nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Robert Carnegie

2810 posts • joined 30 Sep 2009

Sysadmin misses out on paycheck after student test runs amok

Robert Carnegie
Silver badge

Re: Naming Schemes

A probably former admin set us up the obscure long mineral names. What a clinoamphibole.

2
0
Robert Carnegie
Silver badge

Re: "Snoopy characters"

The star - or the would-be star - is the show's unique selling point, so you name it after them, and not a snappy title that the audience is still less likely to remember. In some cases, "The Name Of Leading Performer Show" also has a different setting and even cast each week, aside from that one constant element. "Hancock's Half Hour" for instance didn't particularly start like that but ended up that way.

It's also a case where the star plays a character with the same name, which could confuse a stupid person and worries me - although with "Hancock", the show tended to be about what the cast of the show got up to when they weren't performing the show... except that that was, in fact, the show. Even more confusing. But it did make sense for Mr Tony Hancock to appear as Mr Tony Hancock.

1
0

NHS smacks down hundreds of staffers for dodgy use of social media, messaging apps

Robert Carnegie
Silver badge
Joke

Re: deeper than that

A root vegetable is one thing, the legendary Maltese Falcon is another! :-)

0
0

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Robert Carnegie
Silver badge

A year is too long AND not long enough for a password

The article makes the point that a password can be compromised, and not used... until someone in the department gets a Nobel Prize, or you migrate your application interface to the cloud, and a new opportunity is created.

Up to a limit, passwords can be remembered by the user; my limit is 6 letters and 2 digits for several different passwords, making up little phrases to remind of the letters (the numbers usually come to mind when the letters do), and if possible not changing all of them at once. I may do better if I have to. As it is, I have one format that satisfies nearly everyone's rules. 69soddit! if necessary. ;-)

But without the exercise of regularly remembering new passwords, you won't be able to do it when you do have to. It needs practice.

1
1
Robert Carnegie
Silver badge
Joke

Punctuation

"We take customers security and privacy. Very seriously." FTFY

1
0

App-y, app-y, joy, joy: Pain-free software installer Flatpak (kinda) works on Windows Subsystem for Linux

Robert Carnegie
Silver badge
Joke

"BSDSW"

I don't know what it is but I suspect it is painful. :-)

0
0

Brit airport pulls flight info system offline after attack by 'online crims'

Robert Carnegie
Silver badge

Although

If flight times were disrupted during this incident, how would we know it? Not to doubt them, but no data means no data.

0
0

Solid password practice on Capital One's site? Don't bank on it

Robert Carnegie
Silver badge

Re: I miss my old bank

Up-vote me if you meant "I used to use", but, since a dollar denominated company presumably means you're in the U.S., could be either.

0
0
Robert Carnegie
Silver badge

YOSH-OULD-DOIT-USIN-GDAS-HES☺

2
0

The Reg takes the US government's insider threat training course

Robert Carnegie
Silver badge

Re: Regarding Hamilton...

Being divorced twice is Presidential. But that's not a recommendation.

(Donald Trump is not an actor, he is a reality person, the difference being he can't act, as his appearances in films reveal.)

A purpose of the U.S. constitution supposedly is to stop the kind of thing that Ed Snowden exposed being done to U.S. citizens, so you can't really call the exposing unfair. Putting all staff of TLAs in jail would be a bit awkward but not really unjust. The fact that TLAs of various countries sometimes did the spying on each other's entire populations instead of their own and then sent each other the backups is not an acceptable loophole.

7
1

UK.gov tells companies to draft contracts for data flows just in case they screw up Brexit

Robert Carnegie
Silver badge

Re: Transfer

Once Britain leaves, the EU can legally declare war and get it back as an administered territory. I'd find that funny, but be careful what you wish for.

13
1

Microsoft accidentally let encrypted Windows 10 out into the world

Robert Carnegie
Silver badge
Joke

Ransomware Edition

$50 in Bitcoin to stop us installing it, say hello to Clippy :-O

56
1

No, eight characters, some capital letters and numbers is not a good password policy

Robert Carnegie
Silver badge
Joke

Re: Password security check

My keyboard has a fault in password mode, it always comes out as: ********

But I do log in ok so.... I may have just told the world what my password is. It is ********

1
0
Robert Carnegie
Silver badge

Re: How about limiting the number of login attempts?

If your department's accounts lock after ten bad login attempts, then I can do denial-of-service on you by trying each account ten times. You see? This is hard.

1
0
Robert Carnegie
Silver badge

I probably could get a job for Heinz breaking into people's online grocery accounts and substituting Heinz products for the other brands. (Customer relationship meddler, probably.) You won't question it if a store delivers Heinz instead of the brand you requested - that happens - until maybe the fourth time. And then you'll assume it's a bug. But it isn't a bug. It's me. Just conveying orders.

1
0
Robert Carnegie
Silver badge

Re: I've always preferred ..

If you misremember a song then it's highly secure... maybe. I don't think "ladymondegreen" will do.

1
0
Robert Carnegie
Silver badge

Re: Dictionaries

Executives' passwords are to be remembered by their secretary. Solved. Or, they get a golden key card to insert in the PC instead of a password. And it's the secretary's job to take it out after they go home.

Anyway their hardware is... limited. http://dilbert.com/strip/1995-04-03 yes that one.

3
0
Robert Carnegie
Silver badge

Re: Password security check

Mtlhrw13

But I've changed it.

What does it mean? (1) Nothing, it's random consonants. (2) It means "Metal harrow 13", which is what I remember. And which in turn doesn't mean anything, although it sounds like it does. I don't use "Metal harrow 13", because it's longer but not really more secure. But, I believe, not less secure.

1
0
Robert Carnegie
Silver badge

My hint is "here is no hint."

1
0
Robert Carnegie
Silver badge

Re: XKCD example doesn't work for me.

Can you remember "xkcd936"?

With the punctuation marks :-)

2
1
Robert Carnegie
Silver badge

Why special characters? We all know computers run on just 0 and 1. enough of those and... it's remembering them that's a pain.

Especially when one user at work needs up to six passwords. Changed on different days, if at all.

My system - 6 letters, one capital; two numerals; no vowels. Special character? Exclamation mark, you creep. Just because a smiling brown pile isn't on my keyboard... I never used APL. Wait, a black heart, that'll do. ...Apparently you're a character that The Register doesn't support, and neither do I.

Oh - no vowels. Happy now? Wlsdyn47! [ = well s*d you anyway ].

2
0

If you have to simulate a phishing attack on your org, at least try to get something useful from it

Robert Carnegie
Silver badge

Re: Too much carrot, not enough stick.

Is clicking on a link in e-mail ever a good idea?

Hmm... yesterday I sent some third-party public site links in internal e-mail.

That's probably all right but perhaps I should have used a nice zip file?...

0
0

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Robert Carnegie
Silver badge

Re: Linux 4.19?

Currently it's The Nigerian Candidate.

That is, Release Candidate.

After all, the wealthy Nigerian - usually based in Amsterdam for some reason, the last that I heard - is just a new version of "The Spanish Prisoner".

2
0

Quit that job and earn $185k... cleaning up San Francisco's notoriously crappy sidewalks

Robert Carnegie
Silver badge

Re: Solution was already animated

My mental image is of the "Ghost Busters" - 1980s version - in their affordable on-call vehicle. I can't get rid of it.

1
0

IBM slaps patent on coffee-delivering drones that can read your MIND

Robert Carnegie
Silver badge

Re: Judging from the pictures...

Is swatting the problem or is it the solution?

1
0

It liiives! Sorta. Gentle azure glow of Windows XP clocked in Tesco's self-checkouts, no less

Robert Carnegie
Silver badge
Devil

Suggestion for backpackers

Carry a single use bag, life bag, or cotton bag; put that on scales to pack shopping into, then transfer the entire bag into your backpack. I caught cotton bags with Harry Potter logos at Poundland that fit in my new Ridge bicycle panniers. To avoid nerd conversations I chose Slytherin House bags. Working so far!

3
0
Robert Carnegie
Silver badge

Re: Bag for life.

Upvote for the "subtotal" tip for Tesco, provided that it works. Maybe I can use it at the Co-op just east from Central Station in Glasgow, where the self-service stations are clever but cramped.

Several shops seem to give me an issue of accepting a bar code but not letting me bag the item. I might get into trouble for dealing with that by laying the charged but unweighed item next to the scanner and then taking it with me after I pay for it and for everything else - but I don't see it as doing wrong. I must look honest, anyway.

0
0
Robert Carnegie
Silver badge

Re: Some taxis still run XP

Well, 4 years ago, Windows XP was legal!

2
1

Cisco smells a RAT in Breaking Security's Remcos PC wrangler

Robert Carnegie
Silver badge

Re: Every Tool is a Weapon -- Revocation Lists

It depends if the software is being sold to hackers, or being pirated by them...

It could for instance be made to check the date and time on an Internet time server, and if that's too late then this copy won't run. You need the update.

0
0

The future of humanity: A Bluetooth ball hitting your face – forever

Robert Carnegie
Silver badge

Re: Just great!

Kids should play old fashioned games, such as football, no, wait. That causes just as much trouble.

Robert Carnegie, cyclist and baller. Not footballer.

1
0
Robert Carnegie
Silver badge

It can't be as dangerous as you say, it's just a rubber ball and they didn't send you one to play with in the office so you're sulking.

Granted, I cannot find that "moon foam" is a thing..

2
4

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Robert Carnegie
Silver badge

But they do

The other day or week it was in the news... some VPN or super-secure browser (obviously Tor? Or not) was using secure anonymous comms with web sites, but ordinary unsecured DNS on the user's machine to look up the web site address. Oops! So, not to be sniffed at? Au contraire.

1
2

Techie's test lab lands him in hot water with top tech news site

Robert Carnegie
Silver badge

Silly! Minions don't speak... English.

...I'm not going to count the word "Banana", used in the Minion epic adventure, "Banana".

7
0

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

Robert Carnegie
Silver badge

Infamy! Infamy!

Or of course "en famille"...

They've all got it - oh, no they haven't.

3
0

Faxploit: Retro hacking of fax machines can spread malware

Robert Carnegie
Silver badge

Sure, here's how I did it yesterday (not really).

As bad guys know already: there are historic bugs in widely used versions of JPEG image data handling library. JPEG is basically Zip file for pictures. Fax machines can handle JPEG data, and due to either a new bug or an unpatched old one, you can send binary data and code in the format of JPEG - maliciously malformed data - to a fax machine, and it will hit the bug and START EXECUTING THE PROGRAM CODE IN YOUR JPEG STREAM INSIDE THE FAX MACHINE. Well... there is some more work to do to get there from "buffer overflow" or "chair stacking", but it's not -difficult- work.

And since the fax machine these days is networked, once it's pwned, you have an enemy inside your camp - or your network.

So, no, please don't publish details, such as a QR code of the data file needed to hack any fax machine.

1
0

Dropbox plans to drop encrypted Linux filesystems in November

Robert Carnegie
Silver badge

Re: Filesystem choice

Dropbox is to sack up your files automatically to the cloud, yes? That sort of is about disk management, then.

0
9

It's official: TLS 1.3 approved as standard while spies weep

Robert Carnegie
Silver badge

Re: no-brainer for sysadmins

Tell management that all the kit will stop working at the end of 2018. In terms of working securely, that's not so far wrong. Y2K18 Bug: This Time It's Spurious. You could probably even persuade them that "spurious" means "very, very bad." Serious and worse. So when they ask the consultants, "Our guy says this threat is spurious, do you agree?" "Oh yes, it's the most spurious that I've ever seen."

I suppose this is a Man In The Budget Freeze Attack:

15
1

Prank 'Give me a raise!' email nearly lands sysadmin with dismissal

Robert Carnegie
Silver badge

https://www.theregister.co.uk/Tag/on-call

And it turns out:

https://www.theregister.co.uk/Tag/who-me

But no longer

https://www.theregister.co.uk/Tag/line-break

which I guess was kind of tech-ie for readers.

3
0

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Robert Carnegie
Silver badge

Re: was it the red wire or the blue one to disarm the bomb?

Perhaps the detonator has a tamper switch. Start to pull out the detonator and boom.

On the other hand, there's an argument that terrorists' home-made bombs are built with an off-switch for safety, as they are liable to be precarious otherwise. But once you place the bomb, you may remove the off-switch. Then, you know, run.

The off-switch appeared in a TV programme I watched recently; I won't say which as it may spoil the surprise i.e. not wiping out the cast of the show. (That is, the characters, but with some special effects, who knows.)

1
0
Robert Carnegie
Silver badge

Also

How do you distinguish your chaff bugs, which don't need to be removed from the program, from actual bugs, which ought to be removed? If you can't tell them apart, then haven't you given yourself the same problem?

14
1

Devon County Council techies: WE KNOW IT WASN'T YOU!

Robert Carnegie
Silver badge

Re: dispatch or despatch

I'd write "send". With despatch, or with dispatch if I feel like it.

Since the 1960s and mostly in Scotland.

3
0
Robert Carnegie
Silver badge

Re: Thanks, Labour

Wikipedia has incomplete records for recent Devon County Council elections, but they appear to have been Liberal Democrat after 1997 and before 2009, since when they've been Conservative. And UK.gov put the screws on state school term-time holidays in 2013 (and I'm disinclined to disapprove). So, "thanks, Labour" not so much. Good news is that there won't be any state schools left soon, and, leaving your daughter in the pub after a good lunch - presumably still fine, and by "fine" I don't mean money taken off you. Unlike Devon Conty Cuncil.

35
9

Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt – and how bitter tech rivals teamed up

Robert Carnegie
Silver badge

Re: replace their processors??

Well, if the flaw is firmly baked into the hardware, the speculative execution microprocessor, then the only way to remove the flaw is to remove the processor and replace it - or replace the machine that contains the processor. This obviously is inconvenient but it would be the only way to stop the flaw properly. Or run a really, really good anti-virus - but that's not a 100% answer.

It's like if your equipment will all stop working at all at the end of, oh, the year 2000 - in that case, you simply have to plan to scrap it then, or, before then. And sue the supplier, of course.

The alternative was a lot of work.

2
0

Time to party like it's 2005! Palm is coming BAAAA-ACK

Robert Carnegie
Silver badge

Re: Awesome! I love Palm!

PalmOS emulation is in existence. But I don't know if it will be included in these devices.

1
0

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

Robert Carnegie
Silver badge

Re: Old fashioned

If I go to your UK voting centre first I can just say that I'm you. And more people don't vote than do, so they might never know. Maybe we should improve the system, although the main motivation for doing so presumably is to stop political left-leaning people from voting.

3
11

Oi, clickbait cop bot, jam this in your neural net: Hot new AI threatens to DESTROY web journos

Robert Carnegie
Silver badge

Re: what exactly is a clickbait headline? It's a tough question

I count Register puns - not to mention the rhyming headlines - as a reason not to read. If your story doesn't hold your own attention......

0
3

Password strength meters promote piss-poor paswords

Robert Carnegie
Silver badge

Re: Passphrase.Life gets it right!

Since Passphrase.Life snidely rejects connection by Internet Explorer, feel free to tell me how it rates my recently discarded random-ish password: Mtlhrw13

(Mnemonic: "Metal harrow")

I have been sceptical of https://www.my1login.com/resources/password-strength-test/ which says,

"Time to crack your password: 443 years

Review: Fantastic, using that password makes you as secure as Fort Knox."

- but also says "Make your passwords at least 15 characters long": why? 443 years to crack that one, and it expires after about one month.

So... maybe the assumption about how good cracking hardware will be 442 years from now is not up-to-date.

0
0
Robert Carnegie
Silver badge

Re: @AC

Leave out vowels and you may not hit a block on using real words in a password. However, my method is a handful of random letters... that aren't vowels; when I make a password up, I expect it to be accepted.

Counter example as I've mentioned before: Fiqbly54 apparently contains a real word (I presume "Fiq", either a sort of fig or a mistyped one) and a personal name ("Bly" I suppose exists), so a strict password rejecter may reject it.

I presume you wrote or have seen the spoof password policy which allows at most one actual password to be used, so we will take that as read.

0
0

'Can you just pop in to the office and hit the power button?' 'Not really... the G8 is on'

Robert Carnegie
Silver badge

Re: Geiger router

If the router gets reset when there's no traffic... is that going to be happening all night at 5 minutes intervals? Or do the servers chatter amongst themselves all night (the ages hang heavy on their dusty data banks)... Or do you breed a router that generates its own "keep alive" packets?

5
0
Robert Carnegie
Silver badge

Re: That sinking feeling

"Ely. the first, tiniest inkling that something, somewhere has gone terribly wrong." From "The Meaning of Liff" by Douglas Adams and John Lloyd, a fictitious compendium of dictionary meanings of place names, especially British places. "Ahenny. The way people stand when examining other people's bookshelves."

17
0

The Register - Independent news and views for the tech community. Part of Situation Publishing