* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

US government wants Microsoft 'Irish email' case reopened

Doctor Syntax Silver badge

"In its new filing, the DoJ focuses not on where the data is stored, but who controls it."

Neither seems to be the appropriate issue. The issue should be whose data it is. For email the data belongs to the user. The controller of the server on which is resides is simply the trustee and messing about with the law governing trusteeship could severely damage your entire financial system.

Apple's car is driving nowhere

Doctor Syntax Silver badge

"Not wasted as such, they may come about one day and the same info and laws will be in place and apply equally."

If you give permission before the technology is ready then you're apt to get technology that isn't ready unleashed on the public roads. Correct sequence should be develop first, then prove that what you've developed is fit for purpose and only then should permission to deploy be granted.

Yahoo! cancels! earnings! call!, dodges! hacking! questions!

Doctor Syntax Silver badge

"we keep people connected to what matters most to them"

What would that be? The TLAs?

Hey! spies! Get! in! here! and! explain! this! Yahoo! email-scanning! 'kernel! module!'

Doctor Syntax Silver badge

I find it reassuring that your representatives in Congress are finally getting the idea that this sort of thing isn't good. I look forward to the day our own representatives in Parliament cotton on to it.

Blighty's Home Office database blunders will deprive hundreds of GB driving licences

Doctor Syntax Silver badge

Re: Stasi nation

"We need an election as soon as possible, ... May & all being considered representatives of a Nazi state"

You've clearly forgotten that what they're doing is responding to what they believe was the expressed will of a majority or the electorate, albeit a narrow one, as expressed in the referendum. Assuming for a moment that that belief was correct* how do you think a general election would change matters?

*I'd like to think it isn't but he spate of xenophobic assaults since the referendum result is far from reassuring.

The IRS spaffed $12m on Office 365 subscription IT NEVER USED

Doctor Syntax Silver badge

Re: I can see it now...

"Add in some off-shore data centers"

At least Microsoft would be prepared to go to court to stop the FBS snooping on the IRS.

You've been hacked. What are you liable for?

Doctor Syntax Silver badge

Re: About time too

"not collecting information they don't need in the first place."

I'm not sure this will even occur to them. In the first place those making the decisions will probably have filled in a few online forms asking them for data that wasn't needed & will accept this as just the norm. In the second place wants will carry more weight than needs.

British jobs for British people: UK tech rejects PM May’s nativist hiring agenda

Doctor Syntax Silver badge

Re: Don't forget us oldsters!

"Me, I think most of the employers probably aren't facing a shortage of IT talent - what they are facing are rubbish recruiting teams and their own prejudices."

One thing they're looking for, maybe without realising it, is naivety. At your age you've probably been subjected to too many team-building exercises and similar BS. You're not impressed by management any more and too apt to call BS. They want someone who is going to be impressed and that means someone who hasn't been round the block a few times.

Doctor Syntax Silver badge

Re: The UK is not educating people in Tech...

"The employers here don't train properly because they're afraid that all that training expense will go to waste when their newly trained employees get head-hunted by the company next door"

That's because they see training and paying the going rate for those who've been trained as alternatives, not as complementary.

New GCHQ unit: Psst, breached biz bods. We won't rat you out to the ICO

Doctor Syntax Silver badge

Obvious, really.

When it comes to personal data you can't expect a branch of GCHQ to be on the same side as the ICO. Apart from anything else there's always the possibility of picking up a little more personal data when they investigate the breach.

Mercedes answers autonomous car moral dilemma: Yeah, we'll just run over pedestrians

Doctor Syntax Silver badge

Re: Hard decision but Mercedes are probably right

"Well yes, but that's a different scenario; your cyclist was in control of their actions. The imprudent kid, slipping pensioner, rolling pram, pushed crime victim is not."

So far I've managed to not encounter them for half a century.

The bigger problem by far is those who are deliberately or negligently ignoring road safety who are the real problem. Added to the cyclists are pedestrians who walk along country lanes taking no account of visibility (I encounter this in lanes where, when walking, I cross from side to side in order to stay on the outside of bends to see and be seen). And pedestrians who stroll without looking along the middle of village streets (I live in a tourist area) and through car parks as if they're in a pedestrianised area.

