* Posts by NightFox

566 posts • joined 23 Oct 2009


UK Ministry of Defence tries again to procure £1.7bn tri-service recruitment system


I'll bet that "Pointy-Bloke on Poster" and a few touring recruiting sergeants armed with the requisite paperwork came in at considerably less than £1.7bn and was demonstrably more successful.

Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway


Negotiators can end up being a means of bypassing sanctions, either inadvertently or intentionally.

Scenario 1: Company receives demand for $5m, brings in a legitimate negotiator. They pay negotiator $1m to resolve the situation directly, with no further involvement by the company. Negotiator (who's not US-based) negotiates and makes direct payment of $500,000 to the bad guys, keeps the other $500k as his profit. End result = ransom payment made without company breaking sanctions.

Scenario 2: Bad guys demand $1m from company. They know that company can't pay them directly so they tell company to engage Negotiator X (who works for the bad guys) as a front and pay him $1m in negotiation fees.

Both of these things happen in human kidnapping, so there's no reason they couldn't be or aren't already happening with ransomware.

Ex-DJI veep: There was no drone at Gatwick during 2018's hysterical shutdown


"As the lead of the hardware design team that has brought the majority (apart from DJI) of autopilots to the market worldwide either directly, or having had Chinese copies of our gear hit the market..."

So, a minority then.

Music festivals are back in the UK. So is the background bork


Thomas Dolby at a packed Scala in Kings Cross back in 2006 - big screens mirroring the sequencer software on which the whole gig was running, a few minutes into the show up pops "Your Cubase trial has expired"

Apple's iPhone computer vision has the potential to preserve privacy but also break it completely


Re: Capability

My point wasn't that Apple should or shouldn't be doing that. It was more that people are seeing this could be a step to something more sinister, missing the point that the 'something more sinister' never required this step to happen first.


Re: Capability

A lot of people seem to see this as the emergence of a new capability that could now be open to abuse. However, that capability has existing for years already - this is just the case that Apple are now talking about implementing it. It's potential for abuse is no greater than it was previously.

I'm not saying there's nothing to be worried about here - just that the genie's already out of the bottle and whichever way Apple goes with CSAM scanning doesn't really change that. Concerns that at oppressive regime or whoever could persuade Apple to scan content for something else were just as valid 5 years ago - all this does is serve as a reminder of what technology is capable of.


A critical mistake in the third paragraph: "...will scan all those you have sent and will send to *iPhotos*" should be "iCloud Photo Library".

iPhoto was replaced by Photos many years ago, but more significantly that is/was just a local app, it's only if you're using the iCloud-based service that Apple will scan those photos AFAIK.

Internet Explorer 3.0 turns 25. One of its devs recalls how it ended marriages – and launched amazing careers


Nah, I had a life back then.


I remember having finally got my 14,000 baud dial-up modem and my Demon Internet account details through the post (having filled in, cut out and sent off a form in the back of a book), connecting to THE INTERNET... then staring at a blank screen with a command line prompt. I phoned Demon's helpline to find out what was wrong, where was the information superhighway? to be told that was expected behaviour. I now needed to open up my browser. My what? My browser. Oh,.. what's that then?

So then a trip to Escom and £50 paid for Microsoft Plus! (sic) to get Internet Explorer 1 (that on the back of the £80 I'd recently spent on Windows 95). That was money I barely had back then - the irony was that within a year or so virtually everywhere you turned an ISP was trying push a free CD with their customised version of IE under your nose.

Is it broken yet? Is it? Is it? Ooh that means I can buy a sparkly, new but otherwise hard-to-justify replacement!


You're hanging on to your stuff too long between replacements by waiting for kit to fail or become obsolete. You can drastically shorten the cycle with the "I can sell the old one on eBay while it's still current and worth a bit so the new one will only actually cost me £xxx" self-justification - then with the purchase made, put the old one in the roof/cellar until 5 years later when you do actually finally get round to listing it on eBay to find it's now worth about 7p.

‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app


Re: aren’t fully confident that code isn’t free of vulns before going live in production

I'd be more concerned about the 29% of CISOs who were confident their code wasn't vulnerable.

Name True, iCloud access false: Exceptional problem locks online storage account, stumps Apple customer service


Re: Importance of capital letters

Agree - people who can't even be arsed to press shift when writing their own name, how much pride and effort is that person going to take in anything else they do?

I used to make a point of whenever somebody bought something off me on eBay who'd entered their entire name, address and postcode completely in lower case, I'd delay sending the item for a day.

I have however finally come to terms with the fact that my eldest daughter (who's a computer-literate student) insists on Caps Lock On X Caps Lock Off rather than just hold down shift to capitalise a single letter.

The 40-Year-Old Version: ZX81's sleek plastic case shows no sign of middle-aged spread


I never had a ZX81 - at the time I was going from Commodore PET to a VIC20, but I did go on a school French exchange where the family I was staying with had one. I remember spending what seemed the best part of a day typing in the code for "that program" that had the tyrannosaurus rex advancing menacingly from a 3D maze (without the benefit of the muscle-memory ZX81 owners developed for which keys corresponded to which BASIC commands) only to have it totally crash when I tried to run it. No idea why I didn't save it first, I think I was just used to the Commodores where the worst you'd get if something was wrong with a BASIC program was a ?SYNTAX ERROR IN 270

ADT techie admits he peeked into women's home security cams thousands of times to watch them undress, have sex


Re: Cassandra

@John Brown

I'm not convinced by your dismissal of the use of live video to reduce unnecessary responses to false alarms. It's not excessively expensive and isn't restricted to commercial monitoring services. For example if my Ring alarm system tells me it's detected motion in my hallway when I'm away from home, there's little I can do with just that information apart from worry until I can get home. However, if I can remotely check a live video feed of my hallway, I can then either relax and carry on with what I was doing, or call the police.

And I don't see how money that consumers might spend on CCTV relates to money spent by manufacturers on alarm system development.

Laptops given to British schools came preloaded with remote-access worm


Re: Can only trust myself

Fine for those who can afford to - thousands are struggling just to 'source' the food their kids eat.

Hollywood drone pilot admits he crashed gizmo into cop chopper, triggering emergency landing


You're right that sentencing based on the outcome rather than the act is illogical, but the intended purpose of a court's sentence is threefold: Deterrent (stop others doing it), Punishment (stop the person doing it again) and Retribution (let the public/victims feel they've 'got their own back' and justice has been done). With this third factor, human nature is usually at odds with, and prevails over, logic.

Explained: The thinking behind the 32GB Windows Format limit on FAT32


Re: "Def-Pro"

Was it just at my school that these temporary buildings were called 'Terrapins' or was that terminology more widespread? I guess that was the name of a brand or model.


Re: "temporary solution becoming de-facto permanent"


Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'


Re: Social engineering techniques

Is an 'Ian' an IT version of a Karen?

HP: That print-free-for-life deal we promised you? Well, now it's pay-per-month to continue using your printer ink

Black Helicopters

Re: print-free-for-life plan was "an introductory offer,"

Agree - we're used to see companies weaselling their way out of earlier promises, but saying that something described "for life" was just an introductory offer just took things to a new level that even TomTom would struggle to justify. Maybe HP will start bricking their printers and then say the offer referred to the life of the printer, or I guess there's also a more sinister solution they could impose...

Google reCAPTCHA service under the microscope: Questions raised over privacy promises, cookie use


Re: In a way this is all encouraging for me

I never know if a traffic light includes the pole it's mounted on or not.

Luke Skywalker used to bullseye womp rats in his T-16 on Tatooine. But Star Wars: Squadrons misses the mark


It may be an age-related thing now I'm the wrong side of 50, but am I the only one who just wants to shoot crap out of things and actually doesn't give a toss about character development cut-scenes and back stories so tragic and clichéd that the characters could almost be Britain's Got Talent finalists? There's too much of this blaming galactic oppression or genocidal-level rebellion on unresolved family tensions.

Apple's T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon


Re: Surprised?

Thumbs-up for the 'MAC' correction. People using 'MAC' (and 'APP' too, while I'm on my soapbox) on Facebook and the likes is annoying, people doing either on a forum like this is unforgivable. It's one small step away from referring to the internet as 'Google'.

Flying camera drones, cuddly Echo gadgets... it's all a smoke screen for Amazon to lead you gently down the Sidewalk – and you'll probably like it


Re: Living in the box

No, just 'burgled'.


Re: Living in the box

I actually think this addresses a gap in remotely-monitored home security systems that doesn't occur to most people until their systems are up and running. Getting a notification that there's movement in your lounge when you're on holiday 2000 miles away is good, but then what do you do? You've got no way of knowing whether it's somebody breaking into your house or a spider walking across a sensor. Asking your mate to check it when he gets home from work isn't really going to achieve much. Sticking multiple CCTV camera up is one option, but a deployable CCTV camera like this is actually a much neater solution - even if the burglar does grab it out of the air and smash it, you still know it's a genuine alarm and can call the police or whoever. And the police will rightly prioritise a "burglary in progress" much higher than a "I've just got home from holiday and discovered I've been burgled*" call, where the horse has already bolted so to speak and - public expectation aside - there's very little justification for any urgency in the response over other more urgent queued responses.

Or 'burglarized' as Americans obscurely seem to insist on.

Alibaba wants to get you off the PC upgrade treadmill and into its cloud


Re: Another attempt to kill the "Personal" in PC...

I suspect the driver this time is the potential for the new cash cow of a rolling subscription rather than the one-off purchase cost of a PC.

Did this airliner land in the North Sea? No. So what happened? El Reg probes flight tracker site oddity


"...revealed that US intelligence-gathering aircraft were switching transponder codes to pose as benign Malaysian flights off the coast of China"

US military aircraft spoofing as civilian airliners to carry out hostile actions... what a responsible thing to do.

Microsoft wants to link satellites to Azure – but it should probably fix its cloud first: Cooling outage hits UK COVID-19 portal, other sites


So whose jurisdiction does data come under whilst it's in space bouncing off a satellite? Does the nationality, position and orbit (i.e. geostationary or not) of the satellite make a difference?

Something to look forward to: Being told your child or parent was radicalized by an AI bot into believing a bonkers antisemitic conspiracy theory


How do we know that this entire article wasn't generated by GPT-4 to distract and lull us into a false sense of security over GPT-3?

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update


Re: Class action suit in 3... 2... 1...

Nice victim blaming there

I can see my house from here! Microsoft Flight Simulator has laid strong foundations for the nerdy scene's next generation


Still remember swapping loads of my Commodore 64 games for a second-hand version of Flight Simulator II complete with its mind-blowing wireframe graphics, which my Dad then used to spend hours playing on his SX64 with its built-in 5" screen. He then got hooked on FS right through to X which he was still 'flying' in his late-80s, though sadly isn't around any more to enjoy this release.

As hospital-based infections set to rise, best not change the vendor behind the system that tracks them, hm?


Re: I

> "I manage my own bowl movements, Do You ?"

Yes, though the missus does still sometimes insist on trying to re-arrange the dishwasher before I have to move it all back again once she's gone back to watch Emmerdale.

Self-driving car supremo Anthony Levandowski sentenced to 18 months in the clink for stealing trade secrets from Google's Waymo


Re: “Why I went to federal prison,”

Putting aside any subjective feelings about this specific case, I don't understand America's interpretation of "cruel and unusual punishment" which is accepted to include banning humiliating punishments, yet I frequently see US judges meting out 'creative' sentences like this clearly intended to humiliate the culprit. I sometimes get the impression that US judges are free to dream up any punishment they like - surely there's some form of control here?

Of course the baying mobs love this stuff, and retribution is always going to be a part of punishment, but I'm not sure that humiliating punishments belong in civilised society.

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo


"Just make paying a ransom a criminal offence, punishable by, say, ten years in prison for the CEO. Sorted."

Not really. As I mentioned in another thread, in countries that have made ransom payments for kidnap illegal, people are less likely to inform the authorities of a kidnap so the authorities can't then obstruct/prosecute them for paying the ransom to save their loved one (it's not unheard of for authorities to freeze the assets of someone who reports a kidnap to prevent any ransom payment). As a result, it's easier for kidnappers to operate knowing that there's little chance of the police getting involved. The same would probably apply with ransomware.

There's also ways around making an obvious payment to the demanders. You can't be seen to pay a $5m ransom, but you can engage a 'specialist' consultant to either negotiate with the kidnappers or disinfect your IT systems for maybe $1m, that consultant being either a front for the kidnappers/malware pushers, or a legitimate consultant laundering the ransom payment before passing it on to the baddies.

Have to say though, it seems a poorly-chosen time to target CWL when business travel is at an all time low.

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why


Re: Difficult

Payment of ransom for kidnap is illegal in some countries as an attempt to deter kidnap, but it generally fails because:

a) Consultants who support victims through the negotiation process know how to make payments discretely and work around such laws

b) It makes victims less likely to report the incident to the authorities, actually making it easier for kidnappers to operate.

Same logic applies to ransomware.


I think Garmin will have been through their systems looking at absolutely *everything* over the last few days before making the decision to bring it back online.

The general assumption seems to be that because everything Garmin went down, everything had been infected by the ransomware, but I'd suggest it's more likely that once Garmin discovered the malware in one segment of their system, they pulled the plug on everything as a precaution and much of the recovery has involved ascertaining how far the infection had spread, and whether there were open routes of (re)infection between segments before turning them back on. The last thing they would want is to turn on the recovered system only for it to immediately get re-infected by their Building Management System that everyone had forgotten about.

Fitness freaks flummoxed as massive global Garmin outage leaves them high and dry for hours


Been there, done that with Tado. Good system at the time and it certainly paid for itself, but whenever they experienced server issues the system would permanently send a demand for heat to the boiler with the TRVs staying fully open and the house just got hotter and hotter (arguably better than failing 'off' I guess). Happened in the middle of winter, and summer too.


Re: Attack surfaces

I've logged out of and killed my Garmin syncing apps not so much for this reason, but because of my lack of confidence in Garmin not to try and sync everything before they've restored their data and inadvertently wiping everyone's data.


Re: Who Cares?

Yeah, always easy to be smug at times like this. So what is it that keeps you going during a run? I'm sure being an experienced runner you'll appreciate that motivation is a very personal thing, and for some it's just that prospect of getting home, uploading their run and looking at their stats and perhaps sharing them on Strava. It doesn't matter if that VO2Max, fitness age or ground contact time is of questionable accuracy or training value as long as it's a motivator.

I suspect there's large number of people today who maybe started out with a fitness tracker just to track their daily steps and then got hooked into the whole fitness thing and are now leading much more healthy and active lives as a result of the technology who would otherwise just be sat watching Netflix.

Of course it's easy to to be condescending and say "we didn't need this stuff in my day" and "the only motivation people should need is their own health" but that misses the point entirely. When I've still got another k to do, trying to convince myself that I'm actually getting fitter despite the fact I feel like my whole body is about to shut down doesn't hit the mark, but thinking ahead to seeing my efforts immortalised online with enough data to launch a lunar mission keeps me going. Yes, your motivation may be purer, but I'm still doing the miles and getting the same benefits as you.


Re: Connect architecture

"In days of old, when connectors were male/female and masters controlled slaves"

Woke pitchforks are being sharpened as we speak

Bill Gates debunks 'coronavirus vaccine is my 5G mind control microchip implant' conspiracy theory


Re: Editor!!!

> O’Donnell said Gates-related coronavirus conspiracies have been rated “the most widespread coronavirus that exist”...

There's a missing "falsehood" there for starters.

VMware to stop describing hardware as ‘male’ and ‘female’ in new terminology guide


Shirley 'them' would be the replacement for her/him: the replacement for she/he is 'they' as stated?

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law


Re: Don't Feel Bad...

I'm betting on the heavily armed, full black Kevlar body armour and Ray-Bans ensemble, because America

51 years after humans first set foot on the Moon, a deepfaked Nixon mourns how Armstrong and Aldrin never made it home


Morbid curiosity I know, but I wonder if they were provided with a means to expedite their ends if they did find themselves stranded, short of something lingering or violent.

Pokémon Go players fined for breaking down-under COVID-19 lockdown rules


Re: Crazy

"It's like taking a stroll in a forest. Honestly, officer, apart from you, who do think I came in contact with ? You're the only other person around here, so you're the one putting me in danger."

But the trouble is you can't have discretionary rules because many people's discretion is poorly founded (as just a cursory glance of Facebook will confirm) - Pascal went walking [in the forest] and encountered a police office and that was OK, so I can also go for a walk [in a highly populated area].

But as soon as you start trying to be more granular with the rules (it's OK to go walking in forests but not in highly populated areas), people say the rules are too confusing - is a wood a forest? how many people makes an area highly populated?

So you're back to having a simple one-size-fits-all rule which has to be enforced with no scope for discretion.

IBM job ad calls for 12 years’ experience with Kubernetes – which is six years old


Well I had access to a Commodore PET 2001 way back in 1977.

Guys, you need to sit down and have a chat: Skype rolls out SMS a week after Microsoft


Re: Eh?

In the UK, MMS is one of the services that typically still doesn't fall within allowances - networks typically charging about 50p/MMS. This can get quite annoying if your phone OS's messaging system is set up to fail back to SMS/MMS if it can't send a message using 3G data/WiFi as you don't know until after it's sent, by which time that picture of cat you just sent for a laugh has just cost you.

Rental electric scooters to clutter UK street scenes after Department of Transport gives year-long trial the thumbs-up


Re: Rental vs privately owned

Agree, dual carriageway or not, no way should planes be using the A6.


Re: Rental vs privately owned

I guess this way it's easier to ensure that the scooters remain compliant in terms of max speed, acceleration, likelihood of bursting into flame etc. Allow privately owned scooters and you'll lose that control.

Microsoft takes tweaking tongs to Windows 10's Start Menu once again


Re: Clearly I've missed something but

"It's a bit like when a library moves the Crime and the Thriller sections of books into one called Crime and Thriller- on the same bookcase. (Or the opposite for that matter)."

Or when they put several Crime and Thriller sections in different parts of the library and randomly put the crime and thriller books into any one of those sections. Or maybe have the Hound of the Baskervilles in two different sections, but each one being a different version of the same story.



Biting the hand that feeds IT © 1998–2021