* Posts by petef

136 posts • joined 13 Sep 2010

Page:

GitLab scans its customers' source code, finds it's as fragile as you'd expect

petef

Public?

I do hope that they were only scanning public repos and not private.

What a Hancock-up: Excel spreadsheet blunder blamed after England under-reports 16,000 COVID-19 cases

petef

But they would use a spreadsheet to do that task.

It's Google's hardware launch day, and what do we get? A few Pixel phones, Nest kit, and another Chromecast

petef

Hold For Me?

I wonder how well Hold For Me performs. I have had too much experience recently of contacting utilities, etc on behalf of an elderly relative. The general pattern is to play muzak for a bit and then tell you how important your call is to them. I had my hopes raised the first few times, I don't think a bot would fare much better. The worst was AA insurance who I gave up on after 45 minutes on hold. Their repeated message was "we are here for you 24/7", patently not. They eventually responded to my earlier email after two days. I say the worst but I am into my third month of waiting for BT to switch to the Basic account we are entitled to.

UK mobile network EE plumps for Nokia to provide that all-important 5G RAN equipment

petef

Made in ...

So is Nokia gear all manufactured in Finland? Just asking.

NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'

petef

BlueFrag

Leaving aside support for Android 5 and earlier, Android 6 to 9 are vulnerable to click-free exploitation by BlueFrag if you turn on Bluetooth as required by the app. Android 10 can only be DOSed.

Security patches may be available, a security update of March 2020 addresses the issue. Unfortunately my Moto G5s is two years old and security updates stopped at August 2019. Customer support told me that no more security updates will be released. YMMV.

I have no other need to enable Bluetooth so I am left with a dilemma. Risk infection of my phone or myself and others. Proof of concept code for BlueFrag is publicly available so even skiddies can write exploits.

The app will not allow me to scan a QR code if Bluetooth is disabled, dumb logic.

Second lockdown? Perfect time to unveil Teams Breakout rooms and another ginormitor – the 85-inch Surface Hub 2S

petef

Clippy 2.0

"hopefully not obscuring that critical bit of information with a giant head"

Now here is an original idea. The presenter could be represented by an avatar that hides little. How about a talking paperclip?

Funny, that: Handy script for wiping directories is capable of wreaking havoc beyond a miscreant's wildest dreams

petef

Unix too

In the early days of Unix on PCs (Interactive Unix, pre Linux) my team had 386 workstations. My colleague asked me to remove my user account from their machine to free up space I did that but left just a login with a home directory of root. That should have been that but the owner then decided to completely remove my account, blithely answering yes to questions such as remove home directory. The re-install involved a box of floppies.

British Army does not Excel at spreadsheets: Soldiers' newly announced promotions are revoked after sorting snafu

petef

Excel users == skiddies?

HUGO have given up the fight on naive use of Excel. There are many pitfalls for average users.

https://www.theregister.com/2020/08/06/excel_gene_names/

Toshiba formally and finally exits laptop business

petef

Re: Not to put TOO fine a point on this comment, but...

Yes but as the saying goes it is not Toshiba's fault but it is its problem.

I could eke out more life by installing SSD. I did that with my old MacBook Pro as Apple were ahead of Microsoft on heavy disk I/O. But the keyboard is flaky and the battery needs replacing again.

On my personal laptop I happily run Arch Linux + LXQt on what is now venerable hardware.

petef

As it happens I ordered a replacement for a 7 year old Satellite yesterday. It still just about runs but Windows 10 makes heavy demands. The 2004 update took 10 hours.

I got 99 problems, and all of them are your fault

petef

I thought this would be a story of dual 5¼" floppies. Occasionally I had to retrieve one inserted between the two drives.

Wrap it before you tap it? No, say Linux developers: 'GPL condom' for Nvidia driver is laughed out of the kernel

petef

Re: TAINT_PROPRIETARY_MODULE

TAINT_NECESSARILY_SO

Google+ replacement ‘Currents’ to end beta and debut in G Suite on July 6th

petef

So should we refer to the July launch as current Currents?

petef

That Google Currents was renamed to Newstand in 2014 before being discontinued in 2018.

