* Posts by veti

3118 posts • joined 25 Mar 2010

A day in the life of London seen through spam and weak Wi-Fi

veti Silver badge

Re: Tsk, tsk, Dabsy

I learned about a week after getting my first smartphone that guest WiFi is not worth connecting to anywhere at all. Not even in your own office.

Curiously enough, this is even true in my own home. My router supports a guest login as well as the real thing, because I thought it might be useful, and now I know better but I can't be arsed to disable it.

It's May 2. Know what that means? Yep, it's the PR orgy that is World Password Day... again

veti Silver badge

Re: Can a grownup, please...?

In fact, I'd say the "CorrectHorseBatteryStaple" cartoon is a rare example of XKCD getting it badly wrong.

The issue is: scaling. The XKCD approach only works because nobody targets it. If we all started doing that, attackers would quickly rewrite their algorithms to crack it (by stringing together random words - "dictionary attack" would take on a whole new meaning), and we'd very soon be much worse off than we are today.

Maths: The average native English speaker has an active vocabulary of about 20,000 words (actually I'd be prepared to bet, a very large fraction of users would choose from a much smaller subset of words - but let's take 20,000 as a base for calculation). If you string four of those words together at random, that gives you (20,000 ^ 4 = ) 1.6e17 possible sequences. That's - not much better than an 8-character conventional password (if assembled from the 92 characters I can easily type from my keyboard, 92 ^ 8 = 5e15). A 10-character password is 250 times more secure.

And sure, you can add random shit to it to make it harder to guess - but once you start doing that, the supposed gain in "memorability" promptly vanishes, and you're left doing a lot more typing to achieve the same level of security you could have in a much smaller field.

veti Silver badge

Re: Can a grownup, please...?

Two words: legacy systems.

All the fun stuff in database development was done back in the 1980s, when "hacking" was a sport indulged for fun and kudos, not a major criminal business, and neither bandwidth nor processor power was sufficient to support dictionary attacks. The databases and textbooks we use today are linearly descended from those developed back then. It's amazing how much hasn't changed.

It's hard to change this stuff, because basically everyone is accustomed to the present regime and has an inbuilt prejudice against radical change.

There's also a whiff of faddishness about the advice in this area. For years it was "lower/uppercase plus numerals", then "special characters" were added to the recommendation, and now there's bitter controversy (see, e.g., TFA as opposed to your own comment) as to whether "CorrectHorseBatteryStaple" is better or worse than "5CWr`R?EV8]K". I can't blame sysadmins for being leery of any single piece of advice, unless and until it gets endorsed or forced upon them by a higher authority.

'I do not wish to surrender' Julian Assange tells court over US extradition bid

veti Silver badge

Re: re. Journalism is investigating, collating, and then writing it up in a neutral fashion

Journalism is about bearing witness. It's about publicly saying, day after day, "these are the things I saw and heard".

Doing it regularly is important (part of the word comes from the French jour - it's something you do every day. Even when nothing exciting is happening. After all, negative results are as important as positive ones.)

So really, the truest form of journalism nowadays is what you'll find on random blogs on Facebook and elsewhere. Second best is the ailing industry of local newspapers.

But - here's the rub - legally, "journalism" is just writing, no different from a private letter or a novel. A senior BBC correspondent doesn't have the right to report anything that you or I couldn't report just as well. (What they have is contacts that will help them to find out about it, and occasionally lawyers who will help them stand up to powerful people. But that's just a matter of resources, not rights.)

veti Silver badge

"Being a journalist" is neither here nor there. "Journalists" have exactly the same rights and responsibilities as everyone else, no more and no less, and they can be charged with all the same crimes.

(At least that's the way it works in semi-civilised countries, such as the US and UK. Discrimination is increasingly being introduced in the barbarian world (e.g. Australia), but that's out of scope for this case.)

Hey, those warrantless smartphone searches at the US border? Unconstitutional, yeah? Civil-rights warriors ask court to settle this

veti Silver badge

Re: they need "reasonable suspicion"

The phrase "reasonable suspicion" has a specific meaning in US law. "They looked dodgy" doesn't cut it.

veti Silver badge

Please stop spreading misinformation

You do not recall correctly, or you were not informed correctly. The ACLU has a less hysterical summary here.

Highlights:

- At the border, searches of people, luggage or vehicles are considered "routine" and do not require either a warrant or reasonable suspicion

- Within 100 miles of the border, the Border Patrol can still operate, but they need "reasonable suspicion" to pull anyone over.

