* Posts by Hawkeye Pierce

112 publicly visible posts • joined 30 Jun 2015

Page:

Guess the most common password. Hint: We just told you

Hawkeye Pierce

@Iglethal

Brute forcing is most certainly an issue in either of your two solutions. As others have said, if you're locking the account, you've introduced an avenue for a denial of service attack and run the risk of losing all your users because they can't log in. If you do it on a backing-off approach (your second solution) then all I need to do is to cycle through my 000's of potential usernames and by the time I get back to the first, I've spent 5 seconds.

If you take into account the IP address before blocking/locking, you're not defending against botnets.

If you don't use (or enforce) long complex passwords, you're open to cracking. Salting passwords is no great defence if you suffer a breach and enough people have short passwords.

So yes, use of extra long complex passwords does indeed massively improve security. I can pretty much guarantee that my 30-char password is safe providing that the site implements what should be consider basic security even in the event of their database getting breached. I could not say the same to any degree of certainty if my password was say 8 characters no matter how complex it was.

Too bad, contractors: UK government reverses decision to axe IR35 tax reform

Hawkeye Pierce

Re: This should make people happy

>> "The coalition... an increase in spending"

Factually incorrect. Spending by the UK Government fell every year from 2010/11 until 2013/14 even before adjusting for inflation.

Florida asks Supreme Court if it's OK to ban content moderation it doesn't like

Hawkeye Pierce

Re: You can either have Free Speech

>> "... conflating natural human beings... with business... corporations are... not natural persons"

In law - on both sides of the pond - a corporation/company is indeed a legal person and as such is far from "a legal fiction". Which makes perfect sense given that people and companies can both be libelled/defamed, sued, sign contracts, etc.

Appeals court already under fire for upholding Texas no-content-moderation law

Hawkeye Pierce

Re: Here we go...

Completely agree with the above. Furthermore, I'd point out the ludicrous statement from the ruling that "... the platforms argue... a corporation's unenumerated right to muzzle speech."

As you point out the First Amendment does indeed prevent a Government from muzzling an individual. But a corporation (platform) removing comment from an individual in no way "muzles" speech - said individual is perfectly entitled to take their comment and post, or speak, or otherwise publish that anywhere else they want (that will allow them).

While I accept that a major platform banning comment does remove a large proportion of the potential audience, it is ridiculous to equate that to being muzzled.

Microsoft: The deadline to get off Basic Auth is approaching

Hawkeye Pierce

Re: So does this mean Everyone now has to use 2FA?

No it doesn't mean you have to use 2FA.

Basic Auth is basically (pun intended) sending the username & password with every request.

Alternatives to Basic Auth would include schemes such as OAuth whereby a tme-limited token is used once the username & password have been authenticated.

Nuclear power is the climate superhero too nervous to wear its cape

Hawkeye Pierce

Re: Deaths are not the only metric

Rubbish that we don't import Russian gas.

In 2021, 4% of the gas used in the UK was from Russia. And for the record, around 10% of the oil used was from Russia along with over 25% of the coal used.

Elon Musk sells Tesla shares worth $6.9b as Twitter lawsuit looms

Hawkeye Pierce

Re: Musk's sofa

I disagree about the possible cost of an agreed settlement.

As of today, Twitter has a capitalisation of circa $33B. Musk offered $44B.

Simplistically (very simplistically), if Musk handed over $11B to Twitter, the share price would rise to the level giving a capitalisation of what he valued the company at. Any investors then have the opportunity to sell at the price he offered and consequently there would be no case for a shareholder lawsuit.

Of course, markets don't work in such precise definable ways, so it may well take more than $11B. But I'd expect something between $11B-$20B to suffice.

Not exactly small change even for Musk (although I image the cost to his ego in settling would hurt him more), but significantly cheaper than $44B.

Twilio customer data exposed after its staffers got phished

Hawkeye Pierce

Re: Sure

Except as has been proven many times over, humans are **REALLY** bad at a) looking at the URL and b) determining whether it is valid.

