* Posts by TimB

42 publicly visible posts • joined 29 Mar 2007

Senior GitLab exec resigns over plan to stop hiring engineers in China and Russia


Re: Thumbs up

From the comments: "Please be aware there is an active, time-sensitive contract negotiation linked to this matter."

That's not about a clear risk to customer data, that's about pandering to a big customer.

Morrisons tells top court it's not liable for staffer who nicked payroll data of 100,000 employees


Re: Depends if decent efforts at data security made by Morrisons

There's no legitimate reason for cloud storage or webmail providers to be accessible from the same system as the payroll data. USB locks are readily available and easy to install. Something like payroll data should be easily auditable for any access or printing.

You're right, it's almost impossible to actually stop somebody who is determined to get data out. That doesn't mean you don't bother putting in any precautions at all.


Re: Depends if decent efforts at data security made by Morrisons

Morrisons provided him with credentials which gave him the privileges required to log in and access payroll data. Morrisons configured his PC so that he could just plug in a USB stick and copy whatever they wanted to it. Morrisons therefore allowed him, by the granting of privileges, to copy payroll data to a USB stick and walk out the door with it.


Re: Depends if decent efforts at data security made by Morrisons

Seems to me that the granting of privileges is the line where they're acting on behalf of the company. Presumably, I couldn't simply walk into Morrisons head office with a USB stick and do what this guy did. He's used privileges granted to him by Morrisons specifically for the purpose of accessing that data. He is responsible for his behaviour while he has that acces, but Morrisons are ultimately responsible for the breach because they gave him the access.

Spies still super upset they can't get at your encrypted comms data


They know exactly what they're doing

If they really believed it was as simple as "Look guys, just give us access so we can stop the terrorists", they wouldn't go to the trouble of issuing communique's with veiled threats of legislation for non-compliance - they'd just jump directly to legislation. They know exactly what they're doing and they don't want a backdoor. They want a culture shift so that encrypted messaging goes away completely, so that the very presence of encryption is a cause for interest.

All these stories about tech companies refusing to help isn't aimed at you - it's aimed at the man on the Clapham omnibus. They want him to ask why Whatsapp messages use end-to-end encryption in the first place - why this is a concern now when a couple of years ago he could just send an SMS and it worked exactly the same but didn't help the terrorists and pedophiles. They want broad consumer support in place before they legislate against the use of end-to-end encryption in consumer messaging products.

They know they'll never stop encryption - that's not the goal. They just want it so that nothing on the app stores use end to end encryption, so anybody left who does still use it becomes interesting again.

Elon Musk invents bus stop, waits for applause, internet LOLs


So instead of buses

You've just invented taxis?

Morrisons launches bizarre Yorkshire Pudding pizza thing


I call it "The Shitbox"

Take a 16 inch takeaway pizza box. Rest 4 pizza puddings on a bed of chips. Fill any gaps with fried chicken. Top everything with lashings of mixed kebab meats. Add 3 bottles of Frank's hot wing sauce. Top the lot with grated cheese. Serve inebriated.

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors


Re: So to translate...

Spouting bollocks to try and forward her agenda of a totalitarian police state? That's pretty much what she does best.


Re: Telegram

No, you're thinking of the Friday night LAN party on Civilization night.

Teen texted boyfriend to kill himself. It worked. Will the law change to deal with digital reality?


Re: Is american law stupid?

While it might be illegal in every state to encourage suicide, presumably the punishment is considerably lower than the punishment for manslaughter/murder. Also, even if the encouragement was successful, there would usually be some difficulty in establishing the encouragement as a significant factor in the victims decision to take their own life. This case is rather unique in that her actions went a long way beyond encouragement - she bombarded him with texts demanding that he take the next step towards suicide and berating him when he failed to do so. It's also compounded by the fact that he expressed his own desire not to go through with it, and she did everything she could to persuade him to do so.

Machine vs. machine battle has begun to de-fraud the internet of lies



You keep using that word. I do not think it means what you think it means.

New plastic banknote plans now upsetting environmental campaigners


Re: RE: Roadkill badgers

My shaving brush is made from badger. I'd better hand myself in.

US cops seek Amazon Echo data for murder inquiry


Re: Interesting...

"More interesting would have been Amazon saying there was simply nothing to produce. Telling that they are using legal weasel words instead"

That doesn't really raise any red flags for me. I'd probably be more concerned if they did simply say there's nothing to provide - that would mean they at least got as far as looking. In a company the size of Amazon, there should be no reason for the legal guys to have access to Alexa data, and whether or not the data exists shouldn't have any bearing on their response. So at this time, it looks to me like they're doing the right thing.

The fun part will be if they get dragged through the courts, ordered to release the data anyway, and *then* turn round and say "Sorry...nothing there"

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor


Re: Well...

My postman "provides a postal or telecommunications service". Does he have to tell the Government if he gets an Xbox for christmas?

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January


Re: This is proper and important step and I hope other browsers will do the same

But I DO control the DNS and site for natwest.securebanking.site (well, I don't, but for the low low price of £3.99 through my usual registrar, I could), so I'd have no problem making it display the green padlock.


