* Posts by Doctor Syntax

16427 posts • joined 16 Jun 2014

Solus: A welcome ground-up break from the Linux herd

Doctor Syntax Silver badge

Re: Solus stands on a few less shoulders than others

Arguably less is correct. It stands on the shoulders of the very many who put together the individual libraries and programs but not on the mighty shoulders of one of the great Debian/Red Hat/SuSE triumvirate. OK, it's getting late...

Doctor Syntax Silver badge

Another interface that seems to be based on "a clear desk is a sign of a clear mind" or, as I think of it "an empty desk is the sign of an empty head".

Where do you put all the documents you're working on? And, no, the "recent files" option on a file menu isn't nearly enough if you need to consult a lot of reference material. These empty desktop styles just cut out a whole mode of operation and in order to provide....well, nothing really.

What are you doing to spot a breach?

Doctor Syntax Silver badge

"A hospital may send data to a third party company that produces its invoices for it. How can you distinguish between a legitimate business process like that, and an illegitimate one that is sending sensitive data to bad people?"

How do you know that the legitimate third party isn't compromised? Or that it doesn't employ someone untrustworthy?

Californian tycoons stole my sharing economy, says Lily Cole

Doctor Syntax Silver badge

"For starters, I can't get what impossible.com does from their front pages."

I think you've hit on the problem.

FBI says NY judge went too far in ruling the FBI went too far in forcing Apple to unlock iPhone

Doctor Syntax Silver badge

"It also argues – as it has done in the San Bernardino case – that the request is device-specific and so does not constitute blanket approval for the FBI to break into any iPhone."

So, two quite unique but surprisingly similar cases.

I'm sure the New York office had misread the instructions. Their case was intended as the second slice of salami when they'd got the result they wanted in San Bernadino. They've given away the game plan.

What a pair of ace-holes: Crooks bug gambler's car with GPS tracker, follow him and rob him

Doctor Syntax Silver badge

Quis custodiet and all that.

GCHQ: Crypto's great, we're your mate, don't be like that and hate

Doctor Syntax Silver badge

"The level of security I want to protect the privacy of my communications with my family is high, but I don’t need or want the same level of security applied to protect a nuclear submarine’s communications, and I wouldn’t be prepared to make the necessary trade-offs."

Take this statement in conjunction with the Nat West article. It would be wrong to see such things as affecting just individuals - as in his family's communications. If you take all the Nat West users together, or all of the other individuals who might be affected by some other issue, each time you can add up what's a risk and discover that it's a sizeable chunk of the economy. Does that move it a bit closer to a nuclear submarine in terms of significance?

Doctor Syntax Silver badge

"That is where we will need goodwill on both sides.”

Fair enough. But that gives him a problem. He and the other agencies have lost that goodwill because they have lost the trust of the public including the tech companies. He and the others need to regain that trust. It's really the most important problem they have and I don't think they have a clue where to start. I can help them with a rather old piece of advice.

When you're in a hole, stop digging.

They need to step back, grasp what the rest of us are saying and then admit that they way they've been going about things is wrong; that for the greater good they need to accept limits. Standing up and giving lectures about how they're right is, in fact, quite wrong. They work for the public. The ethics and morals they adopt should be those the public require of them. It's not their role to try to scare the public into the attitudes they want. And, as someone said in a previous comment thread (and inexplicably got downvoted for it) questions of principle shouldn't be settled by appeals to utility.

Doctor Syntax Silver badge

Re: Goodwill?

"That is what I said to someone I know who works at GCHQ just after the Snowden leaks."

What was their reply? Or is that classified?

Microsoft joins Eclipse Foundation. Odd thing for a competitor to do

Doctor Syntax Silver badge

Re: Oh. Woo. Yay.

"Not that it'll stop the nutjobs claiming otherwise with nary a shred of proof of 'evil' intentions."

It's not so much a matter proof as a matter of leopards and spots.

NatWest tightens online banking security after hacks' 'hack' exposé

Doctor Syntax Silver badge

Re: Are Barclays...

"the only bank that use a card reader in the customer's hands to allow any interaction with the account?"

No, but the only time I needed to use mine it didn't work. I think it's because these things are time based and the bank is running several years slow.

Doctor Syntax Silver badge

Re: No NatWest Branches But Don't Use The Post Office @Richard Jones

" *Always* write your sort code and account number on the back of the cheque"

You mean so they can match it up with the one on the front?

Doctor Syntax Silver badge

Re: communicating with them using ALL of their registered methods

"Who reads emails that purportedly come from the bank?"

There's another side to that - by sending out spam the banks are training their customers to respond to phishing emails.

Much as I'd like to suggest firing the guilty in the marketing departments (that's probably entire departments) there are ways in which things could be improved.

My own solution to the bank email problem is to have my own domain and use that to give the banks etc their own email aliases to address any emails to me. Unless some bank employee has my email address on his BYOD - which he shouldn't - and loses it then I can reasonably rely on any email that claims to come from my bank actually having done so*.

I appreciate that not everyone wants to run their own domain. A simpler solution would be that email hosters provide each customer with a subdomain within which the customer can set up their own aliases so instead of NatWest sending emails to fred.bloggs@example.com they send to nw.2016@fredbloggs.example.com or even better 55de6ff8-e541-11e5-b6b8-78acc0c6193c@fredbloggs.example.com.**

The other technical improvement would be to make PGP a core part of an extended SMTP so that if I get an email which purports to come from my bank it would be signed and my email provider's server would verify the signature with the bank's public key before accepting it.*** For good measure I might have a copy of the bank's expected key on my email client, just in case the email were to come from someone@my-bannk.com.

Today's email standards and practices are rapidly becoming inadequate and need to be improved.

*In fact, this may not be correct. I have had words with more than one financial institution about their having employed digital marketing companies spammers to send out valuable marketing communications spam. If that were to happen under my current system I'd then have to change the alias and complain bitterly about the hassle. The alias might well be changed by changing bank. Maybe fire the marketing departments just to be on the safe side.

**This does, of course, rely on email providers not having their database popped by teenage skiddies using exploits older than themselves. Come to that, so does my existing arrangement but I think that, unlike other internet companies I've left behind, they're prepared to keep their security up-to-date.

***The keys would either be served from the bank's email server or the bank's DNS records would include an alternative address. And, yes, I do know that PGP can be enabled on my email client today; do you know it's not a rhism of use without most other correspondents also using it? It needs to become universal to be of use and the only way for that to happen is for it to become adopted into the standard so that non-use can be deprecated.

Doctor Syntax Silver badge

Why did it take a Beeb news item to get them to move?

Going on a thin client diet

Doctor Syntax Silver badge

"They can also still put USB sticks that they found in the car park into their thin client"

A blob of epoxy in the USB sockets should cure that.

Doctor Syntax Silver badge

"What actual work are people doing on tablets?"

Using them as clip-board replacements.

UK.gov will scrutinise all its Atos contracts following IT cock-up

Doctor Syntax Silver badge
Coat

Medical extraction?

Should've started with dentists, not GPs.

Mines the one with the stainless steel pliers in the pocket.

Doctor Syntax Silver badge

"Because we failed to learn from them, we made the same mistakes as everyone else."

It would help if people learned from successes.

Apple: FBI request threatens kids, electricity grid, liberty

Doctor Syntax Silver badge

"Though who or what they are really protecting here?"

That's an easy one. Everyone who didn't think it mattered until they ended up on the wrong end of a false accusation and find out too late that it did matter.

Doctor Syntax Silver badge

Re: I still think the FBI

Has gone about it in the right way to do what?

AFAICS, they've gone about it in the right way to give them the best chance to obtain a precedent that they'll then take every opportunity to extend until no meaningful safeguards are left. I doubt they give a monkey's about the content of the phone, even assuming it has anything they haven't got from the backup.

Doctor Syntax Silver badge

Re: "it be used only on government or Apple premises"

"The end result is that non democratic states and and crooks will gain an advantage - while those following democratic rules will be cut off from essential evidences in many crimes."

If legit software had backdoors then legitimate users would have be at risk. Criminals? There's be plenty of people, some of them competent, prepared to produce illegal software and remember this simple fact: you do not discourage people intent on breaking the law by furnishing them with more laws to break.

Doctor Syntax Silver badge

Re: Smartphone weaknesses

"Sim Card Cloning"

The instruction include reading the victim's SIM. If someone has your SIM to clone he has easier options to make use of it.

Doctor Syntax Silver badge

Re: You don't say !

"it is interesting that they've approached this issue in this way"

I think they've taken the best case they can to get a precedent from the courts. This particular case takes advantage of the fact that the phone was owned by a public body, not the user and that the user's rights don't come into it because he's dead. OTOH if that last were a significant part of the precedent then the SOP for getting a phone unlocked might include "shoot user".

AMD to fix slippery hypervisor-busting bug in its CPU microcode

Doctor Syntax Silver badge

Re: Learnt something new today

"AFAIK no one has ever successfully tinkered with microcode. It's a security through obscurity thing on a very large scale."

My first reaction reading this was that someone who was able to get the old firmware loaded could then trigger the exploit. But I suppose anyone with that level of access wouldn't need to worry about finding exploits to use.

Doctor Syntax Silver badge

Re: Learnt something new today

"It's certainly quite astonishing to see just how many files are lurking in /lib/firmware."

Including new_code.bin and new_code_fix.bin in one directory. Nice to see explicit file naming practices being followed.

Norman Conquest, King Edward, cyber pathogen and illegal gambling all emerge in Apple v FBI

Doctor Syntax Silver badge

It's rather trite to say that everyone should assist in the pursuit of lawbreakers etc. But we also have to remember there's supposed to be - and I'd like to think still is - a concept of presumption of innocence.

The FBI appear to have chosen the case on which to raise their demand with considerable care. There is nobody charged and very likely nobody ever to be charged as a result of this. The user of the phone, whilst neither charged nor convicted, has any outstanding human rights to be contradicted, moreover it's likely that when a coroners court sits on the murders it's likely to pronounce that he committed them. Also the phone wasn't his property, it belonged to the local government body who are agreed to the phone being hacked. So, apart from the fact that the FBI and the owners between them made a cock-up by changing the password and the dubious arguments for the phone's likely evidential value over and above any information the FBI might already have, the case for doing this is about as persuasive as it gets.

However, the precedent it would set, practically if not legally, would extend well beyond these circumstances. Even if a decision in favour of the FBI were limited to the particular circumstances I outlined above it would still be a dangerous precedent. On the one hand it would undoubtedly be just the first slice in a campaign of salami tactics to make the decision universal. On the other, if the circumstances were limited to those in which the user were dead that might be an irresistible temptation that shouldn't be on offer.

The argument's been made that those who break the law shouldn't be entitled to call on the law to protect them. That argument fails to take account of the presumption of innocence. Until proven guilty the alleged lawbreaker is as entitled to the protection of the law as anyone - it's one of the final lines of defence we all share against a false allegation. So the risk of such a precedent being widened to overrule that presumption is not a trivial one.

If we are to be called on to assist against lawbreakers we need to be able to trust those who make such calls. As things stand various agencies in both the US and the UK have forfeited a great deal of public trust. ISTM that one of the most important things now, for the FBI and for the others, is to rebuild that trust. In the circumstances, whatever new evidence might be gleaned from the phone the wisest step the FBI could take right now would be away from their request. It could be the first step towards that rebuilding.

As the FBI and their supporters have chosen to invoke the rulings of Edward I we should remember that the presumption of innocence was reintroduced into European law in his time and also that he not only reaffirmed Magna Carta, he made it part of English statute law. From Magna Carta we have the concept of due process of law. These days I fear the concept of due process is being stretched to breaking point if not beyond.

Finally I should reiterate that I spend a good many years as a forensic scientist in the midst of a terrorist campaign. I carry no brief for terrorism or any other form of criminality. I understand from my own experience the desire to investigate cases as fully as possible. But the thing I dreaded for all those years was the possibility that, however inadvertently, I might end up making a mistake that could help convict someone who was, and would know themselves to be, innocent. I wish I could see evidence of that dread in the decision makers of law enforcement agencies today.

French parliament votes to jail tech execs who refuse to decrypt data

Doctor Syntax Silver badge

Re: SIEG HEIL, Monsieur Hollande

From the article: "The new penalties...are opposed by the French government,"

How the FBI will lose its iPhone fight, thanks to 'West Coast Law'

Doctor Syntax Silver badge

Re: Ah, but that would involve *logic*

'San Bernardino DA says seized iPhone may hold “dormant cyber pathogen”'

OK, take him at his word. Better keep it locked and then destroy it.

