Posts by MJB7

User Training

User training is an excellent idea, but repercussions for the one person who happened to click on a malware link is pointless. For one thing it's too late - you've still suffered the attack, for another too many people are likely to click - it's that you've got to change.

Hanging on to Hong Kong

If the British Government had offered full British Citizenship to all Hong Kong citizens it would have been possible. China would either have extended the lease, or got back a few square miles of territory with tumbleweed. In the latter case Britain would have had an influx of hard working grateful immigrants. That they didn't is mostly down to Norman Tebbit's racism.

Re: Encryption is very difficult to get right

This.

It's easy enough (after the event) to see how to write a test to catch this particular mistake. (Search for the plain text of the input in the output - it shouldn't be there.) But that won't catch the mistake where the input is XORed with a fixed value, rather than a keystream derived from the password ...

It's REALLY hard to test that crypto code is secure.

Re: Replacement hardware?

Paper? Use baked clay tablets - still readable after 5000 years.

That only works if the SW is on a writable flash drive. I would say it usually isn't.

Re: No, sorry.

There is no other kind.

(Well, some of my parts are painted yellow, and I think I have a few silver coloured ones).

"We do not accept that this remark was made to the Claimant."

Of course they accept people lie. "We do not accept that this remark was made to the Claimant." is judge-speak for "The Claimant is lying about this remark."

Re: Colossal Cave

I _stopped_ playing Colossal Cave rather more than 40 years ago - and the code was xyzzy, doesn't *everyone* know that?

Not voting in a democracy is always an option

You can easily write "None of the above" on a ballot. That's spoiling your ballot and will be recorded as such. Not bothering to turn up to the polling station is very different.

Re: 6 times the use for 1.3* the cost

No, they are guessing that only one person in a household will be clued up enough to want a password manager, but they can get that person to pay an extra 30% by allowing them to give it to significant other, children, parents, etc.

The price of something is what somebody will pay for it; not what it costs to produce.

"I find it rather odd that, having the [auditors] been fined a nifty £15m for not properly doing what was expected of them ... that this Lynch chap is still on the hook"

The fine actually puts Lynch _on_ the hook. Lynch was required to behave lawfully, auditors or no auditors. His argument was "the auditors said it was OK, so it must have been OK". His problem is that the fine can be construed as the regulators saying "the auditors were wrong to say it was OK".

OTOH, if the civil case finds for Lynch, then it is going to be _very_ hard to argue that a fair criminal trial could find against him (because the standard of proof is so much higher in a criminal case). I presume that if the civil case finds against HP they will try to appeal, and they will try to use Deloitte's fine as part of that appeal.

Re: Building Regulationss require all electrical work to be signed off by a qualified electrician

That's not true. You *either* need it signed off by a member of the appropriate trade body (which is not the same as "qualified") *or* you need Building Control approval. It is usually easier to hire an electrician to do the work and sign it off, but I have a friend who rebuilt his entire house (for which he needed building control approval anyway), and did all the wiring himself.

Re: I'm confused

I don't think German makes it easier. "Es" translates as "it" in English - and you wouldn't "Es" for a person any more than you would use "it", and for exactly the same reason.

Re: Proof reader

I have a problem typing German. I'll think "und" or "oder" but my fingers will type "and" or "or" (and of course it's invisible to this native English speaker).

Re: So ...

There's a car charger in the open air near my flat in Switzerland which claims to offer 100kW charging. A little googling suggests it is operating (today) at about 1000V and hence must be shifting 100A. I find both those figures terrifying. (Particularly putting 100A through a connector which can be operated by an untrained little old lady, and one end of which gets bounced around in a motor vehicle!)

I think a *lot* more than 1kW gets dumped in the cable - some chargers come with liquid cooled cables. (Of course, this does nothing for the overall efficiency figures - but you only need this rate of charging for emergency charging, not the overnight charge at home which will probably cover most uses.)

Re: @sgp - Probase director Paul Brown

"If I try to fix the electrics in my house, and as a result of my incompetence, someone is electrocuted, I have committed a crime.": Maybe - but maybe not. Basically only if you are negligent (which is a higher bar than "incompetent").

GDPR scope

Actually it's both anyone in the EU and EU citizens anywhere.

Re: Apple

On the scale that Apple works at, the licensing costs for Arm may not be that significant compared to the costs of switching to RiscV. Apple are probably using RiscV in their commercial discussions with Arm already.

Re: Low number of Thunderbolt ports

The OP doesn't attribute the low number of Thunderbolt ports to an inherent limitation of Arm (we know they can do IO). He attributes it to a limitation of the M1 SoC. If that is so, it is probably going to be a problem quite quickly.

Re: No recursion in Fortran

Some systems (for example Prime minicomputers) had a non-recursive CALL instruction: CALL X would store the current program counter at X and then jump to X+1. Return was just a matter of picking up the return address from X and branching there.

Re: No more user names

Yes, I read "No one *in the organization* will be able to use Productivity Score to access data about how an individual user is using apps and services in Microsoft 365." (my emphasis) and wondered who, outside the organization, will be able to.

Re: Plan One

No. They are planning to shift from "many thousands of servers" to either "a few thousand servers" or "many hundreds of servers" - not "tens of servers".

HashMap

For a small, fixed, set of keys (like post codes), it is quite easy to algorithmically produce a perfect hash function. With a perfect hash function you just need an array of corresponding tiers which you index into.

The interesting question, is how hard is it to algorithmically produce a hash function which maps the keys directly to Tier 1, Tier 2, Tier 3?

Training

"training staff to not click on phishing emails" - I don't doubt the insurance company will try and avoid paying out because of the lack of training, but we know that (to a first approximation) such training doesn't work. Training staff not to use email from privileged accounts is much more likely to be useful.

Re: There’s hope yet!

"hypergolic with sand and test engineers" - that's not ClF3, that's the description of FOOF (which is also used in semi-conductor processing and as a rocket propellant).

Why call the ICO?

Probably because they can't yet *prove* that no information has leaked. There is no downside to telling the ICO the outlines of what they know, and considerable upside if it turns out they are wrong and information *has* leaked.

Re: Too Many Stories!

Transparent liftable shields over emergency stop buttons almost certainly *do* conform to regulations. They even have a name - "molly-guards" (originally named for one "Molly" who kept turning off a mainframe).

The scary thing is that Molly is probably only in her 30's now.

Dating back to the 1096s

I *like* old designs. We've got most of the bugs out of them. The problem with this was the new bit of the design.

"Secure enough"

"Secure enough" usually means "the cost to break is higher than the potential gains".

Re: Pugh, Pugh, Barney McGrew, Cuthbert, Dibble, & Grubb

"before indicted, let alone convicted" is *definitely* not a problem - Ford pardoned Nixon before he had been indicted, and nobody suggested that made the pardon invalid.

Pardoning yourself would probably *not* pass muster though. Not to mention that the President only has the authority to pardon Federal crimes, not State crimes, and the New York Attorney General is very interested in some of Trump's actions.