove it down children's throats.

So, your moral stances are like your dicks, keep them between you and your significant other and everyone will be happy. Representations or written descriptions of your moral standpoints are acceptable, but they might offend some people - in that case however, I doubt you'd give a fuck and you'd still feel justified in conveying the concept.

Ok, 3.

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years


or they only built it thus year. hmmm, what could have prompted that new found interest in the processing of personal info. Some companies just Genuinely Don't Perceive Risk, and sometimes they do, but only once it's too late.

Amazon's self-driving AI robo-car – THE TRUTH (it's a few inches in size)


Right, but what's the point...?

Racing, I understand. Watching robots race.....

Does anyone watch two chess computers play each other?

Healthcare billing biz AccuDoc 'fesses up to breach that blabbed 2.65m people's data


SQL Injection

Still on top

Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog


Re: WTF?

I agree, even easier as there was no action required.

Hi [Name], We're writing to notify you that your account is among a number which *have* been involved in a security breach. Please log into your account using your normal route to see further information and what steps, if any, to take next. As always, please do not click on links on emails, we will never ask for your details..... blah blah

If a reset is required, deal with it when a log in is attempted, not using an email link. Unfortunately, marketing departments have ensured that 'legitimate' emails are full of full page banners and images, so people are not trained this way.

GCSE computer science should be exam only, says Ofqual


I didn't downvote, but I agree. You're suffering from selection bias: "I was good when young, I am now 'good' (so far as I know), therefore to get as good as me you need to follow same path I did".

I was rubbish at IT when at GCSE age, I was rubbish at a lot of 'subjects'. My IT course consisted of learning how Mail Merge in MS Word worked. I failed completely because what was the point in that? Much more fun to muck about and play games.

I had discipline problems at that age, was more interested in sport and girls and it wasn't until I finished my GCSE's that I was aware I was academic at all (no family history in that area). I went on to a numerate degree (physics), during which time I learned that computers were actually useful. I am now gainfully employed and as far as I can tell I'm pretty good. I am currently paid to sweep in, fix other people's crap code and have a whole host of opinions on why other people are 'not as good as me'. I am not so arrogant to assume that everyone needs to follow my path, and you can't blame children for their circumstances or interests at that age.

UK.gov to press ahead with online smut checks (but expects £10m in legals in year 1)


Re: One third porn?

with the amount of javascript, cookies and crufty HTML on most sites. I don't think there are any sites on the internet that can be classed as 'pr0n'

Russian rocket goes BOOM again – this time with a crew on it


postpone 11 months!? If they've been up there 3 months already, they'll develop serious health problems if they're up there that long. I wouldn't like that decision being made for me - and I assume their families would be non-plussed. What are the downsides to abandoning the ISS aside from a gap in the science data?

Health insurer Bupa fined £175k after staffer tried to sell customer data on dark web souk


Re: ..if you can see it, it's not encrypted


If you're responding to me, that was exactly my point, if you read my posts. People need to see the data to use it - however at this point downloading (that bit) is irrelevant. Controls should be monitoring people are not accessing 1 million records a day.


Re: you almost always need an Admin account

@Anon, My point is that if you can see it, it's not encrypted, so you can't protect it at that point; where you download it to is irrelevant. Homomorphic encryption does not help if your Admin needs to examine the data, it's just intellectual masturbation in most cases.


Re: Oh FFS !!!!!

you almost always need an Admin account to find 'bad'/orphan etc data (unless you're a startup with no legacy data). Splitting the data (by region etc) just means you need more people acting as Admin. Is it better to trust one Admin or many...?

Depends on your threat model, I suppose. If you're complaining about the download capability - then I would just say - you can't stop people photographing the screen, so your procedures shouldn't be about preventing people querying data - they should be about *detecting* that access. Pretty unusual day at the office if half a million records get reviewed by a single human.

Python lovers, here's a library that will help you master AI as a newbie


Re: this has some potential

an API for quantum computing? Need the hardware first!