As a driver I accept my duty of care for others' safety but is it unreasonable to ask that those on foot or on two wheels also take some responsibility for their own survival?

Doctor Syntax Silver badge

Re: It's the cyclists

"your own inherent biases"

My inherent bias is the Highway Code that was drilled into me as a young cyclist which I now see widely ignored.

And not only widely ignored but promoted. There is some local organisation which organises a local cycle challenge and the misdeeds of the organisers would constitute quite a long list. For instance the kids were despatched down a steep, narrow, twisty lane. If there were observers penalising them for dangerous riding that would be one thing. There weren't, so kids would negotiate the bends at speed, in the middle of the road.

Doctor Syntax Silver badge

From TFA: "in many cases the lives being saved are the ones who put the fast metal box in the precarious situation in the first place."

If the car is autonomous and is in a precarious situation it wouldn't be the occupants who put it there, it would be the designers - and they won't be there.

Doctor Syntax Silver badge

"Maybe if pedestrians kept to the pavement where they belong we wouldn't have any of these 'moral difficulties'."

Round here it's not the pedestrians who are the problem, it's the cyclists. It's a puzzle. Presumably for part of the time the cyclists are pedestrians. They may even be drivers themselves at times. So why, when they get on two wheels, do so many of them suddenly abdicate responsibility for their own safety?

Doctor Syntax Silver badge

Re: Simple answer to overly complex handwringing

"If you can't avoid a collision, then apply maximum braking and hope for the best."

The best course of action. Minimise the risks all round. Trying to deflect the risk involves steering and trying to steering and brake hard at the same time is likely to result in failure to do either.

Doctor Syntax Silver badge

Re: Hard decision but Mercedes are probably right

"Er, except that as a driver you are required to anticipate road hazards."

The question of reality has to creep in here. You can anticipate hazards but to what extent should you allow for them.

For instance I've been about to overtake a couple of cyclists when one of them, for no obvious reason and with no prior indication, turned square across the road right in front of me, fortunately with just sufficient clearance for me to do an emergency stop and blow my horn (I hope his pants were festering by the time he got home). Had he done this a second later he'd have been a gonner.

Now any cyclist has to be regarded as a hazard who can act in a totally idiotic manner (try driving in any area which has been on a TdF route before downvoting) but does this mean that no cyclist should ever be overtaken in case they try stunts like this? One has to balance the probability of an action against the utility of continuing in any sort of motion.

BT will HATE us for this one weird 5G trick

Doctor Syntax Silver badge

Re: Surely ...

"And, no, I can't ride a bike"

This is the only point on which I disagree (apart from not living in the Surrey hills). I used to ride a bike and one of the things which makes me cross is that all the highway code points that I had to learn then are so widely disregarded now.

Doctor Syntax Silver badge

Re: Money

"This is why things like dog licences were scrapped."

And the problem with that has been the numerous fatal attacks we see from dangerous dogs. Trying to counter that by outlawing specific breeds has been an easily predictable failure so that now some regulation is being reintroduced with compulsory micro-chipping.

Doctor Syntax Silver badge

Re: Money

"put a sort of tax on cycles, lets call it a road tax"

They'd also have to have some sort of identification to tie enable TPTB to check tax is paid, let's call them number plates.

As a useful by-product we'd them have something of a handle to identify the very few (!) misbehaving cyclists.

And whilst we're about it, how about compulsory insurance, cycling tests and cycling licences so that cyclists would be under the same sort of regulation as drivers.

Doctor Syntax Silver badge

A better solution might be to reduce the amount of data bandwidth. Then the pedestrians might watch where they're walking instead of being fixated by their phones.

Doctor Syntax Silver badge

"capability for IOT device data collection and you fix another problem"

The fix for IoT problems is a hammer.

Email security: We CAN fix the tech, but what about the humans?

Doctor Syntax Silver badge

"I received an email which, although it was from a trusted source was clearly malware as it threatened me with being cursed. Luckily it must have originated from someone like those stupid scammers who hard code an encryption key into their ransomware as it included a final paragraph that said I would be fine as long as I forwarded it to ten people within seven days."

