* Posts by SloppyJesse

163 publicly visible posts • joined 27 Apr 2017

Page:

JD Sports admits intruder accessed 10 million customers' data

SloppyJesse

Re: no payment information was among the mix

> Seems ever time these these companies report their servers got hacked the hackers never get away with payment information.

Because PCI DSS - https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf

Unlike retailers when storing personal details, the credit card networks (Mastercard, Visa, etc) do take security seriously. They're still not perfect, but security requirements around the actually payment information is significantly more than 'just' personal data.

Smart ovens do really dumb stuff to check for Wi-Fi

SloppyJesse

Local network only

"I think that companies developing appliances that want to "smartify" should first consider having local control on the current Wi-Fi network, and then make the cloud optional,"

This.

If governments had a clue they'd be mandating on this kind of rule.

(Although they'd probably mess it up - due to incompetence or brown envelopes)

SloppyJesse

Re: Samsung "smart" TV in the UK

Had a similar experience with a recent Samsung TV.

It wouldn't do anything (even scan free to air) until it was connected to the WiFi. But it couldn't connect to WiFi successfully.

Eventually worked out it needed a firmware update which I had to download and load via USB stick.

Along similar lines to this article, it seemed it's shipped firmware was checking a now defunct samsung address and when it got no answer it declared the internet not working.

SloppyJesse

Re: Frightening

> The issue isn't "Unattended operation", that's been happening for years,

But in the non-connected scenario, the person setting the timer is present and can ensure the device is suitably setup. Between the timer being set and the activation anyone in the physical vicinity can see the timer is active and take appropriate action/precautions.

In the connected, remote activation scenario, when the remote user starts the process they do not know (for sure) the state of the device.

SloppyJesse

They play a little ridiculously long tune on the beeper when they are finished

FTFY

It's like they had a competition in the programming dept. at how long a tune they could fit into the available memory.

You can turn it off on mine - but then you get no sounds at all. No beeps when you're setting it going. No confirmation it's started.

If your DNS queries LoOk liKE tHIs, it's not a ransom note, it's a security improvement

SloppyJesse

Re: Colour me surprised (in upper case)

Still gets my goat how many web forms claim an email address with a plus sign in it is not valid.

SloppyJesse

Re: Am I being Dense?

You missed the other 3 letters in the domain.

...

aa.Com

aa.COm

aa.COM

...

So 2^5 for that short example.

Surely you can't be serious: Airbus close to landing fully automated passenger jets

SloppyJesse
Alert

Hudson, we have a problem

Automated guidance for taxiing around a major airport I get.

But would it determine the Hudson a viable alternative or just plough into buildings attempting to reach the nearest runway?

Flaming USB battery halts flight from Taiwan to Singapore

SloppyJesse

Re: Speed of a battery in a vacuum...

> Why not just remove all of the oxygen from the hold... not much chance of a fire then.

Did you forget the joke icon or are you unaware lithium batteries don't need atmospheric oxygen to burn?..

Royal Mail, cops probe 'cyber incident' that's knackered international mail

SloppyJesse

Re: Hmm, 'Incident'?

> Fujitsu are just as culpable, if not more but appear to have escaped without much impact.

So, exactly like those responsible at the Post Office then...

Here's how to remotely take over a Ferrari...account, that is

SloppyJesse

Information Commissioner has been alerted

> Toyota Financial app that disclosed the name, phone number, email address, and loan status of any customers.

> Toyota Motor Credit told The Register that it fixed the issue, and noted "this had no connection to Toyota vehicles or how they operate."

I presume they alerted the relevant IC of this GDPR breach.

Forget the climate: Steep prices the biggest reason EV sales aren't higher

SloppyJesse

You do understand that when you charge a battery you convert the electrical energy into chemical energy, right?

The energy conversions in both cases is

electrical->chemical->electrical->kinetic

SloppyJesse

Re: "a strong desire to reduce refueling costs"

"I live in a terrace, with no off road parking."

You could do what several houses on the terraced street round the corner from me do and run an extension cable across the pavement.

2 of them even put those little rubber strips over the cables now!

