* Posts by Wensleydale Cheese

1381 publicly visible posts • joined 28 Jan 2011

Page:

Email security crisis... What email security crisis?

Wensleydale Cheese

Re: Email is absolutely broken...

"Just how are you going to know that the person purporting to be Alice is really Alice? That's why key signing parties were a thing back in the '90's. Without a sort of central registery for certificates, you aren't solving the problem of absolutely knowing that it's not really Eve."

Your mention of Alice and Eve had me trying to remember the other characters used as examples in security scenarios. I managed Bob and Mallory but didn't realise the list was so long:

Alice and Bob - the full cast of characters

For commentards who don't know who these folks are, that page starts with:

Alice and Bob are fictional characters commonly used as placeholder names in cryptology, as well as science and engineering literature. The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A method for obtaining digital signatures and public-key cryptosystems."[1] Subsequently, they have become common archetypes in many scientific and engineering fields, such as quantum cryptography, game theory and physics.[2] As the use of Alice and Bob became more popular, additional characters were added, each with a particular meaning.

Post-silly season blues leave me bereft of autonomous robot limbs

Wensleydale Cheese
Joke

"Depends on what fabric you're using... apparently Brocade is quite fast."

Is it colour fast though?

Wensleydale Cheese

Re: Klaus Nomi’s rendition of Purcell’s Cold Song

That's a few minutes of my life I won't get back

And I was sur Le Continent* when that was allegedly a hit.

I obviously listened to radio stations that had more taste, because I managed to avoid it completely.

* that period completely messed up my ability in Pub Pop Quizzes on my return to Blighthy: "What year was this song a hit?" was particularly problematic, because it might have been a hit in Europe in 1982 but not in the UK until 1985, and vice versa.

Windows Server 2019 Essentials incoming – but cheapo product's days are numbered

Wensleydale Cheese

Re: Print server?

"If you pick up a formerly expensive printer from ebay then you bypass the high acquisition cost but still benefit from the low running costs. "

It can be even better than that. A decade or so ago I saw the duplex version of my HP LaserJet on my local equivalent to eBay., It came complete with JetDirect card and a couple of unused cartridges and all for a fraction of the price of a new JetDirect card alone.

I really should have grabbed it at the "Buy Now" price.

I've seen the future of consumer AI, and it doesn't have one

Wensleydale Cheese
Unhappy

Grr...

"It's on a computer, therefore, by definition, it is easy to use."

Grr. Online banking makes your life easier. Grr.

Not when it refuses to work. You now have to find a physical bank, and of course that once convenient local branch closed down years ago,

Grr.

Wensleydale Cheese

The damage a kettle can do

"That's not a kettle that's a remotely activated explosive device (potentially).

You could at least take out a teacup or two and a stretch of kitchen counter."

As a young teenager I took out a kitchen window with a kettle.

New non-automatic kettle. The old one rattled its lid when coming to the boil, the new one didn't. As was my wont, I wandered off into another room until it was done, but no sound of rattling lid meant I didn't realise it had come to the boil and was shooting hot steam up the window.

It was an impressive sounding crack when the window went.

Sealed double glazed unit too, so it was an insurance job.

Much grief from parents ensued.

Trainer regrets giving straight answer to staffer's odd question

Wensleydale Cheese

Re: you call that Loud :)

"Yes the old DMP were noisy enough to wake children."

The noisiest one printer had at home was the daisywheel which came with the Amstrad 9512.

I bought some continuous paper for it and set large print jobs off when I was taking the dog out for a walk or nipping to the shops, so that I didn't need to be in the house while it was going.

With any luck the paper wouldn't jump the sprockets while I was out...

Fast food, slow user – techie tears hair out over crashed drive-thru till

Wensleydale Cheese

giving free support to a competitor

In the early 90s my boss was keen on Apricot's latest offerings and recommended them to various folks.

Apricot in their wisdom (cough) then started advertising them at a lower price than we could get them for, so one potential customer bought direct from them instead.

