Posts by Doctor Syntax

Re: There's something basic...

Do any of us know who we are?

Are we the person named on our birth certificate? The child whose birth is recorded there was present but in no fit state to take notes. We rely entirely on what we've been told by those who told us they were our parents.

And that's before we consider those who are fraudulently using a birth certificate or other documents.

Re: I am curious

"for some, functionally illiterate"

Citation needed. But I can see why you posted A/C.

Re: Hard no

"Europe basically forced the entire world to have stupid cookie dialogs after all."

Because Europe tends to be on the side of the consumer and user tracking is very much consumer exploitative.

Thanks for letting us know you're on the other side.

Re: Hard no

"Thus, if $BIG_COMPANY can outsource compliance to a third-party solution"

At a first glance it has doubled the attack surface. In reality the 3rd party might be outsourcing to more companies so it may have done more than double its attack surface. In practice such outsourcers, by performing the same role for more end-user facing companies, are a juicier target than any single end-user facing company and will attract more determined attempts to crack them. When the least well defended of those goes down the blame, lawsuits and general opprobrium will inevitably fall on the end-user facing company with added blame for not being capable of looking after its own affairs itself.

I'm beginning to wonder if Po's law is at work here.

Re: Yorkshire!

Stourton! I hope that's not the Park & Ride site I use when I go to the University Library.

You think they're into details like that these days?

Re: Users forget

And bucket.

Re: Users forget

That's Palantir at work.

Re: Users forget

What Brexiters ignored, despite being told many times, was that Brexit would cut British business's home market from 28 countries to less than one (allowing for the frontier they created in the Irish Sea) and that for many of them that would mean their future job prospects would be on the line. And they're still ignoring it.

And before you point out that many of them would be retired many of them would also, like me, have working age children and grandchildren who would become working age if they weren't there already.

Re: Users forget

"Admittedly, they tried that with Brexit, but I guess they decided to pull out of that economic nose dive before everything went North Korean."

Far too many of the Brexiters haven't. I doubt there's any depths to which the post-Brexit economy will plunge before they accept it was their fault. When your heads stuck in the sand you can't see what's happening around you.

"last week we got LEDs"

Just wait till they start to fail. The <= 1Hx flashing gets annoying, especially if it shines in through a bedroom window.

Re: We call her Ruth

st'Ruth!

Re: Had similar

"A BoFH that can actually see the future is a window far too open for most people."

With a BoFH in the vicinity any window is far too open, even when it's closed.

Just for extra effect, the interference was strongest just before the phone rang.

Re: Brown Envelopes

"This leaves governments filled with the same Etonian based connected mates in Politics and civil service"

We had a generation of politicians, starting from Wilson, through Heath & Thatcher who came up through the grammar school system. It was Wilson & his cronies who pulled up that ladder behind them. The next generation were largely headed by public schoolboys again.

Re: Brown Envelopes

"Don't have the size of in house teams to handle larger projects hence it getting outsourced."

This is a factor entirely within government's control.

Re: The obviously correct decision

Doctor Syntax has been administering various Unix systems from Edition 7 days until he retired. In particular he may know more than DaDragon because he remembers how privileges could be split up before sudo in a way that didn't fail a basic principle.

In view of discussion further down thread he also knows that su did not mean for "superuser". It was an abbreviation of "substitute user". su lpadmin meant that the user could run a shell as lpadmin and needed lpadmin's password - an additional key to gain additional privilege which is the better way to do it.

Re: The obviously correct decision

"Isn't it a bit more complex than that. The real issue is a god like 'root' user that can do anything."

It is more complex than that. Once upon a time in Unix there were specific user IDs with specific powers. You wan somebody to administer print queues? Give them the lpadmin login. They can use it to administer print queues and nothing more. When I started using Unix there was a user ID bin who owned any system executables that didn't have to be suid to a specific user. The user with the bin password could update software.

It was never as well implemented as it might be, probably because in practice there might only be one administrator to do everything or else all the administrative group needed to do everything. It was a right pain, for instance, if the DBA needed to go cap - or paperwork - in hand to somebody else to get more disk allocated. And I don't recall there being a specific user for password resets or user creation although that might be aged memory.

We got, therefore, to the situation where admins got the root password and the alternative ways of doing things were forgotten so that when anybody got agitated about this sudo got invented. And sudo has one big disadvantage. It fails Saltzer and Shroeder's separation of privileges principle:

"Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key."

It means that instead of requiring two separate passwords to get from a login prompt to executing something that requires elevated privilege it just needs the one password applied twice. If the sudo user's password gets leaked then whoever acquired needs nothing more and as the usual case is, as before, there's just ordinary user and root privileges, it's root that's leaked.

Add to that the fact that you've enlarged the attack surface - and ISTR reports of a bug in sudo - you've introduced a security hole by trying to plug one.

My view is that in most cases sudo makes a system less secure by its presence.

Scooby dooby do

Re: Captcha

If they ventured out to High Wycombe I wonder what they'd make of the roundabout at the bottom of Marlow Hill. (I'd like to see that arrangement applied to the roundabout where the M62 crosses the A629 between Huddersfield and Elland.)

You won't get the rest of the rural hazards, however. BTW, as a group, the horse riders are the best behaved of the lot.

Re: Microsoft should hire her.

Is there anywhere like that left?

Re: Crypto is "digital gold"?

Keep it in your phone instead?