* Posts by Doctor Syntax

16427 posts • joined 16 Jun 2014

Reality strikes Dixons Carphone's profits after laughing off Brexit threat

Doctor Syntax Silver badge

Re: Extended life expectancy for mobes

"what makes them die so young?"

The smaller you make the components the less able they are to tolerate minor defects.

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Doctor Syntax Silver badge

Re: Old school

"Which then sits on my hard drive, wasting space for nothing."

Why? Given your icon you should be familiar with /dev/null.

Doctor Syntax Silver badge

Re: "E-Mail is a TEXT medium"

"Then what happens when you're told you just lost a big deal because of your paranoia"

And what happens to you when your lack of paranoia has let in malware that's closed down your IT network for a few days or allowed access that's enabled a few million of your favoured currency units to be looted?

Doctor Syntax Silver badge

Re: "E-Mail is a TEXT medium"

"Email was a text medium. Since then it has grown richer."

Richer for marketing spammers and criminals. I have no wish to indulge such low-lives.

Doctor Syntax Silver badge

Re: Err,

the flow.

breaks up

Top-posting

Doctor Syntax Silver badge

Re: remote CSS?

"Outlook and Thunderbird? Both will load remote content if you let them."

Simple solution: don't. And don't use webmail either.

Paris nightclub red-faced after booze-for-boobs offer exposed

Doctor Syntax Silver badge

"Simply identify a gentleman"

But how many of the men are gentlemen?

Needless to say, Feynman had a story about this.

Identity fraud in the UK at 'epidemic' levels as cases rise 5% – report

Doctor Syntax Silver badge

Re: How hard can it be to steal someones identity?

"You can't steal an identity. They are permanently attached to people and impossible to remove."

That's a debatable point.

For the purposes of identifying oneself for an increasing proportion of transactions "identity" consists of a few pieces of data. Given those - or maybe a subset and a bit of social engineering of the service provider - then a criminal could start to get control of of other aspects. An instance would be getting a bank to send out a replacement credit card to a different address. Another would be getting a password reset to something the criminal controls.

We're used to having to remind people writing of "copyright theft" that it doesn't meet the ingredients of theft. But this is different. If the criminal takes control of various aspects of the individual's identity, at least within this meaning of identity, then the individual has indeed lost something and the criminal has gained it. It wasn't permanently attached and it's certainly arguable that it's been stolen.

Doctor Syntax Silver badge

Re: Hmmmm

"Crime recording standards generally only allow crimes to be reported by the victim or an officer."

Clearly things have changed. Back in my day I took part in quite a few murder investigations and I don't think all the victims lived long enough to dial 999 or was stumbled over by an officer who nobody else could call because they weren't the victim.

Microsoft, Red Hat in cross-platform container and .Net cuddle

Doctor Syntax Silver badge

Not surprising as Red Hat have been trying to make Linux more Windows-like for some time.

Sonos will deny updates to those who snub rewritten privacy terms

Doctor Syntax Silver badge

"I don't expect them to agree"

If they fulfil your expectation you could try the small claims court.

Doctor Syntax Silver badge

Re: Meet Mr Three Point Five Millimetre

Completely with you except for the "stream of conciousness" bit. "Purest" wouldn't have been an adjective I'd ever have applied.

Doctor Syntax Silver badge

Re: Nobody actually read what they said in the blog post...

@Timmy B

It depends on whether your use of the product depends on an ongoing arrangement with the vendor. If it doesn't then you don't need to worry. If it does then you should realise that pretty well anything could go wrong. Even the most stringent T&Cs aren't proof against the vendor going out of business. If it's simply some item you can live without - a sound system for instance - you could just be prepared to write off your investment in hardware. If it's something that's looking after your personal media collection then you need backups or, again be prepared to write it off. But if it's something your livelihood or business depends on then you do need to think seriously about what could happen if things go wrong.

Risk involves both the probabilities and what you stand to lose.

Doctor Syntax Silver badge

Re: "Couldn't see the point of getting a Sonos. "

Having (in theory) a "plug n play" device to do this is meant to be sooo much simple

"Meant to be" is the critical bit here. Until the vendor's updates render it increasingly tricky.

Doctor Syntax Silver badge

And people wonder why some of us prefer open source software wherever possible.

Doctor Syntax Silver badge

Re: Nobody actually read what they said in the blog post...

I don't know how much we can trust that but the "never will" part gives me hope.

It makes you hope that the management and ownership will never change?

Doctor Syntax Silver badge

Re: Choose whether hackers get your data or the vendors

"The majority of hardware and software has security flaws that need patching from time to time."

Mark one piece of wire seems to connect speakers without needing software updates.

Uh oh, scientists know how those diamonds got in Uranus, and they're telling everyone!

Doctor Syntax Silver badge

"Why do they need a factory to make more?"

They need industrial diamonds. If they were to simply release gem-grade diamonds for industrial use they'd PDQ get recycled into the gem trade & depress the price there.