From mobile browsers hiding the URL, to non-Western characters in the domain to make it look right, to variations on the domain name (twilio-support.com, login-twilio.com, etc.), anyone, whether company or user, relying on reading the URL for their security is going to hit trouble.

See https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ for a good write-up with examples.

Google's ChromeOS Flex turned my old MacBook into new frustrations

Hawkeye Pierce

Err no they are not. PWAs are not SSBs and vice versa.

GitLab versus The Zombie Repos: An old plot needs a new twist

Hawkeye Pierce

Define "disastrous".

If "large numbers of other code" was making regular use, one would certainly hope that those responsible for that other code had measures in place to guard against exactly this potential scenario. Or the scenario that the original author takes down their own repository. Or various other scenarios.

Because if they don't take those measures then all bets are off and frankly GitLab is only one of a number of problems you now have,

After config error takes down Rogers, it promises to spend billions on reliability

Hawkeye Pierce

Now going to do what they should have done all along?

Is it just me or are they basically saying they are going to spend C$10B on what one might reasonably have expected them to have in place all along?

Russian ChessBot breaks child opponent's finger

Hawkeye Pierce

Questionable Explanation

I find it hard to believe - or understand - the official explanation. The robot had just made its move and the human (child) supposedly played too quickly? What possible reason is there for the robot to grab the human's finger? Having made its move, it simply needed to retract its arm and wait to recognise the human having made their move. If anything, the human playing too quickly might conceivably make the robot not realise the human's move had been made, but certainly not to go all out into vindictive mode.

Be worried.... very worried...

Sage accused of strong-arming customers into subscriptions

Hawkeye Pierce

Re: I don't get it

These versions of Sage perform an online licence check every few days. That code doesn't (currently) support TLS 1.2 and Sage are shutting down their licence check server which supports TLS 1.0/1.1. Hence Sage won't keep running because it's got nothing to talk to to confirm the licence validity.

Whilst no-one should expect support indefinitely for a "perpetual" licence, equally no-one should expect a vendor to be able to "remotely" kill-off such a perpetual licence. It's one thing for software to not work on a new O/S, but all other things being equal, you'd expect that software to keep working on the same environment.

I can appreciate that Sage might not want to patch the software to support TLS 1.2 - that can be tricky. But patching the code to disable the licence check completely (or to ignore any failed attempt to validate the licence) should be pretty trivial to do. Sure you run the risk of the software now being pirated, but we're talking about accounting software here...

Airbus flies new passenger airplane aimed at 'long, thin' routes

Hawkeye Pierce

Low bar?

From the article:

>> That the plane returned safely suggests those tests went tolerably well,

That's a pretty low bar if your assessment of a plane returning safely is that it went "tolerably well" !!

Tough news for Apple as EU makes USB-C common charging port for most electronic devices

Hawkeye Pierce

Re: Remember how well it worked last time...back in 2009.

What a ridiculous statement.

No-one is saying, or expecting, that every electronic device will have a USB C connector from when this legislation kicks in until the end of time.

Right now, there's a very good case to be made for standardising. Right now, there's a very good case to be made for selecting USB C as that standard.

If - in five years time - there's something better that could be used, the EU would be quite justified in saying that from a subsequent point in time, devices should now use that as a standard.

The fact that all those USB C adaptors are now redundant is a) false - as they'll only redundant once the device they are used for are redundant and b) a far better position than not having any standard at all and everyone using a multitude of different adaptors.

Securing open-source code isn't going to be cheap

Hawkeye Pierce

Re: It's not an open source problem - you forgot only

I have to strongly disagree with your opening statement.

Just about any form of security hampers usability almost by definition. Security is something that gets in your way of doing something by making you prove who you are before letting you do that thing.

As such every there is ALWAYS a trade-off between security and usability and as such there is no one level of security that is appropriate for everything. It depends on your analysis of the risks and the level of inconvenience/security you deem appropriate.

Logging in to The Register to post a message could be made more secure by implementing 2FA for example. But there's a usability trade-off there is to whether that is appropriate.