We’re not holding biz to ransom, says pay to play ad-blocking outfit

Doctor Syntax Silver badge
Coat

The ad industry as presently constituted might just as well face facts. The party's over. We're just waiting fro everyone to collect their coats.

Doctor Syntax Silver badge

Re: Here's an idea

"That might fix it."

I'm glad you put on the joke alert. The entire chain other then the user's computer and the IP network leading to it could be outside HMG's jurisdiction. The only point at which the user's computer can realistically be defended is at the computer itself. I doubt the ISPs would be able to perform DPI on all the traffic and even if they could it would require MiM of HTTPS sites - not, of course, a problem with our beloved elReg.

Everything bad in the world can be traced to crap Wi-Fi

Doctor Syntax Silver badge

"Unfortunately, for the past few weeks my phone has decided that it likes the BT Fon connection better than my private home WiFi, so it always connects to it."

Back in the day when unsecured home access points weren't that unusual my laptop would manage to ignore my network and latch onto some unsecured one-bar job down the street at what felt like 10 bits per minute.

Doctor Syntax Silver badge

Re: Shit coding

"(PS - showing my age, aren't I?)"

No, you missed out "on a teletype".

Doctor Syntax Silver badge

Re: Shit Wi-Fi?

'my dead grandmother can understand the idea of "one off purchase"?'

Unfortunately your dead grandmother has more perspicacity than anyone in sales and marketing.

Doctor Syntax Silver badge

Re: Shit Wi-Fi?

"My email was used for contact when delivery was due for the major items."

1. Own domain.

2. Set up mail address specifically for the vendor.

3. Tear down mail address when no longer needed.

4. Occasionally give a thought to all those spams being bounced.

Ad-blockers are a Mafia-style 'protection racket' – UK's Minister of Fun

Doctor Syntax Silver badge

Re: Ridiculous

"The only reason why ads are everywhere, because you and people like you don't want to pay for content and services."

Citation needed.

Doctor Syntax Silver badge

Re: Ridiculous

"The reason why advertising is everywhere is because, on a human psychological level, advertising works. It influences people, against their own will, to make various choices"

Sort of. It works because, on a human psychological level, the advertisers can't comprehend that their monotonous advertising will piss off so many people that they lose potential customers. When you're so utterly convinced that the sun shines out of your arse rational thinking becomes impossible.

Doctor Syntax Silver badge

Re: imho

"Nope, not in his view."

In fact he seems to be rather ambivalent about it.

ISTM that he's been lobbied into making a speech in favour of the advertising industry but realises that users have made up their minds and it would be politically stupid not to go with the flow. So he's started off by saying what the industry wants to hear but then put the users' viewpoint and some meaningless dribble about being ready to help. When push comes to shove he's got his marker in which will enable him to take the popular line without being accused of a U-turn.

Doctor Syntax Silver badge

Re: Ridiculous

"everywhere you go you are literally bombarded with advertising"

I wish those advertisers would make sure their hoardings were nailed up properly.

Doctor Syntax Silver badge

Re: That speech in full

"I know the digital sector prides itself on [self-regulation and co-operation]"

Belief in that, at least as it applies to the advertising sector, can't be described as sensible.

At present we have the ASA as an advertising regulator, proof needed, if anything, that the advertising industry in the UK can't self-regulate. The ASA can only act after the event; good luck with using that as a means of cleaning up malware served up via an advertising network. And the ASA only has authority in the UK at best.

Ad-blockers are no longer an option for people who don't want ads, they're another part of the PC user's security toolkit.

Converged PC and smartphone is the future, says Canonical's Mark Shuttleworth

Doctor Syntax Silver badge

Yes, I know, commenting on my own post & all that.

I use a Mint netbook for visiting libraries and archives for research. As it happens I run Informix & a selection of its tools which enables me to knock up new data-taking forms as needed. It wouldn't, however, be difficult to implement something similar with a different RDBMS tool-set.

I also carry a USB stick to which I can download images from the library's computer.

So there I am, on the one hand collecting images on the stick & on the other taking notes and at some point the two have to be brought together.

What would be ideal would be to have an arrangement where a USB lead would allow the netbook to present itself as mass storage in just the same way as the USB stick. An Android tablet would allow this but wouldn't, AFAIK, allow for a full-blown RDBMS tool-set to be installed. But if a Ubuntu tablet provided the mass-storage simulation via USB and an RDBMS then combining this with a Bluetooth keyboard would be a winner for me. OTOH maybe the same thing could run on my existing netbook.

