* Posts by JakeMS

350 publicly visible posts • joined 22 Jan 2015


Law secretly drafted by ChatGPT makes it onto the books


Re: Perhaps ...

What? You can't read a 1,000 page legal document, propose and then debate sensible changes to the document within two minutes? Surely you jest! ;-)

India wants to quadruple electronics biz in just four years


Should we expect?

This is probably great for india's connectivity also! I hope we can expect quadruple the phone calls from "Microsoft Support" that need to help us remove a virus and BT to correct our broadband packages!

I love getting those messages, it's quite amusing when you confuse them by saying you don't use BT or Microsoft Windows!

Intel counters AMD’s big-cache PC chip with 5.5GHz 16-core rival



Have they fixed the CPU exploits yet? I mean in the CPUs themselves? Or will it be software patches which slow them down again?

Excuse my ignorance I haven't been following intel lately.

Govt suggests Brits should hand passports to social media companies


Re: 'F' that for a game of 'where's my directorship'?

Sounds like you need a password manager for all those logins. Personally I'd recommend KeePassXC, served me well for years. :-)


Crazy Idea

This will sound absolutely crazy but, if you disagree with handing your passport or other identifying documents to the social media giants but are being forced to because of this law.. there's a simple solution.

When asked to hand over the docs, don't do it. Simply stop using the platform.

It's crazy I know, but you only have to hand over those docs if you continue to use the service.

Don't use it? Crazy right?

Alarm raised after Microsoft wins data-encoding patent


Re: Ban software patents.

That's what mythbusters were trying to do, take the usage from the cartoon (and other sources) and prove whether or not it could really be done, they weren't trying to say they came up with the idea. So they literally pumped ping-pong balls into a sunken boat to see if they could lift it (they did).

I miss mythbusters, it was a good and entertaining show. Blowing stuff up "for science" was always fun to see. How do you get dried cement out of a cement truck? Blow it up with high power explosives of course! Then just say "It's for science!" :-D

As for my danish.. yeah.. uncertain is not the word I'd use, more like "Non-existent" is what I'll go with as I've never studied it.


Re: Ban software patents.

That and mythbusters had previously - on public tv - proved that you could do such a thing with ping-pong balls around 2004.

So it's already well established that you just need to have some balls to lift a ship.

Raspberry Pis gain power to flash their own OSes with new network install function


Just my luck..

Decided last week I wanted to build my own media centre computer.. so on Friday ordered a RPi 4 8GB (from one of their recommended suppliers on their website)

Got delivered Monday, but had to also buy a SD card reader Monday (from local computer shop) for my computer just so I could run:

dd if=LibreElec.img of=/dev/sdi

Really could have done with that network boot on monday.. my timing and luck is always terrible lol.

Red Cross forced to shutter family reunion service following cyberattack and data leak


Well, if zuck has my family photos obtained from my computer, absolutely yes.

I've never had a facebook account, nor other social media. I don't upload them so... if he has them?


Oh? The data was stolen by Facebook and co?

Four women suing Google for pay discrimination just had their lawsuit upgraded to a $600m class action


The United Sues of America

Somebody is always suing someone else in America for some reason or another.

It gets to the point where it's not really news any more.

America, the land of the lawyers.

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)


To be honest, we're a small business that's only been running 8 years now that started as a simple market stall, but we've grown over those years and throughout the pandemic, even with our store closed for most of the tax year.

We mostly serve a small town with a population of less than 30k, that tied in with being a niche market (gothic/alternative clothing/accessories/figurines) - so we are able to offer help and advice in a field where most people simply don't understand it.

That's our edge because, while anyone could sell these types of products, not so many could also understand the lifestyle, interests and difference amongst the brands of quality, sizing and popularity.

We actually have a private list of "no go" brands that we actively avoid due to poor manufacturing quality, we don't sell crappy copper jewellery that'll turn your fingers green for example, instead we sell our preferred brand that produces much higher quality products.