Openreach offers more wholesale fiber discounts, rivals call foul

SloppyJesse

Re: Admission

@myithingwontcharge said

> The fact we already have an effective broadband monopoly in many parts of the country is why fibre prices are

> high and availability poor. We need more competition, not none. As an example, Openreach often seem to add

> fibre to an area only when prompted by the plans of a competitor."

So in an area where there is competition the price would be cheaper, right? I can get BT FTTC, Virgin or CityFibre FTTP. The prices are the same despite the local competition.

Your example of Openretch magically being able to install fibre when a competitor comes along indicates a failure of regulation.

Seems the issue is poor regulation of what should increasingly be regarded as a critical infrastructure. Competition is either being stifled or is an ineffective driver to delivering a good service to more people.

UK arrests five for selling 'dodgy' point of sale software

SloppyJesse

> "So what might happen is that the customer orders a $60 steak and a $100 bottle of wine,"

> Ford explained, at which point the software changes the transaction so it is recorded in the

> point of sale system as "a $10 bowl of chips and a $4 bottle of soft drink."

Obviously this is not the correct way to reduce tax.

They should be opening the wine with a 'special' corkscrew, the use of which is licensed through a company registered in the Seychelles. $60 of the $100 therefore goes in 'licensing' to "Corkage.S.A.R.L." The steak was bought for $70 from "CMOT Dibbler Enterprises" registered in the Caymans, shipped via Luxemburg and sold at a loss

Once you've taken into account the rental of the building (Owned by Mrs Oligarch via Bermuda) and the tables, cutlery, etc which are owned by "Tables And Chairs.Co" registered in Maryland you realise the restaurant is running at a loss and the owner a Mr Oligarch is actually running it out of the goodness of his heart.

Mr Oligarch is a director in all the above mentioned companies, but you shouldn't worry about that. And since he isn't intending to stay in the UK on a permanent basis he retains his non-dom status so doesn't need to declare any income from those overseas companies.

Inadequate IT partly to blame for NHS doctors losing 13.5 million working hours

SloppyJesse

Re: Confused..

> We can't expect reasonably medical staff to be informed buyers with regards specifications for complex IT programmes.

Well, if you set the expectation that low you're not going to get much useful input from the highly qualified professionals you're expecting to use the system. These are the same medical professionals that specify highly complex medical equipment balancing functionality, interoperability, servicing, upfront versus ongoing costs, etc.

Why would you think they cannot provide insight into an IT purchasing decision?

Victims of IT scandal in UK postal service will get fresh compensation

SloppyJesse

Re: Dont get your hopes up

> The PO told defence lawyers for the postmasters courts that the horizons data was correct

FTFY

And they repeatedly refused to provide detail level data to justify their position.

During the BBC radio serialisation one of the postmasters was reduced to trying to add up till rolls to understand where the issue was and even when he pointed directly to transactions that appeared twice they denied there was an issue.

Given many of the Postmasters were jailed for false accounting, maybe the P.O. board should face the same charge? They knew that their accounting system was incorrect, afterall.

Microsoft 365 faces more GDPR headwinds as Germany bans it in schools

SloppyJesse

Re: This regulator's no good, I'll get myself another

MS: "[we] have already implemented many suggested changes to our data protection terms."

That may well be the case, but you've not actually changed what you are doing with the data.

As recession looms, Workday warns that legacy HR systems need updating

SloppyJesse

Re: PAYE

I had 4 different employers last tax year and 2 of them had not ended the employment so the HMRC portal showed I had 3 active employments. I found the option to update the employment and say which ones had ended. It's not fully online, but a week later it had updated and then my actual current employer was allocated a proper tax code. All sorted by the next months payslip.

The navigation is still as confusing as ever, but the functionality is improving.

UK cuts China from Sizewell nuclear project, takes joint stake

SloppyJesse

Save up on economy 7, cheaper electricity....

> the old 'Economy 7' tariff

It still exists. Cheaper electricity between the hours of 23:00 and 06:00 IIRC[1]. But more expensive than the flat rate tariff at other times. Very much depends on you having a reasonable consumption in the cheaper hours to make it worth it - 70/30 used to be about break even but I haven't checked in several years.

