* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

You get a lawsuit! And you get a lawsuit! And you! Now Apple sued over CPU security flaws

Doctor Syntax Silver badge

Re: GDPR

"Apple hold lots of personal data in the cloud that they suck up from iPhones. This suckage is enabled by default, so Apple is now the de-facto data controller."

You'd have a point if the suit dealt with data taken from the Apple cloud. I may be wrong but I don't think Apple is running that on an array of A6s.

NHS: Thanks for the free work, Linux nerds, now face our trademark cops

Doctor Syntax Silver badge

I migrated my Dad to Linux last weekend, (from Win XP and Office 2010 to Linux Mint 18.3 and LibreOffice) you'd have thought his world had ended "because the font in my email signature has changed"

You should have waited until he'd had some particular software nasty encrypt his files or whatever.

Doctor Syntax Silver badge

"No chance while a neoliberal government runs the UK."

Would you explain this further, explaining what neoliberal means with a detailed argument as to (a) how it applies the the present government (this would involving how the current occupants of Downing St and surrounding area could be construed as a government in any meaning of the word) and (b) how this influences the situation described in the article.

Or should we just assume you're spouting some word you read somewhere?

Doctor Syntax Silver badge

Re: So familiar

"Who can we lynch when it all goes wrong?"

Remind be again, who got lynched when Wannacry brought the NHS to its knees for several days?

Doctor Syntax Silver badge

Re: Good sub-ed needed....

"Can someone sub-edit this article so it's actually readable please? I got fed up with trying to decipher the typos, misplaced apostrophes and general misspellings halfway through."

Seconded. I was thinking about emailing my local MP and sending her a link to this article but given the mess it's in I doubt it would be a good idea.

Crypto-cash exchange BitConnect pulls plug amid Bitcoin bloodbath

Doctor Syntax Silver badge

"Bitcoin is just another name for the Dollar."

If it were then its value would remain static against the dollar.

Make Apple, er, America Great Again: iGiant to bring home profits, pay $38bn in repatriation tax

Doctor Syntax Silver badge

"I thought the tax cuts Trump has introduced will reduce the tax liablility for him and his family by $1 billion?"

As the article says: the Trump-friendly tax reform bill

Doctor Syntax Silver badge

Re: Academics

"Who pays tax on wages and salaries?"

The recipients and their families when they use the income to buy stuff.

Doctor Syntax Silver badge

Re: Academics

"to already fat shareholders"

Maybe you're one. Do you have a pension plan, personal or via your employer, or any other sort of savings that get invested in shares?

Doctor Syntax Silver badge

Re: 15.5 percent and Apple Incentive

"There is only a handful of non-tax heaven countries with rates under 15. In the Eu it is just Bulgaria and Hungary."

Just wait until the UK is out of the EU. If the local business tax take sinks low enough becoming a tax haven will be a viable proposition.

Doctor Syntax Silver badge

Re: 15.5 percent and Apple Incentive

"So unless Apple guy want more USA designers, USA Apple campuses, USA Apple servers, or USA Apple buildings, there are little reasons they would bring all the profit back."

Surely all these things you list are expenses which would be set against tax. Paying out money in this way reduces profits on which the tax is due. The reason to bring back profits is to pay dividends. In the past Apple has borrowed money to pay dividends. Now they can repay those loans. They'll have time-shifted the tax liabilities on the profits distributed as dividends from the past, when the tax would have been higher, to the present.

Doctor Syntax Silver badge

"Apple’s announcement also explained it will use lots of the cash in the USA on things like a new tech support center that will contribute to 20,000 new hires it plans to make in the Land of the Free. It’s also promised to build another campus somewhere in America, given its staff a $2,500 bous and tossed another $4bn into the fund it’s using to help US manufacturers innovate."

I'd have thought those were business expenses to be set against tax. Couldn't they have done that without any tax liability at any time?

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Doctor Syntax Silver badge

Re: Give me a G!

"Not like they can do much against a company that, say, operates entirely outside the EU except for those ad requests."

Providing the hosting is also done on a company that operates entirely outside the EU. Forget using the likes of AWS.

Doctor Syntax Silver badge

"The ad companies want our profiles by hook or crook, and they're getting VERY good at finding ways to sniff us out without having to ask. They're also probably much aware of laws and sovereignties, meaning any attempt to push would simply see them pack up and move someplace friendlier. It's not like they have a whole lot of physical real estate to move around, is there?"

Whether or not the ad companies are located somewhere legally accessible there are other entities at the ends of their chain who might not be so mobile.

In order to do any profiling they have to get access via the web sites. If a web site allows some profiling link to be installed on it I think it likely that the operator could be classed in the EU and the UK as a data controller and the hosting company could also be classified as a data processor. At the other end of the chain the company whose products or services are being advertised is also likely to be scooped up.

Where the web site is being run as the window on some business such as an estate agency or a car dealership they can hardly avoid having a legal presence in the countries in which they operate. The same applies to businesses placing adverts. A small business engaged in selling by post might be able to avoid these constraints; even so such a business with ambitions to grow might foresee the need to establish such a presence in the future.

Hosting companies, however, are likely to have interests in the EU and/or UK. Running a web site on Amazon's infrastructure? If they think they're likely to get roped into this you're going to find they are pretty insistent on what you can do in terms of placing trackers on your pages.

I think I can guess where Schrem's new organisation is going for its initial targets.

Wanna motivate staff to be more secure? Don't bother bribing 'em

Doctor Syntax Silver badge

It would help if email clients flagged up emails with From addresses different from their actual source addresses.

Yes, I know it would put a crimp in some businesses which their owners consider to be legitimate. Too bad for them but it would be for the greater good were they to go out of business.

Doctor Syntax Silver badge

Re: "Report spam/phishing" buttons

I think that would work fine if it they could be deactivated or "muted" for clueless users.

It points to the need for training of those who report too many false positives and, if they prove untrainable, flagging up the problem to HR. (OK, it's quite likely HR will include more than their fair share. Their problem.)

Having said that I'm in the habit of sending false positive reports. I send them to my bank in response to their train-our-customers-to-be-phished emails. Which reminds me, when I sent the last one I told them I'd discontinue that particular email address in the new year if they hadn't responded. Time to to that.

Doctor Syntax Silver badge

Re: Implement security properly

"I'm thinking that the only way to properly secure a remote connecting device is by some sort of secondary physical device that acts as a key"

Many years ago I remember reading about the Olivetti (remember them?) lab in Cambridge which had a system whereby when a user walked up to a terminal it would display their personal desktop. That, IIRC, used their security badge. I never read what happened if two users sat down near the same terminal.

Doctor Syntax Silver badge

Re: Dont' name and shame persistent offenders

"What do you so when your situation is par for the course?"

Go freelance and insist on prompt payment of invoices. (And in answer to your next objection, don't take contracts there).

Doctor Syntax Silver badge

Re: Re Faecebook example

"emails that were so ineptly put together that they looked like phishing attempts."

That would be a report that could be acted on. Clearly whoever puts together emails like that (I'm looking at at least one bank and building society here) has no idea what phishing is and hence is prime target material. Reports on this point to a need for training.

Doctor Syntax Silver badge

Re: Dont' name and shame persistent offenders

"But what do you do when the person you want to sack is someone like an executive with sacking powers of his/her own?"

Leave. The outfit's on borrowed time.

Doctor Syntax Silver badge

Re: Have you ever worked in a security role?

"There's a base level of security compliance it's reasonable to expect, and test for and send people on compulsory training when they don't meet it."

What do you mean by testing? If you simply mean a questionnaire about the security policy this isn't going to be adequate. Passing a one-off test is one thing. Acting securely day-to-day in the long term is another. An effective test would be to have test phishing emails sent randomly to various members of staff.

I had a client who took security very seriously. They had a pen-testing firm ring through to direct lines and try to winkle information out of the target. They found that the attempts were firmly resisted. Security was part of the company culture; it helped that "Security" was part of the company name.

Doctor Syntax Silver badge

"Another, er, motivational technique – naming and shaming of employees by the BOFH – doesn’t work either. "

Really? Back in the days of dumb terminals we had a problem with users not logging out. We set up a message on MOTD to remind users to log out. The next time we had to force a log out we added "xxxxx, this includes you." and changed it every time a new offender was discovered. Eventually we had to remove that with the last offender's name because nobody else had put themselves forward as a replacement.

The message had got through.

I suppose in these days of snowflakes it would be called harassment and not allowed.

France to lend Brexit Britain sore souvenir of Norman yoke – the Bayeux Tapestry

Doctor Syntax Silver badge

The relationships are more complicated than equating the Normans with the French. They were at loggerheads with the French kings who were nominally their overlords. This situation continued over the centuries. I've seen it expressed that Henry II was spending Christmas "in his private two thirds of France" prior to the murder of Thomas Becket. Eventually they started thinking of themselves as English as the French made fun of their old-fashioned provincial accents. Eventually, however, they lost out to the French by the end of the Hundred Years War, not that it stopped them styling themselves as Kings of England, Ireland and France at least until well into the Tudor period.

Doctor Syntax Silver badge

"but they had gone a bit native once they settled in Northmandy - even started speaking some funny Romance language."

They seemed to do that wherever they settled - although they loaned English some words our Viking ancestors who settled in England eventually spoke English. Likewise those who settled in Russia ended up speaking Slavic.

Doctor Syntax Silver badge

Re: In return

"http://www.visitpembrokeshire.com/attractions-events/last-invasion-tapestry/"

Another site to be ignored for displaying SFA unless a stack of sites are enabled on NoScript.

Doctor Syntax Silver badge

"Less understood depictions contained in the tapestry include a number of naked characters along the border – not least the mysterious man with an erection."

The tapestry is thought to have been embroidered by nuns. Just saying.

Doctor Syntax Silver badge

"Somewhere close to Trafalgar Square or Waterloo Station?"

That'll be the National Gallery.

Sueball smacks AMD over processor chip security flaw silence

Doctor Syntax Silver badge

I suppose there is a case for suing them for failing to spill the beans on Intel's Meltdown. Nevertheless. given that both were discovered as part of the same investigation I can't see how AND could have been expected to pull off a stunt like that without outing themselves for Spectre.

Doctor Syntax Silver badge

Re: Confirmation

they are more than happy to start international wildfires if it makes them a bit more money. without having the ability to think through far enough to realise it would lose them money through the company having to pay damages resulting from exploits. That's the danger of never thinking more than a quarter ahead.

Doctor Syntax Silver badge

"These people and the lawyers can smell money and that is all they care about."

Having them declared vexatious litigants would give them something else to care about and would be entirely appropriate.

I'd hope that if this case comes to court there'll be a line of expert witnesses all explaining in great detail that withholding public announcements until mitigation is ready is best practice. Given that as a finding of fact in this case (and the similar one against Intel) would make such cases more difficult to bring in future and would also be a great deterrent to future premature disclosure.

Doctor Syntax Silver badge

So let me work out the argument here:

They should have disclosed the find immediately.

At that stage there would have been no mitigation available.

There's then have been a race to develop mitigation and exploits.

If exploits had won that would have helped the share price how, exactly?

UK.gov slammed for NHS data-sharing deal with Home Office

Doctor Syntax Silver badge

Clearly I wasn't thinking properly when i wrote that comment. It's Yes, Minister series 1 programme 1: "Getting rid of the difficult bit in the title".

Doctor Syntax Silver badge

“[The data guardian, Fiona Caldicott] has concerns that the public interest criteria which are applied by doctors with GMC code or NHS staff using the Department of Health code, are not reflected in the MoU,”

Surely if she doesn't have a veto the word "guardian" is inappropriate.

Former Santander bank manager pleads guilty to computer misuse crimes

Doctor Syntax Silver badge

Bank mamager?

Bank managers used to be middle-aged experienced individuals. They would have good understanding of the responsibilities involved. So why is a 22-year old a manager, especially when her mitigation seems to hinge on her immaturity?

Doctor Syntax Silver badge

Williams was also investigated by police but was "NFA'd" – his case was formally marked No Further Action.

Why?

Biggest vuln bombshell in forever and storage industry still umms and errs over patches

Doctor Syntax Silver badge

Re: "This means our software is behind the multiple layers"

"Can't this people understand their system could be still vulnerable to insiders attacks, or from other compromised systems inside the network with some kind of access?"

Yes they can. But they can also understand that in such a case taking advantage of Meltdown on the storage layer is the least of their problems. They also understand that the performance cost will be paid all day every day.

National Audit Office report blasts UK.gov's 'muddled' STEM strategy

Doctor Syntax Silver badge

Re: It's really very simple

"it disincentives the supply of relevant technical education by allowing Arts courses to charge the same for tuition as engineering courses (English 2 hours lectures per week, engineering 30 or so)"

It's arguable that the English course is subsidising the engineering course.