Brit startup plans fusion-powered missions to the stars


you heard that story about a turtle moving half way to it's destination with each step......?

I just meant that it's been pushed back continuously, if it is demonstrably 'working' in 2025 I will be surprised. If I am buying electricity that was generated using a Tokamak in the next 50 years I will be elated


2025 now? Come on, in my lifetime please! This is why no-one cares about climate change - so I hope it all pays off!

New theory: The space alien origins of vital bio-blueprints for dinosaurs. And cats. And humans. And everything else


I don't think it was explicitly stated, but the article implied that the specific chemical phosphine is not formed by natural processes on Earth. I am not a chemist, but I guess it's not likely for the crust phosphorus to react with 3 Hydrogen atoms due to it being already bonded with other elements.

On the other hand I also have no idea why phosphine is specifically required to get to the amino acidy bits, my GCSE biology has not stuck with me but I thought you can usually get to chemicals through various routes. In conclusion I both disagree and agree with your skepticism.

IT bosses worried about network security reckon AI Jesus can save them, says Oracle survey


Re: Biometrics

I almost agree, except biometrics are usernames which cannot be changed. They identify, they don't authorise. Passwords are secret, faces aren't.



69% use Biometrics? What? Who are these people and what are they doing that helps secure networks? Does this just mean people accessing email on their iPhones using fingerprint/FaceId?

"69% of respondants have thrown away passwords and instead are just using usernames, encoded as biometric data points"

seriously, I am curious! A fingerprint scanner to allow HTTPS through the corporate firewall......?

Google actually listens to users, hands back cookies and rethinks Chrome auto sign-in


Re: Would there be a market...

no, because the code/behaviour would be analysed by your well resourced adversary and the cruft nicely filtered out.

Also it's the wrong solution. The correct solution is to remove the problem (slurp slurp behaviour), but this is a societal issue and unlikely to be easy or fast. Historically, we tend to go down these mental roads every now and again, but inevitably end up back at equilibrium. Hopefully the same is true here and we'll eventually end up in a sensible middle ground.

Digital records won't last forever, but they'll last a lifetime or so - I reckon we'll need a couple of those time periods as a society to recognise the downsides.

Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit


Re: Impressive consequences

"no jobs on the white"

hmm... your white is [country/orgs] black

so long as there is humans, there will be opposing sides

Space station springs a leak while astronauts are asleep (but don't panic)


Re: headline?

wanna fight?



micro-meteorite night plight might blight space-flight

come on, there's even loads left!!

sight light right.....

UK.gov agencies told to drop fancy tech or risk 'reinventing the wheel'


Re: I think...

my comment was more to point out why we have the status quo (incompetence at all levels),

but I suppose it is also arguing against exactly that. seniority is not proportional to effectiveness


Re: I think...

So the job market is swarmed with incompetent managers and the cycle repeats as they find positions elsewhere...

I like the Peter Principle (https://en.wikipedia.org/wiki/Peter_principle). If the project fails, you go back to what you were doing before you were a project manager; if you were brought in as one - you go down a rung or you quit. That way, you push people down to where they are effective.

If people are being effective, you give them pay rises, not promotions (but by all means allow promotions!). If they're out-earning people in similar positions elsewhere, they won't leave.

Tricky to juggle company-wide, I grant you, but I like to think it would be better than the current methods. The other problem is curating a culture that agrees this is a good thing, and doesn't make people feel bad about lacking the required skills. Paid-for training courses?

Oracle: Run, don't walk, to patch this critical Database takeover bug


Re: I have to ask...

I have no doubt that the Oracle DB is riddled with bugs - but the idea that everything else is therefore better is quite childish in my opinion.

This is the same mentality that says malware can't infect Linux systems*......

The alternatives just aren't as valuable to target, or used in such a wide variety of environments. They're probably just as crap in slightly different ways. Actually, I'm feeling generous: probably a little bit less crap as they're probably written by fewer people with a wider knowledge of the overall codebase.

*I am not disparaging Linux, just the idea that it's immune from bugs


Biting the hand that feeds IT © 1998–2019