nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by veti

2135 posts • joined 25 Mar 2010

'Men only' job ad posts land Facebook in boiling hot water with ACLU

veti
Silver badge

Re: Equality in advertising

To me the solution is so simple, I wonder what is the obvious thing I'm missing:

Let advertisers aim their ads at whoever they like. But also make all ads available to anyone who requests them, filtered only by such terms as the viewer specifies.

Then any woman using Facebook would easily be able to get a list of ads for job type XY, even if the advertisers themselves ticked "men only".

0
4

Holy macaroni! After months of number-crunching, behold the strongest material in the universe: Nuclear pasta

veti
Silver badge

Re: Pastafarian

Science doesn't acknowledge "forbidden". There is only "possible" and "impossible", and the line between those categories moves from time to time.

13
0

How an augmented reality tourist guide tried to break my balls

veti
Silver badge

It was good to read of the SNCF experience, if only as an antidote to all those who seem to be hankering for a return to the good old days of British Rail.

Note to millenials: there is no reason, either theoretical or historical, to imagine that a nationalised rail service would be any better.

1
0

UK networks have 'no plans' to bring roaming fees back after Brexit

veti
Silver badge

Interesting use of anonymity here. Apparently, Leavers still don't want to be publicly identified, even by pseudonym.

42
9

US govt concedes that you can indeed f**k Nazis online: Domain-name swear ban lifted

veti
Silver badge

Re: Don't worry, it won't last

I loathe Trump, and I think Kavanaugh is a lying partisan hack who doesn't belong anywhere near any judicial bench, let alone the USSC...

But I have to give Trump his due. He may not care much himself about "freedom of speech", but his administration on the whole has been more favourable to it than others.

6
30

You know all those movies you bought from Apple? Um, well, think different: You didn't

veti
Silver badge

Re: not yours

Having a legitimate disk copy of a given movie would seem to be a pretty good license to freely download a working copy from the Internet, in the event that the rights holder somehow revoked the functionality of the physical disk.

You're not a lawyer, are you?

You can certainly argue that having a legit disc copy gives you the right to do whatever you like with that disc, within reason - including, for instance, putting it into any kind of disc reader of your choice. But to claim that it gives you the right to make another copy of whatever work happens to be on that disc - is pretty much the opposite of how copyright works.

20
10

Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit

veti
Silver badge

Oh yes, that'll work, because everyone knows what "AI" is - no ambiguity about that at all.

8
0

We're doomed: Defra's having a cow over its Brexit IT preparations

veti
Silver badge

This is... a not entirely unforeseeable aspect of the tragedy of Brexit.

DEFRA, like for that matter every other gov't department both in the UK and in Europe, can't fully "prepare" for Brexit when no-one has the faintest idea of what, specifically, it's preparing for. And with negotiations still up in the air, and expected to come down to a traditional EU-style deadline-crushing intensive finale, no-one is going to know that until it's too late.

If they'd gone to the other extreme - creating contingency plans to cover every possible outcome of the negotiations - they'd have been (rightly) castigated for wasting hundreds of millions of pounds on consultants planning for things that were never going to happen.

The takeaway from this, apart from "let's shelve Brexit for at least ten years or so", is: don't have a referendum with a vague proposal. Negotiate and pass all the laws you need to first. Then the only question on the referendum paper is, "should these laws go into effect?".

13
1

The eyes don't have it! AI's 'deep-fake' vids surge ahead in realism

veti
Silver badge

Re: Saw this coming

The idea is not that anyone could infallibility spot a fake, that's too much to ask. But it should be possible to demonstrate that the picture or footage I took has not been doctored.

Sure, it may be edited for legit reasons - but then, if challenged, I'd still be able to provide the original for comparison.

1
3
veti
Silver badge

Saw this coming

We really, urgently, need some way of authenticating "real", un-doctored video. Digital signatures embedded at the moment the image/footage is taken. Why is that not standard on every camera by now?

Get on it, camera makers. It may be too late already, but that's no reason not to do it anyway.

9
2

UK.gov went ahead with under-planned, under-funded IT upgrade? Sounds about right

veti
Silver badge

Re: Same Sh1t Different Day

Don't be silly. We've seen what happens when big govt systems are built that way. They're an unmitigated catastrophe in both cost and functionality.

At least this one is working, in the sense that it hasn't completely cut off the function of its departments. Compared with, e.g., the NHS information system, or Universal Credit, or any number of other public sector IT projects - £17 million a year sounds like a bargain.

0
3

AI biz borks US election spending data by using underpaid Amazon Mechanical Turks

veti
Silver badge

Re: Plausible deniability

Only if you can also arrange for someone to lose the original paper version. That may (or not) be an audit record in itself.

The real question is, why do the work on paper and then digitise it? Why not just fill in a Web form or equivalent directly?

5
0

I've seen the future of consumer AI, and it doesn't have one

veti
Silver badge

Seriously, you don't look at nutritional info at all? Either you're young, or you have the constitution of a hippo, or... I don't even want to speculate what.

I remember being young and ignoring all that stuff. Now, not so much.

0
1

Microsoft sharpens its claws to cut Outlook UI excess, snip Ribbon

veti
Silver badge

Re: Cruft

More like "code whose original purpose, if any, has been forgotten or is now just obsolete."

The trouble is, it's not easy to identify that code. A lot of things that look like cruft turn out, once you actually remove them, to have been playing some obscure but important role.

2
1

Software dev-turned-councillor launches rubbish* chatbot

veti
Silver badge

Re: buzzword

Meh, snip all you like, but the sad fact is - lots of people evidently prefer to communicate that way. Not me, but then I'm not lots of people. It's not groundbreaking, but it's useful.

3
0

Cock-ups, rather than conspiracies, top self-reported data breaches

veti
Silver badge

Re: Worse than useless data --> worse than useless reporting

To be fair, that's not worse than useless. It's clearly a story that's thrown together very quickly on the basis of a pretty unexciting press release - but those press releases, and stories, are often the necessary building blocks of serious analysis.

1
0

Archive.org's Wayback Machine is legit legal evidence, US appeals court judges rule

veti
Silver badge

Re: Be careful...

The Internet has a *terrible* memory. I've tried finding things I posted on Usenet 20 years ago, and had no luck despite knowing exactly what I was looking for, and having a whole department of Google to draw on. Try finding a website from that era - chances are that even the Wayback machine only has a small selection of pages, if that.

It's a total myth that once you post it online it's there forever. Sure, *someone* probably has access to that material - but not ordinary drones like us.

14
0

Anon man suing Google wants crim conviction to be forgotten

veti
Silver badge

Re: Right to be forgotten

Amateur. The way to be forgotten by Google is to get a gig writing some worthless but opinionated column for a reasonably well known publication. After a few months of this, any old results will be buried below the front page of search results, and we all know who checks those.

Example - try googling Andrew Orlowski, see what youthful misdemeanours you can find...

2
0

Microsoft gives Windows 10 a name, throws folks a bone

veti
Silver badge

Libre Office is OK, but let's not pretend you can just slot it in to an office's install image in place of MS Office and expect it to work. That will not work.

MS has been to a lot of trouble to make Office customisable. What with styles and templates and formulas and macros, you don't even know *what* anyone else's install is capable of. And then there are a shedload of third-party tools that integrate with Office - again, you can't simply point those at Libre instead and expect anything but total chaos.

It's just not the same thing, and you're not doing anyone favours by pretending it is.

9
10

Smut slinger dreams of AI software to create hardcore flicks with your face – plus other machine-learning news

veti
Silver badge

Re: Oh No

Any amount of training will only be as good as the current generation of processes. Within 18 months the next generation will be available, and it'll be able to fool whatever training you can get today. Within 5 years, there will be no reliable way even for an expert to distinguish between real and faked video.

Welcome to the future.

1
0

As porn site pounds hard on piracy laws, Cox pulls out prematurely

veti
Silver badge

Re: Copyright Issues

Arguable points, but nothing to do with the DMCA. That act says nothing about copyright duration.

1
1

Scot.gov wins pals with pledge not to keep hold of innocents' mugshots and biometric data

veti
Silver badge

It seems to me that "doing it manually would be too costly to justify" is another way of saying "we're not being penalised enough for doing it wrong".

If the respective forces were being fined, say, £10 per person per day for every biometric record they kept after the justification for keeping it had expired, they'd pretty soon figure out a way to delete them. Nothing focuses C-level attention quite like the promise of a huge gaping hole in next year's budget.

6
0

Everyone screams patch ASAP – but it takes most organizations a month to update their networks

veti
Silver badge

Testing, testing, and more testing

It seems to me that "network scaling issues" and "company policies" are just another way of saying "testing".

If only we could get a provider who was willing to certify, on pain of actually, y'know, paying money by way of compensation, that a system designed in compliance with their published spec would continue to work correctly after patching...

Ah well, I can dream.

25
0

'Surprise!' West Oz gummint is hopeless at information security

veti
Silver badge

To test the passwords, the auditor general's staff compiled a dictionary of common weak passwords from pentest resources, and tested those against 520,000 current and disabled accounts on WA government systems.

If the system even allows you to attempt that sort of crude dictionary attack... Wot, no timeout between failed login attempts? No maximum number of failed logins before locking the account? I don't know if any kind of "strong password" policy could compensate for those weaknesses.

6
1

Texas ISP slams music biz for trying to turn it into a 'copyright cop'

veti
Silver badge

"56kb/s should be enough for anyone?"

I'm honestly surprised the plaintiffs haven't tried to get a friendly student to collect evidence for them. On the other hand, if they suborn a student who then does something illegal at their behest, where does that leave them?

24
0

Now you can tell someone to literally go f--k themselves over the internet: Remote-control mock-cock patent dies

veti
Silver badge

"Industry site SexTechLaw"?

You made that up, didn't you? Fortunately I'm reading this at home so I can Google it...

Wow. Talk about niche.

4
0

Drama as boffins claim to reach the Holy Grail of superconductivity

veti
Silver badge

You don't remember cold fusion, then? That was claimed by two researchers with way bigger reputations than these guys, citing way better evidence, and after a long, long wild goose chase it turned out to be bunk.

If a find like this is for real, it's huge. It's strange in itself that they didn't discuss it with some of India's leading physicists. Faking the email - is way beyond implausible.

14
2

Democrats go on the offensive over fake FCC net neut'y cyberattack

veti
Silver badge

Re: Witch hunts sometimes don't start at the top.

Pai did the right thing here, yes - but doesn't that make his hyper-partisanal statement, quoted at the end of the article, even more anomalous?

I think that statement was baiting a trap, and the Democrats have predictably walked right into it. That makes two in as many weeks. Honestly, I begin to despair of American politics ever returning to sanity.

14
0

Space, the final Trump-tier: America to beam up $8bn for Space Force

veti
Silver badge

Re: Spaceballs ? Nah!

You're all way too optimistic. The name we should be thinking of is Zapp Brannigan.

"My strategy is so simple, an idiot could have devised it."

5
0

Stress, bad workplace cultures are still driving security folk to drink

veti
Silver badge

Re: Sounds about right

Doesn't come close. Toilet cleaners may not be much appreciated, but at least they're not actively vilified and abused on an hourly basis.

4
0
veti
Silver badge

Sounds about right

"Infosec", if that's a dedicated job, has to be the most thankless job in any organisation. It's like being an auditor, and a quality management engineer, and a test manager, all in one.

Everyone will blame you when it goes wrong, but the twist is that everyone will still blame you even if you do everything right. You'll be the one telling salespeople what cards and transactions they can't accept. You'll be the one telling Marketing that that "one little feature" can't be added to the next release. You'll be the one sending arse-covering emails to management saying that of course you quite understand they want to bypass your 4-week test cycle, but you'll need them to put that instruction in writing and to acknowledge your warning on the subject. Pretty soon you'll be excluded from product meetings because of your sheer aura of negativity.

And that's if everything goes right. When it goes wrong, you'll be stood directly in front of the fan, if you know what I mean.

Disclaimer: I've been a quality engineer and a test manager, and I've experienced a small fraction of the above. But an infosec manager? - must have it twenty times worse. They can keep it.

30
0

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

veti
Silver badge

Re: Old fashioned

Please don't get me wrong, I'm a big fan of pen-and-paper voting. I'm just cautioning against complacency. Just because the votes are recorded and counted auditably, doesn't make the system immune.

5
0
veti
Silver badge

Re: Old fashioned

And that will work just fine until someone, let's call him "Boris", hacks into the list of registered voters and transfers your record to the next constituency over, so you turn up at your local polling station to be told you're not on the list...

Or they hack the published list of polling stations, so you turn up and vote exactly as you expect, but the official polling station is two blocks away, and the ballot box you just used goes straight to recycling...

Or they change your name from 'LenG' to 'Glen', so now you're not on the list at all. Are they still going to let you vote? I'm pretty sure voting under a false name is a crime.

Or... oh, I'm sure you can see the possibilities. Suffice to say, hacking the actual vote is only the tip of a very large iceberg of mischief.

3
13

Almost 1 in 3 Brits think they lack computer skills to do their jobs well

veti
Silver badge

If you lack the IT skills necessary to do your job...

... then your manager has failed and needs either retraining or firing. Because it's their job to make sure that this is not the case. That's, like, literally the most important thing they're paid to do.

And they're paid more than you, which means their fuckup is bigger than yours.

What do people understand by the phrasing "do their jobs well"? Everyone imagines that a computer system can be super-efficient, one-button no-errors all-singing Dolby-surround digital perfection. Now, we hardened veterans know it's never (ever, ever) like that, nor likely to be - but at least one-third of all people imagine that it should be, and then blame themselves when errors happen.

When the fact is, the interface/app they're using is likely so shite that unless you perform steps A through J in the correct order and at the right time (which you have no way of telling, and neither does anyone else because it's undocumented and probably, frankly, completely untested...) - it will go wrong.

If you're lucky, it will go wrong in some obvious way, but many people are so deluded that they actually see this as a failure, rather than designed and intended behaviour.

TL;DR: if your job requires you to have skills you don't, in fact, have, then it's the job that's badly designed. Not you.

This XKCD also seems appropriate.

7
2

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

veti
Silver badge
Trollface

Dear Mr Pai,

You might want to rephrase part of your communication there.

If some people in your organisation "didn’t feel comfortable communicating their concerns to me or my office", that at least is one thing you can't blame on "the previous administration". It's a truly heroic admission of fault on your part, puts you head and shoulders above most Trump appointees. Hats off to you, sir.

39
1

Amazon meets the incredible SHRINKING UK taxman

veti
Silver badge

Re: How it works:-

If they turn over billions, then of course they pay tax. National insurance contributions for their employees (who also, of course, will be paying their own taxes), and VAT on most of their sales.

Corporation tax is never more than icing on the cake.

13
1

Basic bigot bait: Build big black broad bots – non-white, female 'droids get all the abuse

veti
Silver badge

Re: You can "dehumanize" robots?

You may take that attitude. But what this research shows is that a significant number of people don't. Don't you think that's interesting?

6
2

Beam me up, UK.gov: 'Extra-terrestrial markup language' booted off G-Cloud

veti
Silver badge

Re: Wait .. tell me I'm not misunderstanding this?

Hey, if you want the gov't to be able to spot a scam, you've gotta allow them time and resources to do it.

The more you insist on taking up their time with trivialities like the Irish border question, the less time they have to look at the proposals and contracts that get dumped on their desks by the handful on an hourly basis. That's one reason why cutting taxes is self-defeating - it makes a government more wasteful, not less.

7
0

Australians almost immune from ransomware, topping lists for data safety

veti
Silver badge

"Notifiable" breaches?

So, I looked at the links - and it's not clear that a ransomware attack should even be notifiable. Ransomware scum don't commonly, so far as I know, steal records - they just make them unusable.

2
0

The internet's very own Muslim ban continues: DNS overlord insists it can freeze dot-words

veti
Silver badge

Dear ICANN,

Don't create a new TLD unless it is 100% crystal clear from the get-go, beyond any question of debate, who it should belong to, and what authority should get to say who administers it.

This isn't hard. National TLDs are administered by an agency nominated by their respective governments. Similarly I have no objection to creating ".disney' or '.pepsi' if you really must, though I think it's a shocking waste of everyone's time.

But taking a regular word with no specific trademark attachment and making it into a TLD? Just don't fucking do it. And revoke the ones you've already done, starting with ".info'. We won't miss them.

73
1

BBC websites down tools and head outside into the sun for a while

veti
Silver badge

Re: Scary

I'm sorry to break it to you, but your "not all that long ago" was half a lifetime.

BBC's Breakfast TV schedule launched in 1983, which is fully half of threescore and ten years ago now. Channel 4 launched a year before that.

Ob. XKCD.

4
0

Politicians fume after Amazon's face-recog AI fingers dozens of them as suspected crooks

veti
Silver badge

New training rule needed

Looking at the photo accompanying the article, it seems to me: you can fairly safely assume that anyone who poses in front of a flag is up to no good.

31
1

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

veti
Silver badge

The truly appalling thing about this story

is that, in the stock photo, someone has put ice in the whisky.

Dear El Reg: you're British, you should know better than that. Ice in whiskey? OK, if you like. Ice in whisky? - awa' wi' ye, heathen.

1
1

Here's why AI can't make a catchier tune than the worst pop song in the charts right now

veti
Silver badge

Re: Looking through the wrong end of the telescope?

The "Does it sound OK?" judgment is likely quite hard for an AI to answer.

I suspect that your personal aesthetic judgment plays a larger part in the process than you consciously allow.

0
0

No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities

veti
Silver badge

Re: More detail please

You can always read up on Stuxnet, which did exactly this. The Russians' approach might be similar. Or it might be completely different, they've got the skills.

12
0

Fake prudes: Catholic uni AI bot taught to daub bikinis on naked chicks

veti
Silver badge

Re: As C.S. Lewis said...

I'm sure Lewis would have known how to spell "whisky". And cigarettes? Surely those didn't become sinful until the early 80s.

I don't know much about Lewis's life, but that linked article doesn't fill me with faith in the rigour of its research and writing. To parlay one drunken incident at a student party into his being "a big Marquis de Sade fan" does not, to me, look like research conducted in good faith.

6
1

Either my name, my password or my soul is invalid – but which?

veti
Silver badge

Re: Idiot password checkers

(unless they limit length too short)

Which they normally do. Honestly, what percentage of sites even allow you to have a password of more than 16 characters?

Worst of all, those that allow you to enter such a password, but silently truncate it without telling you. Then reject the full password when you enter it later.

I've learned to limit myself to 10 characters. Most places accept that. OK, it's not as secure as it could be, but like the old joke says: "I don't have to run faster than the bear, I just have to run faster than you". There are plenty of people way easier to hack than me, and that's what matters.

0
0
veti
Silver badge

Re: Idiot password checkers

That's fine, but is it any more memorable than just a random string of gibberish?

I've tried lots of approaches over the years. This is my current favourite.

5
1

Mmm, yes. 11-nines data durability? Mmmm, that sounds good. Except it's virtually meaningless

veti
Silver badge

Re: An object by any other name

This is what I was thinking. You don't have to lose a whole "object" to be screwed, the corruption of a single byte can do the job.

And since "objects" are commonly highly interdependent, the corruption of a single object could quite easily render your entire backup useless.

5
0

Trump wants to work with Russia on infosec. Security experts: lol no

veti
Silver badge

Why should the US continue to support them if they will not at least spend the agreed amounts?

Conversely, why should the Europeans raise their military spending, when Trump shows just as much contempt for those who do meet or exceed their 2% threshold as those who don't? And is willing to change the rules at whim?

What's the point of trying to please such a man? Might as well just ignore him, it's a lot cheaper - and will win a lot more votes - and the outcome is the same in the end.

19
2

The Register - Independent news and views for the tech community. Part of Situation Publishing