1094 posts • joined 15 Aug 2009
When GDPR kicks in could they sue for 4% of UK GDP?
Re: Minor problem
This is the fault that is "leaked" to the press. We wont hear about the real snags that were found.
Re: I can save them $4,500 per month
It isn't rocket science. However I suspect that Japanese culture is a little different to ours (?)
Reading between the lines and some crazy 2+2 style reasoning leads me to conclude that someone is willing to blow $4,500 per month on an "innovative" solution to a non-problem (where I'm from - UK). However, I can imagine that I might come up with some pretty crazy sounding schemes if I had to attempt to break cultural norms. It would appear that in Japan that throwing technology - the brasher the better - is a good start to doing something pretty radical (breaking cultural norms). I've seen dafter from HR in the past 8)
This (Japan) is a land where it is apparently good form to fall asleep in a meeting, provided it is obvious that you have been burning the candle at both ends (for the firm). If that happens here, then the more humiliating the wake up, the better, is sometimes the rule. I'm not sure who is dafter ...
I can save them $4,500 per month
Managers. If they can't manage properly, then a little education followed by performance related HR procedures should get the job done. Drones in the office sounds a bit dangerous, no matter how well meaning. Besides, who is ensuring the operator (there is a human responsible for these things, I assume 8) is getting enough "life"?
I am, of course, attacking the problem from the perspective of a UK business owner. If renting drones to get people out the door at huge expense is a viable solution, then I think there is a bit of a culture difference.
Strangely enough I rarely have to boot someone out. It's not that my staff are lazy or not committed - they do go above and beyond as required and that is the key point - as required and not routinely. We are an IT firm and we've all had to pull all nighters or whatever to get someone out of the shit. We also strive to avoid the shit in the first place. We even have ISO 9000 etc to demonstrate as such. Sometimes reality matches our policies and processes ...
How bloody hard is it?
* Put a recurring entry in your financials
* Put a recurring appointment in your email client
* Use a monitoring system - the open monitoring plugins can do a check for pending expiry
* Check with your browser every now an again
* Don't ignore the tons of imminent expiry emails sent by vendors
Yes I do know why nearly all of those examples apart from a proper monitoring system will fail. Personal email address rather than a group one along with mail blindness will bugger several.
Laziness will account for most other failure modes.
You couldn't make this stuff up.
"You couldn't make this stuff up."
No you can't make it up. As it turns out, the software on your computer is bloody complicated and funnily enough it isn't perfect. I don't have MS' stats but I do know that the Linux kernel is roughly 70,000 files with rather a lot of LoC.
As it turns out, bugs happen.
Re: Still somone else's computer
"It's a fair bet that setting up a file sharing system with one of THOSE, even one that involves user names and passwords, wouldn't be all THAT hard..."
It's pretty easy - Nextcloud.
I run four of them. One of which has about 800 users. My wife's phone would have exploded long ago if I wasn't shipping photos and vids off it via Foldersync to my home instance.
I haven't had a Y Cam for a while now but: https://wiki.zoneminder.com/Y-Cam (I wrote a fair bit of it).
Because you can't be arsed
As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.
Bit of a pain
This little number is rather more nasty than every bug (with a funky name) that has been touted for years. This is *root* with no password. This is: I can ssh or RDP into your box with no password.
I don't have to mess about with anything fancy - your system has absolutely no protection against me: your root account has *****no fucking password *****.
I suggest you set one yourself. Apple seems to have let you down.
"The problem with "common sense" is that it's so often wrong"
Absolutely: you don't allow for error - navigation or mechanical.
"Do not use ".0" release. And if you do, you should know what you are doing. "
He's a Gentooer (like myself but far more knowledgeable). You don't run Gentoo and shy away from .0 software. To be honest you normally embrace pre-release, let alone released. That's how bugs get found.
You have to repair your systems from time to time in new and amusing ways but Gentoo is great fun. In winter it will even keep you warm when you do an update so you can turn down the heating.
Re: Does not work very well
$ dig @18.104.22.168 google.com A
;; ANSWER SECTION:
google.com. 11 IN A 22.214.171.124
;; Query time: 6 msec
;; SERVER: 126.96.36.199#53(188.8.131.52)
;; WHEN: Mon Nov 20 13:11:23 GMT 2017
6 milliseconds isn't too bad in my book. Bear in mind my PC has to traverse at least three switches, my office router/firewall cluster, my ISP and perhaps a fair bit of internet.
I'm a Barclays customer FWIW and I login to this: https://barclays.lifestylegroup.co.uk/auth
That gets an A+ at SSL Labs and supports HSTS and PFS.
Done before - to death
Years ago there was a toy that put your filesystem into Doom. You could run around it and shooting files ran rm.
Sailing not surfing
If you mess with <canvas> too much you will break the internet *sigh* as far as many users are concerned.
I can't see a decent way out of this tracking nonsense without a complete rewrite of how a browser uses a webserver. At the moment there is no direct analogy for websites and with the way eyeballs work. Eyeballs passively receive photons of light -> *stuff* -> image in head. Browsers don't do that, they connect, spew loads of details about themselves with each connect and run (nearly all) whatever code is sent back.
Metadata -> Data
So, assuming that agency X request details, only having metadata and approach A: Alice's IP connected to port 25 at Bob's IP and sent a stream of TLS encrypted stuff.
OK so port 25 should imply email (SMTP) and X gives a precise date and time and A keeps logs and mail archives and keeps precise time.
There are at least six assumptions in the above short paragraph, each of which needs to be proven to ensure that the data provided really matches the request. I can make the example really complicated without even sweating. I wonder why key escrow or (state sanctioned) direct cracking etc are considered more desirable as routine policy by .gov?
Re: Thats a plan...
Such a blacklist already exists. It's called: "Sure, here's my hourly rate."
That does work well until your SO casually recommends you to one of their mates/colleagues ...
Wondering what Expect-CT is? This bloke knows what he is on about:
Can you stop with the "super cali" stuff now? You'll never better the original Sun, and it's beginning to appear desperate.
True: you wont beat the Sun on this classic, given that one of their hacks created the original. However el Reg have managed some pretty decent riffs on it over the years. I don't see it as desperate but more as a nod or hat tip to a bloody good headline from long ago. Nowadays we kool kids - (I'm 47) call this sort of thing a "meme".
el Reg does "Super Cali" in the same way that Private Eye does "bloke with younger bird piccy". (My quotes).
Discover potholes in the information super-highway with this handy new tool (which itself just hit a roadblock)
Re: Time to update that certificate, but otherwise
Calendar? What, a recurring appointment style of thing? Madness.
For extra points make sure it is created by someone with their personal account rather than a shared one, who moves on a few weeks later ...
Re: Time to update that certificate, but otherwise
Bit sad really - there is no need to leave SSL certs to expire. Either use a browser occasionally, a proper monitoring system or even download this: https://www.monitoring-plugins.org/doc/man/check_http.html and run it from a cron job.
$ ./check_http -H observatory.mami-project.eu -C 14
SSL Version: TLSv1.2
CRITICAL - Certificate 'observatory.mami-project.eu' expired on Wed Sep 27 10:53:00 2017.
Re: tricky but powerful source control tool
"https://xkcd.com/1597" - that one is inserted at the top right of an article I wrote in my company wiki. The one that documents the method I used to install the wiki in the first place and update it 8)
Apparently I'm only good enough to be a burger flipper, according to an AC, rather than a company MD with 20 staff who runs Gentoo on his personal laptop and Arch on his office desktop.
I'm a fucking sysadmin not a kool kid programmer: I don't need to know the nitty-gritty of git - I just need it to do a job now and then, which it does admirably.
At least there is a discussion
This article made my minute.
On the face of it a discussion is at least happening somewhere about what happens in a "land" called the internet. It's almost as though the internet has finally become a thing.
... mmm beer ....
According to Equifax, 700,000 Brits have been seriously violated. If we assume that about 75% of the population are >=18 and there are 65M Brits then 700,000/(0.75 * 65,000,000) = 1% of the working population. Or you can go with the GDPR and probably DPA infringing value of 15M instead of 700,000.
In the UK we don't have security by SSN but then, me and the wife managed (~2005) to order a birth cert for my brother in law and then a passport for him with minimal hassle.
To be honest it only really occurred to me what we'd done/got away with a bit later: but at least he got to go on holiday 8)
"sounds like you got solid wire, and connectors for stranded"
Precisely. Solid wire goes into back boxes ("keystone jack"). You want stranded for patch leads with plugs on the ends.
Re: "They looked for the password on the CD . . ."
"Totally bog standard, and when you generate that type of certificate you MUST enter a password - admittedly the password can be a single character, but you do have to provide one......"
No you don't *have* to specify a password. Needing a password means that the certificate is encrypted and that can be removed or not even added in the first place. The -nodes in this command avoids encryption and generates a self signed certificate
$ openssl req -x509 -new -out cert.crt -keyout cert.key -nodes -days 365
I suspect that the implementation you use enforces passwords.
"corporate filling system"
"corporate filling system" - my mind is boggling right now.
Re: Quite the planning process, this
"Unlike McAffee where I had to download and run a (well-hidden) executable from their website to get rid of their bloody "1 month free" install from a shop-bought laptop. :/"
Bollocks. I'm a unix sysadmin and even I know that a browse through the reg keys (from memory - my laptop runs Arch Linux) HKLM\software\microsoft\windows\currentversion\uninstall will give you the uninstall string for any .msi based software. Failing that you stop services, kill processes, delete directories and plough through the registry. A few reboots might be required but it isn't rocket science.
... and McAfee has one fucking f. Oh and add/remove programs has an uninstaller link anyway, even for the free version - you've cocked up in some way if you think you need an additional "cleaner" - which they even provide.
OK I may have spent one or twenty years doing Windows sysadmining as well.
"Remember also that comments in source code are a sure sign your code is not expressive enough"
Five or 10 minutes spent with this should convince you that is bollocks:
Yes, I know you are taking the piss, have a UV 8)
No need for funky exploits. You simply write a script that pwns the machine (download and install TeamViewer or a keystroke logger if you are real l33t) and claim that it is actually an AD or WSUS maintenance script and slap it on a blog somewhere. It'll be copied and pasted straight into the console so many times without question, you'll have a botnet in no time. Now I don't have to learn PowerShell to do this - I can use my long honed unix sysadmin script writing skills.
Sadly, I'm only half joking ... probably
"In the UK for example, over 205 bn pounds a year go on the state debts."
It is your state as well: *you* spend it, then you get to pay it back plus interest - that's how debt works in simple terms 8)
However that isn't really how country debt works. Countries/states are able to mint their their own money which you and I can't (without a spell at 'er Maj's pleasure). They can also fiddle with the ways they "earn" money/value and can even fiddle with how to measure and declare those. Entire economies really don't work in the same way as your personal finances and it is way more complicated than the simplistic presentations in the media. Have you ever wondered where that £205B actually goes or what happens to other countries debts to "us"?
Every day a gigantic game of brinkmanship, gambling and bullshitting goes on called economics.
"As a consultant, I have minimal outgoings to offset against my VATable earnings, so it certainly feels like a tax to me when I write out my cheque to HMRC every quarter."
(I used to be a consultant, just like you) You get the (dubious) benefit of holding an extra 20% for three months for pretty much zero bank interest in return for filling out the quarterly greeny. It can be useful to tide over cashflow as well if you are careful. You also get to offset expenses although not much. I doubt many F/T employees will weep for us. I am not a fan of IR35 though although I got out just before it kicked in.
Nowadays as a business owner with 20 odd employees I get to watch as Google and co. pay a pitiful amount of corporation tax whilst my lot get to pay rather more as a proportion of turnover.
The War Against Terror (TWAT)
Wish I'd noticed that earlier, in fact I think that rather obvious acronym has been missed by a lot of people for very long time (*). A lot of Brits from this parish (at least) should be hanging heads in shame
(*)I don't recall the memo, if one was sent
The bloody news for data breaches is practically writing itself for el Reg these days.
... and yet fuck all seems to happen.
Re: Insider trading?
"I presume you lot on your side of the pond are familiar with what a secured credit card is."
Nope but I would guess that you have to lodge the equivalent of the credit limit beforehand or something similar.
Please don't knock the Mk 1 Fester - my first car. To be honest I doubt it is possible to get 300k miles on one. Mine fell to pieces way before that. The second engine blew two cylinders eventually and there were too many rust holes to count. They don't last long on the A38 racetrack between Plymouth and Exeter 8)
Re: I don't mine a skeptic. I prefer a skeptic in this position
"He's not a skeptic if he's already decided that the climate scientists are wrong and warming has stopped."
"already decided" is surely a pre-requisite for the condition described as scepticism. There's nothing wrong about critical thinking and I personally think that should be encouraged but he comes up with this gem to explain his position:
"In other words, our planet's temperature changes are linked to the Sun and the seas"
There's no arguing with that. It really does warm up during the day and cool at night time and the seas do have a massive effect on the climate, as Texans int al and rather large parts of Asia will currently testify. Unfortunately there are a few other factors at work, that those people are bearing the brunt of at the moment.
Closer to home (for me - UK/SW) I'm not looking forward to finding out that the Gulf Stream has decided to bugger off and that I will be able to ski at home. Mind you I am a keen skier (40 years), but the rest of the country is pretty unprepared for that 8)
Re: Everything, except what we really want
You don't have to use Windows, there is choice.
Re: Promises, promises
Could I tempt you to another land that involves penguins? It isn't flawless by any means but rather easier to deal with in many ways. For example, how many times have you had to spend quite a lot of time looking for updates to non MS packages? On a Linux based system all packages are in the repositories and get updated alongside the OS.
You may feel that you might be left out in some way due to lack of support or your fav apps are not available.
If it helps, Libreoffice is capable of editing nearly all .doc, .xls etc files. Email: Evolution with evolution-aws) will happily connect to Exchange.
If you do go the way of the penguin then you will also have access to a lot more stuff than you could possibly imagine on a stock MS build.
Go on, have a play.
Re: Will this turn out to be
Piss off noddy.
If you are a local and you can't be arsed to login or worse, you worry about karma, then please go away.
Of course MS do testing, well, we do their testing 8) I don't personally, what with me running Arch on my personal systems but I feel your pain. I just happen to have access to quite a few (hundred) MS based systems.
They do QA big style and I'm happy with that.
What the hell is #P-Complete?
"which shows the problem is both “NP‑Complete” and “#P‑Complete”"
A problem can't be both a bit tricky and proper fucking nutter bastard impossible. If you find yourself in that position then perhaps you have *two* problems. They may look related ...
Don't confuse "concisely defined" with "rigorously defined" - that way lies madness.
Re: Par for the course
"Innocent until proven guilty but behavior like this is right in Nutanix' wheelhouse."
Piss off AC unless you have something useful to say.
Where the hell is the bloke puffing furiously on a pipe with smoke coming out of his ears icon when you need it?
"Why does everything seem to state 'Microsoft Windows' on the system requirements recently?"
Stop whining, I for one would like to know if my system is compatible with the latest stuff doing the rounds.
Besides, you must be new here, you cool anon numpty you, MS bashing (and supporting) is par for the course and we are sometimes generous to those with high handicaps provided they have something useful to say or at least try to but you don't.
Re: "Only single player is allowed"
My thought exactly but for a different reason to yours. Unless there are more gaming related strings then my *dar would be going berserk. That phrase is missing the indefinite article which isn't a smoking gun as such - some proportion of programmers of a game may have a tenuous grasp of English even when it is their first language. However the error is unlikely to be repeated for all occurrences.
So, you start with the subset of speakers who might routinely drop an "a" when describing single players in English as a second language and correlate with other clues. Obviously you might want to consider that as a deliberately dropped clue to put you off the real scent.
*crackle* *crackle* (tin foil cloak to go with the hat)
“KVM, like other major hypervisors, supports Hyper-V's paravirtualization features,” he wrote.
I have no idea what a hyper-v looks like but it sounds a bit pervy and hence a bit wrong.
Re: A couple models are showing the potential for 60" of rain in localized areas
I know they make things big in Texas but a rain fall gauge that can even measure 5' of rain would be an impressive beast. I'm not sure how big an area would count as localized there or what time scale is indicated but that's basically a swimming pool depth of water but over an entire <localized_area>.
It get's a bit damp over here sometimes and twice in 10 years the stream at the bottom of my garden has decided to get about 4-5' deeper for a few hours which was a bit unpleasant but nothing like that. I'm quite glad I decided to live on the side of a stable hill rather than say the "levels" a few miles away (Somerset, UK.)
I sincerely hope those models are wrong.
Re: Think of the children
"Have a look at the SSL Visibilty [sic] Appliances for those who think https is inviolate."
Blow that - they are just one MitM method. If you want to really get to grips with what you can do to SSL, using software that you *can* get access to, then get hold of Squid and investigate "SSL bump".
At home I have a THINGS VLAN (and another one called SEWER for things that I trust even less than an IP camera). I really must get around to putting things like my Samsung telly through SSL bump to see what is going on. It may verify its other end's CA but given the quality of the rest of its programming - I doubt it. I do watch its connectivity when I'm bored. It port scans its LAN occasionally and chats a lot to AWS, no doubt for my benefit.
"And your numbers are off"
Yes: read up on nPr and nCr and note that n! thing.
I saw this on HN
I saw this on Hacker News and waited a while then sent a tip to el Reg when nothing appeared. I doubt I'm the only one but nearly all my links are in the article but the article demonstrates what a proper journo can do with a tip!
This is a seriously big deal and has caused a bit of a flap. The clever blokes "...but not an expert in this field..." types (eg Aaronson and Trevison) have already got the handbags out, postulated at least one flaw and retracted.
The paper is short and has a seriously aggressive approach - it describes what it is about from the start without messing about and from what little I understand the approach is quite straightforward. The real experts are keeping quiet for now and are probably going beyond simply kicking the tyres. The paper has survived a few days so far but unless a flaw is found it will still be months before anyone even tentatively supports this paper.
I really want this one to succeed: the author has got massive bollocks!
"Regretfully, the Build release of our full line of products on July 18, 2017 was unknowingly shipped with a backdoor, which had the potential to be exploited by its creator," NetSarang said in a statement.
A somewhat ambiguous statement that could, should one be uncharitable, not rule out the vendor as the creator. At best their QA is shit. At worst their practices are perhaps patriotic (just not your patriot).