* Posts by 0laf

1967 publicly visible posts • joined 25 Nov 2009

50 years on: Apollo 12 failed at selfies but succeeded at dismantling a probe

0laf
Thumb Up

Nice article

I picked up "A Man on the Moon" as an audiobook recently. For those who don't have the time to sit and read a paperback but do commute I can recommend it.

There are thousands of little interesting snippits of this facinating era of history. The astronaughts were a unique and diverse group of individuals of huge talent and drive. It's a real shame that people like them aren't held up as examples now instead of the vacuous 'influencers' we have.

'Literally a paperweight': Bose users fume at firmware update that 'doesn't fix issues'

0laf
Mushroom

This is the IoT in action, this is the future. Everyday items that won't work without a fucking data connection or a fucking app even though it adds nothing to the core function of the device. What it does add is massive complexity and therfore an exponential increase in the number of possible failures, it also adds an opportunity for the supplier to make your device cease to function for reasons other than its core function.

Apps in cars scare me. My car phones home to its builder not me. Some can be opened by a fucking phone app. Does no one see how absolutely batshit mental that is?

Back on topic, I have some BOSE QuietComfort Headphones, They're wired so dumb as rocks, they just work, I like them a lot.

I have a soundbar and a sub for my TV. I have an LG tv so I got an LG soundbar and sub. They talk to each other over bluetooth and optical cable. Nothing smart no internet, no firmware. They just work. I hat to switch to a Panasonic TV, I connected up the LG soundbar. It just works.

I hate 'smart' devices.

Weird flex but OK... Motorola's comeback is a $1,500 Razr flip-phone with folding 6.2" screen

0laf
Paris Hilton

Re: Aspect ratio very odd

Multiple shake automatically brings up PornHub in an Incognito window.

0laf
WTF?

I'm not sure if having a phone with a microphone at the mouth and a speaker at the ear is really very marketable these days. Well judging by the number of utter fuds I see walking about holding a phone out in front of them like it's a biscuit they're about to eat.

0laf
Trollface

Re: Aspect ratio very odd

To let other people know that the holder has spent £1500 on a phone and therefore must have lots of credit be an influencer or some other form of self-satisfied git.

What other purpose is there for a flagship £1000+ phone these days?

0laf
Happy

Ok it's too expensive but as a form factor the folding screen makes a lot more sense in this than the others we've seen.

The second (probably toughened) screen on teh outside is useful too with the added bonus of cutting down on the number of times the phone will need to be unfolded.

Shock! US border cops need 'reasonable suspicion' of a crime before searching your phone, laptop

0laf
Alien

Re: No problem

I would think that "being a bit brown" is probably going make for “reasonable suspicion” in most cases. In all others "holding a passport" is probably going to do.

Gas-guzzling Americans continue to shun electric vehicles as sales fail to bother US car market

0laf
Meh

Re: SUVs are the scary bit

They are also more likely to roll over in an accident due to their higher centre of gravity.

So although people often feel safer in large SUVs they aren't necessarily safer for the occupants or the collided.

Bloodhound rocket car target of 550mph put on ice after engine overheat

0laf
Pint

Dear AC

Excellent multiple entendre, good work.

As for the car, this is mostly pointless yet fascinating.

Onwards chaps to 1000mph but stay safe

UK Home Office: We will register thousands of deactivated firearms with no database

0laf
Trollface

Re: What's not to like?

They'll still find a way for this to cost £20 Million and not work.

Here are some deadhead jobs any chatbot could take over right now

0laf
Pirate

Re: Scam callers

Unfortunately my fun with these guys is being spoiled because they have indeed replaced the "you've been in an accident" callers with robots. It's not AI it's just a script with pauses built in.

I really think this is unfair, those guys have to play the game. They robo call me about a fictional 'accident' and I get to take the piss for 5 min with a terrible long winded tale of woe at the end of which, just like the comment above, I always die. Or I pretent so be a senile old man with hearing problems that likes to talk about toiletting issues.

It's really no fun at all finding out the bloody robot isn't listening. It's just not cricket old chap.

ZTE Nubia Z20: It's £499. It's a great phone. Buy it. Or don't. We don't care

0laf
Meh

Re: Not a Yotaphone

That's what I was remembering. I still think that is a better idea so that the second screen can persistantly show data of your choice without overly draining the battery.

This seems very much a gimmick.

Communication, communication – and politics: Iowa saga of cuffed infosec pros reveals pentest pitfalls

0laf
Holmes

Hard to have a contingency for politics and bloody-mindedness. But the testers shouldn't be caught in the middle.

I would hope in the UK the Courts or the Procurator would have sense to see there would be no public interest in pursuing a case like this.

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

0laf
Meh

It's not that simple though is it

There is value in a simple message. Your out of date software scores a CVSS of 10 therefore "critical" therefore you must fix it.

That's a nice simple message to give to non-technical decision makers.

The nuance around the 'risk' presented from that vulnerability is much harder to articulate. And that is probably best managed by whatever means is most appropriate for the organisation. That doesn't remove the value of the simple scoring mechanism it just puts an onus on security staff and accreditors to use that information properly

Tech and mobile companies want to monetise your data ... but are scared of GDPR

0laf
Childcatcher

Good!

I want them to be terrified of screwing up with my data.

Paralised with fear.

Although TBH I'd settle for pretty much giving a shit since most companies I run into still appear to be using data on a wing and a prayer.

Boffins hand in their homework on Voyager 2's first readings from beyond Solar System

0laf

"The two Voyagers will outlast Earth," said Bill Kurth

That's going to be a mindfuck for anyone that worked on them.

Would collisions with interstellar atoms erode the probe over that amount of deep time I wonder.

Heads up from Internet of S*!# land: Best Buy's Insignia 'smart' home gear will become very dumb this Wednesday

0laf

Nooo

If it's anything you really rely on then having it be 'Smart' is a very bad idea unless you will be very discipline don replaring all your kit when support expires.

I really think we need some sort of regulation, I guess in environmental terms, that any tat like this must be supported for a minimal amount of time AFTER sales cease. I'm thinking 5yr for smaller items and 10yr for larger things (freezers / cars).

I saw an advert of a new BMW just last night that showed the car being opened by using (I assume) NFC from the drivers phone. OK I work I infosec but that just looked like a very very bad idea to me. Bad enough that I wouldn't want it on a car I'd just spend £45k on (New BMW 135 if you want to look up the ad)

PowerPoint! Word! Excel! Lens! By your powers combined, I am Captain Mobile Office

0laf
Holmes

Slurp?

Have MS run its data slurp passed the EU data protection board so that we don't roll this out only to be told it's unlawful becasue MS has decided to snuffle at the data trough without looking back on previous decisions against it?

Not just adhesive, but alcohol-resistant adhesive: Well done, Apple. Airpods Pro repairability is a zero

0laf
Boffin

Think of the trees...

Non-replacable batteries should be banned unless they are designed (and warrantied) to work for 5yr or more (like the 10yr battery in a smoke detector).

(Environmental, tree hugger type icon needed).

Microsoft sees sense, will give Office 365 admins veto rights on self-service Power tools

0laf

"Microsoft 365 admins will be able to disable the self-service platform, on a per-app basis"

Does this mean that 365 admins will have to continually check for new apps and block them individually?

I hope I'm reading this wrong and that everything is blocked by default and admins are whitelisting what's allowed.

But this is MS so no chance really.

Cyber-security super-brain Rudy Giuliani forgets password, bricks iPhone, begs Apple Store staff for help

0laf
Mushroom

Speaking truth to power

Most people in power have no idea about these things. They rely on minions to sort all this stuff out for them. Passwords are for PAs. Security gets in the way and if it goes wrong then it's someone elses fault anyway.

Some of it is forgivable, these are busy people and systems and securty should be designed with their operation needs in mind. But they are also high profile targets and can't escape their reponsibilities.

You can't transfer risk by shouting at your PA or an IT tech and you can't change the threat landscape by waving your arms around in a irritated fashion.

Delayed, over-budget smart meters will be helpful – when Blighty enters 'Star Trek phase'

0laf
FAIL

How many SMETS1 meters are sitting borked?

What's the environmental impact of them?

I've refused one I disagree with the policy so much. And I'm a lazy shit that would love to not bother doing meter readings.

Xiaomi the way to go phone: That would be with a 108MP camera by the looks of things

0laf
Meh

Real world use

Will people actually use the capability of that camera? I've got a P20 Pro with in the 40Mp camera. I think I've used it in the 40MP setting two or three times. It is set as default to 10MP and I've never had much desire to change it. You can't zoom or do any of the other options at 40MP. I just wonder if this is number for marketing purposes really.

Come on, you can't be serious: Now Australia mulls face-recog tech for p0rno site age checks

0laf
Big Brother

1984

A Telescreen in every room with a microphone and camera just in case.

Your face scanned and stored in a government database for tracking via the ubiquitous cctv and telescreens.

Your car tracked for the purpose of per-mile road taxation

Your encrypted internet traffic decypted for your own good by the government, if you get your money stolen it's for your own good

And all shared with big business because, we'll, you must consume.

I'm not saying we're heading towards a dramaic dystopian future but it looks bloody close. It's like a bastard future mated from 1984 and They Live.

Microsoft welcomes ancient Project app to the 365 family, meaning bleak future for on-prem

0laf
Facepalm

Oh FFS

If users are able to self-serve this I can see a sudden realisation when we're paying thousands monthly to cover every user that has accidentally subscribed to Project 365 to open a Project file they were sent by a 3rd party.

They'll be doing fucking loot boxes on 365 for enterprise next.

Will someone think of the taxpayer? UK.gov needs to stop burning billions on shoddy procurement, says Reform

0laf
Facepalm

On the flipside if you procure for government even in a very small way, if you step outside the rules in the slightest many companies are very quick to challenge and threaten legal action.

It makes for a very bureaucratic and inflexible process which is pretty unpleasent for all parties and rarely gets to the desired outcome.

Remember the 1980s? Oversized shoulder pads, Metal Mickey and... sticky keyboards?

0laf
Unhappy

Re: ok just 15 years ago...

Yep, I've told the story here before. When I did home visits for cash I had one guys comuter that was overheating and shutting down. When I opened the case it was half filled with cigar ash. He was in habit of tapping his cigar on the front air intake and the ash was was drawn inside. It took along time before the smell of it went from my mind.

I can't actually remember what happened in the end (this is 20+yr ago). I think I hoovered it out and it worked fine after that.

0laf

Coke (and other cola drinks heavy with citric acid) were well known keyboard and mobile phone killers. I know thta if I was asked about recovering a mobile phone with coke spilled on it I always told the owner that it was almost certainly a dead loss. the acid and the sugar was always a good combination to destroy electronics.

I used to work in car dealerships doing their IT in the early 00's. It took a touch machine to last more than a year in a garage workshop. They weren't the toughened deviecs seen now just basic PCs with 21" trinitron monitors to display repair manuals.

Franco-stein's on the move: Spanish dictator turfed out of decadent mountaintop mausoleum

0laf
Headmaster

Teaching

The Spanish Civil War was only a couple of years before I was born yet I know next to nothing of it. That's quite worrying really. I have no recollection of any teaching, or even a documentary on it on the TV.

I see your blue passport and raise you a green number plate: UK mulls rewards scheme for zero-emission vehicles

0laf

Re: Wealthy

So you're rich enough to buy a new EV witha green plate.

Why sir step up and have some free parking and free charging as well. You know you're worth it.

To the social worker oik in the 20yr old diesel, back of the lot for you and it's £15 a day for your stinking jalopy.

Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365

0laf
Facepalm

Just no

Microsoft. Collectively you're an asshole.

But who pays for this, do you need a coporate credit card?

Can anyone with a budget buy this (and probably soon anything out of the store they like)?

If MS make 365 a fucking toyshop for anyone with a budget it'll be crazy time until we go round nailing P45's to people heads.

Soon followed by the massive GDPR fine we'll get for someone buying a random sharing app they should never have touched.

365 will soon be so untrusted the worked involved in moving thick staff to 'Nix will start to look appealing.

No one would be so scummy as to scam a charity, right? UK orgs find out the hard way

0laf
Childcatcher

Re: Churches are even worse

Yep, I personally know one formal accountant who sole £30k from a church by getting himself into position as a treasurer. Small charities like churches are often so desperate for help that it's quite easy to infiltrate.

This individual avoided jail somehow. I know of other accountant who stole less and were sent down.

Don't look too closely at what is seeping out of the big Dutch pipe

0laf
Big Brother

Re: A serious question

There is a difference between 'active monitoring' and 'investigation'. Watching what employees are up to in realtime is surveillance which is legally a much harder thing to justify then investigating retrospecively the recorded browsing habits of an employee that has been fingered for some reason or other.

If you're a lazy barsteward that spends all day on the internet then it's very easy to justify having a look back at what you've been up to for the last few months.

Surveillance needs to be in compliance with RIPA (or RIPSA depending on your UK location) .

0laf
Devil

Re: We never said anything to anyone...

Yep, I've also discovered coworkers who were ostensably happily married men who were either trying to consume gay pr0n at work or had signed up to gay dating sites using work email. These were managed without those employees knowing that I knew.

I think you'd have to be pretty evil to do anythign else.

Samsung on fridge cert error: Someone tried to view 'unsavoury content' in middle of John Lewis

0laf
Pirate

I thought it was normal to try and pop the passwords on the laptops etc in Currys. It's all fair game surely?

Junior minister says gov.UK considering facial recognition to verify age of p0rn-watchers

0laf
Paris Hilton

Will it need to record your 'O' face?

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back

0laf
Holmes

Would the financial ombudsman get involved maybe? Paypal is after all a financial services company. It will have statutory obligations to customers.

Fancy yourself as a bit of a Ramblin' Man or Woman? Maybe brush up on your cartography

0laf
Headmaster

I appear to be under the impression that quoting 'DevOps' or 'Agile' is simply a way for many people and organisations to produce shit and without having to apologise for it.

I assume that done properly these process can work?

Lenovo unfolds time frame for bendy ThinkPad: Pricey Windows PC out in summer '20

0laf

A foldable desktop all-in-one makes more sense to me. Make the thing a tri fold with a stand and add a folding full sized keyboard. Ok it needs a desk to work on but it could be any table and it'd be far more useful for actual work than a pishy little screen half taken up with a virtual keyboard.

Three UK goes TITSUP*: Down and out for 10 hours and counting

0laf

I didn't realise it was borked. Phone was on emergency calls only. I assumed it was the phone having a moment and restarted it and all was well. Turned out that was the official advice anwyay.

Well, well, well. Fancy that. UK.gov shelves planned pr0n block

0laf
Gimp

Re: Thank goodness this was announced

Oh cum on! You know the government will have spunked at least few million quid on consultants and consultations with their rich friends. A golden shower of cash for them to gobble while the rest of us remain in bondage with our delicate encryption to be vigorously violated by government probes and insertions.

Devs getting stuck into Windows 10X on Surface Neo will have to tussle with UWP

0laf
Alert

I feel dirty but with the little keyboard on I quite like that. But I wouldn't care about the rest of the screen

TBH a bit like a mini version of the Asus Zen Duo. I nearly bough one of them but then found I could get a workstation with a proper keyboard for hundreds less. The engineer in me went for functional over shiny.

Cassini may be dead – but its data shows basic building blocks of life spewing from Enceladus

0laf
Boffin

I wonder

I wonder, if whole cells (frozen or otherwise) were ejected by the plumes, would the detectors on Cassini have been able to detect them or could it only detect chemical signatures of component molecules?

Just a passing thought....

If your org hasn't had a security incident in the last year: Good for you, you're in the minority

0laf
Childcatcher

"Details of exactly what constituted a "breach" were not made available by Carbon Black". Then their publication is really pretty meaningless. I don't doubt that 84% (probably low) have had a breach of some sort but the majority will have a fairly negligable impact.

In terms of data you can have breaches and/ or incidents which many / or may not be the same as a security incident.

It's really lies, damned lies and statstics

An unbearable itch to migrate your OS to the cloud? You might have a case of Windows VD

0laf
Facepalm

I can see it now, we spend £100k setting up with this and after 6 months Nedella doesn't like the colour or decides everyone is going to use iPads and pulls the plug.

'Six' in the city: Kiwi sportswear shop telly beamed X-rated flicks for hours over weekend

0laf
Paris Hilton

Think you're missing the 'w' on 'hacker'.

Paris coz' well, I'm sure tehre has been a bit of hacking done over her home movies.

Hold up, ace. Before you strap into Firefox's latest Test Pilot, ask yourself...

0laf
Big Brother

I think the question is really "Are you safer with this than without it?".

But even more specifically "Are you sometimes safer to use this?"

It might be that in some circumstances "new coffee shop with unknown wifi" you will be much safer with this even if Cloudflare is mining you for 24hr.

But then you'd be safer overall if you didn't use unknown wifi and wait till you get home to do anything that involves shopping or banking.

From pen-test to penitentiary: Infosec duo cuffed after physically breaking into courthouse during IT security assessment

0laf
Facepalm

Re: Naivety...

What was the scope of the testing? If the company didn't make it clear that the testing could include measures up to and including physically breaking and entering premises then they could be in trouble.

Unfortunately I'm guessing that the customer here has probably given a vague scope of works, "we need a security test", and the supplier hasn't made it clear within the contract documents what that will entail. Howeve I'd have hoped that this would soon become a case between customer and supplier and the employees will be taken out of the firing line.

Infosec prophet Bruce Schneier (peace be upon him) is only as famous as half of Salt-N-Pepa

0laf

Re: [None of us made it – Ed]

There is no chin behind Bruce Schneier's beard. There is only another pseudorandom number generator and he's gonna use it to encrypt your face.

https://www.schneierfacts.com

Oops: Rockets lighting their tails is a good thing – but not three-plus hours before lift-off

0laf
Flame

Danger

Never return to a lit firework