Posh Place Advisory
When using the sink in such places you should always look at BOTH taps as "C" doesn't always mean what you think it should mean. Au contraire - which should give some clue as to pourquoi.
Posts by Ken Moorhouse
4017 publicly visible posts • joined 26 Jul 2007
Page:
Want to know what an organisation is really like? Visit the restroom
Password re-use is dangerous, right? So what about stopping it with password-sharing?
Friday 18th May 2018 05:56 GMT 
Re: So let me get this straight
No need, already done for you.
If you remember, for one, AVG's controversial previewing of all the links on the page currently being browsed (their reasoning being to see if it should pre-emptively warn the user of any problems). Such tactics effectively announce your upcoming visit to their website. AVG supposedly ditched that service after complaints, not just from users of their product, but also website owners for generating false visitor data.
I seem to remember getting a phone call from a company that had trawled through their logs and contacting me from that information. I had never expressed interest in their product and my only knowledge of them was my visit to their site. They freely admitted that their only knowledge of me was from my visit to their site.
Monday 7th May 2018 09:58 GMT
Re: the third part of the puzzle.
What granularity would be used for this third (temporal) part of the puzzle?
Arguably anything finer than "which date?" would be impracticable due to time zone imprecision. Even this could be problematic for someone creating a login on 31st December or 1st January in a Pacific location, which could potentially fail even a century comparison test.
Monday 7th May 2018 08:00 GMT
Re: Remember the Disabled
The problem I have encountered recently with e.g., Microsoft is that, if their password strength policy changes, they do not use the "grace login" principle to allow you to login once using the insecure password, then insist you change it before logging out.
My recent experience (mentioned in another thread here) is that the user is frozen out of their account and then forced to go through all sorts of hoops to establish their identify (Subjects of emails, passwords used before, people in your address book, etc.) before they give you that "grace login" opportunity.
Monday 7th May 2018 07:47 GMT
A site might know if two visitors to that site have the same password
Because the hashed value stored in the password field matches that from someone else.
Arguably, that is not good. The algorithm for password salting should include the username in the hashing process so that, even if everyone on that site used the same password, none of them would appear to be the same on inspection of the password field content.
However, if a hacker had access to the resultant password field, they could get valuable insight into the algorithm used for the hashing process by flooding the site with different usernames but identical passwords.
Monday 7th May 2018 06:06 GMT
How would two sites know that passwords are the same?
The actual password should not be accessible for comparison with anything else, only with a salted hash of it.
The only way that e.g., Twitter and Facebook would know that two passwords were identical would be if they are using the same salt and an identical hashing technique.
MPs petition for legally binding target of 95% 4G coverage across UK
Hacking train Wi-Fi may expose passenger data and control systems
Saturday 12th May 2018 20:20 GMT
Re: Digital Railway (Yes, really)
I've worked on both sides of the industry (signal engineering and train-borne equipment), albeit a long time ago. (Your name rings a bell for some reason, have you worked for LUL?). The fail-safe principles underlying the Victoria line equipment (correct me if I'm wrong) are based on resonant frequency circuitry. If a well-defined pulse of a certain frequency is received then it effectively energises a switch enabling a train to move within a certain speed range, or to coast. Without the code being detected, the train stays where it is. If code is lost, the brakes are applied. Unlike car traffic where the driver of the car behind takes a chance on the bloke in front braking suddenly, the railway signalling system is designed to ensure that there is adequate distance for the train behind to brake with no chance of hitting the other train. This is all automatic, even if the driver were to collapse at the controls, safety is assured.
I seem to remember the ETT (Experimental Tube Train) planned to use Intel 4040 CPU's, because I remember trying to suss out the Assembler code for it. LUL were extremely cautious about microprocessors in those days to the extent of insisting that whatever CPU was used for production systems was 2nd sourced by a different manufacturer, so there was not total reliance on Intel. I think IBM was a second source for early 8-bit CPU's. The use of TTL was frowned upon by the development section I worked with (spiky, high-current, electrically noisy), with preference for CMOS for its higher noise immunity. Usually anything involving CPU's was "front-ended" with relays (train-borne equipment) or with mechanical interlocking frames and/or relays (trackside signalling). Even the frequency of the relays used for trackside use were specially designed to run on 125Hz (33Hz previously) AC. 125Hz being not harmonically related to the industrial 50Hz standard - meaning high noise immunity. The principle of electricity flowing = potentially ok (sorry, tripped over a pun there), no electricity = Whoa! Stop! was engraved into everyone's sub-conscious.
In summary, the Underground is an incredibly safe way to get from A-B.
Your software hates you and your devices think you're stupid
Don't try and beat AI, merge with it says chess champ Garry Kasparov
Friday 11th May 2018 19:46 GMT
Re: They learn by making mistakes and correcting their errors.
I would be more inclined to say:-
They FUNCTION by making mistakes and WEIGHTING their errors.
Many of us here will have written programs that "learn" how to win at Tic Tac Toe. Trivial perhaps, but anchors one's imagination as to how AI "works".
If Deep Mind had been forced to play chess where White starts by moving the Kings rook pawn, then black does the same, then every combination from there, then it would never have got to the nitty gritty of beating Kasparov, there would be just too many meaningless moves in its database. So it was no doubt primed with thousands of classic openings which set it on the correct learning "tree structure".
If Kasparov had gamed the system by starting with a non-standard opening, that would have forced Deep Mind to throw away its entire Opening Move catalogue and force it to play from scratch, which would have put it at a big disadvantage.
Chap charged with fraud after mail for UPS global HQ floods Chicago flat
Astroboffins spot the first perfect exoplanet free of clouds
T-Mobile owner sends in legal heavies to lean on small Brit biz over use of 'trademarked' magenta
Windows app makers told to think different – you're Microsoft 365 developers, now
Tuesday 8th May 2018 20:30 GMT 
JavaScript + AI + Excel = ...
I mentioned on another thread that AI (by definition) does not necessarily mean that you get the best deal. On average (whatever your definition of that term is), things may go well, but there's going to be cases where a Sum Range misses an important cell, someone presses Reply To All (if Outlook were included in this scheme) or JavaScript has some unintended consequence. Mistakes are a part of the pathway to intelligence, that process called learning. Whereas in the past you could blame the Key Caresser, but now the scapegoat is right there in front of you. All very well for it to show a sad face with a "Whoops" caption, but your only redress is to kick the 'puter out the door and get one that is better trained.
Warren Buffett says cryptocurrency attracts charlatans, AI won’t change investing
Monday 7th May 2018 13:11 GMT
Re: If everyone invested rationally
What investors are doing is to forecast the future. Everyone's perspective on the future is different. Someone who likes to take risks might put their money into Musk's ventures. Opportunity for growth could be out of this world (sorry), but conversely the risks are immensely high too. Someone who wants a steady income with low risk might pile on into the National Grid (sorry), but is that really such a safe investment? In fundamental terms NG might be considered overvalued, and if Corbyn gets elected then there might be a rerate of the shares. At the end of the day even rational choices become fraught with complexity. If everyone's perspective were the same then indeed there would be no arbitrage situations arising and the profit opportunities would be small, meaning that gilts/bonds might be just as effective, with less risk.
Monday 7th May 2018 12:12 GMT
Re: Perhaps, if you don't know what you are talking about, it's better to STFU
Eh... If you had read ALL of my post, you might have seen this:-
"or just stick to fundamental valuation principles for the long haul - totally ignoring AI altogether."
I think this is the "formula" Buffett tends to find useful, which is based on common sense, rather than the magic recipe stuff dreamed up by tipsters.
P.S. It was NOT me that downvoted you.
Monday 7th May 2018 06:34 GMT
Investment Formulae can work...
...but only in the short term. Once everyone uses that technique then a contrarian strategy would serve you better, or just stick to fundamental valuation principles for the long haul - totally ignoring AI altogether. AI has to have a portfolio of strategies with random selection of choice built in which prevent "lock-in" which would otherwise ultimately be the death of that strategy. AI cannot therefore give a specific person an advantage (in a similar way to the way that evolution works). Following an AI strategy to the letter might cause a severe loss for this reason, but on average the strategy for most followers might be gainful. This has already been demonstrated with automated trading rules which have caused mayhem on the big Stock Exchanges.
Cookie code compromise caper caught and crumbled
TSB boss: We know everything's working, you just can't see that
That Brexit in action: UK signs pact to let Euro court judge its patents
Sunday 29th April 2018 07:23 GMT
Re: Hottentot
And there was I thinking that this witty interpretation was correct (apologies for quoting in full).
