* Posts by Killfalcon

671 publicly visible posts • joined 7 Jul 2017

Page:

'Bro delete the chat': Feel the panic shortly before cops bust major online fraud ring

Killfalcon

My first phone only stored something ludicrous like 128 text messages. That gets you in the habit of clearing up regularly.

Who is DDoSing you? Rivals, probably, or cheesed-off users

Killfalcon

Re: DDOS attacks are getting shorter ?

Actually, you may have hit on it: it could be on average that's how long they take to give up when seeing the mitigation kick in.

Killfalcon

Re: DDOS attacks are getting shorter ?

I guess there can be lasting effects - stuff needing reboots, etc.

That said, the point of a DDoS is what the attackers wanted to do. The classic is "DDoS on a player in an online game", which only needs to last long enough for the attacker to win the game (or make the target lose). Maybe it's cover for another attack. Maybe it's just testing for a response. Maybe the intent is just to have the target "randomly" go down - do that often enough and it'll make their service look unreliable, costing them customers without as much publicity as a complete take-down.

Also, from what I've seen - some of them are just badly written web scrapers. Some %age of what cloudflare is calling a DDoS could well be people hunting for things to shovel into their LLM.

Why is Big Tech hellbent on making AI opt-out?

Killfalcon

That's probably a difficult question to answer. There are definitely parts of it that might be?

Word's spellchecker suddenly having more opinions isn't processing my private data. _Unless_ I happen to be editing my CV, or something.

Even modest makeup can thwart facial recognition

Killfalcon

Re: "However, gait recognition is becoming quite powerful..."

Or wear a cape, with epaulets.

It's not just Big Tech: The UK's Online Safety Act applies across the board

Killfalcon

Re: Commenting on articles, review, and blogs is exempt

Only if you say it in the El Reg forum. Article comments like this are, apparently, not a risk to the public.

Coder wrote a bug so bad security guards wanted a word when he arrived at work

Killfalcon

In my experience in Finance IT - stuff using column positions is old, often "voting age" old. Occasionally "kids have grown up and gone to university" old. That sort of thing can be expensive and risky to replace, not worth it if it's working right now.

It's bad practice now, absolutely, but that's because we tried it and found the problems. And hell, sometimes when it was written it was a good idea - saving on overhead in a dramatically less powerful machine could be the difference between a weekend batch and an overnight batch, or even the holy grail of "takes about 20 minutes, so we can test and re-run several times in a day".

Killfalcon

It can be very context dependent. Generally you want to automate as much as you can - machines make fewer (and different) errors than humans, fixing things is a pain.

I work with pensions sometimes - we don't manually check the vast majority of payments, there's tens of thousands of them daily. We do check the batch size and totals, and there's a bunch of checks that pick out things over certain values to be reviewed. And then, of course, there's all the other bills - everything from stationary to train tickets to the cleaners and tax bills. There are always exceptions, someone will need to check those.

Killfalcon

Re: Tounge in cheek?

Would the electric company pay it's staff in advance for the hours it expects them to work?

Your computer's not working? Sure, I can fix that problem – which I caused

Killfalcon

Re: Computer wiped every month ?

Keyword is 'unauthorised'.

T&Cs you agreed to [sure they're three weeks long and written partly in ogham script, but you ticked the box] say you authorise them doing things.

Yes, I am being intolerably smug – because I ignored you and saved the project

Killfalcon

Re: Documentation and a cheap label maker

> USB-A superposition

That's when the USB fits snugly into the ethernet port, right?

Killfalcon

Re: Every office has one.

The connection is broken, though.

FCC slaps Verizon with $1M fine for dropping 911 calls, again

Killfalcon

I wish they'd said what the names were, this belongs in textbooks.

I mean, we joke that naming things is hard - and it often is - but it's useful to have a nice clear example of why it's important, and why it's worth the extra effort to get it right.

Techie installed 'user attitude readjustment tool' after getting hammered in a Police station

Killfalcon

I feel like I saw that on MacGyver back in the day.

Killfalcon

And I thought I had trouble getting my computer desk (an ancient mahogany beast that probably belonged to a lawyer before it got to the British Heart Foundation) through the front door of this Victorian workman's cottage.

I won't lie, the speed with which the delivery guys got my front door off it's hinges was impressive. Faster than I could google how to remove a door, it was off.

Seething CEO shoulder surfed techie after mistaken takedown of production server

Killfalcon

Re: Labelling production

It's such a silly seeming thing ("make production red"), but colour coding works astonishingly well. Even if you don't consciously notice it, opening the wrong environment _feels_ off.

Might be one of the best time-returns there is in terms of preventing downtime. Simple to implement, simple to explain, basically no cost at all.

I didn't touch a thing – just some cables and a monitor – and my computer broke

Killfalcon

Re: Yeah, sure. Nothing changed. Pinky promise.

I've had some users spend so much time "trying to fix" a problem under heavy deadlines that they genuinely forgot having made changes.

They changed a thing that shouldn't matter (or ""shouldn't"", at least), it broke, they quickly concluded it can't have been that meaningless change, spend two hours trying other things, and only then do they call for help.

Most of my work was about data format and validation, so in the end I just made sure to have ways to quickly find out what changed, and set that running while the user explains what they think the issue is. So often it was dumb shit like "opened file in Excel, excel changed the dates formats when saving" - the user "didn't change anything", but it still broke!

...and yes, sometimes, the user just lies.

During Lockdown, I once spent half an hour trying to remotely diagnose why someone's monitor was "too green" before giving up, telling them it was probably the cable needing to be replaced. I later found out they'd dropped it down the stairs and were hoping the company would give them a bigger one when replacing it.

The company would have given her a bigger monitor on request.

Bad vibrations left techie shaken up during overnight database rebuild

Killfalcon

Re: SSDs [Dot-Matrix Printers]

I was thinking, two lines a minute seems a little slow for Teletype.

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

Killfalcon

Re: Can the game access the tablet's microphone?

In theory, the game's permissions could extend to the filesystem. That should be visible in the permissions screen, even if it's easily assumed to be for writing save files or whatever.

Killfalcon

Re: Can the game access the tablet's microphone?

I dunno. I feel like if there was audio-data tracking, someone would have found it already.

Phone microphones are not very good, so any 'hidden' tone they can pick up should stand out on an oscilloscope. Some audiophile youtuber would have tripped over it when trying to eliminate background noise, surely.

Also it'd require android's permission-by-app system around microphones to be broken, which, someone at Defcon would have cracked years ago.

Killfalcon

Re: *Audio*books

The purpose of the targeting data is to get some advertisers to pay more for access to users the advertiser thinks will buy their product.

It doesn't exist to block ads you won't like. If you are in a demographic that spends a bunch of money on relatively specialised things, targeted ads can drown out the lowest-common-denominator bollocks, but if you don't look* like someone advertisers will pay *extra* to talk to, you'll just get the trash.

* 'look' here is in terms of google's algo assigning you keywords that the advertisers separately decide they want.

Hey, Reddit. Quick question. All those clicks on my ads. Were they actually real?

Killfalcon

Re: The good clickAI

It's Enimem. Lose Yourself was a true story after all!

Bill advances to exonerate hundreds in Post Office Horizon scandal

Killfalcon

My understanding is that they don't want to accidentally pardon any 'real' criminals, despite how their malpractice has made it nearly impossible to tell who they are. This means essentially re-trying all 900ish convicted sub-postmasters ""fairly"", which is slow and miserable.

Personally I think the appropriate saying is "better that ten guilty people go free than jail one innocent", but as we've seen time and time again the Post office is really big on saving face, and that appears to mean proving that at least *some* of their prosecutions were correct.

Killfalcon

That's a fun little read, thank you for sharing.

Killfalcon

I thought she'd gone No Comment to everything for the last six months or so: do you have a link handy?

Oracle Fusion rollout costs 15 times council's estimates in SAP rip-'n-replace

Killfalcon

Re: In my simplistic thinking...

"I just need it to replicate what the old system did, including the export to MagnusSheets97"

"MagnusSheets97 that went out of support in 2003"

"Do you have budget to replace MagnusSheets97?"

"No"

"Then your system needs to talk to MagnusSheets97. End of discussion"

*project manager adds another 20k to the budget to build yet another shim*

UK lays down fresh legislation banning crummy default device passwords

Killfalcon

If only those devices weren't connected to the internet, I might agree, but they are.

These insecure devices allow viruses to spread, and botnets to grow. Ultimately it's to everyone's benefits to have fewer insecure devices around.

Killfalcon

20k? At that point, you'd be able to make money importing non-compliant stuff, putting on a different hat, then reporting your yourself for the bounty! :D

Rarest, strangest, form of Windows saved techie from moment of security madness

Killfalcon

I have once been saved from an infinite loop sending emails because Azure Information Protection (a plugin that lets you mark office docs "Confidential", "Top Secret" or whatever) didn't let Excel VBA set the status on Outlook mailitems, so there was an error to click-through before the code could progress.

