* Posts by David Roberts

1422 posts • joined 25 Jan 2007

Page:

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

David Roberts Silver badge
Holmes

Re: correcthorsebatterystaple

Struggling with some of the assumptions here.

For instance if you know that the passphrase is composed of dictionary words spelled correctly then you can calculate the time to brute force based on using all the dictionary words and gradually building up the length and complexity.

However if you don't know then presumably you also have to brute force a string of random characters to the same password length. Possibly some of the examples assume that the first thing you do is a dictionay attack (but to what length of characters?) followed by a random character brute force.

I think that this was what the XKCD example was based on - making remembering long strings of characters easier.

If, for instance, you picked one set of 5 non-dictionary characters, say xf-r@, and inserted this into all your password strings then possibly a dictionary based attack would fail. Again I assume this is some of the point of requiring punctuation in a password.

I would be interested in the entropy of, for example, correcthorsexf-r@batterystaple given that you don't know that it is mainly a dictionary based phrase and you don't know the length or location of the non-dictionary string.

It is easy to work backwards if you know the answer. Assume you don't know the answer for a more accurate result, perhaps?

Banking in 2019: Sure, we'd recommend TSB's online, mobe banking say cowed customers

David Roberts Silver badge

Is the software useable?

Tough call, but if I had to chose between a bank with user friendly software but occasional bouts of poor reliabilty or a bank with rock solid reliability and software which had me screaming at the screen every time i tried to use it then I'd probably suck up the unreliability and focus on the good UI.

Lookig at you, HSBC.

Crypto crash leads to inventory pile-up at Nvidia, sales slaughtered

David Roberts Silver badge
Paris Hilton

Watching UHD TV?

This article prompted me to look for a card which will allow me to watch UHD output on my TV.

This doesn't seem to feature in the general selection criteria. Apparently you only need a high resolution card if you are a gamer.

Perhaps this is a non-issue because most current generation cards support UHD output?

I am idly wondering about a UHD monitor but it would have to be significantly larger than my HD monitor for me to be able to read text when using the full resolution. Upping the default font size doesn't seem much point. I currently have two monitors on my main system which works well for me (full HD landscape and lower res smaller portrait) so I think I would need a screen the width of the two combined to get the same usable real estate. Then up a bit more to make text readable again.

However without looking at UHD monitors it is difficult to visualise.

Return of the audio format wars and other money-making scams

David Roberts Silver badge
Unhappy

Jusr reminded me

I have a mini disc recorder for my component stereo stack resting idly in the loft.

Bought in a sale with the plan to digitise all my vinyl. I think I managed to record one album before becoming bored and distracted,

It must have been a while back since burningto CD seems the obvious option.

Yay, we got a B for maths. Literally, a bee: Little nosy nectar nerds smart enough to add, abstract numbers

David Roberts Silver badge

Re: Some summers ago

How..errr...cheep of you?

Are you a Windows 1 in 10 (1809)? Or a mighty 80 percenter (1803)?

David Roberts Silver badge

Not sure about all the hate for W8.1 and W10.

I'm mainly running W7 x64 but I do have a laptop running 8.1 which is fine, and recently inherited an all-in-one running W10 which seems to be happy just doing stuff.

I suspect that 99% of end users have no issues and it is only the deeply (anally?) techie types who care.

My main concern recently is the broken W7 update thst screws network sharing.

At some point I'm going to have to upgrade, although I'm tempted to move W7 to W8.1 if that is still an available option. A long time since i did the clean installs on the low cost upgrades from Vista.

Canadians moot methods to embiggen moose monument and make Mac great again

David Roberts Silver badge
Coat

Don't want to go too big.

Elk and safety, and all that.

Openreach to heap faster broadband on UK's media-heavy hubs

David Roberts Silver badge
Unhappy

Some time ago

There was a flurry of activity, manhole covers were lifted, ducts cleaned out and new connectors appeared on the top of poles.

All part of the fibre rollout we were told.

Still no sign of anyone stringing fibre for those last few yards to the houses.

Just as well we have Virgin.

I can hear the light! Boffins beam audio into ears with freakin' lasers

David Roberts Silver badge
Megaphone

Melt the earwax?

Not if you use mirror finish ear plugs.

La la la........

Is your kid looking at GCSE in computer science? It's exam-only from 2022 – Ofqual

David Roberts Silver badge
Windows

Licence?

I've still got my Dad's old chemistry books somewhere with detailed explanations on how to make gun cotton and nitroglycerine.

His University course was between WW1 and WW2 and AFAIK you still has to speak German to read some of the text books.

No doubt happy days.

David Roberts Silver badge
WTF?

Developer?

"Outline the code blocks required to perform the task of displaying prices (Part A) with and without VAT at 20%. (Part B) Using your answer to part A, prepare a KANBAN board and write a hypothetical user story arising from round 1 acceptance testing that includes a role-feature-reason justification for initiating a new code iteration cycle in the scrum."

Well, I'll never get a job again (not that I want one).

Didn't understand a word. Which may, of course, be to my immense credit.

Data hackers are like toilet ninjas. This is not a clean crime, you know

David Roberts Silver badge
Unhappy

Seen in the Postmen's Toilet (many years ago)

Will the person with the three speed arse please engage bottom gear when using this toilet.

Certainly painted a picture.

Core blimey... When is an AMD CPU core not a CPU core? It's now up to a jury of 12 to decide

David Roberts Silver badge
Happy

AMD FX-6300

Just checked, and this is the chip in one of my machines.

I bought it (after looking at a lot of benchmark data) to upgrade an ancient system on the basis that it would match my old Core i5 2500k in general performance without costing anywhere near even a cheap Intel processor with similar performance.

I know that this lawsuit is USA only and that it doesn't cover this particular 6 (or 3) core chip but I have no issues with how the chip is/was described.

In my general purpose PC the processors are mainly idle, anyway.

David Roberts Silver badge
Facepalm

Only in the USA

See title.

Q. China just landed on its far side, the US woz there 50 years ago – now Europe wants to mine it? A. It's the Moon

David Roberts Silver badge

Small object impact?

I haven't followed all the links, but I don't recall pictures of large object impacts lighting up shaded areas of the moon.

Hopefully that means that big stuff in our relatively local area is not common.

The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings

David Roberts Silver badge

A lesson

Keep your work and leisure activities compartmentalised.

DNAaaahahaha: Twins' 23andMe, Ancestry, etc genetic tests vary wildly, surprising no one

David Roberts Silver badge
Facepalm

Fascinating

How many people base a crtique of genetic sequencing on a single photograph of two people with different hairstyles.

Perhaps they checked with a man in the pub for a second opinion?

Speaking as someone who is regularly mistaken for a twin when my brother is a year and five months older than me. Could have just been an exceptionally long pregnancy carrying the second twin, of course..........

Seeing is believing.

Bish, Bash... gosh! Good ol' Bourne Again Shell takes a bow as it reaches version five-point-zero

David Roberts Silver badge
Windows

Re: Bourne Again Shell (Bash – geddit?)

csh - a shell which is strangely similar to but disturbingly different from the C programming language.

Walk on past, stranger. That way lies madness.

'Year-long' delay to UK 5G if we spike Huawei deals, say telcos

David Roberts Silver badge
Unhappy

Re: Marconi

Wasn't that after Weinstock passed on and the corporate raiders gained access to the board?

Loads of activity with the cash mountain and loads of commission paid to 3rd parties. Allegedly.

Could you speak up a bit? I didn't catch your password

David Roberts Silver badge
Trollface

Doorways and walls?

In earthquake country you are recommended to stand in a doorway because it can be safer.

Not sure if this is protection against ceiling collapse only, but if you look at aftermath photos, quite often the door frame is still standing when all the walls have fallen down.

In which case your back door may provide additional security. In certain extreme cases, obviously.

Mobile networks are killing Wi-Fi for speed around the world

David Roberts Silver badge
Unhappy

Re: Fixed operators to... "shape up to 5G or face sliding into irrelevance"

VM and WiFi - our latest Tivo box stubbornly refuses to connect over Ethernet but will work over WiFi. I assume they aren't that bothered because most people don't have wired Internet throughout the house.

