* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

Met police commissioner: Fraud victims should not be refunded by banks

Doctor Syntax Silver badge

HSBC

@Voland's right hand

I doubt they've improved since I also fired them about 10 years ago.

At that time the process for settling an HSBC credit card via an HSBC bank account was clunky - I'm sure it was trying to hand over from one system to another and trying to make it look seamless. Whatever, one night it clunked a little too much and failed. I tried to give them a friendly heads up and their sole response subsequently confirmed in writing was that "we don't support Firefox and Linux"; no attempt to even listen to the information they were being given or recognise that I wasn't looking for support for my software. Neither Lloyds, Barclays or the Coop had any such restrictions. Together with the fact that they'd closed my preferred branch they got the push.

About a year ago I took a look at their First Direct arm. Their internet banking page stated that "PCs and Macs connected to Local Area Networks are not supported". I pointed out that any broadband connection uses a LAN to connect to user's machines. They promised to look into that and get back to me. I'm still waiting and that nonsense is still on their site today.

Water treatment plant hacked, chemical mix changed for tap supplies

Doctor Syntax Silver badge

Re: Poisoning people is not hacktivism

"maybe I just have my values all wrong"

You have. Google Camelford incident. That was an operational cock-up but it seems likely that something similar or worse could be achieved deliberately through illegal access to SCADA networks.

Having said that, if details of 2.5 million customers were exposed then they should be notified irrespective of whether there's any evidence of fraud. In fact, if they weren't notified it would be difficult to know whether there had been fraud or not. Hiding the whole incident behind a pseudonym is just irresponsible.

Doctor Syntax Silver badge

Re: Demarcation?!?

" It beggars belief that all these utility companies don't have better network designs."

In the circumstances "design" seems too strong a word.

Govt: Citizens, we know you want 10Mbps. This is the last broadband scheme for that

Doctor Syntax Silver badge

Re: All well and good but....

"Has anyone asked the sheep farmer in deepest darkest wales if they actually want super-fast broadband?"

No, DEFRA just assumed they had it.

MH-370 search loses sharpest-eyed robot deep beneath the waves

Doctor Syntax Silver badge

Re: Waste Of Time

"satellites that could have been available"

could have been != were

Doctor Syntax Silver badge

Re: Waste Of Time

' if the international community just owned up and said "look our satellite spotted the plane going in to the sea at this point"'

Relies on a fact not in evidence as Parry Mason used to say.

Israeli biz fingered as the FBI's iPhone cracker

Doctor Syntax Silver badge

"Probably is that it cost the FBI some amount of $$ that they didn't want to pay,"

Don't be silly. Plan A was lawyers. Which do you think would cost more?

Doctor Syntax Silver badge

Re: Of course the FBI's effort was a smoke screen or for precedent-setting purposes...

As I wrote in another thread, never start a fight you don't know you can win. They thought they were OK & then found out they were starting that fight.

Wait! Where did you get that USB? Super-stealthy trojan only drives stick

Doctor Syntax Silver badge

Re: How strong willed would you have to be to not plug in a USB stick you found in the street?...

I did. Mind you, it was the one on my keyring that I'd just dropped. This solid state stuff isn't that solid. It never made a reliable connection again.

Doctor Syntax Silver badge

Re: format before any use...

"can penitentially attack your gadget or PC."

I confess I'm still trying to get my head round that.

Doctor Syntax Silver badge

@Symon

At the level the guys in the article are dealing with you paranoia is SOP.

Doctor Syntax Silver badge

"Even those you get at discount IT shops might be suspect."

My point was that, given the complexity of today's supply chains, how do you know that any item is trustworthy?

Doctor Syntax Silver badge

"People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy"

What's a trustworthy source and how do you recognise one that's not?

Oh, sugar! Sysadmin accidently deletes production database while fixing a fault

Doctor Syntax Silver badge

Re: No sh*t, Sherlock award of the week

Well at least they're letting marketing do the PR, presumably the techs are getting on with the fix. Much better than the other way around.

Oracle fires big red Solaris support sueball at HPE

Doctor Syntax Silver badge

I wonder what would happen if a customer dug out an old-school tender document which specified as a requirement "must have multiple sources of support".

Your money or your life! Another hospital goes down to ransomware

Doctor Syntax Silver badge

Re: OSes in the business-critical enviro?

"Starting them and running applications is easier than finding line-spacing defaults on the MS Word ribbon."

As bad as that?

Doctor Syntax Silver badge

Re: Sigh. Windows vs Linux again.

"If I decided to switch my 200 user company over to Linux....where do I get professional hands on service and support for users and infrastructure?"

How should we know, we don't even know where you live? But you could start by looking. You could well find that there are half a dozen local Unix freelancers who are looking for the opportunity to add another line of business. Maybe some of them are even reading these comments.

Doctor Syntax Silver badge

Re: And the moral is.......?

"iding file extentions....yes, fine i get it, but doris the 50 year old secretary doesnt and bnever will."

That's another thing your IT dept needs to do: training. Include a little testing - like a phishing email that will check whether she's still falling for it.

If she proves untrainable then maybe it's time to think of moving her somewhere where she can't damage things. The security of your business is worth more than your secretary's feelings, especially if it's a hospital where life & limb could be at stake.

Doctor Syntax Silver badge

Re: Sigh. Windows vs Linux again.

"I've bought a new HP colour laser printer (Ethernet connected) and I'm trying to get it to work with Mint."

It's just the old device/ driver/OS issue. It can affect any OS. I've never had problems with Linux and HP. OTOH when I tried the preview of W10 it wouldn't recognise the HP printer I've been using for years. It's more the attitudes of the device manufacturers than anything else.

Doctor Syntax Silver badge

Re: And the moral is.......?

"what's your source for pinning the blame on Windows?"

I'm not sure what the OP had in mind but there are a few possibilities. One is the way Windows is normally set up to be "helpful" by hiding file name extensions so as not to confuse the users. As in confusing them into thinking that something labelled, for instance, invoice.jpg.exe might be harmful.

Then there's the fact that Windows often seems to be run with the user as a local administrator so that anything they've been tricked into running has more privileges than it ought to have.

Taken together those make Windows users more vulnerable than they should be. Add to this that, being the most widespread platform it's a major target but make no mistake, if Linux was common enough to be worthwhile it too would be targeted. In fact, malicious Javascript could attack any browser of client that doesn't run with scripts blocked. The dependence of the modern web on JS makes such blocking inconvenient but that's a different complaint.

But Windows itself really isn't the problem.

One problem is the nature of email: it's too easily forged. The From: line can say anything and there's no way of even attempting to check without the time and skill to delve into the headers, two resources which a busy office worker probably doesn't have. A big improvement would be an email system which requires signing so that the signature could be checked against the public key of the alleged sender and bounced if it failed.

Another is that every operating system allows any program to write to any file based on user privileges only. If, for instance, only your office suite was allowed to write to word processor files and spreadsheets a random encryption program couldn't touch them (I exclude powerpoint files - encryption might be an improvement).

A third is that file systems generally don't have separate permissions for deletion or versioning so it's possible for malware to delete the old file if it applies a new suffix to the encrypted file or to overwrite the old one if it doesn't.

We need to design systems on the basis that they will be under attach - at present everything assumes well-intentioned and well-trained users in a benign environment. We're not there any more.

Azure's wobbly day as three services glitch around the world

Doctor Syntax Silver badge

"This box runs the business that pays my wages."

"This box runs somebody else's business."

Spot the difference.

Error checks? Eh? What could go wrong, really? (DoSing a US govt site)

Doctor Syntax Silver badge

Re: But the program is error free!

"His problem was that he did not comprehend - even after we discussed it - that an assembly pass that did not generate any errors did not mean that the code would actually function."

In neither version of your story do you address one essential point. Did his code work?

UK.gov kicks long awaited digi strategy into long grass, blames EU referendum

Doctor Syntax Silver badge

Re: It could be used to rebuild GOV.UK

"Again?

I thought this iteration was supposed to demonstrate how government IT services should be done?"

It's agile. They'll keep doing it until they get it right, whenever that might be.

Doctor Syntax Silver badge

"The GDS was awarded £450m last year for this Parliament, but no details have yet been released as to how that money will be spent."

I doubt GDS will regard lack of details as an obstacle to spending money.

Microsoft files patent for 'PhonePad', hints at future Windows plans

Doctor Syntax Silver badge

"sufficient obfuscation to avoid getting your idea pinched"

Or sufficient obfuscation to hide the fact that it's not a particularly original idea.

The requirement to prove originality in a software patent ought to be to show that the problem has been known for some time without a successful solution. Is this different to what Ubuntu have also been demonstrating for some time?

I have a nasty feeling that MS might be claiming royalties from the work others have put into their own implementations of the same requirement.

Okay IT pros, change happens. But here's your Reg guide to staying in control

Doctor Syntax Silver badge

I had one gig where the manager had a set of requirement's similar to Dave's to set up a new product. They included a requirement to specify up-front the SQL needed to make the changes to the database. The application, however, had been implemented with a user-friendly front-end form to make the changes to the various tables. This would include working out the surrogate keys on the live system which would be different to those on the development database. It simply wasn't designed to work through the import of raw SQL.

Doctor Syntax Silver badge

Re: Or join the 21st century.....

"avoids silly Stand Ups, and only have good Stand Ups "

The "no true Scotsman" approach.

Doctor Syntax Silver badge

Re: Or join the 21st century.....

"what the hell is happening in the business"

This may be a very brief requirement but it's a actually quite a good one and one which suits an iterative process. To any given level of detail it has a deliverable and if more detail is required another iteration will produce another level. When the client says they've got enough or spent enough it can stop. A different requirement might not be so suited to that approach.

What's really problematical about it is that the board didn't know what the hell was happening in the business in the first place.

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Doctor Syntax Silver badge

Re: Good for the guy that pulled it

"I really hope this gets more attention."

Let's also hope that Kik finds itself heavily dependant on some of the code that got pulled. And their lawyers. Karma.

Doctor Syntax Silver badge

Re: Left padding

"I think you mean 30 years ago."

Only 30? Kids today.... Wanders off mumbling to self.

iOS flaw exploited to decrypt iMessages, access iThing photos

Doctor Syntax Silver badge

Re: So, Apple has backdoors to their OS

The likelihood is that it's one they don't know about so they're withholding nothing. If you RTFA you might spot that it pretty well implies that.

Doctor Syntax Silver badge

Re: Nation-state?

Simple to describe, simple to implement utter nightmare to run to completion.

FTFY

Doctor Syntax Silver badge

Re: The tinfoil hats are strong with these ones.

You forgot 4. They want a precedent that can be gradually widened to get a backdoor inserted into any S/W they choose. That's the really dangerous one.

FBI backs down against Apple: Feds may be able to crack killer's iPhone without iGiant's help

Doctor Syntax Silver badge

"This is pretty much exactly what I said a month ago and was downvoted into oblivion with some AC saying I needed to post something sensible."

There's also been a good of crap about "do you know how many attempts you need to to brute-force an AES key" when, in fact it was all about brute-forcing a four digit pin.

But if this is the explanation I think the" external forensics company" has a TLA.

Doctor Syntax Silver badge

" wonder if the FBI had suspicions the judge assigned to the case may come down on the side of Apple and decided that wasn't a precedent they wanted setting."

This is my suspicion. There's an old saying 'don't start a fight you can't win'. They thought that they could do this by taking it to a magistrate, assuring her it was all straightforward and getting a warrant without letting Apple be heard. What with Apple contesting it, with heavy-weight amicus briefs and a few influential voices saying that other parts of the govt favour encryption they're now thinking this is a fight they can't win. Maybe the recent zero-day is what they're using to back down gracefully. Maybe Zdziarski's right (I'd have thought this would have been something NSA would have looked at way back).

I'm sure what they really want is a precedent to get backdoors put into whatever they want and if this looks as if there's any possibility that this could go against them they'll wait for another chance somewhere else.

Doctor Syntax Silver badge

Re: Phone in hand.

There's also a big difference, in principle, between cracking one phone in hand and cracking a few dozen other also in hand together with an unlimited number not yet in hand. In practical terms there isn't. But principles matter.

Doctor Syntax Silver badge

Re: Not a win for Apple

"Not really a win for Apple if it turns out the phone can be easily cracked without help from Apple."

It could well be this zero-day: http://www.theregister.co.uk/2016/03/21/zero_day_apple_grapple_dredges_imessage_photos_videos_in_ios_9/ in which case it'll be fixed for regular users.

Doctor Syntax Silver badge

Re: Govt Property.

"What kind of IT Manager issues a Govt owned device where he doesn't know the pw?"

From what I've read, one who bought a device management package and didn't use it.

Doctor Syntax Silver badge

Re: precedent

"The prevalence of homophones" is good reason to take care in selecting the right one.

PC World's cloudy backup failed when exposed to ransomware

Doctor Syntax Silver badge

Re: unpaid_invoice.doc.js

"Ask the BOFH, she's at fault"

The BOFH is good for a laugh. But in real life someone who makes a purchase of a complex product should be able to expect advice, given after consultation, as to what meets her needs, not whatever's in stock or offers the biggest bonus.

Doctor Syntax Silver badge

Re: Infected industry

@Gray

You have a point but please realise that some of us who are saying that users shouldn't be blamed for not knowing what they need to know in order to know what they need to know* are also pros (or retired pros). Personally I'm shocked at the number of people here who expect that a SOHO user or whatever should be an experienced sysadmin.

The public should be better served. They should be better served by the platforms they're sold, they should be better served by the vendors and they should be better served by Government who have better things they ought to be doing than mass-surveillance.

*Yes, Sir Humphrey got there first.

Doctor Syntax Silver badge

Re: Infected industry

"But it could be avoided if a little effort was made to understand the 'beast' and how to tame it."

The fact remains that she went to people who were supposed to help her.

Another poster mentioned front-line support & heart surgeons. Let's pursue that line of thinking and imagine that medicine isn't regulated. You feel ill. You roll up to someone at a good address with an impressive brass plate beside the door. You are you to know whether you're visiting a heart surgeon or an apothecary with a good address and a brass plate? You tell them your symptoms and accept their diagnosis and assurances in good faith; you've "made a little effort" but you don't have the required knowledge to tell whether it was the right effort and you didn't realise that you needed to do 1st MB to be able to tell the difference.

Doctor Syntax Silver badge

Re: Starved of information: 3 things never learned from Randomware tech articles...

"users may think they're saving without an .ext but really, the file has an extension and Windows is just hiding "

This little gift of Windows is part of the problem. cat_piccy.jpg is really cat_piccy.jpg.exe and Windows lied to you.

Doctor Syntax Silver badge

Re: Great sympathy with the User but ....

"They are a retail outlet that has grown quite large and diversified into Computer Retail (mainly Domestic & Small Business end of the market.)."

Not quite correct. They started out as a specialist computer retailer - in Croydon IIRC. They grew into a chain and were then taken over by a bigger chain.

Doctor Syntax Silver badge

Re: No! No! No!

"The restore strategy dictates the backup strategy, not the other way around."

They are not two separate things. There isn't a backup strategy and a restore strategy. There's a keeping-things-going strategy whose components are backup and restore.

Doctor Syntax Silver badge

Re: No! No! No!

"tell me, in detail"

Do that and user's eyes glaze over. What they want to hear is reassurance. That's what she was given when she bought it.

Doctor Syntax Silver badge

Re: "a virus flooded my laptop instantly corrupting all my files "

"There's no way it could have instantly encrypted all of her documents immediately after opening the dodgy email...."

This is true. What probably happened was all sorts of oddities which panicked her. When that happened to my cousin-in-law she did the right thing - maybe by chance - and switched off. In this case it's difficult to say what happened but I do wonder if she tried to do the recovery with the virus still active and got her recovered files encrypted - or tried to do a backup and backed up the encrypted files, or both.

Doctor Syntax Silver badge

Re: Backup Vs Archive

"At some point the owner has to take responsibility for their own data"

Which, to the best of her knowledge she'd done - by going to what presented itself as a professional service.

"and that includes testing of the backup / archive functionality."!

I repeat the question I posed earlier. I assume you're a sysadmin. How many of your users come to you to check that you're testing backups?

You're talking about what sysadmins do, not users. She's a user. Is that so difficult to understand?

Doctor Syntax Silver badge

Re: Or she hadn't completed a backup in the previous 30 days

"If a professional server backup fails to complete, alarms sound"

Not with my old clients as per previous post. Oh, you said "professional".

Doctor Syntax Silver badge

Re: There are two options here...

"the major weak point was her just not being savvy enough."

And that's what these scum prey on.

Biting the hand that feeds IT © 1998–2019