Note also that the 4th amendment talks about "searches and seizures", suggesting that the degree of intrusiveness of the search may be relevant. Confiscating someone's property for months on end is considerably more intrusive than merely inspecting it on the spot, and may (possibly) be ruled to require a stronger justification.

Julian Assange jailed for 50 weeks over Ecuador embassy bail-jumping

veti Silver badge

The extradition treaty doesn't work like that.

Of course, with Trump in charge he might decide to break those rules, but I don't imagine he'd think it worth it.

veti Silver badge

Re: After 50 weeks

You don't get to choose where you serve your prison time.

That's pretty much the whole point.

Self-taught Belgian bloke cracks crypto conundrum that was supposed to be uncrackable until 2034

veti Silver badge

Once the method is understood, speeding it up becomes trivial. If it can be done in 3.5 years now, it'll be possible in 3.5 hours within a decade.

Gather round, friends. Listen close. It's time to list the five biggest lies about 5G

veti Silver badge

You could have said the same about desktop Internet connections, 20 years ago.

Build the infrastructure and the apps will follow.

Sounds like a terrible idea to me, but it will work.

Bitcoin drops 7 per cent on New York Attorney General's allegations of $850m fraud by Bitfinex

veti Silver badge

Surprising nobody...

... Bitcoin continues to fail at offering any of the utility of actual money.

Medium of exchange? Ha.

Store of value? Ha ha.

Measure of value? Bwah ha ha.

If you're still tempted, try investing in lottery tickets instead. At least you don't get robbed that way.

Microsoft: Yo dawg, we heard you liked Windows password expiry policies. So we expired your expiry policy

veti Silver badge

Sure, but GGP devoted a lot more words to complaining about complexity than expiry.

Complex automation won't make fleshbags obsolete, not when the end result is this dumb

veti Silver badge

Re: Apathy

I agree. People are just as capable of being dumb as computers. If you outsource your planning to someone, whether fleshy or digital, and then don't check the results - before they become time critical - you deserve what you get.

veti Silver badge

Re: I see that you folks are trying to get to Timbuktu ...

And I've been flying on Airbuses for decades now. Seems to work well enough.

veti Silver badge

Re: Timezones

Timezones are a terrible example of the problem. The fact that a lot of software specs have not devoted enough thought to this narrow subject - should not surprise us. It's not the sort of thing that excites great passion in programmers, nor does it seem serious enough to be worth withholding the release, so it gets forgotten.

That doesn't mean it's impossible. Just - so boring that no one can bring themselves to think it through. It's actually an area where a robot would probably write better software than a human, if only someone could be bothered to make it.

Sophos antivirus tools. Working Windows box. Latest Patch Tuesday fixes. Pick two: 'Puters knackered by bad combo

veti Silver badge

Since time immemorial, people have been saying "what the world needs is a cut down version of $SOFTWARE without all the cruft". Lots of them have developed and published such software.

None of those people got rich.

Joel Spolsky has an excellent post about why this is. Googling "the 80/20 myth" should find it. Long story short, no two people will agree on precisely which 80% of features they don't want.

Rising sea levels? How about the rising risk of someone using a nuke?

veti Silver badge

Re: @TheVogon ... How about both?: Rising sea levels and nuke use

If the picture were as simple as that, you would expect to see Germany's fossil fuel use rising as nuclear plants shut down. But that hasn't happened. The slack, plus a bit more, has been taken up by the renewables you disparage.

Sure, it would be better to combine those with nuclear power. But if there is a strong political will to abolish nuclear in Germany, then it makes no sense to rail against it.

FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge

veti Silver badge

Re: You can pry my password from my cold, dead lips.

If the cops have a warrant, then by definition there is no fourth amendment issue. The judicial branch has already ruled that the search is "reasonable".

California's politicians rush to gut internet privacy law with pro-tech giant amendments

veti Silver badge

Re: Meteor. Sacramento. Crater.

What sort of ballot initiative is immune to small print?

Politics belongs to the people who turn up. And keep turning up. Any initiative would have to be translated into specific legislation, and that would go to the party with the longest attention span.

Bloke faces up to 20 years in the clink after gun held to dot-com owner's head in robbery

veti Silver badge

I was thinking: were people always this stupid, or are we really - as it sometimes feels - getting slightly dumber with each new generation?

If I were that obsessed with a frickin' domain name - for, what's worse, some purpose as pointless as the defendant's - I would surely have tried for an insanity defence.

We've read the Mueller report. Here's what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████

veti Silver badge

Re: oh please!

The "Sanders would have won" line is a comfort myth for the US left, but it's not based on any kind of evidence. If it's true, then basically any D candidate should trounce Trump in 2020, and I don't think that's at all a sure thing.

Venezuela's election failed the most basic test of democracy, which is to persuade the losers to accept the result. For all its problems, the US isn't currently experiencing widespread rebellion.

veti Silver badge

Re: Please just give it a break

Oh please. The troll legions reduced this whole site to a smoking crater in mid 2016, like most unmoderated spaces, as you must remember if you were here then.

veti Silver badge

Re: The Mueller report was one big nothingburger

And the Democrats should listen to your advice because... You have a long and consistent record of supporting their causes and offering sound advice that has guided their candidates to victory?

veti Silver badge

Trump isn't afraid of a pee tape. He'd release it himself, probably with his own commentary, if that's what it was about.

No, he's encouraged belief in the tapes to provide cover for why he's really buddying up to Putin. Which I'm guessing is a reason measured in dollars, not VHS footage.

Who's using Mueller Report Day to bury bad news? If you guessed Facebook, you're right: Millions more passwords stored in plaintext

veti Silver badge

Don't worry, nobody cares about the stuff you tell it voluntarily.

Huawei thanks US for 'raising 5G awareness' by banning telecom kit giant's wares

veti Silver badge

Fair point. Maybe it's just a difference in base expectations.

Easter is approaching – and British pr0n watchers still don't know how long before age-gates come into force

veti Silver badge

Re: Another Sir Humphrey moment

I think it would be more accurate to say "they have recently come to the realisation that they have got it catastrophically wrong, and are desperately groping around for the right shade of lipstick to make the subject look slightly less porcine."

veti Silver badge

Re: So kids can still watch people being blown to bits, murdered and tortured on various sites...

In case you hadn't noticed, children are not allowed to buy many of those games either. And the sites are usually blocked as soon as someone notices them, not just for kids but for everyone.

Porn is different because a lot of people *do* want it let through.

veti Silver badge

Re: Sex, Drugs Rock n Roll

Have you? Can you point to an actual example, anywhere in the world?

veti Silver badge

What the laws will do is create a market for ways to circumvent the restrictions.

Who do you think lobbied for the laws in the first place?

veti Silver badge

Re: how about a simpler system

Hello, welcome to the Internet. You must be new here.

(If you think that's "simple"...)

Did someone forget to tell NTT about Brexit? Japanese telco eyes London for global HQ

veti Silver badge

Re: Trading only on WTO terms?

That was a long time ago. There *was* no "WTO" back then.

I agree with you, I think there is a truly unbelievable amount of doom-mongering going on right now among Remainers who have still not given up on the dream of reversing the referendum result. And on a purely personal basis, I hope they succeed. But I wish both sides could start using rational arguments presented in good faith, because decisions made in a state of hysteria are unlikely to stick.

veti Silver badge

That's not fair. We're also potential customers, and potential shareholders.

How else would you like them to think of us, exactly?

veti Silver badge

Remainers have been banging on endlessly about the relentless Brexodus of companies and jobs from the UK.

You can't blame Leavers for wanting to point out that there are swings as well as roundabouts.

veti Silver badge

Re: We are considered pretty trustworthy globally ...

That's not stealing, that's (at worst) freezing assets - which is standard operating procedure when it's unclear who should be entitled to them.

Since Maduro is not recognised by the UK (and other EU governments) as the legitimate ruler of Venezuela, of course he shouldn't be allowed to pull that country's gold. When Venezuela gets its government sorted out, then that government will have access to the money again.

Article 13 reasons why... we agree with EU, nods Britain at Council of Ministers

veti Silver badge

Re: So more cheap entertainment being killed

People uploading their own shit on YouTube are welcome to keep doing it. But you know very well that a lot of the most-viewed videos are nothing but cheap rips of broadcast material.

The greatest con trick that publishers pulled off in the past half-century was painting copyright as something between creators and consumers. In reality, copyright was always meant to manage the relationship between creators and publishers. In the internet age the whole class of "publishers" have pretty much written themselves out of the legal picture, and it's high time they were put back there.

veti Silver badge

Re: 'making Google's vid-hosting platform liable for infringements on copyrighted material would'

Monty Python's Flying Circus aired from 1969 to 1974. Under UK law it will start emerging from protection on 1 January 2020. Of course there is some older Python material, but not much - Flying Circus is generally regarded as their golden age.

