* Posts by petef

157 posts • joined 13 Sep 2010


How not to train your Dragon: What happens when you teach an AI game sex-abuse stories then blame players


Post Office

This has shades of the sub-postmaster "fraud" debacle. How can a computer possibly get things wrong?


AI 101

"the quality of the data used to train the model is important"

Er no, it is essential.

Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication



This is likely to be 1½FA in practice. If your phone is compromised, e.g. stolen, then it will likely be able to disclose emails, texts, etc. So these "extra" factors are nothing of the sort.

Sir Tim Berners-Lee and the BBC stage a very British coup to rescue our data from Facebook and friends


As long as you have your tin foil hat on.


Works both ways

This idea would get more traction if Facebook and co. see the benefits too rather than relying on regulation being forced upon them. Users marking up their own preferences should be more valuable than what algorithms alone can glean.

I cannot be alone in being hit with "targeted" messages in the vein of "you have just bought a washing machine, here are other washing machines that may interest you". Those are irritating and it would be commercially useful to improve.

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters


Re: four months since Apple comms last provided proof of life

Or sending the enquiry from thE regIster?

I would drive 100 miles and I would drive 100 more just to be the man that drove 200 miles to... hit the enter key


I was called upon to make a 6,000 mile round trip from Scotland to the Sinai. Once there I swiftly resolved the problem by reseating the cards in the minicomputer. In addition I had just made it home from my previous assignment at 9 am and was in my first taxi at 11 am.

It's time to delete that hunter2 password from your Microsoft account, says IT giant


Good while Authenticator works

This afternoon my broadband dropped out twice for a few minutes at a time. Openreach are rewiring the cabinet round the corner from me. On both occasions I could not reconnect to my company VPN because Authenticator failed to respond. I reset the phone which seemed to jolt it back into life.

So the data centre's 'getting a little hot' – at 57°C, that's quite the understatement


Reverse situation

I used to provide field service for systems in the deserts of the Middle East. There was one fault that was annoyingly intermittent. My approach was to turn off the AC and bake until the fault persisted. I was then able to diagnose it and so effect a repair.

Google Groups kills RSS support without notice


Google News

Despite using RSS for many years I will not miss Google Groups. I rarely use that directly but it remains the prime source of spam into mailing lists that I read using RSS via gmane.

I do however have a couple of RSS feeds from Google News searches. I wonder how long those will survive?

Google says Pixel 6, 6 Pro coming this year with custom AI acceleration


Re: ?

It's just the new Clippy. With added AI.

On this most auspicious of days, we ask: How many sysadmins does it take to change a lightbulb?


Re: Facilities are to blame

I had noticed a problem with our "help" desk and also knew how to fix it. When I called them to report that they would not talk to me without taking my cost centre. It stayed broken.

Windows 11 comes bearing THAAS, Trojan Horse as a service


Re: "and in a few short years we were liberated."

I've been using Teams native on Linux (Tumbleweed) for a while now since the web app decided that it would pwn my display. While it is woeful it seems no worse than the Windows version.

Linux Foundation celebrates 30 years of Torvalds' kernel with a dry T-shirt contest


Re: designing a T-shirt to celebrate 30 years of the software

Inscape should be able to import all three of those formats.

The phantom of the Opera is here... unveil R5 (just don't let the boss see)


You say Oslo-based but the ownership is Chinese since 2016.

First Forth, C and Python, now comp.lang.tcl latest Usenet programming forum nuked by Google Groups


Eternal September

The signal to noise of Google originated USENET content has been really low for years. So I am not sorry to lose their traffic.

Google to revive RSS support in Chrome for Android


Show me the money

I am a long time consumer of RSS (and indeed NNTP). The abandonment of Google Reader was a shock but I found that Feedly filled the gap.

RSS/Atom is a great way to disseminate content. It is poor at tracking personal user data and delivering ads. I genuinely wonder why Google choose to reinvest in it now.

Big red buttons and very bad language: A primer for life in the IT world



I still have my portable microfiche reader. You just peer through a lens and hold it up to the light.

Half of Q1's malware traffic observed by Sophos was TLS encrypted, hiding inside legit requests to legit services


In my experience most features that enhance security are adopted more quickly by the bad guys.

Opera loses Touch with iOS app: Browser maker locks and loads the rebrandogun


Out of Touch

I used Touch for many months on Android. Flow was neat but limited to a pair of devices. And now it is available in the main Opera for Android.

The killer for me with Touch was the lack of password saving.

What could possibly go wrong? Sublet your home broadband to strangers who totally won't commit crimes


What a difference an a makes

Pawn vs pwn.

GitLab scans its customers' source code, finds it's as fragile as you'd expect



I do hope that they were only scanning public repos and not private.

What a Hancock-up: Excel spreadsheet blunder blamed after England under-reports 16,000 COVID-19 cases


But they would use a spreadsheet to do that task.

It's Google's hardware launch day, and what do we get? A few Pixel phones, Nest kit, and another Chromecast


Hold For Me?

I wonder how well Hold For Me performs. I have had too much experience recently of contacting utilities, etc on behalf of an elderly relative. The general pattern is to play muzak for a bit and then tell you how important your call is to them. I had my hopes raised the first few times, I don't think a bot would fare much better. The worst was AA insurance who I gave up on after 45 minutes on hold. Their repeated message was "we are here for you 24/7", patently not. They eventually responded to my earlier email after two days. I say the worst but I am into my third month of waiting for BT to switch to the Basic account we are entitled to.

UK mobile network EE plumps for Nokia to provide that all-important 5G RAN equipment


Made in ...

So is Nokia gear all manufactured in Finland? Just asking.

NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'



Leaving aside support for Android 5 and earlier, Android 6 to 9 are vulnerable to click-free exploitation by BlueFrag if you turn on Bluetooth as required by the app. Android 10 can only be DOSed.

Security patches may be available, a security update of March 2020 addresses the issue. Unfortunately my Moto G5s is two years old and security updates stopped at August 2019. Customer support told me that no more security updates will be released. YMMV.

I have no other need to enable Bluetooth so I am left with a dilemma. Risk infection of my phone or myself and others. Proof of concept code for BlueFrag is publicly available so even skiddies can write exploits.

The app will not allow me to scan a QR code if Bluetooth is disabled, dumb logic.

Second lockdown? Perfect time to unveil Teams Breakout rooms and another ginormitor – the 85-inch Surface Hub 2S


Clippy 2.0

"hopefully not obscuring that critical bit of information with a giant head"

Now here is an original idea. The presenter could be represented by an avatar that hides little. How about a talking paperclip?

Funny, that: Handy script for wiping directories is capable of wreaking havoc beyond a miscreant's wildest dreams


Unix too

In the early days of Unix on PCs (Interactive Unix, pre Linux) my team had 386 workstations. My colleague asked me to remove my user account from their machine to free up space I did that but left just a login with a home directory of root. That should have been that but the owner then decided to completely remove my account, blithely answering yes to questions such as remove home directory. The re-install involved a box of floppies.

British Army does not Excel at spreadsheets: Soldiers' newly announced promotions are revoked after sorting snafu


Excel users == skiddies?

HUGO have given up the fight on naive use of Excel. There are many pitfalls for average users.


Toshiba formally and finally exits laptop business


Re: Not to put TOO fine a point on this comment, but...

Yes but as the saying goes it is not Toshiba's fault but it is its problem.

I could eke out more life by installing SSD. I did that with my old MacBook Pro as Apple were ahead of Microsoft on heavy disk I/O. But the keyboard is flaky and the battery needs replacing again.

On my personal laptop I happily run Arch Linux + LXQt on what is now venerable hardware.


As it happens I ordered a replacement for a 7 year old Satellite yesterday. It still just about runs but Windows 10 makes heavy demands. The 2004 update took 10 hours.

I got 99 problems, and all of them are your fault


I thought this would be a story of dual 5¼" floppies. Occasionally I had to retrieve one inserted between the two drives.