Doctor Syntax Silver badge

Re: the problem with 'seamless' is that it never is

"So all these 'seamless' systems have to come up with some kind of clever software layer which knows or remembers what kind of layout we want for all sorts of things, and when."

If you're thinking in terms of a system that normally has a deep integration between the desktop and the rest of the OS then you'll undoubtedly need to think of some layer on top of that. However for any Unix-like system that's already a solved problem. The core OS is independent of the interface - it can even be run headless. The windowing system sits on top of that and the desktop, of which there is a choice, sits on top of the windowing system. There are even standards for storing info about desktop contents. It's possible to install several desktop packages on one device* & choose one at login. Swapping one for the other when connecting or disconnecting a docking unit wouldn't be a great step beyond this.

*Providing you're not using a device whose vendor's walled garden prevents this.

Doctor Syntax Silver badge

@Dave 126

As per my previous post, what you envisage wouldn't be my use case. Nevertheless it's not difficult to see that there are several different ways of using expansion of a phone.

If you're targeting use at home or in an office you might have a docking unit permanently plugged in so if you need to revert to hand-held operation for some reason its simply a matter of picking it up from the dock.

If you want to use it with an hotel TV you might need to carry an HDMI lead along with a bluetooth or USB keyboard.

A business traveller, therefore, might pack a keyboard and lead for use in hotels but leave them in his luggage when returning to the office where a docking unit would be available.

As to the trade-off between a computing stick and a phone, the former is dependant on having a TV or monitor available whilst the phone is usable within the limits of its interface at any time. As to one standing in for a missing other, well all you're saying is if you start with two devices, of whatever nature, and lose one you've got one left. That's just simple arithmetic. However, if one has your data on it and the other doesn't and you lose the one that has you effectively have nothing left. You might also end up with half your data on each device and become dependant on using both; you're going to need to keep them in sync.

Doctor Syntax Silver badge

A phone running Ubuntu could have an appeal. Being able to use it as a general purpose computing device wouldn't be the major part of the appeal. The appeal would be that I buy the phone and that's the end of matters. What runs on it, apart from the phone S/W itself, is my choice, not the vendors. What it reports back to the vendors is my choice (nothing as it happens). Whether Ubuntu and their vendors would be prepared to restrict themselves to that sort of deal remains to be seen.

Rejoice, sysadmins, there's a new glamour job nobody understands

Doctor Syntax Silver badge

"shepherding of IoT solutions"

So herding cats might be a useful background.

Uncle Sam's boffins stumble upon battery storage holy grail

Doctor Syntax Silver badge

"Which in real terms would mean cars travelling 300-500 miles on one charge for less than $10 – a fifth of the price of gasoline."

It's not just a matter of range and cost. It's also a matter of how quickly you could get the energy into the car. Can they achieve a charge rate equivalent to a petrol pump's delivery rate and as simple to operate?

Third of US banks OK with passwords even social networks reject

Doctor Syntax Silver badge

Re: What's a "thruway item"?

It means someone wasn't using the spill chucker.

Dwolla dwamned for destroywing defwences: $100k fine for insecurity

Doctor Syntax Silver badge

An appropriate measure would have been to have closed them down immediately and bar the principals from the financial industry, not run an investigation for a couple of years and then give them a minuscule fine. Actions need to protect the public and deter.

Good eye, Hubble! Space 'scope spots furthest-ever object

Doctor Syntax Silver badge

"James Webb telescope ... would be able to see much farther than Hubble. Now, not even a week later, it turns out maybe not THAT much farther since Hubble can apparently see farther than ever imagined."

Of course if the James Webb telescope turned out to be able to see much further, say in excess of 14 billion, things could get really interesting...

Hillary Clinton private email server probe winding up – reports

Doctor Syntax Silver badge

Re: "winding up"?

That depends. If there's lots of activity afterwards it's winding up. If nothing happens, it's winding down.

Doctor Syntax Silver badge

Re: @AC @ AlexS

"because he made Blair look like a schoolboy in comparison"

That in itself wasn't too difficult. The WI made him look like a schoolboy and not even in comparison with anything.

Biting the hand that feeds IT © 1998–2019