* Posts by Doctor Syntax

22305 posts • joined 16 Jun 2014

Page:

MP promises to grill UK.gov over revelations that Uber handed '2,000 pieces' of user data to London cops a year

Doctor Syntax Silver badge

Re: Aw, Man!

David Davies was fine apart from the Brexit aberration.

We're not getting back with Galileo, UK govt tells The Reg, as question marks sprout above its BS*

Doctor Syntax Silver badge

Re: Hard Brexit

AIUI membership requires membership of the EU. As members of the EU at the time the UK pushed for it.

We don't need maintenance this often, surely? Pull it. Oh dear, the system's down

Doctor Syntax Silver badge

"rarely had anyone on the staff who could read it"

OTOH it could be quite handy for the vendor if the customer had someone available to debug the code. After having had two Friday lunchtimes interrupted when the weekly billing run exploded I spent an afternoon drilling down and found, buried several loops deep, a statement asking the server to allocate an object which wasn't released so the server process grew until it reached its maximum memory allocation. Followed by a phone call - not the last - to the vendor to tell them how to write software for that particular RDBMS.

Doctor Syntax Silver badge

Re: An ex employer did that too.

Had a similar experience at a client where two directors had one of their stand-up rows in the main office in front of their staff and several of us freelancers* about which way the application should make up production batches. This wasn't resolved.

A colleague wrote a work of art solution where every possible parameter affecting batching was held in the database with a big data-entry form so the operators could set it up in whatever way they were told. We set up some reasonable looking values before it went live and as far as I know they were never changed.

* Obviously their frequent toys out of the pram events were one of the facets of face-to-face communication, team integration & what-not that you miss when everyone's working from home.

Your anti-phishing test emails may be too easy to spot. NIST has a training tool for that

Doctor Syntax Silver badge

Re: Do as I say, not as I do

A UK bank or building society by any chance? All emails I get from such bodies raise those flags.

Doctor Syntax Silver badge

Phish Scale

Top marks for whoever thought of that one. It finished the job off nicely but as the A/C points out the offer of a PDF looks a bit like a phish tail.

This is how demon.co.uk ends, not with a bang but a blunder: Randomer swipes decommissioning domain

Doctor Syntax Silver badge

Nildram, swallowed by Pipex (who decided to roll out Nildram support to their existing customer base because it was better than their own), swallowed by someone I can't remember (who rolled out their own appalling support because that's the sort of thing they did) swallowed by TalkTalk (who were TalkTalk)

Doctor Syntax Silver badge
Unhappy

not with a bang but a cock-up

That's the way technology usually ends.

Oracle Zooms past rivals to run TikTok’s cloud, take stake alongside WalMart and ByteDance investors

Doctor Syntax Silver badge

This move places the whole of TikTok outside of China into the grasp of the CLOUD Act so it must fall foul of GDPR in the EU as the Privacy Figleaf has shrivelled to the extent that it can't even pretend to protect users' data.

Online fraud prevention biz fails to prevent CEO's alleged offline fraud

Doctor Syntax Silver badge

It looks like they're the all-time winners of the "Getting rid of the difficult bit in the title" award.

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

Doctor Syntax Silver badge

Re: It's money, as usual

The in the medical area make it a regulatory requirement.

Doctor Syntax Silver badge

Re: "Unix windowing goes back at least to 1984 with X."

"a large number of Linux UI applications are written in Java"

ROFLMAO

Doctor Syntax Silver badge

Re: ASCII art??

"updates are released to a schedule and can be easily installed"

My experience with Windows is that updates are a complete and utter pain to install. They're slow to download hang up the entire machine for as long as they want, they fail, they reboot the machine. Linux upgrades download and install quickly unless you're doing a complete OS version upgrade. They only need a reboot - at your convenience - if they're kernel upgrades (and there are ways of patching running kernels) although if a service is upgraded it will need a restart. In my experience upgrades of services ask before restarting.

It's worth remembering that most people who run other OSes have also suffered Windows and are in a position to make comparisons. If you only run Windows you don't know any better.

Doctor Syntax Silver badge

"How do you get electronic images out of a borked system?"

You start by looking at how to avoid getting the system from which the images come from being borked. Start off by considering the system to be standalone. If it isn't terribly useful what is the minimum set of remote access facilities needed to make it useful? You want somebody to view the images remotely? Just sticking it on the hospital LAN is not minimal. Minimal might be a connection running through a firewall that only allows X-11 protocol. Even if you run the X server* on a Windows PC that gets borked X-11 is not going to be the sort of protocol to tell the CT system to go bork itself.

It's like the old saying puts it - if you don't design a system to be secure it's hard to add on security afterwards.

* The server is the bit that supplies display services, the one with a screen attached, not the one that provides the images.

Doctor Syntax Silver badge

Re: Why?

"You can't apply security patches until they have been tested and certified by the manufacturer..."

And there needs to be an obligation on the manufacturer to do it promptly.

A certification process which results in the equipment becoming unsafe is not fit for purpose.