[1] I think the exact time depends on region.

Time Lords decree an end to leap seconds before risky attempt to reverse time

SloppyJesse

> I think you'll find that is due to a worldwide pandemic. Other European countries are experiencing the same issues,

> France is at more risk of power cuts for example.

Not sure you can blame low river levels on the pandemic.

UK's National Health Service will roll existing Palantir work into patient data platform

SloppyJesse

"enable NHS decision makers to best plan use of resources and improve patient care."

Did you mean "Identify the bits that might be profitable for healthcare companies to lobby government for more public-private partnerships[1]"

[1] because privatisation is so 1980s

Aviation regulators push for more automation so flights can be run by a single pilot

SloppyJesse

50% reduction in pilot fatalities

"EASA's Safety Risk Assessment Framework for Extended Minimum Crew Operations (eMCO) and SPO aims to address the following points:

[...]

Pilot incapacitation"

How does one address that? Fly in circles until they feel better? Or Hollywood style aircraft to aircraft transfers to get another pilot on board?

Hey, GitHub, can you create an array compare function without breaking the GPL?

SloppyJesse

Re: Hey, Github!

Github, eh?

Tired: Data scientists. Wired: Data artists

SloppyJesse

Domain knowledge is important

Reminds me of a data analytics team that spent several months coming up with a complex model to identify high risk credit card customers. Quickly demolished by one analyst who matched their performance using a much simpler test - has the customer taken cash out at a cash point.

His reasoning was simple - if you're taking cash out on a credit card, you're either on holiday or in financial trouble.

Some of the IT management that have swallowed Gartner's previous kool aid about big data should probably take note that it didn't magically fix everything.

Microsoft feels the need, the need for speed in Teams

SloppyJesse

Re: Travails through telemetry

> I'd much rather they fixed that the Linux versions are variably unreliable,

It sounds like they're sorting that by getting rid of it.

I expect in a board meeting somewhere they will be trumpeting "100% reduction in issues with the Linux client"

9front releases new version of Plan 9 OS fork: The Golden Age of Ballooning

SloppyJesse

We used Plan 9 when I was a student at University of York. They always claimed it was named after the film.

In the days of text terminals, or if you were lucky a graphical workstation and Orbit, it seemed pretty much like any other Unix.

DisplayPort standards bods school USB standards bods with latest revision

SloppyJesse
Joke

> I wonder if the industry will ever decided to stick with a SINGLE video port. You know, kinda like USB (original), CD/DVD, Blue Ray, RAM, etc.

You're right, there are too many different options. What we need is a standard...

https://xkcd.com/927/

Oops, web trackers may have leaked 3 million patients' info

SloppyJesse

Re: Goodbyeeeeee

their maximum concerns are always the health of the patients profits

FTFY

The information passed to these trackers is on the consumers side private/personal and on the website owners commercially valuable/sensitive. There is zero reason to pass this to a 3rd party 'to see how people use our services'. Any website owner can get a huge chunk of this information passively from server logs with no additional capturing required. If more detail is needed / application is designed in a way that server logs are not useful there are multiple strategies available up to embedding tracking scripts that send data back to YOUR OWN server for further analysis.

But doing that would require time/money, so let's embedded a google tag - Google can do what they like with our visitors data as long as they give us back some pretty graphs.

If someone weaponizes our robots, we'll be really, really sad, says Boston Dynamics

SloppyJesse

> a few thousand 'years'

Might need a little longer than that.

UK politico proposes site for prototype nuclear fusion plant

SloppyJesse

Re: 17 yrs FFS

17 years will probably still be before the new Hinkley Point reactor comes online.

Maybe we'll have some fusion before we get more fission? Although just JRM saying something doesn't make it happen.

Computational storage specs hit v1.0 after 4 years of work

SloppyJesse

Re: Very Interesting

You just described Teradata's architecture.

Excel @ mentions approach general availability on the desktop

SloppyJesse

Re: STASI in Redmond, WA....why am I not surprised???

IT security will block key parts of the communication so it won't work even if you have all the prerequisites.

It's 2022 and there are still thousands of public systems using password-less VNC

SloppyJesse

It's for research, guv

"it witnessed miscreants and bots scanning the 'net for active services on the default VNC TCP port 5900, detecting about seven surges of such activity between July 9 and August 9"

How many were security researchers also looking for exposed servers?

US regulators set the stage for small, local nuclear power stations

SloppyJesse

Re: More lawyers

> Why would building more reactors be simpler or cheaper?

Think building a whole estate of identical houses versus building a millionaires mansion.

SloppyJesse

Re: @Dr Syntax - "more radioactive"

> *I saw a curious article that apparently the Earth's rotation has increased. Must be from all the spin

> coming out of our politicians. So our days are slightly shorter, which means there'll be less solar energy.

That's not how it works. If the earth spin increases we increase the frequency of days, but the proportion of day to night remains constant [*]

[*] Unless the Earth is speeding up and slowing during the day cycle [**]

[**] but that would only affect which part of the surface gets the light, not how much the Earth gets.

SloppyJesse

Re: @Dr Syntax - "more radioactive"

> From a quick glance at my electricity bill and it's rate of increase over the last decade,

> nope. But this is typical of post-normal politics. Cognitive dissonance is the new norm,

> and cheap means 10x as expensive.

YMMV but in the UK there's a lot of financial engineering between the cost of wind generation and what you see on a consumer bill.

Early wind generation had contracts which tied the price they sold to the grid to the price being paid for conventional generation. So if the price of gas goes up, so does the price of wind.

The cost of manufacturing, installing and maintaining wind turbines has dropped significantly. Upcoming offshore wind projects have been agreed at prices that were below gas production (before the recent massive price hikes) - https://www.carbonbrief.org/analysis-record-low-uk-offshore-wind-cheaper-than-existing-gas-plants-by-2023/ - As more of these projects come on the average price of wind will drop.

UK Parliament bins its TikTok account over China surveillance fears

SloppyJesse
Joke

Re: Security fears, etc, eh?

Quick, get Dido on the phone, we need another world beating app developing...

We could call it WhiffWhaff...

The perfect crime – undone by the perfect email backups

SloppyJesse

That would require a separate encryption key for each natural person. An interesting option to implement on a database system backup.

As others have suggested, if a system contains personal data that can be removed as part of a GDPR right to deletion request then the restoration processes need to take that into account so the data is not subsequently restored and used.

And to answer the argument "but if you delete all personal data you have to delete the deletion request", GDPR allows retention of personal data that you have a legitimate use for. An audit trail of requests processed is a reasonable reason to hold identifiers to ensure restoration processes are compliant.

SloppyJesse
Joke

Re: "Delete" = "Hide"

I didn't realise the Psion 3 used ZFS!

The end of the iPod – last model available 'while supplies last'

SloppyJesse

Still use an iPod nano for music in my car. The infotainment interface when using an iPod is leagues ahead of just connecting a generic USB drive.

Unfortunately iTunes long ago gave up genius and recent hire cars do not recognise the iPod (presumably older device support has been removed) so I guess it'll go in the bin when the car gets upgraded.

Only Microsoft can give open source the gift of NTFS. Only Microsoft needs to

SloppyJesse

All the actual data should be on a network drive, which is most likely a Linux box running ext4 FreeBSD box running zfs with a samba share.

FTFY

Legacy IT to blame for UK's inflexible benefits system

SloppyJesse

> Yup, it's the world's biggest pancake! ;)

You are Greg Wallace and I claim my £5

SloppyJesse

"What are they doing if it's a multi year process to switch over? Manually entering DB records for every single person?"

From a systems point of view, yes. Universal Credit is a new benefit combining what were historically separate benefits - but it's not a 1:1 replacement for the swathe of benefits it replaces, so each claimant moving to UC has to go through the claim process again.

There's also been resistance to moving onto it due to both issues in the new system causing claims to get messed up, and political decisions on how the system should work making switching over painful and potentially less generous to some groups.

