* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

Google says it would have a two-word answer for Feds seeking Yahoo!-style email backdoor

Doctor Syntax Silver badge

Re: hang on...

"So who's the naughty boy here? Yahoo says: we had to comply with the law. Google says: we wouldn't comply with the law. Facebook say: we would fight the law."

And it's a matter of record that MS are fighting the law, at least in Europe and are making more efforts in protecting European data with their new data centre legal architecture. On the whole I'd trust MS on this - but not sufficiently to install W10.

Doctor Syntax Silver badge

"Anyone using Yahoo is plainly an idiot."

Maybe it's not quite as simple as that. Other service providers have outsourced their email component to Yahoo. I'd hope that those still doing that must be having second thoughts by now.

Google may just have silently snuffed the tablet computer

Doctor Syntax Silver badge

"Tablets aren't necessary, but they are really *handy* to have around. So once we have one, we're not going to replace it as often as a phone because it's a want not a necessity."

The phone you have now may well be a necessity but it's doing its job. The phone you want next is just that - a want. Maybe a keener one than a tablet, but still only a want. It's marketing that's codding you into thinking it's a necessity.

SANS issues call to arms to battle IoT botnets

Doctor Syntax Silver badge

"Maybe it's time for more vendors and organizations to start working together."

No maybe about it, it's time. But it still isn't going to happen until someone makes them.

Back in the C19th unscrupulous shop-owners adulterated food by adding cheap but not necessarily safe substances to bulk it out. It was time for them not to have done that but it required legislation to prevent it.

Children were employed* in mines. It was time for them not to have been but the practice wasn't stopped until legislation took place after a disaster at Silkstone.

The whole history of advances in safety of products and of working practices is the history of legislation and/or regulation. There's no reason to think that this is different. It's simple: until you can't bring such a device to market unless it's secure insecure devices will be sold and deployed.

*Yes, I know "employed" is an over-simplification.

Doctor Syntax Silver badge

I can't help thinking this is a post-bolt attempt to shut stable doors.

Assuming these login attempts aren't from white hats it means that insecure stuff is out in the field in sufficient numbers that not only have criminals discovered the weaknesses but have concluded that it's worth attacking. If the manufacturers patch it in future production that's at least something but unless the installed base gets patched the problem isn't being dealt with.

The root problem is that insecure stuff gets marketed in the first place. We need enforced standards comparable to those regulating other hazards, e.g. chemical and electrical. What's more likely is that the current crop of trade negotiations - which ought to incorporate this - would enable manufacturers to sue governments that tried to introduce such regulation.

In the meantime, given that the problem exists there should be mitigation. One approach would be for manufacturers to take responsibility for the stuff out there by scanning for it and using the same open doors to patch it, removing any unauthorised S/W that's been installed and closing the doors for good. That's likely to be a race as any criminal takeover has probably changed default passwords already.

Another would be to draw up lists of such installations by ISP and pressure the ISPs to liaise with their customers, the pressure being that ISPs who don't cooperate get disconnected from the net and customers who don't respond to the ISP get disconnected from the ISP. This might be draconian but with the current state of affairs draconian is what's needed.

Should Computer Misuse Act offences committed in UK be prosecuted in UK?

Doctor Syntax Silver badge

Re: Why need it at all?

"Why is a computer misuse act needed at all?"

Because the actions complained of are offences under the Computer Misuse Act, not the Theft Act, not the Road Traffic Act, the Trades Description Act or some other random act. The act which applies is that which addresses the action complained of. Is that really so difficult?

Doctor Syntax Silver badge

Re: Jurisdiction

"Which isn't to say that the Canadians would be unreasonable to claim jurisdiction."

Quite. If the action were an offence in only one country then there's scope for debate. If it's an offence in both then your posited reasonableness of the Canadian claim should tell you all you need to know. The gunman was in Canada, the gun was in Canada, the trigger was pulled in Canada, the action was contrary to Canadian law. No need to complicate matters.

"In the early 20th Century, some American robbers pioneered the use of cars to commit a crime in one state and drive across the border and out of that state's jurisdiction."

Your point is? The crime is committed in one state and the criminals flee to another. That, at least in the international sense, is what one expects an extradition to deal with. I've no idea what the US solution was to such interstate crime. The obvious one is to set up a mechanism whereby the suspects can be sent back into the original jurisdiction for trial. If they didn't do that I can see why their approach to extending their law over the entire planet comes from but it still doesn't make it a good idea.

Doctor Syntax Silver badge

Re: Autism.

"Teaching a kid 'this is wrong because the law says so' is a SUCKY way to instill morality."

Maybe, but it is to the long term advantage of the kid.

Doctor Syntax Silver badge

"so if he was prosecuted in th UK , we would be obliged to look at a US websites security and attempt to fine them?"

It's the logical equivalent of what the US is claiming. So maybe if he's to be tried in the US we should do that very thing.

Doctor Syntax Silver badge

Have you ever heard of Betteridges Law?

No.

Paging Herr Gödel.

Doctor Syntax Silver badge

Re: A historian writes...

'The term "Britain" on its own, despite being generally used as a synonym for the United Kingdom, doesn't- strictly speaking- have any officially-defined meaning on its own, does it?'

When used as a synonym it isn't actually correct. The full expression is "The United Kingdom of Great Britain and Northern Ireland". So Great Britain, the whole island, is a component of the UK, not the whole.

Doctor Syntax Silver badge

Re: Should be tried here.

"Although it seems that the bomb was placed on the aircarft at Heathrow"

So you're saying the trial should have been held at the Old Bailey under English law.

Doctor Syntax Silver badge

Re: How?

"The Greeks really, desperately, need to go back to having their own currency. There is no mechanism for leaving the Euro."

The fact that there's no mechanism agreed doesn't mean that they could make up their own. It's just that the implementation* would be so messy that staying there is actually the easier option.

*It's a case of "if I wanted to go there I wouldn't start from here".

Doctor Syntax Silver badge

Re: How?

"And indeed Brexit wasn't an option without the express consent of the EU, as the EU only created the sainted Article 50 quite recently -- until they did, there was no mechanism for leaving."

Although I disagree with what's happening in regard to Brexit this bit doesn't make sense. There may have been no mechanism for leaving in terms of a defined procedure. There was certainly no mechanism to keep a country in the EU if it was determined to leave.

Doctor Syntax Silver badge

Re: How?

"As a fly in the ointment, how could it be tried here? The USA would not allow detailed security information of 'the hack' of US government organisations to be submitted to another Country's populous and the case would fall for lack of evidence."

Their choice. They should be told to take it or leave it.

Doctor Syntax Silver badge

Re: Never thought I'd see Tam mentioned

"Completely wasted in the commons really but it's what he always wanted to do."

He did get out and about a bit more than that. He was a long-time columnist in the New Scientist.

Doctor Syntax Silver badge

"If a Saudi comes over here, marries nice english girl , beats the shit out of her, then goes home is that ok?"

Your sequence suggests that the beating was committed in the UK. In that case the action took place here, it's an offence here, why would it not be prosecuted here?

And to extend that same argument to the case in point, AIUI Laurie Love is allaged to have sat at a computer in the UK and performed acts which are an offence in the UK albeit the consequences were elsewhere. Why would that offence not be prosecuted here?

Doctor Syntax Silver badge

"I've read in various places that the term Great comes from Roman writers who didn't have a firm grasp of geography or because of James VI/I holding the crowns of Scotland and England."

Well done for quoting two incorrect explanations. It goes back to the outcome of the migrations of the dark ages. At the time the Angles, Saxons & Jutes were crossing the N Sea into Britain the Armorican peninsular had a rather low population so a number of Britons emigrated there. That was Little Britain in contrast to the original island which, in comparison was Great Britain. Today, of course, that Little Britain is called Brittany; note the similarity, it's not an accident.

Doctor Syntax Silver badge

Re: Take (NOT) back control

"This carries absolutely no meaning other than when a politician tries to gain some traction for the bullshit he / she's spewing in front of the camera."

Whether it carries meaning or not is irrelevant. It has had an effect. I think that as the consequences of that effect become clear it's perfectly right that those who uttered it should be held up to ridicule. That might be a disproportionately meagre punishment but it's probably all we'll be able to administer.

Doctor Syntax Silver badge

Re: Take (NOT) back control

"The issue is that it will be impossible to build cases for prosecutions because the USA judicial system will refuse to cooperate. It presently operates under the auspices of a doctrine which specifies that American law is extraterritorial, applies to anyone and everyone, no other law exists, international law does not exist and a USA court can issue a judgment to apply anywhere in the world."

Well, if the rest of the world decides not to play that game the US has a clear choice: it can forgo the ability to have such crimes prosecuted or it can decide that maybe it's not everyone else that's out of step.

Doctor Syntax Silver badge

Re: spanish boiler rooms

"if people are being defrauded in the UK by people in spain , surely they should be tried in the UK , and the spanish police should hand them over with the extradition laws.

I'm sure they would be "not interested" if ronny biggs robbed a train in the UK and fled to spain. no crime has been committed in spain but theyd still be obliged to hand him over surely"

Thanks for showing up the difference in the two situations. Biggs committed a robbery in the UK and fled abroad. It's not only perfectly reasonable that he should be extradited to the UK for trial. That's where the action happened.

If, on the other hand the action happened in Spain: telephonists, telephones, computers & whatnot then that's the place for the trial.

Doctor Syntax Silver badge

"In 1990, I can remember that Tam Dalyell MP sought confirmation that the offences in the Computer Misuse Bill (as it then was in 1990) could be tried in the UK."

Tam Dalyell had a habit of asking questions which exposed woolly thinking - or perhaps complete lack of thinking - in the PTB.

HPE is mulling 'tuck-in' buys of cloud firms, gros fromage says

Doctor Syntax Silver badge

'the major structural work that has seen the PC and print units spun off, and the Enterprise Services and Software divisions offloaded, was “for the most part done”.'

So what is it that HPE actually does? Apart from sit on a pile of cash, use it to buy businesses and then sell them again at a loss?

‘Andromeda’ will be Google’s Windows NT

Doctor Syntax Silver badge

"I'd be much more concerned about a security model that prevented applications grabbing data without the user being aware of it and sending it off to places the user has never heard of "

I think you need to add a few more things along those lines. One being to stop the OS itself doing the same thing. Another being to protect malware vandalising rather than grabbing the data. The third being to prevent the system from being hijacked for Bitcoin mining, spamming, DDOS or anything else.

Those are the current concerns. There's always the possibility of something new coming down the line next year.

Sad isn't it? The main criteria for an OS in this day and age are more centred on what it needs to prevent than on what it needs to facilitate. I suppose the explanation is that the last several decades have been spent on providing facilities and not enough on security. It's time to redress the balance.

Doctor Syntax Silver badge

"Since the tools for Linux are generally excellent and the runtime cost is zero, it's clearly going to be the defacto choice unless there is a reason to choose differently."

There is good reason and it's not even systemd. I don't see any of the current OS architectures, either Windows or Unix-like, offering the defensiveness needed under modern conditions. I think that over the next few years we're going to see a new architecture that places more emphasis on security. It's all very well providing perimeter security to try to keep invaders out. Let's not assume that we can do that all the time because PEBCAK won't let us. So what can we do to minimise damage if they're in?

Snoop! stooge! Yahoo! handed! all! your! email! to! Uncle! Sam! – and! any! passing! hacker!

Doctor Syntax Silver badge

Yahoo! will live on...

...as a cautionary tale on how not to run a business, or maybe an entire national industry. It'll be much quoted in business courses.

Meanwhile, if any evidence is needed to take down the Privacy Figleaf, there it is.

'Too big to fail' cloud giants like AWS threaten civilization as we know it

Doctor Syntax Silver badge

Re: I don't get it...

"But too big? Nah, they'll have their asses covered with the usual legal mumbo jumbo."

That doesn't stop failure. It just stops legal consequences for them. The failure will still affect the businesses that use them which was the whole point of the article. If anything being insulated from legal consequences might make things worse - if you don't have to be careful for legal reasons maybe you won't be as careful as you might otherwise have been.

Buggy code to the left of me, perfect source to the right, here I am, stuck in the middle with EU

Doctor Syntax Silver badge

Re: SUPER.....oops.

"All those use cases seem to be about tweaking the UI to prevent users buggering off in disgust."

3) The people who bought whatever the product was discovered that in real life they didn't really need what it provided.

Apple to automatically cram macOS Sierra into Macs – 'cos that worked well for Windows 10

Doctor Syntax Silver badge

Re: Another major difference -

"Tabs! Tabs everywhere!"

Sounds awful.

Can we have a Marvin icon?

Doctor Syntax Silver badge

Re: anti-Microsoft rant more like...

"some of us are actually looking forward to ArcaOS"

Now that gives me an idea: ArkB-OS.

Doctor Syntax Silver badge

Re: anti-Microsoft rant more like...

"they're want for something different means they all end up with the same bloody thing."

Which applies to pretty well any fashion item.

ICO boss calls for EU-style data protection rules post-Brexit

Doctor Syntax Silver badge

Re: Lobbying starts now

"by large corporates who find data protection a pain and want to be able to play fast and loose with personal information."

In fact there's likely to be more lobbying by big UK corporates who want to be compatible with the EU so as not to lose business from there. Which makes "Her spymaster are already exempt, no need to weaken it." an interesting thought. If When Privacy Figleaf gets torn down by the next iteration of the ECJ and something else - maybe even something effective enough to prevent data export to the US - gets put in its place the UK might then find itself included unless things change,

Doctor Syntax Silver badge

"Some big tech firms will just buy the legislation that suits them"

This is considerably less likely than having the legislation that suits May, which is on the low side of SFA.

Doctor Syntax Silver badge

"I don't believe she was ever a 'remainer', her ideas about robbing us of the Human Rights Act were always dependent on leaving the ECHR, which is a prerequisite for membership of the EU."

Whilst I agree with your general argument there's no way out of the ECHR. There's more than the EU treaties involved and I'm sure she was always aware of that. But getting out of the jurisdication of the ECJ and the EU's rules on data protection was a different matter

Doctor Syntax Silver badge

I doubt her Ladyship will go with it. Despite being a Remainer, at least in name, she was never happy about anything like this coming out of Europe when she was at the Home Office. She's unlikely to have changed her spots.

User couldn't open documents or turn on PC, still asked for reference as IT expert

Doctor Syntax Silver badge

Re favourite Linux command

rm -rf /

Doctor Syntax Silver badge

Re: turning a PC on...

""the button for the light is the one labelled with a picture of a bulb!""

And once you turn the light on you'll be able to see that.

Doctor Syntax Silver badge

Re: The computer Tao

"in that if they don't work soon I'll make damn sure that they're properly broken"

Toolkit:

Screwdrivers to open boxes, attach gubbins, etc.

Meters, logic probes to investigate electronics.

Hammer to instil fear.

Doctor Syntax Silver badge

Re: Plugs....

"modern 9-pin serial ports"

Another fine mess.

D25 is numbered 1 to 13 along the long side and then 14 to 25 along the short side. D9s are likewise 1 to 5 & 4 to 9. PCB headers are odd numbers on one side and even on the other. The PCB header for RS232 was laid out so that pin 1 connected to pin 1 of the D, pin 2 to pin 14 & so on so you could use a ribbon cable and IDC connectors to connect the one to the other.

When someone designed the PCB for the D9 they obviously got a pin-out list but not a diagram for the D25, drew up a simplified list for 9 pins and used the same number list for the D and the headers. Now you can't make up a simple ribbon/IDC - put an IDC on the header, convert to a rat's nest at the D9 and solder it in. Whoever did it must have been a Very Senior Designer; it must have been spotted instantly when it went to the workshop to be made up but nobody sent feedback to get it corrected.

Doctor Syntax Silver badge

Re: Plugs....

"It doesn't help of course that device manufacturers can't seem to agree what way up the sockets go."

In general they seem to agree that the way a USB A socket goes is such that the USB symbol on the plug is uppermost. I find that recently cable manufacturers have lost the memo and are putting the symbol on both sides of the plug.

Doctor Syntax Silver badge

Re: Schools Defaults

"teachers complaining that our software worked in Imperial measurements but schools have used metric since about 1970."

I'm old enough to have started life in imperial units but made a career in science both systems come naturally.

Sometimes you really should just accept the appropriate units for the task. I used to go to an evening class in furniture restoration. I couldn't get the instructor to grasp the fact that the maker of a piece of English furniture had worked in feet and inches and that that was the appropriate way to measure it.

And I remember the time the RS catalogue went metric. All those ICs with pin spacings of 1/10" were now rendered with an apparent precision finer than the size of a grain of pollen.

No surprise: Microsoft seeks Windows Update boss with 'ability to reduce chaos, stress'

Doctor Syntax Silver badge

Re: No

"Windows updates would then simply be a case of downloading the new OS .vhdx... - it should be pretty much instant."

Didn't you hear about the size of the W10 download?

Doctor Syntax Silver badge

Re: Microsoft attempting to hire someone competent?

"So the person Micro-shaft REALLY wants isn't who they're advertising for."

Don't confuse wants and needs even if MS does.

Doctor Syntax Silver badge

The ideal candidate?

" Dealing with outsourced contributors adds even more dysfunction, complexity and uncertainty."

Linus seems to deal with that pretty well. Maybe MS should ask him if he can fit it in.

Doctor Syntax Silver badge

Re: Poisoned chalice

"SECURITY* patching SHOULD be ON by default but turnoffable**."etc

Bob, is that you?

Doctor Syntax Silver badge

Re: Poisoned chalice

"Also, automatic updates are a BAD idea. Everyone should be opted out by default"

But then the patches would never get tested.

NHS trusts ‘complacent’ on cloud app security risks

Doctor Syntax Silver badge

"what money is available is prioritised for patients, which at the end of the day is most important."

The implication of this is that the cloud services that can't be afforded don't serve a patient care function. If so then this sound like a sensible priority.

BOFH: There are no wrong answers, just wrong questions. Mmm, really wrong ones

Doctor Syntax Silver badge

Re: If I wanted to fill in stupid questionnaires, I'd be browsing Facebook, boss.

"Regardless, employee morale and trust has never been higher. The responses tell them so."

What your responses tell them is that you don't trust each other. If you did you'd all let rip.

Doctor Syntax Silver badge

Re: Employee Surveys

"out-house training"

Brick built?

Doctor Syntax Silver badge

"pharmaceutical grade Benzine"

Pharmaceutical? AR I can understand but it's carcinogenic. Although we did use a small oven in the microscopy lab to evaporate it off preparations...

SWMBO once used the same oven to make Analar meringues (well the sucrose was Ananar).

Biting the hand that feeds IT © 1998–2019