Doctor Syntax Silver badge

Re: Citrix VPN

And suddenly, all the "Shouldn't be using Windows, it's their own fault" types are looking a bit foolish.

Citrix VPN might have been the entry point. It was Windows systems that got encrypted. Who's looking a bit foolish?

Doctor Syntax Silver badge

Re: It's money, as usual

Hospitals in Germany mostly belong to large chains that are profit driven. If they can shave a Euro from the budget by buying cheaper mice, they will.

But if a security-measure costs money to implement and isn't obviously required by law, they'll just skip it "because we've been good so far, right?".

I assume they have insurance. The insurers should look at what they're on the hook for with badly protected systems and make sure protecting the systems is cheaper than paying the premium. If people will only do things right if it costs them less up-front then make it more expensive up-front to not do things right.

Doctor Syntax Silver badge

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

"Medical equipment is also certified, which means it can't get OS patches until they have been certified by the equipment manufacturer, which can take an age."

Let's deal with that one straight away. No commitment to prompt certification of OS patches, no certification for your potentially lucrative piece of medical kit. And all source code must be documented and escrowed - perhaps along with a dowry to enable someone to take it over if you decide to duck out.

Doctor Syntax Silver badge

"if the diversion is an hour away emergency patients should be seen and paperwork can be sorted out down the line."

Wouldn't it be great if there was a technology that would let you scan in paper-work, transmit it over an ordinary telephone line and print it out at the other end. Might not have helped in this case but as a fall-back it would be worth having.

Doctor Syntax Silver badge

Re: ASCII art??

A good Linux can make people regret they're still running Windows.

Doctor Syntax Silver badge

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

At a guess it's people like this, working in hospital IT or hospitcal IT procurement, that mandated Windows over earlier, better options and brought this situation about.

Doctor Syntax Silver badge

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

Unix windowing goes back at least to 1984 with X. The X protocol reached the current version, 11, in 1987. I'm not sure W95 was eve a gleam in Bill Gates eye in 1987. It was also possible view X with a dedicated X-terminal although I'm not sure if anyone still makes those. I'd hazard a guess that all early development of CT systems was done on Unix graphics.

If you really think Linux and other Unix and Unix-like systems are restricted to characters you really need to get out more.

Doctor Syntax Silver badge

I've done work for a company where production, handling lots of PII was kept well separate from the office system and its vulnerabilities. It was, in fact, a condition of some of their contracts. It might be inconvenient in some ways but it would have been a lot more inconvenient to admit to their clients that they'd been breached or to have production stopped for days because some toe-rag had encrypted their systems.

Doctor Syntax Silver badge

Re: Why?

The germ of the solution is in your cutting machine story. The owners were able to force an admittedly not very satisfactory solution. For medical equipment there , in principle, an easier way to do this and do it better. A couple of decades or more back it wasn't unusual for servers to have remote support via dial in lines which could be unplugged when not required. Medical equipment has to be certified. A certification requirement of remote support via a disconnectable channel would cut out one weakness. The politics of getting such a requirement in place, however ....

USA still hasn’t figured out details of WeChat ban but promises users won't be punished

Doctor Syntax Silver badge

From the US Gov PoV it's worse because they can't demand access to that data.

Elecrow CrowPi2: Neat way to get your boffins-to-be hooked on Linux from an early age and tinkering in no time

Doctor Syntax Silver badge

Re: "The kiddiwonks won't even know they're learning"

"grow up as one of those people cleaning their hands every two seconds with harsh chemicals"

Not a bad thing nowadays.

Thunderbird implements PGP crypto feature requested 21 years ago

Doctor Syntax Silver badge

Re: Thunderbird only?

"Possibly one reason that email signing and encryption never really took off, despite being more or less standard product since the '90s."

Two reasons, I think.

One was because it wasn't part of the email protocol so it had to be a lot of added on bits, not just to the clients but a whole added on separate key distribution system.

The second was that because of one very few people used it. If you didn't know anybody who used it you didn't need to go to all that trouble to add it yourself and you not using it meant that people emailing you didn't need to use it and because they didn't you didn't either. Critical mass hasn't been achieved.

Doctor Syntax Silver badge

Re: Encryption should be automatic

"A man-in-the-middle just need to intercept the email, remove the senders public key and put theirs in and sent the email to the destination."

Or just spoof the email address. How many people actually check the source of the email?

Doctor Syntax Silver badge

Re: identity and encryption

"Ultimately to prove identity is to meet each other face to face and exchange public keys, then sign them. At a key signing party. Unfortunately that is a barrier but that is the ONLY way to confirm beyond a doubt that it is YOU behind that address and if you do key signing correctly, behind ANY address and ANY key you sign."

Who's YOU? Even face to face you have to take somebody's word for who they say they are. If somebody tells you they're fred@example.com how are you to know that that's who they really are? A better way would be to have example.com's mail server tell you that fred@example.com's public key is. You still don't know whether fred@example.com is Fred Bloggs, Fred Flinstone, Frederick the Great or my late uncle Fred of course.

