* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office

Doctor Syntax Silver badge

Re: "The Dutch authorities are working with the company to fix the situation"

The word "compatible" has a special meaning in the computer industry

It means compatible with the current version of the software and no guarantees about past of future versions.

There is, however, an open standard for word processing, spreadsheets etc. which is well defined and ensures that your future self, or your successors, will be able to open those documents. Because it's an open, well defined document it means that even if your current product is discontinued it will be possible for someone else to write equivalent S/W so that your access to your old documents will not be blocked. That should be a fairly important consideration for governments whose documents might will have legal significance in decades or even centuries to come.

Oddly enough that's not Microsoft Office's format, it's the one used by the software you imply has problems when being exchanged.

The risk of future incompatibility wasn't in the terms of reference of this report and hence is only alluded to in passing. If one were to do a full risk analysis it should be one of the highlights.

Doctor Syntax Silver badge

Not wishing to exonerate MS in the slightest but don't the Dutch Government have any responsibilities in this? AFAICS it's they who required their employees to work with this. It may well be that MS did this sneakily behind their customer's back but I rather think that if it were any other employer it would be the employer who would be facing charges and taking out civil proceedings against their supplier for breach of contract, always providing that the contract said they wouldn't do such things. And if the contract was silent on such issues then the employer might even lose.

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Doctor Syntax Silver badge

Re: USB is a godsend, but

"So how do you transfer things too complex for a human to enter into an airgapped device?"

In the context of my reply about epoxy - which I assume is what you're questioning - the immediate reply is learn to read a statement of requirements which in this case was "So, what actions does a user need to take -- a real user, not a Reg reader, mind-- to protect themselves from nasties on the stick when they plug it in?" No mention of Stuxnet there.

The moral you need to take from my reply is that it's a trade-off. If you want to be secure there are things you shouldn't do, sticking random USB devices into a PC is one of them. Self-discipline would be better but if physically preventing yourself or those around you from doing things is the only way of doing that, take the physical route.

As a free-standing question, however, it deserves an answer and the answer, as with so many things in IT is that you have to analyse each situation as you meet it. If you have to make provision for data from random USB devices or the like for a single air-gapped machine a good starting point might be another air-gapped triage machine. You should be prepared to write that one off on that in the event of the sort of nasties you've mentioned elsewhere and, as several of us have said, a Raspberry Pi is cheap enough to make that painless; you can do it out of petty cash. For an air-gapped network LeeD's approach is the way to go. For a stand-alone machine your triage device could have the further level of protection of burning the data onto a write-once optical drive.

In different circumstances there are other options. For instance in the situation I mentioned elsewhere in the thread the main security concern was confidential information in the production side of the business leaking and there they had a factory network separate from the production network. Data incoming to that from customer sources was carefully routed and checked; e.g. incoming XML data was checked against an agreed schema - any file consisting of anything other than a conforming document was dumped.

To reiterate, you analyse the particular requirements and devise a solution that fits. If you need further help my rates are exceedingly immoderate these days.

Doctor Syntax Silver badge

"You're the exception"

Actually I have the luxury of not working for anyone these days.

But you may be right in that before I retired my last client had the word "Security" as the first word in the company name and meant it so that helped. Directors would have Richter 8 shouting matches in the open office but not about security. At one time they hired a company to try ringing various members of staff - and freelancers - to try to pry out company information and found we were effective at rebuffing them. Prior to that I worked for a large company that had a major, in PR terms at least, security egg-on-face incident and after that they went on a not entirely security theatre kick so at that time at least they became quite security minded. I don't suppose it lasted when their feet were no longer held to the fire.

When security requirement are imposed externally, and the likes of GDPR can do that, it becomes in the top team's interest to take is seriously.

Doctor Syntax Silver badge

Re: Name and Shame

And while we're calling PayPal out let's not forget they pass on your email address to vendors. That's an email address that's one half of your log-in credentials/ Very likely an email address that you set up for PayPal so you can identify genuine messages from them.

Doctor Syntax Silver badge

Re: USB is a godsend, but

"So, what actions does a user need to take to protect themselves from nasties on the stick when they plug it in? "

Epoxy in USB connector.

Doctor Syntax Silver badge

"Unless you can prove it's totally lawyer-proof, C-suites can probably just counter they can lawyer their way out of nigh anything."

Some of us work in jurisdictions with better employee rights protection. There'd also be a risk of flagging themselves up to the ICO in which case it'd most likely be settled very quietly out of court.

There's also the fact that some of us work/have worked for businesses that take security very seriously and there it really does start at the top.

Doctor Syntax Silver badge

Re: paranoia - Danger: oxymoron alert.

a responsible marketroid

Doctor Syntax Silver badge

Re: paranoia

"The conference organiser's reputation will be that they might nag you to sell their conferences, but they probably won't try to drug, bug or infect you with malware."

Succeeding without trying is an option. Just how much cost do you think they're prepared to take on board to source promotional tat?

Doctor Syntax Silver badge

"They do like to have security people who can be held responsible for any security issues that arise."

OTOH security needs to start from the top. You can delegate the work but not the responsibility.

Doctor Syntax Silver badge

Re: My superiors?

"A couple of days later some swinging dick working for Dear Leader attempts to slap my wrist for embarassing Dear Leader."

I trust you pointed out that the only person to embarrass Dear Leader was Dear Leader.

Doctor Syntax Silver badge

Re: A paranoid mount option ?

From https://www.circl.lu/projects/CIRCLean/: "The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer."

Last time I looked all my Pis were computers.

But a good idea even if the explanation wobbles.

Doctor Syntax Silver badge

Re: A paranoid mount option ?

"That's where the old crap laptop with wifi disabled comes in handy."

Raspberry Pi. The most you have to discard is an SD Card and that's only if you think it might propagate something nasty through that.

Doctor Syntax Silver badge

Re: A paranoid mount option ?

"It will require some rewiring in the computer to make such an action safe for the computer itself though."

Or just an old USB connector wired to mains. Via an RCB of course. And videoed for YouTube.

Doctor Syntax Silver badge

Re: Did you accept the USB?

"Reformatting won't protect you against malware at the firmware or chip level."

Especially when you can't reformat it because you didn't accept it.

Doctor Syntax Silver badge

"So I did what I was told"

It depends on what you were told. If I was told to report emails with phishing characteristics I'd have continued to do it. What's more, back in the day, they'd have known I'd have continued to do just that.

Doctor Syntax Silver badge

"Who hasn't had an email from their banks with a "click here" rectangle for customers to log in and learn about some new trick with their account."

Me for some time now. I reported a number of these to their phishing report helpline. I eventually emailed that or some similar address than in the continued absence of any reply I'd discontinue the email address set up specifically for said bank. No reply so I gave them the chop. They don't seem to have noticed their emails bouncing.

If at first or second you don't succeed, you may be Microsoft: Hold off installing re-released Windows Oct Update

Doctor Syntax Silver badge

I had an email from someone the other day saying he'd had some IT problems and had I received his previous email because I he hadn't had a reply (I'd received it but hadn't got round to sorting out material for the reply). I didn't stick my head above the parapet by asking what his problems were but I noticed his emails have the sig "Sent from Mail for Windows 10."

Doctor Syntax Silver badge

Re: Cannot reproduce the net share issue...

"Installed 1809 on three laptops - no issues at all so far!"

I'm sure everyone who has this particular problem thought the same thing when they read complaints about the last problem. Don't assume your turn isn't coming.

Doctor Syntax Silver badge

Re: Q(&A)

"I am old enough to remember that Quality used to be something positive."

That was before ISO9000 when quality became something you can define and achieve repeatably, irrespective of how mediocre it is.

Doctor Syntax Silver badge

Re: Technical debt

"some people talk a load of bullshit"

They do indeed. They're usually salesmen promising delivery before the product's really ready for release.

Doctor Syntax Silver badge

'It would seem that the old saying "third time is the charm" isn't.'

ISTR that the rule of thumb with Microsoft products was not to buy anything before version 3 and to avoid version 4 at all costs.

Where to implant my employee microchip? I have the ideal location

Doctor Syntax Silver badge

Re: Chips are so 20th century

"you never leave home without it"

I frequently leave home without it. I also frequently go back home leaving it in the car. It's a phone sufficiently dumb not to give rise to addiction.

Doctor Syntax Silver badge

Re: Implanting chips in employees

"Has anyone seriously suggested this?"

Knowing what management mentality is like I think it highly probably someone has and then struggled with the idea of handing in your pass when you quit.

Court doc typo 'reveals' Julian Assange may have been charged in US

Doctor Syntax Silver badge

"Can't do the time?"

He's demonstrated pretty well that he can.

Doctor Syntax Silver badge

Re: Guess he's screwed then, as he always knew he was...

"Could be worse though, at least he's not hiding in the Saudi embassy."

Is Trump friends with the Saudis or not at present (it's hard to keep track)? If so maybe he'll ask them to send a deputation to visit him.

Doctor Syntax Silver badge

Re: No surprise

"It can't be any surprise that the USA have an interest in him. He made it his job to annoy them,"

And previously they punished him by ignoring him. Now they're rewarding him by actually paying him attention.

Doctor Syntax Silver badge

Re: Well he's a bit of an arse, but...

"Wasn't this exactly what he said would happen?"

AFAICR this was his excuse for jumping bail despite the fact that he'd been in the UK for some time and no extradition had been filed. And despite the fact that the US would have found it much easier to file while he was in the UK than Sweden and the latter, because of the EAW, would have had first dibs on him. When exactly were these charges filed? We don't know but if this is a recent typo it's likely that it was recently. Back when he first painted himself into a corner he was far more likely to have been punished by being ignored.

The situation now seems to be that Sweden would have to go through the EAW again if he was to emerge and in the meanwhile he'd presumably be doing time for bail jumping giving the US a chance to get its paperwork finalised for an extradition request. He could, of course, stay put for a bit longer providing he avoids giving Ecuador reason to shove him out and just hope that the next POTUS decides to simply treat him as a non-entity.

Super Micro chief bean counter: Bloomberg's 'unwarranted hardware hacking article' has slowed our server sales

Doctor Syntax Silver badge

Re: it all comes down to size

"Don't discount something because evidence is lacking"

But if evidence is lacking don't claim something, especially something as way out as this.

Bright spark dev irons out light interference

Doctor Syntax Silver badge

Re: Had a similar experience but with the light itself

"said he'd get the maintenance crew to make something more permanent"

Did they ever get a round tuit?

Doctor Syntax Silver badge

Re: Have you ever put something apparently useless to good use?

"I debated between upvote for the sentiment and downvote for the grocer's apostrophe"

Maybe the manager had to go to a grocer to buy buy the coffee so it fits.

Doctor Syntax Silver badge

"My dad once ground down the edge of a SIP memory chip"

My MythTV box is in one of those really low profile mini-ITX boxes you used ot be able to get. There's no provision for the tuner card to sit upright in the box but there's a mounting bracket for one to fit horizontally if you can get the appropriate right angle adapter for the PCI slot. The nearest adapter I could get is still a bit on the tall side. Cue Dremel and a grinding disk. Like old SIP units PCI connectors were simple single layer boards so no problems.

Six critical systems, four months to Brexit – and no completed testing

Doctor Syntax Silver badge

Re: Meh

"Of course that would require committing to brexit"

What sort of Brexit? Jumping off the cliff? A Brexit that might salvage something for the economy? Hoping for magic? Whatever your choice was it's unlikely that all those who voted like you actually had the same thing in mind.

You call yourself a code junky. OK, here's a challenge. Your employer tells you to prepare the S/W for a new project. Sorry, we can't tell you what it is because we don't know. Just do it. That's what DEFRA and everyone else has been lumbered with.

Brexit is something Dibert's PHB would have come up with.

Doctor Syntax Silver badge

Re: Is the UK ready for Brexit in any way?

"The last 5% also takes 95% of the time."

Or 95% of the last 5%.

Doctor Syntax Silver badge

Re: Time running out

As I said the government lied again.

The lies were coming from Leave. It was supposed to have been about as easy as winnign trade wars according to Trump (and about as easy in reality, for some negative value of easy).

Doctor Syntax Silver badge

Re: Time running out


Exactly what was the pig that was supposed to have been in the poke at that referendum? Complete Brexit taking down a good chunk of the UK economy and the Good Friday Agreement with it in the hope of eventually building trade agreements with the rest of the world that would rebuild the economy in about a decade's time? More or less what we have now? Some fantasy agreement with the EU in which we keep all the good bits but ditch the bits BoJo etc don't like? Magic happens?

AFAICS the immediate prospect, short of exiting the back stop, is about as good as it was ever likely to get - stay in some sort of customs union without being in the decision making in the name of taking back control. Of the others one would be a disaster and the other two never were going to happen.

Doctor Syntax Silver badge

Re: Time running out

"IIRC we also need a written constitution before we can apply to rejoin."

People keep saying we haven't a written constitution. We do. It's just not written in one place and some of it was written such a long time ago people forget it. The Constitutions of Clarendon would be a good place to start, proceed via Magna Carta and the Bill of Rights to the Representation of the People Act and beyond.

Doctor Syntax Silver badge

Re: Time running out

"You might think it would be in their interest to be in possession of all the facts"

They never wanted that. They didn't even want to establish the correct procedure for invoking it until it went before the courts.

Looking at it in one way it's a pity that it actually did go before the courts then; now would have been a superb time for the court to come up with the verdict that the invocation hadn't been approved by Parliament and was invalid if May had gone on with her original idea.

Doctor Syntax Silver badge

Re: Time running out

"it does not specify a procedure to stop the leave procedure"

It doesn't say it can't be done either.

Doctor Syntax Silver badge

Re: Honest answer here also from the colonies

"Don't be dissing Strictly"

What else should one do with it? Watching it's out of the question of course.

Doctor Syntax Silver badge

Re: How about scrapping them?

Do we really need "notifications to manage food imports"?

Tinned stuff, maybe not. Fresh, yes. Fresh food can bring in pests that can then run rife through UK agriculture were they to get in. One of the advantages of being an island is that biosecurity is a tad easier to manage.

Doctor Syntax Silver badge

Isn't this BaU for DEFRA?

Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow

Doctor Syntax Silver badge

"Despite that, just a third thought their employers' compliance was good."

The breakdown is likely to be a third good now, a third good once they've seen a few others get big fines and a third good after they've had fines.

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

Doctor Syntax Silver badge

One thing AI might be better at: believing Road Closed signs. We have a road closure on the corner next to us. Before they get there drivers have to pass two Road Closed Ahead signs. Just now the latest bright spark - Land Rover pulling a trailer loaded with one of those big round hay bales - stopped just outside the hose when the actual closure came into view. Then pulled ahead until he could see round the corner that it really was closed. Then started snaking back until he managed to turn in my drive like all the other bastards who don't believe it's closed.

I want them to channel Spike Milligan and change the sign to read "We told you it was closed".

Doctor Syntax Silver badge

Re: Marketurds vs Reality

"there is nothing stopping good, safety critical code being developed in an agile manner, as long as the constraints are known up front."

I thought the whole point of Agile was that you didn't need to know about such things up front, you just dealt with them as you discovered them.

Doctor Syntax Silver badge

Re: No way ready!

"They don't understand the world"

This is the crux of it. Way before we ever get into a driving seat, way, even, before we stand up we have gained an understanding of what solid objects are. We come to understand that breaking things isn't good and what actions might break them. We understand what it's like to get hurt - we'll do it to ourselves - and mostly understand that hurting other people is bad. It's understanding that comes from being material objects ourselves interacting with other material objects. Software is not a material object.

Doctor Syntax Silver badge

Re: Say what you like about Teslas

"I agree that cycling can be risky given the number of utter morons daydreaming in their steel cages whilst (erroneously) imagining that they own the road"

What I see as a driver and a long-ago cyclist are numerous cyclists who seem to have abdicated all responsibility for their own safety to others. If such cyclists are going to rely on telepathy and miraculous braking and steering to keep them safe then it's not surprising there are so many accidents.

Doctor Syntax Silver badge

Re: Whisper it…

"However OTA updtaes does mean that you don't have to do as much testing knowing (traditionally there would be a big cost to recall a car for software changes at the dealership)."

I'm not sure what this means but if you're trying to say that testing doesn't matter because you can push bug fixes that might be true but the bug fix doesn't get installed on the cars which crashed, killing all occupants and a few innocent bystanders before the the fix got pushed.

Google swallows up DeepMind Health and abolishes 'independent board'

Doctor Syntax Silver badge

Re: Lets hope

"Don't let small minded idiots and clickbaiters tell you otherwise."

If it's all open and above board why has oversight been cancelled?

Doctor Syntax Silver badge

Re: Be worried, very worried

"There ought to be a law..."

There is. Let's see it used.

Biting the hand that feeds IT © 1998–2019