We focus primarily on simply providing good old fashioned customer service, and giving our customers the feeling of being with people who understand them.

Our primary method of advertising is old fashioned too, it's the old "word of mouth" method. See, generally we find our customers shop with us because they enjoy the experience (help provided, atmosphere etc) and the quality of the products we sell (we use only carefully selected brands, and only sell stuff we ourselves would trust and use.)

This usually leads to our customers leaving our store happy, and in turn they will tell their friends about us. That's why sometimes we get customers who travel halfway across the country just to visit our little store that's in the middle of nowhere.

The best form of advertisement is, and always will be, recommendations from your friends.

Sure, we could pay to get a bunch of ads thrown in your face, but the chances are high you'll mostly ignore the ads (or block them, like I do).

TV ads are much the same, personally I mostly ignore them.

We don't chase the money path like the big businesses, we simply enjoy what we do and what we sell, and our customers see that.

And so, that's how we fund our business and website. No tracking or dirty tactics necessary.



My business's online side strictly sets only cookies necessary for operation of the store, there's no analytics, ads, or third party cookies set in any form.

This is great because it means there's no tracking cookies at all. Thus, our cookie notice is a simple one liner "This website uses cookies to ensure you get the best experience on our website. Privacy Policy(link)" - with a single button "got it". So, no ridiculous long scary menu's asking what cookies to set.

The privacy policy lists all of the 6 possibly set cookies, which the website uses to configure itself:

PHPSESSID, language, currency, cnotify (got it button), display (grid/list product view, set if changed by user), customer (hashed customer ID, if logged in).

Other than that, no other cookies will be set at any time.. it makes complying with cookie law so much easier :-D.

But we're just a small family run retail business, so we don't need all the tracking or other junk that the big stores/businesses need.

Since we also only collect data strictly necessary to deliver items to the customer and process the transaction.. yup.. GDPR was a walk in the park too, pretty much all of the security requirements it requested were already implemented, users already had the ability to delete their accounts or view the data we held, and we don't sell customer data, nor share it with "partners". It took me about a week to sort a couple of minor legal bits out to ensure compliance with our third party payments provider (stripe).

Heck, even our in-store layaway system only collects their name and phone number as standard. An optional email address can be provided to match the account to an online account if they would like to be able to manage their layaway via our website (make payments, view etc, but must be activated in-store).

(Yes, all databases are encrypted, with proper security during communications between our custom in-store epos system and dedicated servers)

All in all, doing it yourself carefully, and only adding/using stuff you actually need saves a whole heap of legal stuff and expenses.

Added extra: TTFB around 115-180ms, page fully loaded in around 500ms-1s depending on amount of product images and internet speed ofc.

Sometimes, less is better.

Stealthy Linux backdoor malware spotted after three years of minding your business


Re: Disguising it as Systemd is cunning

To be fair. you really should have an active and carefully configured IDS like Tripwire (or similar), with both its binaries and databases on read-only media to prevent DB/binary tampering.

Thus, if any binaries suddenly change on the system, you can easily detect it.

UK government gives Automated Lane Keeping Systems the green light for use on motorways


37 MPH...

37 MPH? So there will be vehicles doing 37 MPH on a 70 MPH road? That's just asking for trouble.. contrary to popular belief the M25 is not the only motorway in Britain, and on other motorways it's quite possible to sustain 70MPH or more.

This could potentially cause more problems than it fixes.

You see, speed isn't always the reason for deaths and accidents on motorways, slowness can be just as dangerous if not more dangerous.

Trucks are limited at 56 MPH for example, this usually causes car drivers to come up quickly behind them and often move into the next lane at 70 MPH, but they generally stay in the first lane "out of the way" so to speak (unless over taking) while maintaining a consistent speed.