The cheeky blighter thought that just because we had recommended them, we should offer free support. We had to explain time and again that if he had bought from us, support would have been included.

He really should have known better, because he ran his own successful business.

Don't let Google dox me on Lumen Database, nameless man begs

Wensleydale Cheese

Re: Deed poll to the rescue

"He can legally change his name, conduct the case and then change it back again. "

I don't think you are allowed to change your name back to the original one after doing a deed poll.

(Source: a former colleague who had changed his name by deed poll.)

Give yourselves a pat on the back, top million websites, half of you now use HTTPS

Wensleydale Cheese

Re: I'm not surprised.

"HTTPS protects the inegrity of your website to prevent hotels, cafes and any other seller of captive portal wifi from adding their adverts to your site. It also stops ne'er-do-wells from doing the same to attack customers of your site.

In fairness this is an point I missed myself for a good while."

Agreed. Troy Hunt's Youtube video Here's Why Your Static Website Needs HTTPS (duration 24:18) points out the MITM problem and problems such as browser hijacking and crypto-mining to the mix of "Things that can go wrong with plain HTTP for your website visitors".

A third of London boroughs 'fess to running unsupported server software

Wensleydale Cheese

"The only way of getting information out of it would be direct physical access to the console (bringing your own PS2 mouse & keyboard + DSub monitor) and then writing something to transfer the data via the serial port. "

Ooh, Kermit!

(It must be knocking on for 20 years since I used that utility.)

Everyone screams patch ASAP – but it takes most organizations a month to update their networks

Wensleydale Cheese

"Microsoft could do a lot to improve the patching experience by not requiring a reboot each time, that’d speed up server patching."

This.

It may be poor man's Photoshop, but GIMP casts a Long Shadow with latest update

Wensleydale Cheese

Re: Forget the geeky stuff, sort out the user experience.

"I only found out about the space bar when my wife entered the room and I tried to hit alt tab..."

Most of the media playback software I've come across uses the space bar to pause and resume playback,

It's one of the first things I try with such software.

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

Wensleydale Cheese

Re: "Et tu Bruté"

"You guys need to try harder at french"

Try Latin.

Google responds to location-stalking outcry by… tweaking words on its BS support page

Wensleydale Cheese

Re: 'Why does it do that? Because it is worth a lot of money to Google'

""Tech companies will likely do the maths on GDPR sanctions to see which problematic features are so profitable that they can afford to keep them running - or at least eat a one-time fine as an experiment in testing the EU""

If they only get caught once every 4 years, that's 1% of the turnover per year, and that's assuming the maximum fine is levied, which it rarely has been to date with various internet related fines.

1% of turnover could be seen as "Cost of sales" and worth the risk.

Home Office seeks Brexit tech boss – but doesn't splash the cash

Wensleydale Cheese

Re: Not Enough if you ask me

"It's doomed anyway so the only competence required is that of not minding. Any of us retirees could take it on as a nice little addition to the pension."

Just what I was thinking.

Could be a springboard to another cushy number, if you are thick skinned enough to endure it.

Google risks mega-fine in EU over location 'stalking'

Wensleydale Cheese

Re: Confusopoly

"For example, a (very) quick look turned up the following list of 43" TVs from Samsung (other manufacturers may be even worse)"

I came across similar confusion with Sony's model designations when looking to download a User Guide for a particular model.

Hackers manage – just – to turn Amazon Echoes into snooping devices

Wensleydale Cheese

Re: IoT-Hell: Amazon Echo comes to HOTELS - Anyone for Marriott?

"If it can't be home hacked how about a hotel room:"

The term "Evil Maid" comes into its own in that context.

And if it only takes 15 minutes to knobble an existing device, we probably need to look at the problem of "Evil Guest" leaving a permanent hook into the hotel's system.

Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum

Wensleydale Cheese

Re: Offline?

Good old fashioned shoe leather, retrieving the rapes from another building does the trick.

Though at more than one place of work the offsite backups were stashed a mile or more away, so a car was more convenient.

Wensleydale Cheese

Re: Safe until ...

"D. The offsite server location caught fire?"

Fireproof safes.

Multiple tape copies in separate locations (used to be know as "off-site backups").

When's a backdoor not a backdoor? When the Oz government says it isn't

Wensleydale Cheese

Re: Anyone see the word "component"....

"lets say I write kernel drivers for a video card."

...

"whats to say under this legislation a software developer doing something like Linux kernel driver or xorg development wouldn't get a tap on the shoulder...?"

If we are talking screen shots of decrypted messages, then quite likely that video developers could be targeted.

Samsung Galaxy Note 9: A steep price to pay

Wensleydale Cheese

Re: The one thing I wholeheartedly agree with Jobs on ...

"And as for Jobs, didn't he say you didn't need two mouse buttons amongst his other stuff you don't need?"

I tried Apple's single button mouse and you needed two hands to summon up contextual menus (using control-click).

Having used 3 button mice for over a decade at that point, I wasn't particularly impressed.

Phased out: IT architect plugs hole in clean-freak admin's wiring design

Wensleydale Cheese

Re: Planning

"I suggested to have enough network connection points and power points spread across the whole area of the room to support at least one and a half or maybe even twice as many people as they expected to use the room."

One place I worked used an excellent electrical contractor who really knew their stuff. When we asked for an extra n lines adding to the factory area, they said "We anticipated that, and doubled up on the lines we installed originally". Win-win - they simply had to connect the extra lines at each end, and the job was done in record time.

Sadly that kind of client-customer relationship is rare.

Devon County Council techies: WE KNOW IT WASN'T YOU!

Wensleydale Cheese

Re: Surely...

"Bonus points if you still have an old chequebook for an account long closed (even more if the bank has closed down)."

I threw out an ancient cheque book just a couple of weeks ago.

The last cheque written from it was something like 1997.

Sysadmin trained his offshore replacements, sat back, watched ex-employer's world burn

Wensleydale Cheese

Re: Not in IT...

"I remember this Indian guy I had to train (as a customer of mine rather than a future employee), really nice guy, used to be quite knowledgable - but as India call centres and outsourced IT departments are treated the same (i.e. all written procedures and no chance for them to actually use their brains)."

A problem I've come across with training up the bright guys is that they are likely to get promoted to management or recruited by someone else, and therefore don't stay on the job you trained them for.

Wensleydale Cheese

Re: Not in IT...

"In my experience outsourcing has generally not been a net cost saving once you tot it up. It only provides buffers against volatile demand or fills in hard-to-find specific skills."

Or in some case, completely fails to find those hard-to-find specific skills.

I heard of one case where a particular outsourcing company couldn't find anyone out of a staff of 100,000 who had the necessary skills for a "legacy" product.

From toothbrushes to coffee makers to computers: Europe fines Asus, Pioneer, Philips for rigging prices of kit

Wensleydale Cheese

Re: They're still at it!

"It meant a retailer could claim you won't find this model cheaper elsewhere"

I discovered this in the mid 80s when fridge shopping. Each major retailer had their own flavour of a particular fridge, and there were slight differences in the layout of shelves and compartments.

Forever after, I've been highly cynical about offers of "Find another outlet that's cheaper and we'll refund the difference"

What I ended up doing was finding an privately owned shop and spoke to the owner, who was more than happy to beat the prices of the main contenders.

Dust yourself off and try again: Ancient Solaris patch missed the mark

Wensleydale Cheese

Re: Oracle still exists?

"https://en.wikipedia.org/wiki/ORACLE_(teletext)"

Yikes, Jobfinder

I endured that on several occasions when I got up too early.

No IT jobs, as I recall.

I predict a riot: Amazon UK chief foresees 'civil unrest' for no-deal Brexit

Wensleydale Cheese

Re: eh?

"Anyone who thinks that Brexitday+1 will run smoothly or even sort of well has not thought about the complications and interactions involved."

40 years of gradual integration to be replaced with, er, something else, in a much shorter timescale.

It's not going to be simple.

Google Chrome: HTTPS or bust. Insecure HTTP D-Day is tomorrow, folks

Wensleydale Cheese

Re: stuck on HTTP

"Has someone assumed that all websites are eCommerce sites?"

There's a case for any site which demands a login to comment on articles, or worse, read them. Think of plain text passwords, and the way folks reuse the same password across sites.

But why should anyone running a site which doesn't offer logins offer https?

"I suppose you would if you were the largest advertising company on the planet, in which case you probably do only think in terms of eCommerce."

They've been guilty of that for a long time.

Sysadmin sank IBM mainframe by going one VM too deep

Wensleydale Cheese

"Also, my uni statistics teacher insisted it was called "octothorpe" as it had eight pointy-bits, and he was extremely pedantic. He's the only one to ever use that term."

I've come across "octothorpe" in the world of fonts.

Doctor, doctor, I feel like my IoT-enabled vacuum cleaner is spying on me

Wensleydale Cheese

Re: can summon mine to..location for a spot clean, without..y chair. For us disabled folks,

"Shirley a localized means of control would be more logical?"

The beauty of standards is that there are so many to choose from.

The problem wiih a localized means of control is you end up with a different remote control for every device in the house. There's also a range problem, and wifi offers a single means of communication, i.e. a standard which can be used by all manufacturers.

It's tricky, Leave manufacturers to devise their own solutions and it will arguably be a worse disaster.

LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

Wensleydale Cheese

Prompted by the article, I just fired up VLC on my Mac, and the first thing it did was check the version number and offer to download 3.0.3.

Either my name, my password or my soul is invalid – but which?

Wensleydale Cheese

" your ID is your payroll number..." No! Listen to me!"

The company running a course I was taking couldn't make up their minds what my real name was. Their correspondence had me down as firstname lastname middle name and lastname middlename firstname.

Start the course and the lecturer says he's set accounts up in the form of firstname.lastname.

No combination of the above variations worked. I had to ask the lecturer what the system thought my login was, and he couldn't understand the question, simply repeating "Firstname dot lastname".

We set up a completely new id in the end.

Wensleydale Cheese

Re: minimum password reset time

"accounts server died with no known backups , all data lost and they had to re-enter what data they could find from whatever paperwork they had filed!

This is an I.T company! That sells backup solutions!"

Reminds me of the company that sold a lot of word processing solutions in the early 80s.

Their invoices were done on a typewriter.

Wensleydale Cheese

Re: "Wrong" email addresses

Apostrophes in email addresses fall foul of some sites.

If you look it up, they are perfectly valid. According to an Irish acquaintance with a name starting with O' it's quite good at minimising the spam he gets.

Wensleydale Cheese

Re: "Wrong" email addresses

"I do remember some years ago, that some sites where a bit "snobby" and not excepting users that had email accounts from the likes of Hotmail and Yahoo."

That used to be a good way of avoiding spammers signing up for the sole purpose of posting a load of links.

Wensleydale Cheese

"It's not a lack of awareness, it's a clear admission from within the security industry itself what a pain in the arse it is to sign in again and again dozens of times a day with different credentials."

BTDT. Back when I was managing a fleet of servers I had to login to over 20 different system after a network outage. These were systems which would lock you out after too many password failures. A single password per group of logically related systems was the sanest choice.

Fortunately there was a smartcard system for the PC, so at least I didn't need to remember all the separate passwords for mail, timesheets, project management systems et al that ran on that.

What if tech moguls brewed real ale?

Wensleydale Cheese

Re: Suggestions from the night shift

"Core Dump - Late harvest cider"

Panic Dump - A German Weissbier

Wensleydale Cheese

Re: Under a mile away so will be there anyway...

"Tactical Nuclear Penguin - a Linux-inspired... no, that's a stupid name for a beer, forget it."

