* Posts by mr-slappy

66 posts • joined 27 Nov 2017

Page:

GCHQ's infosec arm has 3 simple tips to secure those insecure smart home gadgets

mr-slappy

Put the onus for security on the manufacturers rather than the users

"If your camera comes with a default password, change it to a secure one" => Require all IoTat devices to not have a default password, rather one that the user has to enter before it can be used. And reject any easily-hackable passwords.

"Keep your camera secure by regularly updating security software" => Require all IoTat devices to update themselves automatically and make manufacturers financially liable for security breaches in the way that they would be liable if a the device electrocuted someone.

"If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it" => Require all IoTat devices to have this feature switched off and only allow it to be enabled if a strong password has been assigned by the user (and maybe mandate 2FA as well).

FTFY

Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

mr-slappy
Thumb Up

Re: Whatever happened to code review?

Hear hear!

In my day not only was code peer-reviewed, but specifications (does anyone do those any more?) as well.

I still encourage that approach whenever I am able to (sadly not that often in these days). Peer-review can identify many defects that the author will never see because they are immersed in the work.

If you're serious about browser privacy, you should probably pass on Edge or Yandex, claims Dublin professor

mr-slappy

Re: GDPR

Um...

'But the government would not accept any alignment with EU laws as the EU is demanding, with Mr Gove adding: "We will not trade away our sovereignty" ... there will be no jurisdiction for EU law or the European Court of Justice in the UK'

GDPR will be one of the first things to go. It will be sold as dynamic Bojo getting rid of all those annoying EU cookie notices that preface every web access.

https://www.bbc.co.uk/news/uk-politics-51650961

The great big open-source census: Most-used libraries revealed – plus 10 things developers should be doing to keep their code secure

mr-slappy

80 to 90 per cent FOSS

"With modern applications now composed of 80 to 90 per cent Free and Open Source Software (FOSS)"

Is there a citation for this? It's an interesting statistic.

Hey GitLab, the 1970s called and want their sexism back: Saleswomen told to wear short skirts, heels and 'step it up'

mr-slappy

Re: " Joke What's the difference between a kilt and a skirt?"

Aah, the late, great Spike Milligan. Still very much missed. https://www.brainyquote.com/quotes/spike_milligan_141745

Contractors welcome Lords inquiry into IR35 before tax reforms hit private sector but fear it's 'too little, too late'

mr-slappy

Re: As far as HMG Treasury are concerned...

"Several large clients have already moved to enforce either on-payroll or umbrella working, which will possibly bring in more tax, and almost certainly more NI"

That does not take into account the substantial number of contractors who (if these comments are anything to go by) seem to be retiring, leaving the profession or leaving the UK. Unless someone can magic up large numbers of people to replace them, that work will go offshore or just won't get done. The tax / NI take from that will be zero.

mr-slappy

Re: With Typical Reg Thoroughness...

"Due to website maintenance it is not currently possible to make a submission online. Instead, please email your submission, name and contact details to [email protected] The deadline for submissions is 23:59 on 25 February 2020"

Perhaps we should band together and submit a fixed-price proposal to implement a comment submission system that actually works. With a substantial mark-up due to the fact that we are shouldering the risk. And strictly-managed changed control that means if they want to change one of the colours it will cost £10k. What could possibly go wrong...

Canadian insurer paid for ransomware decryptor. Now it's hunting the scum down

mr-slappy

The cure could be worse than the problem

"the decryption tool provided had to be run on each and every affected device on the company's network"

...and presumably hoovered up a load of sensitive information and password files, and probably dropped a load of malware in the process too.

Clunk, whirr, buzz, whine. Shared office space can be a riot and sounds like one too

mr-slappy

LEDs

Never mind noise, what is it with all those LEDs they have nowadays? I switch the light off in our living room and it is bathed in the ghostly glow of half a dozen devices that are announcing their presence for absolutely no reason whatsoever.

I seem to spend half my life reading user manuals (ugh!) for instructions on how to disable the little buggers, only for them to reappear soon after following some sort of unrequested software update...

Fly me to the M(O2)n: Euro scientists extract oxygen from 'lunar dust' by cooking it with molten salt electrolysis

mr-slappy
Happy

So, you're both right^H^H^H^H^H wrong, in different contexts.

FTFY (this is the Reg after all)

Squirrel away a little IT budget for likely Brexit uncertainty, CIOs warned

mr-slappy

Re: 2019?

"chlorinated chicken has been cleared by US and European food agencies as safe"

Um, no, it very much hasn't.

"Washing chicken in chlorine and other disinfectants to remove harmful bacteria was a practice banned by the European Union (EU) in 1997 over food safety concerns. The ban has stopped virtually all imports of US chicken meat which is generally treated by this process. ... The EU believes that relying on a chlorine rinse at the end of the meat production process could be a way of compensating for poor hygiene standards - such as dirty or crowded abattoirs."

https://www.bbc.co.uk/news/uk-47440562

Someone needs to go back to school: Texas district fleeced for $2.3m after staff fall for devious phishing email

mr-slappy

Re: So what happens to the money?

"Germany used to enforce the name being correct in transfers, but people got the names wrong so often that they dropped it"

Not only that, but I quite often find that the HTML input field for an electronic payment is not long enough to allow for a long account name. (Why would they do that?)

For example, my wife's and my joint bank account has the name "Mr Benedict X and Mrs Beatrice Y Slappy" (names changed 'cos I'm paranoid).

ICANN finally reveals who’s behind purchase of .org: It’s ███████ and ██████ – you don't need to know any more

mr-slappy

I've pre-emptively bought the corresponding .org.uk domain for the club (amateur orchestra) whose website I run.

The mooted increases aren't much in absolute terms but but to a small organisation like ours, and like many others I suspect, it's still significant.

We'll be ready to rehome ourselves when the greedy bastards decide to start turning the financial screws.

mr-slappy

Does your browser not do spel-cheking?

World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)

mr-slappy

Re: Cheap Cunt

Likewise.

Here's what a generous (whatever the opposite of cunt is) would have done:

1. Donated a much bigger amount of money.

2. Donated it himself rather than from his company.

3. Not gone straight to social media to boast about it in order to boost sales.

Privacy activists beg Google to ban un-removable bloatware from Android

mr-slappy

Re: More options please

I emailed the webmaster about this very subject, as I thought I was losing my marbles.

They replied (very promptly) to say that they have removed the top links to a few days ago to release a little more "above-the-fold" space. You will be prompted to log when you need it, eg to post on a forum or download a whitepaper.

As a very long-time reader of the Reg, I find this fundamental change to the layout rather disturbing; I am still processing it ,and hope to come to terms with it over the next few days and weeks.

Microsoft engineer caught up in sudden spate of entirely coincidental grilling of Iranian-Americans at US borders

mr-slappy
Unhappy

Re: no way to win

September 14th, 2009. The death of Patrick Swayze. Never forget https://en.wikipedia.org/wiki/Patrick_Swayze

Brit banking sector hasn't gone a single day of 2020 without something breaking

mr-slappy
Headmaster

Crescendo

"The wailing kicked off from 6am local time, reaching a crescendo three hours later"

Sigh. A crescendo is a gradual increase in loudness (from the Italian for "growing."). I know that some dictionaries also define it as a high point but they are just wrong.

(disclosure: I am an amateur musician, not an Italian speaker)

Log us out: Private equity snaffles Lastpass owner LogMeIn

mr-slappy

Re: No one has mentioned Dashlane

You're absolutely right, but I downvoted you anyway, on principle.

And it's "practice."

Remember the Dutch kid who stuck his finger in a dam to save the village? Here's the IT equivalent

mr-slappy
Facepalm

Immediate Windows Update

I'm a bit sketchy on the details for this one, as I was on of the many victims rather than the perpetrator, but it turns out that the option to test a Windows Update on one test computer is right next to the option to immediately deploy the Update to every desktop in the whole organisation.

Which is why my PC suddenly started shutting down without warning one morning, and when I looked around, everyone else's PC was shutting down as well.

It was like something out of The Matrix (or would have been if the shutdowns had been accompanied by pictures of descending digits and some spooky music).

Anyway an intensive "retraining programme" was apparently arranged for the unfortunate perpetrator (in the sense of "would you like to get some training with another employer"). Bit harsh as AFAIK it was caused by a spectacularly poor UI.

123-Reg is at it again: Registrar charges chap for domains he didn’t order – and didn't want

mr-slappy

If 123-Reg is possibly going to go bust I would strongly urge anyone using them to move away now.

Many years ago I had my main domain with a company that suddenly stopped responding to all attempts at contact. In despair I eventually contacted Nominet, the .uk registrar, and went through a slow and anxiety-making process to get my domain released.

I know they get a lot of flak but Nominet were very helpful, and they had to make absolutely sure that I really did own the domain before they could transfer it. Thankfully it was eventually sorted. Phew!

If anyone is looking for alternatives I would highly recommend Zen. (I have no connections with Zen other than as a happy customer.)

Larry leaves, Sergey splits: Google lads hand over Alphabet reins to Sundar Pichai

mr-slappy

Re: develop into a source of knowledge and empowerment for billions

"...an unending list of shopping websites where they can buy something possibly related to it"

amazon.co.uk/...

amazon.co.uk/...

amazon.co.uk/...

amazon.com/...

amazon.co.uk/...

amazon.co.uk/...

amazon.co.uk/...

ebay.com/...

amazon.co.uk/...

ebay.com/...

amazon.co.uk/...

< repeat for 5-6 pages >

an-actual-shop-actually-selling-it-cheaper-with-knowledgeable-staff.com/...

Why can't passport biometrics see through my cunning disguise?

mr-slappy

Re: Shock and Aura- A modest proposal.

"As that aura is unique, because we're all individuals"

I'm not.

As pressure builds over .org sell-off, internet governance bodies fall back into familiar pattern: Silence

mr-slappy

Re: Indeed

Not directly, but Dave Cutler was behind the development of VMS before leaving Digital to develop Windows NT.

Some people believe this is why "VMS" + 1 = "WNT" (excuse my lax notation :-)

Email! HUH! Yeah. What is it good for? Absolutely nothing...

mr-slappy

Re: 20 Years Ago

It's 'Spanners', you spanner

Remember the Uber self-driving car that killed a woman crossing the street? The AI had no clue about jaywalkers

mr-slappy
WTF?

I don't understand...

.. why software in aircraft (*) has to undergo years of rigorous design, testing and certification before a plane can fly, but the bar for self-driving cars seem to be "it compiled ok." (Or maybe "we did a load of really thorough testing, honest guv")

Why are self-driving cars even allowed on the roads? The technology doesn't seem to even be alpha yet.

(*) well not for Boeing obviously

Q. Who's triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

mr-slappy

Raspberry Pi VPN

A few years ago I set up a VPN server on a Raspberry Pi, using OpenVPN. The instructions I used were here: https://www.bbc.co.uk/news/technology-33548728 (although I'd go for something more recent now as it relies on a now-deprecated version of OpenVPN). I can access it from my iPhone and MacBook when I'm out and about.

It was quite complicated and it took me a while to get it working, but all the better for that! I mainly did it to learn about how VPNs work. However it comes in handy when I'm abroad and want to watch something on the BBC (for which I have paid a licence fee of course). I also use it when I'm signed on to a public wifi network (mainly to feel a little smug rather than to protect myself against crims).

Everything must go as school IT supplier Gaia Technologies' £5.7m debt burden revealed

mr-slappy

I'll do it for £449.

I think you're going to need to put out an RFP...

Welcome to the World Of Tomorrow, where fridges suffer certificate errors. Just like everything else

mr-slappy

Yes - I missed the important words "plumbed in". Apologies

mr-slappy

"MAYBE: my little indulgence - a dispenser for chilled water and ice, all plumbed in (would be a YES except that it's only available on "american style" models)"

Our fridge isn't an American-style one, and it has a very handy cold water dispenser.

Even better is that you can fill it with white wine when we've got the family round for Christmas...

Sudo? More like Su-doh: There's a fun bug that gives restricted sudoers root access (if your config is non-standard)

mr-slappy

The Real Issue

I think we're all skirting around the real issue here. Is it pronounced soo-doh or soo-doo?

I've always said soo-doh, although I'm not an admin.

iTerm2 issues emergency update after MOSS finds a fatal flaw in its terminal code

mr-slappy
Thumb Up

It looks like kudos to everyone involved - Mozilla and Radically Open Security for finding it, CERT for publicising it, iTerm for quickly fixing it and El Reg for letting us commentards know about the update.

Virtual inanity: Solution to Irish border requires data and tech not yet available, MPs told

mr-slappy

Re: borders to be regularised or smoothed out by mutual agreement

Thank you for the reference. However the article concludes (my emphasis):

- The council overwhelmingly decides by consensus, which means the **UK is on the winning majority side almost 87% of the time**.

- The UK government might be more willing than other governments to publicly register its opposition to EU decisions.

- The data does not tell us what went on behind the scenes on each of these issues, and hence how much the UK disagreed with the majority position when it recorded its opposition – perhaps the UK was on the winning side on all the key issues it really cared about in this period.

Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children

mr-slappy

Re: Forget the kiddies

"I thought it was *PERFECT* and a *SOLID* example of how you deal with bullying"

I sincerely hope that you are not involved in any way in dealing with children or young people!!

Of course bullying is a terrible thing and needs to be dealt with robustly, but your proposed solution is ill-informed, unlikely to succeed and frankly barbaric.

The image of the bully as an empowered sadist does not reflect reality in my experience (primary school governor for 20 years). More often than not the bully is him/herself being bullied or abused at home. (Go on a local authority safeguarding training course if you want to hear some truly horrific case studies.)

All they will learn from your approach is how to become even more violent and will likely end up as an adult doing someone some serious harm. A more nuanced approach will still protect the victim but also may be able to turn the bully around from the path they have taken.

I look forward to all the well-informed, courteous and adult and response to this post...

We're all doooooomed: Gloomy Brit workforce really isn't coping well with impending Brexit

mr-slappy

Re: Repent, repent, the end is nigh

I really struggle with the argument "we got by before we were in the EU, so we'll get by once we're out of it." The world has changed massively since then, and we have changed in step with that (for better or worse). We are now proposing to yank ourselves back in time fifty years over the space of a weekend.

It's like saying that we could travel just as fast around London in the Victorian era as we can now, so suddenly taking all the buses, cars and taxis off the road would be absolutely fine. But we' be knee-deep in horseshit for a start...

Brit ISPs pinky-promise not to overcharge loyal broadband customers

mr-slappy

Zen

Or go with Zen Broadband who have the same rate for everyone.

https://www.zen.co.uk/broadband/superfast-fibre-broadband

(not associated with Zen other than as a long-standing and very happy customer)

macOS? More like mac-woe-ess: Google Chrome slip-up trips up SIP-less Apple Macs

mr-slappy

Re: Why?

"IMHO, because of this, Chrome should be banned from the appStore until they behave properly"

I'm not at my Mac at the moment, but IIRC Chrome is installed on Mac by downloading a .dmg, not through the MacOS App Store. So the only control Apple has is to somehow remove it from their list of signed software (which is easily circumvented).

Every dog has its day – and this one belongs to Boston Dynamic's four-legged good boy Spot

mr-slappy

Who's a good boy? Who's a good boy then?

I, for one, welcome our new roboticanine overlords

TalkTalk's voice-over is writing speeds that its text can't match: Ad pulled from broadcast

mr-slappy

Advertising Standards Authority alerter

"The Advertising Standards Authority was alerted after Reg reader Rich Campbell noticed the TV broadcast's voice-over speeds did not match the ones promoted in the text"

I'm guess Reg reader Rich Campbell will start getting speeds of about 500kbps from TalkTalk pretty soon...

Microsoft bungs a billion bucks at biz developing AI that will take our jobs 'for the benefit of all'

mr-slappy
Headmaster

Plowed?

"Ploughed," please.

"Plowed" is "N. American or archaic" (possibly the same thing?) according to the Chambers Dictionary on my phone.

Metropolitan Police's facial recognition tech not only crap, but also of dubious legality – report

mr-slappy

Re: It's in its infancy, but it will improve

"If anything it will IMPROVE matters massively for those affected by the racist stop-and-search policies as the AI system won't have the inherent biases of the prejudicial police officers"

Um, how is the AI going to be trained?

This weekend you better read those ebooks you bought from Microsoft – because they'll be dead come early July

mr-slappy
WTF?

What happens to the authors?

I've co-authored an IT book and will have received a (small) royalty for every copy sold electronically. Am I now going to have the royalties deducted from my next royalty payment, even though people will have read our book? It's not exactly a life-changer but it doesn't seem fair to me.

Cyber-IOU notes. Voucher hell on wheels. However you want to define Facebook's Libra, the most ridiculous part is its privacy promise

mr-slappy

BCCI

I was at BCCI as part of the IT team supporting the auditors who went in to try and find out what happened. BCCI was very different to what seems to have happened at Barings: BCCI's owners were just stupendously, shamelessly, universally corrupt. They were taking millions out of the accounts and putting it into their own pockets and nobody stopped them until the money ran out. They all escaped abroad AFAIK. The less corrupt ones would take money out on a Friday night, invest it over the weekend and put it back in on Monday without anyone noticing.

Weak regulation and a mind-blowing lack of oversight let all this happen.

The saddest thing was that the staff left behind (business and IT) were required to keep all their money in BCCI accounts. These were ordinary people who lost everything - cash, savings, pensions, the lot. Tragic.

mr-slappy

Re: and yet

The FSCS limit is actually £85,000: https://protected.fscs.org.uk/

Politically linked deepfake LinkedIn profile sparks spy fears, Apple cooks up AI transfer tech, and more

mr-slappy

LinkedIn Scammers

I get a lot of LinkedIn crap (I only use it when changing jobs tbh) and about a year ago I received a request from a young attractive blonde woman who I didn't know.

Nothing particularly unusual there, but her job was as a Geography teacher at my kids' secondary school. I'm also a school governor (elsewhere) so I thought maybe she was a real person who was a staff governor. But when I checked with my kids, they said there was no-one of that name who worked at the school and she didn't appear on the school's website.

It took LinkedIn a good six months to remove her from the site, and bizarrely, I saw that some of my more gullible work colleagues (definitely not connected with the school) had actually connected with her.

I am still trying to work out how the scammers knew which school my kids go to. (They're not connected with me on LinkedIn because, well, they have better things to do with their time)

ProtonMail filters this into its junk folder: New claim it goes out of its way to help cops spy

mr-slappy

Re: Snoops

There are lots of other reasons to use a VPN, other than being a spy: I often use mine when I'm logged into a wifi hotspot or other untrusted network, for example. So far the authorities have shown no interest in me whatsoe

Let's make laptops from radium. How's that for planned obsolescence?

mr-slappy

Cash made from Radioactive Isotopes

"I had an Economics teacher who would muse how much fun it would be if cash was made from radioactive isotopes with a short half-life... to see what might happen to consumer spending habits if everyone knew they had to dispose of their pay packet before it blinked out of existence"

I think Germany ended up trying something similar between the wars - it didn't end well IIRC...

Dedicated techie risks life and limb to locate office conference phone hiding under newspaper

mr-slappy

Unnecessary Donkey is my wrestling name

AI has automated everything including this headline curly bracket semicolon

mr-slappy

Surely [deadline&pub] ?

Key to success: Tenants finally get physical keys after suing landlords for fitting Bluetooth smart-lock to front door

mr-slappy

Re: Reluctant

Just because Americans do it doesn't mean we have to https://chambers.co.uk/search/?query=reticent&title=21st

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020