* Posts by Tom Paine

2153 posts • joined 19 Aug 2008

You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS

Tom Paine Silver badge

Sounds rather like what Bruce Schneier used to call "movie plot threats".

One does not simply repurpose an entire internet constellation for sat-nav, but UK might have a go anyway

Tom Paine Silver badge
Stop

Re: Full-blown kakistocracy

£96m on a REPORT? Shurely shome mishtake.

They've only gone and bloody done it! NASA, SpaceX send two fellas off to the International Space Station

Tom Paine Silver badge
Pint

Yeah

Whoosh. Off they go. I'll leave it at that because I'm too old to be burning karma

Windows Terminal hits the big 1.0: Fit for production?

Tom Paine Silver badge
Meh

1993 called...

The list of utilities has continued to grow, having begun with a slightly flaky FancyZones Windows manager and shortcut guide before growing to include File Explorer previewers and a Renaming tool.

Wow. I can't wait. Such exciting new innovations.

Microsoft announces official Windows package manager. 'Not a package manager' users snap back

Tom Paine Silver badge
FAIL

"Still to come..."

the current preview is limited to installation; it does not even have a remove option for packages. It does not auto-update packages or even have any mechanism to update them, and there is no specific dependency management.

Oh, come ON, Microsoft - pulling this sort of nonsense, presumably in the name of agile, is getting silly now. This is pre-alpha. "As a Windows users, I need to be able to update packages". A package maager that can't update or uninstall isn't a usable package manager, any more than an aeroplane that can take off but can't land except in a ball of flames isn't really ready to fly. Neither is this.

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

Tom Paine Silver badge
Meh

Not bad

20% is a pretty good hit rate for a first-pass phishing test (I've run a couple in my time, using commercial services.) The first place we did it started with something like 45% click thru, from memory. Got it down below 10% after a year. Of course, there'll always be someone, sooner or later, which is why it doesn't matter if they give away a password, because they're all using hardware token 2fa. Right kids?

EDIT: Mildly surprised they were able to send realistic looking phish from a fake domain via GApps

TensorBlow? Data boffins struggle with GPU shortage in Google Cloud, opposition offers to help out coders

Tom Paine Silver badge

So... the cloud...

...it's just someone else's not-computer?

We dunno what's more wild: This vid of Japan's probe bouncing off an asteroid to collect a sample – or that the rock was sun-burnt

Tom Paine Silver badge

That's no asteroid

The shadow of the spacecraft looks strangely familiar...

20 years deep into a '2-year' mission: How ESA keeps Cluster flying

Tom Paine Silver badge

Inspiring stuff

...although there are more than a few legacy systems on the ground which have been nursed along with patches, bodges and hacks that should have been put out of our misery years ago!

Second-wave dotcom Uber-investor Softbank forecasts gargantuan losses as world economy faces slump

Tom Paine Silver badge
Unhappy

Prospects for the global economy

"...the worst recession since the 1930s will hit the global economy, which could shrink by 3 per cent during 2020..."

The OBR's -35% scenario for the UK economy looks much more likely to be typical of the impact worldwide. Bear in mind the UK is able to borrow at a scale unavailable to many other European countries, let alone the RotW, which theoretically enables otherwise bust UK firms to keep the lights on until the bright new dawn of tomorrow when they can call back all their furloughed staff and call all their old customers to let them know the firm's back in business.)

The Return Of The World As We Knew It is now scheduled for early 2022, according to the vaccine-monger on PM this evening. Actually -- she spoke enthusiastically of being able to produce "hundreds of millions of doses" by "the end of next year", but (with everyone needing at least two shots, and it being by definition a worldwide problem and all) that's an order of magnitude less than will be needed. Let's be generous and assume they can churn out 10x the doses three months later, so "normality" returns around Q2-22.

Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we'll shut US ops

Tom Paine Silver badge

Re: EARN IT

It's _supposedly_ anonymous; there's no central database listing who is in contact with who, and who's got / had Covid-19.

Tom Paine Silver badge

Re: EARN IT

As I understand it, the contact tracing app's supposed to use Bluetooth to sense proximity to other users, so presumably you can turn that off -- in the unlikely event they try to force-install the thing, which I really can't see. They wouldn't need to: simple social pressure would do it. Especially if the thing had a way of alerting you that there's a phone in your vicinity that's NOT running the app...)

You wouldn't need 100% coverage to get substantial benefit for the stated purpose, anyway; IDK what the curve would look like - the square of the number of users?

Of course that's just the stated purpose of the "NHS app" -- there's already a leak in the Grauniad suggesting that they're perfectly well aware of the potential for illicit, malevolent misuse by the state:

https://www.theguardian.com/world/2020/apr/13/nhs-coronavirus-app-memo-discussed-giving-ministers-power-to-de-anonymise-users

Neo4j has this great IDE-a: How about we stuff all our graph workspace, database, algorithms and visualisation wizardry in one place?

Tom Paine Silver badge
Thumb Up

Contender

Surely a contender for El Reg subhead of the year?

Apollo 13 set off into space 50 years ago today. An ignored change order ensured it did not make it to the Moon...

Tom Paine Silver badge

Perrow

Normal Accidents by Charles Perrow was also useful in researching this article,

+1 for "Normal Accidents", one of the best books on IT failures I've ever read, especially as it's about complex systems in general rather than digital computers in particular (though they make a few appearances in passing.) I once worked at a shop with an office bookshelf staff were encouraged to contribute to: I bought two (used) copies of Normal Accidents for it -- used, because - inexplicably - it's out of print. Can't recommend strongly enough.

Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots

Tom Paine Silver badge

Re: Windows Server 2000

I got 250+ day uptimes on a personal NT4 box quite a few times. With a 56Kbps dial-up modem, updates didn't seem quite as urgent back then.

Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'

Tom Paine Silver badge

Definitely dumb mistake

As Lewis also pointed out on the Twitter thread that the article links to, an example of sites that they DON'T block: stormfront dot org.

Starship bloopers: Watch Elon Musk's Mars ferry prototype explode on the pad during liquid nitrogen test

Tom Paine Silver badge

Many more iterations

Many, many more. An infinite series, in fact.

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage

Tom Paine Silver badge
Unhappy

MMMMMMMUUUUUUUU

Well, that's an absolute bag of shit. My sympathies to everyone potentially at risk. (Currently resting between engagements myself after being made redundant in favour of cheaper offshore replacements.) One nasty surprise I got was discovering that the already small minimum payouts have been cut even further; after 3.5 very intense years I got two weeks pay. The timing is terrible! What sods.

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?

Tom Paine Silver badge

Unpopular opinion

(Devil's advocacy!)

MitM attacks on unencrypted network traffic do happen, but unless you're the target of a nation state, they're not really worth worrying about.

There, I said it!

Now -- of course -- I've been making myself and the sec dept unpopular for donkey's years by whining on about telnet and FTP to management, just as much as the next grunt in the infosec trenches, but in retrospect the benefit was more about compliance than actual security benefit. (And of course it helps getting stuff patched, or skipped of its EOL, making at least some token effort to harden configs, etc.

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now

Tom Paine Silver badge

CPE

I've only seen Zyxel gear issued to customers of small ISPs. If more than 1% get updated before hitting the WEEE skip I'll eat my hat

Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online

Tom Paine Silver badge

Re: What's good for the goose

You may be mixing up medics who are careless with patient data, with medics who turn whistleblower, are sacked, forced out of their career and then vigorously pursued through the courts, threatened with financial ruin, etc. (Search Chris Day whistleblower for just one example.)

Tom Paine Silver badge

To its credit, the business closed off the bucket from public access within a day of being informed.

That's either extremely generous, or humour as dry as silica gel in the Sahara...

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

Tom Paine Silver badge

Re: Where the buck should stop much of the time

20? Try 200.

Tom Paine Silver badge

Sensible advice, where?

Of course we should be doing more to prosecute online crooks, but arresting them all whilst leaving everything insecure is a failing strategy for reasons too obvious to enumerate.

SLS goes vertical at Stennis while NASA practises SRB stacking

Tom Paine Silver badge

Re: In MY day

Surely "OK Boom-bang-a-banger"

Tom Paine Silver badge

Re: If you had actually listened to your glorious leader ...

It would be really nice to send 10t payloads to Jupiter, Saturn and the outer planets. (Mars has been covered by more than 10t of orbiters and landers already.)

Tom Paine Silver badge

Re: It does sound like....

Probes and rovers are generally JPL's bag, not NASA.

Buzzwords ahoy as Microsoft tears the wraps off machine-learning enhancements, new application for Dynamics 365

Tom Paine Silver badge

Ugh

Microsoft Teams? The correct answer is "no thanks"

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months

Tom Paine Silver badge

I'm not sure there's enough popcorn in the world...

'An issue of survival': Why Mozilla welcomes EU attempts to regulate the internet giants

Tom Paine Silver badge

+1 Mozilla. Apparently "purity spirals" are a thing. If one happened in the realm of browser security, then I for one...

Hey, Brits. Your Google data is leaving the EU before you are: Hoard to be shipped from Ireland to US next month

Tom Paine Silver badge

Aaargh! Curse you, El Reg!

After years of therapy and mindfulness I thought I was healed.... But no! Once again my head is infested with a My fucking Chemical fucking <Paul Calf> Rrrrrrowmance</Calf> song. You will be hearing from my solicitors!

(Don't click this. Really: don't. Makes Flat Eric, Jonah Lewie and the Matey bubblebath jingle seem mildly annoying.)

...just realised I said that aloud, hastily toggled the anon flag. Whatever you so, please don't tell my wife..!

https://youtu.be/Ol63bo1mv6s

Researchers trick Tesla into massively breaking the speed limit by sticking a 2-inch piece of electrical tape on a sign

Tom Paine Silver badge

Adversarial attacks

What other sort are there?

Evidently there's an entire class of, effectively, spoofed command injection bugs here waiting to be found in any system that does image (or audio) processing and reacts to events it thinks it detects.

Trivial example - those black (usually) door holdback boxes you sometimes see on fire doors are only legal because they automatically disengage when they detect the sound of the fire alarm going off. Broadcast a tone through a building PA and all those doors will swing shut, "with hilarious consequences!"

'Tens of millions' of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs

Tom Paine Silver badge

...unless, of course, any of them were exposed on the public net, Shodan, etc. But I'm sure that could never happen... :-|

Tom Paine Silver badge

Re: No CDP run!

Network segmentation? It'll never happen here.

Fire Brigades Union warns of wonky IT causing dangerous delays in 999 control rooms

Tom Paine Silver badge

And also

The ECC is made up of four county fire services: Hertfordshire was the first to join in November 2017; Humberside joined in November 2019; Norfolk joined in the last couple of weeks; and Lincolnshire is due to go live today.

I can see how it makes sense for four geographically distributed local authorities to reduce the risk of SPoF and local emergencies overwhelming the resources that, say, Lincolnshire alone can provide. Not hard to conceive of circs that lead to lots of calls hitting all four control rooms simultaneously, though: apart from coincidence (which will always get you in the end), record book storms like Dennis can obviously affect places across the whole country. So why isn't this a national system? I know -- legs blame the EU!

Tom Paine Silver badge

due to a migration to a new Microsoft Outlook server

I know it's had a history of security bugs, but...

Another Windows 10 build sneaks out amid all the foldable fandango

Tom Paine Silver badge

Windows versioning

Am I the only one who hasn't the foggiest idea what versions of W10 exist? Microsoft have commited product identifier suicide, just like Intel did when they stopped being able to ID parts by the clock speed.

It's official: In May, Microsoft will close the door, lock the vault, brick over the entrance of dreaded Windows 10 1809

Tom Paine Silver badge

I give up

Windows. What is it good for? Absolutely fuck-all.

Astroboffins may have raged at Elon's emissions staining the sky, but all those satellites will be more boon than bother

Tom Paine Silver badge

Professor Lebowski responds

https://youtu.be/pWdd6_ZxX8c

An Apple a day might not keep the doctor away: iGiant's China stores face closures, deep cleans, staff temperature checks amid virus outbreak

Tom Paine Silver badge
Joke

Masks

I bought an expensive but very good 3M 7500 -series half-face mask with dual particulate and vapour filters, for DiY purposes*. You can't smell paint or cigarette smoke through it. Let's see how critical my GF is of my spending priorities when we're all on Wuhan-style lockdown! ;)

* (When I got the very good Makita trimmer with interchangeable bases, cos at high speeds it makes very fine dust rather than chips, & it hangs in the air for ages.)

Tom Paine Silver badge
Boffin

Re: Cheap phones soon?

AIUI (based on an interview with a virologist on Radio 4 a few days ago), the virus is only viable for ~15 mins outside the body, eg., when sneezed onto a surface from which someone else contaminates themselves.

In your face short sellers! Tesla goes two quarters in a row without losing money

Tom Paine Silver badge

There was something that looked a bit like a 20y old Escort with a Tesla badge on the front outside my local tonight; I assume that was the model 3. It looked like they tried really hard to make it look completely bland and generic. There's a Chinese(!) badged 4x4 pickup that's does a really good impression of a Toyota Landcruiser that parks a bit further up the road, and that has a quirkier, more distinctive design than the Tesla. If you wanted to represent that GIF of Homer Simpson fading backwards into a hedge not through interpretative dance, but with metal, glass and plastic, that's what you'd get.

(I was a passenger in an all-electric Jaguar SUV recently that was far more convincing. Probably much more expensive and I gather the perf and range aren't great, but I know which I'd rather have.)

Not call, dude: UK govt says guaranteed surcharge-free EU roaming will end after Brexit transition period. Brits left at the mercy of networks

Tom Paine Silver badge

Updated uk.gov guidance on travel to EU27 from Jan 1st 2021:

https://www.gov.uk/visit-europe-1-january-2021

Tom Paine Silver badge

Re: Transition Period?

"should" is a load-beraing member there. You're saying the PM "should" do something he's sworn up and down he won't do, and which he's ruthlessly reshaped the parliamentary party in order to guarantee delivery. All the grown-up backbenchers were expelled or driven out last year, if you remember. That massive majority is packed with a blend of bulgy-eyed true believers and spineless opportunists who don't believe ibut are going along for the sake of their careers. And every one of them signed a pre-election pledge that they'd deliver the WA on 31st Jan and end transition on 31st December with no further extensions. You'd either need 40 of them to destroy their careers overnight on a point of principle*, or for Johnson to see the light, break his promise, *and* be able to carry all but 38 of his MPs with him.

* Not all MPs have lucrative careers in business or the law to fall back on when they're unceremoniously defenestrated, not even the Tories. That's especially true for those who've been there a long time, or those who've spent 10-15y as wonks and bag-carriers whilst working towards selection as a candidate, then got elected, and are now working towards a first junior ministerial position. IDK about you but I'd have been pretty fucked if I'd been kicked out of IT in my early 40s and had to develop a new career from scratch.

Tom Paine Silver badge

Re: Bankers

If you're not being charged for it, it - the service - IS free, whatever your opportunity cost.

Tom Paine Silver badge

Not only but also

Government's latest best guesses as to changes to travel from Jan 1st 2021 has also been updated:

https://www.gov.uk/visit-europe-1-january-2021

Includes a business travel section but a tons of "may", "might\" and "could" still of course

Tom Paine Silver badge

Seven years, not four

after nearly four years of excruciating debate and rancour

I was reminded this morning that Cameron first announced his intention to give the fruitcakes their referendum in January 2013, over seven years ago. I wonder how things will look after ten.

It's been one day since Blighty OK'd Huawei for parts of 5G – and US politicians haven't overreacted at all. Wait, what? Surveillance state commies?

Tom Paine Silver badge
Go

Homebrew 5G

Congress is yet to pass a law earmarking funding for new 5G infrastructure R&D. Even if it did, any new products would take years to come to fruition and would require vast sums of money.

Unless we hacked Huawei and stole the IP, of course. Thoughtful raptor meme goes here.

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it

Tom Paine Silver badge

I can help here: the cover-up is worse, much much worse. Everyone has shitty audit reports listing dozens or hundreds of ways the org could be compromised, these days -- well everyone except orgs to small to bother spending money on sec audits or testing.

Tom Paine Silver badge

Re: "yet the UN had failed to apply it."

That gap between management's perception and that of customers, shareholders, the press. general public etc is where a lot of people are sailing their boats through, loaded to the gunwales with vast piles of cash.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020