Re: The USP...
"How about a phone ecosystem that doesn't involve Google or Apple?"
Or Microsoft. In short, any phone ecosystem that doesn't take the piss.
16449 posts • joined 16 Jun 2014
"I don't see how stopping spam in phone calls is all that much easier than stopping it in email, and we all see evidence in our inboxes that email spam is still very much a thing."
The solution in both cases would be to revise the protocols so that the alleged source (From: line in email headers) can be verified by the system before the connection is accepted.
"the gas had been disconnected long ago, but the meter was still there"
Did I ever post the one about the time my Dad helped a friend with some renovations? In the course of that they moved the meter but reconnected it the wrong way round. Gas meters will run backwards. After they discovered it there was a slight panic. The friend's family used as much gas as possible to try to get the meter at least back to the previous reading and a little beyond. They succeeded but the meter reader commented on how little gas they'd used.
"the water board replaced the main outside and the lads doing the job spotted that there was one more connection to it than their plans admitted to."
We had problems on our electricity a few years ago. When the crew turned up to investigate the dodgy connection they found it wasn't connected to the supply at the bottom of a different pole than was shown on the plans. Both problems solved by replacing the corroded joint with a new one where it was shown on the plans.
Then the gas dug a hole just down the road to disconnect a pipe which they'd discovered (I'm not sure how) ran under someone's conservatory. They then discovered that (a) there were two lots of gas pipes just under the road surface where they only expected one, (b) one of them was flooded with water, (c) the pipes were steel & the working pipe had to be replaced and (d) the pipe running under the conservatory which they were about to disconnect wasn't a branch, it was actually the feed into the mains under our road.
A year or so later whilst I was working in the garden someone came wandering up the road asking questions about the gas supply. His company had taken over the maintenance but didn't have current drawings. Fortunately he probably know more about the system as he used to work on the system years ago.
"Say, £1 per spam call, collected by BT/phoneco as in normal billing and going to Good Causes (in the manner of a Lottery)."
Or credited to the callee's account as a fee for handling the call. But not a flat rate but, say, a pound per minute so there's more to be gained by keeping them on the line.
"Well that's not going to work when an overseas call centre uses a fake number."
Requiring Indian TelCo calls to be whitelisted would be an excellent start. Or even announcing that they'll be doing that in a few months might prompt some of them to get their houses in order.
"Of course if the caller withholds their number you can use BT's Anonymous Call Rejection service that won't let numberless call through."
It would also block any calls from organisations without DDI - our GP for starters.
"Most of them give up after five minutes, lightweights!"
I just leave the phone for a good while & then hang up; usually they've done that themselves. But I did have a very persistent/dumb company (double glazing, of course) where the sales manager rung back to say the line went dead.
"That's why banks still hand out those calculator style gadgets."
Mine handed out one and I still have no second factor.
The only time I had to use the useless piece of crap their site refused to accept the result so I had to go into a branch.
"There are some who will let you buy things without creating an account, and since retailer accounts seem to be used mainly so that a: they can remember your credit card number and b: they can send you marketing emails, frankly if such an option is offered, I'll take it."
I use frequently changed email addresses to kill the marketing emails if I have to create an account.
Like you I prefer accountless transactions and using PayPal is one way of ensuring they don't keep the credit card number but the downside is that PayPal provide your PayPal email - which is also the PayPal login ID - to the vendor. I've had to change my PayPal address twice because of this. I took this up with PayPal; from what I was told they have T&Cs to forbid this but can't be arsed to enforce them. Bastards - twice over!
"Devil's advocate here, but don't these systems actually store all your data online so that you can share passwords between devices?"
Certainly not the password manager I use. If you have multiple devices then share the safe directly, device to device. That may be less convenient than you wish but increasing convenience will almost certainly involve a trade-off with the security you're looking for.
if they emailed users with "we don't want you to lose your hard-earned money/house/job, and we noticed an insecure password and would you please change that to a better password (and here's how)."
And being the bankers they are, they'd embed a "helpful" link in the email, further training their users to click on any link in any random email purporting to be from them.
Why do banks etc persist in training their customers to be phished?
The "data dumps" that were perused for these popular passwords; how did they extract plaintext passwords from properly encrypted
In a lot of cases the passwords may have been encrypted but not salted. In that case rainbow tables, lists of common passwords encrypted by popular algorithms, can break them. A strong password is one that's not going to make its way into such tables.
Not only do sites apply odd rules without disclosing them, they also don't disclose whether they encrypt information, whether they salt it etc. The safest bet is to assume that they store it in plain text and that they're easily hacked. Use a password safe and allocate strong passwords everywhere.
"Which means that either they're ignoring you, or they're writing their passwords down on paper."
Teach them to use a password safe. That will allocate high entropy passwords and store them. You need never even have to read and type the password.
It means you always have to use your own PC? Even better.
"The play today is to automate all of that infrastructure at hyper scale through a Google or Amazon cloud service vs just firing relatively expensive people, hiring relatively inexpensive people"
Same thing, different tech.
Eventually the survivors will be those few business with the wit to realise that to do things well, from both the financial and customer service points of view, requires recruiting and retaining good people and that that requires good pay. A lot of businesses will go to the wall in the meantime.
"Unfortunately it'll be too late to even contemplate insourcing when Lloyds looks like its circling the drain due to inability to keep up with the market and various scandals caused by poorly cobbled together IT provided by a giant who cares not about the its customers customers & general lack of IT integration with the core business."
The sad thing is that it won't matter because you've also described the competition.
I suppose it depends on how the product is marketed. If I sold sodium hypochlorite solution as household bleach I wouldn't expect trouble. If I sold it as something suitable for finishing off someone you didn't like in an unpleasant manner I might reasonably expect a knock on the door PDQ. Same product, different purposes.
In this case we're not told how he marketed it. However, there's no mention of this little sideline on his CV page and he registered a different domain for the job so that might be indicative, as is the fact that he took steps to conceal it from anti-virus S/W. He just didn't do a good job at covering his tracks.
"another person who clearly knows nothing about his remit."
Given those reports about his own website I think he's about to learn something PDQ, even if only how little he knows. The skiddies won't be able to resist. The downside is that once he's paid someone to sort it out he'll think he's an expert.
" If I had to send a laptop for repair now I would remove the hdd, I have nothing to hide but it's my data and ONLY I control it."
The problem in this case was that the laptop wouldn't start. The problem may well have been on the drive so removing it wouldn't help. And whilst you and I might be happy to remove a drive before sending it in for repair the average punter wouldn't. So the point is that although the tech can see what's on the disk they've no business looking at anything that isn't strictly appropriate to the task so in practice they shouldn't see other stuff.
"The term you're looking for is a strict liability offence. They were adored by the pre-2010 Labour government, because they are so cheap to enforce and look so good on the crime clearance statistics - no need to worry about mitigating circumstances, if it's there, you've got a conviction."
Let's hope someone takes one of these to the ECHR whilst there's still a chance.
Biting the hand that feeds IT © 1998–2019