* Posts by SloppyJesse

37 posts • joined 27 Apr 2017

Boeing big cheese repeats pledge of 737 Max software updates following fatal crashes

SloppyJesse

Re: As an aside, one thing that annoys me about my car

My Peugeot forgets the position of the rear wiper switch. If it is on when the ignition is turned on they do not function. Have to turn the switch off and on again.

Guess someone forgot to call the 'check the physical switch position' routine...

And if you turn the fog lights on with headlight on auto guess what? Yup, if it gets lighter the auto headlights turn off and also cut the fog lights off. Because no one ever started driving on a foggy dark morning and it got lighter...

Don't get me started on the sound system...

UK spy overseer: Snooper's Charter cockups are still getting innocents arrested

SloppyJesse
Joke

Re: Wrong IP? Pah - Try Plusnet!

> So somewhere in Plusnet land they had

> screwed up the MAC<> credentials list

Clearly they should be using blockchain to store this kind of information.

Terribly Sorry Bank reports 165% drop in profits to a pre-tax loss of £105.4m

SloppyJesse

Re: Who decided such massive change all at once?

Having been involved in a number of banking system migrations albeit with credit cards the idea of a multi-stage migration creates far more problems than it solves.

The big bang approach is far more straight forward - but you have to get the destination system in order and test, test, test before committing to the live migration.

This sounds a lot like the project was told to move, or simply ran out of time to prepare before an immovable deadline. Believe they were moving off the Lloyd's platform - bet there were ridiculous financial penalties kicking in for not leaving on time and someone senior made the call to go with the migration and then firefight the issues on the other side.

Say what?! An AI system can decode brain signals into speech

SloppyJesse
Trollface

Re: Er, didn't "House" [M.D.] have this a few years back ?

The Russians developed it in the 80s, even built a fighter jet controlled using it. You had to think in Russian mind.

'course those pesky Americans didn't like not having the best toys and sent a bloke called Gant who looked remarkably like Clint Eastwood to steal it. All went horribly wrong, the bird was dumped in a lake and the whole debarkle was hushed up.

Who's watching you from an unmarked van while you shop in London? Cops with facial recog tech

SloppyJesse

It's not about accuracy

They're not testing the system for accuracy, they're testing if they can get away with using this kind of system.

Canuck couple returns home after night on tiles to gaggle of randomers hanging out in their flat

SloppyJesse
Terminator

Re: It always pays to carry a Micro-Uzi in a shoulder holster

"It's not the tool, it's the user. If you allow the bad guy to take your pointy stick, the bad guy might use it against you or your family. Solution: Don't allow the bad guy to take your pointy stick."

Alternatively, only carry if you can guarantee 100% that no one could possibly take your stick. Can you do that? Can anyone?

"Or you could allow your government to ban the private use of pointy sticks ... and thus ensure little B1ff and Buffy never need to learn to write with pencil on paper. I'm sure your nanny state would approve heartily."

OK, you can keep pointy sticks that are clearly designed for uses that are socially acceptable, such as pencils. But you can't have pointy sticks that are purely designed to penetrate other humans against their will. While we're on the subject you can have items that fire projectiles such as nail guns and tennis practice machines, but not guns, on the same basis.

"As a side note, does anybody important use the Uzi anymore? I haven't seen one in over a decade, and I can't remember hearing the name mentioned in about as long."

Every time I watch my Arnie back catalogue. "Uzi 9mm, ar-sooo-lee". Icon : Arnie in his prime...

Oh my chord! Sennheiser hits bum note with major HTTPS certificate cock-up

SloppyJesse

Maybe they had been drinking the same kool-aid as the IOT tat merchants - everything must connect back to the manufacturers site.

Think of the data slurping opportunities...

UK data watchdog fines Facebook 17 minutes of net profit for Cambridge Analytica brouhaha

SloppyJesse

Re: The fine is way too low...

Not likely to get a per person shared, but maybe per 3rd party they allowed to harvest data? There seemed to be plenty of allegations of other apps that were hoovering up personal data without informing the individuals

Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's smart alarm app works

SloppyJesse

Re: Not Surprised

@Lee D

I agree. With most IOT devices it's the architectural decision to include a 3rd party server in the mix that makes me twitch. An app could be designed to contact the iot device directly, no need for the manufacturer to put their server in the middle. But then how would they slurp data on usage to improve their product sell more tat?

SloppyJesse
Facepalm

> What was his plan to "enter his property" if his

> phone was lost, stolen, broken or out of battery?

Backup phone fully charged with the app installed underneath the dustbin, obviously. The guy's not a complete idiot...

Dixons Carphone: Yeah, so, about that hack we said hit 1.2m records? Multiply that by 8.3

SloppyJesse

"What we need is auto-generated card numbers, so we can have a different card number to us to use at different online retailers, surely it wouldn't be that hard to do?"

Cahoot tried this many years ago. You could 'create' a card with a specific limit and limited valid date. Worked, but I think the problem is volume of numbers needed.

What is really required is a better authentication scheme. Chip and pin and secure code/verified by visa are better, but as long as people can fall back to simply entering a few non changing values there will be a huge hole that ne'er do wells will exploit.

Brit IT contractor wins appeal against HMRC to pay £26k in back taxes

SloppyJesse

Re: Hopefully they can make fairer rules and less of a crap-shoot

"That will reduce any corporation tax your company might be liable for but it is an expected expense for boy you (pre Income Tax) and for your company to show that you are operating your business properly."

If your contract is within IR35 your pension contribution will still be after tax. Just one of the many issues with IR35.

Hacking train Wi-Fi may expose passenger data and control systems

SloppyJesse

Re: Routers, Routers, Routers

>Would it be any good for Gov enforcing a new design for routers utilised in any infrastructure project.

Doubt it - because, um, government

>Hardened routers, No-Wifi-admin and No-remote-admin.

No remote admin? So you want any changes to be made by the train assistant? Or require a trip to the depot?

>Separate routers for public access that only connect to public networks.

At some point the 'private' stuff on the train is going to need to reach out across t'Internet. Unless you're suggesting the railways build a private wireless infrastructure for their trains? (which might not always have been as mad as it sounds - I recall stories of proposals in the early days of mobile for just that since they had a huge wired commas network for trackside)

>Encryption needs to be stronger than the time the

>longest trip takes How long are passengers (potential hackers) on the train for ? Perhaps length of a >Chunnel trip France-England.

Is that a joke? Takes me longer to get to London from the Midlands than the Eurostar. Maybe London -> Scotland. There's a reason you can get a bed!

UK's Department of Fun seeks data strategy head – experience not needed

SloppyJesse

Re: a salary of up to £65,535

The intern gets 0.

Cryptocoin investors sue Chase Bank for sky-high credit card charges

SloppyJesse
Pirate

MasterCard 'clarification' of MCC/SIC code?

Sounds to me like the change in charges was linked to the MCC code Coinbase was using. There were articles earlier in the year about MasterCard 'clarifying' to crypto currency exchanges what code they should use.

If coinbase changed from a code not considered a cash advance to one that is then most (if not all) card providers would automatically classify the new transactions as cash.

That would make Chase's statement entirely correct. The people affected can probably see this as the code is often on the card statement.

Maybe they should go after coinbase? But Chase probably has deeper pockets...

What's silent but violent and costs $250m? Yes, it's Lockheed Martin's super-quiet, supersonic X-plane for NASA

SloppyJesse
Megaphone

Re: Others Already In The Works

I'd rather they concentrated on efficiency and pollution reduction, like these guys http://silentaircraft.org/design

But that's not as sexy as going supersonic I s'pose.

Politicos whining about folks' data rights ought to start closer to home

SloppyJesse

Re: Voting is a public duty

"withholding it is the clearest signal I can give"

So having taken the time to carefully consider your options you decide to lump yourself in with those that cannot be arsed? Hardly a 'clear' signal.

Better to turn up and write your opinion on the ballot paper - at least then you get included in the turnout figure.

Bitcoin heist with a twist: This time it's servers that were stolen

SloppyJesse

That's not how blockchain mining works. The 'value' of a generated block is allocated to the public key of the miner that generated it. You'd need the private key to spend it and the miner has no need for that. A sensibly configured miner would not have access to private keys.

Equifax peeks under couch, finds 2.4 million more folk hit by breach

SloppyJesse
FAIL

Will GDPR prevent companies using 3rd parties with such a bad history?

GDPR article 28

"Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. " [http://www.privacy-regulation.eu/en/index.htm]

Think Equifax may struggle to provide such guarantees based on recent behaviour. Assuming the regulations expect guarantees to be worth more than the paper they are written on.

Google gives mobile operators a reason to love it, and opens rich chat up for business

SloppyJesse

"Let's all use a messaging system which charges you by the message!"

