* Posts by hayzoos

131 posts • joined 2 Jul 2014


Geneticists throw hands in the air, change gene naming rules to finally stop Microsoft Excel eating their data


Excel Sucks!

I have used various spreadsheet programs from visicalc onwards. I use a spreadsheet for calculations, light database, forms, and anything else I see fits. For serious heavy lifting database use a spreadsheet will not do. A csv file is not serious heavy lifting database.

I have tweaked Excel to import data without mangling it, but I am a bit more proficient than the average Excel user. Even when I have disabled everything I could find (cannot remember which version), Excel would still present a date in a pulldown which had data that resembled a date.

I still spend way too much time disabling or working around Excel's propensity to alter what I am trying to enter.

For those commentards suggesting some automated solution to this problem, How do you think we got into this mess? The default should be just leave the data as it is.

There was no need to specify a standard for CSV or TAB files. They are quite simple. Each "record" is a line in the file terminated by the system's text file EOL character sequence. Each "record" has the same number of "fields". "Fields" are separated by a comma for CSV or a tab for TAB, (the delimiter cannot be part of the data). Any CSV or TAB file not following these simple rules was invalid. Both gave the ability to have varying length fields and having more compact files. The alternative was fixed field and/or record length which was usually inefficient at storage use, but usually gave better performance and there was no delimiter to worry about appearing in the data.

NSA warns that mobile device location services constantly compromise snoops and soldiers


"switched off"

Just the fact that pressing a button to "switch on" a phone should indicate that it is not truly off. Another indication is what happens when a phone is "switched off" then a charger is plugged in, voila, the display comes alive to show charging status.

Hard toggle switches are going extinct. They are the only way a device can truly be switched off.

Dutch Gateway store was kept udder wraps for centuries until refit dug up computing history


Re: I've been there! 1998?

Do not forget ACSII cows! They were all over BITNET, they ranged far and wide.

Brave takes step closer to sensible business model by building subscription VPN into the iOS version of its browser


Re: Matter of trust

"a security certificate issued by a reputable company"

This is sort of a hypothetical question, I am not seeking an answer, but... Is there a reputable company that issues security certificates?


Re: Dead On Arrival

Oh, it's even worse. A browser based on privacy sells ads.


Re: The browser business is really tough

"using a VPN does not protect your privacy - it only allows you to access stuff that is country-restricted"

The whole point behind a VPN is to establish an encrypted tunnel connection between two points across a public network, virtually a private network. It is not meant to provide privacy beyond the VPN tunnel. My VPN does exactly this and it is exactly what I need when I cannot trust the hotel WiFi, my ISP, my mobile data carrier. I reside in the US and the only real choice of ISP I have is Comcast. Comcast has a track record of snooping on traffic, DNS redirect and "traffic management of competitive streaming" as an example. Where I travel (US only) and need mobile service, only AT&T has the coverage. AT&T has a track record of snooping on traffic, supercookies as an example. Combine these facts with the fact that no public WiFi can be trusted and a VPN is not just a nice to have, but a necessity.

My VPN fails miserably at allowing access to stuff that is country-restricted since both on and off points are in the US. A proxy can provide access to county-restricted stuff as well but without the privacy of the encrypted connection.

I would feel comfortable using my VPN to access my facebook account, if I had one. The privacy provided by my VPN is not impacted by accessing a public forum like The Reg forums.

The whole not keeping logs bit is a bit over the top, but simply using a VPN can be argued that you are up to no good. Anything can be made to look suspicious. The current lot of humans seem to be gullible enough to believe anything if presented in the right way.

BTW, I have verified my VPN does not keep logs, I have console access to be able to audit things like that. I have implemented my own VPN. Not something the typical human can pull off though.

Battle for 6GHz heats up in America: Broadcasters sue FCC to kill effort to open spectrum for private Wi-Fi


Interference, by what definition?

If personal 6GHz WiFi use would interfere outside of a home, it would interfere with reception of a signal from outside the home. So a licensed broadcaster operating on ad revenues (as many broadcasters have traditionally) could find their signal unable to be received in homes due to the use of personal 6GHz WiFi. That would translate into no ad revenues theoretically. That would make their 6GHz license worthless. I cannot see why they would complain.