Now imagine you've got a car doing 37 MPH in the first lane, this means you'll have trucks coming up quickly and then needing to over take it or slow down, causing congestion. Or worse, if that 37 MPH vehicle is changing lanes into the more "high speed" lanes, it could potentially pull straight in front of a 70 MPH (or more) vehicle, probably causing an accident due to the sheer slow speed.

The only way this could be safe is if all motorway traffic is limited to 37MPH or if the vehicle never leaves the first lane.

37MPH is a ridiculously slow speed to maintain on a 70MPH road, slow enough to be dangerous.

iPhone XR caught fire after getting trapped in airline passenger's seat

Thumb Down

Re: Clumsy while sleeping

On planes I just sit quietly minding my own business while staying awake. That's my choice. If you feel that needs therapy then maybe you don't actually understand mental issues at all, because that is far from having issues compared to many people who come to my store that I give advice and help to often for real mental issues (mostly adults, not just teens).

Mental issues are not something you should joke about. They're not a joke.


Re: Clumsy while sleeping

Yeah.. it's things like this why I don't sleep on aeroplanes.

Pre-covid I had a nice 19 hour flight from England to Japan, and ofc, the same back to England (with a brief stop in Dubai, around 1 hr or so both ways).

Me being me, stayed awake the whole time with no sleep for both flights because on a flight there's two things I don't trust:

1) Other passengers, who are these people sat next to you? What do you know about them? When you're flying alone like I do, the answer is "I don't know them". - So I don't want to lose my phone or other possessions while asleep... as such no sleep for me... just use my phone until I land (Yes.. I buy the in flight internet access, with VPN active ofc).

2) If you do drop something while asleep - By the time you notice it could be too late to recover it.

Almost every flight I've been on there's been another passenger saying "Hey, I lost my phone where is it?!" after waking.. usually it's found on the floor or under a seat.. but still, if you didn't check? Just thought it's in your bag?

And ofc and by the time feeding time comes I want my damn food because I'm hungry.. usually by feeding time I'm light headed and feeling faint on a long flight (food always fixes that)... so unlike other passengers who sleep right through it then complain there's no food, I need my food.

So imo, it's better to simply not sleep on aeroplanes, you get all the food and keep your stuff.

Oh, and last tip.. only drink the bottled water on an aircraft, about half way through the flight switch to juices... You don't want to know why...

Lock up your Peloton smart treadmills, watchdog warns families following one death, numerous injuries


Re: Prime Example

It's a great way to gain a profit without breaking a sweat.


Re: Prime Example

Technically, no not forced.

However, you wouldn't buy one of these machines if you wanted a simple "dumb" treadmill which is no different than a much much much less expensive one.

But, in order to enable the smart features, and use it as it is advertised (personal trainers, fitness tracking etc etc) you need the membership.

As such, you must pay a subscription based membership if you want to take full advantage of your purchase.

Thumb Down

Prime Example

These machines are actually a prime example of exploiting your customers for every penny.

First, they must pay for these machines - okay that's fine, it costs something to manufacture and produce them too - but then after the transaction is complete, you tell the person "well, you have the machine and all, but if you want to use most of the features you saw in the ad you need this monthly subscription".

Effectively they are double-charging the customer and continuing to do so. It's crazy in my mind that people would agree to pay for this. It should be one or the other, either pay a rent/subscription fee or pay a large initial sum.

Not both. Having both is just straight up customer exploitation.

I mean, let's look at the cost of their treatmill:


At the top it says:

From £2,295 or £59/mo¹ for 39 mos at 0% APR

All-Access Membership Separate

So, not only do you have to pay £2,295 for this machine, but on top of that if you want the smart features and membership you need to pay a separate all access membership fee.

How much is the fee?

According to them, the all access fee is £39/mo.

So let's do some math. They're 12 months in a year, so that's an additional £468 per annum you're paying for this machine.

So your machines price just jumped from £2,295 to £2,763 for your first year. Let's say you want to workout for 5 years. That's £2,340 worth of membership fees.

So for a 5 year workout plan with this machine you've paid £2,295 for the machine and £2,340 worth of membership fees, totalling £4,635.