Don't think I've paid 'per message' in a decade. SMS just come bundled, I've had unlimited on my last few contracts and ludicrously high limits before that.

Multimedia messaging on the other hand costs and if nice cuddly google starts trying to push messages over the data channel they could send me over my data cap.

SpaceX's internet satellites to beam down 'Hello world' from orbit

SloppyJesse
Headmaster

Re: One wonders ...

Good article on these constellations over at IET

https://eandt.theiet.org/content/articles/2018/01/mega-constellations-will-they-bridge-the-digital-divide/

They claim latencies of around 30 ms versus 700 for geostationary satellites. Presumably that is just signal transit time.

Interestingly they suggest spacex will start launching in 2019 and the article was only published last month. Wonder if they've stepped up the pace to try and catch up with other proposed networks?

And lo! Crypto-coins came unto the holy land. And the wise decreed they must all be taxed

SloppyJesse

Re: What is it?

"The Blockchain Bitcoin isn't scaleable."

FTFY

"The cost of creating extra coins is too high and dependant on electricity & computer costs, not economic indicators."

From the systems perspective the mining is all about maintaining the integrity of the transactions rather than generating new coin.

If anything the block rewards didn't drop quickly enough as the system took off driving the miners 'arms race' to the crazy level we see these days.

UK.gov told: Your frantic farming of pupils' data is getting a little creepy

SloppyJesse

"The Guardian asks how many children have been excluded"

select count(*) from all_pupils where excluded='Y' [*]

No sharing of pupil level data required.

I don't have a problem with detailed data being collected to monitor schools and ensure they aren't gaming the system - it's the retention and sharing 'for other purposes' that is the issue. If this is really about monitoring the educational institutions there is no reason for the information to 'haunt' pupils throughout their life - there's no reason to ever tie the data to an individual once they've finished education.

The real issue is WE do not trust that THEY will use this data only for the purposes they are stating or look after it properly.

Brrr! It's a snow day and someone has pwned the chuffin' school heating

SloppyJesse

Re: Force disconnection from the internet

Just because a device can connect to an Internet server does not mean the Internet can connect to the device.

But I take your point. At least some of the manufacturers do seem to be saying "hey, you can connect our system to an ip network to manage it. What? No, not _that_ ip network!"

Sloppy coding + huge PSD2 changes = Lots of late nights for banking devs next year

SloppyJesse

Re: Mandated nonsense

"Financial organisations are being forced to implement a solution to a problem "

FTFY

This has already started complaints. One of the banks (Lloyd's I think) has started amending Ts&Cs to accommodate. The Radio4 Moneybox audience are already asking how they can opt out.

And I'm with them. There needs to be a serious "no means no, just no" option. I don't want my bank having any chance of coming up with "but they said you'd given your permission" type excuses.

Oregon will let engineer refer to himself as an 'engineer'

SloppyJesse

Re: iamanidiot let me guess

"In the UK the IEEE (Institute of Electrical and Electronic Engineers - not even a classical engineering field) started this by telling their members to abuse anyone that dared to call themselves an "Engineer" that did not have a BEng (Bachelor of Engineering) degree."

The IEEE is a world wide institution. You may be thinking if the Institute of Electrical Engineers (IEE), now called the Institute of Engineering and Technology (IET). I'm a member, the topic of giving Engineer a designated status comes up in their membership magazine every few years. Normally it's prompted by discussions on how to encourage youngsters to aspire to be engineers or how to address the skills gap. And generally comparisons with Architect in the UK or Engineer in Germany are made.

After much hand wringing it fizzles out with the general feeling of "you'll never make it stick". The chartered engineer status is the closest we have in the UK. You need an engineering degree (I.e. a BEng, not BA or BSc*) plus relevant experience (although alternative equivalents are available) and then you go through a (apparently**) rigorous process to be awarded CEng.

(*) BEng degrees can only be awarded for courses that have been accredited by a professional institution e.g. IET, BSC

(**) So I've been told. not done it myself.

User dialled his PC into a permanent state of 'Brown Alert'

SloppyJesse

Re: So let's thanks technology...

> If you lose the remote you have

> to fiddle around the back of the

> screen looking for the buttons,

> guessing which is which.

Place I used to work replaced all the meeting room screens with large panel TVs. Remotes lasted about a week, then every meeting started with someone fumbling behind the screen trying to do some kind of Vulcan neck grip.

Genius.

Dnsmasq and the seven flaws: Patch these nasty remote-control holes

SloppyJesse

@Phil Endecott - that was my first thought too, since dnsmasq is typically sitting at a network boundary.

