* Posts by Steve Foster

741 posts • joined 10 Oct 2007

Page:

Contact-tracer spoofing is already happening – and it's dangerously simple to do

Steve Foster
Mushroom

Re: Eh...

Self-immolation, OTOH, might just do...

(obvious choice of icon)

Steve Foster

Re: Unhearing government

Indeed, if I get a call from my bank (to my mobile number), the first thing they do is ask me to answer security questions (something their own advice says is bad).

I always say no, and explain why (the explanation is for the benefit of the staff person calling *and* their trainers [who use the recordings of those calls :p]).

Steve Foster

Re: OT - Did I miss something? 301 moved permanently??

Over the weekend. As you say, a PITA.

7*7 = a simple equation for taking total control of multiple VMware-powered clouds

Steve Foster
Joke

Re: 42?

You mean ${6*9} surely!

Watch an oblivious Tesla Model 3 smash into an overturned truck on a highway 'while under Autopilot'

Steve Foster
Joke

Re: what is really scary

It's the lighthouses that won't get out of the way that'll really get hurt!

Publishers sue to shut down books-for-all Internet Archive for 'willful digital piracy on an industrial scale'

Steve Foster

Re: Unusually

As I understand it, publishers receive ongoing payments for works lent by libraries, not just the normal purchase price of the work (using some fancy formulae).

Assuming the former is accurate, then while the IA is probably pushing the envelope somewhat, as long as they're paying the lending fees apropos for the vastly increased lending, the publishers aren't actually losing out. Indeed, arguably, they're likely to benefit from the increased awareness of their product (more readers means more sales [ultimately]).

Of course, it would probably have been better if the IA and publishers could have come to a negotiated agreement before all this kicked off.

New TLD redirect?

Steve Foster
Facepalm

Re: Smartphone app

If both are available, and working, why not just leave visitors on whichever one they chose to use? (especially when you've previously received negative feedback about forced redirection)

Even worse are those sites that then drop you on some sort of "pick your region" landing page, when the URL you typed expressly contained the relevant region in the first place!

Steve Foster
WTF?

New TLD redirect?

Visiting the UK ElReg (.co.uk), I'm suddenly being forcibly redirected to the US (.com) site instead (yes, yes, I know, .com isn't solely US, but YKWIM).

Please, *please*, *please* turn that back off.

Surprise! That £339 world's first 'anti-5G' protection device is just a £5 USB drive with a nice sticker on it

Steve Foster
WTF?

Take Yer Pick...

"A Fool and his money are soon parted."

"There's a sucker born every minute."

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.", Albert Einstein

Highways England waves around £62m contract for National Traffic Information Service after brief chat with vendors

Steve Foster
FAIL

Re: Utterley Useless

Oh, and the distraction when they use the information displays for non-urgent messages (like "Red X Enforced" and "Don't Drink and Drive"), particularly ones that are "terminal inexactitudes".

Steve Foster
WTF?

While They're Tinkering

Please could we:

a) have public access to the traffic cameras back on (they've been "access denied" since the Coronavirus lockdown started), and

b) how about putting a certificate on www.trafficengland.com, so that it's secure?

Steve Foster

Re: Utterley Useless

You forgot the excessive use of the variable speed limit system when neither the traffic volume nor current conditions justify it (yes, there are times when it's needed, but it's quite obviously being used beyond that).

cmd.exe is dead, long live PowerShell: Microsoft leads aged command-line interpreter out into 'maintenance mode'

Steve Foster

Re: simple shit so much easier with cmd

I understand the idea of safe defaults, but disallowing local scripts to be run in a scripting engine as a baseline configuration really is going overboard.

Steve Foster

Re: simple shit so much easier with cmd

Critically, CMD.exe does not rely on the .Net Framework. Monad^HPoSh needs that.

It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims

Steve Foster

Stelios & EGM

This isn't the first time Stelios has forced an EGM to be held, as he does like to throw tantrums from time to time. He basically thinks he always knows better than the EasyJet board - sometimes he might be right, but trying to throw his weight [vis his large shareholding] around like this just makes him look petty and vindictive.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Steve Foster

Re: Urgently patch your publicly available, recursive DNS server

"You're missing the point of the attack."

No, I'm not. The point of the attack is to persuade one innocent DNS server to overload another innocent DNS server, thereby creating two victims, one of whom is misled into thinking the other is a culprit.

"The resolver at badguy.com is "misconfigured" on purpose--that is the attack."

I'm not talking about what the bad actor is doing at all. I'm talking about what the good actors can do.

Steve Foster

Re: Urgently patch your publicly available, recursive DNS server

Authoritative isn't the issue. Recursion is.

It's a recursive DNS server that's vulnerable, because it can be used to cause problems for other authoritative DNS servers (by generating multiple queries to resolve the one it received).

Best practice says that authoritative servers should be configured to only respond for their domains, and not to resolve other domains at all. Like that, they can't be used to propagate this attack.

Podcast Addict banned from Google Play Store because heaven forbid app somehow references COVID-19

Steve Foster

Publish Elsewhere?

