Posts by alain williams

They have been hacked by OfficeWorld

who are now doing great business selling note books & pencils!

They will buy it ...

then a year later decide that it was over valued and take the previous owner to court.

Put coffee in non-spill containers

Is that really that hard ? There are many such cups - should be able to get them cheap from what is left of Mothercare.

What Vodafone should really do

is to actually hire UK based expertise to run its own networks and not outsource to companies in other countries. Eg IBM & EDS, IBM (more if I could be bothered to search more). However they are all at it.

If you give people in other countries the keys to your network then you can't really complain if they use them. This is as much a comment about Huawei as Cisco, Ericsson, IBM, ...

If the UK government was serious about security this is what they would push for. It would have the added bonus of creating skilled jobs here.

A nice overview.

So: neither Huawei nor Cisco

Has anyone done analysis on how spook-clean are Nokia & Ericsson ?

How easy it is to fool

these services that we increasingly rely on. This guy did it as a prank and probably caused little harm. What if he had been malicious ?

Far better to spend the nuke money ...

helping people & organisations to make their systems robust -- and with good, tested backups.

Hopefully the UK will follow this

as it is very much to the benefit of the consumer. Hopefully Boris is sane enough to not decide that the UK should not adopt this just to show that we are independent; but I'm not convinced.

Sorry: the word 'not' appears too many times in the above sentence.

3 laws for AI

Ah, crafted in a more innocent age when the general belief was that we all work together for a common good.

Today is a post truth era where corporations (CEOs & their lackeys) & politicians will say whatever bollocks they think will bamboozle us to overlook the current heist that they are trying to pull off. AIs will do whatever their masters direct them to do; ie they will work to the benefit of the corporation or government that owns them, they will have scant regard to the harm that they will cause to the rest of us.

This piece by a FT columnist is worth looking at.

HCSEC is auditing Huawei code

By all accounts this code has quality problems, but is the equivalent code from Cisco, Ericsson, Nokia, Intel, Qualcomm, etc, any better ? I suspect not.

Why does Huawei not just open source its code (eg upload to Github) and make it easy for users to install their own version ? They can make their money selling hardware & support. This would mean that:

* it would be hard for others to claim hidden back doors

* many programmers could work on & improve the code

Yes: that would still leave the possibility of deliberate hardware bugs - but that is harder to do & so harder to be accused of.

I do appreciate that doing this is harder than just uploading the code, but it would be doable.

So will we also limit other "high-risk" suppliers

like Cisco ?

RAM clear on power off ?

Does this mean that operating systems running with this ULTRARAM will need to wipe memory before it powers down ? If not then crooks/Gov't-spys could move the RAM chips into a reader and get passwords, keys, etc.

There was a story a couple of years back about being able to read RAM after a reboot, but this needed to be done in a few seconds. With this it could be done at leisure.

Another corporation vs government war

The large corporations will play whatever tricks that they can to maximise profits. Governments should act** to the benefit of its citizens and thus keep the corporations under control. The EU has tried to do this and in some case succeeded - but they do need to do much more. Stopping the relocation of profits to some low tax country must be the next as is charging substantially different prices for the same thing in different countries.

** They should, but governments are controlled by people who are susceptible to 'persuasion' such as a high paying job when having left office or 'campaign or research contributions'.

Would you trust a USA court ...

to give Lynch a fair trial ?

Should not passwords be one way encrypted ?

I get the impression that passwords, etc, were published in plain text. I always thought that best practice was to store passwords encrypted/hashed and compare this when doing authentication.

Have I got this wrong ?

All of this would have never happened ...

if ICANN had not decided that it would print itself lots of money by having all of these stupid new top level domains in the first place.

"there will not be a Windows 11"

Maybe not, but that is just the name, a marketing thing. I fully expect that future versions of MS Windows 10 will change the profile of hardware needed to run it and also drop support for some items of hardware that are in use today.

The result will be that occasional hardware refreshes will be needed - but people will be unaware of the need until after an update has landed and either performance drops as the machine is not beefy enough or it just does not work resulting in a panic hardware upgrade.

How does this compare ...

with the loss of non-electronic items ?

what is the total number of these gizmos - ie what percentage were lost in any year ?

Should be hosted in the UK by a UK organisation

More secure - less easy for the USA get see what we have (qv Patriot Act)

Generate jobs in the UK

Develop UK skills

Pay UK taxes

This seems out of proportion to the offense

The cost of keeping him in chokey for that long will be much, much more than £5. Many weekends doing community service, or similar, will be cheaper, not cost him his job and enable him to care for his child.

"Believed to be operating out of North Korea"

is there real evidence ?

I ask as this is highly political and it would serve several politicians well to be able to point fingers at the NORKs and say "nasty, dangerous". The trouble is that, unfortunately, I trust our politicians & their lackeys less & less - just look at Boris & Trump.

Flinging out malware & blaming someone else would be a good wheeze for all sorts of spooks & governments.

I am not saying that Kim Jong-un is a saint, but I doubt that he is the source of all evil.

Two conflated things

1) We are told that advertising is important as it pays for the web sites that we visit.

2) Analytics: building up a profile of who has visited which pages.

I can live with (1) as long as they: are discrete; don't make my browser slow or download large files; etc. If a web site were to serve these up along with what I came to look at I would probably be OK with it - as long as it did not tell the advertiser who I was.

One trouble with (1) is that 3rd party advertisers do not trust web site owners when they say that they have served an ad up X thousand times. This is one reason that they are served up as links back to the advertiser's web site - bang goes my privacy, the advertiser can track me as I browse the web. They also set cookies, etc, to help them track me.

What is worse is that most adverts are served up by first running some Javascript in my browser; very often this will also snarf information about me and send this to the advertiser - so they know even more about me. This is also how the Internet data vampires work (eg Google, Facebook), they build up bigger pictures of who/what I am - far more detailed than individual web sites can do.

Then there is also the Javascript in many web sites which is just (2). This is pure evil. Much can be easily stopped with NoScript or similar, but this can make some sites fail to load properly - thus most of my friends will disable NoScript quite quickly, that is if I persuaded them to install it in the first place.

It was an election promise ...

did you expect any real action ?

How much is this costing them ?

How much more would it have cost to have done a proper job and secured their systems in the first place?

I suspect that some bean counter decided that the cost of good security was not worth it -- after all "it will not result in any extra business - will it ?"

Blame will probably be given to some lowly techie who was given neither the time nor the money to do it properly. If someone higher up the management chain is fingered they will get a nice golden parachute and told to keep quiet.

"records that are said to be anonymised as necessary"

and then promptly de-anonymised. This has happened in the past and will happen again.

The only way of, maybe, avoiding this is: deep audits to see what happens with the data. When de-anonymisation is found huge fines must be paid, not by the organisation but by: the individual who did it, their line manager and the CEO.

ConCrap ?

That would seem about accurate.

How rapidly were the cans opened ?

This seems to me to be the most important factor, one that they did not investigate.

Pull the ring quickly, rapid loss of internal pressure and the beer will fizz out.

Pull slowly opening it a crack, wait for the internal pressure to reduce and then complete the opening and little beer will be wasted.

I thought that most kids learned this with bottles of pop.

My GP wants my email address

This confirms my decision to not give it to them.