* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

We bet your firm doesn't stick to half of these 10 top IT admin tips

Doctor Syntax Silver badge

"Any parent should know that a three-year-old's rreach is much bigger than you'd think..."

It might be much bigger than you'd think. I think bigger.

Doctor Syntax Silver badge

Re: Nowhere to hide - re: content free emails

" what if email processing is outsourced to an organisation which has a financial interest in collating what drugs you are taking"

There's a simple answer to that. DON'T DO IT.

Apart from any immediate security issues there's the longer term one. If email purports to come from one organisation but actually comes from another you're training recipients to blindly trust that what it purports to be. In short, you're training them to be phished.

We really need to have signing as a required part of the email protocols. No wonder email isn't secure.

Doctor Syntax Silver badge

Re: Nowhere to hide

"and there's an argument for keeping the sensitive notes in paper form, and never committing them to computer."

It must be a bad argument! The consequence would be anybody who feels they really must have access to them will photocopy them and then there'll be uncontrolled copies around the place. Uncontrolled because there'll be a ban on copying them so all the copies will be sub rosa.

Doctor Syntax Silver badge

"Is the recipient authorised to receive it?"

It goes far beyond that. Once it's gone it's out of your control. The recipient may be authorised to receive it but how do you know they won't: show it to colleagues who aren't? Print it out and leave it lying about? Keep it on a laptop left lying on the back seat of a car in central London?

This doesn't just apply to email. On my last permie job the vendors of a new warehouse management system said they would need access to the network and it was decided to simply hand them some 2FA device. So the whole company network was now accessible to whoever had this device and the relevant instructions - which were probably written on a label tied to it - and completely beyond our control. I left before the whole thing had gone live so never found out how it turned out.

Doctor Syntax Silver badge

And, in my opinion, if it's humorous enough (a user once reported the loss of his expensive pager to my team as “We think my three-year-old put it either in the bin or down the bog”) then that's fair game.

No it isn't. Any parent should be aware of keeping important stuff out of a three-year-old's reach.

Nest's bricking of Revolv serves as wake-up call to industry

Doctor Syntax Silver badge

What sort of wake-up call?

It seems all too likely that if Nest/Revolv get away with this one others will try it too. Once the money's been taken all those customers are just so many nuisances.

Alternatively you might wonder if Revolv's intended product was the users. If that was the case then it might indicate that the market for that product wasn't sufficient to make the business viable. That might suggest that other businesses run on those lines could be in trouble too.

Turbo-charged quantum crypto? You'll need Cambridge laser boffins for that

Doctor Syntax Silver badge

Re: Taking it on trust

"getting used in real world situations"

Are there any real world situations where it could be deployed other than line-of-sight links or point-to-point fibre?

UK Home Office seeks secret settlements over unlawful DNA retention

Doctor Syntax Silver badge

Re: whats wrong with retaining DNA data?

I can only respond to this from my own experience which, admittedly, is now many years ago and from before the privatisation of the old Forensic Science Service:

"Yes, that's the scientific method. Police method is one of the following:

1) Look for something to prove what we've already decided. Ignore anything else."

Evidence was usually collected by SOCO trained by us or by the police surgeon as appropriate and occasionally by a scene visit from the lab. It was then examined along exactly the lines I laid out which I can summarise as: "This appears to support the allegation. Let me try to disprove it".

"2) Find a likely suspect, beat them round the head until they confess to whatever you want."

If this was alleged scene investigation would be by a forensic scientist from the lab, not by SOCO.

From experience I can tell you it's a complete pain searching for possible splashes of blood on the walls of a cell treated with anti-graffiti paint which consists of flecks of different colours.

Bear in mind that allegations are made from people with something to gain. I had one instance where it was alleged a suspect had been hit with a brush handle so hard it broke and, indeed, a broken brush handle was produced in evidence. Direct experiment showed that however hard one hit a pig carcase a similar handle couldn't be broken but if the end hit a floor or wall it would break. Nevertheless the end of the broken handle had fibres which matched clothing from the complainant. The complaint was exaggerated but it seemed likely that the complainant had been poked with the broken shaft. I don't know what the outcome was but in the past there'd been 2 or 3 junior detectives whose name I didn't know hanging about on the fringes of investigations in that division and who I never saw after that.

My experience was that the senior levels of the force wouldn't tolerate that sort of behaviour whether as a point of principle or from a practical point of view in that it could lead to a case being lost in court if it even got that far. One consequence was the introduction of CCTV in interview rooms.

Self harm by prisoners in cells was one problem. And I'm quite convinced that police cells are not the right place to house comatose drunks; there's not enough resources to monitor them continually and so they're at risk of choking to death on their own vomit. I don't know what the solution is there because A&E certainly won't want them.

Doctor Syntax Silver badge

Re: whats wrong with retaining DNA data?

"Already exists since the 70's i think."

DNA profiling didn't exist back then. The original Jeffreys Nature paper was 1985 (Wonkypedia has a typo in the date).

Doctor Syntax Silver badge

Re: whats wrong with retaining DNA data?

Let's go back to basics and remember the scientific method. You have a hypothesis (there's been a crime and chummy committed it). You then test the hypothesis based on evidence that you've obtained (crime scene investigation), specifically you try to see if the evidence can disprove the hypothesis. The more the hypothesis can withstand efforts to disprove it the more it can be relied on. Clearly the evidence used to test the hypothesis should not include the evidence that led you to formulate it.

Some sort of evidence is better than others in this respect. Take the ABO blood group system. AB as far as I can remember, is found in 10% of the population (A, B & O are present in greater percentages). So if there was an AB blood stain recovered from the scene and thought to be from the culprit 10% of innocent people would match it. This means that ABO on its own isn't a very discriminating test (in pre-DNA days ABO was combined with blood enzyme polymorphisms).

At present DNA is the form of evidence that has the best discriminating power. It is, therefore, not a good idea to use DNA to form your hypothesis as to who might be guilty unless you have to; it means you have to look for other, less discriminatory lines of evidence to test it. If I were a juror and it became clear that a DNA database had been used to identify a suspect I'd look to other the rest of the case as the sole probative evidence.

Apart from discriminating power there are two other things that matter in forensic science.

One is sensitivity - how small a sample can give you results. This matters because the material from a scene or exhibit is often no more than a trace. DNA is very sensitive.

The other is contamination. It's no use spending time examining material unless it's relevant to the crime. In this respect sensitivity works against you. If the method is sensitive it's more likely to pick up contaminants. This is why DNA as a source of a hypothesis should be supported by other evidence.

BTW the contents of your vacuum cleaner will approach 100% contamination and should be discounted entirely.

Google reveals own security regime policy trusts no network, anywhere, ever

Doctor Syntax Silver badge

"finding decommissioned services that were still running without purpose."

Is this what happened to Revolv?

Security bods disclose lock bypass bug in iOS

Doctor Syntax Silver badge

"If there's a bypass that will grant access to data without entering the passcode, then the encryption isn't as strong as it's claimed to be, is it?"

There's a difference between the strength of encryption - algorithms & key lengths - and the effectiveness of its deployment.

The more directly a system is aimed at consumers the more likely it is that deployment will be tailored to the convenience of the user rather than the inconvenience of the attacker.

Brexit: Leaving the EU could trigger UK science patent law rejig

Doctor Syntax Silver badge

Re: Divide and conquer

" Not because it's an evil conspiracy, but because it doesn't contain a demos. There is no homogenous electorate, and so even if the European Parliament did have proper power, it still wouldn't work that well."

Even worse. Since the UK vote in the '70s all the treaty revisions have gone through virtually on the nod. Hardly any country has been given the chance to hold a referendum on what were, in fact, constitutional changes. And what happened when Ireland was given a chance to vote on the Lisbon treaty was hardly a ringing endorsement on the role of democracy in the EU. Referenda should have been held to endorse or otherwise the treaty revisions. The new treaties might have been different if the negotiators had been aware that they'd have had to face their electorates.

On the whole I'm in favour of staying in the EU but it has built up a huge democratic deficit over the years and I wouldn't be surprised if "leave" were to win.

Doctor Syntax Silver badge

Re: Divide and conquer

"Yeah, the EU is great at caring for the populous! It must have just been a mistake when they deliberately crippled the Greek economy last year, in order to screw them down in some particularly unpleasant negotations, plunging the country back into recession. Funny definition of caring..."

An unfortunate but inevitable consequence of suspending disbelief to admit Greece to the Eurozone in the first place. Disbelief can be suspended - reality is a different matter.

Top Firefox extensions can hide silent malware using easy pre-fab tool

Doctor Syntax Silver badge

Re: More info needed

"It's a black hat conference, so probably not."

Given that the authors were a PhD student and an academic I'd have expected a degree of responsibility if only to avoid the risk of class action suits on their universities.

Doctor Syntax Silver badge

@ 1980s_coder

That depends on what you understand by core functionality. We started out with a very limited functionality. The server provided minimal tags to describe the content and the client was left to do layout. The most objectionable element of the whole lot was probably the blink tag. PDQ marketroids and the like took over and demanded more & more control over the appearance of the displayed page. Hence we got CSS, Javascript, cookies, Java applets, Flash & whatever other crap escapes me for the moment. The browser became less of a client to display what it was sent and more of a remote execution platform. No wonder it's riddled with vulnerabilities. The "core functionality" has grown and part of the need for extensions is to block some of it.

I'm not against the idea of a core without extensions but it would have to be smaller than the present core, not bigger. It would have to be small enough to be safe - i.e. a remote display platform, not a remote execution platform and web sites need to adapt.

However the original concept of the web is now so seriously broken and I can't see how it can be fixed. Any browser attempting to go back to an intrinsically safe core would break so many sites it would be rejected by users. The browser authors should have said "no" when the first requests to subvert the original concept came in and they should have kept saying "no".

Doctor Syntax Silver badge

More info needed

1. Was this disclosed to the extension authors with sufficient time for them to produce fixes? If not it's an irresponsible disclosure.

2. Is this a vulnerability which can be exploited by simply browsing a malicious site or does the user have to be tricked into doing something active?

3. If the latter what should we avoid?

Doctor Syntax Silver badge

Re: This mess of an article still doesn't explain WTF is going on?

"And if so, I'll stick with Palemoon for now."

But as the first comment says, Palemoon probably has the same problem. After all it was a fork of the Firefox of some time ago.

Doctor Syntax Silver badge

And today we learned that massivelySerial hasn't realised that ABP has a facility to turn off whitelisting.

I looked at uBlock. It blocked more than ads. Specifically it was blocking the videos of weather forecasts on the Beeb's site. It was removed forthwith & ABP was back with whitelisting turned off.

Doctor Syntax Silver badge

Re: NoScript = Tor browser bundle

"I haven't heard of NoScript before, yet it has 2.5 million users? A quick search says its in the Tor browser bundle, so they will be Tor users."

Where did you search? If you use your browser's search for extensions options you should find it there. Tor might bundle it but lots of us use it without using Tor. I'm surprised the count is as low as 2.5 million. You seem to have much to learn.

Windows 7's grip on the enterprise desktop is loosening

Doctor Syntax Silver badge

Re: Microsoft are keeping quiet

"If they need Windows, why would they not want the updates?"

You've never heard of an update (for any OS) breaking things?

You've never heard of people holding back applying updates until they're reassured by the absence of bad reports? In the new world of W10 you only have a limited option to do this. The rest of the users are sent out across open country to discover the hard way whether there's a minefield there or not.

Doctor Syntax Silver badge

Re: Does everyone need Windows at work?

"I remember speaking to a corporate IT at a bank a few years ago. He told me that Windows 7 was the last they expected to provide and support with a shift to BYOD by 2018."

Which bank? I want to avoid them. As a freelancer I could provide my own kit but in a security-conscious client it wouldn't be allowed. I'd have hoped banks would fall into that category.

Doctor Syntax Silver badge

Re: Windows 10, like some drunk on a canal path.

"Typed on an iPad for what its worth, not a PC."

I keep seeing "Sent from my iPad" on mail & Usenet posts. Are they boasting, apologising or complaining?

Doctor Syntax Silver badge

Re: If they'd made Windows 10...

"2. infosec bods, who are more worried about the slurping, cloud elements than anything else."

And for those IT types who don't have those concerns - just keep Legal away from reading the T&Cs.

Doctor Syntax Silver badge

Re: If they'd made Windows 10...

'Let me see. My private/BYOD "Notebook" is a Lenovo Helix (A-series). If I put a Linux on it I will loose:

+ Use of the WACOM hardware (Linux drivers are "early beta" IF they exist for the choosen Distri)'

Wacom tablet works just fine for me on Debian Wheezy/LTS.

Try again.

Doctor Syntax Silver badge

Re: is this bit a leftover from earlier draft

"For some a iThingy or Fandroid will work in the consumer/private use field. For others - not so much."

Hence the article's statement that some PCs won't be replaced.

Nest bricks Revolv home automation hubs, because evolution

Doctor Syntax Silver badge

Re: Didn't think it through

"Result would be a lot less pissed off people."

Well, a few less. Plus quite a lot pissed off thinking "and what good is that to me?".

Doctor Syntax Silver badge

Re: Why do it?

'They don't know (or care) how or why, or even what "somebody else's server" means.'

Some of them have now discovered that.

Doctor Syntax Silver badge

"From an engineering point of view it's efficient to move as much of the processing as possible to purpose-built servers that can serve many clients as possible, rather than each customer having to have a standalone computer at their house which would need to be automatically patched etc."

The web works on the opposite principle by having the customer provide a remote execution platform, with all its attendant risks, rather than a remote display platform. Two examples of doing it wrong even if the wrong things are the exact opposites of each other.

Doctor Syntax Silver badge

Re: Hard lesson

"Relying on "web" or "internet" services is always to put yourself at the whim of some anonymous (or Anonymous) decision-maker who has no interest in you or your problems."

You also put yourself at the mercy of a digger driver with a back-hoe.

Trump carded again: Hotel security aced

Doctor Syntax Silver badge

Re: Sigh...

"a PHB"

In this case PH might not be strictly accurate.

FreeBSD 10.3 lands

Doctor Syntax Silver badge

Re: @W. Anderson - sounds from the ignorant camps

"I'd rather say the dissatisfied Windows users are looking for a zero cost version of Windows and can't be bothered to learn about the internals of Unix/Linux/BSD or any other OS for that matter."

And why should they?

#include usual car analogy.

Doctor Syntax Silver badge

Re: @ephemeral: Who uses FreeBSD in preference to Linux and why?

"FreeBSD is seriously lacking in desktop support... PC-BSD is trying to bridge the gap"

I haven't cut over to FreeBSD as yet because I've a few things to check out first & other stuff keeps getting in the way whilst Debian LTS is able to keep a non-systemd system going a little longer. But I ran KDE, LibreOffice etc on it without noticing any particular differences. I suppose if I lusted after Gnome 3 things might be different...

One thing I have noticed is the lack of the equivalent of Synaptic for S/W management. Yes, the modern package management is comparable to apt but the advantage of Synaptic is that you can make a keyword search where you know the functionality you want but not what supplies it. Having to go via the website to look for packages is a bit half-arsed in comparison. PC-BSD sets out to fix that but I found its entire package management system to be such a CPU-hog that I gave up on it.

My impression is that Linux started out with considerable usability issues back in the '90s but picked up a lot of effort to polish it. There were major glitches - the 2.4 to 2.6 period broke a lot of pre-compiled S/W (it might have been libc6 that was actually responsible) and certainly leaves me with the impression that the overall Linux ecosystem has more devs who don't mind breaking stuff than is comfortable. Overall Linux has gained an edge in usability but platform-independent stuff at desktop and application level means that the edge isn't that great. What's an interesting question is whether people moving over from Linux, prompted by systemd, will erase that edge altogether.

Doctor Syntax Silver badge

Re: No one expects users to RTFM

"BSD is probably cool if all you ever use is Emacs. However I use a deal more than that."

KDE on top of BSD is the same animal as KDE on top of Linux.

Doctor Syntax Silver badge

Re: No one expects users to RTFM

"I must re-read the manual, because your tale suggests it isn't clear enough which is never a good thing IMHO"

On the whole the FreeBSD manual is pretty good. I did discover a weakness in that, unless they've fixed it, installation doesn't offer an option to make the system you've just installed bootable and this isn't addressed by the manual. If you can't boot your new system the rest of the manual, however good, isn't much use. StackOverflow to the rescue.

Your pointy-haired boss 'bought a cloud' with his credit card. Now what?

Doctor Syntax Silver badge

Re: Fair enough

'the Richard Heads don't understand "You can have it cheap, you can have it right, or you can have it now. Pick any two"'

Definitely. I remember some course organised at corporate level but by chance one of the facilitators/instructors/wankers/whatever was a senior manager from the business I was in. He was spouting about having quality, low costs and rapid delivery. I raised the concept of the iron triangle. Not only had he never heard of it, he just didn't believe it.

Doctor Syntax Silver badge

What's missing from this discussion is the probability that IT can't handle the request because they're running round like blue-arsed flies fire-fighting because spending never matched needs for all the other stuff the business asked for and got in the past.

Doctor Syntax Silver badge

Re: Fair enough

"SLAs mean very little. What counts is actual performance."

True. If your work is on someone else's computer and that someone else is N times larger* than your company and something goes TITSUP what priority does your problem get from that that someone else compared to the priority it would get in-house?

*Where "N times larger" is measured in orders of magnitude.

Doctor Syntax Silver badge

Re: Missing the real point

"rather than having supplementary deal information help in countless downstream systems"

The word "help": did you really mean that or should it have been "held"?

It may be that level of accuracy in specifying what you want that prevents you from getting it.

Doctor Syntax Silver badge

Re: Missing the real point

"Quite often, the PHB has been trying to accomplish something for a decade or more."

And failing to explain exactly what they want, to furnish the same attempt at explanation more than once or to answer questions as to the little details they omitted. Not that any of these things will stop them trying to do something themselves nor from expecting someone else to sort it out a few months down the line.

Bloaty banking app? There's a good chance it was written in Britain

Doctor Syntax Silver badge

"I'm pretty sure the /apps/ per se aren't being written in COBOL and Oracle Server. Are they somehow including the backend all the way back to the mainframe as well?"

I also did a double-take on this one. I suspect they're just talking about the applications that runin the data centre but someone trying to be trendy has called them "apps".

Doctor Syntax Silver badge

Re: The average lines of code (LOC)

"Code spends most of its life in maintenance, so anything that makes things clearer is a good feature."

And it was always thus. You know that, I know that, so, in all probability do most readers of elReg. So why do the Continuous Lifecycle mob treat it as something they just invented?

Microsoft lures top Linux exec from Oracle to Redmond

Doctor Syntax Silver badge

Re: They have hired top Linux people before

Doug,

They've been trying to diversify away from Windows as the cash cow for a good while. Services seems to be the general idea & its true that they've been thrashing about with different ideas for that. One was Windows with Bing as a give-away to try to get people to use Bing. W10 as a free update to draw in users-as-a-product was another. But it looks like Azure is the main thing and as customers want to use Linux on Azure then they have to get into that irrespective of what's gone before. I think they've finally realised if you can't beat 'em, join 'em.

Nevertheless I'd still beware the gifts they bear.

Blighty starts pumping out 12-sided quids

Doctor Syntax Silver badge

Re: counterfeit pound coins

"Gresham's Law taken to the extreme: when they're all as bad as each other, there is no good to drive them out."

Gresham's law is the other way round: bad money drives out good.

Holding out for a Jobs: Tim Cook still auditioning for position of Apple god

Doctor Syntax Silver badge

1980s vs today

a "Macintosh way" for designing programs in a consistent manner so that users could concentrate on what they were doing, rather than how they were doing it.

When the Mac was first released there was an article in Byte about Apple's extensive usability testing. As they were growing rapidly and taking on office staff they had a steady supply of recruits who'd never seen the interface, and maybe no other computer interface either, so each iteration of the design could be tested on subjects who had no preconceptions. It was from that testing that the importance of principles such as consistency emerged.

A few days ago this emerged - http://fossforce.com/2016/03/usability-study-gnome/

Look at the 2nd item on things that could be done better: consistency.

I started off with "Mac vs Gnome" as a headline but that would be unfair to Gnome (says he through gritted teeth) as it was simply the test system in this particular study. A third of a century has rolled by and we can still have criticism like this emerging from usability studies! And is it any wonder when we have "user experience" designers who prefer style and novelty over consistency and functionality?

Doctor Syntax Silver badge

'the Kardia band, which acts as an EKG monitor, can be the "killer apps" that unlock the savings.'

Maybe not the best choice of words.

But it's interesting to see the arguments over encryption in the context of such devices. I wonder what Apple's critics in the FBI case make of that.

The Register to publish Mindful Sysadmin adult colouring book

Doctor Syntax Silver badge

Sysadmin and Friday but no cattle prod? What's the world coming to?

Critics hit out at 'black box' UN internet body

Doctor Syntax Silver badge

Does it actually do anything? Except meet at unpredictable intervals in unpredictable places?

Reddit's warrant canary shuffles off this mortal coil

Doctor Syntax Silver badge

"Just having a warrant canary in the first place seems to be close already (sad to say)."

Maybe, given that it requires a specific statement. However, an alternative occurred to me as I was typing the comment about the vulture. Why not simply put a picture of a canary in the site's banner. No need to say what it is, people will just get the meaning PDQ. It could be removed instantly but given that its meaning would be implicit it would be difficult to bring about a prosecution. After all it would just be a picture of a canary. The only problem would be that people would confuse it with the twit's bird.

Doctor Syntax Silver badge

If our beloved vulture disappears should we be worried?

Biting the hand that feeds IT © 1998–2019