* Posts by 42656e4d203239

424 publicly visible posts • joined 22 Mar 2021

Page:

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

42656e4d203239 Silver badge

Re: I actually wouldn't worry all that much about this

What are the odds that car thieves would have the equipment to deceive your car's "keyless entry" system?

Pretty high. Saw an video of some muppet opening a range rover using one such devcie and, via an OBDCII device, starting it and driving away...

Don't buy nice cars boys and girls - the bad uns will have them away if they want them.... but then that has always been the case (nice is obviously relative to the location of the vehicle...)

Tired techie 'fixed' a server, blamed Microsoft, and got away with it

42656e4d203239 Silver badge

>>difference between regedit and regedt32

regedit works? Dunno about these days but the 32 variant couldn't search in registry values, only in keys which was/is a bit of a limitation.

Oh sorry - these days they are the same... back in the day there were significant differences in functionality. It seems the timeline went regedit (windows 95ish) -> Regedt32 (NT4 ish) -> regedit/32 (x64)

Post Office slapped down for late disclosure of documents in Horizon scandal inquiry

42656e4d203239 Silver badge

SPM: sells a 50p stamp

Horizon: debits an account by £50

Back-office: creates a correcting journal for £49.50

Horizon: debits the account for £4950

SPM: Unaware of the Horizon cockup goes on to sell 100 50p stamps

POL: You must have stolen £495000 - go to jail, go directly to jail do not pass go do not collect £200.

Then three possibilities

1. SPM: ok I am guily cos I must be.

2. SPM See you in court

Hizonnor: Law states computers are assumed to be functioning correctly, SPM must be guilty as charged.

3. SPM: erk... /takes the hard way out

and one improbability, that must have been a million to one chance:

SPM is Alan Bates and fights tooth and nail for years to bring the sorry mess into the open and exonerate himself/other SPMs.

UK businesses shockingly unaware of how to handle security threats

42656e4d203239 Silver badge
Mushroom

why bother doing anything...

When the worst that happens is a slap on the wrist and a public telling off... especially when a mealy-mouthed "Sorry we got caught with our pants down, security is really our top priority, honest guv!" press release seems to be a get out of jail free card.

Techie saved the day and was then criticized for the fix

42656e4d203239 Silver badge

Re: Sounds About Right

>>security locks take 30 minutes to 1 hour to defeat

hmmm... I know of one beautifully engineered dial lock that the only hack for is (according to the internet) a robodialler which will take rather a long time (many hours to days) even if you know the open digit!

As it happens once you get used to those particular locks, there are sometimes little 'tells' that hint you might be approaching correct digits in the opening sequence but they vary from lock to lock and do depend rather on what was done the last time the lock was serviced.

If you know which lock I am talking about you will, no doubt, agree - if you don't you obviously don't have/haven't had a need to know.

Normal locks, however, yes 30 minutes to an hour would be about right. Often it is easier to defeat the container or the keeper of the key!

DARPA tasks Northrop Grumman with drafting lunar train blueprints

42656e4d203239 Silver badge

Re: "figure out what would be necessary for a railroad network on the Moon"

Yeh - the Vacuum is a mixed blessing. In the dark times it helps by there not being convection to worry about heating up the superconductor, however it means that during the daytime any of the structure hit by unattenuated sunlight has to radiate that energy back to space or get hotter... which isn't good news for many reasons.

42656e4d203239 Silver badge
Meh

Re: "figure out what would be necessary for a railroad network on the Moon"

>>Running overhead wires for power is a no brainer; pantographs and the like are known tech.

All the moving parts (rather more than you may initially think) required to make overhead lines work for terrestrial trains will need modifying for the incredibly abrasive environment.

Gravity plays a large part in making overhead traction power supplies work here on Sol 3.... slight problem with that on the mun IIRC in that there is much less of it around to keep things pointing generally downwards. Oh and the support gantries will need fixing as well... which is a whole new field of pain.

I would suggest overhead wires for power, on the mun, is far from being a "no brainer".

FLOAT looks like a much more promising system - Maglev, too, is proven tech these days, has fewer moving parts required for traction plus it shouldn't be too hard to keep the induction coils cool (at least 14 days out of 28; granted the rest of the time it might be more tricky)

Garlic chicken without garlic? Critics think Amazon recipe book was cooked up by AI

42656e4d203239 Silver badge
Happy

Re: So AI is one of two things

¿por qué no los dos?

It is not a zero sum....

Ad agency boss owned two Ferraris but wouldn't buy a real server

42656e4d203239 Silver badge

>>To be fair, the markup on "Enterprise discs" is crazy

My Enterprise disks are running with no errors reported 10+ years after manufacture whereas the consumer grade devcies I have tend to die within 5 years of similar use. I don't really mind paying the premium if I get the lifetime...

Yeh I know... spinning rust... ssds... whatever. This isn't about timely replacement and rolling upgrades - it's about markup and relative reliability.

Microsoft forges One Teams App To Rule Them All

42656e4d203239 Silver badge
Unhappy

who knows why?

How did the use case for teams being "One user, one account, one tennant" ever crawl off the requirements cutting room floor and into the application itself?

It's what lead to the totally stupid situation where every user on a machine had their own Teams install.... which, when you have shared PCs, gets to be a trifle annoying from both a management and a disk space perspective.

It was, I presume, also the reason for the eventual emergence of the "all users" installer which basically checked to see if the current user profile had Teams installed and then installed a copy automatically (handy for when local users aren't local admins - a fact that still seems to evade Microsoft to this day)

People here legitimately have two tennants they belong to - both of which use Teams etc. extensively. Incognito mode and separate browsers get used a lot becasue the cross tennant/one user many accounts aspect of Microsoft 365, is fundamentally, still broken.

Climate change means beer made from sewer water, says North Carolina brewery

42656e4d203239 Silver badge
Thumb Up

Mythbuster

Couldn't produce enough grain to make that much beer

Water was freely available and kept clean, plus small beer gave you wings

much more scholarly

More evidence in here

Seriously, there are more historical references (as in actual medival - or even earlier - texts of the time, not just random websites) for drinking water than for "medievals all drank ale/small beer for safety"

You're welcome.

42656e4d203239 Silver badge

Re: Excrement of yeast

>>Proto-whisk(e)y is indeed a type of beer,

More an ale isn't it? I am not aware that any whisk(e)y mash includes hops for added flavour!

Linux 6.9 will be the first to top ten million Git objects

42656e4d203239 Silver badge
Coat

>>Also single build.sh script builds tools kernel ISO and IMG files for all architecture.

There you go - a project for you. BUi;d a single build.sh that covers all the build cases for Linux and submit a pull request to his linuxness.

/mines the one with popcorn in the pocket.

BOFH: I get locked out, but I get in again

42656e4d203239 Silver badge

Re: Very neat episode, nice little cliff-hanger

>>the ancient MS-DOS skullduggery of swapping font tables out for Cyrillic or mirrored fonts

Here, pupils still think swapping the chromebook keyboard layout to UK - Dvorak is the hippest thing to do since TikTok.

Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva

42656e4d203239 Silver badge

Re: KISS

>>Use Kate or Gedit

nah - vi ftw! or if feeling a little nostalgic, in a microsoft environment, edlin. I didn't think I could remember how to make edlin work but to my horror commands are surfacing in my aged brain. Nurse! Bring the dried frog pills!

>>Wordstar

Nope - Wordstar files could have all sorts of stuff embedded which wasn't text - mostly down to codes required for printing the document... /me has PTSD from making an Epson FX-80 print superscript and subscript from a Wordstar document. You could even do font selection using them if your printer had fonts... shudder... Wordperfect was even worse.... how far have we come in 40 years only to go full circle?

42656e4d203239 Silver badge

Re: Article title is a bit misleading

>> silently packed with and used to exfiltrate arbitrary files like /etc/passwd from your web server

But isn't that a problem with the font management tools rather than the font file(s) themselves? packing containers with unexpected payloads has been a 'black hat' technique for ever (approximately). Surely it's the management tools/renderers that are the issue rather than the font files/archives themselves?

42656e4d203239 Silver badge

Re: Article title is a bit misleading

The problem seems, to me, to be with FontForge, FontTools and Imagemagick rather than with fonts per se. Headline should have been "Font management tools still have a Helvetica problem with security" - and the issue is, fundamentally, an old problem rather than a novel attack - that of unsanitised (or unvalidated) input leading to unexpected outcomes.

UK finance minister promises NHS £3.4B IT investment to unlock £35B savings

42656e4d203239 Silver badge

Re: automating the writing and clinical coding of notes, discharge summaries and GP letters

>>Of course, Labour will double down on this stuff if/when they get in

I remember when there was a real choice in who to vote for...

42656e4d203239 Silver badge

Ah yes, Mr Hunt...

Would that be the same Mr Hunt, who, as his first job as Health Minister, changed the NHS management structure so that instead of only one region being in the red, they all were. Then blamed "inefficiency" on the sudden fall from grace rather, than his own miguided imposition of extra red tape with no extra funding to cover it.

Pepperidge farm remembers... though, arguably sadly, the voters don't.

Year of Linux on the desktop creeps closer as market share rises a little

42656e4d203239 Silver badge

Re: It is the UI

>>(Yes, I forgot those who jump on every newest thing just o show off that they have the newest whatever thing, but I love to forget them on purpose)

You shouldn't forget them - they are paying the R&D/Marketing costs for your new kit 5/15/50 (whatever) years down the road.

Thank them for the sacrifice of their wallet to your pleasure... if you manage to talk to one of the "got to have the latest" crowd about that aspect their compulsion they tend to get a little, err, tense.

42656e4d203239 Silver badge

Re: Repeat after me:

>>MS365 "full fat" licence is what £22* a month

Other price plans are available... the last I paid for an MS365 license was...... ~£5 per year per seat. About the same as the Adobe Everything (Premier, Photoshop, After Effects - the whole shooting match) license... I would show you the bills but that would dox myself, which would be stupid.

Tesla Berlin gigafactory goes dark after alleged eco-sabotage

42656e4d203239 Silver badge

Surely there wouldn't be a single point of failure to take out a whole plant and town?

Why not? there might be just one <many>kV string coming to the area, blow up/set fire to the end of that string and hey presto... blackout.

Power distribution networks were never designed to be resilient against someone deliberately attacking a sub-station (cf. right-ists shooting sub-stations in the US of A and causing blackouts last year)... and, as the networks rarely get redesigned, they will remain vulnerable.

FWIW I think the original thought process, back when people were generally more sensible, went something like "No-one would be demented enough to set fire to a sub-station would they? no? OK" yet here we are with demeneted people everywhere.

Cruise's valuation halved after its driverless car hit and dragged a woman

42656e4d203239 Silver badge

>>Cthulhu I suspect has given up on them as a bad job

The great Cthulhu treats humans as humans do ants (and I don't mean like CanadaAnt on YT). He gives no heed to the pathetic wimperings of humans.

Iä! Cthulhu fhtagn! Ph'nglui mglw'nfah Cthulhu R'lyeh wgah'nagl fhtagn!

Ahead of Super Tuesday, US elections face existential and homegrown threats

42656e4d203239 Silver badge

Hmmm that thinking has potential...

Plato famously said "Only those who do not seek power are qualified to hold it."; turning that on its head, given that those who most want power are generally the ones least suited to it, any candidate for high office should be instantly disqualified if the fMRI shows any hint of pleasure when asked if they want the job!

42656e4d203239 Silver badge

Re: Skinhead culture

It runs very deep in the British... even the Romans , IIRC, noted that we were drunkards who liked fighting.

Linus Torvalds declares Linux 6.8 is probably back on track for a regular release cycle

42656e4d203239 Silver badge
Happy

"Does anybody else remember when he said that there would probably never be a need for a 4.0 release?"

That's almost as good as the, possibly apocryphal, "640k of RAM should be enough for anyone" apparently uttered by Mr Gates esq.

Cops visit school of 'wrong person's child,' mix up victims and suspects in epic data fail

42656e4d203239 Silver badge
Holmes

Plus ça change

Back in the day (24 years ago? really? blink and you miss it), in another life, I found it extremely odd that the local force system (and probably the PNC on which it was modelled) was set up assuming that no two "customers" would have the same name and DoB (That's what ID cards are for lol)... there were provisons for the occurrance, of course, but they weren't immediately obvious. I did ask a question but got a shrug from the Inspector.

So, in this case, once the mess started I doubt there was much the force could do to sort it out becasue officers/staff would be querying the data, getting whichever "customer" was first, and, assuming that the computer was giving them the right "customer", modifying the record accordingly and consequently screwing up the data leading to much unpleasantness all round.

To compound the issue, IIRC the UI didn't allow an officer to correct the mistake, even if they had noticed the snfu, (24x7) so the data manager (0900-1700 Monday - Friday if you were lucky) would have to have knowledge of the records concerned and not make a mistake when unpicking the mess.

OpenAI sued, again, for scraping and replicating news stories

42656e4d203239 Silver badge

Re: Embrace the verbatim

>>That could raise the possibility of even more court cases down the line when the alleged copyright holder gets sued for something they'd never actually said

In the UK there is a legal presumption that says, effectively, "The computer is always right" and that there is no burden on the prosecution to prove that the computer actually is right.

The copyright holder would be being sued for something the computer said they did, but they didn't, and be in the unenviable position of having to prove the computer wrong - which they wouldn't easily be able to becasue the prosecution just says "Computer is always right your honor" at which hizonor sagely nods and finds in favour of the claimant.

So, in the end, the copyright holder will have said the stuff the computer claimed they did, even if they didn't!

Obviously this is a bit reductio ad absurdum but we are talking lawyers and big buckets of money so anything goes.

>>You couldn't make it up if you tried.

Indeed. Kafka would be having a field day!

New solvent might end winter charging blues for EV owners

42656e4d203239 Silver badge
Coat

Plunges below zero?

Does the author mean below -17.78°C or below 0°C?

(255.372 or 273.15 Kelvin, 459.67° or 491.67°R and true commentartds all know I am referring to -3.7778° and -2°H respectively )

As this is an international publucation surely the SI unit or, in extremis, K scale is more approriate than just splashing the word zero around with no reference frame other than the implied US states in the sentence?

Russia's Cozy Bear dives into cloud environments with a new bag of tricks

42656e4d203239 Silver badge
WTF?

Re: For those with learning difficulties or just hopelessly moronic or psychotic, this is what to

Hang on a minute - that almost made sense.

Who are you and what have you done with amanfromMars1?

p.s. title truncated because "Title is too long" error

Underwater cables in Red Sea damaged months after Houthis 'threatened' to do just that

42656e4d203239 Silver badge

Re: Why do they need a submarine?

>>This is easily within the capability of the Houthis.

Even if it weren't (which it is), it is well within the capabilities of their backers....

Japan's SLIM unexpectedly wakes up on Moon after month-long nap

42656e4d203239 Silver badge
Happy

Re: Ohaiyo gozaimasu

"Ohaiyo gozaimasu

Netakiri nan desu ga, naka naka okinakute, gomen. Hagaki okurimasu.

おはいよ ございます ねたきり なん です が、 なか なか おきなくて、 ごめん。 はがき おくります。"

once again but in Googlish (Google translate English)

"good morning. I'm bedridden, but I'm sorry I haven't been able to wake up. I'll send you a postcard."

City council megaproject mulls ditching Oracle after budget balloons to £131M

42656e4d203239 Silver badge

Re: What would it cost ...

Modern and forward looking does not automatically mean better.

Indeed not, however it would be hard to find a worse system than the one most of them use at the moment. Byzantine doesn't begin to describe it. It wasn't ever designed as a product and is largely a bunch of disparate systems kludged together. At least a more modern system shouldn't be that.

The simple task of tte register requires 5 mouse clicks and two page loads per pupil.

I hesitate to name names but would that system rhyme with last farts?

42656e4d203239 Silver badge

Re: What would it cost ...

all schools and colleges in the UK have expensive, cra*, customised, bought in (and pay forever) management systems.

err no. Not ALL schools and Colleges are beholden to Crapita ESS PupilPay for their MIS. A small, but growing, number are actually jumping ship to rather more modern, forward looking suppliers.

London's famous BT Tower will become a hotel after £275M sale

42656e4d203239 Silver badge

TBF It wasn't given, I think they paid £1 for all the GPO infrastructure... or was that Network Rail? British Gas? The CEGB? or CoVID Ferries? whatever - it was the Govt. of the time scratching the backs of their backers.

Election security threats in 2024 range from AI to … anthrax?

42656e4d203239 Silver badge
Happy

>>There was a famous trial in the US who's name escapes me (I am not Joe) but involved a chimp

There was a chimp tried for being a French spy in Hartlepool a few years ago...

Insider steals 79,000 email addresses at work to promote own business

42656e4d203239 Silver badge
Alert

Re: These guys are amateurs and need to go on a course.

>>I would expect staff can only access one record at a time - there should be no need to access all the data at once.

Any DBA of a database can access all the data using a suitable command shell/query language.

Obviously that shouldn't be available to normal staff but we don't know if the miscreant in this case was a DBA or Normal staff... nor do we know if normal staff had access through command line tools by intent or omission.

Closure of Windows 10 upgrade path still catching users by surprise

42656e4d203239 Silver badge
Black Helicopters

There may be alternatives available

I am told that a simple Google search will show you a Github respository that helps with Microsoft activation problems.

Apparently the repository contains powershell scrips that sort out any licensing/activation issues you may have and result in a fully licensed/activated copy of the OS/Office suite as required.

It is rumoured that Microsoft employees also use these scripts to sort out issues that are otherwise intractable through official channels.

I obviously cannot comment on the veracity of these tales.

Alaska Airlines' door-dropping flight was missing bolts

42656e4d203239 Silver badge
Trollface

Re: So by failing ....

Would your torque wrench be a "reliable" nut runner?

CERN seeks €20B to build a bigger, faster, particle accelerator

42656e4d203239 Silver badge

Re: Priorities

>>€ 20 bn over 20 years for the membes of CERN

It's barely a rounding error in their respective budgets... 23 members, $20Bn, over 20 years, gives about $43.5 Million each per year.

UK Gov PLC spaffed way more than that in "jobs for the boys" contracts recently and no-one blinked.

Congress told how Chinese goons plan to incite 'societal chaos' in the US

42656e4d203239 Silver badge
Holmes

better threat sharing....

Hmmmm if the FBI shares its detected threats with industry, surely that just tells any interested foreign state actors what the FBI know and hence how to adjust their approach to cracking the nut?

One would asusme (wrongly I guess) that industry already tells the FBI what it is noticing...

OpenAI's GPT-4 finally meets its match: Scots Gaelic smashes safety guardrails

42656e4d203239 Silver badge
Mushroom

Back in the day

You could just mail order "Kitchen Improvised Plastic Explosives" from the small ads it the back of many magazines.... or perhaps get hold of a copy of "The Anarchists Handbook" and not worry about how good the information was (It was excellent, or so I am told)

That runaway datacenter power grab is the best news for net zero this century

42656e4d203239 Silver badge

Re: XLinks

>>I rather suspect EDF will find ways to extract the money from UK tax payers instead, and our politicians will let them.

This. The UK Tax payer is already footing the bill, and will continue to do so with the double whammy (should they use on-grid electricity) of increased base unit costs affecting the price (upwards) of all the electricity they use.

42656e4d203239 Silver badge

Re: XLinks

/me Can't decide if you are trolling or just don't understand how these things work in practise.

>>I said the French tax payers are footing the bill

No, becasue EDF are borrowing commercially. They aren't loans from the French Government (who only own 84% of EDF anyway...).

>>And those interest costs are stacking up too as it's not going live before at least the 2030s.

All of which will be repaid by the UK consumer... or tax payer, depending on what extras EDF can add to the contract or persuade the Govt. to add as subsidy to the scheme (as I said, have a look at "Keeping The Lights On" in back issues of Private Eye).

42656e4d203239 Silver badge

Re: XLinks

>>At $16 billion, it's still less than 1/3 of the cost of the new nuclear reactor at Hinckley Point C.

True dat.

>>At least French tax payers are footing most of that bill though.

Poor sweet child. The French tax payers are acting as garuantors to the loans EDF required to build1 the machine... and are direct beneficiaries of the UK power consumer's generosity in years to come!

See Private Eye's 'Keeping the light on' columns passim and, no doubt, ad infinitum on all the shenanigans that Hinkley C is associated with, not least the base cost per unit being, IIRC, about 4x the existing base cost per unit...

1for special values of build in time t for which t may be apparently infinitely variable

Cory Doctorow has a plan to wipe away the enshittification of tech

42656e4d203239 Silver badge

Re: Does old Cory know what he's talking about?

>>by giving away Android for free destroyed Blackberry and Microsoft - who were unwilling to invest their own monopoly profits into doing the same thing

Both Microsoft and Blackberry could have "done a Google" but didn't; as you say they were "unwilling to invest their own monopoly profits".

So what makes Google bad (for giving away Android and destroying their competition)? the fact they 'gave away'1 Android or the fact that Microsoft and RIM/Blackberry didn't give away Mobile Windows/whatever Blackberry devices run on, when they could have done but chose not to?

1Obviously Google didn't give away Android - they exchanged it for all the marketing data they could ever need...

ICANN proposes creating .INTERNAL domain to do the same job as 192.168.x.x

42656e4d203239 Silver badge

Its a bit more nuanced than "don't use it"

From Wiki

"At one time, Microsoft at least suggested the use of .local as a pseudo-TLD for small private networks with internal DNS servers. For example, support article 296250[5] included the following option:

Make the name a private domain name that is used for name resolution on the internal Small Business Server network. This name is usually configured with the first-level domain of .local. At the present time, the .local domain name is not registered on the Internet."

and IETF also allow for that use - same ref as above.

"Any DNS query for a name ending with the label local must be sent to the mDNS IPv4 link-local multicast address 224.0.0.251, or its IPv6 equivalent ff02::fb. A domain name ending in .local may be resolved concurrently via other mechanisms, for example, unicast DNS."

so although use of .local for the local domain is permitted, such may cause issues in particular setups... I wonder when RFC 6762 was written compared to the recommendation to use .local for private non-internet connected networks?

Mars Helicopter Ingenuity will fly no more, but is still standing upright

42656e4d203239 Silver badge
Pint

Beer

That is all.

Jolly good show, wot?

Glasses will be filled and raised.

Farewell little 'copter....

The rise and fall of the standard user interface

42656e4d203239 Silver badge

Re: Hostname

>>Recumbent sounds fun,

Recumbents are fun - and bloody fast if you are crazy enough.... in my youth1 I had the opportunity to ride down a newly opened bit of road decending the side of chalk downland. After the cycle home, GPS reckoned I reached 50Mph.

The other advantage they have is that one has a very comfy2 chair. I once rode 60 miles from north east somerset homewards and got nothing more than tired legs for my effort, despite my distinct lack of training!

I have never had a serious spill from the 'bent - just slow speed nonsense on ice - for those it is much less painful than falling from a standard bike.

Hope the arm fixes properly, Liam, at our age these things are less than certain!

1for special values of youth

2for special values of comfy

Page: