* Posts by nonpc

47 publicly visible posts • joined 4 Oct 2011

Feeld dating app's security too open-minded as private data swings into public view

nonpc

Puts penetration testing in a new light?

The future of AI/ML depends on the reality of today – and it's not pretty

nonpc

Alas I tried reading it but I am far too old for the gushing verbiage. A summary would be useful.

Palo Alto Networks execs apologize for 'hostesses' dressed as lamps at Black Hat booth

nonpc

When someone mentioned reflecting company standards they thought they meant standard lamps?

Facebook prank sent techie straight to Excel hell

nonpc

Our variation (on a VAX VMS system to give an indication of age) was am email admitting irrestable urges of undying love for to prettiest (or not) programmer (stage 1), or to the next level female, or a 100 line email of 'I must not leave my unlocked terminal unattended' to their immediate manager.

I found myself with an autorun message of 'No!' and a logoff when I made the same mistake and trying to log back in. I learnt a lot in trying to find how to circumvent it without help from those responsible or who would hold me to ridicule.

Microsoft's Azure networking takes a worldwide tumble

nonpc

I've found that tallikg quickly works better than the English habit of talking loudly and slowly to Johnny Foreigner. They are not designed for processing slow speech. Gabbling works well, even if the axis of head wobble causes confusion.

Angry admins share the CrowdStrike outage experience

nonpc

Re: Modern life

The IT version of the physical problem when the fire safe survives the fire but the key to the fire safe had melted...

nonpc

Re: Sports Sponsorship

I remember seeing that at Brands Hatch in the 70s. On asking what the connection was between car racing and Durex, I was told it was the heat, the excitement and the smell of burnt rubber...

Azure VMs ruined by CrowdStrike patchpocalypse? Microsoft has recovery tips

nonpc

Re: Safe Mode

I don't have Azure experience but with VMWare you just roll back to the previous snapshot.

CrowdStrike file update bricks Windows machines around the world

nonpc

Reply Icon Why on Earth do people roll out everything in production without testing it? I was once told to never do that...

This was an antivirus update and because of zero day exploits it has become the habit (or indeed the default setting from most providers) for these to be applied automatically, invisibly and 'seamlessly'. Before I retired from IT I always used a sacrificial goat (my PC, test servers) for any Windows updates with a roll-back/bare metal restore option if needed. Day to day AV updates were just applied automatically - major releases treated as Windows updates.

I couldn't find the origin of my quote on testing above, but it could have been addressed at Crowdstrike. The issue there is one that Microsoft are familiar with - almost infinite variants of installations and thrid party addons which could interact. Mind you, this sounds to be a major sector affected, so a definite testing failure.

Former Fujitsu engineer apologizes for role in Post Office IT scandal

nonpc

Selective with the truth

A software engineer of any worth would have dutifully read the lines 'the truth, the whole truth and nothing but the truth', or maybe that was commented out?

For the record: You just ordered me to cause a very expensive outage

nonpc

Re: possible fix

... but if the instruction is to effing rip them out and clear the area...?

Fragile Agile development model is a symptom, not a source, of project failure

nonpc

Re: Ok... How I do stuff

... or if time-constrained (what isn't?' be brutal on the 'that's phase 2' approach.

nonpc

Re: "the right tool for the job"

In my (now completed) testing/QA career I often stated if you want it tested for bugs and correct function, then I'm your man. However, if you want it tested for immediate release or to a fixed timeframe... My mantra for upgrades was 'is it better or worse than what is currently in place, and can we live with the new bugs introduced?'

UK Surface owners can now take misbehaving laptops to Currys

nonpc

Warranty sellers

My experiences of Dixons then Curries etc was that they were primarily sellers of enhanced warranties, and you had to be very hardheaded to make it out of the shop without succumbing. I took issue once where they would not let me take the warranty details home to read before purchasing...

Half of polled infosec pros say their degree was less than useful for real-world work

nonpc

I'm old school/uni. When I got to university and gained my degree late '70's, I was therefore one of the top 10% of the population. In those days to get a good job you needed both qualifications and experience, and it was usually impossible to gain both simultaneously. A degree proved you had brains and could learn, experience showed you knew how to apply both.

My holiday job (needed to backfill my overdraft, spent mainly on beer rather than books) gave me a job after I left uni - and my (physics/science) degree was not actually a requirement for it (I had already proved myself). My tutor despaired, but I did scrape though my degree by ability rather than hard work and diligent application.

Once I had both experience and degree, doors were open, and I had the ability to make the most of whatever job and level I entered and could prove my worth and ability. I've now retired after starting my electronics/hardware/software/IT/security career before the advent of the IBM PC.

Nowadays if student fails, it is the fault of the course/teachers. Everyman and his dog now has the right to go to uni, whether they have the ability, application or intelligence for it.

Those of my friends and collegues who weren't academic did the apprentice/experience/vocational training route, which is no longer available as everything is now a uni. We all succeeded in our own ways, to the best of our abilities, and made the most of what we had.

After uni I did a Computer Studies evening class A level, got an A and I and another student working in IT taught the teacher and updated them as the syllabus was already (in the '80s) 2 years behind the industry. Programming was self-taught (Basic, Fortran, machine code). An OCD desire to refuse to let a piece of ironmongery beat me as I tried to bend it to my will stood me in good stead (and still keeps me amused).

COVID-19 infection surge detected in wastewater, signals potential new wave

nonpc

Re: Uses RT/PCR test so just more worthless "data"..its that bad

I had the opposite problem. I was good at maths and would love to have done some biological science to add to my chemistry and physics, but due to timetable scheduling constraints at school the two subjects were mutually exclusive. Maybe based on subject success stats? btw I hated statistics!

To BCC or not to BCC – that is the question data watchdog wants answered

nonpc

... but your corporate email logging would of course show the outgoing addressees even if BCCed as part of yoiur data leakage protection, wouldn't it?

Watt's the worst thing you can do to a datacenter? Failing to RTFM, electrically

nonpc

The physics lab was also used as a hobby electronics lab, shared by two teachers, one good (who ran the electronics lab) and one bar steward.

The report and bullet-like motion of the casing of a small transistor that had been wired across the mains on a timer switch was impressive.

This was on a par with the wag who painted the floor of the chemistry lab with nitrogen tri-iodide. The teacher had been pleasantly suprised that we had politely waited for him to enter the lab first...

nonpc

Re: Check the power supply

That's when I gave up buying hifi mags. The concrete bunker speaker installations for 'rock' solid bass I could just about believe, but the necessity of soldering every mains joint in the house wiring to reduce noise pickup and distortion escaped me.Presumably this quantum fuse fitted snugly into a standard cheap plastic mains plug...

UK admits 'spy clause' can't be used for scanning encrypted chat – it's not 'feasible'

nonpc

Re: When it becomes possible

So ultimately when it is recognised that the biggest risk to humanity is humanity itself, our toys get taken away from us and we live in an AI driven care universe?

UK voter data within reach of miscreants who hacked Electoral Commission

nonpc

Re: How was this made possible?

Do tell - how is the data protected when you are processing it? What steps to you take to prevent unwanted remote access to your PC and any LAN connection. In a commercial environment industrial-grade precautions (better than the Electoral Commission, one hopes) would be employed. From my decades in IT security, the weakest link is usually the human element when they bypass all the carefully crafted protections... Just sayin'

The number’s up for 999. And 911. And 000. And 111

nonpc

Re: Why the down vote?

They are ok until some bug gets into the system...

JP Morgan accidentally deletes evidence in multi-million record retention screwup

nonpc

Boris and the UK Conservatives would like to know who looks after their records, and can they do the same for WhatsApp please?

Alternatively has anyone tried the Dark Web for copies?

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine

nonpc

Has anyone seen themselves on Prime video yet? An under-the-counter option would surely fund any impending class action...

Botched migration resulted in a great deal: One for the price of two

nonpc

Re: Nokia 6310

I went into my elderly parents' house and found my father outside the (closed) kitchen door with the telephone to his ear, apparently talking to my mother who was the other side of the door. I thought that they had finally lost it, but they explained that they were using the intercom function on the DECT handsets to test the hearing aid mode for my hard-of-hearing father...

In a similar vein, my wife said to me 'You haven't listened to a word I said!'. 'That's a funny way to start a conversation' I said...

Programming error created billion-dollar mistake that made the coder ... a hero?

nonpc

Re: Explosive demonstration

I recall that tale - as a gap year job I started my computing experience at Harwell, and, as an early morning arrival, along with switching on the kettle, I had to turn on the vertical winchester disk as it took 20 mins(?) to get up to speed, before I loaded the paper tape system bootstrap. I was told to run like hell if the disk started making noises...

Loathsome eighties ladder-climber levelled by a custom DOS prompt

nonpc

Re: Like so: C:\>.

On a DEC VAX I committed the cardinal sin of leaving myself logged in. When I next tried to login, it said 'No!' and logged me out immediately. I had to pore over the manuals (newly converted from hardware engineer) in order to find the 'login without autoexec' option.

It's official: UK telcos legally obligated to remove Huawei kit

nonpc

Re: It's official

'Competencies' anyone?

Dev's code manages to topple Microsoft's mighty SharePoint

nonpc

Re: Bug Finder

Similar to me - I could break anything (and still can, though retired). If you wanted something (major)bug-free, let me loose. Don't let me anywhere near a time-critical release that has been tested to death - by others. I'll find the showstopper.

It's a b****r when I actually want something to work for me...

nonpc

Re: It's still going on

Similarly with File Manager - you have to open File Manager, click on a different drive, and eject decides to work...

Not to dis your diskette, but there are some unexpected sector holes

nonpc

Re: You were lucky

You had to be careful with using 'chad' as one in the eye could be dodgy. Could be useful for decorating the inside of the wedding card as static made them difficult to remove. Adding some to the air vents meant that the flavour lingered even longer!

Govt suggests Brits should hand passports to social media companies

nonpc

Re: I'm A Celebrity......

Thank you - a right riveting read! Presumably better than her published output (real and imaginary).

nonpc

... although you have to hand it over when travelling (where details can be/are copied/recorded), and in certain countries they require you to carry it, when it can be relatively easily stolen.

nonpc

Re: they already try to do this...

Years back, as an IT manager/security officer I created a Facebook ID to assess the risks of my users accessing it at work. The first thing it wanted to do was leech my contacts, which I declined. I implemented and enforced a 'no Facebook on company PCs' strategy.

I tried sometime later to access this account. In order to do so, I then needed to supply more personal information, which I declined to do, in order to unlock the account. I then tried to delete the account, which I could not do unless I provided more personal information, and no, I could not contact anyone without authenticating myself with - more personal information... That was a few less years back. Now I'm retired I might have enough time to tweak the tiger's tail, but I doubt I'd get anywhere.

A personal bete noire is the use of personal information (mother's maiden name, 1st pets name, school attended etc) as security questions - in order to protect your personal information! The simple solution is to allow you to create a unique security question which will trigger you (and you only) to know what the answer is, and is meaningless to others. Instead we get inanities like 'a significant date' where you have no idea as to what significant date you stated when you set the thing up.

On one of my past financial cards, transactions had a buried reference of 'fuckknows' because I got presented with a request to enter something... This was apparently unchangeable, and I never was asked for it again!

No - I see no future in requests for passport information. Perhaps when a full digital ID system has been built and perfected, and run but a reputable and incorruptible authority(!) that may be the answer.

To err is human. To really screw things up requires a wayward screwdriver

nonpc

Two events spring to mind - one computing related, one not.

The first was where a Newbury Labs terminal engineer used snipe-nosed pliers to slide sleeving over a mains transformer terminal - with the PSU connected to the mains and switched on. He attempted to claim for replacing his glasses which had a sputtered metallic coating... This was declined, but he was let off the cost of replacing his now snub-nosed pliers.

The second was an Irishman who dropped his metal mallet into the uncovered, ceramic fusebox in the roadway in Covent Garden. Each 'bang' relaunched the mallet into the air again, accompanied with what sounded like 'Feck'. There were many iterations, and people scattering in all directions.

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

nonpc

In the words of Monty Python (OK late boomer credentials): "Luxury! We had cocoa tins and string...etc.etc.". The fun with technology in those days was (and indeed still is) in trying to make it do what you want it to do instead of what its provider thinks you should want it to do (Thank you Bill G!). To quote Douglas Adams 'Very nearly almost but not quite like...'

Japanese bloke collared after using AI software to uncensor smut and flogging it

nonpc

Re: Silly censorship

Does the AI recreation work on the premise that 'they all look the same'...?

It's time to delete that hunter2 password from your Microsoft account, says IT giant

nonpc

Coercive theives are ahead of the game

I saw a news article very recently that the modern equivalent of marching the vulnerable to the cash point and forcing them to withdraw cash can now be done from the comfort of their home or elsewhere and forcing them to share the authenication codes to allow bank transfers to the criminals interim accounts. Finger scans can be physically forced (although recognition is so variable there can be enforced lockout delays incurred even with normal use).

What is needed is an emergency authentication pin as well as the normal one, but this one alerts the system that this is an enforced criminal act, appear to allow the transactions through but activates tracking etc, hopefully letting the victim off the hook but catching the bigger fish (or phish)...

nonpc

Re: "in a safe place"

The answer (as always) to that is to buy/make a replacement and when you go to put in a safe place you find that is where your old one is...

Pi calculated to '62.8 trillion digits' with a pair of 32-core AMD Epyc chips, 1TB RAM, 510TB disk space

nonpc

Re: they are now the last known digits of Pi

For a time I stood wondering to myself about the inane accuracy of decimal fractions. Why in the apostles name do we bother with all these decimals?

Scalpel! Superglue! This mouse won't fix its own ball

nonpc

The modern day equivalent is the crud buildup on the feet/sliders on the mice - if you don't use a mat, which I guess wipes as its used. That seems to grip instead of slide. Build-up from sweaty palms, I guess...

Thar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombs

nonpc

I've forgotten the original quote, but there was a statement that a fire had swept though an area and done £3m worth of improvements...

UK government resists pressure to hold statutory inquiry into Post Office Horizon scandal

nonpc

Re: Accountability?

Surely the normal process for such events were there was a discrepancy that was challenged would be for the auditors to go through with a fine 'human' toothcomb (yes, I do subscribe to the Terry Pratchett view on Death's auditors, but do have a software test/QA/audit background myself. If I haven't found a fault, I haven't looked hard enough...). There should have been transaction logs that would have shown that something was amiss. These have presumably been long deleted, or were never adequately implemented in the first case. All financially mined software that I have been involved with has been almost crippled with the requirements for detailed audit logs and reconciliation of the same. The fact that such a prevalence of queries and cases passed without comment is unbelievable, but reminds me of the phantom ATM withdrawals in the '80s...

Australian police suggests app to record consent to sexual activity

nonpc

Re: The definitive solution

I take it an up and down motion will follow from the 'no' swipe.

Did I or did I not ask you to double-check that the socket was on? Now I've driven 15 miles, what have we found?

nonpc

Re: Poor On-Call this week

I particularly like the Welsh graduations of response time:

'I'll be with you now' (shortly)

'I'll be with you now in a minute' (presently)

'I'll be with you now in a minute after' (forget it)

BT bitchslapped for misleading 'Join now' Infinity ad

nonpc

Infinity updates

Condidering I'd registered my interest in Infinity, an email would have been expected when the 'available' date moved last week from 30th Sept to 31st Dec... Yes, delays happen, but a comms company ought to be able to communicate to manage expectations!

Also the plethora of broadband deals makes it impossible to work out if it is worth switching to BT now and getting and automatic (ho ho!) upgrade to Infinity when it is available. The online web support chat seems to suggest that that would be a change in contract which negates any deals...

I'll stick with my 6Mb Be offering, I think.