* Posts by EnviableOne

1249 posts • joined 28 Jan 2016


Details of Beijing's new Hong Kong security law signal end to more than two decades of autonomy

EnviableOne Silver badge

other subjects "not fit for open trial"

ok so anything the party says so ....

If i was a BN(O) i'd be on the next transport option to UK

EnviableOne Silver badge

Re: Sanctions

hmmm. .. dont ask the company trying to sell it to you.

Apple products are proudly emblazoned "Assembeled in the USA" when under the hood, the screens are from vietnam, most of the electronics in china

EnviableOne Silver badge

Re: leave the country

They will continue to have British National (Overseas) status and have 5 years leave to remain.

After 5 years, with the status of British National (Overseas), literally all you have to do is prove that you lived in uk for 5 years and had BN(O) status, then you pay £1220 and get to be a British National (without the brackets)

EnviableOne Silver badge

Re: Terrorism Act 2006

If they did, then we wouldn't hear about it, or from them again ....

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

EnviableOne Silver badge

Re: Will this be a problem for embedded device certs?

a "here be dragons warning" and a little "click here" if this is ok and "are you sure?" should be enough faffing around to stop the casual user going there, or allow a one time lifetime exception

India bans 59 apps it says have privacy, national security problems. In a massive coincidence, they’re all Chinese

EnviableOne Silver badge

mother (nature) will be pleased

the two most populous nations going head to head, no weapons involved, is a great way to decrease the worlds population.

When one open-source package riddled with vulns pulls in dozens of others, what's a dev to do?

EnviableOne Silver badge


so basically

OWASP 2010 = OWASP 2020

coders can't program, but still convince themselves this scripting is proper programming, and libraries full of uselless code that sticks even more attack surface on your project are still a good idea. I'm all for not re-inventing th wheel, but use the wheel, not the whole cart

Huawei wins approval to plonk £1bn optical comms R&D facility in UK's leafy Cambridgeshire

EnviableOne Silver badge

Re: Given the reality shone on China recently...

Your provision of cheap fast broadband.

You know that cabinet down the road with the "Super Fast Fibre Enabled Here" sticker on it, well theres some lovley bits of Huawei kit in it that convert the signal from that copper/Alu to your house to the lovely electro-optical fibre, that goes back to the exchange, Tripling that broadband speed.

the more research they do in the UK, the more likley we have our own industry built around it, supplying better and faster kit to the core of our networks, allowing better quality, faster, Netflix, Amazon Prime, Hulu, Disney+, AppleTV, BritBox or whatever, and lightm=ning fast download speeds with no lag....

Brit police's use of facial-recognition tech is lawful, no need to question us, cops' lawyer tells Court of Appeal

EnviableOne Silver badge

Re: Keep a straight face.

the two are distinct.

CCTV concentrates on the WHAT

by adding AFR you move from the WHAT to the WHO

if your doing nothing wrong, the what is not a problem

once the WHO and WHat combine you have a privacy issue

Dems take a crack at banning Feds from using facial-recog tech. Congress will put it on todo list after 'learn Klingon'

EnviableOne Silver badge

Re: Regarding Farcical Recognition Systems

intresting suggestion, supposing we further restrict the deployment of this white male only identification technology to houses of ill repute and public houses, so we can identify who is frequenting these facilities ....

EnviableOne Silver badge

Re: Im not in the data set..

This is US Law Enforcement you are talking about, OFC theyhave access to the DMV.

Thats where the quoted father's picture matched from

Capita capital capitulates to COVID-19 coronavirus: Pandemic blamed as top line sags 10%

EnviableOne Silver badge

blame Covid

While the rest of the outsources have fed off the fatted calf of the johnson government, Crapita has continued its decline.

The business is shot, a turn arround is not possible, unless they sell everything and become and investment fund.

Wanted – DRAM or alive: US Feds bag arrest warrants for three Taiwanese accused of stealing Micron's mem secrets

EnviableOne Silver badge

Initiative to Combat Chinese Economic Espionage

Why isnt the "to" an "in" thn it could be (ICE)2

Talk about the fox guarding the hen house. Comcast to handle DNS-over-HTTPS for Firefox-using subscribers

EnviableOne Silver badge


with DoH only you and Comcast (and whoever they flog the information to) know the content of your request, with plain old DNS anyone can see whats in the request anywhere between you and comcast

This is the difference, its slight, but better ...

DoT would also serve this purpose and allow DNS traffic to be treated diffently

But as said before DoT or DoH is only one part of securing DNS, you still need to sort the other bits to make the whole lot worth while.

Carbon-based vuln hunters will always be better at infosec than AI, insist puny humans

EnviableOne Silver badge

Re: Vive la difference

but a proper adaptive AI would be able to do this.

This is just rage against the machine

I am sure you'd have heard the same from weavers when mills first started....