Perhaps it's time for developers to ensure that they provide the installation APKs on their own website as well as via the Google Store, so that there's a way for users to obtain the latest versions even when Google muck things up^Hfail to scale again.

This has the useful benefit of allowing their software to be sourced by those who either don't have access to the Google Store (eg Huawei users) or who wish to avoid it (eg privacy advocates).

If you don't LARP, you'll cry: Armed fun police swoop to disarm knight-errant spotted patrolling Welsh parkland

Steve Foster
Joke

Re: "...society's untouchables..."

Of course, in the current environment of "social distancing", that's everybody.

Instead of looking at Wuhan, perhaps Donald should be investigating those nerdy DMs as the source of COVID-19?

Google says it'll pick up the tab – and stick it in a lovely colour-coded Chrome group

Steve Foster

Re: I thought I was a bit odd ...

And I'm the reverse - very few desktop icons, but lots of tabs in my browser. And I use multiple windows to organise the tabs - I've even experimented with using different browsers to do that.

Sky Broadband is not the UK's cheapest, growls ad watchdog

Steve Foster

Re: "As for their misleading adverts..."

The current "punishment" regime is useless - forbidding advertisers from running an advert that they aren't using/showing any more is a waste of time.

What might work is forbidding them from advertising at all for a while - perhaps on similar lines to the coronavirus fines, where the ban duration starts modest, but rapidly ratchets up for repeat offences (within defined limits and with a slow decay [like speeding points]).

Or maybe we should just go the whole hog and ban advertising entirely! (launch the "B" ark)

Microsoft doc formats are the bane of office suites on Linux, SoftMaker's Office 2021 beta may have a solution

Steve Foster

Of course, it was created by a bridge player (or official), who used Word because it's what they had available to them at the time, and they weren't a "computer expert" (and probably were someone's grandmother!).

And either they weren't clever enough to be able to do booklet printing of a simple paged document, or possibly the automatic booklet printing options we take for granted now might not have been there in the combination of Win95/Me + Word 95/97 that was probably around when it was first created (it might just have been in the WinXP + OfficeXP era - certainly that's what I was using when I first got my hands on a copy of the document in the mid-noughties), so they created a multi-column layout to achieve the same end.

Steve Foster

Re: Can anyone point me

I mentioned its name earlier - it's called an EBU 20B (EBU is the English Bridge Union).

You can find it here:

https://www.ebu.co.uk/laws-and-ethics/system-cards

It's been about a decade since I had to work with their version, and they might have cleaned it up somewhat since then (I did grumble at them about it a few times).

Steve Foster

EBU 20B

The compatibility issues aren't helped when the source document was poorly constructed in the first place. Back when I was playing bridge with regular partners, I spent some considerable effort on cleaning up the document so that I could reliably work on it with less of the sort of nonsense you've encountered. And that was just in Word itself.

O2 be a fly on the wall during BT and Vodafone's video calls: Telefónica's UK biz, Virgin Media officially merge

Steve Foster

Logical Next Move in the "comms+pay tv" "market"

Presumably will be for Vodafone and Sky to get together.

Steve Foster
Devil

Branding...

VM + O2 = VOM² ?

Steve Foster

Re: combined 46 million subscribers ...?

You're missing that some Virgin Media customers will also be O2 customers already (presumably roughly 5m of them, based on the maths).

MediaTek formally pulls open G85 SoC drawer, reveals chipset for next-gen budget blowers

Steve Foster
Joke

big.LITTLE

Isn't that slightly confusing - shouldn't it be BIG.little ?

Uber, Lyft struck by sue-ball, no, sue-meteorite in California after insisting their apps' drivers aren't employees

Steve Foster
WTF?

Meanwhile (according to the BBC)...

..."Uber and Lyft have also pushed Congress to include their drivers in the federal government's coronavirus relief, including expanded unemployment benefits."

(https://www.bbc.co.uk/news/business-52552998)

They make Janus look like a paragon of virtue!

We beg, implore and beseech thee. Stop reusing the same damn password everywhere

Steve Foster

Re: protect what you value

Isn't that what BugMeNot is for?

Steve Foster
Facepalm

Re: "Put the password policy on the log-in page"

ITYM the registration page, as that's where passwords are created.

But also make sure that pages that deal with passwords (principally the login page, the registration page and the self-service reset page) and the supporting backend processes all implement the exact same policy!

I came across a site recently where this was not the case, so I could reset with a new password that was accepted by the reset page (and it reported success), but would then not work on the login page.

Cue multiple rounds of resets until I found something that both elements were happy with.

Browse mode: We're not goofing off on the Sidebar of Shame and online shopping sites, says UK's Ministry of Defence

Steve Foster

Re: world's biggest English-language news website

The interesting question is why don't they simply block it (at least for most of the working day)? It's not as if the site actually contains anything of value, after all.

Outages batter UK's Virgin Media into wee hours as broadband failures spike 77% globally

Steve Foster
Devil

Re: Phew!

To paraphrase someone else's famous advertising campaign strapline:

"This isn't just incompetence, it's Virgin Media incompetence."

Microsoft decrees that all high-school IT teachers were wrong: Double spaces now flagged as typos in Word

Steve Foster
Facepalm

Re: "the old skool Dear Sir / Yours Sincerely thing"

I was taught that it should be "Dear Sir / Yours faithfully" or "Dear Mr. Smith / Yours sincerely", and never vice versa. Is that considered anachronistic now as well?

Steve Foster
Pint

Fertile Ground

for a Dave Gorman "Found Poem" (if only MLIGI was still around).

Linux fans thrown a bone in one Windows 10 build while Peppa Pig may fly if another is ready in time for this year

Steve Foster
WTF?

Best New Euphemism Ever

"Poking the Penguin", eh?

Huawei P40 pricing is in step with previous P-series efforts – but flagship lacks the apps punters have come to expect

Steve Foster
Thumb Up

Re: Facebook Free?

Quite.

The presence of such apps carries significant negative value, IMHO.

Cloud'n'server hosting giant OVH more like OMG: Data center hardware failure knocks out services in France

Steve Foster

Re: Great!

And perhaps less spam - they seem to be sending a lot of "make money online" and "see how to make money by watching this interview" junk lately.

Whoa, someone actually texted you in 2020? Oh, nvm, it's just Boris Johnson, telling you to stay the f**k at home

Steve Foster

Re: Spam spam spam spam

Wasn't it Hancock who got himself an app built (essentially to promote himself to/with his constituents)?

If I have remembered that correctly (and it's not guaranteed), then he's probably one of the more switched-on ministers.

TeamViewer is going to turn around and ignore what you're doing with its freebie licence to help new remote workers

Steve Foster
Linux

Apache Guacamole FTW

For those who have virtualisation capability or spare hardware, Apache Guacamole is an excellent open-source remote access gateway (supporting VNC, RDP, and even terminal options).

It does take a little bit of work to build (on a Linux base), or can be downloaded as a virtual machine appliance (if you're prepared to trust VMWare's Bitnami tentacle).

It means no reliance on a 3rd-party intermediary (like MS or TeamViewer), and the client is sandboxed within a browser at the remote endpoint. Oh, and it can optionally do 2FA (Duo or TOTP).

Fancy that: Hacking airliner systems doesn't make them magically fall out of the sky

Steve Foster

Re: Fees and charges

Regardless of additional fees for a less than perfect landing, I suspect it's almost certainly cheaper than an outcome where the plane crashes.

I also suspect that the passengers would prefer the former!

Xerox names the 11 directors it hopes will oust most of HP's board and put $33bn hostile takeover to shareholders

Steve Foster

Re: Interesting list

I don't think the definition given on that page makes any sense at all in the context of the commentard's statement.

My suspicion (given the recent vintage of the page, and that's it's not an entirely trustworthy source) is that this is an attempt to retrospectively define the word after it's appeared as a corruption of "au fait", in similar vein to other ongoing online (particularly Twitter) corruption of existing English phrases (cf. Dave Gorman's Modern Life is Goodish "catphrase" and others).

Steve Foster
Devil

Re: Interesting list

Do the existing HP Ink^Hc board have any such qualities?

PS it's "au fait".

Xerox to nominate up to 11 directors to HP's board in hostile takeover push – report

Steve Foster
Facepalm

Re: HPI or HPE

Since it's the printer company, it's HP Ink^Hc.

UK government review of IR35 tax reforms? Like a broken pencil, say contractors groups – it'll be utterly pointless

Steve Foster
Headmaster

"strangulated it"

Aargh!

Helen Fospero makes yet another Brit telly presenter to win IR35 case against taxman

Steve Foster
Trollface

It's almost a pity these cases aren't being held in an actual court, where some judge could declare HMRC to be a vexatious litigant.

IT contractor has £240k bill torn up after IR35 win against UK taxman

Steve Foster

Re: I cannot understand why HMRC pursues contractors so much.

Their 2018 figures don't detail all the administrative expenses (published accounts rarely do), but they do show that payroll costs alone were just under £0.8bn. That's a lot of staff (~22000, according to the figures).

It also lists their property lease commitments - almost £1.3bn in total (not all payable/charged against one year, of course), and more than £0.4bn on finance leases (again, multi-year).

As for transferring costs to other bits of their organisation, there are rules and limits around what companies can do in this regard set out both in domestic legislation and international treaties.

(https://www.gov.uk/guidance/transfer-pricing-transactions-between-connected-companies would be the starting point if one wanted to dig further into that)

Steve Foster

Re: In case this is all confusing...

And the government has it in its power to fix the underlying absurdities of the system to make the whole IR35 charade irrelevant.

Of course, that would mean they had fewer places to hide the real tax rates from voters...

Steve Foster

Re: I cannot understand why HMRC pursues contractors so much.

The standard UK rate of corporation tax is 19%, and that is levied on pretax profit.

19% of £75m is £14.25m, so it sounds like Amazon did indeed pay their due share, according to the current method of taxing companies that we operate in the UK.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020