Wrap it before you tap it? No, say Linux developers: 'GPL condom' for Nvidia driver is laughed out of the kernel




Google+ replacement ‘Currents’ to end beta and debut in G Suite on July 6th


So should we refer to the July launch as current Currents?


That Google Currents was renamed to Newstand in 2014 before being discontinued in 2018.

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation


The devil you know

Leaving aside the performance hit for a moment what security analysis was done on the proposed feature? I'm not saying that it is obviously flawed but existing side channel attacks have taken a long time for white hats to identify.

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?



I have just had a reply from Motorola customer services confirming that my Moto G5S will not have its security level patched beyond its current Aug 2019 level. That is despite it being less than two years old. So my Bluetooth needs to remain disabled. A security level of Feb 2020 is needed BlueFrag can infect Android 8 or 9 without user interaction.

Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch



Android 8 and 9 are vulnerable to BlueFrag. That can steal personal data without the owner clicking anything. Android 10 is also affected but it only crashes Bluetooth, no data is stolen.

This is not directly related to the NHS app or Google's alternative but it spreads over the same channel. The only mitigation for BlueFrag on unpatched phones is to keep Bluetooth disabled.

The dodgy Android code was fixed in the Android security patch of Feb 2020. You can find out your patch level in settings, somewhere near the bottom usually.

My phone, a Moto G5S, is less than two years old but is only at an Aug 2019 security level. The Motorola web site confirms that is the latest. It seems that security updates end 24 months after the launch of a handset. So I leave Bluetooth off. I might consider short sessions in private.


From attacked engineers to a crypto-loving preacher with a questionable CV: Yep, it's still very much 5G silly season


Correlation is causation

What this really proves is that the coronavirus is building the 5G masts.

16 years and counting: How ESA squeezed oodles of bonus science out of plucky Mars Express probe


Obligatory xkcd

It's not ESA but still https://xkcd.com/695/

Hey, friends. We know it's a crazy time for the economy, but don't forget to enable 2FA for payments by Saturday


RBS have many things to answer for but did you mean to say Bank of Scotland in your institutions who are ignoring you?

Things I learned from Y2K (pt 87): How to swap a mainframe for Microsoft Access


Re: help!

A scam that is used by those who purport to be from your bank is to ask for characters 1, 4 and 6 from your password. Oh I didn't catch that, please give me 2, 3 and 5.

Verity Stob is 'Disgusted of HG Wells': Time, gentlemen, please


Re: phub

I was looking for “Chillaxing cockapoos phub the black swan” to be a pangram.

Brit banking sector hasn't gone a single day of 2020 without something breaking


Travelex Is Totally Stuffing Unwitting Partners

A user's magnetic charm makes for a special call-out for our hapless hero


I've been there. The colours were bleeding on my CRT TV so I got it down off its shelf, back off in front of a mirror, manual open to get going on static convergence. But the picture was fine. At that point I twigged that putting my HiFi speakers either side of the TV was not my brightest idea.

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app


Premature disclosure

Why have Fidus gone public with this now? It is customary to give reasonable private notice so that security holes can be plugged before every skiddie is given a chance to exploit. According to Fidus they reported the vulnerability on the 18th and it was patched on the 19th. That is way too recent to have rolled out to all users. Fidus should have kept quiet.

The '$4.4m a year' bug: Chipotle online orders swallowed by JavaScript credit-card form blunder


I have often wondered how many autofills populate hidden fields in addition to the visible ones.

Good old Auntie Beeb's mobile app berates kids for being rubbish online


I thought that our licence fee was meant to pay for huge fees to stars (or their PSCs) quality programmes. This looks to be out of scope.

Usenet file-swapping was acceptable in the '80s – but not so much now: Pirate pair sent down for 66 months


Re: Still use it

Sadly some groups are heavily spammed via Google groups. A shame really, Google were Usenet heroes for rescuing deja.com but now manage to outdo AOL.



Biting the hand that feeds IT © 1998–2021