* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

Can GCHQ order techies to work as govt snoops? Experts fear: 'Yes'

Doctor Syntax Silver badge

"it's just possible that they come across some expert who is actually willing to help put some scumbag in jail."

Indeed. I have been that very expert. But (a) it was part of my job and (b) it was part of a long-established legal process. It would have been somewhat different if it involved mass surveillance of a sort which has already been struck down in court in a previous guise, which I might fear to be illegal under over-arching European legislation (which, thankfully, still exists to protect us against government overreach) and which, in my view, goes against the long established principle of the presumption of innocence.

OTOH if I found myself in an employment situation where I discovered such scumbag activity I would probably find myself becoming a whistle-blower although oddly enough intelligence agencies don't seem favourably disposed to these.

Doctor Syntax Silver badge

Re: "threats about what would happen if they revealed its existence"

"Are we in democracy or not ?"

Any answers?

Doctor Syntax Silver badge

Re: Who cares?

"They have quite enough experts of their own, they're not going to suddenly drag Admin Joe out from his day job to help them bring down some chinese cyber team."

No, but they might call on Admin Joe at home and tell him that when he goes into work he's going to have to set up something to copy all Fred's internal emails to HMRC/DVLA/dog warden. It would be a lot easier than going to GCHQ and asking them to spend however long it takes to gain surreptitious access to the system.

It's not as if we've never seen overreach in the past.

Doctor Syntax Silver badge

Re: What if...

"I therefore conclude that the law is an ass."

You probably conclude wrong.

- Warrant served against telco.

- Telco directs employee to implement it.

- Employee refuses.

What happens next? Employee has refused a legitimate order (legitimised by the warrant) so can be fired without a basis for comeback although an Employment Tribunal hearing might be awkward with a gagging order in place.

Doctor Syntax Silver badge

Re: Who cares?

"The chances of Mr Average IT person who hasn't signed the official secrets act ever being called up by GCHQ is so vanishingly small that its virtually non existent."

I'm not sure about that. From TFA:

Section 261 of the Act defines that a "telecommunications operator" is anyone who provides or controls a communications network of any kind. Paragraph 10 of Section 261 talks about how you are also considered to be a telecommunications operator even if you only merely "control" the telecommunications system in question; actual ownership does not appear to be required. That would appear to obligate some third-party maintenance vendors to assist with a Bulk Equipment Interference warrant issued against equipment owned by their customers.

"A communications network of any kind" would include a company's internal network* so a warrant could be served on a company's own BOFH to compromise his employer and be gagged from saying anything about that. It might not be intended but once the facility is there abuse tends to follow; we've certainly seen reports of this in the past.

*It could even include a domestic WiFi link to the router!

Berners-Lee and the open-data bunch: £60k for your best collab dataset register ideas

Doctor Syntax Silver badge

"having so many stakeholders can end up causing management headaches and confusion for users."

And no amount of money is going to make that problem going away.

Even talking about stakeholders is part of the problem unless you acknowledge that each and every data subject is a stakeholder.

So you're thinking about becoming an illegal hacker – what's your business plan?

Doctor Syntax Silver badge

"Obviously, using pseudonyms is a must. Changing them frequently is also an excellent idea, even though it may entail additional work on your part."

Using a pseudonym associated with a security researcher could be a good wheeze (see framing someone else).

Salesforce sacks two top security engineers for their DEF CON talk

Doctor Syntax Silver badge

"What can one conclude about a company that behaves like that about employees who care?"

The conclusion is the message. Of course it's a message the execs who sign the POs won't get.

Manchester firm shut down for pretending to be Google

Doctor Syntax Silver badge

Re: SEO/Domain Registration scams.

"I had a similar one the other day, turned out to be from a search engine optimisation company."

They're easily identified by the fact that they never have their own website that can be easily found by searching for "first page on google" - purely so you can check their abilities of course.

If I've nothing to do I sometimes reply politely pointing out that they seem to have omitted that and, by further, oversight, have used gmail rather than their own domain. I then run through the rest of their mail pointing out the bad grammar and asking why anyone would want to put their own reputation in the hands of someone so sloppy when making a pitch. I assume they're pleased with their English prowess although it's possible they bought the email text along with their cheap spam list.

Doctor Syntax Silver badge

Re: SEO/Domain Registration scams.

"It's time that WhoIs info is only available by warrant and not to random members of the public."

????

Whois is one of the first lines of defence of the public against these scammers.

Doctor Syntax Silver badge

General rule of thumb, don't just give money to people who ask for it over the phone.

"I'll need a purchase order number."

