* Posts by sitta_europea

524 posts • joined 29 May 2016

Page:

UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times

sitta_europea Silver badge

"I get 50+ spam a day in my gmail .. nothing will stop them"

"Really? Have you flagged them as spam to the Google Mothership? That worked for me ..."

I got so pissed off with spam from google that I automated the abuse reports.

Every one is reported to Abuseipdb, Spamcop and of course to Google themselves.

Makes no difference at all.

Eighteen from China tonight.

Of course I reject them anyway, after hanging onto the line for twenty-five minutes, but all the same they're obnoxious criminals.

The only other one that's as bad is outlook.

sitta_europea Silver badge

Re: Ah, Amex.

"I got statements/bills from BT for several years in the early '00s after I was no longer a customer of theirs (and didn't even have a connected land-line). An equally quality organisation, I'm sure my fellow commenteriat will agree."

Oh, yes.

They kept on sending me statements which showed that I was several hundred pounds in credit.

I sent a complaint and asked them to send the money instead, since I had closed the account.

Instead, they completely ignored the complaint and stopped sending the statements.

They kept the money.

Mammoth grab of GP patient data in the UK set to benefit private-sector market access as rules remain unchanged

sitta_europea Silver badge

If it will boost the coffers they'll try anything.

South Korea orders urgent review of energy infrastructure cybersecurity

sitta_europea Silver badge

"“In the wake of the disruption, it is necessary to thoroughly examine whether cybersecurity preparations and countermeasures for our energy-related infrastructure are properly in place,” the minister said..."

And it wasn't before?

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

sitta_europea Silver badge

Re: That's why C/C++ should be ditched

[quote]It may be fast, but it's got too much potential for memory bugs. That should be a class of errors we shouldn't be having to deal with these days.[/quote]

That would be like throwing out the baby with the bath-water.

It's almost trivially easy to cobble up a few functions which wrap, extend or replace the library versions and make memory accesses unconditionally safe.

What's needed isn't a new language, it's sensible developers who keep an eye on security -- and management which takes the issues seriously enough to understand them.

Regrettably both seem to be in short supply.

Stealthy Linux backdoor malware spotted after three years of minding your business

sitta_europea Silver badge

I'm always suspicious of anything that calls itself systemd.

Boffins stumble upon method to make silicon control lasers

sitta_europea Silver badge

Nobel Prize, surely?

Security vendor Proofpoint snapped up by private equity for $12.3bn but still in search of profit

sitta_europea Silver badge

[quote]

In 2018, it had its credentials dented somewhat when Mimecast research pointed out that its servers – along with Microsoft's – missed malware attachments, impersonation, and malicious links in 15,656 emails from a sample of 142 million.

[/quote]

Strange way to put it.

I can think of quite a few anti-virus vendors who would be more than happy to be able to claim a ninety-nine-point-nine-nine percent success rate.

Scam victims find same fraudulent ads lurking on Facebook and Google even after flagging them up

sitta_europea Silver badge

Re: Surprise, surprise

And the same applies to that other excrescence, gmail.

Google runs half the AI on the planet and it still can't spot an emailed banking scam, even when there are eighteen different indications of criminal intent in the message.

WordPress core contributor proposes treating Google FLoC as a security vulnerability

sitta_europea Silver badge

If even a Wordpress developer says something is a security risk, you'd better listen!

Bank of England ponders minting 'Britcoin' to sit alongside the Pound

sitta_europea Silver badge

Exactly. Somebody in government/BOE has lost the plot.

Watch this: Ingenuity – Earth's first aircraft to fly on another planet – take off on Mars

sitta_europea Silver badge

[quote]... Engine design (pulse jet): Victorian England children's toy and the reinvented in the US by GE circa 2013 [/quote]

Er, weren't the V1 flying bombs pulse jets?

On a dusty red planet almost 290 million km away... NASA's Ingenuity Mars Helicopter flies

This post has been deleted by a moderator

Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it

sitta_europea Silver badge

People don't get elected to our Parliament because they have brains.

They get elected because they've found a way to persuade enough people to vote for them.

They don't, in general, care how they do that, but for sure it doesn't involve telling everybody the unvarnished truth. That's the path to sound defeat in the polls.

And it really doesn't matter, except, perhaps, to me and the dozen or so other principled people on the planet. But in the Grand Scheme of These Things, we don't count at all.

NASA's Mars helicopter spins up its blades ahead of hoped-for 12 April hover

sitta_europea Silver badge

Re: Love it

<quote>This will be amazing if it works imagine being able to fly over Mars</quote>

"Right down the middle of the road!"

(I listened to that, as it happened. It just keeps getting better. :)

Pair accused of turning photos into vids to crack tax dept facial recognition system in China

sitta_europea Silver badge

Yeah, but have they been arrested?

Satellites, space debris may have already brightened night skies 10% globally – and it's going to get worse

sitta_europea Silver badge

"Here’s an extreme example of just how bright these objects can be. Last week, it appears one of SpaceX’s Falcon 9 rockets, which was launched on March 4 to put a bunch of Starlink birds into orbit, reentered our atmosphere over the west of the United States...."

That's not an extreme example. That's tosh. There are a lot more leteors than there are Musk orbitals.

Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package

sitta_europea Silver badge

Re: Not NPM again!

"Wasn't it NPM that also had a problem a year or two back?..."

Which one?

https://www.theregister.com/2020/07/03/lodash_library_npm_vulnerability/

https://www.theregister.com/2019/12/13/npm_path_traversal_bug/

https://www.theregister.com/2019/07/15/purescripts_npm_installer/

https://www.theregister.com/2019/06/07/komodo_npm_wallets/

sitta_europea Silver badge

Re: ancient history

"I got shouted down by Bind groupies in comp.risks for poiinting this stuff out in 1996..."

And apparently you've neither forgotten not forgiven. Do you know my wife?

Defence Industrial Strategy suggests the UK is ready to start taking its homegrown infosec industry seriously

sitta_europea Silver badge

And I can STILL buy this at Amazon:

.../Automatic-Maintainer-Intelligent-Motorcycles-Equipment/dp/B088HD9DZV

which makes me think that it's a complete waste of time talking to my MP, Paul Scully, Kwasi Kwarteng, the Office for Product Safety and Standards, the Department for Business, Energy and Industrial Strategy, and all the other government wonks whose cages I keep rattling about the rip-offs being perpetrated on an industrial scale on me and my country and which leave UK traders who genuinely want to Do It Right, and even those who just Obey The Rules, at an almost insurmountable competitive disadvantage.

"Ever Given" is right on the money.

sitta_europea Silver badge

Re: This is the page I got when I just searched for TechUK

Yep, still a 404. - 10:09, 29 March 2021

Chairman, CEO of Nominet ousted as member rebellion drives .uk registry back to non-commercial roots

sitta_europea Silver badge

"Once upon a time the UK had ... member-owned building societies ... Then the financial whizz kids moved in to make a fast buck ..."

Then they get onto the Internet, fire a lot of people, and employ experts in IT:

marc.info/?t=161539079600004&r=1&w=2

sitta_europea Silver badge

At long fucking last.

Guilty: Sister and brother who over-ordered hundreds of MacBooks for university and sold the kit for millions

sitta_europea Silver badge

"Somebody never heard of asset registers."

Implausible.

More plausible is that whoever was maintaining the asset register was getting a kickback.

Founders of medical science upstart uBiome once likened to Theranos now indicted for, you guessed it, fraud

sitta_europea Silver badge

Re: SmartGut

[quote]

It took some time though, 7 years from startup to "gone like the wind" ...

[/quote]

That's not long at all. For [B]much[/B] longer than that I've been trying to get the UK government to stop dangerous (especially Chinese) electrical goods which often carry forged regulatory approval markings being sold online (nowadays, often by Amazon).

Search Amazon for dp/B08F2JV1QW to see what an illegal 13A plug looks like. There's no fuse in this kind of plug. That can be very unfortunate for 13A-capable equipment when it's plugged into the 30A-capable British ring main, which is the reason for the requirement for a fuse in the plug.

OVH writes off another data centre – SBG1 – and reveals new smoking battery incident

sitta_europea Silver badge

Re: What my first Electrical Engineering Prof taught us.....

"... OVH are specialists in running spam farms ..."

Correct. I block *everything* from OVH servers at the firewalls.

Big problem: Nominet members won't know how many votes they're casting in decision to oust CEO, chair

sitta_europea Silver badge

Nothing that the board of nominuts do would surprise me, short of them being honestly even-handed and acting in the public interest.

sitta_europea Silver badge

[quote]

I could swear that when I looked the other week there was a link to that in the Governance section of the website, but I can't find it now. (Hmm.)

[/quote]

Check the wayback machine?

What could possibly go wrong? Sublet your home broadband to strangers who totally won't commit crimes

sitta_europea Silver badge

Re: Sounds great...

[quote]

Most residential ISP address ranges are blocked by SMTP servers.

[/quote]

Apart from anything with a dynamic IP, my servers also block Microsoft, Google, OVH, Linode, AWS, several hundred lesser purveyors of cr@p, everybody in Africa, China, India, Myanmar, Pakistan, Eastern Europe and the Middle East in their entireties, South America, Syria, Thailand, Viet Nam plus a hundred other countries, any IP/host/domain on any of a dozen DNS- and RHS-BLs, plus ...

The odds are that the subject of this article this is *already* on the long list of reasons for those blocks.

Sometimes I think it would be easier to skip blocklisting altogether and just list the couple of dozen IPs from which we'll actually accept connections.

Brit college forced to shift all teaching online for a week while it picks up the pieces from ransomware attack

sitta_europea Silver badge

I'd hang them.

PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped dampen 100+ Microsoft vulns last year – report

sitta_europea Silver badge

"Why would anyone, or any organization, allow a user to browse the internet with administrative privileges?"

"Because I have to have Administrator rights because I'm a director of the company!"

Worked for this company for 15 years - until it went bust. Never did manage to explain why this was such bollocks.

Biden administration reveals probe into government security has found holes, wants more private sector collaboration as the cure

sitta_europea Silver badge

Quote:

"We’re in week three of a four-week remediation across the federal government," the speaker said. "The compromised agencies all were tasked to do a particular set of activities and then were tasked to have an independent review of their work to ensure that we felt confident the adversary had been eradicated."

Clarity of thought is essential to this effort.

This is clearly not it.

The adversary will never be eradicated.

Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention

sitta_europea Silver badge

Re: Precision timer?

Naïve.

The obvious reason for anybody on the Web doing anything that you don't understand is to make money. In this as in most other cases, I don't know how (and I don't care - I'm one of the few with scripting blocked for almost everything).

OVH data centre destroyed by fire in Strasbourg – all services unavailable

sitta_europea Silver badge

If all the other OVH facilities burn down, I'll be very glad.

European Banking Authority restores email service in wake of Microsoft Exchange hack

sitta_europea Silver badge

People still use Exchange?

Copper broadband phaseout will leave UK customers with higher bills and less choice, says comparison site

sitta_europea Silver badge

"So long BT. You will not be missed."

Couldn't have said it better myself.

Ditched BT when they kept putting the price up. Eventually, after thirty years with them, they wanted to charge me over £400 for my service. Finally I snapped and told them (and here I paraphrase) to go forth and multiply.

They rang me, then, for the first time I can remember in thirty years, to offer me the service for £72.

I told them it was too late because I'd got a better service from a competitor for £20.

That was all about three years ago.

They sent me a credit note for about £150 every quarter.

I asked them to send me the money.

They didn't, so I raised a complaint.

They still didn't send the money, but now they've stopped sending the credit notes.

BT will fleece you if you let them.

I hope they dry up and blow away.

'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security

sitta_europea Silver badge

While finding and fixing kernel faults is probably never going to be easy, building the Linux kernel should be trivial for an organization like Google, I don't see that that's something to make a fuss about. You can just make your own package.

For customers who use the old Intel NUC devices I have to build the kernels, because otherwise the system runs about three orders of magnitude slower than it does with a custom kernel because of all the SPECTRE and other mitigations.

You just have to set yourself up with a kernel config file (admittedly that can take a while, the first time) then hit the button.

sitta_europea Silver badge

I've never really understood the insistence on using unsafe memory access functions in C.

I suppose it's easy if you're lazy and don't care too much about code being robust, but it's certainly not necessary.

Three decades ago I engineered out all possibility of buffer overflows in my C code by creating a few library functions.

It's not exactly trivial, as you might expect a multi-user application that runs on DOS not to be, but it's been working fine for 30 years and counting.

Seagate UK customer stung by VAT on replacement drive shipped via the Netherlands

sitta_europea Silver badge

We used to buy Seagate drives, but sending them all back under warranty quickly became very tedious.

So we tried HGST instead, and we've NEVER had to send one back.

Of course the last one we bought was just before WD announced that they were going to buy HGST...

With luck we'll be buying solid state storage exclusively in future.

NASA sends nuclear tank 293 million miles to Mars, misses landing spot by just five metres. Now watch its video

sitta_europea Silver badge

Re: Mars probe success rate

Lots of rocks that are now on Earth came originally from Mars.

sitta_europea Silver badge

Linux on Mars.

They'll be fine as long as they didn't install pulseaudio.

France's cyber-agency says Centreon IT management software sabotaged by Russian Sandworm

sitta_europea Silver badge

"...some have clearly run old and vulnerable versions..."

No! Really? I can't believe it! I'm shocked! Who would have thought that?

BT parachutes in former HSBC exec to run new Digital unit

sitta_europea Silver badge

BT and HSBC. A match made in Hades.

Terraria dev cancels Stadia port after Google disabled his email account for three weeks

sitta_europea Silver badge

Yeah, I feel for people who are fucked over by Google.

They've been telling me that my gmail account is disabled for almost a decade, although in my case it's not quite such an issue because I never had one in the first place.

It's just when I try to email anyone that uses Gmail - like the Register.

So I don't do that any more.

Chromium cleans up its act – and daily DNS root server queries drop by 60 billion

sitta_europea Silver badge

Does this mean that Google will stop emailing me cr1m1nal cr@p now?

Missing GOV.UK web link potentially cost taxpayers £50m as civil servants are forced to shuffle paper forms

sitta_europea Silver badge

"The Home Office has ignored ..."

That sounds about right.

Countless emails wrongly blocked as spam after Cisco's SpamCop failed to renew domain name at the weekend

sitta_europea Silver badge

Re: SpamCop

"Maybe postfix ought not to reject mail if the check returns an unexpected IP address."

Well here, Sendmail running my own milter didn't, so I suspect with a decent interface Postfix would have done the same.

GitLab removes its 'starter' tier: Users must either pay 5x more or lose features

sitta_europea Silver badge

Just like on Github

"...Just like on Github, you've got..."

Yeah, and you've got the little greyed-out button that you want to click, but you can't because it's greyed out, and you have to run a 200 MByte download to make a ten-character edit in a text file.

Thanks, but no thanks.

Soon, no more blood tests or probing for prostate cancer? AI claims 99% success rate using more relaxing methods

sitta_europea Silver badge

Re: Something’s missing from the stats here.

"Perhaps each of the four biomarkers had its own false positive rate and false negative rate..."

However I look at it, I can't see how anything that has false result rates of 2.4% and 3.7% can possibly give you a better than 99% correct diagnosis rate.

There are lies, damned lies, and statistics.

Today's 'sophisticated cyber attack' victim is the Woodland Trust: Pre-Xmas breach under investigation

sitta_europea Silver badge

I'm a life member of the Woodland Trust and I haven't yet heard a dicky-bird from them about this.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021