Posts by Mishak

decent information

After the recent news, I decided to try it with some (more acceptable) queries.

As with the others I have tried, it generated a plausible but incorrect answer, and was more than happy to acknowledge it was in error when I told it so.

Summary - you can ask them anything, but you can't trust the answers and have to validate them yourself.

Re: HSBC promote Trusteer Rapport

Yeah. I refused to install that and switched my business banking to Starling (which had the added advantage of restoring free banking*).

* It was the "pay a monthly fee for the privilege of being charged to send funds overseas with a pathetic exchange rate" that was the final nail in the coffin for them.

Sympathy

I do have some (very limited) sympathy for UK banks, as they are financially liable for fraud where an app is compromised, even if it wasn't their software that was at fault (for those not in the UK, that also includes where someone is tricked into transferring funds to a fraudster in response to a scammer calling them).

However, they should be assuming that the execution environment is potentially insecure, and making sure that their app does not make external (non-OS) calls or trust data that it cannot verify.

Pi-hole

I use Pi_hole, and that totally breaks currys.co.uk. Filters do nothing, can't change the number of items that are displayed - only interaction that works are the menus and links.

Hmm. Looks like it's been updated (I reported the issue a few month ago) and it's now happy with alternate DNS / ad blocking.

Still, I have come across other sites that don't work.

Remind me - local hospital only allows Google to be used as a search engine. My phone is defaulted to duckduckgo, which gets blocked as "Threat category : Search Engines". Muppets.

My town has an HSBC branch

Though I'm not sure what it's there for. I was asked to look at opening an account for a business, so I went in to talk to them and was told "sorry mate, you will have to travel to a bigger branch (about 45 minutes away) to do that". WTAF?

Sure I've mentioned this one before, but...

I used to contract about 185 miles from home. Traffic on a Monday was not fun, so I used to set off very early and arrive at about 07:00.

I got in as usual one Monday, tried to login, and was greeted with a "You must change your password" dialog box that could only be dismissed either by cancelling or by changing the password. I obviously went with the second option, but all attempts to login after that were greeted with "Incorrect Password".

The hell desk didn't open until 08:30, so I happily spent the next (billable) 90 minutes drinking coffee and catching up on some reading.

At 08:30 I called the hell team, who asked if I had read the email they sent out the previous Friday instructing people to "cancel" the change notification as the login would still complete, and to then change the password from within Windows. Trouble with that was I was never in on a Friday and most people would have finished before the email was sent.

Their line was busy for quite a while that day.

pretty pointless

I guess they were "forced" to add https as browsers make it hard to use http these days.

Still, "poor show".

Checks

The system could even verify that the license number matches with the name and address of the person requesting the slot.

They should probably also rate limit the number of requests coming from each IP address.

It should be made on offence so they can be prosecuted.

If these are for real...

I despair* for the human race.

* Well, more really...

Though there are still a few free ways to submit in the UK.

I'm hoping to have my business closed before they vanish...

who wants to fly among volatiles?

Or, as I call it, First Class?

Protection is ideally done by hardware, but can also be done in software

Maybe, but it is non-trivial; simply storing multiple copies is not enough. For example:

bool f( int x )

{

static int c1;

static int c2;

c1 = x;

c2 = x;

return c1 == c2;

}

Many C compliers will optimise this code to always return 'true', as there is no way that the values of 'c1' and 'c2' can differ within the abstract machine that the language uses to execute the code; memory corruption is not considered by the machine.

Good luck

If you could get some electronics into the beam at CERN, it's not going to survive.

Don't quote me on these figures, but the energy in the beam (at full power) is equivalent to something the mass of a large aircraft carrier travelling at 40 knots. There are dump tanks round the ring that are filled with water, and you do not want to be near one when it's used.

The sort of even that could have caused the Airbus issue is likely to be a (single) energetic particle causing a single bit upset.

Much safer...

To use a plug-sized RCD tester!

Similar experience

The voltage to my house was regularly going over the statutory maximum of 253v, causing my UPS to go into "trim" mode.

After about 18 months of pestering the supply company, they came round to install a data logger to see if I was right.

Guy told me he would need to switch off the power to connect his kit and asked if I needed to shut anything down first. I did, but as I went back in to do so, the power went off.

"Not me", he said, showing the wire that had just fallen out of the meter when a brushed it with his hand.

Turns out the metering company didn't do a very good job when they replaced the old meter with a "smart" one.

Again, that could have caused a fire. Luckily, there were no long duration, high current appliance in that house.

Re: Not quite terminal

It was running at 500 amps, so a resistance of 10 mR creates 2.5 kW.

The specific heat capacity of steel is ~500 J/kg·K, and it takes another 275 kJ/kg to melt at ~1400 C.

Assuming the bolt was 50 g, then it would take ~14 s to get to the melting point, plus about 6 s to then melt (all of it, but it would fail before that happens).

Re: Not quite terminal

That's one of the reasons I use a thermal imaging camera - makes it really easy to spot where there are bad connections.

I used to work on high power motors, and once spotted a wire swing out of a test rig and leave a trail of molten metal behind it - a 10mm steel bolt had been carrying about 500 amps between two cables when it was supposed to have been keeping them in direct contact. Those rigs used to loose a few kW of power in the connections even when they were tight...

Re: Things that didn't happen

You really are trawling the depths.

Not training related, but...

I once had a manager who came up to me at my desk and, in an angry voice, said "You and I have a serious communication problem!".

This was news to me, so I replied with "You must be right, as I have no idea what you're on about".

He then stormed off and I stood up and started walking into the engineering lab - at which point I felt a hand on my shoulder and was physically dragged back into the office "to continue the conversation".

That incident was later cited as "a verbal warming" when he decided to formalise another similar incident.

My friend, who was a part time police officer, said they would be more than happy to support my assertion that this was assault!

Edited to fix a typo.