I understand it costs money to produce the classes and such, but they could easily factor this into the cost of the machine itself, if they continued selling enough units with enough profit (and there's tons of profit in exercise equipment) then the cost of producing additional content could easily be covered. Let us not forget the price is already artificially inflated for simply having the smart features.

A regular treadmill at Argos, for example the "Reebok Jet 300" - will set you back £849 and includes the usual info about how many calories burned, mp3 connectivity, built in speakers etc etc. That's with no monthly subscription fees, so your 5 year workout plan with this machine would cost £849.

Instead this company are forcing customers to pay an inflated fee for the machine and then topping that off with a monthly fee. Thus they force paying customers to keep paying more.

So.. yup it's a no from me. I'd rather get a "dumb" treadmill which would do pretty much the same thing minus the classes.

But ofc, all this is just my personal opinion based on early morning first coffee research.

Death Becomes It: Who put the Blue in the Blue Screen of Death?

Thumb Up


I knew someone who did that.. I also knew they were the type of person who doesn't click "save" on their documents.

So I hit the hardware reset button and cheerfully said "Oh hey, I noticed your computer had a BSOD, so I've reset it for you so it'll be ready when you go back."

He suddenly rushed off saying "My Work!"

Always click save folks..

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges


Re: Waitaminute...

We don't have security issues, our OS is perfect. This report is fake news!


Re: Only sissies use sudo

Yup, sudo is very useful on a system where such features are needed. But at the same time -and in many cases- it can just end up a binary on a system that never gets touched.

I always remove it on systems where there are no users who will be using it.

My policy is simple:

Is this package necessary to the operation of the system (y/n)?

n --> Remove

y --> Keep

in my view, having lots of packages you don't use installed is just an exploit waiting to happen.

Man arrested after UK school finds wiped hard drives on devices connected to network


But Why?

I'm curious to understand his motivation here?

I mean what did he achieve here?

If this was some kind of state-sponsered attack - I'd understand the logic there

If this was an active student playing games - I'd understand this logic too (I remember being called into the classroom alone at college to be greeted by the IT guys.. with the simple question "OK - We know it was you. Now tell us how you did it. How did you get into the admin account?"

Angry teacher/tech who got fired unfairly? Yeah I can see that.

If he placed ransomware on the systems to try to get some monero/bitcoin? Yeah I'd get that too, granted I'd feel it's not a very effective method but still.

But just randomly wiping HDDs on any computer connected to the network? I mean it may be fun at first, but it doesn't actually achieve anything other than potentially causing students to lose school work (as if they didn't lose enough last year already)

I mean, since his not a student (or no longer) of the school, I can't see any true motivation he might have for attacking this schools systems since he doesn't actually achieve or gain anything from it. It just seems like a stupid thing to do.

Maybe I'm just getting old since I'm turning 30 this year..

Epic Games files competition lawsuit against Google in the UK over Fortnite's ejection from Play Store


Third to say not the same as a brick & mortar.

Another very large difference:

Most brick and mortars outright buy the products immediately. This means the wholesaler/manufacturer gets the money for the product instantly. They don't have to wait for a customer (end user) to buy it, the brick and mortar has already given them the money.

They get their money back when they sell it on, if they can sell it on. That's on them.

There used to be old "sale or return" policies that some manufacturers had, but these days that practically doesn't exist anymore.

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'


Re: Wow

So, if I'm understanding you correctly, OpenSUSE is now supported for 10 years the same as SLES, and it's basically the same distro now?

This sounds very similar to what happened with CentOS - CentOS was community only, Redhat came along and said "Hey we just want to fund you for the good of the community, don't worry we won't try to change CentOS" (essentially, not word for word).

Well a couple of years later here we are. I remember reading a few months (or years?) ago OpenSUSE split from SUSE and went community only - has this changed now?

My last question, how well is SELinux supported on SUSE? I've found with Debian SELinux support is patchy at best and for the most part to actually make it work I'm writing my own policies for stuff which should be done out of the box (Like it is in RHEL/Fedora) - I had to fix a couple of policies just to get Debian w/ SELinux to boot in enforcing mode. (I was testing/working on that yesterday, on christmas day, it's more fun than family and gifts anyway lol)

Although, most people will tell you "just disable SELinux you don't need it!" - I've always disagreed with that sentiment, I'd rather stuff gets blocked and breaks until I fix it (or distro devs) than just runs and causes havoc if it's bad.

Debian's works - but it doesn't have setroubleshoot, so you're relying on classic tools such as ausearch and audit2why etc.

Thankfully, I'm well versed in SELinux due to my CentOS/Fedora experience.

Yes, I'm well aware Debian and many other distro's would rather use apparmor - but that's only effective if you have policies on an application by application basis, and allows all except the applications with a policy. - I prefer the SELinux method of block all and fix later.


Initially, CentOS was a completely independent distro, which is when most of us started using it - it wasn't owned by Redhat or any other company. It was entirely community managed. Only in the last few years did it become company owned.


Re: Wow

Ah, SUSE. I always forget that one.

I just did a preliminary search (at 3am), according to their documentation, OpenSUSE has a 36 month lifespan between major upgrades. That's a decent amount of time - but I'm worried how well their upgrades would work? Often distro's require complete reinstallation when a new version is released.

Graphics drivers etc are no issue as we're talking about servers here, so the no gui, setup once and maintain type) - That and our EPOS/Desktop systems recently got upgraded to ryzen with amd graphics - I don't miss nvidia :P

Now, Debian on the other hand has upto 5 years with their LTS:


That's still no where near the old, now discontinued CentOS 10 year life span, but it's still a fair amount of time with enough time to plan upgrades as usually, our upgrade is renting a newer replacement dedicated server, setting that one up with the new OS and testing etc, then switching the traffic to it and dropping the old one (Mostly this was done because upgrading between CentOS major versions always required a reinstall).

With that said, 36 months is still 3 years. So it's not an overly short time either and could be do-able. But it does feel short, our servers are usually rented on a 2-year minimum term so we get discounts :P

Thus our absolute minimum expected OS installed time is 2.5 years (allowing time for switching), but we tend to try to keep the servers and OS running longer if we can.

From a Desktop point of view, I'd be interested in OpenSUSE. Sadly not so much for a sever at this time.

But, while we're on SUSE, let's not forget SLES. Out of the SUSE's, SLES would probably be the best candidate next to RHEL or CentOS. But we're a small family run retail business and with everything that happened this year, it's probably out of our budget (last time I checked, it was subscription like RHEL?) - Do Novell still own SUSE?

For the most part I'm just dumping my thoughts here - I'm not an expert in SUSE (any of them) so my information could be incorrect or just straight up wrong.

If I'm wrong, please feel free to correct me with the right information and I'll be happy to take another look into SUSE :-).


Re: Wow

Yeah.. I didn't evaluate the entire OS based on one tool.. I said "so far so good" and that I liked/appreciated the better network management (so far, it's better than having to kill off NetworkManager and deal with the mostly borked network daemon in modern Fedora.).

On systems where the network configuration is never expected to change (aka, IPs never changing, gateways not moving, no wifi etc) NetworkManager is simply not necessary, a simple network config file will suffice. In fact for us, it's preferable the network dies outright instead of changing config to reconnect automatically - because there is no valid reason the network should change, and if it does, I need to know, killing the connection is acceptable in that case.

As for SSH, used it for years - will continue to do so. Shorewall, ditto - the previous systems were already using those.

PHP again, required due to existing projects.

The tools I use, with the exception of the network management, were evaluated with the previous OS's and are being used appropriately for the systems at hand.

It's entirely possible that something else might pop up and change my mind. But until then "so far so good".