UK pins hopes on 'latest technology' to whittle down massive National Health Service waiting lists

Hawkeye Pierce

Re: What could possibly go wrong?

I think I know where you got those numbers from, but if I'm correct, then you seriously need to review the countries you believe are in the EU! There's a lot more than "5k or fewer for other EU nationals" including 5K Spanish, 5K Romanian, 3K Greek for starters.

Amounts to around 5.4% of the total NHS staff but a greater proportion of medical staff - 8.7% of doctors.

And that's as of March 2021 by when many EU NHS workers had left. Wouldn't have said that was insignificant.

See https://commonslibrary.parliament.uk/research-briefings/cbp-7783/

Crypto outfit Qubit appeals to the honour of thieves who lifted $80M of its digi-dollars

Hawkeye Pierce

Re: As someone who understand blockchain ...

What a ridiculous statement. Given that the majority of the "all-time high prices" have happened in the last two or so years, your arbitrary timeframe of having held bitcoin for four years nicely - for you - eliminates all those who bought at those prices in the last two years from your consideration.

Come back in two years time and let's see what's happened then. Not saying you wont still be right, but show me any single share price chart and I can find an arbitrary but retrospectively-looking statement of how you couldn't fail to have lost money - if only along the lines of "buy in [insert-random-month-here] and sell in [insert-other-random-month-here]".

Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out

Hawkeye Pierce

Re: Defective?

Intel are being sued NOT because there was a problem ("bug", "exploit", call it what you will).

They are being sued because - allegedly - they knew there was a problem and failed to properly disclose it thus misleading various categories of people (consumers and shareholders principally).If that is true - and if they do not have a valid defence - then it's absolutely right for them to get sued. That's what the legal system is there for.

'95% original' film star Spitfire could be yours for a mere £4.5m (or 0.05 Pogbas)

Hawkeye Pierce

Re: One of the best 5 minutes of my life

As the saying goes, you don't get in a Spitfire, you strap it on!

Arm rages against the insecure chip machine with new Morello architecture

Hawkeye Pierce

+1 for the Title

... not sure how many will get it though...

Canon: Chip supplies are so bad that our ink cartridges will look as though they're fakes

Hawkeye Pierce
Thumb Down

No Driver Update?

I suppose a driver update with an option to permanently disable such warnings - regardless of whether it's a genuine but un-chipped Canon cartridge or a 3rd party compatible one - is out of the question?

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

Hawkeye Pierce
Coat

Turning it off

I think I'd be looking to "turn it off" with a hammer...

UK National Crime Agency finds 225 million previously unexposed passwords

Hawkeye Pierce

Re: Not suprised

With respect, it's more probable (in terms of how the majority of accounts are taken over) that your friend had a weak password... where "weak" means a password that *someone* else has used before on *some* service and is now being used to brute force attack other services. Given that almost by definition your <my_name>@<my_isp>.com email address will be your logon name to <my_isp>'s webmail interface, a list of valid account names for <my_isp> is easily obtained and so you've got all you need, paired with a list of common/known passwords, to start a brute force attack.

Reg scribe spends week being watched by government Bluetooth wristband, emerges to more surveillance

Hawkeye Pierce

+1

Nicely written!

Apple beat Epic Games 9-1 in court. Now it's appealed the one point it lost

Hawkeye Pierce

Re: Prices are not driven by cost, but by peoples willingness to pay them

>> "There might be some short term price differentials whilst the market adjusts to what ever the true value of payment processing really is for an app store item"

And therein lies the problem... there is no market because Apple prevent alternatives. If Epic were allowed their way, yes they *might* decide that whatever the price they were charging through the App Store was what they'd charge outside - and they'd retain the 30% that Apple would have taken. But they'd also be free to charge the amount less the 30%. Competing App Stores might decide to charge less than 30%.

That's what a free-market economy says would happen and that's what we can know for sure because Apple doesn't allow it.

I make no view here as to the rights or wrongs of Apple... just saying that your comment about "Pricing does not work that way" only applies where you have a (relatively) open and free market.

