nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by streaky

1529 posts • joined 5 Jul 2010

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

streaky
Silver badge

Full Disclosure.

If they're not even acknowledging you got two options. Send it to the ICO for one thing, secondly just release a PoC - they won't do that again.

0
1

Oi, you. Equifax. Cough up half a million quid for fumbling 15 million Brits' personal info to hackers

streaky
Silver badge

Re: GDPR can't Fix this

Would GDPR fines apply in this case?

It wasn't that they were deliberately selling customer information - they got hacked.

Yes.

0
1
streaky
Silver badge
Facepalm

Re: GDPR can't Fix this

What on earth are you on about.

4
2

UK networks have 'no plans' to bring roaming fees back after Brexit

streaky
Silver badge
Big Brother

Re: Hit the nail on that one.

@adam 40 - It is not allowed to say sensible things, please refrain.

0
1
streaky
Silver badge

Re: Hit the nail on that one.

It's fundamentally false to suggest remain = young, leave = old, for one thing. Secondly particularly old people don't vote. It's a fundamental misreading of the data to suggest these arguments are blanket true. Here's a stat that will blow your mind too - inner-city muslims voted to leave in droves too. Sure there's a leaning one way in all these demographics but they're not as clear cut as people trying to paint a narrative would like you to believe.

They lost the argument and the vote and went straight for ad hominem before trying to understand the issues. Remainers at somewhere between stage 3 and 4; 5 will come. 40 years we'll be able to have an adult discussion about EU membership - we certainly can't have one now - but for now we're leaving in UK and EU law next march.

0
1
streaky
Silver badge

Would you have voted leave if Jacob Rees Mogg had said he was transferring his investment business to Ireland?

Fuck I love Chinese whispers. Have you heard the one about Juncker and his crack cocaine problem?

It's not JRM's business and he's not transferring it to Ireland. Would you like to try again with the lies on ice?

In other news the guy with the whole if it was simple it would have happened by now - if we didn't have a remoaner government screwing everything up backed up by a remoaner civil service and even to the extent they're trying to get things done a remoaner house of lords with a SERIOUS democratic deficit bought and paid for by the EU, aka us - literally being taxed to do us self-harm by the way - it's simple, yes.

0
2
streaky
Silver badge
Boffin

JohnG don't say sensible things. P.S. they're not pretending - they actually don't know that the mobile networks did this long before the EU mooted it which is why the EU felt safe to do it in the first place. That plus the whole thing with them doing it with countries they are most definitely not required to would blow the average remainers tiny little mind.

Not for nothing but if they all reverted to the previous status quo they would in fact be a telco cartel and competition authorities would be forced to step in.

It isn't a cost it's a choice to charge and that's why people are so confused. The mobile networks already have enough stuff going against them, there's no reason to drive more people away.

5
12
streaky
Silver badge

Its only a non story if you nexer stray beyond the safety of Dover

Or maybe, now I'm just speaking from personal experience here so what would I know - we HAVE travelled beyond Dover, like, before the EU was the EU and that we regularly travel BEYOND the EU and know that travelling isn't in any way difficult - or better yet we work with people, companies and do trade outside the EU and have had enough of people talking utter utter nonsense about things they plainly don't understand.

By the way speaking as somebody who's family was robbed by French customs (with some other families - they wanted bribes for completely lawful and normal entry and when they didn't get that they took to just robbing people) with no recourse and held at the Spanish border by the Spaniards for three days when we were supposedly all kumbaya happy friends anybody who thinks any of this is a thing has ZERO sense of perspective.

11
30

Python joins movement to dump 'offensive' master, slave terms

streaky
Silver badge

Re: that's the point where things start to go downhill.

I literally maintain a harem of slaves.

We use these terms because they accurately describe what is happening rather than obfuscating and people need to find a grip. There's going to be an almighty pushback (see Trump for evidence) from this nonsense and if master/slave computing relationships triggers people they won't like what happens next. This silliness is NOT how you affect social change.

Newton's third law, look it up.

1
1

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

streaky
Silver badge
Black Helicopters

During build

So not actually that dangerous after all.

Speaking as somebody who builds a lot of docker images I never really got the attraction to alpine - yeah it's smaller but layers render the whole thing moot; you could hide a full windows install behind layers and nobody would really care - YOUR layer might only be a few MB, that's the power of containers.

Seriously though, not convinced by the dangerous thing, it's bordering on the targetted by a state actor level - at which point you have bigger problems - and easy to fix.

1
1

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

streaky
Silver badge
Mushroom

Re: Its the 3rd-Party Code that always burns you

Oh dear Alan Woodward has a 'reg account.

0
1
streaky
Silver badge

Re: Its the 3rd-Party Code that always burns you

Professor in physics and engineering

Ah, well that explains it.

0
1
streaky
Silver badge

Re: Its the 3rd-Party Code that always burns you

Alan Woodward doesn't have a clue what he's talking about, I've tried to engage him in the arena of getting him to stop talking nonsense multiple times. The BBC should stop using him. Not sure what he's a professor in but I hope it isn't compsci.

1
1
streaky
Silver badge

Re: Aren't Vendors Supposed To NOT Store The CVV?

I believe BA explicitly stated that they don't although it isn't worth the effort going to look for a citation for that. All fingers IMHO point to the third party garbage on your payment pages meme that's been doing the rounds and almost nobody has learnt from. No confirmation of that but it strongly feels like it.

1
2

Brit teen pleads guilty to Minecraft-linked bomb and airline hoaxes

streaky
Silver badge

1337

1337 as F. GL in prison.

1
1

Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses

streaky
Silver badge

Re: Has anyone truly made the switch?

*cough*

3
1
streaky
Silver badge

Re: Has anyone truly made the switch?

You don't need to fully make a switch. Whoever is advising these companies is an utter retard and they'd be best not to listen to whoever it is. All ISP-side networks should be pure IPv6 and IPv4 outbound can be natted easily. CG-NAT is a very expensive and customer-frustrating way to not solve any problem an ISP might have. I say this as an extremely frustrated Hyperoptic customer who has to run their own VPN setup just to be able to pull inbound connections from the internet to our local network when IPv6 would do the job perfectly. It's just not on. Most of the internet you care about runs IPv6 now.

12
10

UK-based Veritas appliance support is being killed off

streaky
Silver badge

Re: O.M.G

They'll bring it back when it all goes to shit a la TSB. Golden parachutes for everybody!

2
1

Spies still super upset they can't get at your encrypted comms data

streaky
Silver badge

Re: They know exactly what they're doing

they wouldn't go to the trouble of issuing communique's with veiled threats of legislation for non-compliance

I've pointed this out a few times before. If it was such an urgent problem and above all other concerns they'd just do it and try to wait out the consequences. Obviously not going well is it.

0
1
streaky
Silver badge

Re: They just want permission

There's capability to do it, but that doesn't mean it isn't computationally expensive. Even if they have "broken" crypto they have to find keys per user, and even if we assume things like TLS are deeply flawed (with little to no evidence this is the case) it's very unlikely this is trivial. Personally speaking, I like it that way - sure they can read my stuff if they really feel they have to but it shouldn't be so easy they can go on massive trawling expeditions which of course is *precisely* what they want to do. Basically it should be easy enough they can read a few thousand people's emails a year, but it shouldn't be so easy they can read a few million or billion, and I suspect that's probably roughly where we are.

0
1
streaky
Silver badge

Privacy.

Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute

I don't believe many people are saying it is.

There are reasons in a perfect world where privacy isn't the be all and end all of the conversation. The problem is there are technical and security barriers layered on top of the privacy issues. Five Eyes and also other foreign powers screwed the pooch - there used to be an element of trust and a large amount of secrecy - then Snowden told us what they were up to. One can only assume what China, Russia, Germany and others are doing is as bad or potentially given their laws; worse.

Unfortunately cryptographic services and ciphers are going to get stronger and stronger until they shut the hell up for 5 minutes. Every time they talk about this 10 new services pop up to keep them out. They can force all the companies they like, all they'll do is make people assume that they have the likes of Facebook, Microsoft, Apple, Google et al backdoored and use other services outside their reach. We use services like Signal internally because of the risk of warrantless (both meanings) state access to internal communications provided by such companies. We're just going to end up with more of that more of the time and using stronger security.

This is all to say they're actively doing economic harm to their own states which in the case of GCHQ and assumedly many other such alphabet agencies the exact opposite of their reason for existing, they're supposed to protect the economic well-being of their respective countries, not actively harm it. "in the interests of the economic wellbeing of the United Kingdom" - says so right there in the Intelligence Services Act 1994.

2
1

OpenAI bots smashed in their first clash against human Dota 2 pros

streaky
Silver badge

Re: Training time

Given that the bots get 180 years of gameplay training in a day, and they still have to limit game complexity for them to compete, either they learn VERY slowly, or else there is some limit beyond which little or no further learning takes place with further training

It's because they're playing mostly against themselves so they don't really see the intuitive play that humans do, especially some of the cheese strats. When they do see this stuff they learn from it very quickly though.