"No, sorry, it's company policy. I just work here."

"Sorry, I can't give out that information. Data protection."

You just need a counter-script script.

Corporate criminal tax offences likely to further increase HMRC's use of dawn raids, says expert

Doctor Syntax Silver badge

"Obviously HMRC have read BOFH and a dawn raid ensures there's no unexpected cattle prod/Hector interface issues."

A competent BOFH will have removed the tile just inside the server-room door. Once Hector has made it past the portcullis, booby-trapped guillotine blade etc, it'll be straight down into the oubilette.

Doctor Syntax Silver badge

Stops a company from saying "Well, they're not an employee of ours, so it's not our responsibility."

Yup. Maybe I should have queried "facilitating". In the instances I gave the stationer, printer and cartridge vendor and Royal Mail could all be argued as facilitating. At the very least there's an opening for a reductio ad absurdum argument in defence.

Doctor Syntax Silver badge

Re: Time to rein in the use of dawn raids

"Why are they being used by the tax agency?"

Overtime and/or unsociable hours payments?

Doctor Syntax Silver badge

"From 30 September, it will be a criminal offence in the UK if a business fails to prevent its employees or any person associated with it from facilitating tax evasion."

What does associated mean? Someone buys a ream of printer paper at the local stationers and uses a few sheets to print fake invoices. Is the stationer at fault because it didn't ensure (how?) that its employee didn't take steps (what steps?) to make sure the customer wasn't going to use any of the paper to evade tax? And what about the printer manufacturer? The printer cartridge supplier? The Royal Mail for delivering the printer cartridges?

Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev

Doctor Syntax Silver badge

Re: Blind support

"blame the ambiguities of the English language for that one"

The original would have been stated in medieval French so anything else is a translation or restatement.

Doctor Syntax Silver badge

Re: Blind support

"Yes, innocent until proven guilty, but it appears there was enough here to arrest him and make charges."

The one bit of solid evidence that's emerged seems to be that he wrote an explanatory post about some code which was then sent to a Github repository and subsequently incorporated in the trojan. If that's what the FBI mean by writing malware then I'm sure a lot of people who've pubished code on Github or elsewhere, answered questions on Stackexchange and the like should avoid visiting the US.

We don't have much info on this chat exchange to put it in context or even determine whether it was Hutchins or some other person using the same handle.

And the from some of the quotes in the article it rather sounds as if some of those who knew him fear it's a case of TPTB starting to shoot the messenger.

In the meantime I can't help wondering why, if this is a true bill, why he would have gone anywhere near the US.

If this ever gets to court it'll be interesting to hear a comparison between his contribution to Kronos and the NSA's contribution to Wannacry. I'm sure the defence would want to raise it.

Windows Subsystem for Linux is coming to Windows Server

Doctor Syntax Silver badge

Re: Oh joy, more embracing...

"where will it all lead?"

Maybe the Linux runtime will include stuff that requires systemd. Systemd included in Windows? Maybe Poettering will end up going to work for Microsoft (was that a voice at the back saying he already does?).

Oh joy!

70% of Windows 10 users are totally happy with our big telemetry slurp, beams Microsoft

Doctor Syntax Silver badge

Re: How-to

"check occasionally that it hasn't been re-enabled by updates"

That's the rub.

Eternal paranoia is the price of freedom. Vigilance is not enough.

Doctor Syntax Silver badge

Re: Windows privacy portal

"All it achieved was Microsoft spam to her email address"

Set up an address beforehand specifically for this. Then discontinue it or at least ignore it forever afterwards. Added bonus, make it a HotLiveOutmail address and let Microsoft store their own spam indefinitely.

Doctor Syntax Silver badge

Re: spends most of its time updating

"If you only turn it on for an hour a month then it downloads and starts installing all of the updates, you turn it off in disgust as it's used half of that updating"

The great mystery to many of us is why it needs to do updates this way. Earlie todayr I got an alert that my system had one update. The system's discovering that had no noticeable effect on performance. I don't set the system to autoupdate so a few moments ago I ran the update. One package was updated: 258kB downloaded at 636 kB/s and installed with no noticeable effect on performance. The whole update took seconds of elapsed time.

Clearly there'd be many more packages to update if I left it to be a monthly task. Even so I know from large updates, say the mass that occur when, as you describe, an infrequently used box is switched on, that it doesn't take anything as long as the equivalent Windows update, it doesn't impede performance to any noticeable extent, it stops and restarts any services which have had an update without reboots, it doesn't require long delays to shut down after an update nor on the consequent restart and, in fact, the only sort of update that requires a reboot at all is when the kernel itself has been updated.

FreeBSD is pretty similar (it's a while since I tried PC-BSD, based on FreeBSD and found it to be inexplicably similar to Windows in this respect).

So why is it that Windows updates are such a major production?

Doctor Syntax Silver badge

Re: No need to change the default settings! Erase all of WIN 10

"Where would the comments section on a Windows news story be without someone taking the time to tell everyone that they use Linux?"

Don't you find it just a touch ironic that Microsoft not only collect money for the licence want ongoing payments in data collection and displaying advertising whilst Linux distros don't demand either and yet it's the latter you implicitly criticise?

Doctor Syntax Silver badge

Re: MSFT and Facebook

"It would be preferable if you could name ALL the guilty parties"

Unfortunately the margin isn't big enough.

Doctor Syntax Silver badge

Re: No need to change the default settings! Erase all of WIN 10

"Should have gone to System76"

For those of us in the UK this seems rather a long way to go.

Doctor Syntax Silver badge

Re: No need to change the default settings! Erase all of WIN 10

"Too bad that so many seem to be so blinkered that they can only see one monopoly."

Are you implying multiple monopolies?

ROFLMAO

If we're in a simulation, someone hit it with a hammer, please: Milky Way spews up to 100 MEELLLION black holes

Doctor Syntax Silver badge

Re: So it was just a case that no one had bothered to do the calculation?

"IOW why did it take so long to find one?"

Once the instrument had been built it didn't take long. So the real question is why it took so long to build. If you want an answer to that then Google is your friend. Just go and read what it involves.

Foot-long £1 sausage roll arrives

Doctor Syntax Silver badge

"Veganism is cow genocide."

I've come to the conclusion that vegans really don't like animals.

Assange offers job to sacked Google diversity manifestbro

Doctor Syntax Silver badge

Re: A job in the Ecuadorian embassy?

Maybe he's looking for a decoy. Someone leaves embassy disguised as Assange whilst Assagne leaves by back door disguised as....well, disguised.

Doctor Syntax Silver badge
Pint

Re: Well..

"Discernment and critical thinking appears to have been pressed out of people's brains by MSM/TV (a bit like apple juice is squeezed out of apples to make cider I reckon)."

No, your apple juice simile has a positive outcome.

It's cider -->

Engineer gets 18 months in the clink for looting ex-bosses' FTP server

Doctor Syntax Silver badge

Re: It's not the company's fault.. yeeesh.

That may be how it's seen in the US. The EU & UK seem to be taking a different view, at least in some situations: https://www.theregister.co.uk/2017/08/08/critical_infrastructure_firms_threatened_with_huge_fines_for_lax_security/

Doctor Syntax Silver badge
Devil

Re: I force password changes to protect myself

"Certain things are just not worth keeping IMHO."

Alternatively, get it out ahead of time.

Florida man is world's fastest flasher: Just 53 quintillionths of a sec

Doctor Syntax Silver badge

Re: What electrons?

"The electrons are still there though."

Where?

NotBeingPetya: UK critical infrastructure firms face huge fines for lax security

Doctor Syntax Silver badge

"see, we followed current best practice, so we're off the hook"

If they've demonstrably not followed "current best practice" in actual practice that mightn't be well received.

Doctor Syntax Silver badge
Coat

All this EU red tape telling us that we've got do sensible things like this. The sooner we're rid of it the better.

Coat. It's not raining right now so I don't need it.

Britons ambivalent about driverless car tech, survey finds

Doctor Syntax Silver badge

Re: Sunday (autonomous) driving

"A new DSG can change gear in 8ms, so it can go up then back down again in the blink of an eye without you even noticing."

A handy trick to fix mistakes but it still falls some way short of anticipating needs.

"You can also choose the style of gear changing you want"

I can do that with a manual without telling a machine.

Doctor Syntax Silver badge

Re: Sunday (autonomous) driving

"It's the oblivious '35 is the right speed in any circumstance' that I (and others, seemingly) find vexing."

IME it's been a safe rule of thumb for at least half a century that the driver doing 35 in a 30 area will also be the driver that does 35 in a 40 area and vice versa. There's something magic about that number.

Doctor Syntax Silver badge

Re: Integrated transport system

"Black cabbies ... are practically taught to pull across traffic without notice to get a fare."

And have the turning circle to do it.

Doctor Syntax Silver badge

Re: Sunday (autonomous) driving

"Auto gearboxes, I am sure there must be good ones out there"

I'm not sure. An auto gearbox can only respond to what's happened, it can't anticipate. My car has an indicator to signal what gear it thinks I should be using. It regularly tells me I should change up again just before I encounter an uphill hairpin bend. Presumably if it were an automatic it would actually do that and then change down again.

Doctor Syntax Silver badge

Re: Patent-bashing

"finding the autonomous car that's come to pick me up from the station"

It'll be the one shouting "paging Mr. Short" through it's loudspeaker and competing with all the others shouting for their passengers.

Doctor Syntax Silver badge

Re: Sunday (autonomous) driving

"rocks the whole car forward and back as the torque from the engine finds its way through the system."

It must be very embarrassing if there's anyone following.

Doctor Syntax Silver badge

Re: Sunday (autonomous) driving

"is there going to be a speed control button on these things, so the elderly can set it to FUCKING DAWDLE at 35 on country roads"

As an elderly country dweller my problem is with townies of all ages who come here, park in dangerously daft places irrespective of the proximity of car parks, when walking can't work out how to maintain maximum visibility in winding lanes and when driving can't work out an appropriate speed (that works for both alternatives*). Worse still, those who come cycling and worst of all, organize cycling events.

Walking parties who lack anyone who can read their map are another nuisance. I watched one party turn back a few yards short of the corner beyond which was the clearly marked (on OS and in reality) start of a public footpath and then head of up what was clearly signed as a private road instead.

*There are a great many roads here where your 35 would be vastly excessive as well as those which seem to attract drivers who are unable to maintain speeds uphill.

US military gets authority to shoot down citizens' small drones

Doctor Syntax Silver badge

Never mind drones around army bases, shoot them down around airport approaches.

KCOM whacked with £900k Ofcom fine over 999 call handling

Doctor Syntax Silver badge

Re: Fixing it

"I would be curious what happens every time a BT exchange in the 21CN goes up in flames"

I think the problem isn't in the BT exchanges. It's the emergency services closing call centres and relying on more distant ones where local knowledge isn't available.

Worse than that; the actual service provision gets closed. A few days ago there was a fire locally. I happened to be next door. The local fire station is only a couple of hundred metres or so away so after a couple of minutes and no sound of a fire engine being heard I walked over there to see why they weren't turning out and found it deserted until someone, presumably a retained local fire-fighter rolled up in a van and told me it's unoccupied most of the time.

We eventually had 5 or 6 appliances at the scene from up to about 20 miles away. But it's not the number that counts it's the speed of first response. A woman had been trapped in a flat above the fire Fortunately she'd been rescued unharmed before the first one arrived; a retired fire-fighter happened to be around.

Doctor Syntax Silver badge

Re: Gaucho Rasmussen

I read it as "Groucho" first off.

Doctor Syntax Silver badge

The worrying thing is that IP was supposed to have been designed to route round failures but all too often seems not to.

Can the last person watching desktop video please turn out the light?

Doctor Syntax Silver badge

I don't really regard a channels "look what is coming up" type announcements as adverts

Each to his own, I suppose, but I don't seem to be the only one here that does.

Doctor Syntax Silver badge

Re: Not surprised. No. Not even slightly.

"Pretty sure it is was noted as being the prime time for a reason and that was why it was targeted with better programming."

Targeted, certainly. Better? Matter of opinion. Thanks to MythTV we seldom tune in to watch anything at broadcast time these days.

Doctor Syntax Silver badge

"Pity theres no such thing as targeted advertising due to the strict privacy and freedom laws we have."

No, there's plenty of badly targeted ads. Even in-line from whatever site you're looking at: "You might be interesed in"

...whatever you've just bought and don't need another of

...something that you just decided not buy because it was overpriced crap

...something that matched one key word of your search string but failed on all four others

The reason there's no well targeted advertising is that marketing is over-populated with over-eager gabblers with no self-control and no thinking skills.

Doctor Syntax Silver badge

"It’s an encouraging figure, as it may incentivise advertisers to use their ad spending more effectively"

There's a leap of logic here which equates "seen" with "effective". For those of us for whom "seen" leads PDQ to "pisses off", "seen" should probably be equated to "counter-productive".

Smart streetlight bods Telensa nearly double full-year revenues

Doctor Syntax Silver badge

Re: Why?

"surely a cheap arse light sensor on the top will be far cheaper over the long run."

it depends what they're sensing. If, say, they're sensing a pedestrian or vehicle walking along the street the lights can be turned off completely when there's nobody about but turned on when there's someone in range. If they're able to communicate the next one along can also be turned on so as to light up the area the traveller is moving towards. That not only saves power but also cuts light overall pollution although the neighbours might be annoyed by them switching on and off.

Biting the hand that feeds IT © 1998–2019