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist


So much wrong

I worked in the same type of environment, as an Information Systems Security Manager (ISSM). I would expect to have been canned if this happened with my systems, along with my boss the Facility Security Officer (FSO). All USB except keyboard, mouse was disabled on my systems and any attempted access other than standard keyboard, mouse was logged. Logs were reviewed frequently, not quite daily, but almost. I saw part of my job was to figure out how to circumvent protections and derive additional protections, not all technical mind you.

Work on classified of any level is only allowed in secured facilities. No WFH. Classified in digital form is only allowed on approved systems not allowed connections to the internet. There are classified networks and internetworks, but only in or terminating in secure facilities. True military grade encryption is used in between secured facilities over dedicated connections.

I have seen the snootiness of those holding Top Secret over those "only" holding Secret clearance, usually by those also holding multiple SCI category caveats. It is very funny that one holding Top Secret was asked to also get a Secret clearance. The one asking knows not of which they speak.

Germany bans Tesla from claiming its Autopilot software is potentially autonomous


What is sexist about the statement?

It appeared to be more a statement of fact or opinion of one's partner's driving ability. Also, nowadays the term wife no longer identifies one as female.

Mozilla unveils $4.99/month subscription-based VPN, says it won't hang onto user logs


Re: Bad timing, sigh

VPN protocols are not designed to anonymize traffic, never have been. They are designed to prevent snooping on traffic between the VPN endpoints through use of encryption. The early use cases for VPN was to allow extending a private network from one location to another over a public network.

Later, VPN came closer to the user in remote client uses for enterprise employees traveling or working from home to provide a means of connecting enterprise client laptops and desktops to the enterprise network over public networks such as airport wifi, hotel networks, customer/partner networks, or newly emerging home broadband.

In neither of those types of use did the VPN gateway exist outside of the private enterprise/company network. Traffic anonymization was not a consideration, in fact a detriment to the organization.

Consumer oriented VPN placed VPN hosts in the public networks much like public proxy hosts did earlier. They took on the ability of traffic anonymization which public proxies provided with the added benefit of an encrypted connection from the client to the host. From the VPN host to the end destination encryption was dependent on the destination (i.e HTTPS vs. HTTP).

Since the underlying VPN protocols were not designed for anonymization, it should not be attributed to VPN. It can be attributed to public proxies. Consumer VPN should be considered client side encrypted public proxies. Anonymization is no better than a public proxy. We now have the oxymoronic virtual private network (VPN) connection to a public proxy. Such anonymization can be defeated with varying degrees of success depending on the proxy implementation at both the host and client ends. More de-anonymization success occurs at the client end due to lack of skilled system administration managing the majority of consumer client machines.

I utilize a VPS where I have installed Wireguard as a VPN host. I have both a IPV4 and IPV6 dedicated addresses at no additional cost, about the same cost as Mozilla's offering. I would go IPV6 only but things broke when I tried it. I'll need more time to troubleshoot.

Even this setup can "leak" identifying information from the client. The biggest issue is name resolution. Client software has trended towards performing it's own network level services rather than allowing the system to do it. I have had to take extra measures to ensure all client software traffic is directed to the VPN interface.

I had used a consumer VPN service before. I am finding that in the name of security, sites are blocking visitors coming from public proxy and VPN services and in lesser numbers, public cloud by their IP addresses. I have considered filing complaints with regulatory agencies from the basis that these sites are forcing visitors to abandon a security measure protecting the very information the site is supposed to be protecting.

TomTom bill bomb: Why am I being charged for infotainment? I sold my car last year, rages Reg reader


Re: its all about life cycle management, the bit no one cares about in a project.

I somewhat agree. But, how do you account for a change in the processes of the third party service provider. It still comes back to the life cycle issue, the contract between Mazda and TomTom should address end of ownership. It sure sounds like something GDPR might cover.

Taken separately, the behaviour of TomTom is the major issue. The payment details of a one time purchase should not have been available for charging a subscription years later. Additionally, an account still existed at the time of refund and cancellation of the unauthorized subscription. Why? It should have been offered to be deleted right then and there. Could this fiasco be repeated in the future?

The reluctant log trawler: The buck stops with the back-end


Yes, I had to "fix" something like that...

It was a teams style project in COBOL class. My team had the backend processing which had input from a VAX and an IBM 360 both batch and interactive. The front end teams thought they could unload all the tedious/hard stuff into the backend and we would fix it. I came up with a very nice fix. When bad data was detected, I returned error codes and messages which appeared to come from the system itself. The project manager was the teacher and even he was fooled at first. When he figured out what was going on, he allowed my fix to remain a secret and directed those teams to the system manuals for troubleshooting and fixing their issues. I did have to fix the one message which revealed my secret to the teacher, the real equivalent system message had a typo of some sort, mine did not. My secret was revealed to other teams at the end of the project.

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught


Re: And the next step...

"Best assistance comes from Russia ("The user has been terminated"...) "

Was something lost in translation?

Corporate VPN huffing and puffing while everyone works from home over COVID-19? You're not alone, admins


Re: Hopefully the end of corporate VPNs

You seems to be mixing the commercial consumer level and corporate VPN implemtations. A corporate VPN is self-hosted (unless the datacenter went all cloudy). The VPN server is in the datacenter's DMZ so that external clients can connect over a trusted connection using known configuration and encryption to the internal network. Those clients should not be any old client, but corporate issued clients or at least corporate vetted clients. Many corporate VPN client software solutions have a means of vetting the machine and many also can isolate the connection so there is no cross connection to the Internet at large while VPN connected. This many times includes verifying current patch levels of browsers. A proper VPN would be immune to the vast majority of router vulnerabilities. Many also include their own hardened browser. Any Internet access while on the VPN is routed through corporate firewalling and data exfiltration controls.

Commercially available consumer VPN implementations are the sort to be found AWS hosted. Even those not AWS hosted are on unproven level of security hosts. These are not what a large business should be relying upon.

I personally roll my own VPN. I chose the cloud host to install the dedicated VPN server upon. It cost me less in service fees than a commercially available consumer VPN. It cost me more in my time to setup and maintain, but I benefit greatly in being able to oversee the setup and maintenance and know that I have implemented the available security patches. I also benefit from not being blocked in the latest craze of webhosts' security theatre of blocking VPN. So, realistically my VPN cost is higher, but I get a better product. I could choose to pay colocation for a dedicated host, but you are still at the mercy of the colo landlords' lack of diligence. I researched my cloud host provider and trust them better than most colo provider's at a lower cost.


Re: Hopefully the end of corporate VPNs

You would have the same issue from the browser on a machine on the network, that is not a VPN issue.


Re: Hopefully the end of corporate VPNs

I don't see what a browser has to do with it.

I still have to guess at exactly what you are describing, but it sounds to me like more of a VPN client misconfiguration. It also may be referring to using an unmanaged machine as a VPN client. In both instances, the point of the corporate VPN IS negated.

A proper corporate VPN will only allow connections from corporate managed VPN clients. Those clients will have the same or likely better hardening as the internal corporate network clients. They will require additional protections on the initial Internet connection during VPN tunnel establishment. No traffic outside the VPN is permitted, save authenticaton/consent to the AP/gateway. This traffic denial is bi-directional. A corporate VPN implementation has to include the very same level of perimeter protection on the VPN clients as the corporate network gateway. Anything less will not do.


Re: Hopefully the end of corporate VPNs

VPNs, pointless, please explain.

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay


Re: Why do people read something which was never stated.

No misdirection. ITAR is not classified. ITAR is International Traffic in Arms Regulations which covers a surprisingly large swath of technology categorized as arms. PGP and other commercially available encryption when PGP was introduced was caught up in being categorized as arms. This resulted in restricted trade internationally, but not classified. ITAR is now not as far reaching as it was, but still sweeps in more than many think it should. Classified information has a whole 'nother realm of restrictions. Many companies in the Defense Industrial Base (DIB) setup specific subsidiaries for work involving classified contracts, it simplifies a lot administratively. These entitys will typically have certain cyber security controls dialed up higher than the average multinational conglomerate in order to be allowed to work with classified information. The feds do not really like to share classified internationally so it is sort of mutually exclusive to ITAR information which is shared, albeit tightly controlled sharing.

Black Helicopters

Re: Why do people read something which was never stated.

You are correct in pointing out the article made no mention of classified material.

Having previously worked for a defense contractor, I can say it was a definite possibility.

I had said when ransomware first emerged, that it should be considered a data breach. If an outsider had enough control of your systems to encrypt some or all of your data, then you lost control of said data. They could do anything with the data not just encrypt it. They just found another way to monetize their break-in.