After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors

EnviableOne Silver badge

Re: OpenPGP

the problem is the ones they are using as an excuse to enforce the law are the ones who will scale the fence, and escape.

still the whole thing is like the Uk DRIPA, RIPA and DEA, an assault on one of the UN's core treaties: Universal Declaration of Human Rights:

Article 12 fits this, but others apply

EnviableOne Silver badge

5$ wrench does not work

the Encryption key is covered under the 5th Amendment

Detroit cops cuffed, threw a dad misidentified by facial recognition in jail. Now the ACLU's demanding action

EnviableOne Silver badge

Not an AI issue

the issue isnt the software, or the "computer," it can only work on the data it has, the problem is the training datasets and posibly the programmers.

If the training database was more representative and the model assumtions tested for bias, Facial recognition would be a lot better.

None shall pass: Yet another layer to protect hapless users, employers from dodgy docs added to Microsoft 365

EnviableOne Silver badge

yet more pies Defender has its grubby little fingers in

The state of OpenPGP key servers: Kristian, can you renew my certificate? A month later: Kristian? Ten days later: Too late, it’s expired

EnviableOne Silver badge

Re: Abdul Abulbul Amir

its been a long day, now draining tea from my keyboard....

EnviableOne Silver badge

my favourite metric in BC/DR is the Bus Factor

"The number of people that need to be run over before X stops working"

its amazing how many systems/services where that number is 1

Ex-barrister reckons he has a privacy-preserving solution to Britain's smut ban plans

EnviableOne Silver badge

if anything, it could actually be causing a considerable effect, looking at more digitally forward nations


EnviableOne Silver badge

Re: Mind of a teenager

trust me any 14yr old boy doesnt come accross this "By Accident"

EnviableOne Silver badge

Re: This could actually make $$$

but the BBFC dont have the time to classify every video on the tinterwebs

or the FCC ....

EnviableOne Silver badge

Re: What could possibly go wrong?

My local are expecting a long list of famous names, associated with not so famous faces

Facebook accused of trying to bypass GDPR, slurp domain owners' personal Whois info via an obscure process

EnviableOne Silver badge

Re: Keep WHOIS public

CCPA - California Consumer Privacy Act

Your move

EnviableOne Silver badge

That would be the lovely phrase "Undertaking"

It has already been proved by (Google Spain v AEPD and Mario Costeja González) that this would mean Alphabet in the case of an subsidury.

So the GDPR supposedly has a big stick, if the Lead Authority is any use, unfortunatley, most of the big outfits have their for europe in Ireland and the Irish data Protection Office is about as usefull as a $notUsefulThing

EnviableOne Silver badge

Re: I'm going to sue....

anyone got xn--fb-5eb95lyaa86a0r.com yet?

Wired: China's Beidou satnav system, 35th bird in orbit. Tired: America's GPS. Expired: Britain's dreams of its own

EnviableOne Silver badge

Re: OT competing organizations, bureaucracy, and lack of accountability

Acountability is an issue, but ESA is full of them, its leadership is fighting with itself, and its not a particularly well functioning organisation.

The Chinese and Russian Systems have probably suffered with less issues due to the Single nation state involved and the more authoritarian structures from the top down, along with the National Spotlight and Political will to get the systems operational

IR35 tax reforms for UK freelancers glide through committee stage: D-Day set for 6 April 2021

EnviableOne Silver badge

Fix the lot

Abandon IR35 and corporation tax, treat limited companies as persons, as they are defined by law.

Then everyone pays the same tax.

Companies or legal persons pay the same, Natural persons do.

this also fixes the Amazon and Google issue, if you have income in the state it is taxed, not taking into account all the loophole licencing agreements ....

Hey NYPD, when you're done tear-gassing and running over protesters, can you tell us about your spy gear?

EnviableOne Silver badge

Re: Liar, she hit a traffic light

the link does not refer to any use of mounted units and deploying armed soldiers, is not the same as ordering them to fire, at least its better than a cavalry charge e.g. Peterloo Massacre

which lead to the Great reform Act, and subsequent acts of franchisement.

The police use of mounted officers has been ongoing for 200 years at various levels, the horses are well trained to work in the environment of a crowd and incidents of bolting are rare to non-existant.

They provide great value to the crowd and the police involved, allowing a better view of the crowd, and for officeres to be seen, also allowing them to react and move through/with the crowds, for a more independant and detailed study of the benefits see:


Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode

EnviableOne Silver badge

Ubiquity is an issue

the devices that Treck's stack is in is a vast list that has some things that can't be updated quickly and have possibly scary consequences

one of the confirmed vulnerable devices is a medical Infusion pump they take 10 years to approve updates...

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher

EnviableOne Silver badge

the lets encrypt root shouldnt be an issue as their certs are just 90 days and they are already issued by a root safe till 04 June 2035

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

EnviableOne Silver badge

Re: Leet Hackers Corp

FTFY: 4r/\/\Y 1337 h4x0r5 ; DROP TABLE exploits

'Direct from the software vendor': UK.gov goes window-shopping for standard ERP in £400m spree

EnviableOne Silver badge

who gets this one

Crapita, Sopra, Interserv, DXC, G4S, .......

answers on a postcard,

icon cause someone's going to rip them off

It could be 'five to ten years' before the world finally drags itself away from IPv4

EnviableOne Silver badge

Re: That's pretty much all it does

if you had Ipv8 with a 48bit address, with NAT and dual stack at each organisation boundary, there are very few orgs that use more than an IPv4 /8 internally, and they can switch to v8 internally.

Address exhaustion was not the issue v6 was supposed to solve, it was the lack of AS numbers, v4 hardware and base BGP only supports 16-bit AS numbers which we ran out of in about 2015, wheras to support 32-bit AS numbers you need bigger buffers and registers, that then IPv6 was invented for.

the v6 address space is excessive, it has 7 addresses for every atom in every human on the planet

NATdoes provide security in so far as the machines behind it are not directly addressable from outside, and configured correctly, people only have access to specific services on specific devices

Big Tech trade association warns Uncle Sam against knee-jerk national security measures that harm industry

EnviableOne Silver badge

Re: cooperation with "like-minded economies"

Some people have lost the difference between fact and opinion.

Trump's America may not be as bad as Xi's China, but its still a long way from being Liberal and Democratic

EnviableOne Silver badge

Re: use Qwant

Its not going to be Jared, it'll be Ivanka.

and then the love child of cheeto and ice queen

Germany to fund development of edge CPUs as part of 'tech you can trust' plan to home-brew more kit

EnviableOne Silver badge

the UK is great at ideas, it just sells them to the highest bidder:











UK spending watchdog blasts £792m STEM school scheme over low student numbers, deficits, education quality

EnviableOne Silver badge

At least it wasnt RM

their contracts were a licence to print money (or eat you budget)

and the machines were under powered and over complicated.

EnviableOne Silver badge

Re: Quasi Private Education

Just look at the problems Covid-19 has pointed out in the NHS Trust system .....

Huawei launches UK charm offensive: We've provided 2G, 3G and 4G for 20 years, and you're worried about 5G?

EnviableOne Silver badge

Re: Code quality

yeah but the CPUs and chipsets generally come from US or related companies, although the actions of Cheeto in Chief have lead them to accelerate their in house design efforts

HCSEC have a good handle on their code base and their reports come down to, we cant tell whether the vulnerabilities are there intentionally, or because of shoddy/inconsistant coding, but they are no worse than anyone else.

Because things aren't bad enough already: COVID-19 is going to mess up election security assumptions too

EnviableOne Silver badge

Election workers are vulnerable if they dont use security

NSS - like we needed a report to say this.

The solution to election security is paper ballots, either in person or by mail.

to even atempt to rig an election done this way, is too complex and resource intensive, even for one precinct let alone one district

Singapore to distribute wearable contact-tracing device and won't rule out making it compulsory

EnviableOne Silver badge

Re: Bluetooth contact tracing

they log the RX signal levels, and the device make/model, which based on their collected baselines of TX levels, can semi-accuratley work out relative distance, between people and work out how close close is.

The FETT seeks to defeat SSITH defenses as US military goes hard on bug bounties and its Star Wars issues

EnviableOne Silver badge


so cloud vs on prem

Light vs dark

Home Office waves a cool £1bn to outsource handling of British visa, citizenship applications

EnviableOne Silver badge

Obligatory Hanlon's razor reference

EnviableOne Silver badge

Re: Keeps at it ...

GPO was in the process of gearing up to roll out full fibre before it was privatised, then they sold of the fabs to boost dividends

British Rail ran a comparable service to most operators, and considerably better than southern or northern, at a considerably lower cost, and were working on new technology to revolutionise rail travel.

public utilities worked and costs were ok, and service is provided by the OTT providers.

IMHO, infrastructure tshould be nationalised, services should be pulic.

This is just going to be another woeful public service provided at lowest cost by the lowest paid for more than it would cost to run in house.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds

EnviableOne Silver badge

Re: Disappointed

TBF there was a godsake, but its far from his famous expletive led tirades at anyone sayiung but security...

Building society caught in middle of high street sharing a little too much on TeamViewer

EnviableOne Silver badge

Teamviewer? Reallly?

I dont let this walking security hole anywhere i can help it, it and its stable mate Goto assist, and if i do, tie down what anyone using it can access, generally loging it in with the minimum rights i can get away with.

Black horse down: UK banking giant Lloyds suffers an online wobble

EnviableOne Silver badge

they all have issues, some just have more than others.

HSBC and Barclays have generally been ok, Yorkshire/Clydesdale group (now Virgin Money) are mostly ok, the online challengers are PDG seing as they only have an online/app presence.

on the other end of the scale avoid RBS group like the plague, and Lloyds/HBOS arent far behind.



Biting the hand that feeds IT © 1998–2020