Can a bot with 100 years training hold it's own against one with 200? Or is the bot with 210 years training comfortably beating the one with 200?

I would *assume* that was implicit. Difficult to test if the rules for the bots are constantly changing though - my guess is that there's an element of acceptance testing that it doesn't accept core strategy changes unless it can provably beat the previous strategy algo though, that's how I'd do it anyway.

0
1
streaky
Silver badge

Re: why surprised humans beat a handicapped AI ?

why surprised humans beat a handicapped AI ?

Yep. I've been into Dota for many years and AI holds day job interest for me and I keep telling people that the bots are on easy mode right now and they're giving the best teams on the planet a good run for their money already.

By the way the more heroes in dota you learn the less complex the learning process. There's also comments I'd make about the AI having access to illusions and heroes that summon things you can micro and it being fa easier for the bots to do things with. I keep having nightmares about formation-flown treants and spiderlings.

0
1

Home Office seeks Brexit tech boss – but doesn't splash the cash

streaky
Silver badge

And at the end of last year, MPs on the Public Accounts Committee said the UK border could be left exposed thanks to “weak contingency planning” – a particular problem if the UK leaves with no deal.

Funny because the independent non-political entity who audits this stuff says otherwise. Central thesis is wrong. But it's not politically convenient for media (or MPs apparently) to speak truth any more.

1
2

Drama as boffins claim to reach the Holy Grail of superconductivity

streaky
Silver badge
Boffin

Re: It's dead, Jim, but not as we know it

Temps superconductors work at has NOTHING to do with things like plasma temps. It's the holy grail because one doesn't have to use extreme cryogenics to make superconducting magnets for things like plasma confinement. They're only sideways related. It just makes things a little easier though your actual plasma pressure is the key issue not what temp the magnets work at - it's how strong they are.

Why must people say silly things whenever the serious issue of fusion reactors comes up. While people make snarky comments other people are getting it done.

2
2

Former NSA top hacker names the filthy four of nation-state hacking

streaky
Silver badge

Re: Rofl

But your continued assertions, against a vast stack of publicly-available evidence, that Russia by technical means and those of financial corruption

Of course they have the means. We know they have the means - but I'm going to come to that.

did not try to influence the Brexit vote is just plain silly

But we're talking about evidence remember. The evidence we have publicly (nobody has spoken about military intelligence evidence but assumedly if it existed they'd have been shouting it from the rooftops - I have no problem believing that Novochok was the Russian state but the publicly available evidence is thin on the ground but we *constantly* hear about the attribution, if the security services thought that the Russian state had even slight involvement they'd be shouting it from the rooftops - we know about the civil service - and they just aren't).

It is by now beyond debate that just as Russia wanted Trump to win (because, duh, they've said so) and worked to try to make that happen (and failed, by nearly 3 m votes)

Of course. Remember what hard evidence we have is from the platforms they were using to push their ideology. It's the likes of Facebook and Twitter and others after being asked for evidence and taking another look at things they managed to produce data and create ways (and third parties have too) of tracking what Russian propaganda bots are doing. The truth of the matter is that on having looked multiple times nobody has found any actual hard evidence of this.

so it is conspicuously in Russia's interests to destabilise and weaken the EU

Yeah now we're in the crux of the matter. No it isn't. Outside the EU's instinct to appease we wouldn't be limited by the EU's thin sanctions regime and our sanctions would look far more like the US sanctions than the ones we're forced to have under the EU's "leadership" (using the word very loosely obviously). Outside the EU we can do many things that the EU simply doesn't allow and Russia knows this - they're either not bothered either way or not that stupid.

To pretend otherwise, or to claim they haven't tried damned hard to make it happen, is just ... fantasy.

If they tried so damn hard why is there no actual hard evidence?

could so easily search, as a start, for the UK Electoral Commission, follow its findings on Brexit

What has the Electoral Commission said about the involvement of Russia (which is what we're actually talking about) in the brexit referendum. Far as I'm aware they've said squat. That being said being a bunch of Momentum members I'm not particularly interested until the court cases (criminal and civil) are done - when that happens we can talk about the stunning impartiality of the Electoral Commission - because right now we only have accusations by a provably biased organisation.

You've been played like a fiddle. I've got my eyes open.

0
1
streaky
Silver badge

Re: Rofl

If Russian *haven't* tried to influence the US and UK votes then their spooks just aren't doing their job properly.

But here's the thing. Mind blown, you ready?

Our spooks are doing their job properly. The yank spooks are. There's two investigations in parliament led by remainers. There's one in the US congress (might be senate I can't be bothered to check) - they've compelled evidence out of the companies that a) want the UK to remain in the EU and b) have no trouble finding the trump related bots, know what they're posting and know who they're posting about. When I say they didn't go on brexit I don't mean I don't know if they did - it's a fact, they didn't, the end. Unless you have actual evidence that isn't somebody trying to sow the seeds of chaos (they saw you coming btw) - you don't really get to make claims to the contrary. It just didn't happen.

If you want to know what did happen maybe give a shit about your fellow human and you might learn a few things about immigration, economics and leaving people behind - or just generally treating people like crap and expecting things to carry on as they are before; plus the whole we'll be richer out thing.

Fsking daily mirror readers, honestly.

2
4
streaky
Silver badge

Re: Rofl

Russia can be as thrilled as they like - although again there's zero evidence of this - I have a hard time thinking Russia is that stupid and given how hard they go on people pro brexit and leave off remainers I see no evidence of any sort. Outside the EU's instinct to appease this doesn't end well for them.

Ignoring that we know who the bots are, we know what they're doing and we know that they didn't go on brexit. That's a fact, interview who you like.

4
15
streaky
Silver badge

Rofl

Remainers still trying to claim it was Russia wot won the Brexit vote despite there being no evidence of it turned up across at least 3 governmental and who knows how many military intelligence investigations of it on both sides of the Atlantic?

Every time you say this you look even more stupid.

12
29

Can, can, can you buy it, CANCOM? Brexit's made it cheap(er), man: Firm inks OCSL deal

streaky
Silver badge

Re: Rule Britannia

a) Yes

b) What difference does it make? Why is it that the same people who are so eager to stay in the EU are the people with the biggest problem with foreign ownership of companies?

c) Are people actually pretending that before we voted to leave the EU British companies weren't bought by foreign companies?

d) It's all FDI and FDI is good.

4
5

Amazon meets the incredible SHRINKING UK taxman

streaky
Silver badge

Re: Just say No to Amazon

Many of the more 'important' tax havens are British protectorates

I understood what you meant, they're protectorates, we don't write their laws - they're independent nations. Stop trying to tag us with something that isn't us. I'm sure we could exert pressure, and we have been that's why the UK has a bilateral TIEA with some of these, but they're not the UK any more than Canada is the US.

Can't just throw our weight around, this isn't the 17th century.

1
1
streaky
Silver badge

Re: Just say No to Amazon

do you trust your politicians to be any better at clamping down on tax avoidance after Brexit? I mean, the have been quite defensive of tax havens generally...

Yes? As for defensive of tax havens we have very little say over the tax regimes of foreign countries. We *COULD* force them, but it wouldn't be cricket - as long as they're playing by the same rules as Switzerland it's hard to have a problem and the UK has been leading the fight on this - so what's your point?

As I pointed out elsewhere the EU avoidance directive is just a poor facsimile of UK law on this, [5] years later. We can only deal with what we can deal with is the issue at hand here.

0
1
streaky
Silver badge

Re: Just say No to Amazon

If you want corporations top pay more tax get the House of Conmen to change the tax laws. It's realy that simple.

There's literally no way to stop this, the way payments move through Europe is *literally* by design of the EU. This stuff isn't in any way complicated. If you tax Amazon fabricating sales in the UK to Luxembourg that's a violation of two of the four pillars of the Single Market (the one you remainers want to stay in). Literally impossible for parliament to resolve (today) - it would end up in the ECJ and we'd be fined millions per day.

You can't moan about this AND want to remain in the EU, it's silly.

By the way because it's a free movement of capital, goods and services viol it would also arguably be a double taxation treaty violation. Only those of us who want to leave the Single Market get to moan about this stuff, it's right there in the rule book.

1
2
streaky
Silver badge

Re: Turkeys stage a referendum on Christmas.

How can HRMC do anything about a tax situation created by one of the pillars of the EU?

0
4
streaky
Silver badge

Re: Just say No to Amazon

until they pay the same level of tax as a UK based business would on that profit.

March next year when they can't book UK sales to RoI, Luxembourg, others any more. Be there and watch the fun. See also Google, Facebook, Microsoft, Apple and others. One of the reasons high up on my list of reasons to leave (it's a long list but this is a pretty good one) - the open door policy the EU has to taxes, making states pay the costs of companies like Amazon selling in the UK but allowing them to pay taxes where they feel like no matter how synthetic the relationship in the transactions. No wonder tech companies love the EU so much.

By the way before anybody does what some smart arse tried to do to me the other day on twitter, the EU tax avoidance directive is a very late and very poor copy of our own tax avoidance rules - and it most definitely does not deal with this problem.

1
3

OpenAI bots thrash team of Dota 2 semi-pros, set eyes on mega-tourney

streaky
Silver badge
Terminator

Kappa

This story being a confluence of things that interest me, and being 5+ years into my Dota learning curve (which makes me a complete noob) and having watched the games I could break all this down, shame it's 6am, had I realised that el reg was covering this (should have know, being Paris Hilton related) I would have commented before now and cleaned up some of the insanity.

0
1
streaky
Silver badge

Are there any good games that don't rely on APM and click-speed, but more on considered strategy?

Dota?

0
1

Cache of the Titans: Let's take a closer look at Google's own two-factor security keys

streaky
Silver badge

Re: Ah, the tyranny of choice ...

A "soft" yubikey would add to the market take-up of this technology

Yeah and it'd be about as useful as SMS 2FA. Right reddit?

The point of a hardware token is you can't just pull keys out of them because they're isolated and usually have mitigations from physical attacks (spot the problem with a soft key). We've been doing this for decades and we have the solution. It goes on your key right, it's cheap and it's easy to use. Not sure why people need to confuse a simple problem.

3
1

Brit web host biz UKFast gears up to IPO on London Stock Exchange

streaky
Silver badge

Expanding

Lawrence Jones, CEO at UKFast, told us the national tech market was expanding, and “a float gives us the funds necessary to capitalise on the opportunity

But muh brexit!

0
1

Microsoft Visual Studio Code replumbed for better Python taming

streaky
Silver badge

Re: If you want proper Intellisense, use a statically typed language

C# is a nice language, but the statically typed bit and relationship to intellitype is pure unadulterated nonsense.

0
1
streaky
Silver badge

Re: Visual Studio 2017 is still a mess full of bugs and no ISO installer...

Visual Studio Code *is not* Visual Studio. They're completely unrelated. Are people actually getting them confused? Actually yeah that is on Microsoft really. If you're off Windows, use your package manager. If you're on windows why on earth would an iso be a thing, it's tiny and there's an MSI. Plus also it's 2018, connect up your 56k modem.

1
1
streaky
Silver badge

Re: Where are the holy relics

Problem with the memes is it's far and away the best cross platform IDE that money doesn't need to buy. In fact it's very close to being the best IDE full stop.

7
6

No, seriously, why are you holding your phone like that?

streaky
Silver badge

Uhm..

I've seen literally every single one of these on display in London with zero sense of irony. People do not know how to use a phone, it's bizzare.

2
1

Ticketmaster breach 'part of massive bank card slurping campaign'

streaky
Silver badge

WHY...

Are people putting third party analytics etc on pages in scope for PCI-DSS. Just why; also why isn't PCI, Visa, Mastercard etc doing anything about it? Think we're overdue some adults in the sandbox who are in a position to give a shit removing card services from these people.

49
1

UK.gov: New London courthouse will focus on crimes of a cyber nature

streaky
Silver badge

Re: Will they fund the specialist lawyers and digital forensics experts?

I don't see why it makes a difference to the courts process. You need that kind of thing in the police and CPS.

3
1

UK.gov IT projects that are failing: Verify. Border control. 4G for blue-light services. We can go on

streaky
Silver badge
Facepalm

Re: [Sniff][Sniff]

Smell that? That's the smell of preparation for control to be taken back.

Nuhuh. And it'll all be better with EU procurement rules.

Oh wait, this is happening under EU procurement rules, wonder if there may be something wrong with them? Maybe not but wouldn't it be nice to be allowed to modify them.

Also btw the remainers, MPs, Lords, press, EU and the executive all confused on this concept of taking back control - and sovereignty - this isn't something for government, it's about voters being able to affect control of exactly this stuff. No more excuses, valid or not, that it's somebody else's fault. That's why a lot of people in government don't like it - because they'll be expected to actually do their jobs.

3
8

Startup bank Monzo: We warned Ticketmaster months ago of site fraud

streaky
Silver badge

Monzo..

Second time I've seen something related to Monzo in a few days.. Has somebody finally decided to actually... compete.. with the main banks?

Tell me you support U2F and consider me a customer.

4
1

The Register - Independent news and views for the tech community. Part of Situation Publishing