Doctor Syntax Silver badge

Re: Encryption should be automatic

"Thunderbird should sent a public key with every email in the meta data."

How many public keys can HMRC and IRS have?

He was a skater boy. We said, 'see you later, boy' – and the VAX machine mysteriously began to work as intended

Doctor Syntax Silver badge

Re: The need for speed

An occasional client had offices on Banbury and Swindon both running SCO on tower servers.

On-site work was on Saturday mornings when the business wasn't running. I drove down to Banbury and he picked up the Swindon server and brought it to Banbury. No faffing about with tapes.

In relation to another of today's stories, he used fax to take orders. Online support was by means of him disconnection the fax and plugging a modem into his fax line and me dialling that on a Nokia Communicator.

Doctor Syntax Silver badge

Re: Wheeled office chairs

Maybe that happened if it wasn't bribed suitably rewarded.

Doctor Syntax Silver badge

Re: Wheeled office chairs

Really shouldn't let BOFH train the guide dogs.

Oracle hosting TikTok US data. '25,000' moderators hired. Code reviews. Trump getting his cut... It's the season finale

Doctor Syntax Silver badge

Re: Key fact missing

"Can't go after them, so go after the platform, and make an example of it."

Or go after the platform as a means of going after them.

Doctor Syntax Silver badge

Re: Why????

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

Doctor Syntax Silver badge

You think not?

The SCCs have been sunk as a means of stopping the Privacy Figleaf from shrivelling completely. With that and the playbook already written it's the next obvious step for the EU. Apart from that, India seems keen on having its own offerings. And, of course, China.

I suppose for the UK trying to pull such a deal would get in they way of the much sought after trade deal although touting the UK as the best place in the world to run such a service might appeal to BoJo.

Doctor Syntax Silver badge

Re: "I want a cut of the money to the US government"

There are other names for it.

Doctor Syntax Silver badge

Re: Key fact missing

The even more important detail is will he be able to find who did it?

Doctor Syntax Silver badge

This lays the foundation for Tok Tik whereby every other country demands local data sovereignty of all the US social networks with a local corporation getting a slice of the action to go with it.

GCHQ agency 'strongly urges' Brit universities, colleges to protect themselves after spike in ransomware infections

Doctor Syntax Silver badge

"This trove of information puts a target on the back of every good-sized school, college, or university."

Just an idea but how about putting that trove on its own isolated network? Yes, inconvenient when somebody has to answer a query that came in by email. But look on it as a choice of that inconvenience vs the inconvenience of an attack on that trove and at best having to rebuild it from backups and at worst seeing it copied off and sold to the highest bidder - or all bidders.

One down, two to go: Astra's first attempt to reach orbit scuppered by iffy guidance

Doctor Syntax Silver badge

Re: A strange memorial?

They're probably running out of names and having to reuse old ones.

"Astra" itself is an example as there's already a fleet of Astra satellites although as they're European owned maybe they're invisible to US corporations.

Need to track IT kit? Business continuity? Legal? ServiceNow has a package of satellite apps for you... now

Doctor Syntax Silver badge

I'm sure all the things they list were well covered years ago, a long time before I retired. What's new? On an app?

Checks article again.

Ah, I see. With added AI. How did we manage in the old days without AI?

Doctor Syntax Silver badge

Re: The no-code approach

There's always another one of these coming along. I suppose it's vendors always imagine it will be the last one even if they don't realise it's not the first.

What the hell is going on with .uk? Dozens of domain names sold in error, then reversed, but we'll say no more about it, says oversight org

Doctor Syntax Silver badge

In error

The old error: expecting nobody would notice.

The Battle of Britain couldn't have been won without UK's homegrown tech innovations

Doctor Syntax Silver badge

Re: Let's not forget the civilians

"I have cassette tapes about his war experiences that he left me and my siblings."

I suggest you offer copies to the Imperial War Museum.

Doctor Syntax Silver badge

Re: you could read that two ways...

"It is unfortunate that we dont know what we need to invest in until the time arrives or even has gone."

Especially "has gone". Hindsight is a wonderful thing.

Doctor Syntax Silver badge

Re: Y Service

In order to hide the fact that they'd cracked it they couldn't take advantage of it all the time. Unfortunately one of the ones let go was the Coventry raid. To make matters worse it's possible that Dresden was seen as a reprisal.

Research into deflecting potentially world-destroying asteroids is apparently not a 'national priority' for the UK

Doctor Syntax Silver badge

I suppose a small one could be deflected a little way to the NW of the EU.

We want weaponised urban drones flying through your house, says UK defence ministry as it waves a fistful of banknotes

Doctor Syntax Silver badge

Why do these military procurement stories remind me of Feynman's story of going to some reception or other and talking to an armny bod who waid they just wanted the scientists to come up with a way of using sand as tank fuel?

0ops. 1,OOO-plus parking fine refunds ordered after drivers typed 'O' instead of '0'

Doctor Syntax Silver badge

Despite the .gov.uk source it's GB-only. NI uses I. I once had EOI as the letters.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020