It should have! It worked with all other Office format documents I tried, but not emails. And while it did save me some bother with that email loop, I did still have to work out a fix. The fix was to create a new excel workbook, mark *that* Confidential, attach it to the draft email, wait a split second for AIP to automatically grade the email Confidential (because it inherited the sensitivity from the highest of it's attachment's), then remove the template, boom, email is marked Confidential and will send without further complaint.

About four years later (that'd be now), Microsoft finally integrated the feature properly. I only last week got done stripping out that dodgy workaround!

Judge demands social media sites prove they didn't help radicalize mass shooter

Killfalcon

This is misunderstanding the stage we're at in the procedure.

So, there's a civil (not criminal) court case. A claims B did a bad thing, and would like recompense. B isn't saying they didn't do the thing, yet.

B claims that regardless of if they did the thing, they are allowed to do the thing under S230, and asks the judge to dismiss the case without a full trial. Logic is that there's no point asking a court to say if they did the thing if the law doesn't care if they did.

A lot of court cases end like this - cases that are obviously doomed are a waste of the Court's time, but the line for "obvious" is intentionally very low, rather than deny too many people a shot at justice. This is why you might see a lot of fuss about "anti-SLAPP (Strategic Lawsuit Against Public Participation" laws, that are meant to make it easier to dismiss lawsuits that are obviously being used to silence people for making public comments. Normally those go to trial and cost a lot of money to defend, regardless of merit.

Here, the judge has read the initial documents, and says "A's claims are plausible enough that we can't instantly dismiss this, B is invited to write more words to counter that, or wait for the full trial date"

That's where we are now. The plaintiff's case has survived a motion to dismiss [ie, end the case before trial]. B has been invited to write a fuller explanation, if they don't or can't, then there's a full trial, where both sides are expected to prove their case.

Job interview descended into sweary shouting match, candidate got the gig anyway

Killfalcon

Re: ECDL

Cycling lessons.

Killfalcon

I used to work in an actuarial department, and they got fed up of being unable to tell what people meant by "good excel skills". Some people thought that being able to copy down a sumif was 'good', some people had got the hang of Index(match()) but 'struggled with nested IF statements after six layers' and so rated themselves as "okay". Genuinely, most applicants had no objective sense of how good they were with Excel, and that made it surprisingly hard to get the right people into the excel dev team.

They, by combining the knowledge of every excel expert they could find in a room of 140 math grads* employed specifically to predict the future of insurance policies, build a Test. It was like 120ish questions, with worked examples about different features in Excel, who they worked and when you might use them.

Literally no-one got full marks - Excel is too damn big. I'm proud to say I came closer than most, but it was the first time I'd ever heard of 'slicers', and honestly I've still not needed to use those since.

The test turned out to be incredibly useful for dealing with Dunning-Kruger issues in self-reported skills.

*I was not a math grad, but a math/comsci dropout who'd instead spent a decade as on-site support, fixing the Very Clever solutions the actuaries came up with on deadlines.

Lawsuit claims gift card fraud is the gift that keeps on giving, to Google

Killfalcon

Re: To sum up ...

I think there's a bunch of technical, nitpicky law things in the way there.

1) proceeds of crime - most places don't actually have laws on that, weirdly, and when they do they tend to be very specifically written (I think the UK one is one of the broadest, mind).

2) stolen goods - turns out that if you personally walk into a shop and buy something with your money and give it willingly to someone, that's not theft. Morally, of course if fucking is. Legally, it's in a different bucket where the laws are written as much to stop unhappy customers from having the local grocer arrested. Fraud is different to theft, and modern anti-fraud laws just aren't built around this kind of thing.

Genuinely, this is an area that requires competent legislation. If someone can draft some legalese to make this sort of scam *into theft*, without me being able to get you arrested by mailing you a giftcard and faking some text messages, then it would suddenly become a *massive* problem for Apple/Google/etc that they were suddenly on the hook for a lot of this shit. That would probably incentivise them to do something about it, but I'm not smart enough to guess at what that'd look like.

Killfalcon

Re: To sum up ...

Steam is a really common one too. It's a global distributor, so they can always find local buyers who'll buy a $10 steam credit for $5 and be very happy with their cheap games. Or they can buy games directly and resell the keys - supposedly some of the 'cheap' steam-key resellers get stock this way, but I would have thought that'd be traceable, but it is at least not an option with google/iTunes stuff that doesn't let you resell products.

Killfalcon

Re: To sum up ...

It still goes on my phone bill, I think. It's good to have options.

If we plug this in without telling anyone, nobody will know we caused the outage

Killfalcon

Re: The sure fire 10p investment...

Canadians have pennies!

Killfalcon

Re: Let's Check the Server Room Access Log

That's the problem with remote servers, you stop thinking of them as hardware in the first place. Even worse is "cloud" stuff where everyone remembers the decade old sales pitch of virtual machines being seamlessly passed between servers without ever impacting client experience, yet, inevitably, your "cloud application" has been running in a single unchanging rack in a single warehouse somewhere in Dublin for the last six months, and won't move without an outage.

Some Intel Core chips keep crashing, game devs complain

Killfalcon

Re: Golem.de looked closer than ElReg...

Maybe they were thinking of a 200W heat pump, but likely not, as that's roughly equivalent to a 700W resistive heater.

Self-taught-techie slept on the datacenter floor, survived communism, ended a marriage

Killfalcon

Re: Daily!?! RFC begs to differ

As near as I can tell, a lot of security rules are set based on what the project lead saw last time they logged into something.

Killfalcon

Re: Daily!?! RFC begs to differ

"We've emailed you a code to login. This expires in 30 minutes."

FTC asks normal folks if they'd like AI impersonation scam protection, too

Killfalcon

If Chevron goes, the American government falls apart with it. For generations, US law has assumed (under the 'Chevron' decision) that Congress can create an agency to deal with Something and have the agency handle the details around that Something. Almost all federal authority works under this auspice, and without it a lot of things all fail at once, from the parks to the post, from the ATF to the FTC.

Thar be safe harbor: Reddit defeats third attempt to unmask digital pirates

Killfalcon

Re: Why does reddit store ip addresses?

Could be spam/bot/DDoS/etc, standard "we would like the website to remain functional" stuff. Sure, a lot of bad actors change up their IPs frequently, but a surprising quantity don't bother.

Please install that patch – but don't you dare actually run it

Killfalcon

Re: Uptime

I worked with some simulation software that needed a dongle (thankfully USB, though we did have some older serial port ones) to validate licenses, but only at boot. Because the dongles went missing a lot, I once ended up spending an hour sharing a half-dozen dongles between thirty machines, booting then in batches, after a power outage took down the whole room at once. PITA, but I got everything back up and running before the important folk got into the office!

("Power outage? What about the UPS?" I hear you ask. Well, the power went out because the UPS caught fire...)

The spyware business is booming despite government crackdowns

Killfalcon

Re: " The spyware business is booming despite government crackdowns"

Honestly, I'd guess that even Google will find people it can't track but really wants to. Rival companies, for example, won't be using google docs for their accounting, and so the corporate espionage world still has reasons to exist. It's risky, obviously, especially when staff can move between the giants freely, but it's certainly not unthinkable.

They don't need to steal my data, as you say they get plenty of that, but there's always gaps they'll want to fill.

Developer's default setting created turbulence in the flight simulator

Killfalcon

Re: sort of on topic...

I think Tom Scott did a video just last year about a hobbyist-built submarine simulator that used a similar setup, with the camera in a well-maintained pond. Very neat systems.

UK lawmakers say live facial recognition lacks a legal basis

Killfalcon

Re: Live Facial Recognition Ethics

That's a good point on the length it'll be stored: have you ever looked at old photos and been surprised how much a random great aunt looked like your sister does now?

Might end up taking "the sins of the father" to some risky new levels.

One person's shortcut was another's long road to panic

Killfalcon

Re: Oops!

You can have too much of a good thing, especially if you're having to pay for it.

That's quite expensive when you're looking at terabyte processes, and has a high risk of being the reason runs fail. Back in 2010ish, my lot (finance actuarial stuff, generating hundreds of TB per year) were spending six figures on daily backups, and those ran out-of-hours to minimise the risk of trying to backup a file that's part processed, or accidentally lock a file that needed to be edited by the simulation software (etc). We did have on-demand access to the last 30 dailies, the last 12 month-ends, and last seven year-end backups, though, which was absolutely worth the cost.

Mars Helicopter Ingenuity will fly no more, but is still standing upright

Killfalcon

Re: Chopper gets the chop

I threw in a half of mine, that should sort for now.

Killfalcon

Yup. They had to make it very, very light, with very large prop blades to move enough air.

Poor communication led to complete lack of communication

Killfalcon

Re: Email flooding

You get some fun stuff with Actuarial modelling, if you stuff up something basic enough. Errors that happen for every month in your projection, for every policy - my record is a log file with 4.8 million error messages in it. Took twenty minutes to open the file with the tools I had at the time.

Page: