* Posts by Doctor Syntax

13628 posts • joined 16 Jun 2014

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

Doctor Syntax
Silver badge

IndigoFuzz went public immediately because TalkTalk subscribers publicly raised the alarm in 2014 that the WPS feature is insecure they'd have done nothing about it anyway.

FTFY

2
0

FBI's flawed phone tally blamed on programming error. 7,800 unbreakable mobes? Er, um...

Doctor Syntax
Silver badge

“approximately 7,800 mobile devices

That word "approximately"; I do not think it means what you think it means.

11
1

GDPR for everyone, cries Microsoft: We'll extend Europe's privacy rights worldwide

Doctor Syntax
Silver badge

Re: 'Microsoft be applauded for taking user privacy seriously'

"But if you want a Laptop / PC there's no alternative to paying the M$ tax. No matter who you are / where you are."

There are alternatives but you have to look carefully for them.

8
2
Doctor Syntax
Silver badge

Re: Gah!

"I apologise to any lowlife libertarians"

Why?

7
4
Doctor Syntax
Silver badge

Re: Windows 10 April update is in breach

Microsoft are clearly relying on legitimate interest here - "to help keep Windows secure..."

Saying it doesn't make it so although I'll admit that within the Redmond reality distortion field that might not be so obvious.

5
4
Doctor Syntax
Silver badge

Re: Msft Employee Perspective

"There's also a LOT of new rules around storing PII." (My emphasis)

One of the main rules in GDPR is the need for specific permission to collect anything beyond what's needed to process a transaction or what's legally required. It makes no difference having your own rules about storing information if you don't have the permission to acquire it. Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required (and we note that MS welcomed the CLOUD Act) and it's still difficult to see how this makes MS GDPR compliant. My suspicion remains that by concentrating on what MS can do that doesn't greatly impinge on telemetry they're trying to deflect any EU investigation to the latter.

4
3
Doctor Syntax
Silver badge

First reaction: I think they've only read the bits they want to read. Granular permissions isn't one of those bits.

Second thoughts: They're flattering the EU hoping that it will avoid proceedings about the absence of granular permissions.

10
2

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

Doctor Syntax
Silver badge

Re: Simple explanation

" If you can't read hex you really shouldn't be messing with stuff like this."

So that's all SOHO/SMB users ruled out of IPv6. Are we still puzzled about poor uptake?

10
0
Doctor Syntax
Silver badge

Re: Want vs Need

"Speak for yourself because in many parts of the world there haven't been enough IPv4 addresses for years."

SEP to be blunt.

"It's infrastructure so people shouldn't really care whether it's IPv4 or IPv6, it should just work, but this pretty much does mean IPv6, with mandatory privacy extensions."

The last two words say it all. Privacy extensions. Privacy isn't built in, it's an extension. What do we keep saying about security (or privacy)? It should be part of the original design and not an extension. If it isn't it's yet another thing to go wrong.

4
0
Doctor Syntax
Silver badge

"Which, if (as you should) you assign addresses randomly, improves your protection against network mapping and hence port scanning, even if you do accidentally forget to do ingress filtering."

This implies that the LAN owner has to do stuff. For a large enterprise this is fair enough - they can pay for people to do it* - but for small businesses and home users it's a no-no. Unless the whole thing comes configured with such sensible default options it's going to be addressed along the lines of "what we have works - don't need anything else".

* and, in theory, to be trained if they're not already equipped with the knowledge although enterprises tend to treat this as optional, default off.

1
0
Doctor Syntax
Silver badge

Re: Privacy issues with IPv6?

If all it requires is a few tweaks in the devices and a few tweaks in the router to eliminate a security issue it's amazing that this hasn't been rolled out for home users.

1
1
Doctor Syntax
Silver badge

Re: Simples

"So skipping/wasting a number or two is not something you really want to do."

If IPv6 is inherently unsaleable - which the article seems to be pointing to - that number is already wasted and skipping it doesn't cost more. The important thing would be to take a good deal more care next time around.

2
0

Brit water firms, power plants with crap cyber security will pay up to £17m, peers told

Doctor Syntax
Silver badge

Re: Legacy

Legacy is the really valuable stuff that's running the business that's earning the money to pay you to develop new stuff which will probably prove ephemeral. It's not broken, don;t fix it.

1
0
Doctor Syntax
Silver badge

"A cursory search shows BT still provide kilostream, but only until 31 March 2020 which may hamper your proposal for mandatory private circuits"

Regulations such as this could extend its life by renewing the market.

1
0
Doctor Syntax
Silver badge

"Maybe, instead of waving around pointless fines, the government should make it a mandatory requirement of operating, set in law, that utilities and power companies must use private circuits for their infrastructure."

If your mandatory requirement was flouted what would you do? Impose fines of course. Which is just what this regulation does. The only difference is that it says what's to be done rather than how to do it.

1
0
Doctor Syntax
Silver badge

"their legacy systems increasingly interface with and are exposed to the internet."

Simple solution: don't.

26
1

Within Arm's reach: Chip brains that'll make your 'smart' TV a bit smarter

Doctor Syntax
Silver badge

Re: How will it be used?

Every one of these devices will ship with clauses buried in their EULAs/ToS that make you give permission for the device to phone home for "troubleshooting" or "diagnostic" purposes, to "enhance user experience", or even - just putting it on the table - "to provide relevant advertising".

That isn't going to play well with GDPR. In fact I wonder when the case against Microsoft's telemetry gets under way.

5
1

You've got to be kitten: Vet recruiter told to pay £1k after pinching info from ex-employer

Doctor Syntax
Silver badge

Re: Should've gone to California.

"Might not be legal but it definitely happens as the old Rolodex is a goldmine of pre vetted hot leads"

And the GDPR (just like the old DPA) applies to the Rolodex, little black book or whatever. Data is data whatever the technology.

0
0
Doctor Syntax
Silver badge

Re: Data protection laws are there for a reason

Until that "Action" is a deterrent, you may as well just add a surcharge to companies for them to pay the crown yearly.

Up to now this behaviour has probably been seen as standard practice by a lot of salesdroids. This case should be a warning that it isn't. Although the fine in this case might be low* don't expect it to be as low under GDPR and don't expect it to be low for repeat offenders.

* You also have to factor in that a guilty plea brings a reduced fine.

0
0

UK digital committee fumes: You didn't answer our questions, Facebook. (Psst. EU. Pass 'em on)

Doctor Syntax
Silver badge

I doubt there'll be any quick penalty for his not attending. However, when the UK legislates on anything affecting his business his lobbyists are going to find they get much the same reception from MPs as MPs got from him.

2
0
Doctor Syntax
Silver badge

Re: Being in possession of an offensive company..

"If you're downvoting please post a reason, it might be a good one that I hadn't thought about."

Not liking someone or the business they run is not a basis for an arrest warrant. You made the suggestion, you provide a suitable basis.

3
0

The future of radio may well be digital, but it won't survive on DAB

Doctor Syntax
Silver badge

Re: broadcast is here to stay

"An argument here was the power consumption of all the FM transmitters, digital radio is green radio."

Does that include the power consumption of the many receivers (DAC vs demod) as well as the few transmitters?

9
0
Doctor Syntax
Silver badge

Re: Cars are priority

"Although many people do listen in cars, according to the latest Rajar data, 60% of listening is in the home, 24% in car, and 16% in the office."

Those figures don't add up. Or rather they do but leave nothing for all the vocal diarrhoea DJs that seem inescapable in shops etc.

4
0

RAF Air Command to take on UK military space ops

Doctor Syntax
Silver badge

Dan Dare! So we're all saved.

1
0
Doctor Syntax
Silver badge

"Spaceships are like submarines - small enclosed space etc."

Aircraft are large, unenclosed spaces?

12
0

Greenwich uni fined £120k: Hole in computing school site leaked 20k people's data

Doctor Syntax
Silver badge

"Nice use of GDPR terminology"

T'other way about. GDPR has inherited from earlier rules such as the previous EU Directive and the earlier DPAs.

3
0

You know me, I don't know you: Hospital reportedly raps staff for peeking at Ed Sheeran data

Doctor Syntax
Silver badge

Re: Celebrity databases

"I've worked around a bunch of HO / Gov Depts and never saw or came across anything like that"

Neither have I but my instant reaction was HMRC! Or its predecessor, IR.

1
0
Doctor Syntax
Silver badge

Re: Don't

"I'd bet money the breech was identified through word of mouth"

In the maternity ward?

5
0

Now that's old-school cool: Microsoft techies slap Azure Sphere IoT chip in an Altair 8800

Doctor Syntax
Silver badge

"sticking one of Redmond's IoT development boards into an Altair 8800 case"

They develop IoT on S-100 boards?

5
0

Sysadmin hailed as hero for deleting data from the wrong disk drive

Doctor Syntax
Silver badge

Meanwhile whoever set up the slave as the C: drive has gone on to a long and successful career - or something.

7
0

Das blinkenlights are back thanks to RPi revival of the PDP-11

Doctor Syntax
Silver badge

“The PiDP-11 wants to bring back the experience of PDP-11 Blinkenlights, with its pretty 1970s Magenta/Red colour scheme.”

That magenta; it's going to get them into trouble with T-Mobile.

13
0

10 social networks ignored UK government consultations

Doctor Syntax
Silver badge

Re: "And after all, these companies were set up to make the world a better place"

"On another not, look at how magical thinking around the over-hyped AI, or machine learning for that matter, is roped in to say this is possible with a wave of a politician's hands."

Not that it matters how it's done. Doing it just becomes a cost of doing business irrespective of the AI (that corporations have been hyping) or lots of low-wage workers. It's not just going to be the UK who takes this attitude and by ignoring the issue - and the politicians - the corporations are going to find the cost to be more than it might have been had they taken the matter more seriously, been less encouraging of abuses and more careful about managing politicians' expectations.

6
0
Doctor Syntax
Silver badge
Coat

Re: "rapid removal of abusive and objectionable material"

"Mirror readers will vote for Corbyn and his rudderless chums."

The Tories are also, currently, Rudderless.

Too warm for a coat ATM so I'll just leave it.

35
7

Domain name sellers rub ICANN's face in sticky mess of Europe's GDPR

Doctor Syntax
Silver badge

Re: Why bother

"Why does a company based outside an EU entity even have to bother?"

If they don't want to do business there then they don't need to bother. Why do you think you shouldn't obey the laws of a country where you want to do business.

What do you think would be the result of giving them the finger? Probably a bigger fine, one enough to make an example of you. You think the country would be powerless? What do you think would happen if the law enforcement of the country then gets in touch with the offender's bank looking for payment of the fine. The company may not have a foothold in the country; their bank almost certainly does and they're not going to fight the law on behalf of a tuppenny-ha'penny scoff-law. Most likely the account would get suspended until payment was arranged.

7
0
Doctor Syntax
Silver badge

Re: How about Companies House?

"If GDPR gives me some means of finally removing this information, then I will be very glad, although I do think that some of the GDPR regulation (particularly about correcting all archived and backup copies of data) are effectively unworkable within the statutory retention period of UK financial regulations, amongst others."

I'm probably in the same position as you and I'll start giving some of these sites grief if they don't smarten up.

However if you read up about the deletion it does refer to what's technically possible. You don't have to delete from the backup. However it would be smart to retain the deletion request so if you restore from the backup you can redo the deletion from the restored data. Once you've replaced the backup with a post-deletion one you'd then no longer need to retain the request.

3
0
Doctor Syntax
Silver badge

Re: How about Companies House?

"However, the previous address still appears, and there's no way of deleting that. Surely not GDPR compliant?"

Yet again we have to explain. Companies House information is a requirement in statute law. GDPR does not apply in such situations. As CH data includes past as well as current data on officers you aren't going to disappear that easily. You could close the company and open a new one giving your accountant's address for the director's address (assuming the accountant consents). You then have to wait until the old company disappears from the record. I'm not sure how long that takes but the perpetual beta site seems no to have my old company there but that was closed over a decade ago.

3
0
Doctor Syntax
Silver badge

"But with ICAAN stupidity they will either sue or terminate the contract."

On what basis? That they want to enforce an illegal contract term. I said in an earlier thread that one remaining piece of information required was what the contract says about unenforceable terms: does it simply render the term unenforceable or does it negate the entire contract? Or, indeed, does it say nothing and how would a court interpret the resulting situation?

3
0
Doctor Syntax
Silver badge

Re: Turn off WHOIS

"that wont work for a .com though. A .co.uk yes"

That's up to the .com registrars. If they have registrants resident in the EU ther they're going to have to do something like that. It doesn't matter if the ICANN contract says they can't because statute law requirements override contract terms. It would not be lawful for the registrar to follow such a contract term.

3
0
Doctor Syntax
Silver badge

Re: Turn off WHOIS

"the only reasonable alternative for registrars in europe is to turn off WHOIS - cut the data feed or replace the data with dummy lines saying "Removed due to GDPR"."

No need. My domain's whois entry does give my name but gives Registrant type as "UK Individual" and presumably will also replace my name with something like that in a few days time. For address it says "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service."

The TLD owner, Nominet, is quite OK with this. The Data validation field says "Nominet was able to match the registrant's name and address against a 3rd party data source". It's been like that for years.

Other European TLDs can presumably adopt similar policies if they already haven't. I'd expect the US registrars to do so for European clients; their big problem would be with clients who have moved to Europe from elsewhere but not let the registrar know.

13
1
Doctor Syntax
Silver badge

I like their style. After all they could simply have pointed out that statute law will overrule ICANN's contract clauses for data subjects in the EU and that's that. But throwing ICANN's language back at them is so much more satisfying.

32
0

HMRC opens consultation to crack down on off-payroll working in private sector

Doctor Syntax
Silver badge

Re: Zero trust?

"I'm assuming, HMRC just don't trust anyone."

It's mutual.

1
0
Doctor Syntax
Silver badge

"However another consultation will only actually help anything if HMRC do what they didn't last time, which is actually listen to what people are saying."

Public consultations aren't held so HMG can listen to what's said. They're just held because they're held. It's a step that has to take place before HMG just goes ahead and does what it always intended to do.

7
1
Doctor Syntax
Silver badge

"Most contractors wont agree but I think a bigger upheaval is needed to make it fair for both parties."

OK, here's a proposal to make it fair. Do away with the limited companies. One set of tax rules for everyone including, of course, tax for benefits in kind. Security of employment, e.g. as a permanent employee of HMRC, is seen as a highly valued taxable benefit. The extra tax gained by taxing such benefits in kind can then be used to reduce the income tax rates in general including those for freelancers.

2
11

UK Home Office hands Sopra Steria £91m digital visa contract

Doctor Syntax
Silver badge

"Given the rate at which local libraries are being closed I think I can see one problem already."

No, it'll be alright. They'll be kept open by plucky volunteers.

3
1
Doctor Syntax
Silver badge

Somebody's got to say it: taking back control.

20
1

Want to know what an organisation is really like? Visit the restroom

Doctor Syntax
Silver badge

Re: I'm guessing

You're not new here. You've seen Dabbsy's stuff before. What's different here?

12
0
Doctor Syntax
Silver badge

Re: We need some ...

"Ours here are also liberally decorated in signs eschewing the virtues of using the hand-dryer over the paper towels due to the environmental impact of paper towels."

Hand-dryers are now being accused of being very efficient microbiological dispersing devices. Paper towels seem to be back in favour. Your place of work needs to catch up.

23
0

TalkTalk ups the (dis)satisfaction ante as UK folk wake up to borked email

Doctor Syntax
Silver badge

Re: ISP email

"Yes, people who don't want their private email 'slurped' by the likes of Google and/or Microsoft still do"

You keep a Google or MS email address as a spam bin.

You then get your own domain and allocate addresses in that as required. You don't actually have to run your own server. There are registrars and third party providers who will do that for you. For this you pay a fee but email addresses are independent of ISP and mail service provider. You can shop around and ditch any who are taken over by the likes of TT or who turn out to have long term problems of their own without being taken over. With a little checking you can also ensure your email provider isn't hosted in the US.

9
0
Doctor Syntax
Silver badge

Re: Tiscali

"which was once an ISP with excellent reputation and, oh the irony, _superb_ customer service."

Hmm. I started off with Nildram. Nildram were taken over by Pipex who were so pleased (and rightly) with the Nildram CS that they decided to roll it out over all their brands.

Then Pipex were taken over by Tiscali. The Nildram support was replaced by something which included an email system apparently operated by something along the lines of Eliza; if there were real people there they failed the Turing test. Still not too bad because there weren't any real problems. When TT took them over and the script monkey system just couldn't cope.

6
0

Flamin' Nora! Brit firefighters tackle blazing fly-tipped boat

Doctor Syntax
Silver badge

Fly-tipping boats? Amateurs. This is real fly tipping: http://www.bbc.co.uk/news/uk-england-coventry-warwickshire-44055845

4
0

Forums

Biting the hand that feeds IT © 1998–2018