As was alluded to in other comments, trying to secure a system built for frequent business transactions against malicious transactions requires monitoring for and knowing the difference between legitimate and not. You also must be able to block the illegitimate before significant damage can be done. Sometimes this calls for blocking some legitimate. Too much blocking causes pushback and an ordered lowering of security.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds


It's all really a single line anyway

A line break is nothing more than a character or two <line feed> and <carriage return> whose terms go back to typewriters and represent actions for the platen which MS traditionally more closely mimics. The closely related matter of whitespace be it spaces or tabs or other are also only characters. It is quite possible in many instances to strip them all out and have a machine successfully process the result. Some of computer languages' syntax requirements are actually imposed for more readable code. If your were to view this it would resemble a single long line. It is also quite possible to add them back in in any way you wish to view the source as you wish. It is quite feasible to intelligently and in an automated fashion to line break / wrap in a language's context making for the most readable code. It is also feasible to have multiple line break / wrap styles defined and switch at will to suit different desires, needs, contexts, logics, expressions, etc.

I always found traditional GNU tools' line based actions to be overly limiting. Not quite enough to rewrite them though.

cmd.exe is dead, long live PowerShell: Microsoft leads aged command-line interpreter out into 'maintenance mode'


Properly, *.bat is command.com, *.cmd is cmd.exe.

Any *.bat or *.cmd I wrote over about 5 lines included copious comment lines for the unfortunate souls tasked with maintaining them. Even my obligatory "hllowrld.bat" had comment lines.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal


"...a big green button..."

I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?

Internet root keymasters must think they're cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony


Sounds very secure except

Over YouTube?!?! That's all I have to say about that.

On the 20 hour safe cracking: They need a better locksmith. I have experience with these type of safes. I have seen them cracked in less than an hour due to a forgotten combo.

Grsecurity maker finally coughs up $300k to foot open-source pioneer Bruce Perens' legal bill in row over GPL


Travesty of Justice

"Perens gets nothing personally for his trouble, but his legal team will be paid."

Lawyers would have been paid anyway. The aggrieved still has second thoughts about speaking out.

Drones, apps and packed lunches: The latest on big tech's COVID-19 response


Re: Thank DEITIES!

Where's the fun (profit) in that? Many of those sources of pandemic information do not enhance the visitor experience with kind relevant words from their sponsors (targeted ads).

Not exactly the kind of housekeeping you want when it means the hotel's server uptime is scrubbed clean


unreliable power

My first experience with unreliable power was at a small office move where they added a few outlets to accommodate the Novell server, phone system, and AT&T Unix voicemail server and associated network equipment. I was trying to keep related equipment on related circuits so a circuit outage would only affect one service instead of everything. It was not quite possible to do it that cleanly, the network switch had to be on the telecom circuit. I was seeing connectivity issues all over. Troubleshooting was a bear. I also had new Cat3 drops to suspect. I for some reason checked the grounds between the circuits for potential. The multimeter showed about 50VAC between the telecom circuit and the computer network circuit. The electrician confirmed and corrected the grounding issue, apparently there were multiple grounds for the building but they were not bonded. Connection issues disappeared.

At the same place one of the user's monitors (CRT) had an annoying "waviness" which was also suspected of causing headaches. When I saw the "waviness", I could see the possibility of headaches. I found the building's electrical feed was directly opposite the wall of the problem monitor. I first suggested rearranging the office to move the monitor, which was declined. I then attempted to shield with a large steel panel both in grounded and ungrounded states. The grounded steel panel diminished the waviness greatly but not completely. They decided to rearrange.

At another job there was a "computer lab" setup in a former cubicle farm space. Fifty or so stations were setup in a very long and narrow space with a server located halfway. This location had better than average policies which included periodically testing the building UPS systems. On the first test after full build out of the lab, half the lab went down, including the server. I had to inform project managers, facilities dept. and others that half the lab was not on the building UPS. The facilities dept. had to admit they knew that but the cost to add was prohibitive. The consensus decision driven from higher up was not to fix the issue. I moved the server to the half that was on the UPS.

At that location I was once volunteered as the escort for the UPS tech for a repair of one of the units. I asked what he was fixing. He replied, replacing the positive battery buss. I walked back across the room to the doorway. I said I wanted to be able to summon help in case of a short circuit. The battery cabinet footprint was about 3ft by 15ft, probably enough energy to blow me through the doorway and he would have been beyond help.

Morrisons puts non-essential tech changes on ice as panic-stricken shoppers strip stores


Re: "throughput of goods is in excess of the usual Christmas peak"

"sudden onset explosive shits"

That sounds like a good name for a rock band.

Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court


We have observed the horse has bolted, oops, our bad.

"Through routine and proactive web scanning, we recently discovered information related to your jcrew.com account," customers are being told.

So, they do not routinely and proactively review their own network security. But, all is good they can detect a data breach by way of the intertubes. I wonder, do they use the security tech of a google or bing search?

Windows 10 Insiders: Begone, foul Store version of Notepad!


Haven't found a good replacement

I haven't found a good replacement for my preferred text editor on the PC . . . Wordstar.

I just use whatever is available now.

Even Ubuntu offering suggested packages is too much, brought to you by systemd Iguess. Linux is beginning to feel like the parts of Windows I was trying to get away from.

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks


Have an upvote

Most discussion of VPN currently identifies hiding your IP. I agree a proxy is what is needed for that. For some odd reason people think of VPN as secure encrypted proxy whether they know it or not. VPN's capability of blocking tracking is minimal at best.

But a VPN traditionally provided the service of a leased line over the much cheaper public net. It mattered not if both ends were controlled by the same entity. Another traditional term used for VPN was an encrypted tunnel. Use cases of VPN were never limited to just a secure interconnection. The focus on proxying using a VPN is relatively new though,

I use a VPN to obscure my data from my ISP when home, and when travelling from public WiFi operators and users.

I do not expect any tracking protection except from my ISP. I am more concerned about traffic blocking. Ironically, some servers I am trying to reach block access from VPN for security reasons.

I am looking into establishing my own VPN server with a hosting service strictly for my own use.

Internet Society says opportunity to sell .org to private equity biz for $1.14bn came out of the blue. Wow, really?


ISOC -- non-profit?

There must be some really creative accounting to paint $1+ billion as not profit.

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing


Re: AT&T did the same....

Not at all surprised with AT&T. I think they have at least four separate databases containing an email field. They are not all updated upon changing your e-mail, via one of the many ways to change your e-mail. One of them does not work with plus addressing aliases from gmail. I think it is the paperless billing, but part of it does. I could register and verify and receive email from the paperless billing except for the last step where I would receive paperless bills, but I would get other notifications pertaining to paperless bills at the plus address. I eventually created an att alias email on my domain.

On a related note with AT&T, They plastered another layer of security over their insecure ad-hoc system. They implemented 2FA via SMS, but only to AT&T numbers, and only to an AT&T number on the account. High fives and adjourn for beer after that meeting, eh. So, when I find myself working out of town where there is no cell coverage but I can get wifi, I cannot login to my account. Of all the 2FA options available SMS is the most vulnerable to interception. The backend TOTP generation is the same as used with tokens without the swiss chees SMS. They refuse to acknowledge that the 2FA they implemented keeps me out, but not a determined hacker.

I'm not Boeing anywhere near that: Coder whizz heads off jumbo-sized maintenance snafu


Re: I have flown on aircraft running my software (ish)

I think the Win9x functional memory limit was lower. I bought a PIII 64MB system with Win98SE which came with a free upgrade to WinMe. I also bought two 128MB memory sticks to max out it's memory capacity at 256MB. WinME was crashing due to a memory leak, downgraded back to 98SE and it was too. I know they ran at 128MB without the memory leak, I don't know about 64+128. I installed Win2k on it and used it that way for 10yrs.

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back


I cancelled my paypal after they tried to pull a payment from my checking account when I provided a credit card for payment. I was subscribing to a service which used paypal for payment processing. It was $10 per year. I provided the credit card details for payment. I did not receive a notice from the credit card for the transaction, instead I received notice of overdraft from the bank where the checking account was held. I was maintaining it as a sweep account which is why $10 over drew the account. I immediately contacted the bank to dispute the transaction. They reversed the transaction and cancelled the overdraft fee. The very next day paypal tried it again. I contacted the bank again, they reversed and cancelled again. This time though I asked about putting a stop in place. They said there is a stop fee, I said fine, paypal will continue, and so will I. They put a special stop in place since paypal was changing the id of the transaction and no fee for me.

When I cancel or close an account online, I purge or change as much information as possible before closing or deleting.

Why are these emails coming from "noreply"? Why do we have to jump through hoops to contact these companies to answer an email from a "noreply" address? They should be outlawed.

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked


Current password guidance

There is so much wrong with all the "current" password guidance out there. First, the PHB types don't bother to check the timestamp presenting generation(s) old guidance as current. Then you have the lazy dev types only implementing the minimums but leaving out select special characters because their input checking is non-existent and have to avoid SQL injection, but technically current guidance. All the stupid rules only allowing this, disallowing that. So I type "WTF?RuStup1d!?" only to be presented with password too long, getting my answer. You gotta love those password strength gauges, a strong password in as little as six characters. There's too many chefs in the kitchen, the good password guidance soup is overloaded with ingredients; it is both watered down and over spiced at the same time with no real substance. But hey, it's an acquired taste.

When the satellite network has literally gone glacial, it's vital you snow your enemy


Close the barn door

On a visit to my dad's cousin's farm, I was asked to look at the issue with their modem. They would lose connection periodically. The phone company had already checked their lines. I was forewarned and came prepared with a spare modem and cables, including a 50 foot long RJ-11 POTS cable. When I started, it was not acting up. We chatted perused the net and such. My dad's cousin said he had to get some chores done out at the barn and went. We still saw no issues. We noticed the horses were out in the pasture and then the connection was getting flaky and dropped. I proceeded to troubleshoot, using my modem, my serial cable, using my 50 foot cable to connect directly to the outside phone box to eliminate the house wiring as the issue. No change, connections still failed. As I was disconnection the 50 foot cable from outside, I noticed their overhead POTS service line crossed the pasture diagonally on two poles. When I came inside I asked about the pasture fence, and when it was electrified. We shut off the fencer and modem connection was fine, problem found but not solved.

Dad's cousin was an electrician. Instead of re-routing the service line around the pasture, he added a ground line to the poles about a foot below the service line. It worked like a charm.

Careful now, UK court ruling says email signature blocks can sign binding contracts


I'm rich!

I must have billions in offers from Nigerian royalty, ex-pat British widows, Warren Buffet, the heads of TLAs, and others in "signed" emails. I have to accept these legal offers post haste.

Chef roasted for tech contract with family-separating US immigration, forks up attempt to quash protest


Re: Flaming idiot, social justice warrior and political hack

"If you put it out there as OPEN SOURCE, you're GIVING IT AWAY. when you GIVE something, and you try to CONTROL HOW IT IS USED, it's NOT A GIFT ANY MORE. You are CHARGING RENT."

I believe you are confusing Open Source with public domain. Public domain has no restrictions and can be used by anybody for any purpose in any way they wish. Open Source and the closely related Free Software put restrictions (non-monetary) on your use and distribution of the software. Using an OPEN Source license is not akin to giving it away, the restrictions must be followed according to copyright laws.

When using public domain, it is common courtesy to attribute the author, but not required. Not doing so is plagiarism, but is not illegal in regards to public domain. Some of the least restrictive Open Source requires attribution, not doing so is illegal under copyright laws.

Call-center scammer loses $9m appeal in stunning moment of poetic justice

IT Angle

restitution, but not whole

There is a point where restitution does not make the victim whole again. Somebody losing their life savings for years until the restitution is made has likely accumulated other financial damages due to the lack of said life savings. In some instances opportunity lost can never be regained or compensated. In this case determining this additional damage is a monumental task. Being fair and just is not easy.

I'm not defending this guy's actions, but how is it that full restitution is laid in his lap? I'm all for getting the victims their money back. I'm afraid that the system may look at the case as "this is all we can do, so that's what we get". Somebody does have to pay the bill for investigation and prosecution. Even with a conviction not all those costs are covered.

This image-recognition roulette is all fun and games... until it labels you a rape suspect, divorcee, or a racial slur

Big Brother

Re: AI Absolutely Rocks - Proof

I thought submitting politicians' images would be an excellent use of this project.

Yahoo! customers! wake! up! to! borked! email! (Yes! people! still! actually! use! it!)


I read that and things became much more clear. Spokesbeings from another planet, we have been invaded and we have hardly noticed.

It's Friday lunchtime on International Beer Day. Bitter hop to it, boss'll be none the weiser


There are times you just don't do the math

Even using a conservative estimate of my daily average consumption is staggering compared to these records. I will not do that again (calculate my annual beer consumption). When tempted to do so, I vow to have a beer instead. If that doesn't work, I'll have another and repeat until I simply cannot do the math. Since I did it, I will have to do penance. Oh man, my personal beer inventory is low, off to the pub then.

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher


Re: Well... I was expecting something more

...and spoofed their address in reply to a few spammers' lists.

Jeff Bezos finally gets .Amazon after DNS overlord ICANN runs out of excuses to delay decision any further


Re: aws still blocked

Your blocking missed forums.theregister.co.uk.

Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco


Re: Welcome to ethical testing 101...

Is there any more risk in this structured test than the device being robocalled?

I would hope they did not send just any random message, but one they tested on the device they had.

Double-sided printing data ballsup leaves insurance giant Chubb with egg on its face


Re: Clear text

There are levels of security for items mailed. The lowest is a post card, then in a plain envelope, then in a security envelope, then add a security insert, double envelope with inner security sealed, the possibilities are endless before you even upgrade the trustworthyness of the carrier. Things were sent securely before they were digital.

This mail run should have used the security envelope. I say should because even things which were secured prior to PCs on every desk are now not and not just in the PCs.

I have received a piece of mail which should have been in a security envelope but wasn't... It was the information I needed to login to the secure patient portal being sent via a separate channel for security. It had the password and username and patient name and URL of the portal all in a plain windowed envelope. I complained to all the right places but to no avail. They are now seeing the advantages of going digital but still getting it wrong. By security policy, they now are rejecting access from VPN. So now I am forced to choose the digital equivalent of the plain windowed envelope or the actual plain windowed envelope.

We've read the Mueller report. Here's what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████


Very suspicious...

I searched on multiple search engines on multiple ███████ ████ terms... In every result there was a site ending in .ru. There's your evidence.

French internet cops issue terrorist takedown for… Grateful Dead recordings?


These people seriously need help!

There is an awful lot of suspicious material, how can they find it all? We must report it to them. I believe Disney has a site and movie dedicated to Alladin. Being middle eastern themed, it must be terrorist related. I know there is alot of youtube videos on making things go boom. There is a group out there calling themselves the mythbusters that has a bunch of them, they seem very experienced at it. Another larger amateur group calling themselves rednecks show how to do this in your own back yard. You don't have to look far to see evidence of terrorist preparations. As they say see something, say something.

Apple redesigns wireless AirPower charger to be world's smallest, thinnest, lightest, cheapest, invisible... OK, it doesn't exist anymore


Re: The 'AirPower' name always implied where they wanted to get

"Wireless charging for phones is still a solution in search of a problem as far as I'm concerned."

Problem: Having to replace the charging (and primary connection) port in the lifetime of one battery and twice in the useful life on the last phone.

Solution: Current phone wirelessly charges, charging port still going strong due to not being used as often. Charging cables are lasting longer as well.

Distant wireless charging is doable, but the power losses are great with current tech. We haven't progressed much beyond where Nikola Tesla left off. He was focused on wireless power transmission over a distance for use as you go, not so much for charging which requires more power.

Uncle Sam's disaster agency FEMA creates disaster of its own: 2.3 million survivors' personal records spilled


Contracted staff - additional privacy training

Data leaked to a contractor, contracted staff getting additional training, updated contracts; sounds like all actual FEMA employees do is manage contracts. Contractor systems are to meet federal privacy/security guidelines due to updated contracts, watching the horse gallop towards the sunset as you close the barn door. Are FEMA systems meeting these guidelines? We may never know if the situation is like that of the EPA where it's vulnerability assessment report has a gag order.

I am waiting for the underfunded IRS to reveal it has leaked all taxpayer info; tax IDs (aka SSNs), bank account info (for direct deposit of refunds), addresses, earnings, names of course, occupations, marital status, etc. Of course, certain records under audit scrutiny are better protected such as a certain NYC real estate mogul.

They might as well just say "oops, our bad" via twitter and go about doing whatever it was they were up to.



Biting the hand that feeds IT © 1998–2020