Causes a lot of swearing.

Boss helped sysadmin take down horrible client with swift kick to the nether regions

Wensleydale Cheese

Re: Magical policing

"The usual result is a calmer client, the priests comfortably convinced there was nothing demonic going on and happy to have helped, and at least one social worker now 100% certain ghosts are real and they just saw one banished."

I once had the misfortune to live next to a pair of social workers, who appeared to live on a different planet.

It wasn't just me; all my normal neighbours were of the same opinion.

Apache Cassandra at 10: Making a community believe in NoSQL

Wensleydale Cheese

Re: @Voyna i Mor Features-led approach

"I was told this slide-lock mechanism was devised as heavily unionised electricians went on strike whenever they saw anyone near electrical equipment with a screwdriver."

A friend who used to commission power stations hated working in the US because of exactly that. His complaint was that he had to wait for a union electrician to turn up to open inspection panels.

What's in a name? For Cambridge Analytica, about a quid apparently

Wensleydale Cheese

I wish you'd stop calling it "CA"

"CA" to many of us means "Computer Associates"

Also much hated, back in the day.

Are you ready for some sueball?! NFL opens wallet, makes vid stream patent spat go away

Wensleydale Cheese

"(Google nGram viewer suggests the spelling "sissy" is more common than "cissy", and indeed has been far more common since it began a rapid ascent circa 1900. But maybe "cissy" is still common in the UK?)"

"Cissy" is the only spelling I have ever come across in the UK.

Fix this faxing hell! NHS told to stop hanging onto archaic tech

Wensleydale Cheese

Re: Not the only Guvmint dept to use fax

"Are you sure you can take a photocopy of a document that Her Maj own's the copyright to ?"

If you are an expat it's quite normal that the immigration authorities of the country you are living in will want a copy of your passport.

Wensleydale Cheese

Re: Not the only Guvmint dept to use fax

"About 2-3 years ago I had a little problem with HMRC (UK Inland Revenue). I had to fill in and sign a form and send it back to them."

The last time I needed a FAX from home, I'd already got shut of mine, so I set off for the local Post Office, which had one. On the way I spotted a café which offered the service, so used that instead.

That was last century though.

Wensleydale Cheese

Re: User story

"Are you saying they should use a digital format such as TIFF?"

What happened to all that software which served as a FAX server, back in the day?

There were quite a few to choose from, back in the late 90s.

Wensleydale Cheese

"If the process is faulty, then replacing the fax machines won't necessarily fix the process."

One of my first lessons in IT was to make sure a manual business process was sound before attempting to move it to a computer.

Mastercard goes TITSUP in US, UK: There are some things money can't buy – like uptime

Wensleydale Cheese

Re: analogue backup

"Seriously for many year in Italy (it the time of the Lira) sweets were given as small change"

In the early 80s I lived near one of the main European trunk roads, and at petrol stations it was quite common to get small change in a mixture of other currencies.

Dutch and Belgian operated cross-Channel ferries would allow you to pay for stuff in multiple currencies, so I offloaded my accumulated mixture of small change on those.

Tech support chap given no training or briefing before jobs, which is why he was arrested

Wensleydale Cheese

Re: CA Top Secret

"A colleague found out that using old envelopes to jot notes on is NOT OK when leaving these types of places, when the envelope happens to be for a bank statement and therefore says "Private and Confidential"."

Fortunately they'd stopped the practice by the time I got there, but at one place of work they had banned the use of pen and paper in one or the the large server rooms. Mobile phones were banned and the only phone in the room was a good 100 yards away from the machines I was looking after.

The worst one was when I was asked to move gigabytes of data from a system in our building to one in that server room. This at midday Friday, with a deadline of Monday morning. Normally I would have used tapes for the job, but getting director level signatures to get the tapes in there on a Friday afternoon wasn't going to be practical.

I sent the lot over the network instead, and it was all done by Sunday,. so the deadline was hit.

Page: