* Posts by big_D

6775 publicly visible posts • joined 27 Nov 2009

Reg reader rages over Virgin Media's email password policy

big_D Silver badge

Re: Virgin, bringing you the barely-adequate security from 2002

I've actually refused to sign-up on sites that don't offer secure passwords - I use a minimum of 25 characters, with special characters, numbers etc. And I always set 2FA, where possible. And, again, I've started deleting accounts that don't offer 2FA, if those accounts are important.

Heck, even my Windows password, that I type in dozens of times each day is well over 10 digits and includes special characters...

Why Nvidia sees a future in software and services: Recurring revenue

big_D Silver badge

Re: It won’t work in the UK

Yes, but they would still be required to advise you of which features fall under a separate contract with the manufacturer...

big_D Silver badge

Re: Things / Ideas

Nissan have been doing that for years, with the connect system in their infotainment systems. My 2014 Qashqai had a year's worth of access through the app - entering nav destinations in the app and it syncing with the head-unit, when I got in the car, for example - after than, it was over 100€ a year to continue using it. I only used the feature once in the free year, so I never re-upped.

big_D Silver badge

Re: turn on car features, such as driver assistance, through subscription services.

It will be in the contract you sign, when you buy the car. So much up front and a monthly fee for the value-add services (like heated seats in BMWs, if they get their way).

Given it will be detailed in the contract you sign, when purchasing the vehicle, you won't be able to sue them, when you don't pay the monthly fee and it stops working...

Ukraine invasion: We should consider internet sanctions, says ICANN ex-CEO

big_D Silver badge

Re: It's over

You did read the article, right? The bit about not affecting citizens, but the military and propaganda apparatus?

AMD reminds everyone it's still doing Threadrippers

big_D Silver badge

Re: Alright, I'm outta here

I discussed with a colleague, back in the mid-90s, a virtual coding environment, where you would walk around code blocks and debug them, the code blocks (functions, methods etc.) would glow in different colours and intensities, to show where the most work was being done. You could then zero in on heavy duty areas, or spot infinite loops etc. visually very quickly and analyse those areas and optimize them. And that with other developers in a virtual room.

But the VR technology of the time wasn't advanced enough for that sort of stuff... If only I'd gotten around to writing it down.

Saving a loved one from a document disaster

big_D Silver badge

Re: Mad dash...

No idea, brain fart.

Several hours.

big_D Silver badge

Mad dash...

A timely one, I was working for a company that "printed the world's money", literally.

One of their clients, the director of a Russian bank, phoned up in a panic, his daughter was studying at Oxford and had to hand her dissertation in that day, but the computer had corrupted the hard drive! (We had supplied her with an old Olivetti PC as a favour, this was early 90s.)

The PC was couriered over to us and I had to spend the afternoon trying to recover the document. I managed to get most of it back, but there was a lot of "noise" in the document, queue hours going through the whole document, word for word, replacing hieroglyphics with real text. I also added some formatting and corrected spelling and altered a few sentences to make sense.

We printed and bound the document and got it couriered back to her an hour before her deadline.

I was promised a bottle of vodka, but it never turned up...

On another occasion, I was working for an oil company just outside London. A user called up, her Mac had frozen, mouse didn't move and it didn't respond to keypresses. I gave her the bad news and told her, she'd have to reset the Mac. She didn't like that. I told her, there was nothing we could do. An hour later, she called again, asking why I hadn't visited her... So, of I trot, over to her desk (in another building), waggle the mouse, nothing, mouse pointer didn't move. Usual keypresses, nothing, totally frozen! I reached around the back and turned it off, counted to 10, turned it back on and ensured it booted cleanly.

By the time I got back to my desk, there was a complaint filed against me, because I had taken so long to get to her, then all I had done was turn it off and on again - which I had told her to do on the phone. Luckily, it was only a short term contract and the helpdesk manager took my side, so no real fallout.

big_D Silver badge

Re: Imperrfect

And a live DJ in the queue, playing music and interviewing WP employees, better than the montone music loops and pre-recorded voiceovers today.

One interview was so good, and funny, I actually asked the operator to put me back in the queue, so I could hear the end of it!

Second data-wiping malware found in Ukraine, says ESET

big_D Silver badge

Re: In time of war Truth is the first casualty

Just go look at Bellingcat, if you want verified information.

https://www.bellingcat.com/

A Snapdragon in a ThinkPad: Lenovo unveils the X13s

big_D Silver badge

Re: Seduced and abandoned by yet another attempt at a non-x86 Windows?

I remember Windows on MIPS, Alpha, Itanium and a few other processor platforms, heck they even allegedly had a fully working Windows NT 4 for PowerPC, back in the day.

I really like Windows on Alpha, but there were never really any native apps for it.

Your app deleted all my files. And my wallpaper too!

big_D Silver badge

Re: Concepts are hard to understand

No problems with encryption, all drives are encrypted and USB drives for transferring data have to password encrypted as well.

But, if the data is lost due to the employee storing it only on their laptop and it get lost, stolen or damaged, it is a disciplinary offence.

big_D Silver badge

Re: Concepts are hard to understand

It is actually in our company IT policy, that we are not allowed to store business relevant data on the local drive, all data has to be stored on the network, where it will be automatically backed up.

Working in home office, I sometimes make a working copy locally, if it is a big file, but generally, I just work off the network drives.

If we break the policy and the PC is stolen or the drive is corrupted and we lose business critical files, it is a minimum of a written warning for breach of company policy.

A tale of two dishwashers: Buy one, buy it again, and again

big_D Silver badge
Facepalm

Re: Personalised Ads

I had some oddball US guy who runs some sort of charity, the advert lasted 45 minutes (yes, minutes!!!!). It was rolled 4 times in a 10 minute YouTube video!

big_D Silver badge
Paris Hilton

Re: Personalised Ads

And that would be bad, because?

big_D Silver badge
Mushroom

Personalised Ads

I've been saying this for nearly a decade. Personalised ads are totally useless.

Why do I have to put up with all the thousands of tracking cookies to keep getting adverts that are totally irrelevant to me?

YouTube at the moment, seems to think I am a game playing retiree with rheumatism, in danger of shingles, that I play Call of Duty and that my newborn baby should be vaccinated against meningococcal infection...

Only, I'm not retired, I don't have rheumatism, shingles isn't an issue, I don't play CoD and I don't have a newborn baby, so personalised advertising is... 100% inaccurate!

Just profile the page I'm looking at and leave me alone, you probably have a better chance of getting the advertising right, if you look at the page I'm reading, about big iron routers, than by some crazy broken AI looking at the data it has collected about, throwing it out and making things up at random... It at least can't be any less accurate than the personalised advertising.

FreeDOS puts out first new version in six years

big_D Silver badge

Re: I only had a 286

Reading the documentation, by v5 of QEMM386, it could run Windows as well, but when WIndows 3 first came out, they were mutually exclusive, ISTR.

big_D Silver badge

Re: USB?

GRC's Spinrite uses FreeDOS as its boot platform and it recognises USB drives. In fact, you can boot FreeDOS from a USB drive.

big_D Silver badge

Re: I only had a 286

That didn't work for us. We were using Windows (himem.sys) and Lotus 1-2-3 (qemm386.sys), (I think, anyway, we had to constantly swap back and forth between himem and qemm386), so swapping from 1-2-3 to Windows and back needed the config.sys replaced and the PC rebooted.

We had an automated batch file to swap back and forth, but it was still a pain.

big_D Silver badge

Re: Protext

I had Protext on my Amstrad CPC, the Amiga and PC.

It is still one of the quickest, easiest to use word processors I've ever used.

No distractions, just a simple UI to allow you to write and then put inline margins etc. in for formatting.

I believe Computer Shopper or PC Format once included it on a PC CD-ROM cover disc.

Wordsworth on the Amiga was probably one of the best WYSIWYG word processor, without going 100% DTP, at the end of the 80s, but it was painfully slow at times. Arnor ProText was just text mode, but it was fast and you could still do all the formatting you needed.

Journalist won't be prosecuted for pressing 'view source'

big_D Silver badge

Re: Violation of the law...

If they are in a folder marked top secret and you read them, yes. If they are in a sealed folder and you hand it unopened directly back to the army base, no. If they are just loose scraps of paper laying around, with the information for all to see, you can't help reading it, as you try to ascertain who they belong to.

But in this case, you can't help not read them, if you are looking at the source code, because they are explicitly openly listed in the source code. If they had been encrypted and he had tried to break the encryption, then he would have been at fault, likewise if he tried to use the data for nefarious purposes or sell the data on, which he didn't.

big_D Silver badge

Violation of the law...

"There is an argument to be made that there was a violation of law," said Thompson in a statement [PDF]. "However, upon a review of the case file, the issues at the heart of the investigation have been resolved through non-legal means."

Erm, yes, the violation of the law was upon whoever wrote the website code to expose the personal information. So they have decided not to prosecute the company/department responsible for the site...

IT technician jailed for wiping school's and pupils' devices

big_D Silver badge

WhatsApp (Meta) explicitly say, if you have business contacts on your phone, do not use WhatsApp Messenger, because it isn't GDPR compliant and you should use WhatsApp for Business instead.

https://serbusgroup.com/comms-posts/the-gdpr-implications-of-using-whatsapp-for-business/

WhatsApp has so far been used by many companies in their business operations, but the question of whether WhatsApp can be used in companies in accordance with GDPR must be answered with a clear NO. Under certain circumstances, its use can lead to considerable fines.

https://aigner-business-solutions.com/en/whatsapp-gdpr-compliant-why-whatsapp-is-problematic-under-data-protection-law/

big_D Silver badge

Due to GDPR, we can't use company accounts on our private devices and we can't store private data on company devices.

If we need to access work data outside of the office, the company provides the equipment to do so.

I prefer it that way.

big_D Silver badge

And where were the backups?

The article states that their personal devices were affected. I'm guessing they were connected to the network using VPN?

A dodgy move from the school in the first place, but I'm guessing he could see those private devices logged into the network and issued the reset commands on them as well.

Or possibly Outlook policy to allow remote wipe?

I also object to him being called an IT professional, his actions are anything but professional.

EU Data Protection Board probes public sector use of cloud

big_D Silver badge

Re: I can see the “private cloud” arriving soon

There are plenty of cloud providers in Europe that have no ties to the USA, so would be capable of running a compliant cloud service.

big_D Silver badge

Re: AWS?

Exactly, and this is why Privacy Shield failed and why any replacement will fail, so long as the TLAs carry on with their paranoia and can push the agenda in Washington.

For any solution to work, EU data has to be exempt from the Patriot Act, the CLOUD Act, FISA Courts and National Security Letters... Fat chance of that happening any time soon.

The US Government* seems to be doing its level best to ostracise US big business from the international stage.

* And I'm not pointing a finger at Biden or Trump here, but at US politics in all its facets since the turn of the Century.

big_D Silver badge

Re: AWS?

Well MS have long claimed that the data centres in Ireland are run by a different business and that MS (the Seattle based corp) is physically unable to access the data.

And the US courts called bullshit on that. Microsoft Ireland, a 100% Irish company, but fully owned by Microsoft Corp (USA) is therefore a 100% US company under US law and is covered by the CLOUD Act and Patriot Act.

Edit: I re-read your comment after posting, I see you covered that, if not with the explicit detail.

Only the German datacentre managed to get away with it, because it was run by a Deutsche Telekom subsidiary and Microsoft employees had no physical access and no administration access to the servers or data stored there... Unfortunately, they ended their co-operation on that in 2020 and opened up a self-run datacentre instead.

big_D Silver badge
Joke

Re: AWS?

They will be closing all offices and operations in the US and re-incorporating themselves in an offshore paradise.

Reality check: We should not expect our communications to remain private

big_D Silver badge

Re: Before someone starts to talk about Orwell again ..

Under GDPR, uploading some ones contact details to Facebook without getting their express permission to do so is illegal.

It is why most companies ban it from company devices, here in Germany, and you can't install WhatsApp on a private phone, if you have a business email account, with synced contacts, the company would be liable, because you uploaded their employee and customer/supplier names and addresses to Facebook, without the company getting their permission.

Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability

big_D Silver badge

Re: Apple provides a very long support lifecycle

It really depends, which Apple device you buy.

I was unlucky, I bought a first generation Intel iMac 24" in 2007. That stopped getting OS X upgrades with Lion (2011) and the last security update was in October 2012 - almost exactly 5 years. (The problem was that the first Intel Macs used a 64-bit processor, but only 32-bit UEFI, after a couple of years, Apple dropped support for 32-bit UEFI and went all 64-bit, leaving those early adopter hanging in the wind.)

One of the reasons I bought the iMac was Mac using friends telling me that Apple supported their devices for longer than Microsoft did. I have used Macs on and off at work since 1987, but the Intel iMac 24" was the first one I actually owned. They had always been too expensive, but with a lecturer's discount, the first Intel iMacs were actually competitively priced, compared to an equivalent Windows PC + 24" display at the time. When I came to replace it, the cost of a 24" display had sunk by 70%, the price of the iMac had increased...

The irony is, the BootCamp site was using Windows 7, which would have continued support until 2020, if the logic board hadn't crapped its pants in 2016.

That put me off buying another Mac for a long time - although I did get a Mac mini M1 at the end of last year... We shall see.

At the moment, I have a 2010 Sony Vaio laptop, running Mint, a 2017 Ryzen 1700 desktop running SUSE, a 2016 HP Spectre x360 running Windows 10, a handful of Raspis and an M1 Mac mini.

big_D Silver badge

Re: Even worse…

And Microsoft are a big offender in this respect. Their Teams uses Electron (currently), even though they have access to tools to make native applications, which are provided by, erm, let me think... Oh, yes, from Microsoft!

They even have a cross-platform application development system, .Net, which they could use.

But, no, Teams uses the Electron bloatfest. It brings my Core i5 laptop to its knees when in a 5 way conference. It had gobbled up all the RAM and I had to quit Firefox, Outlook, Excel and RDP in order to have a fluid video conference that wasn't constantly hickcoughing and dropping the sound.

Facebook exposes 'god mode' token that could siphon data

big_D Silver badge
Facepalm

Re: Simple Solution

I used Lynx for a while and used it to test a customer's website.

I got a panicked call, because their webserver protection tools thought I was hacking the website! :-D

Red Hat signals Intel's software-defined silicon will debut in Linux 5.18

big_D Silver badge

Re: New wine in old bottles

Old mainframes used a similar trick, although back then, it was additional boards to slow the mainframe down. You paid thousands for the upgrade and an engineer turned up and pulled the "slow-mo" board out of the unit.

Make assistive driving safe: Eliminate pedestrians

big_D Silver badge

Re: pedestrianism

Yes, I walk a lot and probably walk between 60 and 90KM a week.

big_D Silver badge
Facepalm

I think Alistair was prescient this week.

I had to drive to another site yesterday and took the pool car (Skoda Superb). It was raining and as I was doing 130 in the overtaking lane to pass an HGV, it suddenly decided it would be a brilliant idea to slam on the brakes!

I was cruising along at 130 and suddenly I was thrown forward in the seat as the car rapidly lost speed, with the dash saying "please confirm emergency braking"! I planted the throttle to the floor, to stop being rear-ended by the smartphone gazing twat behind me!

The lane holding software also didn't think pulling out to overtake was a good idea, at times, as well and kept trying to steer me back into the back-end of the HGV I was approaching - and, yes, I had activated the indicator to show my intent.

It was a pleasure to get back into my own car, when I got back. At least it only beeps at me, if I try and change lanes, it doesn't try and kill me.

big_D Silver badge

Re: pedestrianism

A friend went to LA as an exchange student. He ended up near Beverly Hills.

His host family didn't smoke, so he went out for a walk down the block. After 5 minutes, a police patrol pulled up and asked him what he was doing? He told them that he wasn't allowed to smoke in the host family's house, so he was going for a walk.

The police told him not to walk on the street, it made the residents nervous! He should go for a walk in the woods behind the houses instead (with the thrill of additional fire hazards from discarded matches and cigarette butts).

A few days later, he was walking through the woods, when a horse mounted police officer came upon him, his comment was, "oh, you must be the German exchange student," and carried on his way!

Real-time software? How about real-time patching?

big_D Silver badge

Firefighters

I worked for a large international IT consultancy for many years. I joined out of college and was hired because my requested salary was under their minimum. It got me through the door, and hard work got me a 100% pay rise in my first year!

I was always the odd-one-out. I was never put on one project, I was pushed from pillar to post and spent the first 10 years constantly learning new languages and sent in to projects that were overrunning, whether as a scapegoat or a firefighter at first, I'm not sure. But the reputation of "getting things done" stuck for a long time and I went from one disaster to the next. Interesting work, but stressful. Learn a new language, go to the next customer and "fix" the project, learn a new language, go to the next customer and "fix" the project...

One month, I'd be doing a COBOL based personnel system on a VAX, the next, I'd have learnt 4D and be working on a publisher's database on the Mac, after that, MS-BASIC on DOS and CP/M, dBase on CP/M86, Lightning Pascal on the Mac, Excel on Windows 2...

Once, I came back from an assignment and there was a 300 page request to tender, an old IBM PS/2 386 and a shrink-wrapped copy of VisualBasic 3. I had a 2 weeks to learn VB, read the RTT and submit a tender for the project! Somehow, I managed to achieve all 3, we won the contract and I actually delivered it on time!

Geomagnetic storm takes out 40 of 49 brand new Starlink satellites

big_D Silver badge

Re: No loss

If there is just no broadband in the area, you don’t have a lot of choice.

If you have to live in a more remote area, out in the countryside, you don’t have much of a choice.

big_D Silver badge

Re: No loss

We were getting around 200mbps in testing. We had a site in the middle of nowhere, 1mbps DSL, 5mbps LTE, Starlink made a big difference.

Sometimes you have no choice, broadband isn't available everywhere or is very slow.

To err is human. To really tmux things up requires an engineer

big_D Silver badge

Re: Here's Johnny...

Yes, but that isn't such a pain for the devs, the problem is quickly resolved and they can continue.

Having to re-load the database structure and restore the test data (thereby also testing their backup and recovery processes while we are at it) means that it is a painful learning experience for them, and maybe, just maybe, they will take that into account the next time around...

With my programming hat on, apart from quick and dirty internal routines, such as a source code calculator I wrote back in the early 90s, I've always cleansed the input as best I can, when writing the original code. It is much quicker and easier to build it in at the beginning than to come back later and try and find all of the affected pieces of code and make sure they are fully sanitised.

But, there again, I grew up with properly defined specifications, including error conditions and a full test-suite that already existed to test the code, so there was little wriggle room to not properly sanitise the inputs, otherwise it never got out of unit testing. When SQL Injection came along as a common attack, it was new to me, but we were already escaping most of the characters that would allow it to be successful.

On the other hand, on newer projects I worked on, the code was just written, basic testing to see if it worked with valid inputs and then it was thrown online. There were no test suites, nobody tested other people's code, you tested your own and most of the programmers hadn't learnt proper testing during their studies/training, so they weren't looking for errors occurring because the code was getting invalid data - especially SQL Inject type attacks, buffer overruns etc.

big_D Silver badge

Re: If it is easy to colour a screen - just do it!

First thing I do on all production server VMs is change the text to red on the console or use a red desktop background for the GUI...

big_D Silver badge
Mushroom

Here's Johnny...

I was doing some security testing for a client, was back at the turn of the century. They wanted their eCommerce system checked. I did some looking at the source code and marked all the locations, where they hadn't sanitized input and handed in my report and started testing the weak points.

The dev team and management didn't want to know. Running a SQL injection to display a list of users and their credit card numbers wasn't convincing enough... So I went nuclear on them, my next test included a SQL injection of "DROP DATABASE;--" Bye, bye dev environment...

The handy part about dropping the database is that you get immediate feedback from all the devs and ops currently working on the system, about whether the test worked or not...

big_D Silver badge

Re: thats a tricky one

Go around all the service centre desks and look for scraps of paper with connection info on them, then compare them to the ERP system. All those missing must be added to ERP and BGP.

US carriers want to junk three times more Chinese comms kit than planned

big_D Silver badge

Re: Good on her!

The other question is, how much of that additional $3.7bn of kit was due for retirement anyway, so would have been replaced through attrition?

European watchdog: All data collected about users via ad-consent popup system must be deleted

big_D Silver badge

Re: Contextual advertising...

But any adverts they sell using that information are pure fraud, because the information is 100% made up and bears no relation to reality.

big_D Silver badge
Paris Hilton

Re: Contextual advertising...

And that is a problem, because?

big_D Silver badge

Contextual advertising...

I've been saying for years that all this tracking is pointless, the "targeted" ads are generally useless - Google thinks I'm a retired person with arthritis, at risk from shingles and that I have a newborn baby... I am not retired, I don't have arthritis, shingles isn't a risk factor and I don't have a newborn baby!

Contextual adverts - adverts based on what I'm currently viewing - will probably be more effective, because if I am currently reading/viewing something, I'm probably there because it is of interest to me.

German regulators nix Taiwanese titan GlobalWafers' acquisition of Siltronic

big_D Silver badge

Months of re-org.

Part of the problem was probably the German federal elections in the Autumn. That led to a powerless government as the old regime under Merkel held the status quo, whilst the SDP was in discussions with the other parties to form a coalition in the new parliament. I don't know for a fact, but I could see the deal being put on hold, until the new political direction was in place and could take a look at it, which was only in the last month or so - so 3 months on pause.