* Posts by JakeMS

342 posts • joined 22 Jan 2015

Page:

Four women suing Google for pay discrimination just had their lawsuit upgraded to a $600m class action

JakeMS
Trollface

The United Sues of America

Somebody is always suing someone else in America for some reason or another.

It gets to the point where it's not really news any more.

America, the land of the lawyers.

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

JakeMS

To be honest, we're a small business that's only been running 8 years now that started as a simple market stall, but we've grown over those years and throughout the pandemic, even with our store closed for most of the tax year.

We mostly serve a small town with a population of less than 30k, that tied in with being a niche market (gothic/alternative clothing/accessories/figurines) - so we are able to offer help and advice in a field where most people simply don't understand it.

That's our edge because, while anyone could sell these types of products, not so many could also understand the lifestyle, interests and difference amongst the brands of quality, sizing and popularity.

We actually have a private list of "no go" brands that we actively avoid due to poor manufacturing quality, we don't sell crappy copper jewellery that'll turn your fingers green for example, instead we sell our preferred brand that produces much higher quality products.

We focus primarily on simply providing good old fashioned customer service, and giving our customers the feeling of being with people who understand them.

Our primary method of advertising is old fashioned too, it's the old "word of mouth" method. See, generally we find our customers shop with us because they enjoy the experience (help provided, atmosphere etc) and the quality of the products we sell (we use only carefully selected brands, and only sell stuff we ourselves would trust and use.)

This usually leads to our customers leaving our store happy, and in turn they will tell their friends about us. That's why sometimes we get customers who travel halfway across the country just to visit our little store that's in the middle of nowhere.

The best form of advertisement is, and always will be, recommendations from your friends.

Sure, we could pay to get a bunch of ads thrown in your face, but the chances are high you'll mostly ignore the ads (or block them, like I do).

TV ads are much the same, personally I mostly ignore them.

We don't chase the money path like the big businesses, we simply enjoy what we do and what we sell, and our customers see that.

And so, that's how we fund our business and website. No tracking or dirty tactics necessary.

JakeMS

Yup.

My business's online side strictly sets only cookies necessary for operation of the store, there's no analytics, ads, or third party cookies set in any form.

This is great because it means there's no tracking cookies at all. Thus, our cookie notice is a simple one liner "This website uses cookies to ensure you get the best experience on our website. Privacy Policy(link)" - with a single button "got it". So, no ridiculous long scary menu's asking what cookies to set.

The privacy policy lists all of the 6 possibly set cookies, which the website uses to configure itself:

PHPSESSID, language, currency, cnotify (got it button), display (grid/list product view, set if changed by user), customer (hashed customer ID, if logged in).

Other than that, no other cookies will be set at any time.. it makes complying with cookie law so much easier :-D.

But we're just a small family run retail business, so we don't need all the tracking or other junk that the big stores/businesses need.

Since we also only collect data strictly necessary to deliver items to the customer and process the transaction.. yup.. GDPR was a walk in the park too, pretty much all of the security requirements it requested were already implemented, users already had the ability to delete their accounts or view the data we held, and we don't sell customer data, nor share it with "partners". It took me about a week to sort a couple of minor legal bits out to ensure compliance with our third party payments provider (stripe).

Heck, even our in-store layaway system only collects their name and phone number as standard. An optional email address can be provided to match the account to an online account if they would like to be able to manage their layaway via our website (make payments, view etc, but must be activated in-store).

(Yes, all databases are encrypted, with proper security during communications between our custom in-store epos system and dedicated servers)

All in all, doing it yourself carefully, and only adding/using stuff you actually need saves a whole heap of legal stuff and expenses.

Added extra: TTFB around 115-180ms, page fully loaded in around 500ms-1s depending on amount of product images and internet speed ofc.

Sometimes, less is better.

Stealthy Linux backdoor malware spotted after three years of minding your business

JakeMS

Re: Disguising it as Systemd is cunning

To be fair. you really should have an active and carefully configured IDS like Tripwire (or similar), with both its binaries and databases on read-only media to prevent DB/binary tampering.

Thus, if any binaries suddenly change on the system, you can easily detect it.

UK government gives Automated Lane Keeping Systems the green light for use on motorways

JakeMS

37 MPH...

37 MPH? So there will be vehicles doing 37 MPH on a 70 MPH road? That's just asking for trouble.. contrary to popular belief the M25 is not the only motorway in Britain, and on other motorways it's quite possible to sustain 70MPH or more.

This could potentially cause more problems than it fixes.

You see, speed isn't always the reason for deaths and accidents on motorways, slowness can be just as dangerous if not more dangerous.

Trucks are limited at 56 MPH for example, this usually causes car drivers to come up quickly behind them and often move into the next lane at 70 MPH, but they generally stay in the first lane "out of the way" so to speak (unless over taking) while maintaining a consistent speed.

Now imagine you've got a car doing 37 MPH in the first lane, this means you'll have trucks coming up quickly and then needing to over take it or slow down, causing congestion. Or worse, if that 37 MPH vehicle is changing lanes into the more "high speed" lanes, it could potentially pull straight in front of a 70 MPH (or more) vehicle, probably causing an accident due to the sheer slow speed.

The only way this could be safe is if all motorway traffic is limited to 37MPH or if the vehicle never leaves the first lane.

37MPH is a ridiculously slow speed to maintain on a 70MPH road, slow enough to be dangerous.

iPhone XR caught fire after getting trapped in airline passenger's seat

JakeMS
Thumb Down

Re: Clumsy while sleeping

On planes I just sit quietly minding my own business while staying awake. That's my choice. If you feel that needs therapy then maybe you don't actually understand mental issues at all, because that is far from having issues compared to many people who come to my store that I give advice and help to often for real mental issues (mostly adults, not just teens).

Mental issues are not something you should joke about. They're not a joke.

JakeMS

Re: Clumsy while sleeping

Yeah.. it's things like this why I don't sleep on aeroplanes.

Pre-covid I had a nice 19 hour flight from England to Japan, and ofc, the same back to England (with a brief stop in Dubai, around 1 hr or so both ways).

Me being me, stayed awake the whole time with no sleep for both flights because on a flight there's two things I don't trust:

1) Other passengers, who are these people sat next to you? What do you know about them? When you're flying alone like I do, the answer is "I don't know them". - So I don't want to lose my phone or other possessions while asleep... as such no sleep for me... just use my phone until I land (Yes.. I buy the in flight internet access, with VPN active ofc).

2) If you do drop something while asleep - By the time you notice it could be too late to recover it.

Almost every flight I've been on there's been another passenger saying "Hey, I lost my phone where is it?!" after waking.. usually it's found on the floor or under a seat.. but still, if you didn't check? Just thought it's in your bag?

And ofc and by the time feeding time comes I want my damn food because I'm hungry.. usually by feeding time I'm light headed and feeling faint on a long flight (food always fixes that)... so unlike other passengers who sleep right through it then complain there's no food, I need my food.

So imo, it's better to simply not sleep on aeroplanes, you get all the food and keep your stuff.

Oh, and last tip.. only drink the bottled water on an aircraft, about half way through the flight switch to juices... You don't want to know why...

Lock up your Peloton smart treadmills, watchdog warns families following one death, numerous injuries

JakeMS
Trollface

Re: Prime Example

It's a great way to gain a profit without breaking a sweat.

JakeMS
Devil

Re: Prime Example

Technically, no not forced.

However, you wouldn't buy one of these machines if you wanted a simple "dumb" treadmill which is no different than a much much much less expensive one.

But, in order to enable the smart features, and use it as it is advertised (personal trainers, fitness tracking etc etc) you need the membership.

As such, you must pay a subscription based membership if you want to take full advantage of your purchase.

JakeMS
Thumb Down

Prime Example

These machines are actually a prime example of exploiting your customers for every penny.

First, they must pay for these machines - okay that's fine, it costs something to manufacture and produce them too - but then after the transaction is complete, you tell the person "well, you have the machine and all, but if you want to use most of the features you saw in the ad you need this monthly subscription".

Effectively they are double-charging the customer and continuing to do so. It's crazy in my mind that people would agree to pay for this. It should be one or the other, either pay a rent/subscription fee or pay a large initial sum.

Not both. Having both is just straight up customer exploitation.

I mean, let's look at the cost of their treatmill:

https://www.onepeloton.co.uk/tread

At the top it says:

From £2,295 or £59/mo¹ for 39 mos at 0% APR

All-Access Membership Separate

So, not only do you have to pay £2,295 for this machine, but on top of that if you want the smart features and membership you need to pay a separate all access membership fee.

