Posts by tfewster 1285 publicly visible posts • joined 18 May 2007
3 excellent points there, I can't upvote this enough.
SOX is a mandate for consultancy overreach by auditors who focus on the wrong issues.
CIS have a cheap checking & remediation tool, so there's no consultancy money in that. https://www.cisecurity.org/insights/blog/assess-remediate-and-implement-with-cis-securesuite
PCI-DSS is good on the prescriptive side, but bloated by external auditors
My standard response to "local" or "in your postcode" is "Oh yes,what area/postcode is that?" <NO CARRIER>
If they try to continue their bluff with sales bullshit, shoot them down without mercy. <NO CARRIER>
Best one ever: Getting a second call from the same person: "Hi $NAME, didn't I call a bullshitting arsehole last time?" <NO CARRIER>
They knew exactly what they were doing. Signal is fairly secure, though it doesn't meet governance standards.
What's curious to me is that none of these security oriented people thought to check "Who's in the room" before discussing sensitive topics. Does Signal hide the list of attendees?
I'm sympathetic to Troy, and not overly concerned that some of my email addresses have been pwned again - They're on his list because they're compromised anyway.
It seems to me that Troy's list is generally low value to baddies - Addresses only, for people who are security conscious and less likely to fall for a weak phish? (I know, famous last words!). It may be more valuable to spear-phishers.
16,000 subscribers sounds depressingly low for such a useful service - Am I missing something and "subscribers" is not the same as "registered email addresses"?
Mistakes happen. The priority is to fix it, then prevent it happening again. But colleagues who will throw you under the bus are a sign of a bigger corporate problem.
No alarms? Network Management Centre didn't notice for a while? Weren't they supervising/supporting a critical system upgrade? If they reported the mistake they would have some tough questions to answer too. I'm not suggesting they should lie, but don't stir up trouble.
As a side note, I see a lot of Incident tickets with vague descriptions that are then closed as "resolved" with no diagnosis, troubleshooting or resolution info. It usually annoys me, but maybe they're covering up for mistakes like Wayne's without blowing up the issue?
What do you think is more likely?
- HP reverse the change, tell you actual wait times and staff their call centers to minimise those wait times. Oh, and improve the "digital" options.
- HP double-down on their lies, by telling you it's a "real" wait rather than an artificially induced one?
I predict that all the big US chip consumers will move their consumption abroad, by building datacentres in a business-friendly country like Ireland. Services can be provided from anywhere, as we know.
- No tariffs on chips, check.
- Secure access to the European market, check.
- Low taxes, check.
- No living on tenterhooks waiting for the next wobbly from El Trumpo, check, mate.
It's curious that Accenture can take on outsourcing deals, come in and absorb local knowledge and take over running legacy systems and processes[1]. But apparently can't document a system they manage so support could be tendered?
[1] Yeah, they're crap at that too.
I've used Fill That Hole (developed by a Cyclists organisation?) in the past; I reported about 20 potholes in a stretch of worn out road, they were patched within weeks and the road was later resurfaced.
But for this "AI" to have comprehensive coverage, it needs to be fitted on bin lorries to cover all the roads in the area, not just the highways.
. . . but what, pray tell, is The Channel?
At the risk of being boring: Sales channels are the places you offer your products or services to reach your customers.
Typical sales channels are manufacturers selling direct to large customers, or resellers/Value Added Resellers etc. expanding the manufacturers sales force to take on smaller customers. Personal buyers would go to a retail outlet or buy online, with few options for customisation or discounts.
"The Channel" in this case is the resellers.
Re: EPO next to the door button: That's where it needs to be and shouldn't really be covered - Imagine if the operators hands are burnt and they need to hit the button with an elbow while evacuating but can't open the cover...
However, I recall hearing a tale that, after an incident where a tape-ape had hit the EPO instead of the door opener, senior management convened to find out exactly what had happened. The poor soul was ordered to retrace his steps exactly.
"Well, I was leaving the room carrying a stack of tapes that obstructed my view, like this. I reached out like this..."
And the computer room went dark again.
If you hop over the guardrails surrounding a cesspool, you're literally in deep shit.
The problem is not the guardrails being easily circumvented They're there to stop workers falling in accidentally, not to stop crazy people. It's the cesspool being accessible by crazies/idiots.
I thought we learned these lessons in the early days of the Internet?
If an LLM has to translate the input from hex, Klingon, Russian or even English in to commands, post translation should be the point of applying guardrails.
However, I'm not convinced the "AI" developed the exploit itself - It was told to research it, so probably found the existing POC code and converted it to Python.
Distribution of drugs resulting in death and possession with intent to distribute would seem sufficient even if you don't have more specific evidence of dealing drugs, I guess you don't have to prove ownership or payment until the sentencing/confiscation of proceeds of crime stage.
But possession of a gun and drone seem like strangely specific laws, even if they were used to facilitate the crime. Is it because those items need to be registered, whereas the shoes the perp wore to facilitate the crime are not regulated items? How about if they were registered? How about phones/cars/houses, all of which should be "registered" in some way?
A virtual pint for anyone who can enlighten me ---->
> Terminal retransmitted the transaction. Head office logged it as a second sale.
Which is why a transaction should have unique reference, so if it's retransmitted then Head Office detect the duplicate.
Duplicate transactions are a possibility that has been considered and solved in many paper, computer and network processes. Surely Horizon couldn't have that basic a flaw?
Also, that doesn't explain the "remote access" issue, unless Fujitsu were changing the unique reference at both ends to allow the transaction to be processed.
Interesting, but as flawed as any other measure such as the "window tax". Approximately 70% of the UK's land is farms and parks. Look forward to prices for food and recreational amenities rising.
My land is half house, half garden. Could I sell the garden to build another house? Or better, high-rise flats so all the flat owners share the land tax between them? Of course I can, without those pesky planning permission and safety regulations getting in the way!
To me, "contact" means they got a response, i.e. a successful communication attempt.
"Reach out" implies minimal effort, from "wrote to last known address" to "It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard."
Patent Troll:
El Reg: a term for an individual or organization that exists solely to makes patent infringement claims in the hope of winning a settlement from defendants concerned about costly patent litigation.
Cloudflare: [Sable IP] doesn’t make, develop, innovate, or sell anything. Sable IP is merely a shell entity formed to monetize (make money from) an ancient patent portfolio acquired by Sable Networks from Caspian Networks in 2006."
Many companies want to monetize their IP. If it's not of use in their technical strategy, they also have the right to sell it, and the new owner can monetize it as they wish.
The red line is where the IP owner is suppressing progress with unreasonable claims or licensing fees. And only a court can rule on that, as the USPTO don't exactly help.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