Either Facebook is building yet another massive bit barn in Iowa, and doesn't want you to know about it....

veti Silver badge

Re: every data centre job, there were five jobs supported elsewhere in the economy

Pizza - OK, granted, there may be a slight boost to that sector. Probably not enough to support a whole new restaurant, but maybe improve the menus of one or two already there.

Coffee - they'll surely have their own coffee machines in the building, so limited gain there.

Taxis - I think you'll find Uber is more their speed.

There will be a few jobs, but not enough to buck up the whole town - probably not enough to replace the housing the new workers will fill up. Now, if more digital companies started to come to town in order to be close to Facebook, that would be another story.

Facebook is not going to Like this: Brit watchdog proposes crackdown on hoovering up kids' info

veti Silver badge

Facebook's response makes a good point

Why shouldn't these measures apply to everyone?

A quick cup of coffee leaves production manager in fits and a cleaner in tears

veti Silver badge

Re: Builders...

What would be nice would be some kind of indicator, on every socket, of its rated load. Colour coded, maybe.

Just musing.

veti Silver badge

Re: Never Turn up Early!?

The advantage of being early is that you can see the shitstorm brewing, and with any luck you can take yourself out for a while shortly before it breaks. That way you miss out on the headless-chicken phase, and can still earn brownie points by contributing to the cleanup.

veti Silver badge

Re: So...

Yeah. They could surely have afforded a UPS.

Honestly, what was their plan for coping with a power outage? It can't have been any worse than that.

Astronomer slams sexists trying to tear down black hole researcher's rep

veti Silver badge

Right. I'm frankly surprised, as well as disappointed, that neanderthals are still considered an OK target for racism.

Most of us have neanderthals among our ancestry. They were human, and there's no - as in, zero - reason to believe that they were any nastier, personality-wise, than Cro-Magnon or any other contemporaneous humans. All we know is that they were individually bigger and lived in smaller groups.

London's Metropolitan Police arrest Julian Assange

veti Silver badge

Re: final straw?

If Assange suborned or conspired with Manning to get the leaks, then he's in trouble, yes. If not, then the US will never get him, because they'd have to show some such evidence to a UK court in order to extradite him.

(Discounting of course the possibility that the allegations relate to some other episode, such as the DNC hack.)

As for the timing - can you think of a time when it wouldn't have been "very suspicious"?

Lazarus Group rises again from the digital grave with Hoplight malware for all

veti Silver badge

Re: Disinformation

I wish people would read stories before linking to them.

You are aware that the story you link to strongly suggests that it was the North Koreans who hacked Sony?

veti Silver badge

Anyone remember when...

... the USA faced off against threats from the Soviet Union? Now it's worried about containing North Korea.

To put that in perspective: North Korea has a GDP of $12.4 billion. That's slightly smaller than Bristol (England), or in US terms it's less than the city budget of Washington, DC. That's right: Kim Jong-Un, even if he personally dictates how every one of his people spends every hour of their lives, still commands less resources than the mayor of Washington.

#MAGA indeed.

Uncle Sam wants to tackle bias in algorithms by ordering tech corps to explain how their machines really work

veti Silver badge

If the algorithm isn't following any kind of logic, then why should we imagine its decisions will provide any benefit?

If it is following some kind of logic, then it's not unreasonable to require that the owner of the algorithm should be able, on demand, to explain its process. The decision tree may be unfeasibly complicated to put into a generalised if... then structure, but it should still be possible to map the path to any particular conclusion.

If it doesn't allow for that level of accountability, then it's not fit for use.

Make America Infringe Again: Trump campaign video pulled over Batman copyright

veti Silver badge

That's right, it's nothing to do with Trump wanting to prove that the media and establishment are still conspiring against him.

As for Hillary - well, if we're going to judge people by "whose coattails they used to gain power", I'd rather vote for a woman who stayed with her philandering husband than a man who accepted the support of David Duke.

King's College London internal memo cops to account 'compromise' as uni resets passwords

veti Silver badge

Re: Multi factor authentication

Sounds reasonable. Email passed its best-before date shortly after Gmail was launched, it's virtually unusable now for work purposes.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020