How much is the fee?

According to them, the all access fee is £39/mo.

So let's do some math. They're 12 months in a year, so that's an additional £468 per annum you're paying for this machine.

So your machines price just jumped from £2,295 to £2,763 for your first year. Let's say you want to workout for 5 years. That's £2,340 worth of membership fees.

So for a 5 year workout plan with this machine you've paid £2,295 for the machine and £2,340 worth of membership fees, totalling £4,635.

I understand it costs money to produce the classes and such, but they could easily factor this into the cost of the machine itself, if they continued selling enough units with enough profit (and there's tons of profit in exercise equipment) then the cost of producing additional content could easily be covered. Let us not forget the price is already artificially inflated for simply having the smart features.

A regular treadmill at Argos, for example the "Reebok Jet 300" - will set you back £849 and includes the usual info about how many calories burned, mp3 connectivity, built in speakers etc etc. That's with no monthly subscription fees, so your 5 year workout plan with this machine would cost £849.

Instead this company are forcing customers to pay an inflated fee for the machine and then topping that off with a monthly fee. Thus they force paying customers to keep paying more.

So.. yup it's a no from me. I'd rather get a "dumb" treadmill which would do pretty much the same thing minus the classes.

But ofc, all this is just my personal opinion based on early morning first coffee research.

Death Becomes It: Who put the Blue in the Blue Screen of Death?

JakeMS
Thumb Up

Re: BSOD

I knew someone who did that.. I also knew they were the type of person who doesn't click "save" on their documents.

So I hit the hardware reset button and cheerfully said "Oh hey, I noticed your computer had a BSOD, so I've reset it for you so it'll be ready when you go back."

He suddenly rushed off saying "My Work!"

Always click save folks..

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

JakeMS
Joke

Re: Waitaminute...

We don't have security issues, our OS is perfect. This report is fake news!

JakeMS
Mushroom

Re: Only sissies use sudo

Yup, sudo is very useful on a system where such features are needed. But at the same time -and in many cases- it can just end up a binary on a system that never gets touched.

I always remove it on systems where there are no users who will be using it.

My policy is simple:

Is this package necessary to the operation of the system (y/n)?

n --> Remove

y --> Keep

in my view, having lots of packages you don't use installed is just an exploit waiting to happen.

Man arrested after UK school finds wiped hard drives on devices connected to network

JakeMS
WTF?

But Why?

I'm curious to understand his motivation here?

I mean what did he achieve here?

If this was some kind of state-sponsered attack - I'd understand the logic there

If this was an active student playing games - I'd understand this logic too (I remember being called into the classroom alone at college to be greeted by the IT guys.. with the simple question "OK - We know it was you. Now tell us how you did it. How did you get into the admin account?"

Angry teacher/tech who got fired unfairly? Yeah I can see that.

If he placed ransomware on the systems to try to get some monero/bitcoin? Yeah I'd get that too, granted I'd feel it's not a very effective method but still.

But just randomly wiping HDDs on any computer connected to the network? I mean it may be fun at first, but it doesn't actually achieve anything other than potentially causing students to lose school work (as if they didn't lose enough last year already)

I mean, since his not a student (or no longer) of the school, I can't see any true motivation he might have for attacking this schools systems since he doesn't actually achieve or gain anything from it. It just seems like a stupid thing to do.

Maybe I'm just getting old since I'm turning 30 this year..

Epic Games files competition lawsuit against Google in the UK over Fortnite's ejection from Play Store

JakeMS

Third to say not the same as a brick & mortar.

Another very large difference:

Most brick and mortars outright buy the products immediately. This means the wholesaler/manufacturer gets the money for the product instantly. They don't have to wait for a customer (end user) to buy it, the brick and mortar has already given them the money.

They get their money back when they sell it on, if they can sell it on. That's on them.

There used to be old "sale or return" policies that some manufacturers had, but these days that practically doesn't exist anymore.

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'

JakeMS

Re: Wow

So, if I'm understanding you correctly, OpenSUSE is now supported for 10 years the same as SLES, and it's basically the same distro now?

This sounds very similar to what happened with CentOS - CentOS was community only, Redhat came along and said "Hey we just want to fund you for the good of the community, don't worry we won't try to change CentOS" (essentially, not word for word).

Well a couple of years later here we are. I remember reading a few months (or years?) ago OpenSUSE split from SUSE and went community only - has this changed now?