Once I was a waiting man who lived at home at ease
Now I am a mariner that ploughs the stormy seas
I always loved seafaring life I bid my love adieu
I shipped as steward and cook me boys on board the kangaroo
I never thought she would prove false or either prove untrue
As we sailed away from Milford Bay on board the Kangaroo
Think of me oh think of me she mournfully did say
When you are in a foreign land and I am far away
And take this lucky thrupenny bit it will make you bear in mind
This loving trusting faithful heart you left in tears behind
Cheer up, cheer up my own true love don’t weep so bitterly
She sobbed she sighed she choked she cried till she could not say goodbye
I won’t be gone for very long but for a month or two
And when I return again of course I’ll visit you
Our ship it was homeward bound from manys the foreign shore
Manys the foreign present unto my love I bore
I brought tortoises from Tenerife and ties from Timbuktu
A China rat, a Bengal cat and a Bombay cockatoo
Paid off I sought her dwelling on a street above the town
Where an ancient dame upon the line was hanging out her gown
Where is my love? she’s vanished sir about six months ago
With a smart young man who drives the van for Chaplin Son & Co.
Here’s a health to dreams of married life to soap suds and blue
Heart’s true love, patent starch and washing soda too
Ill go into some foreign shore no longer can I stay
With some China Hottentot I’ll throw my life away
My love she was no foolish girl her age it was two score
My love she was no spinster she’d been married twice before
I cannot say it was her wealth that stole my heart away
She was a washer in the laundry for one and nine a day
https://www.youtube.com/watch?v=tE0wa7NjwxU
Apple's magical quality engineering strikes again: You may want to hold off that macOS High Sierra update...
Sunday 22nd April 2018 06:14 GMT
Re: You re-installed Windows 4 times before realising...
In the good old days one could perform an FDISK and Format which pretty well guaranteed vanquishing any [software] demons in there. Nowadays with UEFI etc. I can well understand starting with toe-dipping, moving on to walking on hot coals only if absolutely necessary.
Facebook privacy audit by auditors finds everything is awesome!
Government demands for people's personal info from Microsoft reach all-time low
Windows Admin Center: Vulture gets claws on browser-based server admin
Tuesday 17th April 2018 20:56 GMT
Re: is some features it's using will be desupported and removed
I've had a spate of instances recently where people are unable to login to their [Microsoft hosted] data. Reason being is that MS changed their minimum password requirements without informing the customer ahead of the change. Whatever happened to the checkbox "Enforce password change at next login"? Nope, these situations involve going right through the entire gnashing of teeth process of "tell us examples of email addresses in your address book", "think of subjects that you've written to others about", "previous passwords", "date of birth", etc etc.
The great saviour in many cases is the fact that you've also got a device logged into the same account where you can read off some of those answers, but FFS don't logout of that device otherwise you may need to really remember these things.
Typical example of not thinking things through from concept to roll-out.
Monday 16th April 2018 19:40 GMT
Re: browser-based administration is a logical step
IMHO The World should be going in the Opposite Direction. Just reading the latest US-CERT email which includes strings to watch out for in network traffic, it strikes me that the problem we're up against with browser traffic (where unencrypted) is that there are so many variations on what could be typed in in order for a hacker to circumvent packet matching.
There should be a facility baked into browsers which forbids the translation of strings which may arrive in upper case, lower case, hex strings, ascii cardinals, etc., etc. and in any permutation thereof. Until that is enforced on all browsers surely it is far safer to have the conventional coded style of control panel interface (CLI) which only accepts exactly the strings typed in, defeating spoofing and injection attacks, and as an easy way to control the size of buffer used to hold the typed-in content (no buffer overflows).
Go away, kid, you bother me: Apple, Google, Microsoft, Mozilla kick W3C nerds to the curb
Router ravaging, crippling code, and why not to p*ss off IT staff
The first rule of maths class: Don't start a fight club
Using Outlook? You should probably do some patching
Friday 13th April 2018 18:26 GMT
Re: INSECURE BY DESIGN
I veered from mild positivism to major negativism of Outlook when I found out about the 2Gb mailbox limit in old versions. Not the limit itself, but the way that Outlook allowed you to go over the limit and then announce that your mailbox needed the "inbox repair tool" to be able to function again. This is sloppy programming in not dealing with a boundary condition ahead of its manifestation. The fact that MS gave you a tool to "cure" the corruption rather than prevent it in the first place says a lot. And don't get me started on winmail.dat.
eBay has locked me into undeletable Catch-22 trap, complains biz bod
El Reg needs you – to help build an automated beer-transporting robot
Europe dumps 300,000 UK-owned .EU domains into the Brexit bin
Monday 2nd April 2018 20:20 GMT
Vacated EU Domains
Let's say I have a popular domain called for the sake of discussion blockchain.eu which I will be forced to rescind if I cannot prove entitlement to it.
What rights do I have if some entity that does have entitlement to register comes along and does precisely that when my entitlement lapses?
(I see that I've picked at random a parked domain being offered at $$$. If the current owner is not resident in the future eu region they will need to dispose of it pretty sharpish).
Biting the hand that feeds IT