Email billing blunder meant MVNO iD Mobile told 24,000 customers to pay up or have their service suspended

Hawkeye Pierce

Re: It really fucks me off

Came here to say more or less the same. Withouut using such colourful language, I would have some measure of respect for the first company that instead says:

"... for the inconvenience this has caused".

Using the words "any" and "might" basically says you don't believe it caused anyone any inconvenience but IF it did, then you're sorry.

It really would cost the company nothing to use the words "the" and "has" instead of those two words and it would come across at least as being a smidgeon more genuine.

GitHub merges 'useless garbage' says Linus Torvalds as new NTFS support added to Linux kernel 5.15

Hawkeye Pierce
Joke

Good to see I'm not the only one for whom Mornington Crescent immediately sprang to mind...

Cockfosters.

30 years of Linux: OS was successful because of how it was licensed, says Red Hat

Hawkeye Pierce

Re: Linux is not an OS

No. An OS may consist of nothing more than a kernel.

The earliest computers most certainly had an operating system. But they didn't have - by any contemporary meaning - a shell or a collection of system utilities.

The "operating" word in an OS refers to the operating *of the hardware". It does not mean the operating *by the user*. An OS is the software that operates the hardware.

After all, an embedded OS may well have no shell or "system utilities".

An OS may typically contain a kernel, a shell, and other applications/utilities. But to suggest that a kernel on it's own is not an OS is just factually - historically and currently - false.

Hawkeye Pierce

Re: Linux is not an OS

Cobblers!

My pet peeve is people talking about an OS when they don't actually mean the OS, they mean the applications running on the OS. Bash - for example - has nothing to with the OS. It's an application. I can run Bash on my Windows PC, but that doesn't make it Linux.

The OS is - or should be - the kernel, the internal nuts and bolts, with next-to-no (or even just 'no') "things that a user can run". Because things that a user can run can - practically by definition - be replaced with "other things a user can run" and if you replace one such thing with another, that would obviously *not* mean you're now running a different OS.

Magna Carta mayhem: Protesters lay siege to Edinburgh Castle, citing obscure Latin text that has never applied in Scotland

Hawkeye Pierce

Re: Sumption is wrong

As the well known historian Tony Hancock once said:

Does Magna Carta mean nothing to you? Did she die in vain?

Debian 11 formally debuts and hits the Bullseye

Hawkeye Pierce

Re: Benefits vs. features

It's hard to benefit from something that's not been provided, ergo a feature is there to be used should you wish, and in using it, you may benefit from it.

If you frequently get an urge for fresh Italian-derived cuisine while driving your new Tesla 4XXX, then the inclusion of a built-in pizza oven is indeed something you will benefit from. If you only use your Tesla 4XXX to pop down to the corner shop once a week, then you're not really going to benefit from the extended range.

Happy 'Freedom Day': Stats suggest many in England don't want it or think it's a terrible idea

Hawkeye Pierce

Re: Spoke with worried NHS staff

Worth reading this by an anonymous NHS respiratory consultant:

https://www.theguardian.com/world/2021/jul/19/i-work-in-an-nhs-covid-ward-and-i-feel-so-angry

To quote: "well over half of our Covid admissions have been vaccinated".

(S)He goes on to say that the people presenting are less unwell than previously... but they're still unwell enough to need to be in hospital! So yes, "go vaccines..." but it seems there is a significant proportion of people who think that vaccination==immunity let alone those who refuse to be vaccinated.

Hawkeye Pierce

Re: SNAFU

But there is next to no "economic and psychological harm" caused by making it mandatory to wear masks in certain places. In fact given how that's only likely to cause more people to either have Covid or to self-isolate, there's a case to be made that removing that requirement will actually cause more of both of those.

As to what the "right date" is, so why wasn't it last week? Cases weren't as bad then after all. The only change for the better is a relatively small uptick in the number of people being either single or double vacinated. Hmm, maybe schools finishing as well helps, to be fair. But at the moment, the situation is worsening day on day, and we have the fourth highest number of cases per head of population in the world. That doesn't sound to me like the ideal time to do away with factors which have a beneficial impact such as mask wearing,

I agree with a lot of your post, but removing the legal requirement to wear masks has absolutely nothing to do with economic reasons and everything to do with politics and popularity within a certain group of people.

Sing a song of Office, a pocketful of why: ARM64 version running in a Pi

Hawkeye Pierce

Re: You Guys Should be Songwriters

As far as I know (* meaning someone will be along and correct me shortly *), The Sun were first following Caledonian Thistle's dramatic 3-1 win against Celtic in 2000, leading to their backpage headline of "Super Caley go ballistic, Celtic are atrocious".

That said, fair play to El Reg for inventiveness for continuously getting appropriate wording to fit.

'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now

Hawkeye Pierce

Re: Get your tin foil hat on!

Complete agree with @Graham Cobb.

An individual's medical record pretty much uniquely identifies them. If the data set is rich it can be de-anonymised. If it's not rich, it's of limited use.

Sure you if you gave me a random record plucked from millions, would I be able to identify the person it related to? No. But if you gave me a set of records of 30-year old women giving birth to a boy in central London on 9th Feb 2021 and being discharged three days later, I would lay odds on being able to identify a certain royal princess (glossing over the fact that I doubt she'd appear in NHS records...).

Best of FRANDs: Judge allows Apple retrial following $506m patent infringement ruling

Hawkeye Pierce

I could be completely wrong but if Apple's lawyers thought they were going to win the original case without mentioning FRAND then it's not necessarily a bad strategy to hold that back and so if they did lose (as they did), they could plead for a retrial (or at least what they've now got).

MPs slam UK's £22bn Test and Trace programme for failing to provide evidence that it slows COVID pandemic

Hawkeye Pierce

Re: Online test registration

Self driving cars is (perhaps) the answer*. More succinctly:

https://xkcd.com/1897/

*Alledgedly

Chancellor launches £500m business software subsidy in the UK. What's 'approved' software then?

Hawkeye Pierce

Re: Would do better to abolish corporation tax

> So it raises very little money

Are you kidding? It raises around 10% of the total receipts to HMRC which is hardly "little money" in anyone's terms. And that will rise with the announcements in the week's Budget.

It's also completely incorrect to say "Foreign owned businesses just do not pay it". Foreign owned businesses have lots more opportunity to reduce their declared UK profit (and hence the corporation tax they pay) but many foreign owned businesses in the UK pay corporation tax. Also many British business pay zero or next to zero by the same schemes that help the likes of Starbucks - since you quote two coffee shops, try looking for Caffe Nero's tax payments (a British company). You might need a magnifying glass.

Seagate UK customer stung by VAT on replacement drive shipped via the Netherlands

Hawkeye Pierce

Re: scotland then

Errr.... London voted remain, second only to Scotland in terms of regions.

What's that, Lassie? Dogs show signs of self-awareness according to peer-reviewed academic study?

Hawkeye Pierce

As Mark Twain [*] said:

“The more I learn about people, the more I like my dog.”

[*] Quite possibly misattributed [**] given the number of quotes that are falsely attributed to him.

[**] "Don't believe everything you read on the Internet" as Abraham Lincoln once said.

Negative Trustpilot review of law firm Summerfield Browne cost aggrieved Briton £28k

Hawkeye Pierce

Re: One Star Review

Not having been in a McDonalds for years, so don't know if they still do this, but there used to be a customer service questionnaire on the back of the receipt that had a question "How accurate did we deliver your order". The options went something like "5 = Excellent, 4 = Good, 3 = OK, 2 = Poor, 1 = Very Poor".

Now if I order a burger and fries, the acceptable accuracy of my order is a burger and fries. I'm curious as to what would constitute "Good" instead of "Excellent" (or, come to that, "Good" and "Excellent" over "OK").

(Actually, now I come to remember it, they also pulled off the trick of it only having four possibly responses - not the five I said above. Was 4=Excellent, 3=Good, 2=OK, 1=Poor. Thus three out of the four options are neutral or better and thus human nature being what it is, you are naturally drawn to option 3 or above if you have a non-negative experience)

United States Congress stormed by violent followers of defeated president, Biden win confirmation halted

Hawkeye Pierce

Re: ...and where exactly do you live in the US?

If you seriously cannot see the differences between the 2018 protest and what happened yesterday then I'm practically speechless. In 2018 there was no storming of any building (they didn't enter). In 2018 nobody died. In 2018, the protestors were not being encouraged by the president. In 2018, no looting took place.

After ten years, the Google vs Oracle API copyright mega-battle finally hit the Supreme Court – and we listened in

Hawkeye Pierce

Re: almost certainly prevents me writing down the list of names myself and going from there

Hmmm, just as Oracle *COPIED* the AWS S3 API and claimed that because Amazon released an *SDK* under an open-source licence which __called__ the API, they were legally on safe ground on by reimplementing that exact API?

If Oracle win this, Amazon will release their lawyers on Oracle.

Financial Reporting Council slaps Autonomy auditor Deloitte with £15m fine over audit 'misconduct'

Hawkeye Pierce

@katrinab Re: Outside Auditors

Not true. They have to put the audit out to tender after 10 years but can reappoint the same audit firm until that firm has been in the role for 20 years.

Hawkeye Pierce

Re: Outside Auditors

Completely agree. The mere fact that Deloitte had been doing the audit for at least the five years that the senior partner had been working with them rings alarms bells.

I get that big firms have complicated structures and that there's a cost in chopping and changing auditors frequently. But it really should be mandatory to change auditors at least every three (?) years, as some small mitigation to avoid auditors becoming entrenched and working for the company - when they should technically be working for the shareholders.

Yes I know shareholders vote to employ the auditors at each AGM but it's pretty unarguable to state that the system isn't working.

Error-bnb: Techies scramble to fix Airbnb website bug that let strangers read each others' account messages

Hawkeye Pierce

Re: Funny how...

The thing is, for almost any website which has a significantly large and global number of users, the majority are NOT using the system at any point in time.

And so a problem which would affect ALL users will actually only be affecting a "small subset" - even if that happens to be 100% of all those actually using the system during the affected period!

Stock market blizzard: Snowflake set for £33bn IPO as valuation bubble keeps on expanding

Hawkeye Pierce

Re: No way Buffett is considering this

Er no it's not a false rumour.

He bought $250m of stock at $105/share so is currently sitting on a very nice profit if he were to immediately cash out...

... which I would certainly do given my humble assessment of the company being **way** over valued.

(But yes, it is an odd purchase for him in more ways than one).

Who cares what Apple's about to announce? It owes us a macOS x86 virtual appliance for non-Mac computers

Hawkeye Pierce

Cloud-based virtual machines

Personally I suspect that Apple won't get out of the mindset that macOS is what you get when you buy a Mac - they don't see themselves as a software company and the software they do produce is with one intention - to sell Apple hardware.

However... I'd be surprised if they hadn't considered offering up cloud-based virtual Macs, rentable perhaps even by the day. That way, they don't have to sell macOS as a standalone piece of software and they don't have to provide consumer support of the OS on virtual machines, and they do keep tight control over it (it only runs in their data centres). But it does provide a stopgap for when the ARM based Macs come out and people find they have some Intel-only based software they need and it would also be a godsend for developers of iOS and macOS software for whom even using cross-platform technologies are still more or less forced to use a Mac in a couple of places in the development lifecycle.

Help. The political process is corrupted, full of lies and state-sponsored deep fakes. Now Microsoft's to the rescue

Hawkeye Pierce

Seriously?

Are you telling me that having said that it adds "digital hashes and certificates" to content and that it provides a "high degree of accuracy" of authenticity, that not once could they shoehorn the work "blockchain" in there?

This is either fake news or standards at Microsoft's PR division are slipping.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER