* Posts by Vagnerr

10 posts • joined 6 Mar 2008

Either my name, my password or my soul is invalid – but which?


Got to watch those password lengths

I have had at many experiences where there was an upper limit on the password length ( usually a red flag that they may just be saving passwords in plaintext). No big problem usually as I generate random passwords anyway but its a bit of a shame if it has to be a shorter one.


On one occasion the max password length was 20 characters. Not bad. ... Except that was the limit for creating the password. The limit for entering your password to login was only 18 characters! </slowhandclap>

All your base are belong to us: Strava exercise app maps military sites, reveals where spies jog


Oooh Secret Alien landing sight perhaps?

Definitely interesting considering the satellite view is blank...



'Please store the internet on this floppy disk'


But we sent the file!!!!

I used to work at a company that did batch data processing for many large financial institutions, and occasionally they would fail to send us the files. So it was part of our job to call their technical teams to chase the missing data.

On one occasion the user was quite insistent that they had sent the file to us and it must be our fault. Their evidence?

* an image scan

* ... of a photocopy

* ...... of a fax

* ......... of a windows screen shot ( win95 possibly even earlier )

* ............ of an open file explorer window containing the file they had saved to their desktop

A+ for effort, but nope that's not what "sent" means :-)

Help desk declared code PEBCAK and therefore refused to help!




Surely if this was a network team they should have been closing these tickets as an OSI Layer 8?

Brazilians whacked: Crooks hijack bank's DNS to fleece victims


Re: "Let's Encrypt" abused. What a surprise...

LDS Said

> Browser should notify that Let's Encrypt certificates means

> only "encrypted communication" with an UNKNOWN party.

It kind of does.

The default "cheapest" SSL certs you can get either free from Lets Encrypt, or reasonably cheap from other providers, only report in the browser as "Secure" and with control of the domain you could have acquired a cert reasonably quickly from any provider. What banks and other important organisations will have is an "extended validation cert" where the issuer would have actually called the organisation and required documentary evidence to prove that they are really "ACME Banking Corp" in which case the browser will report the company name in the URL bar, not just the word "Secure".

Of course the difference is quite subtle for most normal users and that is where the problem lies.

New prison law will let UK mobile networks deploy IMSI catchers


Doesn't this already contravene premium rate call rules (in the UK at least)

Yup and the Reading to Waterloo SWTrains line goes right past HMP Bronzefield, So I guess that's a good 50-100,000 mobiles pinging that on the way past everyday.

Thousands cut off from email after EE bungles domain renewal


You can't rely on the nominet mails

Owning a couple of .uk domains myself I can attest to the fact that you don't always get the renewal notice emails from them. The last time mine where up for expiry its was the Google webmaster tools that informed me that the googlebot couldn't access the site. But then I'm not a big commercial entity so I suspect the only person who noticed was the webtrawlers :-)

So yes its your asset. you are responsible for maintaining it. you should know when your own domains are going to expire

Amazon algorithms price bio book at over $23m


CamelCamelCamel has a nice graph of the insanity :)


iPhones dialling up premium-rate bills again


Doesn't this already contravene premium rate call rules (in the UK at least)

I have worked on automated dialler software in the past and we worked quite closely with ICSTIS (now Phone Pay Plus I think) The UK regulator for premium rate calls. The rules laid down were quite specific about informing the consumer before dialing. In our case we provided an interface where the user had to check "I am the billpayer", "I am aware of the fact that this will cost X Pence/min", "I agree to pay" ( think there was a 4th item but don't recall). These checkboxes had to clicked individually plus if the call cost hit £10 they had to opt in to continue and if it hit £20 it was an automatic disconnect.

If Admob is not doing this they I believe they are in violation and subject to fines of over £100k or more.

Its been a while though maybe it all changed.

Has your shifty foreign neighbour got 16 mobes?


Business users

I guess those of us who are required to carry a business mobile as well as their personal one are pretty screwed then.


Biting the hand that feeds IT © 1998–2020