Beijing-backed gang looted IP around the world for years, claims Cybereason

SloppyJesse

Who'd write logs in a binary format?

... an undocumented file format that can be accessed through APIs but can't be parsed. "

Who'd create a binary logging system that could hide data from admins?

Glad Linux continues to use text logs and hasn't bought into this hard to read logging concept.

UK watchdogs ask how they can better regulate algorithms

SloppyJesse

Training is simple.

You take all the CVs you've considered and you separate them into ones you discarded and ones you interviewed. Or you take all the interviewed candidates and separate them into hired / not hired. Or if you want to get really clever hired and did well at annual review / hired and quit after 3 months.

Hey presto you have a classifier that splits future CVs into good and bad. And you've probably just embedded all sorts of unconscious bias into your model. If you've done a really good job you've also got a good dose of irrational factors in there - like people that use Word versus AbiWord - and illegal discrimination - companies that have tried automated CV filtered have found it's really hard to hide protected attributes like gender, race and age from these models.

And that's the real problem with many of the large statistical models - If you shove lots of data in the algorithm will find patterns. But you really need to be able to explain what patterns a model is identifying before you accept the output is delivering what you want.

Study: How Amazon uses Echo smart speaker conversations to target ads

SloppyJesse

Email receipts

For email receipts in real stores it's the till operator rather than the customer that has the magic tick box and I wouldn't be surprised if it is preticked.

Under GDPR if they ask for personal details 'in order to send an e-receipt' then they cannot use those details for any other purpose. I had a £20 voucher from Debenhams for my second complaint when they started spamming me.

Yes the UK ICO is useless and I expect they put the 20 quid down as cost of doing business. More people need to complain to get them to change.

All my receipts go to a separate email (with a plus sub address if their till accepts it). When I'm bored a send complaints for anything non receipt like.

Zero trust? Not yet a must for most IT departments

SloppyJesse

Re: What exactly does Zero Trust mean?

> Another meaningless term now is "Air Gapped." ... somehow now means firewalled

> with all inbound connections disabled to the specific host

WTF? I get how complex technical terms can be misunderstood or subverted, but it is hard to understand how anyone can subvert such a clear physical concept.

Govt suggests Brits should hand passports to social media companies

SloppyJesse

Re: Is there an online petition against this stupidity?

> do want to say its not outright ban anonymous accounts but offer ways for users to verify their

> identities and control who can interact with them such as by selecting an option to only receive

> DMs and replies from verified accounts.

The argument for ID appears to be "(troll) can create an anonymous account and send nasty content to (target)".

If it will work as you suggest then the target would block unverified accounts. The troll would have to verify in order to send content so, in theory, could be traced and investigated for illegality. But any other person would also have to verify to communicate with the target. If public figures like MPs turn on verification it becomes mandatory for their constituents if they want to use social media as a channel.

Either no one will turn it on - net effect zero

Public figures and companies turn it on - Joe public is forced to verify in order to interact - removing one of the few goods that social media has provided[1] and handed more valuable/sensitive data to private data harvesters.

Either way it seems a very poorly thought out response to the problem.

[1] I've found social media an effective channel to communicate with local council and companies. Let's faced it you can't actually phone the council anymore but they do read twitter.

I own that $4.5bn of digi-dosh so rewrite your blockchain and give it to me, Craig Wright tells Bitcoin SV devs

SloppyJesse

Re: OK something I've never understood in this case

Afraid it's you.

The mining process is simply software which uses rules to validate transactions into a block and then computes a nonce as proof of work. Change the validation rules to allow it and you can add a transaction that consumes a previous output [1] without signing with the private key and moves it to a new address that you have the key for. You need a majority of mining compute power to adopt the new rules for the block to successfully get onto the chain [2] - which in theory is what stops random hackers doing it. But if you get a court to order the software developers that write the miner the majority use to do it you are at least part way there.

[1] output because the blockchain is a ledger. Wallets don't really exist.

[2] Vaguely recall this has been done on some crypto chains when they introduced rules to 'fix' already committed transactions.

Page: