* Posts by tfewster

1194 publicly visible posts • joined 18 May 2007

Hacker's Icarus machine steals drones midflight

tfewster
Facepalm

Re: One good thing

Unfortunately, anyone caught flying a drone in restricted airspace will just claim their drone was taken over by an evul haxx0r who made it do bad things.

Microsoft: We're hiking UK cloud prices 22%. Stop whining – it's the Brexit

tfewster
Facepalm

What's imported?

https://azure.microsoft.com/en-gb/blog/microsoft-azure-now-available-from-uk-datacenters/ - Posted on 7 September, 2016

So the hardware is already there. Running costs are in £. Staff - Onsite staff will be paid in £.

How do you want to be gouged today?

Thanks, IoT vendors: your slack attitude will get regulators moving

tfewster

Re: Après nous le déluge

What we need is for CE marking to be extended to cover IoT security; The framework is there, and it's probably not a huge stretch to extend the Telecomms regulations to cover it.

No CE mark = no sale in most of the world

Lessons from the Mini: Before revamping or rebooting anything, please read this

tfewster
Facepalm

Re: Uppercase and mixed case names

Presumably MINI stands for "Mini: It's Not Issigonis's" or something like that? It's certainly not "mini"

Tesla's big news today:
sudo killall -9 Autopilot

tfewster
Facepalm

That's to distract you from "...including some STANDARD safety features..."

If they're standard, why disable them? Fords have lane control, Toyotas have automatic emergency braking...The difference is they're called "Driver assist" rather than "Autopilot"

Samsung airport exchange

tfewster
Flame

Now _that's_ good service. Samsung might just turn this setback into good PR!

Google has unleashed Factivism to smite the untruthy

tfewster
Facepalm

Re: Those who like facts will pay attention. Otherwise not.

Facts, but in context please. The Daily Mail may be perfectly correct in saying, e.g. statins can cause cancer. But without context (X% greater risk on a minuscule base?) or acknowledgement that statins are generally life-savers, it's just - well, typical Daily Mail

I highly recommend Bad Science by Ben Goldacre as a tutorial on how to treat "facts"

Forget malware, crooks are cracking ATMs the old-fashioned way – with explosives

tfewster
Mushroom

There are very few problems that cannot be solved by a suitable application of high explosives

IBM: Yes, it's true. We leaned on researchers to censor exploit info

tfewster
Facepalm

I assume you would have used the joke icon if you hadn't posted anonymously. This is SOP for Oracle and many others.

tfewster
Holmes

Re: One correction needed

I want to see a standard clause in EVERY software maintenance contract - "Vendor undertakes to recertify and update their software against any flaws AND patches or updates to software platforms on which the Vendors product depends".

I appreciate this will increase the cost of a maintenance contract; If it costs the vendor $1m to recertify each Patch Tuesday and they only have 1000 customers, that means £12k p.a. added to the cost of a maintenance contract. But cheaper than the £50k I was once quoted for a one-off exercise to satisfy my risk-averse company that installing an OS patch bundle wouldn't break $VENDORs application.

It needs more work - for example, I don't know how it would help someone locked into Windows XP, but it should get vendors and customers thinking more about maintainability and upgrade paths.

Adventures in (re) naming your business: Fire up the 4-syllable random name generator

tfewster

Re: I'll just leave this here...

Remember Wang computers help desk "Wang Care"?

'Please label things so I can tell the difference between a mouse and a microphone'

tfewster

Re: Easily fixed...

> ...genuinely incapable...

And you know that, and you compensate for it yourself. You don't start demanding that the world is changed to accommodate the few* who have difficulties.

* OTOH** genuine barriers - Like kerbs for wheelchair users, or a single button mouse, need to be addressed.

** Pun not intended. OTOOH, a picture of a hand with the thumb sticking out towards the middle might actually be helpful.

Invasion of the virus-addled lightbulbs (and other banana stories)

tfewster
Facepalm

Re: Third time (un)lucky?

But the toaster reference is a necessary reminder, as it shows the evangelists statement hasn't been thought through:

"The trick, then, is making sure the AI is focused on doing something sensible rather than letting it decide for itself what it should do based on a limited sensory experience of real life."

And take the AI lightbulb: Its prime directive is to make light. But it can't do that if it burns out, so it has to preserve itself, by killing the meatbags who keep using it, and blowing up the power stations that are sending lethal voltages at the poor oppressed lightbulb.

What's not to love about IoT – you can spy on customers as they arrive

tfewster
Facepalm

Re: Bafflegab?

"Siloed databases will be the downfall of your Internet of Things venture" - Nope, sounds like a good start to security.

“The perimeter is everywhere within your enterprise” - Then you really have a problem. Try making your perimeter a perimeter.

"Detect the licence plate of this individual and whenever they’re coming into your hotel, your bank" - Fuck right off. I'LL tell YOU when I want to be recognised - e.g. by logging in or presenting a loyalty card.

Did I miss any?

User couldn't open documents or turn on PC, still asked for reference as IT expert

tfewster
Facepalm

Re: Back in the day...

And the (possibly made up) corollary:

During the post incident management review to make sure it never, ever happened again, the operator was asked to retrace his steps. He explained "I was balancing a stack of tapes and couldn't see around them very well, so when I reached out, like this..."

And the computer centre went quiet again.

tfewster
Facepalm

Dunning-Kruger effect or just misunderstanding the question? A large outsourcing company I worked for asked us to rate our skills in our "skills profile" so they had a searchable database of skills to match up to clients and projects. I rated myself as 4/5 for HP-UX Unix, as I was comparing myself as a sysadmin with HP's Mission Critical support superstars with whom I had regular contact. Another chap rated himself as 5/5 for HP-UX Unix - because he was a power user (and even then frequently had to phone me for help just as an end-user, he had no admin or support skills and not even logical thinking, resourcefulness or troubleshooting abilities).

Four US states demand restraining order to stop internet power handover to ICANN

tfewster
Facepalm

I get it

Texas is concerned that ICANN might do bad things. Despite the fact that it would effectively be suicide for the organisation, they want assurances.

Shame they don't apply that logic elsewhere. "Want to buy a gun? OK, just prove you will _never_ suffer from mental illness, become a criminal or lose your temper."

As a Brit, I find it a bit annoying that .com, .gov etc are effectively reserved for the US, but as first adopters and incumbents it makes no sense to change that.

Ladies in tech, have you considered not letting us know you're female?

tfewster
Thumb Up

I haven't read the full article (paywall), but the extract sounded quite reasonable, even with the sarky comments from El Reg. Present a professional image, and you'll be treated as a professional. Post a "duckface" photo on LinkedIn and expect derision. (Yes, my profile photo shows my Movember 'tach, so I'm clearly not professional either). If you're going to stress your differences, make sure you explain how that difference brings benefits to $POTENTIAL_EMPLOYER

I truly believe I'm colour and gender blind - if you can do the job, you get my respect. If not, excuses about it being harder for a woman or a black man in a white mans world don't go very far.

Thumbs up for Jo, Sam, Wil, Nic and a number of other women I've worked with. Including the awesome Diane, who can beat most men in most fields.

Our Windows windows will be resizable, soooon, vows Microsoft

tfewster

"Another click dials [your tax attorney] on your modem"

Why the modem? Do you dislike him enough to continually annoy and deafen him?

Brit loan firm gets comeuppance for 7.7 million spam texts

tfewster

and broken fingers

The server's down. At 3AM. On Christmas. You're drunk. So you put a disk in the freezer

tfewster
Facepalm

Quite probable, once it's started acting up. The point of freezing/hitting it is to get it going long enough to back it up. If it seems to be behaving after that, maybe leave it running until a more civilised time to do a rebuild.

I suspect the story has been shortened, but reinstalling the OS on a dodgy disk seems like a waste of time, especially if you don't know at that point that you have a data backup...

Unless you're on triple-time for working Christmas day, of course ;-)

Brit boffins get $800k for Los Angeles Twitter pre-crime tech

tfewster
Facepalm

...in such a place in such a time window

...in such a place...

I predict it will be a Venn diagram of areas where groups intersect. Don't worry too much about A-only or B-only areas, as the other group will rarely go there. Also, the full intersection should be quiet as the groups accept each other through familiarity. But the borders of the intersections where the enclaves aren't used to seeing "outsiders" will be the flashpoints.

When I visited Belfast in the 90s I was struck by the "arrangement" of the outlying townships along the Fall Road - Catholic, Protestant, then Catholic, then Protestant, and so on. Relatively peaceful normally, but whenever a group from town N wanted to march to join their compatriots in town N+2, all hell broke loose.

...in such a time...

After a few beers. Or a previous incident

But the police already know all this. The only difference here is "monitoring social media", which I find quite disturbing - So all of everyone's posts are going to be analysed (and correlated with their locations) to see if they're planning mischief? That's a wider net than the Security agencies use - at least they only watch known hotspots and individuals.

tfewster
Facepalm

1) Clean up the LAPD

2) Watch hate-crime rates drop like a stone (both LAPD performed and retaliatory acts) as tensions ease.

$400,000 please. And if hate crime rates drop by < 50%, I'll give you proportional refund

MI6 to hire another 1,000 bods 'cos of private surveillance tech

tfewster
Facepalm

another 1,000 staffers "because of the internet" - BS

- "another 1,000 staffers". They won't be another 1000 field agents, or even in positions where being recognised could be a problem. Even then, if $ENEMY can reliably recognise 2500 faces, another 1000 is no problem.

- "because of the internet". What, that tool that vastly increases productivity? Where booking a flight takes 5 minutes rather than half a day? That allows you to surveil your target remotely with a motion-capture device rather than have 10+ agents taking shifts on his doorstep? That lets you read emails as easily as postcards without having to steam open their letters? Easy funds transfers? Easy handover of blueprints?

Pull the other one, even with the scope-creep and empire-building, they must be much more productive than in the Bad Old Days

Virgin Media costs balloon by MEEELLIONS in wake of Brexit

tfewster

Re: Another Illustration of the Fact...

> Why the hell is any employer trying to tell its employees how to vote?

If a company feels Option A is best for its survival and therefore its staffs continued employment, it seems reasonable to recommend employees vote for Option A in their own best interests. OTOH, if it's purely for the shareholders/execs/customers benefit, they run the risk of pushing their peons into voting the other way ;-)

Idris Elba thrashes Night Manager Hiddleston for James Bond job vacancy

tfewster

Re: Product placement

No, no, not the ginger beer trick! Even Bond couldn't stand up to that. Even Idris Elba as Bond couldn't be expected to resist that.

You call it 'hacking.' I call it 'investigation'

tfewster

Re: HSBC

Strange, as a personal customer and a few arguments about them proving who they were first, they found a way:

"Our records say you were born on the nth day of the month; Could you confirm which month?"

or

"You have a standing order set up to $COMPANY. Can you tell me approximately how much it is for?"

Two Sundays wrecked by boss who couldn't use a calendar

tfewster
Happy

Re: At least make sure your contract include TOIL

> Cant do this last-minute shift-change on Friday? Don't bother coming in Monday!

Woo-hoo! Four-day weekend! <Homer Simpson ------------------------->

Encryption backdoors? It's an ongoing dialogue, say anti-terror bods

tfewster
Facepalm

"It's an ongoing dialogue", say anti-terror bods...

..."because we won't take 'No' (Or 'Impossible', or 'stupid' or 'fuck off') for an answer"

T-Mobile USA: DON'T install Apple's iOS 10, for the love of God

tfewster
Facepalm

Thank you, early adopters...

(Or should that be "Alpha testers"?)

...for sacrificing your phones to save the rest of us from meeting the same fate.

Alleged buggy software wrongly flunks wannabe lawyers from bar exam. What happened next won't shock you

tfewster
Facepalm

Easy target?

It's notable that they didn't sue the Georgia state bar (who have too much clout and their own lawyers), but went after the subcontractor who administered the test. Was there really a contract in place between the wannabes & the subcontractor?

Need a popcorn icon --->

Non-doms pay 10 times more in income tax than average taxpayer group

tfewster
Facepalm

@paulf re: fair share

Define "fair".

Pay for what you use? Absolutely, including paying employers NI for your personal housekeeping staff.

Subsidise those who can't afford to pay for what they use? OK, no problem.

Subside those who can afford to pay but don't want to? Fuck right off.

The "average" person who pays 5K p.a. in income tax probably pays out about 15K p.a. in all "taxes" - income tax, VAT, council tax, road tax, energy tax, insurance premium tax. Still less than the average non-dom pays in just income tax. So what do they get for their money? How is it "fair" to them? Are they burdening the NHS? Schools? State pensions?

Sorry Nanny, e-cigs have 'no serious side-effects' – researchers

tfewster
Holmes

Re: Addiction: yup

There are plenty of those wonderful flavours available with 0mg nicotine. Go ahead wanna-be-cool-kids, your peers won't know.

And nicotine addiction is fairly easy to break - It's the routine of smoking that's hard to break.

Even smart people have trouble ----------------------------->

(Seriously though, breathing in any sort of vapour is probably not good for you, even if it's orders of magnitude less risky than smoking).

Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

tfewster
Facepalm

Re: Hoist by their own Petards

Hoist by their own Retards, more like. And I look forward to hearing of some CFO's being sacked and sued for such gross misconduct.

Hollywood offers Daniel Craig $150m to (slash wrists) play James Bond

tfewster
Joke

Or someone closer to home?

I expect jake could meet those criteria.

Cooky crumbles: Apple mulls yanking profits out of Europe and into US

tfewster
Facepalm

Very patriotic

Apple would rather pay 40% tax on European profits to the US than 12.5% to Ireland?

They don't even have that choice if they're hit with an order for back taxes. But I'm sure Uncle Sam would appreciate any excess that gets repatriated.

Windows Update borks PowerShell – Microsoft won't fix it for a week

tfewster
Facepalm

Re: Just put us all out of our misery, MSFT...

I'm a Unix guy, but in fairness to Powershell - It's way more than just a shell. I needed to test SSH connectivity from a locked-down Windows server to some Linux/Unix boxes, and Powershell has a utility to do that (proving to me that some connections were blocked by a firewall).

Who knows what else it can do (when it's working)?

Mozilla's trying on seven hot new spring/summer logo looks

tfewster

And "Moz://a" is techy, flexible and easy to reproduce - Making it memorable and (I predict) self-promoting, so they can save some money on the rebranding.

You shrunk the database into a .gz and the app won't work? Sigh

tfewster
Facepalm

Not a backup error as such, but related

Customer had a DG Aviion with a QIC drive for weekly OS backups and a DAT drive for daily data backups. A new office administrator is told the routine, and successfully backs up the system for 4 nights. Friday, 6pm, I get a panicked phone call: "I did the daily data backup and pressed the little button next to the little green light to eject the little data tape from the little drive. Then I pressed the big button next to the big green light to open the big tape drive - and everything went off!". Understandable, but the QIC drive has a latch, not an eject button. That was the power button. Unfortunately the database software has no consistency checking and is almost certainly corrupted, so a full restore is necessary. And, of course, an amendment to the Operators guide & training.

Another customer, another Aviion, another day. A colleague is replacing a faulty console on the bench above the server. Leaning over on tiptoes to disconnect the cables from the dead monitor, he hears an ominous "click". Looking down, he sees his knee has pressed the servers power button. The slightest move, and the button will pop out and the power will be cut. No-one else around and no phone in reach. So veeery carefully, he drags the keyboard over, logs into the server (blind, remember), sends a message to everyone to log out NOW, shuts down the database and then the server, just before his trembling legs betray him and his knee slips off the button. Phew. He restarts the server and the database, and has just finished checking everything when the customers IT guy storms in to find out why the server is down. Our hero explains and, as he managed to avoid losing the customer a days worth of data input and several hours of downtime to restore the database, gets bought dinner & drinks instead of the expected bollocking.

Adblock Plus blocks Facebook's ad-blocker buster: It's a block party!

tfewster
Facepalm

re: you're being manipulated

Yeah - didja know there's a car that will READ your texts to you?! Don't know the price, MPG, comfort levels, reliability or any of the old fashioned ways of picking a car but, wow, I want one that can do THAT!

Unfortunately I don't know the make or model either, so I can't buy one.

I think it was blue.

Or there's the one that does donuts. That was red. Definitely. Or was that the one with the American?

tfewster
Facepalm

Re: upvote

But...almost everyone on the Internet was born on the 1st of January (maybe it's only you that puts in your real date of birth?). So, by the combined wisdom of Astrology and t'Internet - we ARE all the same.

Families of men slain by ISIS gunman told: No, you can't sue Twitter

tfewster
Trollface

I'm torn on this one...

...Yes, they're a common carrier, with no responsibility for content; Yes, they respond to complaints ASAP; Yes, it's sue-happy Americans looking for someone to blame. But, on the other hand, I'd love to see Twitter get clobbered .

Hilton hotels' email so much like phishing it fooled its own techies

tfewster

Re: I'm having trouble deciding..

Thanks for the links - Interesting reading! My view is that I'll put no more effort into cancelling something that I did subscribing to it. 5 minutes, tops, including searching for an "unsubscribe" button or else emailing them. After that, I de-authorise them with the bank/Credit card company (another 5 minutes), and it's no longer my problem.

Oh, unless they get nasty - Chasing invoices or threats to my credit rating - in which case I escalate, by informing them of MY charges for handling their "account" with me, CC'ing the MD and a couple of consumer advocates. I love it when they try that!

London's Met Police has missed the Windows XP escape deadline

tfewster

Re: What to do

Hi Commswonk - You're right to warn of possible pitfalls - all those could be issues and should be examined. IMHO, they're not showstoppers though:

- Linux Mint (for example) uses pretty much the same user interface as Windows XP/7. And Open Office and web browsers haven't reinvented the wheel either. If you know what you want to do, you'll find it in a few seconds of looking.

- Compare with Windows 8/10 or a tablet OS, which I believe are a much bigger retraining exercise. Though many people trained _themselves_ on how to use a smartphone, so a) they can adapt and b) they're willing to change if they see a benefit.

- I expect First line support would adapt even more quickly (where needed - see above). 2nd & 3rd line would need to retrain or skills bought in, agreed.

- App rewrites? It's been done once to convert to browser apps, and again to produce tablet apps. I find it hard to believe there are many custom or high-powered desktop apps in general use - Apart from the backroom boys (Macs & GUIs written in VB to trace IPs?)

So be cautious, but don't reject the idea out of hand. There will be an up front cost, but saving about 1K per desktop on software costs allows more to be spent on support and development.

Protect your staff from Toronto's terrible Twitter trolls, bosses told

tfewster
Go

Re: Please tell me again why

...announcements of delays and closures...?

To be honest, this is the first application of Twitter I've seen that I thought might be useful. Sure, messages that could be filtered to only cover an individuals daily route would be better, but building on an established platform makes sense.

Forget security training, it's never going to solve Layer 8 (aka people)

tfewster

Re: Layer 8 is Financial

User errors (collected over the years):

'Loose Nut on Keyboard'

PEBKAC - Problem exists between keyboard and chair

PICNIC - Problem In Chair Not In Computer

PIMS (Problem In Meat-Space)

ID-ten-T error - ID10T

Layer 8 problem (OSI 7 layer model); Layer 7 is the Application, so Layer 8 would be the user

CISSP: 11th Domain

Telling the user, "I need you to FOCUS." - Focus meaning Fuck Off Cuz Ur Stupid

"code 18" meaning the problem is 18 inches from the screen

ESO error - Equipment Superior to Operator

User Error, please replace User and retry

Keyboard driver is non-compliant. Replace and try again

Critical bug with the wetware processor.

Due to a corrupt kernel resulting from a stack overflow due to exceeding maximum buffer length of 1 bit. The user must be rebooted.

Black Hats control Jeep's steering, kill brakes

tfewster
Devil

Re: Why?

> Why can a car without any self-drive or collission-avoidance tech even turn its own steering wheel?

The 2014 Jeep Cherokee has self-park, so can turn it's own steering wheel when hands-off. So now you just have to disable the safeties that say "engage only in reverse, at low speed and when guided by sensors". Q.E.D. ;-)

I was quite happy my power-assisted steering and ABS would at least fail gracefully until SImon Hobson gave me new nightmares by pointing out how even they could be weaponised :-(

Christine icon, obviously ->

tfewster
Joke

Re: Yeah, maybe

Luckily, Jeeps are (or were) designed for off-road use, so not a problem.

Kaspersky so very sorry after suggesting its antivirus will get you laid

tfewster
Facepalm

Re: An On-Purpose

A perfect opportunity for a politicians apology: "We apologise to anyone who took offence"

Happy Sysadmin Day!

tfewster

..explain to me why we do this?

It's a dirty job, but someone's gotta do it.