* Posts by Nick Ryan

3751 publicly visible posts • joined 10 Apr 2007

Salesforce dogged by protests, leaked emails, and guerrilla blimps on first day of Dreamforce

Nick Ryan Silver badge

Re: Is it just me, or does SalesForce suck ass?

It's always been a reasonable system for managing pre-sales, after that point SalesForce starts to really show it's limitations. Yes, custom development can be put in along with all kinds of API led horrors, but in the end it's core business has always been about the pre-sales process. What people don't realise, until too late, is the limitations on the APIs and how it quickly gets very expensive but once an organisation has put the investment into it, it's hard to leave.

IT bosses worried about network security reckon AI Jesus can save them, says Oracle survey

Nick Ryan Silver badge

Very similar to a meme/joke I came across a while ago:

A programmers take on AI: A few more if statements have been added.

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security

Nick Ryan Silver badge

Fingerprint readers used like that are not MFA at all. A fingerprint is not a suitable replacement for a password. It's a rather good part of authentication when used either as the user ID, with a password as well, or in addition to a user ID and a password, but not in place of a password.

Microsoft has a digital coworker it wants in your business: Cortana

Nick Ryan Silver badge

Seriously? Take potentially sensitive and/or personal data from within a business and send it, with no controls, to a regime that has zero effective data protection laws? No. Absolutely No.

It's why Cortana on a business desktop is utterly wrong, bordering on illegal, and really must be utterly disablable.

No, the Mirai botnet masters aren't going to jail. Why? 'Cos they help Feds nab cyber-crims

Nick Ryan Silver badge
Mushroom

Re: This bit makes me queasy...

Is there any part of American society that does not have a $ value?

President?

Ah. Oops. Oh dear. This could go wrong. Very wrong.

Nick Ryan Silver badge

Re: Not a new technique...

While it's shocking to see sense deployed (particular in the US litigation centred economy) it's almost refreshing to see a change of heart and direction. Considering what I did to my Uni's systems, and these days I've have been booted out and given a cyber-criminal record as a "reward", and that the prison system is meant to reform individuals this is pretty much a very sensible outcome. One wouldn't want to encourage people to commit crimes in order to get jobs, but at least these days there is a growing sub-industry in white-hat vulnerability researchers. This white-hat industry is not going to go away and while the aim should to be to remove the need for it at all but, being realistic, it's a new industry and it's here and will only grow. Welcome to the new age of gamekeepers.

NPM not tied in knots over Yarn rival project

Nick Ryan Silver badge

Re: Optional

Sssssh. You're talking sense. Stop it at once before you scare them and they have to retreat to their "safe zone" or whatever the hell it's called today.

Security procedures are good – follow them and you get to keep your job

Nick Ryan Silver badge

Re: "How the security department manages the human factor "

In the hospital's IT department's defence, it's because it's seen as easier (and safer!) to slash IT budget compared to reducing layers of management, particularly as trusts can't do anything about having been screwed over by the entire PFI business nor the hugel reduced amount of central government funding they get.

US govt concedes that you can indeed f**k Nazis online: Domain-name swear ban lifted

Nick Ryan Silver badge

Re: Optimistic

Maybe bible belt thinking?

Do not adjust your set, er, browser: This is our new page-one design

Nick Ryan Silver badge

...and Microsoft.

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

Nick Ryan Silver badge

Re: Not wishing to trust Big Gov, but--

You can indeed vote the media out: you stop consuming their products and they go bankrupt.

Unfortunately the Daily Mail group (owners, etc) are not yet bankrupt however the Stop Funding Hate campaign group has made enough of a difference that the DM group have started smear and disinformation campaigns. Which the Stop Funding Hate have published of course...

Nick Ryan Silver badge

Re: Perhaps instead

Rudd spending her time usefully. The mind boggles.

Holding her breath so she doesn't steal oxygen?

Nick Ryan Silver badge

Don't forget the sudden addition of a largely pointless security-theatre other factor auth scheme which requires a mobile device and an application that requires far, far too many privileges for the trivial job of smoke and mirrors. Apparently it makes the account more secure, however given that there is no way to guarantee the providence of the mobile device and the setup of it, it just makes it annoying instead.

World's oldest URL – fragments 73,000 years old – discovered in cave

Nick Ryan Silver badge

Or just possibly that our ancient ancestors (maybe) were a bit bored and had nothing better to do. They didn't have enough language skills to make up religion, so doodled instead. Any similarity between this and modern office meetings is purely coincidental of course.

Microsoft: You don't want to use Edge? Are you sure? Really sure?

Nick Ryan Silver badge

Re: Dear Microsoft

Read the article and the links. This is not pitched as a preview feature, this is pitched as a shitty, intrusive and annoying feature for the next iteration.

A boss pinching pennies may have cost his firm many, many pounds

Nick Ryan Silver badge

Developer PC

Many years ago when working as a software developer I was at a company where spending money on equipment that wasn't going to be used by the owner of the company or wasn't going to make an immediate profit was an arduous work in long term persuasion. The development PC I used, and the network connectivity and sever that it relied upon, was so slow that compiling (building) the application literally took 10 minutes. This was at a time when frequently it was important to perform a full build of all linked files rather than just the modified one as this tended to make software debugging, well, reliable.

In the end the plan was simple: Whenever I was compiling the application I was to look as expensively bored as possible having already exhausted all available trivial tasks. I had already peeled off all the labels from the floppy disks that we (re)used to distribute software therefore when asked if I had anything to do I was in a position to state that I'd already peeled a (large) pile of disk labels and could produce them physically as evidence, in the meantime I was waiting for the applicaiton to compile. As in I had performed a ridiculously menial task (it had to be done, and I've always pitched in with things, so I didn't care about doing this) and to make it rather clear that this wasn't a great usage of my time.

It took about two weeks, and from memory half of the first week was spent peeling floppy disk labels with the remainder of the time compiling as often as possible in the hope that one of the owners of the company walked past while I was (im)patiently waiting. I got a new PC, we didn't get a new server for another year (which is a different story altogether as it was a reconditioned unit that we had as a result of an insurance claim by a client) but at least when the files were on the local system I could compile in seconds rather than minutes.

On the other hand, having a snail slow development PC did teach one to code efficiently (glares at almost every developer out there) and to think about code a little more - had plenty of time to do so, of course.

Qualcomm's tardy chip upgrade leaves the Great Wearables Reveal to jokers and clowns

Nick Ryan Silver badge

I stopped wearing watches shortly after getting a (reliable) mobile phone. Some Nokia of some form if I remember correctly.

I know I'm not alone in this and while I can see the fashoin statements of watches, or the retro-chic, or the fitness-trackers the overall market of actual watches has almost certainly been savaged by mobile phones.

Europe's GDPR, Whois shakeup was supposed to trigger spam tsunami – so, er, where is it?

Nick Ryan Silver badge

Re: "spammers could run wild with no way to identify and stop them."

Yep, I read the arguments about how GDPR would cause an increase in spam. I then re-read them, then read them backwards and even upside down. Even after that I still couldn't see any logic or anything much based in reality other than "special interest groups", or IP laywers and their cronies, getting upset because they'd have to do their job properly.

Nick Ryan Silver badge

Re: Don't said contracts...

It's also quite clear in the GDPR that conflating unnecessary requirements, as part of a contract or terms of service, is not acceptable. Therefore just shoving something arbitrary in a contract will not work.

No need to code your webpage yourself, says Microsoft – draw it and our AI will do the rest

Nick Ryan Silver badge
Mushroom

Re: Entity Framework

...and that's efficient and good SQL compared to the mess that "appears" in SharePoint. I'm pretty sure that given the level of unnecessary, snail like complexity everywhere in SharePoint that it's really gaining sentience, most likely as some denizen of hell*, rather than trying to deliver a decidelly half baked document management / workflow / CMS / website builder... thing.

* It's already consumed the souls of anybody that claims to be a SharePoint developer.

Windows 0-day pops up out of nowhere Twitter

Nick Ryan Silver badge

Re: Seems as though he has submitted quite a few bugs with CVE and had little credit

If that's them then they have insecurity issues that should (please) be dealt with first rather than security issues.

Honestly, I don't care what gender/sexuality/whatever someone identifies with as long as they're competent... but I do understand that it may need to be taken into account sometimes. I also know that, unfortunately, much of the world doesn't feel the same way. It read like that they needed to state personal issues as an excuse or an apology for finding security issues? It seems wrong, and perhaps somebody crying out for attention or help more than anything else.

...and no, I'm not intending to be nasty in any way.

Nick Ryan Silver badge

Re: "and their dog being able to use the Administrator account"

Largely because the idiots* didn't appreciate that not having full adminsitrator access to something was a good idea and therefore wrote everything on the assumption that every execution of their code would have full administrator access. It was also easier - laziness is the cause of many security issues.

* I was such an idiot once... although admittedly many years ago. What I've always done since has been hijacked by buzzword bingo: DevOps.

Nick Ryan Silver badge

It's multi-layer therefore execution rights followed by elevated rights on a local system is bad, however getting elevated rights in a domain (administrator) context is incredibly bad. Luckily this is somewhat harder, unfortunately it's definitely not impossible.

Experimental 'insult bot' gets out of hand during unsupervised weekend

Nick Ryan Silver badge

Not sure who, but I'm pretty sure that the aim is/was to have the same number of public/"bank" holidays across the union however when one part of the union insists on having an additional day off, they have to drop one of the existing days to keep the total the same.

.NET Core 2.1 – huh, yeah – what is it good for? Bing, apparently

Nick Ryan Silver badge

Re: I have never come across C£

If they actually used the musical sharp symbol then perhaps I'd be more forgiving... there it is almost always C-hash. As in a bit (lot) of a hash. It has improved, of course, but many chunks of it want to make me gouge my eyes out in despair at the hoops to do something simple, or how relatively simple things have been made as obfuscated as possible for, well, no reason whatsoever.

It's a useful language for some things, not very useful for others. Same goes for any language before the fanboy nutjobs jump in...

Texas ISP slams music biz for trying to turn it into a 'copyright cop'

Nick Ryan Silver badge

Re: Arrogance

Yes. Within reason a consumer will take the easy route to getting what they want. For a long time it's been easier to download tracks illegally rather than legally. The price gouging of consumers for the download editions of music really doesn't help either and neither do all the various reports about how the artist receives almost bugger all from the purchase and the record companies get the largest amount. At least days many more artists have their own record company which does help alleviate this, but only for them.

Nick Ryan Silver badge

Re: Music files are small

You're letting the facts get in the way of a good legal argument.

FTFY :/

Nick Ryan Silver badge

Re: illegal

In America theft is merely taking some thing that does not belong to you . Even if you intended to give it back.

As in taking something and depriving the owner of it. Copyright violation is not theft, copyright violation is copyright violation. This does not make it any more or less acceptable.

Apple web design violates law, claims blind person

Nick Ryan Silver badge

To be fair (yes, sorry), I've seen far worse than apple.com. A standard, and easy trick, is to disable all images and to disable all styles. If the website is not usable at this point then it's a straight accessibility failure. Idiotic and needless reliance on JavaScript, usually duplicating standard browse functionality, is another issue. For example, HTML forms entirely broken to require JavaScript events to submit rather than having a submit button.

There are obvious link issues, with the odd empty link and a few rammed together but not the worst by a long way.

This no-CSS and no-Image view is also pretty much what a search indexer will see therefore get this right and your SEO is much of the way there. Accessibility and SEO go hand in hand.

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Nick Ryan Silver badge

Re: Well to stay real for a bit

All packets of data will go through and be routed by your ISP and there is no way around this, although there are ways to make it hard to work out what is going on datawise.

While the body of an packet may be encrypted (to whatever level of security this gives) the header provides all the information needed to track the packet of data, for example source and destination address and ports. This allows your ISP to record communications between your system and another system based on the IP address of each. In basic terms this allows your ISP to record the amount of data sent and received from your connection to any given server on the Internet.

Because DNS is not encrypted, and can be tampered with, your computer will send a request for a domain name to IP address translation and combining this with the packet monitoring allows the ISP to very easily tie together the DNS request for "gerbilsindresses.com" with the IP address of the server and to then profile your interaction with this site through the amount of data that you send and receive from it.

If the connection that you are using to the server is not using https then the contents of the packets will also be visible, but that's a different subject entirely.

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

Nick Ryan Silver badge

Re: NEUKlearer HyperRadioProACTive IT Weapons Systems ... Not a Foe for Fights ...

'tis a man, not a troll. From mars, no less. Or possibly a slightly insane AI, we haven't worked out yet which.

Boss regrets pointing finger at chilled out techie who finished upgrade early

Nick Ryan Silver badge

Re: It was a dark and stormy morning...

FACT... an organisation that lies so badly they even made their name a lie.

It is rather hard to steal copyright. It is, however, relatively easy to violate copyright through making a copy of something that is copyrighted without prior permission to do so or without being able to rely on one of the various standard acceptable use clauses.

Theft is taking something and depriving the owner of the use of it. Making a copy of something, even where making money off the copy is not, and cannot be, theft. The same goes for boarding a train without a tickt - this is not theft either (looking at you, Thameslink, although who would want to use their shoddy, randomly cancelled services if they had a choice I don't know).

Home Office seeks Brexit tech boss – but doesn't splash the cash

Nick Ryan Silver badge

Re: Unbelievable

Frankly, given that the average politician is only interested in themselves, all that's to differentiate the buggers is the colour of their tie. What colour lizard would you like to vote for next year?

Politicians should be highly accountable, transparent and "pillars of society" leading by example. Instead we have a house largely of self obsessed career politicians never able to see further than the next election - i.e. whether they'll be in a job or not. Most are, of course, hedging their bets on the job loss or not by taking as many bribes, embezzling as much as possible and concentrating on "jobs for the boys".

Cynic? Me? Yes. :)

Sur-Pies! Google shocks world with sudden Android 9 Pixel push

Nick Ryan Silver badge

Re: Survey...

It would be nice if it could cope with multi-mode commutes. i.e. drive to station, get train, then get tube. All driving is OK, all public transport is OK but a combination of the two never works.

TSMC chip fab tools hit by virus, payment biz BGP hijacked, CCleaner gets weird – and more

Nick Ryan Silver badge

Re: Off means I opt out

If you're thinking that it's illegal according to GDPR then it is not as this covers Personal Data only.

The complication is likely to come from the fact that the data is delivered across the Internet and therefore the sending system's IP address can be recorded and IP addresses are considered Personal Data.

Either my name, my password or my soul is invalid – but which?

Nick Ryan Silver badge

Re: Gave up on stupidity a while ago

I'm speccing a new website service and am semi-seriously contemplating not bothering with passwords at all and just emailing the user a one-shot login code. It's not the kind of website service that a user is going to use very often, I suspect once ever or maybe once every year or so and forcing a user to deploy yet another password just for this seems a but silly when I suspect that the most commonly used function on the site will be "reset password".

You wanna be an alpha... tester of The Register's redesign? Step this way

Nick Ryan Silver badge

Re: Page scroll stuttering

On demand image loading is "fine", however the new site appears to be performing processing even after the images are loaded, which is almost certainly what is causing the stuttering.

The old site, using the same browser, and all that, exhibits none of the same problems, therefore it is something related to the new site code.

I'm not "holding it wrong" :)

Nick Ryan Silver badge

Page scroll stuttering

Something I've just noticed is that with the new design the page noticeably stutters when images are scrolled into view. Switching back to the current design this does not happen. Disabling JS also stops this unpleasantness as well, although it also means there are no images...

Nick Ryan Silver badge

Re: Lines, lines and other visual distractions

CSS media selectors can be used and the images shouldn't be loaded unless required. This would require using CSS for the article image which isn't hard, but possibly annoying depending on how the output code works.

Nick Ryan Silver badge

Lines, lines and other visual distractions

The sheer number of lines are visually distracting - as noted above already the brain will automatically make lines therefore adding so many of them doesn't add anything - in fact it makes it unnecessarily complicated. Not quote as bad as the "stacked chocolate box" of GUI designs that was inflicted on users quite a few years ago.

The article age and comments indicator are unnecessarily intrusive compared to the content itself. What si more important? The article teaser text or the age and comments indicator?

The use of JavaScript to load images is unnecessary. JavaScript should be an enhacement, not an implementation.

Nick Ryan Silver badge

Re: I HATE IT!!!!!11!!!111!!

...and an animated "under constuction" gif

Nick Ryan Silver badge

But haven't we always been at war with Eastasia?

Elbonia?

What's in a name? For Cambridge Analytica, about a quid apparently

Nick Ryan Silver badge

Re: Data Controller

A link helps when posting URLs.

Not all users can post URLs.

Nick Ryan Silver badge

Re: Data Controller?

In this instance the ICO is a 'third party' and neither Data Controller nor Data Processor. This is similar to 'recipient', which is the usual category for, for example, IT support for an application that stores Personal Data where the other organisation can access the data but doesn't do any "real" processing of the data. The difference is that 'third party' has a specific legal meaning.

Ticketmaster breach 'part of massive bank card slurping campaign'

Nick Ryan Silver badge

Re: WHY...

PCI is very prescriptive and focussed about most things unfortunately this means that because of this level of proscription and focus, elements that are not specifically covered are missed out entirely because the rules don't cover them, even if they should. The more specific the set of rules, the more holes there are in them.

Timehop admits to more data leakage, details GDPR danger

Nick Ryan Silver badge

Re: run the numbers

The fines are the for repeat and flagrant offenders, particularly those that don't even try to maintain privacy. While there is an element of punishment/risk in fining organisations after a breach, if the organisation that was breached behaved well and did what they could and it's a first incidence of the time then they are quite unlikely to be fined. If you're a large, or well funded organisation, and don't do your best you will be in trouble though.

On the other hand, the buggers whose business model is hoovering up personal data directly and indirectly and then using this to build profiles of the data subjects and the data subject's contacts... they will receive fines regardless of a malicious breach.

Imagine a patent on organizing computer files being used against online shopping sites. Oh, it's still happening

Nick Ryan Silver badge

Re: IMO

.... so, in other words, a many-to-many relationship. This kind of thing is very easily implemented in a relational database, let's pluck one out of thin air "SQL-92" (note how this standardised SQL predates this claim), and has been part of standard teaching of SQL/databases since before that time.

Universe slipped Milky Way a sausage galaxy to grow a big belly bulge

Nick Ryan Silver badge

Re: Artist's impression

Had me thinking that too, then I considered that maybe they meant a Cumberland sausage?

United States, you have 2 months to sort Privacy Shield ... or data deal is for the bin – Eurocrats

Nick Ryan Silver badge

Privacy Shield was worthless from the start, just like Safe Harbor (was). Until data rights become a legal obligation and not a voluntary agreement with no real enforcement potential then there can't be any data protection equivalency.

Registry to ban Cyrillic .eu addresses even if you've paid for them

Nick Ryan Silver badge

The EU very much believes in its right to all of what you thought was your property.

Name a national government that doesn't?