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation

petef

The devil you know

Leaving aside the performance hit for a moment what security analysis was done on the proposed feature? I'm not saying that it is obviously flawed but existing side channel attacks have taken a long time for white hats to identify.

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?

petef

BlueFrag

I have just had a reply from Motorola customer services confirming that my Moto G5S will not have its security level patched beyond its current Aug 2019 level. That is despite it being less than two years old. So my Bluetooth needs to remain disabled. A security level of Feb 2020 is needed BlueFrag can infect Android 8 or 9 without user interaction.

Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch

petef

BlueFrag

Android 8 and 9 are vulnerable to BlueFrag. That can steal personal data without the owner clicking anything. Android 10 is also affected but it only crashes Bluetooth, no data is stolen.

This is not directly related to the NHS app or Google's alternative but it spreads over the same channel. The only mitigation for BlueFrag on unpatched phones is to keep Bluetooth disabled.

The dodgy Android code was fixed in the Android security patch of Feb 2020. You can find out your patch level in settings, somewhere near the bottom usually.

My phone, a Moto G5S, is less than two years old but is only at an Aug 2019 security level. The Motorola web site confirms that is the latest. It seems that security updates end 24 months after the launch of a handset. So I leave Bluetooth off. I might consider short sessions in private.

https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

From attacked engineers to a crypto-loving preacher with a questionable CV: Yep, it's still very much 5G silly season

petef

Correlation is causation

What this really proves is that the coronavirus is building the 5G masts.

16 years and counting: How ESA squeezed oodles of bonus science out of plucky Mars Express probe

petef

Obligatory xkcd

It's not ESA but still https://xkcd.com/695/

Hey, friends. We know it's a crazy time for the economy, but don't forget to enable 2FA for payments by Saturday

petef

RBS have many things to answer for but did you mean to say Bank of Scotland in your institutions who are ignoring you?

Things I learned from Y2K (pt 87): How to swap a mainframe for Microsoft Access

petef

Re: help!

A scam that is used by those who purport to be from your bank is to ask for characters 1, 4 and 6 from your password. Oh I didn't catch that, please give me 2, 3 and 5.

Verity Stob is 'Disgusted of HG Wells': Time, gentlemen, please

petef

Re: phub

I was looking for “Chillaxing cockapoos phub the black swan” to be a pangram.

Brit banking sector hasn't gone a single day of 2020 without something breaking

petef

Travelex Is Totally Stuffing Unwitting Partners

A user's magnetic charm makes for a special call-out for our hapless hero

petef

I've been there. The colours were bleeding on my CRT TV so I got it down off its shelf, back off in front of a mirror, manual open to get going on static convergence. But the picture was fine. At that point I twigged that putting my HiFi speakers either side of the TV was not my brightest idea.

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app

petef

Premature disclosure

Why have Fidus gone public with this now? It is customary to give reasonable private notice so that security holes can be plugged before every skiddie is given a chance to exploit. According to Fidus they reported the vulnerability on the 18th and it was patched on the 19th. That is way too recent to have rolled out to all users. Fidus should have kept quiet.

The '$4.4m a year' bug: Chipotle online orders swallowed by JavaScript credit-card form blunder

petef

I have often wondered how many autofills populate hidden fields in addition to the visible ones.

Good old Auntie Beeb's mobile app berates kids for being rubbish online

petef

I thought that our licence fee was meant to pay for huge fees to stars (or their PSCs) quality programmes. This looks to be out of scope.

Usenet file-swapping was acceptable in the '80s – but not so much now: Pirate pair sent down for 66 months

petef

Re: Still use it

Sadly some groups are heavily spammed via Google groups. A shame really, Google were Usenet heroes for rescuing deja.com but now manage to outdo AOL.

The Eldritch Horror of Date Formatting is visited upon Tesco

petef

Re: best way so far?