Oh, I wish it could be Black Friday every day-aayyy, when the wallets start jingling but it's still a week till we're paiii-iid

David Roberts Silver badge
Windows

Having a bad week

Twinged my back and on pain killers so somewhat spaced.

I bought a Black Friday bargain bluetooth speaker and kept thinking "I know there's some reason I shouldn't have done that.".

Now waiting for it to charge before playing the linked track by steel....and thinking "Steelers Wheel? Steeleye Span? I'm sure I know that wierd looking guy holding the blue knob...".

Sigh.

Where to implant my employee microchip? I have the ideal location

David Roberts Silver badge

Re: 'One day he'll give up and take a dump on my pillow instead'

@CrazyOldCatMan do what we do. Buy a second litter tray so one can be soaking whilst the other is in use.

Six critical systems, four months to Brexit – and no completed testing

David Roberts Silver badge
Windows

Re: Time running out - service industries

This is why, yeah those many years ago, I advised our children to learn a second language (Spanish was a good option) and plan to emigrate to a country which had major natural resources to fall back on if shit happened to service industries.

At the time I was working on the theory that "knowledge industries" were very transportable to cheaper areas of the world. Only basic raw materials were tied to a country.

I didn't have Brexit in mind, but it may unfortunately prove me right.

One gone, other has long term options which may pan out. Meanwhile the crumblies are currently stuck here as more and more possible destinations lock down immigration. Partly because of Brits running for cover, but mainly because Chinese and Indians seem to be getting their money out whilst they can and buying up all the property.

That Old Time 2018 IT songbook: Verity, Verity - give us your lyrics, do! We're half crazy, all for the love of you

David Roberts Silver badge
Happy

Modem song. :-)

One thing about Virgin Media is that the engineers come out for free.

None of that "If it turns out to be your fault you are in deep shit!" malarkey.

Happened to me twice; first time when I removed a rats nest of legacy BT wiring by the front door. Turns out that VM link into your current internal wiring as well as providing their own master socket. Second time was when the builders went a little too deep when extending the drive and scraped the buried cable. $Deity knows what it would have cost if Open Reach had been supporting the connection.

Brit boffins build 'quantum compass'... say goodbye to those old GPS gizmos, possibly

David Roberts Silver badge

Re: Inertial navigation system

Yes. An inertial navigation system to tell you precisely where you are. Part of that can also tell you which way you are pointing.

A compass doesn't care where you are it just tells you where North is (for various values of North).

Can your rival fix it as fast? turns out to be ten-million-dollar question for plucky support guy

David Roberts Silver badge
Windows

Re: Ah, memories

But I might have been intending to pick up the tablet from the charging stand in the bedroom.....

Also, check printer for output still leaves you wondering if you should go back downstairs to check the PC....

David Roberts Silver badge
Windows

Ah, memories

Or lack of same.

Been there, done that, shit happened, fixed it (usually).

But that was long ago, and in another country. And besides, the wench is dead.

I have no idea how you remember the blow by blow (or bit by byte) interaction 20 years or more down the line. I have problems when I climb the stairs deciding if I need the bathroom or was collecting output from the printer.

Bloke 'lobbed molotov cocktails' at Street View car because Google was 'watching him'

David Roberts Silver badge
Coat

Re: The guy is clearly a nutter!

I own a VW Touareg (also known as a Toerag).

Nice car. Goes like a..... ummmm.......bomb?

The one with a copy of VCDS in the pocket. Thank you.

Diss drive: Seagate and IBM bring blockchain sledgehammer to compliance nuts

David Roberts Silver badge

Hard drives vs SD cards

I understand there is a trade in SD cards (and USB memory sticks) where the real memory is far less than the badge. I also understand that the software in the controller is written to falsely report the capacity.

Unless the HDD has the controller software modified to falsely report the capacity, I'm not sure what this utility gives you. If you buy a drive, plug it in and the OS reports that it is 2 Gig not 4 Gig (for example) then you know that you have been duped without asking about a blockchain entry. Your recourse is surely the same if it just shows the wrong capacity when mounted, or when mounted and a blockchain query issued.

The SMART data may also give some clues, unless you can reset this to look like a new drive.

If, of course, all the controller data can be rewritten (as with SD cards) to make the HDD present as a different drive when mounted then having a cryptographic verification of the drive ID would make sense. As long as the blockchain ID couldn't be cloned. If someone is deep in the firmware and rewriting the controller software then presumably anything is possible. Including virus infections (IIRC you can mess around with the controller software on USB sticks to infect devices. Not the same interface, though.).

Windows 10 Pro goes Home as Microsoft fires up downgrade server

David Roberts Silver badge
Windows

Re: The joke is on you! Alcohol and a cat

Damn. I thought I turned the web cam off!

Does it count that the cat is significantly older than the single malt?

Windows XP? Pfff! Parts of the Royal Navy are running Win ME

David Roberts Silver badge

Millenial/Gen X

As I understand it, these days Millenial starts with born in 1980.

However I know of those born in the early '80s who firmly self identify as Generation X.

So sympathy to the 1st Leftenant (Lieutenant?).

My hoard of obsolete hardware might be useful… one day

David Roberts Silver badge
Windows

Me again.

I didn't mention the Atari 520 (or is it a 1040?) STE in the loft somewhere with 4 Mb memory which was scrapped from Sun workstations, an externat HDD (8") in a box the size of a stack stereo component (I think the drive was ESDI) plus colour and mono screens, games and office utilities (I learned spreadsheets on a Lotus 123-alike. Backwards compatability means the commands still work today), plus a Lego compatible robotics kit and a load of Lego (which may well be worth more than the computer). Oh, and somewhere there is a dot matrix printer to go with it.

I'm scared to fire it all up in case it doesn't work.

Oh, and on a non-computing front I had rickets as a kid (blame rationing) so my parents bought a sun ray lamp. Still in the loft. Works by creating a mercury arc light with real mercury. Puddles of it. Looking at the wiring I would be reluctant to fire (!) it up now but it is still a bit of awesome technology.

David Roberts Silver badge
Unhappy

Re: Freecycle it!

Downvoted for being behind the times.

Ten years ago I could Freegle stuff. These days nobody wants to take things away. Hurts me to throw stuff, but the effort is no longer worth it.

David Roberts Silver badge
Windows

Serial?

Nobody so far has admitted to hoarding serial cables.

Does nobody remember the halcyon days when with an Interfaker, a roll of ribbon cable, a box of assorted size male and female connectors and a soldering iron you could rule the world?

I am still awaiting the call. Box(es) of the stuff.

Tata on trial: Outsourcer 'discriminated' against non-Asian workers, claim American staff

David Roberts Silver badge
Facepalm

Who would have thought

That racial and religious discrimination was not solely the province of the WASPS?

For India specifically, I understand thst there is/was a caste system which institutionalised discrimination.

I think that we are lucky in the UK at the moment that discrimination is not the issue that it was 50 or more years ago.

Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim

David Roberts Silver badge
Trollface

Cloud simplifies security

Eggs, meet one basket.

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity

David Roberts Silver badge

Re: Noted scientists

Didn't Maxwell invent the silver hammer?

The 'roid in Spain drills mainly on the plain: Plucky Brit Mars robot laps up sun, sand and, er, simulated science

David Roberts Silver badge
Trollface

Re: 'roid?

I've a tube of cream for that.

Sorry friends, I'm afraid I just can't quite afford the Bitcoin to stop that vid from leaking everywhere

David Roberts Silver badge

Re: Racist?

I think it's probably all white.

'The inmates have taken over the asylum': DNS godfather blasts DNS over HTTPS adoption

David Roberts Silver badge

Re: This is great

I've read through the replies but one thing still seems to be ignored.

As far as I can tell the default behaviour on a PC is to use the underlying OS to resolve DNS queries.

This in turn uses (again by default) the DNS server details supplied by DHCP running on the local router. In most cases this is the LAN side of the router.

That router understands DNS as it is today.

If you wish to switch to negotiating an HTTPS connection on a diffetent port then presumably the DNS code in your home router will have to be updated to do three things. Handle a local HTTPS DNS request and pass that on to the configured ISP (or other) DNS server. Handle an old style DNS request and roll it over into HTTPS. Handle legacy DNS from end to end.