My last question, how well is SELinux supported on SUSE? I've found with Debian SELinux support is patchy at best and for the most part to actually make it work I'm writing my own policies for stuff which should be done out of the box (Like it is in RHEL/Fedora) - I had to fix a couple of policies just to get Debian w/ SELinux to boot in enforcing mode. (I was testing/working on that yesterday, on christmas day, it's more fun than family and gifts anyway lol)

Although, most people will tell you "just disable SELinux you don't need it!" - I've always disagreed with that sentiment, I'd rather stuff gets blocked and breaks until I fix it (or distro devs) than just runs and causes havoc if it's bad.

Debian's works - but it doesn't have setroubleshoot, so you're relying on classic tools such as ausearch and audit2why etc.

Thankfully, I'm well versed in SELinux due to my CentOS/Fedora experience.

Yes, I'm well aware Debian and many other distro's would rather use apparmor - but that's only effective if you have policies on an application by application basis, and allows all except the applications with a policy. - I prefer the SELinux method of block all and fix later.

JakeMS

Initially, CentOS was a completely independent distro, which is when most of us started using it - it wasn't owned by Redhat or any other company. It was entirely community managed. Only in the last few years did it become company owned.

JakeMS

Re: Wow

Ah, SUSE. I always forget that one.

I just did a preliminary search (at 3am), according to their documentation, OpenSUSE has a 36 month lifespan between major upgrades. That's a decent amount of time - but I'm worried how well their upgrades would work? Often distro's require complete reinstallation when a new version is released.

Graphics drivers etc are no issue as we're talking about servers here, so the no gui, setup once and maintain type) - That and our EPOS/Desktop systems recently got upgraded to ryzen with amd graphics - I don't miss nvidia :P

Now, Debian on the other hand has upto 5 years with their LTS:

https://wiki.debian.org/LTS

That's still no where near the old, now discontinued CentOS 10 year life span, but it's still a fair amount of time with enough time to plan upgrades as usually, our upgrade is renting a newer replacement dedicated server, setting that one up with the new OS and testing etc, then switching the traffic to it and dropping the old one (Mostly this was done because upgrading between CentOS major versions always required a reinstall).

With that said, 36 months is still 3 years. So it's not an overly short time either and could be do-able. But it does feel short, our servers are usually rented on a 2-year minimum term so we get discounts :P

Thus our absolute minimum expected OS installed time is 2.5 years (allowing time for switching), but we tend to try to keep the servers and OS running longer if we can.

From a Desktop point of view, I'd be interested in OpenSUSE. Sadly not so much for a sever at this time.

But, while we're on SUSE, let's not forget SLES. Out of the SUSE's, SLES would probably be the best candidate next to RHEL or CentOS. But we're a small family run retail business and with everything that happened this year, it's probably out of our budget (last time I checked, it was subscription like RHEL?) - Do Novell still own SUSE?

For the most part I'm just dumping my thoughts here - I'm not an expert in SUSE (any of them) so my information could be incorrect or just straight up wrong.

If I'm wrong, please feel free to correct me with the right information and I'll be happy to take another look into SUSE :-).

JakeMS

Re: Wow

Yeah.. I didn't evaluate the entire OS based on one tool.. I said "so far so good" and that I liked/appreciated the better network management (so far, it's better than having to kill off NetworkManager and deal with the mostly borked network daemon in modern Fedora.).

On systems where the network configuration is never expected to change (aka, IPs never changing, gateways not moving, no wifi etc) NetworkManager is simply not necessary, a simple network config file will suffice. In fact for us, it's preferable the network dies outright instead of changing config to reconnect automatically - because there is no valid reason the network should change, and if it does, I need to know, killing the connection is acceptable in that case.

As for SSH, used it for years - will continue to do so. Shorewall, ditto - the previous systems were already using those.

PHP again, required due to existing projects.

The tools I use, with the exception of the network management, were evaluated with the previous OS's and are being used appropriately for the systems at hand.

It's entirely possible that something else might pop up and change my mind. But until then "so far so good".

I've also researched the lifespans of the distro, and the upgrade paths - they seem acceptable for our usage.

The real test will be the KVM host that's already running C8.. the guests are easy to switch OS.. the host itself not so much.

JakeMS

Re: Wow

Thanks for the replies :)

I think we'll go Debian, I'm somewhat familiar with it since our EPOS system runs Debian already.

I threw our development server from C8 to Deb10 this morning, just to see how it worked. I LOVE the old config way of networking. Up to C8 I was still clinging to the old sysconfig network files.

Current Fedora outright drops that ability it seems in favour of nmcli (or gui).. Which I really dislike. Call me old fashioned but I prefer to just edit a bunch of text config files, I find it faster and I'm used to it. I've been doing it that way since before networkmanager even existed.

So I've already fallen in love with Debians network config method, it was super easy to setup multiple IPs on the interface and the vpn.

Firewall was pretty much exactly the same config (shorewall).

Again, ssh and keys easy as pie (as always, same old thing)

PHP is a little different, but I had to use surb repo, who claims to be the official Debian packager.. I've yet to verify that claim.

That's as far as I got before I headed out to work lol.

But.. so far so good.

JakeMS
Alert

Wow

Wow... As a Fedora user for over 15 years, generally a supporter of Redhat too, and having all my servers based on CentOS..

This shocks me. So much so that I'm now going to have to look into alternative long term distros for servers.

Any Suggestions?

Top of my may switch to list is Debian, and absolutely never in gonna happen in a million years is uBuntu.

Other than that, I'm all for any suggestions :).

It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine

JakeMS
Stop

Wait

Haven't we been here before? I remember years ago we had something along the lines of "Ping of death" or something like that where you could pwn a machine with pings and such. I don't remember vary clearly. But it was a very large number of years ago now.

I thought that issue was fixed years ago too?

Amazon-like megacorps dominating various online sectors could become norm for pandemic-stricken planet

JakeMS

Re: No, they don't.

From a business perspective, when your competition is suppressed or weaker than you in anyway.. that's always a good thing as it brings more sales to you.

No so good for customer choice however...

Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell

JakeMS

Do you remember?

Do you remember when the term "Cloud Computing" first came about in mainstream media?

Remember how everyone was saying "It's time to move fo the cloud! Never experience downtime again and save tons of money by not needing your own DC and servers!"

How's that working out?

Thunderbird implements PGP crypto feature requested 21 years ago

JakeMS

Tresorit could be an option for you, but it is on the expensive side. It's end-to-end encrypted, and based in Switzerland however, and has a client for all platforms (Linux, Mac, Windows and Android/iOS).

JakeMS

Re: About time..

Waterfox sounds good in its features and original goal, but I'm a little paranoid about the fact it is now owned by System1, a US advertising company. I'd be worried about it starting to collect data (even if it isn't) - So for me that feels the same as Chrome (privacy wise).

JakeMS
Happy

About time..

This is a little late for me to be honest, I switched from Thunderbird over to Gnome Evolution a few years ago now. Don't get me wrong, in many ways Thunderbird was great, but over the 6-7 years or so using it I grew tired of trying to find and add add-ons that make basic functionality I needed work.

A few things annoyed me about thunderbird at that time

- Contact sync was terrible, if you wanted it to work properly, with say, Zimbra or OpenXchange, you needed an add-on for that.

- Often those add-ons would break and delete your contacts (Grr, but thank you for backups..)

- Lighting calendar/task sync worked okay, but again it's an add-on and often broke.

- The PGP add-on actually worked well, but still.. an add-on.

- If you have large amounts of IMAP mail coming in, sometimes Thunderbird would get "stuck" while syncing.

So, after dealing with these problems, and trying to keep add-ons to match the current release for several years, Mozilla changed the addon system which broke my contact sync add-on entirely. So, yup. Decided at that point to look at others. I think Thunderbird would be great if you're a gmail user, there are lots of addons for that.

But if you don't use Gmail, and like me use mailbox.org (previously fastmail, moving away) and Zimbra (self hosted, business) - then Thunderbird often falls short.

I ended up choosing Evolution because, as yet, it hasn't broken (contrary to most internet posts) and supports all the syncing out the box, has built in PGP, and as yet I haven't needed to install add-ons or "change" anything to make it work. It just works, and it works well.

Sure, it's GNOME based, but it works well on my XFCE desktop, and it's actually got more stable, not less, over the time I've been using it.

But before I get tons of downvotes for not using a Mozilla product, I'm still a Mozilla user! I still use Firefox (With several addons....) :-D.

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

JakeMS
Mushroom

Why?

Why is a computer/device that is necessary for ensuring you can serve emergency cases connected to the internet?

Surely, something so critical should be Offline (Installed/Configured, just works, no need for the internet)?

If it's the case of needing to transfer patient data, say for blood type, couldn't a doctor just call another hospital (by phone) for the patients emergency records and perform the operation?

SAP proves, yet again, that Excel is utterly unkillable

JakeMS
Thumb Up

Re: Yeah...

That's a good question. Once this little virus thing blows over I'll look into some more local accountants to see if they can use the new app. I guess we are with them because it's who we always had.

JakeMS
Mushroom

Yeah...

I hate spreadsheets with a passion.

My business has an outside accountant, who for the most part we just use for verifying our records before submission and the occasional tax questions.

I do most of the accounting myself, I do a full reconciliation report etc.

Anyway, initially they asked me to use Excel to submit it all to them, and after cursing at it getting slow, and having my hair turn gray, getting confused trying to put it all in a spreadsheet, I decided enough was enough.

I found an open source locally run application that was built for accounting and works on any platform, it does everything I need perfectly, I love it.

The biggest complications with the excel format is trying to calculate sales from online, instore and whether that money is cash (most fun is when someone paid a bit cash, and a bit card for the same transaction) , that money is card etc and having it all play nicely and tally up.

Ofc, when cash is deposited, it is usually different to the total sales figure, due to change given and what-not. That's a PITA to calculate in excel, because you cannot do double entry accounting.

So, the new app, can calculate that automatically and it all works great, and even fixed a few common errors in previous submissions, due to confusion in excel.

It can even generate reports that are identical to what the account gives us after reviewing.

After telling all of this to the accountant, guess what they said?

Please submit your records in excel.

They would not even look at it.

At this point my head exploded and splattered all over the room, with bits of brain matter stuck to the walls. So, I just copied and pasted the generated reports into excel.

The only good of excel is that I can use Libreoffice to make the excel files for them.

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

JakeMS
Mushroom

Re: Wait

It sounds like it was a php file that was put or edited on their server, you can easily configure an IDS to detect this.

The website files should be monitored, so that - any - file edited, removed or added is noticed. There is no reason this cannot be done. I do this on my website. Tripwire knows the website paths (along with being tailored to the system files).

Even adding product images trips it in the images category and gives me a list of images added.

If our custom stripe integration is touched in anyway tripwire will see it.

Put bluntly, If someone can upload a file to your site, without your knowledge then your environment is not secure enough to collect card data.

JakeMS
Stop

Wait

How did they not notice this?

Websites which collect card data (my own incl) deploy many security methods to ensure precisely this does not happen.

One of the many methods that we (and most others) use is an Intrusion Detection System (In my case, as a small business owner, Tripwire on Linux), this monitors for filesytem changes, including monitoring the websites files.

This means, if a PHP file is edited, via an exploit or other hack then that file will immediately flag up on the IDS.

This hack absolutely should have been spotted immediately on their IDS, how did they miss this for so long?

Huge if true... Trump explodes as he learns open source could erode China tech ban

JakeMS
Mushroom

Re: re: great 48 United States...

Indeed!

El Presidente Trump has announced Hawaii sounds far too much like that evil Huawei so has sold it to Richard Branson.

As for Alaska, well that's just too much like Alexa and often confuses El Presidente Trump. As such, it had to go off to Larry.

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts

JakeMS
Thumb Up

Re: What ?

I personally feel that training basic common sense shouldn't be necessary, but when it is, or a job needs any further job specific training it shouldn't be looked at as an expense, but rather as a resource tbat ensures smooth continued operations.

JakeMS
Mushroom

Re: What ?

Most of these happen by a staff member opening an email attachment or dodgy website.

It can be almost entirely eliminated by:

- Training staff to not just go ahead and open any old attachment they receive by email

- Show emails as plain text by default

- Train staff tonot open that image that has an exe file extension.

- Train staff to not need to look at adult content at work.

- Train staff to focus on their jobs, not random dogdy websites

- Train staff to treat every email attachment with caution, is this contact really likely to send an attachment? Is it really necessary, is it usual pattern?

- Call BOFH if in doubt about something, before you do something.

- Basically.. just train staff about common sense.

Do you really need fo click that random bit.ly link from a random contact who you assisted months ago? Nope

Targeted attacks may be more tricky to stop, but even this simple measures can go a long way.

Prevention is always better than the cure. Ofc, you should still have offline backups.

JakeMS
FAIL

"robust cybersecurity"

Cybersecurity? Now I have no doubt it sucks.

Apple owes us big time for bungled display-killing cable design in MacBook Pro kit, lawsuit claims

JakeMS
Thumb Up

Yup, I've replaced that cable on a laptop a few years ago (not a apple).

Simply found a dirt cheap matching laptop that was sold as "Spares or repair" that had a busted from impact LCD on ebay and swapped the cable.

Then noticed the spares one had a pci wifi, grabbed that too (mine didn't, I was using a wifi usb).

So, overall worked out well for me.

You can keep a laptop running for years just by swapping failed parts, I've swapped keyboards, screens, ram, hdds etc

Broken? Fix it!

What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you

JakeMS

Subscriptions "R" Us

We beg, implore and beseech thee. Stop reusing the same damn password everywhere

JakeMS
Pirate

Re: OK, sp which password manager to plump for?

I use KeePassXC, because:

- Still in active development

- Fully open source (Peace of mind...)

- Fully offline by default - no internet/cloud required

- Includes a built-in password generator which can be adjusted/altered to match a sites particular requirements

- Integrates with your desktop keyring - useful for apps such as evolution storing passwords

- Not owned by a corporation - Your passwords won't be sold...

- No risk of simply "vanishing" if a business stops operating

- Included in pretty much every distro, so installing is quick and simple - no hunting for binaries.

- Mobile applications exist in f-droid for reading your DB on a mobile device.

- Many other reasons - but if I continue I start to sound like a sales bod.

UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told

JakeMS
Thumb Up

Re: No chance

Yup, pretty much my thoughts. I'm sorry but I just can't find it within myself to trust an app which collects data from my phone, sends it off to a central db.

Those of us who stand out and say no to installing the app, will be viewed as risking lives or being selfish.

The argument being you need to think of others.

But I am thinking of others. Except my thinking is long term rather than short term. In fact I would probably consider installing this app if it wasn't storing data on some DB owned by GCHQ. If it was done using the Google API, perhaps I would install it.

But therein lies the problem, this app is not built for the sole purpose of saving lives. It's built to collect as much data as possible and store it on a central DB, if it was built solely for saving lives, then it would use the APIs.

That's a huge chunk of your privacy and freedoms you are giving away. Once you've given up your freedom and privacy, you can never take it back (without war anyway).

You only have to look at what the world has done to privacy within the last 40 years to see the consequences of simply saying "Sure, I'll give up that privacy, for a short term to save X". Every single time, the privacy never returns.

There are methods the government has taken in this pandemic which I do agree with, but this one will never be so.

People can say I'm endangering lives by not installing this, you can even say I'm being selfish.

But for me, it's about preserving what freedom we, as a nation have left. And attempting to make it so that the generations which follow won't be buying devices with contact tracing apps as standard to protect the public from <insert anything here, crime, diseases etc>.

This is a test, a test to see how much privacy you will voluntarily give up. If you allow it once, they will know they can do it whenever they want.

If enough people refuse to install it, then the test fails.

If enough people install it, they can make it mandatory and do it again.

But that's my view anyway, and my decision.

JakeMS
Thumb Up

Re: No chance

Yup, I'm still not installing this by choice - and there's nothing they can do to change my mind.

I would still rather die by COVID-19 than install. Absolutely nothing will change my mind on that.

- Although, I did get a COVID-19 test on Wednesday - My results were "un clear" apparently, that means "I don't know" and come back in 7 days for another test (I called 111 to verify). Yup, that test was helpful.. thanks guv!

JakeMS

Re: "please install the app, and use it"

Oh damn! Would you look at that, my phone keeps powering off!

Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services...

JakeMS

Re: But..

That's true, but I've never agreed to Facebooks terms, I've never registered an account with them.

Yet they attempt collect my info regardless on any website with a Facebook button, or their many other methods.

They also have pictures of me which I never uploaded, and even a fake account with my picture for its main picture.

I have to do everything I can to prevent my web browser sending info off to them.

I don't agree to any of this, but they do it anyway, so how is it any different?

JakeMS

But..

Don't Facebook already do this to their own users? From my understanding Facebook collects tons of information on people, even people who don't use their services. It's also my understanding Facebook collects tons of metadata from Whatsapp chats.

So all in all, effectively spying, although their users and others have agreed to this.

So what's the problem Facebook?

- Although personally, I use Signal instead.

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

JakeMS
Stop

Yeah...

These colours existed long before people defined them for skin colour. It has nothing to do with someones skin.

Seriously just stop with the political correctness BS already.

I will carry on using the terms blacklist and whitelist and carry on wearing black clothes, drinking black coffee, green tea and eating dark chocolate, pork and bacon and other meats from the local butchers*

* I don't care if this offends your beliefs, these are my beliefs, and if you can have yours, I can have mine.

Square peg of modem won't fit into round hole of PC? I saw to it, bloke tells horrified mate

JakeMS
Thumb Up

Re: Isn't that normal for PB?

Talking of non-standards, anyone remember Tiny? I still have two of them. If memory serves me well, one is from 1996, and one from 1997. Exterior looks exactly the same, and both have the same archway shape case with the old windows logo as an air vent, that goes covers both sides (PITA to refit without bending). Except when they brought the next years one out, they upgraded the pentium II, and changed the PSU to one that needed a special bracket. That means you also need a psu that fits that bracket. That's great thanks tiny!

Although, last I checked a few years ago they both still worked. Up unfil around 2009 they were still running as a pair of home IRC servers.

For all the faults of the older kit, they maybe slow, they may be old, they may be impossible to get fitting parts for.. but they will run for decades without so much as a complaint!

Tesla sued over Tokyo biker's death in 'dozing driver' Autopilot crash

JakeMS

Re: If the experts aren't safe,

That may be so, but sometimes it can take too long for those services and someone stopping to help could be the difference between life and death. This will be even more the case as electric cars come more common place that have big batteries which can ignite easily if you have a huge crash. (Ask Richard Hammond). You will want someone to help you get out of that car fast.

Someone simply blocking a wound from bleeding out when your trapped in the car and unconscious can save your life too, there are many instances where stopping can save a life.

If you witness an accident in the UK and stop to help, often once the police arrive they are quite happy you did, because someone who wasn't involved in the accident can be used as a witness, which is a far more reliable source of what happened than the two drivers who will blame each other.

They will take your statement, thank you for helping and send you on your way.

Most humans with any common decency will stop to help, If you have a heart attack on the street, would you say that a passer by shouldn't try to resuscitate you? Wait for a qualified doctor?

I have training to revive people in simple cases (I've revived 3 people so far), as a passer by I would stop to help. But I'm not a doctor, so I should be told to leave you and not help?

And, in this event that occured, a human driver would change lanes to go around the accident.

Not simply plow into someone because "they shouldn't be there".

A child runs into the road chasing a football, by the logic of this car:

Speed up and run the kid down

Human driver:

Slam on breaks and/or swerve.

Unexpected events happen on the road, human drivers take action for those events, and if the car is driving, it should too!

You have to think of someone other than yourself sometimes...

Prank warning: You do know your smart speaker's paired with Spotify over the internet, don't you?

JakeMS
Thumb Up

Re: FFS.

Yeah that's one way to go

Personally I've just got an amp connected directly to my PC with optical as source of audio. On that computer is MPC which I can control with a computer program (gmpc) or from my phone with M.A.L.P (vpn connection between them).

So full collection of music, not Internet dependent, plus remote control plus local music management. All win for me.

And not going to be hacked so easily.

(Although, saying that I did just setup a Bluetooth lightbulb today.. but that's not connected to wifi at all, Bluetooth only, using for dimmable bedside light.)

Lars Ulrich makes veiled threats of another Metallica album during web chat with Salesforce CEO Marc Benioff

JakeMS

Re: Pioneers of thrash?

Thrash? Slayer!

* As a fan of Slayer for as long as I can remember, I am perhaps biased.

Mystery cloud added 10,000 new AMD Epyc servers in under ten days to handle demand for you know what

JakeMS

Re: Advertising...

In my experience, your average buyer doesn't care what CPU brand is in it, or even what a CPU is for that matter.

As long as they see the laptop/desktop switches on and says Microsoft Windows somewhere, they're happy with it.

I mean, they still make laptops with intel celeron...... and people buy them.

There are probably many people who have an AMD based laptop and don't even know what the AMD sticker means. Based on the fact I've seen a lot of new laptops recently that had AMD chips (but no fish) and there was a big influx of laptop sales at the start of COVID.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021