Are you sure it wasn't a simple invoice?

Doctor Syntax Silver badge

Re: "Not really. What you can do, they can UNdo"

"by, say, using privilege escalation"

Here's one part of the problem, the notion that there are users or programs which have more privileges than others. So it, for instance, I have root privilege I can encrypt anybody's files.

I used to work with database servers where the server had sole control of an area of disk space in that only the server read or wrote from the disk because only it had the algorithms for the storage structures. Any program which needed access to the data had to do that through a client/server relationship.

Now running under, say, a Unix system this isn't perfect.

Firstly there's no mechanism to verify the client that makes the request is allowed to do so, the only security is at the user level so a rogue program running under the user's ID could wreak havoc.

Secondly although the disk might be allocated to a server ID and group with 660 permissions there's nothing to stop a rogue program elevated to root from trashing the whole disk area.

This sort of client/server relationship between processing and storage could be applied as a basis for securing data.

So there are a couple of things to look at in terms of OS architecture.

One is to provide authentication IDs to programs as well as users so if user fred's office-suite program wants to write a revised version of his masterpiece to disk it has to call the server and there is then a mechanism in place to verify that the caller has both fred's authorisation in order to overwrite* an existing file of fred's and office-suite's authorisation to call the server. This, of course, depends on some mechanism such as code signing to verify that the office-suite can be installed with the correct ID. There could be additional safeguards such as the server verifying that the file actually has the structure that's expected - if, for instance, it's supposed to be an OpenDocument file it should have the structure of a zipped file containing several XML documents which are valid according to the appropriate schemata. This verification mechanism might even come into play when the office-suite is passed an alleged office file from the email client**.

The other is to not have that omnipotent root. There needs to be a disk space manager that can dole out a portion of space to the server. That manager doesn't, however, have to have the rights to read or write to that portion, nor does it have to have the rights to set up user or program IDs. It might even be the case that such a manager can only be active when booted into a safe mode.

Do we sacrifice some operational convenience for this sort of OS? Maybe, but it's arguable that some of our woes are the direct result of sacrificing security for convenience. The balance is wrong and needs to be rectified. Id be surprised (assuming I'm still here!) if we're still using such intrinsically unsuitable OSs by the end of the next decade, and probably a good deal sooner. Note that I regard Unix-style as well as Windows-style OSs as intrinsically unsuitable.

* Of course it might not overwrite, there might be versioning in play.

** If the user stores copies of emails locally there will, of course, be a separate server with its own disk space for this purpose.

Doctor Syntax Silver badge

"One would be to sandbox email handling so that ransomware can't get at the user's files or gain privilege to install keyloggers or whatever."

Java was designed with a sandbox and look where it is now. Fact is, sandboxes can be ESCAPED and routinely ARE escaped

One quick solution is to not allow anything in email to be executed. S/W should be properly installed - with confirmation from the user - before it can execute. Something more drastic would be a very different OS architecture so, for example, your ransomware can't overwrite your office suite files because the server which is the only thing that can actually access the part of the disk with those files on it only responds to the office suite programs.

"Another would be to verify message source."

Not much good when the attack came from a pwned machine. The address would likely already be verified if not an insider.

The pwning of the machine is, of course, a symptom. There's certainly an element of "if you want to get there you don't want to be starting from here" about the whole problem.

But the banking spam, for instance, is very unlikely to have come from a pwned machine in the bank so it should be perfectly possible to bounce that as soon as it's presented to the recipient's server. The fact that this would also take out the bank's 3rd party marketing spamming agencies is an added advantage.

The ONLY solution is to REbuild the ENTIRE Internet from scratch, using a basis of DIStrust instead.

Not the only solution. What's required is to build trustable services on top of it. That wouldn't preclude the continued existence of untrustable services.

Doctor Syntax Silver badge

As far as I can tell from the article, fixing the tech seems to amount to nothing more than spam filtering. There's a good deal more that tech can do. One would be to sandbox email handling so that ransomware can't get at the user's files or gain privilege to install keyloggers or whatever. Another would be to verify message source. We have a system which was built on the premise that people could be trusted and put it in the hands of those who can't and haven't really considered what has to be done to rectify that situation.

Student software finds new Minor Planet found way out beyond Pluto

Doctor Syntax Silver badge

It's a long way away. Good. Its the nearby ones we have to worry about.

A robot kitchen? Whatever. Are you stupid enough to fall for this?

Doctor Syntax Silver badge

Re: Ultrahouse

"No, it's wholly Moley."

El Reg's standards are slipping. This shouldn't have been left to a commentard.

Doctor Syntax Silver badge

Re: Marmite vs Tesco

"I was quite amazed to discover that I don't use any of them."

Use them? I don't even recognise most of them.

Doctor Syntax Silver badge

Re: £100 a week for a year with Tesco's delivery service comes in at about £26,000 cheaper

Harry, if you look carefully at your keyboard you'll find a key labelled with "shift" or an arrow or something which, when carefully applied will convert tesco into Tesco and enable you to start sentences with capital letters.

Ireland reaps benefits of Apple's tax schemes, even without EU bounty

Doctor Syntax Silver badge

Re: Tim Crook is so disappointed

"Apple was indeed having a 'special arrangement', f*cking Irish (and european) taxpayers in the process"

Excluding the European taxpayers bit, what part of "the nation's arrangements with Cupertino is driving tax revenue and spending increases in its budget for 2017" did you not understand?

The whole point of that sweetheart deal is that the Irish economy gets an income it wouldn't otherwise have had. The rest of the EU is, of course, jealous. You have to look at the whole picture: without that deal it wouldn't have been €13 billion plus all the other income, it would have been nothing, or at least the income from a local branch office.

Doctor Syntax Silver badge

'And people died for the country to have the right to it's own determination and to be able to make its own laws etc, only for these jackasses to turn round and stick two fingers up to the country and the rest of the world and say "we don't want the €13 billion".'

It's that making its own laws bit that enabled Ireland to make the deal that brought Apple into Ireland in the first place. The EU's instruction to charge that €13 billion is an attempt to end that deal; I don't think they're doing it to benefit the Irish economy.

Doctor Syntax Silver badge

Re: Obligatory rifling pockets icon

"there is a big push in the EU to harmonise corporation tax"

And would a Brexitted UK govt see the potential this offers for a bit of competitive tax marketing? If they do, beware of flying porcines.

PC sales sinking almost as fast as Donald Trump's poll numbers

Doctor Syntax Silver badge

Re: I for one will never buy a Windows computer again

"That is the 2nd PC Windows 10 has trashed for me. There won't be a third. Microsoft has lost me as a customer for ever."

After the problems you chronicled here in the past I'm surprised you gave then a 2nd chance.

Doctor Syntax Silver badge

Re: I've had the same broom for years!

"I say that's a Theseus' paradox"

Did you hear a sort of whoosh sound?

Doctor Syntax Silver badge
Facepalm

"We may see a boost to sales once they get SSD costs down to the point where developers feel they can get away with building stuff that works poorly on HDDs. Then everyone will be forced to get an SSD, and many of those will just buy a new PC."

Don't give 'em ideas!

Doctor Syntax Silver badge

Besides, any kind of tablet is not conductive to do lots of typing on or CAD design, for that you still need a proper Win7/Win8.1 computer.

FTFY

Like it or not, here are ALL your October Microsoft patches

Doctor Syntax Silver badge

A bottomless pit

"Its a crazy town with one hell of a marketing budget, some would say a bottomless pit."

Which do you mean, town or budget?

Doctor Syntax Silver badge

Re: Dear Microsoft.

"Signed, a pissed off MS customer whom has a lawyer."

I'm pleasantly surprised at the number of commentards who (not whom) spotted that one but here's an upvote for a splendid rant.

Burger barn put cloud on IT menu, burned out its developers

Doctor Syntax Silver badge

"She's therefore been surprised at the amount of governance she has to do, lest marketers go wild with campaigns that target people from the wrong lists, breaching policy or good taste along the way."

Why the surprise? That's marketing SOP.

Boost Ofcom's powers and fix mobile market woes, Three and TalkTalk tell MPs

Doctor Syntax Silver badge

Harding appears before MPs and they don't open the bowling by asking why she's still representing TT?

FreeBSD 11.0 lands, with security fixes to FreeBSD 11.0

Doctor Syntax Silver badge

Re: Pre-release turns out to be pre-release quality?

"though as a knowing user (or glutton for punishment!)"

If I'd been a glutton for punishment I'd have gone the systemd route.

Doctor Syntax Silver badge

Re: Pre-release turns out to be pre-release quality?

"I use FreeBSD for my workstation, and keep it patched etc, and yet somehow managed to resist the temptation to pre-emptively download the latest version before it was announced as being available."

I've been using 11RC3 for a new GIS workstation. It works fine.

It was a choice between that and Debian Jessie in order to get drivers for a recentish motherboard. A BSD RC vs systemd? No contest.

Yesterday brought in a shower of updates which I assume bring the RC up-to-date with the final release.

Doctor Syntax Silver badge

Re: Why the torrent hate?

"ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.0/"

Take another look at that link.

Do you see a Disk1 image? That's a CD image. You can download and install from that.

Do you see an even smaller boot only image? You can download that but that means you pull down binary tarballs at install time. The tarballs are quite small, however.

The install gives you a command-line system. If you want GUIs you'll have to install xorg and, if the default window manager (TWM I think) isn't sufficient, you'll have to install the manager of your choice. Again this requires pulling down tarballs of the binaries.

Nuke plant has been hacked, says Atomic Energy Agency director

Doctor Syntax Silver badge

Re: Umm. PDP-11s? good!

"Some hospitals still run Windows 2000 because to recertify their gear with anything else would be next to impossible and besides many of the staff are in their 60's and trained for decades to use them as they are"

Great. Casual ageism - still PC if not mandatory. And remind me how many complete decades since W2K came out (there's a clue in the name).

The principle argument of "just works" is sound so why throw in some bollocks to spoli it?

Doctor Syntax Silver badge

Re: The safest form of energy is?

Or, to put it another way, for the whole of my adult life (and I'm in my 70s) there's been no excuse for wasting good fossil carbon feed-stocks by shoving them up power station chimneys.

Doctor Syntax Silver badge

Re: News at 10

"The stuff we did in the 6th form in expectation of doing a physics or chemistry degree would probably get you locked up nowadays."

Sugar and sodium chlorate was regarded as an entertainment.

Doctor Syntax Silver badge

Re: News at 10

'I spent 2 years working with radioactive materials (H3, P32, etc) as a student in a lab... So my brain is in violation of the relevant part of the UK criminal code "materials useful for terrorism"'

I doubt it. P32 has a short half-life anyway and normal biological turnover will have flushed the tritium out long ago.

'Wake me up when someone tries to steal any quantity of radioactive Cobalt'

There's probably more of that about in the environment than you might think. Way back when the Belfast Radiocarbon lab was being set up we had to cast about for some old steel sheets to use in shielding as modern (in the '60s) steel was considered to contain cobalt-60.

'Facebook and eBay need to be subject to greater scrutiny' - Margaret Hodge

Doctor Syntax Silver badge

"Margaret Hodge understands this perfectly well, as her own family business - Stemcor, a global steel erector - paid very little UK tax on its worldwide revenues of c $10 billion, for the simple reason that they made a loss."

Didn't you know you're supposed to do as she says, not as she does. And for good measure, stump up for her little book.

No, software-as-a-service won't automatically simplify operations and cut costs

Doctor Syntax Silver badge

Re: Green Grass

"The grass really IS greener on the other side."

Which side are you looking from? From the vendor's side the the greener the better amongst all those HR & marketing types with credit cards.

Yahoo! halts! email! forwarding! to! outside! email! addresses!

Doctor Syntax Silver badge

Re: good reason

"a warning system that tells you that you've probably lost control of your mailbox, using said mailbox..."

I keep getting messages like that about Hotmail/Outlook all the time. And sometimes about Gmail as well.

Biting the hand that feeds IT © 1998–2019