Posts by Doctor Syntax

Re: Calls and Email

"MHO that's a careless, probably fatal omission, for business use."

Or a deliberate choice for the paranoid. For avoidance of doubt, paranoia is a base requirement for security.

Re: The 2% - and not interested

"How any org (that deals with secure information) can think not training staff in Information Security is a good idea these days beggars belief."

Being trained isn't quite the same thing as having been on a training course.

Re: a national newspaper, which recorded the data

but is "recording" it legal?

That was my thought too. What penalty has ICO imposed on them? Or is there to be a prosecution under computer misuse? The stick serves as a proxy for the computer on which the data was kept.

I suppose the get-out is that the only evidence that a copy was made would be the operator's own evidence which would amount to self-incrimination and might not be allowed.

"You’ll find out all about it on January 14 of 2020 when mainstream support of Windoze 7 goes away"

But is mainstream support of W7 like that of W10?

Re: Microsoft Windows

"I feel like the "Windows" referenced, are the ones patients look out through at the insane asylum."

Or those through which the PC gets thrown.

Re: No thank you

"Hateful piece of GUI redesign."

GUI redesigns are inevitably hateful.

Re: On the third day of Windows Microsoft gave to me:

"Was in a hotel in Brum a couple of weeks back and there was already a small Xmas tree by the lifts"

Mince pies sighted in the local Co-op about the same time.

Re: Not a good look here.

"These netowrk locations are on a stretch cluster for resiliency and backup up."

Like KCL did?

Re: Not a good look here.

"but many users just choose the default which hangs everything off /"

An installer should default to not doing this. Unfortunately some distros do default to this but a distro aimed at newbies really shouldn't. It might be OK for a quick and dirty test system that's going to be torn down again or to get some idea of how big the various main subtrees are for sizing the real install but otherwise the distro should at the very least work out how big the root partition should be, default to that and make the rest a /home.

Re: Not a good look here.

"I don't really have a problem storing data on the same volume as the OS, which simplifies things if I'm using a single-disk machine, like most laptops."

Disk != Volume. You can have multiple volumes on one disk, even in a laptop which is why this laptop is able to have / /boot /usr /usr/local /opt /var /tmp and /home as separate volumes. That means that even a reinstall that completely overwirites anything which houses OS stuff leaves both user files and anything locally installed alone.

Re: This is affecting the enthusiasts ...

I have a "System" partition and a "Work" partition.

Change "partition" to "physical drive" and physically disconnect the Work drive before attempting upgrades.

"Just curious as to why the NCSC in the UK spoke up so rapidly in support of US corporates rather than simply denying knowledge about what had, until that point, been a Chinese/US issue?"

Splitting that into two -

Why they spoke up so rapidly? Maybe someone in the media asked them for a response.

Why they gave the answer whey did? Because it smelled as wrong to them as it seems to have done to most others with a clue.

Re: Who gains by this ?

"What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. "

The usual suspects.

It'd take a lot of work to narrow down that list.

Re: 1200 baud down, 75 baud up

"they managed to parcel the costs out over a dozen or so projects, on the promise that it never happened again!"

And did it?

Re: 128K of ISDN

"300 baud, the size of a shoebox"

The size of a shoebox? I had to lug an acoustically coupled modem in some sort of huge sound insulation box and a teletype half way across N Ireland for OU tutorials.

Re: Ah, the old days

"You'd be surprised how unwilling some of the instrument vendors are to moving this DB onto a proper server in the datacentre!"

And I can see why.

The instrument sits on the bench here. As the instrument user I control it. What datacentre? Where? What extra cabling is needed to connect it? Who runs the data centre? Who has access?

Unless there's a specific need for an instrument to be connected to a network it should be capable of being used locally; the alternative is to introduce it into the IoT where, as we all know, the S stands for Security.

Re: EU red tape bonfire

"HMRC planning for eventuality that an additional 100,000 small businesses will need to submit four to five times as many customs documents as are currently processed."

It's called taking back control.

Re: Should we be worried ?

"and fit itself into even the smallest box you have left lying around."

But you won't know if it's still alive until you open the box.

Re: 3rd-Party Cloud Email Solutions

"It really helps too when you write to a firm to opt-out, but get this as a reply 'Rejected high-probability of spam'."

If you're in the EU just grass them up to your local data protection regulator.

Re: RE: Mooseman

"The EU is in multiple self inflicted crises, the chaos is already there. Everything is going to be the end of the EU and Eurozone according to its presidents and leaders of member countries."

Project Fear.

Re: RE: Mooseman

"I always wince when I hear we have a poor hand to play."

So do I for the simple reason we have no hand. On the most minuscule of majorities on an advisory referendum HMG has decided unconditionally that we leave. No feasibility study. No planning (you may remember that a citizen had to go to court* to even get them to realise that they needed Parliamentary consent). That, as far as I can see, amounts not no hand.

*Sadly mistimed. If she'd held her hand until now it could have thrown a real spanner in the works to discover that the invocation of Article 50 didn't meet the constitutional requirement.

Re: RE: Mooseman

"And May is a poor negotiator letting them get away with it."

Did you not understand what Mooseman wrote? That it was the UK - us - who insisted that non-EU countries should not have access to the encrypted data. Or do you not understand that Brexit means that the UK becomes a nonEU country?

Please enlighten us as to how you would negotiate us out of that one?

Re: Not in anyone's interest

"security = PITA, so unless you can come up with something worse than a PITA"

Make insecurity a bigger PITA.

Re: Not in anyone's interest

"the owner doesn't care as the bulbs continue to work"

The owner will care if the law obliges the ISP to cut them off from the net. Next time they'll buy better light bulbs. Even if, by that time, the original vendor is making better light bulbs they'll find they have lost reputation.

Re: No need for a unique password

"companies get complaints and lose customers"

If the playing field is level the only place for a customer to go is someone selling something that behaves the same way. See my comment about some not learning except by experience.

Re: No need for a unique password

"Then curse and snarl six months later when he forgot it and needs to to force a reset on his IoT thingy."

Experience is a dear teacher but there are those who will learn at no other.

Re: But will they give out the "unique" password?

"You have a brick."

Next time buy something that handles such stuff better.

Re: The problem...

"They will need someone to program a password into each device"

There is an option to force the user to secure the device with its own password before it will become operational.

"I don't need Big Brother telling me what I need to do to improve the security of my devices."

Frankly I don't give a toss whether you take any steps to secure your devices at all. What I do care about is you exposing an insecure device on the network where it can be weaponised to attack me or anyone else. If it takes legislation to force you to do that, then so be it.

Re: Any device manufactured in California..

"the person who manufactures, or contracts with another person to manufacture on the person’s behalf"

It still doesn't apply to devices on sale from non-Californian manufacturers even where manufacturer is defined as above. Selling or offering for sale would be a better target. The killer blow would be forbidding the connection of an insecure device to the internet with liability on both the owner and the ISP. If a customer is found with an insecure device facing the net the ISP would be obligated to disconnect them until the device is removed. That kills the market for such devices.