Pretty sure openwrt uses dnsmasq, probably other open source firmwares too, and all those closed source routers that are probably never going to get an update.

Mazda and Toyota join forces on Linux-based connected car platform

SloppyJesse

"They should just stick with Apple & Android until Android Automobile is released. That, or toss in agl with support for apple and Android."

Their current offerings and probably based on linux and gpl'd libraries. Would be better for them to focus on a solid media system <-> car interface and release the media side source and build code.

At least then there'd be a chance of getting bug fixes to the media player - looking at you Peugeot - or systems that recognise older ipods - and you Nissan.

Small biz breaks out pen, paper after Brit tax collectors' Digital Form Service goes down

SloppyJesse

Re: 1.3 billion!

...spend nearly 14 millennia of people's time...

They're not spending time, they're spending tax payer's money. It works on a different scale.

Look who's joined the anti-encryption posse: Germany, come on down

SloppyJesse

Re: Answers to the usual nonsense

> It could even be accomplished without altering the encryption at all. Just order WhatsApp to store

> two copies of each message. One encrypted normally and one encrypted with the government

> public key.

Many encryption models already support multiple keys for the same encrypted content - if you change keys on an encrypted hard drive it doesn't re-encrypt the entire drive, just updates the header information. Some zip programs allow a global key so an admin can unencrypt archives (e.g. if the user password is no longer available).

Not sure I would want a government agency to have similar powers over all communications that a corporation might have over communications within their organisation.

One big distinction that needs to be made is between 'normal' policing and covert surveillance. In normal policing the use of powers can be closely and publicly monitored, but in the v covert scenario we might assume that anything that is technically possible and logistically feasible will be utilised in any way the covert operatives see fit.

When we said don't link to the article, Google, we meant DON'T LINK TO THE ARTICLE!

SloppyJesse

Re: Not so easy...

> Google, since it's about a different company, not yours. That's a very clear case.

How many dodgy companies 'cease trading' and then a new company of the same name magically springs up in their place? If you can simply get Google (other search engines are available - apparently) to remove negative information on the basis it's about another company with the same (trading) name you have created a very effective way for dodgy people to mask historic wrongs.

Bye bye MP3: You sucked the life out of music. But vinyl is just as warped

SloppyJesse
Gimp

What? No, you must be mistaken. You can put jam on top of your cd and it will still play. Saw it on that top technology show.

... they didn't try a second cd. Perhaps they only had one to demo with.

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

SloppyJesse

Re: Budgets

"Its a bit rich that Amber Rudd is quoted on the BBC as saying that "the NHS must learn from Friday's cyber-attack and upgrade its IT systems". Surely the fault lays at the door of the of government funding (or the lack of it). "

Not just funding, but also policy when it comes to IT. They DID spend lots of money (12 billion plus?) but it was on white elephant national programme for IT rather than upgrading/securing out dated systems within hospitals.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

SloppyJesse

Re: Hunt to blame for NHS attack

Seems to me that the NHS (like many organisations) viewed the XP situation as a binary choice of

A) shell out to upgrade / replace equipment to get away from XP

B) Stay with XP and accept risks that not upgrading brings

What they don't seem to have done in choosing B is spent money and effort on mitigating those risks, the major one being security. Management have just stuck the risk in their register as accepted. If system changes and additional security costs were included in the 'stick with XP' option it might start looking a lot less attractive.

Cabinet Office losing grip on UK government departments – report

SloppyJesse
Facepalm

I worked with a chap who'd been in the civil service once. When asked why he quit what was a significantly better paid job than he'd subsequently got he answered

I got fed up with moving every 2-3 years. You'd arrive in a new job with no idea what you're doing and a huge backlog of work. you'd spend the first 8-12 months figuring that out. Then the next 8-12 months fighting through the backlog. In the last 8-12 months you'd have caught up and understand enough to see the inefficiencies, but you'd be moving soon so what's the point of changing anything...

Seemed a pretty damning insight into the machine.

Mysterious Hajime botnet has pwned 300,000 IoT devices

SloppyJesse

Re: Somebody redefined malware...

"Hajime seems careful about what it infects, so the author is trying to avoid extremely serious shit storms if someone successfully traces out the source."

Or it's avoiding poking a stick in a hornets nest until it's good and ready...

Avoiding certain targets shows awareness but it doesn't mean it's benign, just a bit more clever.

Biting the hand that feeds IT © 1998–2019