Otherwise the DNS configuration information given out by DHCP will no longer be any use and you will have to configure on a PC basis or even an application basis instead of just plugging your PC into the local network and having it automatically configured. Which is what the majority of home users do now AFAIK.

Footnote: if browsers and other pieces of software start running their own encrypted DNS connection that screws up the practice of using your own DNS server to filter DNS queries and deep six Google and Microsoft snooping services.

David Roberts Silver badge

The first thing that struck me

Is that home users nearly always get their DNS from their home router supplied by their ISP as standard.

To make this work you would have to update the software/firmware on a very mixed bag of routers. You also have the issue of the connections from the LAN to the local router. Patches to the DNS software on PCs (probably IoT devices as well).

This has the feel of something which will take a decade or more to roll out.

BT, beware: Cityfibre reveals plan to shovel £2.5bn under Britain's rural streets

David Roberts Silver badge

Just me?

Or are they trying to cable up the areas which already have VM?

The City part of the name may be a clue of course. I'm struggling to see how they can make back the installation costs in less dense population areas.

Erm... what did you say again, dear reader?

David Roberts Silver badge
Windows

Erm

Is where the 'art is.

David Roberts Silver badge
Joke

Re: Erm...

Furthermore erm is a precursor to asexual.

David Roberts Silver badge
Trollface

Re: Erm...

No, bang is shorthand for exclamation mark. [Sometimes also referred to as shriek. ]

It's big, it's blue, and it'll be raining down on you – it's 3200 Phaethon

David Roberts Silver badge
Trollface

Comeroid?

Sounds painful.

US congress-critters question prime directive of Pentagon's $10bn JEDI cloud contract

David Roberts Silver badge
Windows

Long time ago

But when I was doing bid work the advice was that if you weren't involved in writing the requirements it was usually a waste of time bidding.

I assume many sales people from many suppliers were shoulder bumping to get their USP included.

Kudos to whoever swung the "of course, you will need the highest level of accreditation" knowing that they were the only ones who could meet it.

Hard to counter with "it doesn't really need to be that secure" - not a positive message.

Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court

David Roberts Silver badge

Worrying level of blame redirection.

There seem to be conflicting issues.

(1) a company shouldn't be able to wash its hands of something an employee does under all circumstances

(2) a company shouldn't be liable for what an employee does under all circumstances

As reported, the employee had legitimate access to the data and decided to make an extra copy. I would guess that most sysadmin types have the ability to do this undetected at some time or other (see virtually every Who Me? episode).

Analogies are always dodgy, but without total mind control how do you prevent employees breaking the law? Does ever employee have to have another employee monitor every keystroke? Should every employer institute a strp search including major bodily orifices every time an employee enters or leaves the workplace? If an employee working from home downloads porn onto a work PC is the company liable? I (think I) know that if someone manages to sneak drugs onto your property without your knowledge or consent you are still liable under English law.

Bottom line; it isn't clear how Morrisons could, within normal business constraints, have prevented this. It may rest on how reasonable it is to have all external access (USB and other exchangeable media such as CD/DVD) disabled on all machines and all data in and out of the network heavily inspected for signs of illegal transfer. However you are then heading towards military levels of security and the consequent costs.

Also worrying is the mention of insurance, which seems to suggest that the business should not go to the expense of policing the workplace and instead just insure against any fine. Very financial industry where fines for breaches of regulations are often treated as the cost of doing business.

SQLite creator crucified after code of conduct warns devs to love God, and not kill, commit adultery, steal, curse...

David Roberts Silver badge
Trollface

Clothe the naked.

Well, yes, I do that nearly every day.

The exclusions are rare and probably obvious, but a nerdish need to try and be accurate forces me to qualify that statement.

.

.

.

.

On the subject of Christianity (or not) I thought the New Testament was a replacement for the Old Testament and so the term "Old Testament Christian" was logically incorrect. Still, you look for the words which support your chosen views, I assume.

Page:

Biting the hand that feeds IT © 1998–2019