Doctor Syntax Silver badge

Re: Holocene Extinction coated with nano-diamonds !

"Care to describe the physics involved when nature produces a bowling ball sized hail stone?"

A lot of turbulence.

Doctor Syntax Silver badge

a "rain" of diamonds.

Lucy?

Biz sends apps to public cloud, waves 'bye to on-premises server folk. NO! WAIT!

Doctor Syntax Silver badge

Re: Where do Server Support people come from?

"Cloud providers (as vendors) can be threatened by large customers to either fix their s[censored]t or customers will go elsewhere."

Threaten, yes; but to make good on that threat they need staff able to move the services and data elsewhere.

And they no longer have any.

Doctor Syntax Silver badge

"The 45'ers say 69.7 per cent of respondents said current candidates lack skills and experience."

That's always the case when you demand x years of experience and offer a salary appropriate to x/4 years, especially when the product version in question has only been available for x/10 years.

10% of UK's top firms would be screwed in a cyber attack – survey

Doctor Syntax Silver badge

Keep the FORTRAN IV and get rid of the rest.

Doctor Syntax Silver badge

"Meanwhile, a quarter of boards said they have no defined role in a company-wide response to an attack"

On the basis that they might well do more harm than good this might be an advantage.

German court reveals reason for Europe-wide patent system freeze

Doctor Syntax Silver badge

Re: "a specific date for the decision is presently not foreseeable"

"When is Batistelli's term up?"

When will Batistelli concede his term is up?

FTFY

Doctor Syntax Silver badge

Re: So, in other words..

"I'm shocked, shocked, I tell you by such an astonishing amount of sanity, in politics no less."

Is it too much to hope that this will bring the whole saga to an end? Probably.

Disbanding your security team may not be an entirely dumb idea

Doctor Syntax Silver badge

I don't like the term "appetite for risk", it's just an encouragement for cowboys. "Tolerance of risk" seems a better starting point.

Doctor Syntax Silver badge

Re: Sounds like another management idea - "They are all just IT guys, right?"

"IT Security has three balanced priorities: Confidentiality, Integrity of data, and Availability.

IT and developers and CIO's also have three priorities: Availability, Availability and Availability."

Presumably you've never been a DBA. If you had you should have been aware that integrity of data was your first priority.

You're spot-on about bonus level managers, however.

Doctor Syntax Silver badge

Re: deregulation

"Would this be just as effective?"

Let's see.

Marketing department decides it's perfectly OK to spam customers irrespective of whether they wanted to be spammed or not. Hands over customer list to "digital marketing company" AKA professional spammer. Together they concoct email which is infested with links except web site managers refuse to host them so the spammer does that as well. Ends up training customers to be phished with customer list in hands of spammer to be re-used for other clients, sold on or both. Do we expect marketing departments to have security functions to make sure this is done properly?

Doctor Syntax Silver badge

"not my job that one guv'nor!"

Also expressed as "when it's everybody's job it's nobody's job".

British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

Doctor Syntax Silver badge

@kain preacher

C) FBI need to keep their numbers up and a foreign kid is a soft target if some sort of case can be cobbled up.

Doctor Syntax Silver badge

"this is the adult world where if someone has potentially committed a crime they need to be investigated."

There's still the question of why, if there was a case to be investigated, it wasn't investigated in the UK where it would appear that the alleged act would have been committed.

Doctor Syntax Silver badge

"the fact that the crime was committed in the US (allegedly)."

Only in the sense of the US's extraterritorial extension of its criminal justice system. If he lived and worked in the UK it's likely that if he wrote Kronos (& see my response to Gumby) then he would have done so in the UK. However, the CPS would have required something like a proper prima facie case that they could present to a committal hearing. So far we've heard of nothing like that in this instance other than that he wrote an explanation of a technique which wasn't original, posted the code on Github and then, maybe naively, suggested that it had been the source of similar code in Kronos.

TL;DR In the UK it'd have been laughed out of court had it got there.

Doctor Syntax Silver badge

Re: @The idiot... you really don't get it...

"The real question is why does the FBI think this is their guy?"

They need a guy so anyone will do?

Oh, look, here's a bit of code he posted publicly that he then says was incorporated in Kronos. That'll do.

Incidentally the author of this analysis https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware/ suggests that the actual code has a longer pedigree than Hutchins publication and that the implementation is more sophisticated concluding "The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Doctor Syntax Silver badge

"Genuine question - In his line of work is he likely to have anything incriminating he could use as leverage?"

Well, for one thing he could give evidence about the dangers of the malware the USG managed to lose.

Doctor Syntax Silver badge

Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

"Be interesting to see if he trusts GCHQ ever again."

Or whether anyone else does.

The sky is blue, water is wet and UK PC shipments are down

Doctor Syntax Silver badge

Re: Now then, Harber, old son, here's what you need to do ...

"In your laptops, get rid of the rubbery chiclet keyboard and use proper keyboards instead"

I have a little MSI I use when I don;t want to take my regular laptop with me. It has a chiclet keyboard and I don't give the difference a moment's thought. Press key and character appears on screen. That's what matters.

Doctor Syntax Silver badge

"waiting for the fab new iPhone expected in September! I can't wait!"

So you're buying something else instead?

Doctor Syntax Silver badge

Re: re: the sky is blue etc

"Who will these people blame for their woes after 2019?"

a) The negotiators because they didn't do a good enough job

b) The EU because old habits die hard

China's cyber court opens for business; a gavel-free zone?

Doctor Syntax Silver badge

a gavel-free zone?

Gavels may be used in US courts. In the UK it's auctioneers that use them. Interesting comparison.

Trump upgrades Cyber Command, may sideline NSA in future

Doctor Syntax Silver badge

He seems to be taking an increasing military turn. Maybe someone should tell him about George II (the Hanoverian king, not Bush) who was the last British monarch to lead his troops in battle. Then suggest a war where there are real bullets flying, not just tweets.

Foxit PDF Reader is well and truly foxed up, but vendor won't patch

Doctor Syntax Silver badge

"We apologize for our initial miscommunication when contacted about these vulnerabilities and are making changes to our procedures to mitigate the probability of it occurring again."

Translation: We didn't realise you'd go public.

Berkeley boffins build better spear-phishing black-box bruiser

Doctor Syntax Silver badge

Re: "our detector extracts the feature vector for that URL "

can you say "pearl script"?

What's that? Is it something like a Perl script?

FYI: Web ad fraud looks really bad. Like, really, really bad. Bigly bad

Doctor Syntax Silver badge

Re: A tiny percentage of ads are viewed by real people—who ignore them anyway

"look at how many other things the each reviewer has reviewd"

Also, compare the things "multiple" reviewers have reviewed. Several allegedly different reviewers all reviewed the same or almost the same set of products. Really?

Linux-loving lecturer 'lost' email, was actually confused by Outlook

Doctor Syntax Silver badge

Re: Make sure the computer is on..

"All my calls from the Lads and Lasses at Microsoft Support"

I envy you. The only one that ever came my way was a missed call and I've two scripts prepared which don't even get them as far as asking me to turn on the computer.

Doctor Syntax Silver badge

Re: Shouting managers

"Then you put in writing why it can't be done and/or your misgivings about why it is a supremely bad idea."

It still leaves you as the man in the middle between sales and customer in a situation which could potentially end up in court. It's still not your job to manage customers' expectations.

In fact, in the case I was thinking of someone must have done that because the product, although ricocheting between a number of software firms seemed to have been successful in its niche market. I had a couple of short testing gigs much later when a client was migrating to bigger and bigger hardware. Because the name had changed I didn't recognising it when the first of these was proposed but hanging around in the front office waiting to meet the client I could see a use screen and thought that it was laid out just the way I'd have done it. Not surprising as I had. I also found that one screen still had place-holder text in the menu produced by my home-made code generator and left unchanged for 11 years.

Doctor Syntax Silver badge

Re: I am fairly sure

"You could have read the article and realised that he was using the UNIX 'mail' application on a VT (aka dumb terminal) - likely a text only one... Some apps *did* run on VTs and offer the +/- idiom (ISTR trn did that) 'mail' most definitely did not."

The article isn't explicit about this.

All we're told is:

Server: Unstated on Linux -> Exchange on unstated (but a Windows server of some vintage)

Client: Unstated -> Outlook

Desktop: No information

In fact, at the technical level we're not even told half the story. If this is indicative of Newt's communication skills it's no wonder there were problems.

Doctor Syntax Silver badge

Re: Client support, we've heard about it

"I'll be a damn sight more respectful and will INSIST on learning the tools I need to use rather than just expecting someone else to do it for me."

Again, it needs to be pointed out that the user had learned the tools he needed. He never asked for them to be changed but someone did just that.

Remember that IT exists to help the business as a whole operate. As an IT staffer you can't exist without the operational people* because they earn the money to pay your salary. They, on the other hand, may take the view that they can do without you, especially if you don't appear helpful; they can outsource your job.

*Yes, I know IT can be part of the delivery system. Been there, done that. It was an aspect of being part of the business as a whole.

Doctor Syntax Silver badge

"Honestly- I reckon these users have to be related to one another!"

Probably not but they do train each other, especially if IT doesn't make the effort to do so themselves.

I can't imagine why they think it's a good idea but it seems to have been something that's happened for years so IT really should be aware of it and try to break the cycle by emphasising that what goes into Deleted can't be assured of coming out again.

Doctor Syntax Silver badge

"Techie - he did everything right before going on vacation"

Making a big change just prior to going on vacation isn't doing everything right; just the opposite. Assume there will be teething troubles and make sure you'll be there to deal with them.

Biting the hand that feeds IT © 1998–2019