Doctor Syntax Silver badge

Re: Why bother

"Maybe get a few scientists to do the public inquiries so often called by the govt (instead of a judge e.g. Grenfell) - after all science (in non theoretical areas) is all about analysing data and producing evidence based conclusions"

ITYF that judges are also good at analysing data. In a jury trial, of course, it's not the judge who produces the evidence based conclusions but they still produce summaries of the evidence.

Doctor Syntax Silver badge

"an oversupply in ... biological science graduates, who are then often underemployed in an economy in which they are not in high demand"

So no change in half a century. I always reckoned that as HMG was one of the major employers (a relative term) of biologists they were prepared to finance and oversupply so as to be able to pay rock bottom salaries and save money over the long term.

PPI-pusher makes 75 MEEELLION nuisance calls, lands £350k fine

Doctor Syntax Silver badge

"freeze a company's bank account"

Let me add to that: freeze directors' accounts and accounts to which the directors might have some control such as their spouses.

Doctor Syntax Silver badge

"The calls would likely go through much cheaper ... foreign VOIP providers"

They eventually land with a local telecom company for the last leg. That company knows who to bill. Even if it passes through a number of companies they should still know who to bill. The last one who fails to record where the call came from is left holding the baby. If it's a pre-paid SIM then they need to debit the SIM PDQ. At present telecoms companies are making money out of the racket, they need to share the risk.

The likely result of even looking seriously at this would be likely to result in telecoms companies tightening up - they wouldn't want to undertake the cost of S/W development to handle business which would be liable to dry up.

Doctor Syntax Silver badge

Re: Jail time

"Send the Managing Director(s) to jail."

Managing director is just s couple of words - I don't think it's a legally defined term so best to avoid it.

But there is provision for directors' liabilities within the new DP Bill. See section 117 at https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/lbill_2017-20190066_en_12.htm#pt7-pb4-l1g177

it is proved to have been committed with the consent or connivance of or to be attributable to neglect on the part of a director, manager, secretary or similar officer of the body corporate, or a person who was purporting to act in such a capacity. The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and

punished accordingly.

The provision is there, let's hope it will be used.

Doctor Syntax Silver badge

We need two things:

A mechanism for recipients to charge a handling fee from the callers' telecoms accounts. The telecoms companies would, of course, have to protect themselves by managing the callers' credit which might in itself be sufficient to choke off the entire business model.

The other would be to give the ICO the power for a pre-emptive strike to freeze a company's bank account so that fines couldn't be evaded.

Flying on its own, Thunderbird seeks input on new look

Doctor Syntax Silver badge

Re: Pagan good luck symbols deployed

"I can't simply move them to Thunderbird as they also have to connect to an Exchange server, and don't want to run two mail clients on a single machine."

So what you really need is for T'bird to stop pissing about with UI changes and add in some useful stuff such as Exchange client functionality instead.

Doctor Syntax Silver badge

Re: I remember when...

"...we used to have to learn to use a program (by reading manuals and tutorials) because that was how the program worked."

Then along came IBM with CUA. When people started adhering to that new programs actually did become more "intuitive" but actually the intuition involved was following what had been learned from other applications. The learning curve was reduced.

I think the current problems are caused, like so many others, by people who wanted to get into computing because they saw it as something modern but didn't want to cut code or do anything difficult like that. So they got into non-technical areas like interface design and started tinkering without bothering to understand why stuff looked like that.

Doctor Syntax Silver badge

"The trouble is that for our customers, they want more than that: they want features like shared calendar, contacts synced with their iphone and a modern look."

The danger with the current proposal is that they'll get the last and the rest will still be on the back burner.

Doctor Syntax Silver badge

"The loonies can have their Metro / Australis / Material design / "flat" / Gnome3 revolution all they want, I won't be following."

Can I point you in the direction of Seamonkey?

Doctor Syntax Silver badge

Re: Make it look and act like (al)pine.

You are free to use Alpine, Pine or, indeed, Elm should you so wish.

Doctor Syntax Silver badge

Re: Stagnant is good, dead is better

"It did work as a PR hook, obviously, which is a good thing in itself."

So did the previous "shall we leave Mozilla" debate. It came to more or less nothing. PR is a useless thing in itself.

Doctor Syntax Silver badge

Re: HTML mode doesn't have a tree view (for folders)

"Total madness to do other than the opened email content using a browser engine, sandboxed, so HTML can be rendered."

That's too much. Automatically send such crap back with a note saying "send plain text".

Biting the hand that feeds IT © 1998–2019