Re: @Marcel - Really?

You mean your browser will still return the secure version of a site even if the page contains no links to unbiased sources? That just sounds like a poor implementation of HTTPS to me.

'I found the intern curled up on the data centre floor moaning'


Re: similar to Laura

I've had a couple of call outs when I've either been the wrong team or not on call. I *always* make a point of getting it properly logged even if I'm not the right team. Occasionally, the helpdesk have realised I'm the wrong person and tried the apology followed by a quick hang up approach. That results in them getting called back to get the ticket reference.

I don't have a problem with them waking me up at 3am for something that isn't my problem, but I'll be damned if they're going to worm their way out of paying me for it.

Prominent Brit law firm instructed to block Brexit Article 50 trigger


Re: What a horrible waste of time and money

Well of course you'd be happy with that. Because "accepting the status quo" is the entire position of Remain, so it wouldn't be a tie at all.

What you're actually saying is "50% isn't enough to oppose what I want to do, my vote should win unless at least 55% (60%? 75%? 99%?) agree with my point of view.

Careful - your helmet might get squashed by a Volvo


Re: Vitriol

The driver vs cyclist argument is always fun to read. The problem isn't that either one group is worse at their chosen mode of transport, it's that particular subsets of those groups (cyclist hating drivers and driver hating cyclists) are both so very vocal.

And then you get idiots like Wolf Simpson (youtube him) who have no road sense of which to speak, but prefer to abuse other road users rather than addressing their own shortcomings.


Re: What a stupid fucking idea....

> Sure, the cyclist should have lights on but even if he doesn't case law is clear that you are still at fault if you hit him.

And this attitude right here is the problem. It's not a question of right and wrong, it's a question of self preservation. "I had priority and it was totally the other guys fault!" makes for a shitty epitaph.

FACEPALM! HP cert used to sign malware


Re: You what?

Let's not forget the part where it took 4 YEARS for them to notice their fuck up.

Intel's new TV box to point creepy spy camera at YOUR FACE


Nothing wrong with the idea

It's the implementation and marketing that's poor. You can't just introduce built-in facial recognition as a standard feature and not expect a backlash.

The right way to do it would have been to ship the standard box without the camera, and have an add-on camera available for an extra £10 or so. Target it at families with selling points such as "Get suggestions that *you* want to watch, not your whole family", "Automatically block your kids from seeing adult content." and "Save energy by automatically powering off when you fall asleep in front of the TV"

Before long, you'll have parents wanting you to implement features that stop the TV from working when Little Johnny covers the camera, and casual users loving the extra convenience. When it's mainstream, you can quietly get bought out by Google without anyone batting an eyelid.

YouTube's hilarious cat videos could soon cost you $5 a month


Sounds reasonable

I currently have subscriptions to Netflix, NowTV, and Sky Sports TV on iPad. The article suggests that only certain content providers will be chargable. If my subscription gets me all those providers for $5/month, that seems fair to me if it motivates the providers to add more content. If I have to pay $5 for Fox, another $5 for HBO etc, then it won't work.

APPLE: SCREW YOU, BRITS, everyone else says Samsung copied us


However it's worded

the meaning to the average non-tech user is exactly the same:

"Look, it's a Samsung. Oooh, it's half the price of the iPad too. We might as well just get that one, even Apple say it's the same thing"

College sticks cloud into geothermal igloo data centre


@Tom 38

The implication is that it's 10Gb/sec, and £x/Gb. Presumably it's cheaper to ship a SAN out there than it is to pay for the bandwidth.

Deleting 'innocent' DNA will cost £5m


SQL is only half the story

Sure, deleting the data is probably fairly trivial and cheap. The vast majority of the cost is likely to be getting rid of the physical DNA samples. This is biological waste, you can't just leave it out for the binmen. Add to that the fact that the samples need to be securely destroyed to make sure they don't accidentally end up on some health insurance database somewhere, and this doesn't seem like such a huge figure. For government spending, at least.

Photo loss blogger to Flickr: You're f*cking kidding


Looks like he got it back


Yahoo have clearly been reading the comments, and finally figured out how to restore data.

Thread over.

Texter who fell in fountain threatens to sue


this is actually more interesting than it looks

Had the uploaded footage been raw CCTV, the mall at least would probably be in serious trouble for not securing that data. However, the fact that we can hear the staff talking over it means that what got uploaded wasn't raw footage. Rather, I suspect someone filmed the playback on their phone, which they then uploaded.

The mall can very easily argue that their security staff need to be able to review footage, and there's no way they can reasonably stop someone from filming it on their phone. Sure, there's a good chance that the person who filmed it could be fired, but I don't see it going any further than that.

Crooks 'too lazy' for crypto

Thumb Down

@Brian Morrisson

No you don't. You just say "The password? It's a long complex one. I have no idea exactly what it is, but it's on the post it note stuck to the bottom of the PC. What do you mean, 'what post-it note'? You confiscated the computer, you must have it"

BOFH: Slab happy


@sir runcible spoon

Actually, I think you'll find that not getting involved in a land war in asia is slightly *more* well known than not going against a sicilian...when DEATH is on the line!

T-Mobile coughs to data theft

Black Helicopters

So thats where they come from...

I started a new contract with T-Mobile about 2 months ago. Previously I'd been on O2, and in 5-6 years I'd never had a single cold call. Within a week of moving, I was getting cold calls from one particular number offering me an 'upgrade'.

At least now I know how they got my details.

Extortionist targets jailbroken iPhones



I just upgraded my firmware, and I thought the same - "I don't use any of the jailbroken stuff, so why bother?" After the upgrade, I remembered.

I jailbreak my iPod Touch because of the French. More specifically, because of their silly law that means the iPod ships with the volume limit enforced at 70% in the EU. I like my music loud, and I'm not going to let a frenchman stop me having it that way.

The good book: How to bet better online


@Nick Miles

Not anymore. As of September 2007 gambling acts are legally enforcable.

Proof of age system moves net ID a step closer

Black Helicopters


"the government now needs to seriously consider whether filtering software has reached the point where some elements of internet policing may safely be placed back in the hands of parents"

When exactly was it taken out of the hands of parents? Or does the government just assume control regardless?

Devil dog laughs in the face of Taser



You realise that the police have their own dog control units, right? With flashy blue lights and everything?

Thumb Down

@Bruce Sinton

Well no one even needed a trip to A&E for a tetanus jab, so clearly "mauled" is a little OTT.

As has been said above, if they had time to wait for armed officers, they had time to wait for a dog handler.

AVG fake traffic spares Google AdWords

Thumb Down

Security Risk

When I tried it, I purposely attempted to visit an infected site to see what would happen. First, the bad sites were immediately flagged as bad in Google results - the good sites took a few seconds to be checked. This would indicate that the bad sites get added to a database and then ignored for a bit, while the good sites have to suffer continuous scans.

Then, when I clicked a link to a bad site, I saw an AVG page warning me that, if I attempted to visit the site without adequate security software, "Such as AVG", then I was leaving myself at risk of infection. Umm...hang on. Clearly I *have* adequate security software - that's what's warning me, after all. So where's the benefit of pre-scanning?

Since we all accept that visiting certain websites can be a security risk, how exactly is my security helped when the very software that's supposed to be protecting me is visiting all these sites on my behalf?

If a vulnerability in the scanning engine were discovered, a user wouldn't even need to visit an affected site to be infected. From their site: "AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time." - so it would be enough for someone to send you a link in email or IM for you to be attacked.

AVG scanner blasts internet with fake traffic


Not just search results...

From their blurb: AVG scans every Web link you come across, whether in e-mails, documents or instant messages, no matter the source, before you open them to ensure you are protected in advance 100% of the time.

So it seems like it's more than just your search results that get scanned. You just only get told about it when it's search results.



Actually, my company requires all home users to have a static IP so that they can access our network. If they're not accessing from their home connection, they're denied access to the VPN. I'm sure we're not alone in this.

Thumb Down

The bad guys seem to get a break...

Not wanting to criticise without trying, I've downloaded this and done a little checking. Sure enough, on a typical google search, you get a little AJAX-looking progress circle next to each link - these gradually turn to green ticks after a few seconds, and yes, this also happens on sponsored links.

However, do a search for the stuff that's likely to host malware - in my case, i chose the word "warez" - and only a few entries show the AJAX progress circle. All the bad ones immediately have a big red cross next to them. Combined with the fact that, during installation, AVG asks for permission to update Grisoft with information about the threat levels of sites you visit, and the logical conclusion is that Grisoft are maintaining a database of known bad sites, and is using its userbase to do the data mining for them.

Unfortunately, it seems that while they gave the bad guys a bandwidth break by blacklisting them for some unknown period of time, the good guys get scanned every time. Which seems to me like a very poor scenario indeed.

My approach to dealing with this is to cancel my Adwords account, and advise Google of my reasons for doing so. If enough advertisers hit Google in the pocket, I suspect they'll look at addressing this on behalf of *their* customers.


On the plus side

I run a small site, and this could be useful to give me an idea of what search strings my site is making the front page for, without getting clicks. OK, it might change my web analytics as I use it now, but I can adapt.

Games firm pursues 500 pinball 'pirates' through UK courts


My response to their 'letter'

"In relation to your claim that your computer was hacked into, we regret that the security of your computer is not our concern. It is your responsibility to ensure that your computer is protected at all times."

I appreciate that the security of my computer is not your concern. Irresponsible though it may be, it is not unlawful to have an (unpatched computer/open wifi network/insert excuse here). I am able to provide evidence to back up my situation, and I am confident that, on the balance of probabilities (the level of proof required for civil cases), I can show that the actions you suggest were not carried out by me, and that I have no liability to your client.

In answer to your request for compensation, I refer you to the case of Arkell v Pressdram.