One of the drivers behind ISO8601 formats such as YYYY-MM-DD and YYYY-DDD is that they are precisely defined in the standard and not in prior use. So they are fairly unambiguous. Users of the formats will know that MM ranges from 01 to 12 and DDD from 001 to 366.

Markus Kuhn has summarized ISO8601 though nowadays there is also Wikipedia.

petef

Re: Dates? Don't talk to me about dates...

The proper format is YYYY-MM-DD if you follow the international standard ISO8601 extended format. Using a period instead of hyphen would give some of the same benefits but it is not standard.

petef

Re: Julian dates WTF

Julian day number was well understood by astronomers and other savvy time watchers but then IBM in the 1970s IIRC started to use Julian day to mean ordinal day of the year. There is no connection to Julius Scaliger or Caesar.

Cloudflare gives websites their marching orders to hasten page rendering automatically

petef

Re: Speed freaks

Er not quite, it will load the adverts on your next pr0n site twice as fast.

Want to learn about lithium-ion batteries? An AI has written a tedious book on the subject

petef

As more AI generated content gets published what measures are there to stop the next round from reusing it instead of keeping to original research?

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

petef

Another simple mitigation

Does not ASLR mitigate against this attack?

A once-in-a-lifetime Opportunity: NASA bids emotional farewell to its cocky, hardworking RC science car on Mars

petef

Re: Thanks Opportunity!

And let us not forget Spirit.

https://xkcd.com/695/

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

petef

Re: Go for it, Google!

Yes, Opera is based on Chromium but its ad blocker is part of the browser not an extension.

Fake 'U's! Phishing creeps use homebrew fonts as message ciphers to evade filters

petef

No custom font is needed if you write uʍop ǝpᴉsdn. However I think that even the most gullible phishee would spot that.

HCL picks up Notes, spanks total of $1.8bn at Honest John's IBM software sale

petef

My company had a recent meeting of all employees as we are in the midst of a merger. A spontaneous cheer went up when it was announced that we were dumping Notes.

No, you haven't gone deaf – the Large Hadron Collider has been wound down for more upgrades

petef

Are they waiting for the Windows 10 1809 update?

Using a free VPN? Why not skip the middleman and just send your data to President Xi?

petef

The Opera browser has offered free VPN for the web for some time now.

Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved

petef

Re: Goodnight, Firefox

I recommend https://feedly.com. Content is synchonized across all devices. You can import and export OPML when migrating from/to other readers.

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

petef

@2Nick3 I meant undisclosed in the current incident. I agree with you that it is unlikely to be zero-day.

petef

Most people seem to be missing the point of these recent hacks. It is not important that the tool was Magecart, the language was JavaScript and the infected code was imported from a third party.

The server was compromised. The bad guys either exploited some as yet undisclosed weakness elsewhere on the server or did an inside job.

British Airways hack: Infosec experts finger third-party scripts on payment pages

petef

The RiskIQ report builds a plausible argument from the evidence it gathered.

What is not explained is how the copy of the Modernizr JS hosted by BA was compromised.

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

petef

Re: Hope it's true

AIUI special relativity say that objects with non-zero mass cannot attain the speed of light because energy applied to them just makes them heavier. There is nothing to say that objects cannot travel at the speed of light or faster, just that they cannot achieve that state from sub-light speeds.

petef

Re: Just a side note

Not quite. Antimatter has antiprotons and antineutrons at its core with positrons (antielectrons) orbiting (in the Bohr view).

Disk will eat itself: Flash price crash just around the over-supplied block

petef
Coat

Of course HDD is a cyclical industry.

Python creator Guido van Rossum sys.exit()s as language overlord

petef

Larry Wall for BDFL

Let Parrot flourish

Chrome, Firefox pull very unstylish Stylish invasive browser plugin

petef

Re: Stylus

Thanks for pointing out Stylus, I shall migrate.

One of my prime reasons for using Stylish is to read El Reg without the gratuitous headline images.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020