I've also researched the lifespans of the distro, and the upgrade paths - they seem acceptable for our usage.

The real test will be the KVM host that's already running C8.. the guests are easy to switch OS.. the host itself not so much.


Re: Wow

Thanks for the replies :)

I think we'll go Debian, I'm somewhat familiar with it since our EPOS system runs Debian already.

I threw our development server from C8 to Deb10 this morning, just to see how it worked. I LOVE the old config way of networking. Up to C8 I was still clinging to the old sysconfig network files.

Current Fedora outright drops that ability it seems in favour of nmcli (or gui).. Which I really dislike. Call me old fashioned but I prefer to just edit a bunch of text config files, I find it faster and I'm used to it. I've been doing it that way since before networkmanager even existed.

So I've already fallen in love with Debians network config method, it was super easy to setup multiple IPs on the interface and the vpn.

Firewall was pretty much exactly the same config (shorewall).

Again, ssh and keys easy as pie (as always, same old thing)

PHP is a little different, but I had to use surb repo, who claims to be the official Debian packager.. I've yet to verify that claim.

That's as far as I got before I headed out to work lol.

But.. so far so good.



Wow... As a Fedora user for over 15 years, generally a supporter of Redhat too, and having all my servers based on CentOS..

This shocks me. So much so that I'm now going to have to look into alternative long term distros for servers.

Any Suggestions?

Top of my may switch to list is Debian, and absolutely never in gonna happen in a million years is uBuntu.

Other than that, I'm all for any suggestions :).

It's 2020 and a rogue ICMPv6 network packet can pwn your Microsoft Windows machine



Haven't we been here before? I remember years ago we had something along the lines of "Ping of death" or something like that where you could pwn a machine with pings and such. I don't remember vary clearly. But it was a very large number of years ago now.

I thought that issue was fixed years ago too?

Amazon-like megacorps dominating various online sectors could become norm for pandemic-stricken planet


Re: No, they don't.

From a business perspective, when your competition is suppressed or weaker than you in anyway.. that's always a good thing as it brings more sales to you.

No so good for customer choice however...

Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell


Do you remember?

Do you remember when the term "Cloud Computing" first came about in mainstream media?

Remember how everyone was saying "It's time to move fo the cloud! Never experience downtime again and save tons of money by not needing your own DC and servers!"

How's that working out?

Thunderbird implements PGP crypto feature requested 21 years ago


Tresorit could be an option for you, but it is on the expensive side. It's end-to-end encrypted, and based in Switzerland however, and has a client for all platforms (Linux, Mac, Windows and Android/iOS).


Re: About time..

Waterfox sounds good in its features and original goal, but I'm a little paranoid about the fact it is now owned by System1, a US advertising company. I'd be worried about it starting to collect data (even if it isn't) - So for me that feels the same as Chrome (privacy wise).


About time..

This is a little late for me to be honest, I switched from Thunderbird over to Gnome Evolution a few years ago now. Don't get me wrong, in many ways Thunderbird was great, but over the 6-7 years or so using it I grew tired of trying to find and add add-ons that make basic functionality I needed work.

A few things annoyed me about thunderbird at that time

- Contact sync was terrible, if you wanted it to work properly, with say, Zimbra or OpenXchange, you needed an add-on for that.

- Often those add-ons would break and delete your contacts (Grr, but thank you for backups..)

- Lighting calendar/task sync worked okay, but again it's an add-on and often broke.

- The PGP add-on actually worked well, but still.. an add-on.

- If you have large amounts of IMAP mail coming in, sometimes Thunderbird would get "stuck" while syncing.

So, after dealing with these problems, and trying to keep add-ons to match the current release for several years, Mozilla changed the addon system which broke my contact sync add-on entirely. So, yup. Decided at that point to look at others. I think Thunderbird would be great if you're a gmail user, there are lots of addons for that.

But if you don't use Gmail, and like me use mailbox.org (previously fastmail, moving away) and Zimbra (self hosted, business) - then Thunderbird often falls short.

I ended up choosing Evolution because, as yet, it hasn't broken (contrary to most internet posts) and supports all the syncing out the box, has built in PGP, and as yet I haven't needed to install add-ons or "change" anything to make it work. It just works, and it works well.

Sure, it's GNOME based, but it works well on my XFCE desktop, and it's actually got more stable, not less, over the time I've been using it.

But before I get tons of downvotes for not using a Mozilla product, I'm still a Mozilla user! I still use Firefox (With several addons....) :-D.

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe



Why is a computer/device that is necessary for ensuring you can serve emergency cases connected to the internet?

Surely, something so critical should be Offline (Installed/Configured, just works, no need for the internet)?

If it's the case of needing to transfer patient data, say for blood type, couldn't a doctor just call another hospital (by phone) for the patients emergency records and perform the operation?

SAP proves, yet again, that Excel is utterly unkillable

Thumb Up

Re: Yeah...

That's a good question. Once this little virus thing blows over I'll look into some more local accountants to see if they can use the new app. I guess we are with them because it's who we always had.



I hate spreadsheets with a passion.

My business has an outside accountant, who for the most part we just use for verifying our records before submission and the occasional tax questions.

I do most of the accounting myself, I do a full reconciliation report etc.

Anyway, initially they asked me to use Excel to submit it all to them, and after cursing at it getting slow, and having my hair turn gray, getting confused trying to put it all in a spreadsheet, I decided enough was enough.

I found an open source locally run application that was built for accounting and works on any platform, it does everything I need perfectly, I love it.

The biggest complications with the excel format is trying to calculate sales from online, instore and whether that money is cash (most fun is when someone paid a bit cash, and a bit card for the same transaction) , that money is card etc and having it all play nicely and tally up.

Ofc, when cash is deposited, it is usually different to the total sales figure, due to change given and what-not. That's a PITA to calculate in excel, because you cannot do double entry accounting.

So, the new app, can calculate that automatically and it all works great, and even fixed a few common errors in previous submissions, due to confusion in excel.

It can even generate reports that are identical to what the account gives us after reviewing.

After telling all of this to the accountant, guess what they said?

Please submit your records in excel.

They would not even look at it.

At this point my head exploded and splattered all over the room, with bits of brain matter stuck to the walls. So, I just copied and pasted the generated reports into excel.

The only good of excel is that I can use Libreoffice to make the excel files for them.

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months


Re: Wait

It sounds like it was a php file that was put or edited on their server, you can easily configure an IDS to detect this.

The website files should be monitored, so that - any - file edited, removed or added is noticed. There is no reason this cannot be done. I do this on my website. Tripwire knows the website paths (along with being tailored to the system files).

Even adding product images trips it in the images category and gives me a list of images added.

If our custom stripe integration is touched in anyway tripwire will see it.

Put bluntly, If someone can upload a file to your site, without your knowledge then your environment is not secure enough to collect card data.



How did they not notice this?

Websites which collect card data (my own incl) deploy many security methods to ensure precisely this does not happen.

One of the many methods that we (and most others) use is an Intrusion Detection System (In my case, as a small business owner, Tripwire on Linux), this monitors for filesytem changes, including monitoring the websites files.

This means, if a PHP file is edited, via an exploit or other hack then that file will immediately flag up on the IDS.

This hack absolutely should have been spotted immediately on their IDS, how did they miss this for so long?

Huge if true... Trump explodes as he learns open source could erode China tech ban


Re: re: great 48 United States...


El Presidente Trump has announced Hawaii sounds far too much like that evil Huawei so has sold it to Richard Branson.

As for Alaska, well that's just too much like Alexa and often confuses El Presidente Trump. As such, it had to go off to Larry.

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts

Thumb Up

Re: What ?

I personally feel that training basic common sense shouldn't be necessary, but when it is, or a job needs any further job specific training it shouldn't be looked at as an expense, but rather as a resource tbat ensures smooth continued operations.


Re: What ?

Most of these happen by a staff member opening an email attachment or dodgy website.

It can be almost entirely eliminated by:

- Training staff to not just go ahead and open any old attachment they receive by email

- Show emails as plain text by default

- Train staff tonot open that image that has an exe file extension.

- Train staff to not need to look at adult content at work.

- Train staff to focus on their jobs, not random dogdy websites

- Train staff to treat every email attachment with caution, is this contact really likely to send an attachment? Is it really necessary, is it usual pattern?

- Call BOFH if in doubt about something, before you do something.

- Basically.. just train staff about common sense.

Do you really need fo click that random bit.ly link from a random contact who you assisted months ago? Nope

Targeted attacks may be more tricky to stop, but even this simple measures can go a long way.

Prevention is always better than the cure. Ofc, you should still have offline backups.


"robust cybersecurity"

Cybersecurity? Now I have no doubt it sucks.

Apple owes us big time for bungled display-killing cable design in MacBook Pro kit, lawsuit claims

Thumb Up

Yup, I've replaced that cable on a laptop a few years ago (not a apple).

Simply found a dirt cheap matching laptop that was sold as "Spares or repair" that had a busted from impact LCD on ebay and swapped the cable.

Then noticed the spares one had a pci wifi, grabbed that too (mine didn't, I was using a wifi usb).

So, overall worked out well for me.

You can keep a laptop running for years just by swapping failed parts, I've swapped keyboards, screens, ram, hdds etc

Broken? Fix it!

What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you


Subscriptions "R" Us

We beg, implore and beseech thee. Stop reusing the same damn password everywhere


Re: OK, sp which password manager to plump for?

I use KeePassXC, because:

- Still in active development

- Fully open source (Peace of mind...)

- Fully offline by default - no internet/cloud required

- Includes a built-in password generator which can be adjusted/altered to match a sites particular requirements

- Integrates with your desktop keyring - useful for apps such as evolution storing passwords

- Not owned by a corporation - Your passwords won't be sold...

- No risk of simply "vanishing" if a business stops operating

- Included in pretty much every distro, so installing is quick and simple - no hunting for binaries.

- Mobile applications exist in f-droid for reading your DB on a mobile device.

- Many other reasons - but if I continue I start to sound like a sales bod.

UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told

Thumb Up

Re: No chance

Yup, pretty much my thoughts. I'm sorry but I just can't find it within myself to trust an app which collects data from my phone, sends it off to a central db.

Those of us who stand out and say no to installing the app, will be viewed as risking lives or being selfish.

The argument being you need to think of others.

But I am thinking of others. Except my thinking is long term rather than short term. In fact I would probably consider installing this app if it wasn't storing data on some DB owned by GCHQ. If it was done using the Google API, perhaps I would install it.

But therein lies the problem, this app is not built for the sole purpose of saving lives. It's built to collect as much data as possible and store it on a central DB, if it was built solely for saving lives, then it would use the APIs.

That's a huge chunk of your privacy and freedoms you are giving away. Once you've given up your freedom and privacy, you can never take it back (without war anyway).

You only have to look at what the world has done to privacy within the last 40 years to see the consequences of simply saying "Sure, I'll give up that privacy, for a short term to save X". Every single time, the privacy never returns.

There are methods the government has taken in this pandemic which I do agree with, but this one will never be so.

People can say I'm endangering lives by not installing this, you can even say I'm being selfish.

But for me, it's about preserving what freedom we, as a nation have left. And attempting to make it so that the generations which follow won't be buying devices with contact tracing apps as standard to protect the public from <insert anything here, crime, diseases etc>.

This is a test, a test to see how much privacy you will voluntarily give up. If you allow it once, they will know they can do it whenever they want.

If enough people refuse to install it, then the test fails.

If enough people install it, they can make it mandatory and do it again.

But that's my view anyway, and my decision.