* Posts by Ken Hagan

8137 publicly visible posts • joined 14 Jun 2007

Buying a Chromebook? Don't forget to check that best-before date

Ken Hagan Gold badge

Re: Consumer Rights?

"hasn't lost any significant functionality."

For a device that is basically useless unless it is network-connected, the absence of security patches renders the device unsafe-at-any-speed. That's a pretty major loss of functionality.

Would *you* do online banking on a PC that hadn't been patched in ages? If so, you'd better hope your bank never gets to hear of it because the terms & conditions almost certainly state that you are only allowed to access that service if you have taken reasonable steps to ensure that the client device is properly patched.

Shiny new toys take backseat in Android Studio 3.5 for now as '600 bugs' squished

Ken Hagan Gold badge

Curious take on AV

AV slowing your system down? Why not switch it off? Google says it's OK, so it must be safe...

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Ken Hagan Gold badge

Re: Is this why a "notepad" app doesn't come with Android?

*My* phone has a microphone ...

Psst. Hey. Hey you. We have to whisper this in case the cool kidz hear, but... it's OK to pull your data back from the cloud

Ken Hagan Gold badge
WTF?

Re: Yeah? sue us.

Yeah, that brewer... Anyone who contemplates running a real-time industrial process control system over WAN has obviously just drunk the warehouse dry.

You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier

Ken Hagan Gold badge

Re: Trust

Yes. They have slaved day and night to make sure that nothing is done to stop the handcart continuing its slow but steady progress towards Hell.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

Ken Hagan Gold badge

Re: A Phd Student?

To me he looks like Bill Gates in that old police mugshot.

Alexa, can you tell me how many Chinese kids were forced into working nights to build this unit?

Ken Hagan Gold badge

Re: Children?

"It's ridiculous that employers are paying 16 year olds a pittance to perform menial tasks under the excuse of training."

It's ridiculous that the task of sticking a protective plastic film onto a screen hasn't been automated. Don't these people know anything about electronics?

Ken Hagan Gold badge

Re: Avoid buying anything from Amazon

Or perhaps: "Avoid buying anything made by Foxconn".

If Amazon, or other customers of companies with dreadful records on slave labour, wish to avoid being tarnished by the same brush then they need only move their production facilities to a part of the civilised world.

In practice, avoiding everything made in countries that enslave their population is going to be hard, but every little bit helps.

Bit of a time-saver: LibreOffice emits 6.3 with new features, loading and UI boosts

Ken Hagan Gold badge

Re: Fourier transform?

But this way, someone techy enough to know what it is and how to apply it to a given problem can create a spreadsheet to give to someone who isn't and who doesn't want learn a separate program.

Googlers hate it! This one weird trick lets websites dodge Chrome 76's defenses, detect you're in Incognito mode

Ken Hagan Gold badge

Li's statement doesn't actually follow from the description in the article. The difference between normal mode and incognito mode is in absolute speed and in variability, but unless you can persuade the browser to run your website in both modes (in which case, why are you bothering?) you cannot actually observe the former (*) and so the only evidence of incognito mode is the reduced variability, which should be pretty easy to fix with a random sleep. Even better, since the random sleep only happens in incognito mode, it won't even hurt your main benchmarks.

(* Other commenters have noted that the absolute difference is that of spinning rust versus memory, but still others have noted that any half-decent caching scheme will conceal that.)

The sea is dangerous and no one likes robots, so why not send a drone on rescue missions?

Ken Hagan Gold badge
Happy

Re: Crapita

"as Flashheart's driver"

New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption

Ken Hagan Gold badge

Re: Easy solution

"Facebook, Twitter, et al"

...where "et al" includes all online banks and shopping sites. I would add government websites to that list, but I'm not sure how many useful services are actually available online.

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

Ken Hagan Gold badge

Re: am i missing something?

Why would they need to develop their own code base. Linux and FreeBSD already exist, are tried and tested, using algorithms that have withstood for decades all serious attempts to break them.

Ken Hagan Gold badge

"So, we think bad people use off-the-shelf packages to communicate?"

For the same reason that banks and governments use off-the-shelf packages (and related encryption tech) to communicate. They'd be bonkers to trust some code written by non-professionals.

Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

Ken Hagan Gold badge

They have done. It's called C++. The unsafe language you are thinking of is C.

Ken Hagan Gold badge

Re: The problem is Windows (actually MS-DOS) - not the language(s)

In fairness to Microsoft, I believe it is true that you can't write a pre-emptively multi-tasking OS for the 8086 because not all of its instructions are restartable. It would also be pretty flaky because there is no memory protection. I think the 186 fixed the former problem and the 286 (designed after MS pretty much pointed a gun at Intel's head) fixed the latter, but by then there was so much software that *relied* on the flaws of the 8086 that it wasn't possible to actually product a real OS until a second gun was pointed at Intel's head to produce the 386.

Ever since the 386, MS have had a true multi-process, multi-user operating system to run on it (OS/2, then NT) but the plebs refused to run it. So MS pointed a third gun, this time at the plebs heads, by killing off the DOS-based versions of Windows and forcing everyone onto the NT kernel.

Casting MS as the lone heroes, valiantly fighting for securable and scalable operating systems against the forces of darkness, isn't a terribly popular pastime but it isn't *that* hard to do if you cherry-pick your historical facts.

Chrome on, baby, don't fear The Reaper: Plugin sends CPU-hogging browser processes to hell where they belong

Ken Hagan Gold badge

Re: There's another way to make code run efficiently ...

It's even easier than that. You give them old, slow PCs for *testing* software on. They can use the shiny new box for writing it. I don't mind that. What matters is that the separate "test PC" that they deploy to for, er, "testing" should be similar to the target customers' boxes.

(For all the non-developers out there I should point out that any developer who doesn't have a completely separate test system that they can strip down, rebuild and general hack about with to their heart's content to explore various test scenarios ... basically isn't a real developer. They're a script kiddie being indulged by HR with a fancy job title.)

Ken Hagan Gold badge

Re: Or alternatively

Exactly. Firefox has NoScript, which stops the problem happening in the first place, and you can whitelist sites that are well-behaved.

That appears to be a simpler and more reliable way of achieving the results described with this extension.

For pity's sake, groans Mimecast, teach your workforce not to open obviously dodgy emails

Ken Hagan Gold badge

Re: you could do that, but...

"The only employees who are likely to need outside email access in most companies are the sales team"

I'm pretty sure most R&D folks and most marketing types and most HR staff will have sent and received legitimate emails to and from external addresses at some point. I know I do. We have things like suppliers and sub-contractors to deal with.

2019 set to be the worst year yet for smartphone market as lack of worthy upgrades dents demand

Ken Hagan Gold badge

Re: 5G around the corner and nothing very compelling to upgrade to.

"The only next obvious killer update is going to have to involve massive improvements to batteries "

Here's an idea then ... make the battery replaceable so that you don't have to chuck out the phone after a couple of years.

I can't be the only person who thinks it is suspicious that the willingness to splash out an arm and a leg on a new phone started to peter out when those new phones started having the built-in obsolescence of a non-removable battery. We regularly rail here about the ongoing delivery (or not) of Android updates, but hardly any normal person cares about security. Nearly everyone cares about "having to buy a new phone because the battery won't stay charged for more than a few hours".

Loose tongues and oily seamen: Lost in machine translation yet again

Ken Hagan Gold badge

Re: Brian is listening to music on Radio Blackpool

"I remember reading that The Sun employs English graduates as sub-editors because they are able to express ideas at the 12-year-old reading comprehension level for which it aims. You have to know a lot to write simply."

I have heard something very similar from a relative who had been employed in that (or very similar) capacity by The Sun.

The great pity is that we were all 12 once and somehow most of us appear to have lost this skill.

IBM torches Big Tech's get-out-of-jail-free card, says websites should be held responsible for netizen-posted content

Ken Hagan Gold badge

Re: Seems reasonable

"Fundamentally this is a good idea as prevents shysters from shaking down a site because Bubba the Yahoo posted something nasty."

No, it's really not. It allows the site to use Bubba the Yahoo to take the legal flack whilst the site owners get to sell ad space on either side of "Bubba's" page. Everyone knows this, just as everyone also knows that if Bubba gets thrown off the site he will just re-appear under a new free email address the following week.

Society has to figure out where the line is drawn between public statements (subject to legal action) and private ones (typically not, as in the case of the average pub conversation). At the moment, social media sites put themselves forward as having the intimacy of private chats, but with the reach of public announcements. It isn't working. IBM can see that and don't want the baby thrown out with the bathwater when the blunt instruments of legislation are finally applied.

Ken Hagan Gold badge

Seems reasonable

Social media's business model is "selling ad space on a conduit that people are attracted to precisely because they can post whatever they like". There are obviously legitimate uses of such a facility. Equally obviously, there are illegitimate ones. If you can't filter out the latter, then your business model is unimplementable within the law.

Sorry, but society doesn't owe you a business model. Find a new one that you can keep legal.

I note, for example, that most B2B scenarios would have fairly good authentication of who is posting and so action could be taken against those who abuse the facility and in a business setting that is probably enough of a deterrent. Amongst the general public, however, the authentication is almost nil (how easy is it to create a new and basically anonymous account?) and even if you can identify an abuser, the likelihood that either you or the platform can take action against them in any legally useful sense is almost zero. IBM's defence of B2B use-cases is therefore more than just defending their own turf -- it actually makes sense.

'It’s not a surveillance program'... US govt isn't going all Beijing on us with border face-recog, official tells Congress

Ken Hagan Gold badge

Re: <shouty>Follow the blue line!</shouty>

...and of course you don't know they are American citizens until you've facially-recognized them.

Take the bus... to get some new cables: Raspberry Pi 4s are a bit picky about USB-Cs

Ken Hagan Gold badge

Re: Let me get this straight

"Most of the micro USB connectors I have have some kind of tactile keying for orientation..."

That's nice, but I have two e-Readers with the sockets mounted opposite ways up. People keep saying that I just need to make the logo face up (or forward), but my experience over 20 years is that this rule has only been true about 50% of the time. Reversible cables/sockets is the only sensible solution.

It's 2019 and SQL Server can be pwned by an SQL query, DHCP failover server failed by a packet, Edge, IE by webpages...

Ken Hagan Gold badge

Re: Edge and IE ????

At the time of its original announcement, MS said that Edge was *not* a re-write. It was the IE codebase with all the back-compat stuff taken out, presumably in the hope that what was left would be far simpler and cleaner and therefore easier to maintain and push forward.

If every flaw is common to both, then this might indicates that the back-compat stuff was the only bit that worked, or that the back-compat stuff is no longer being targetted by Bad People, or that MS no longer care about bugs that are in IE only.

Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default

Ken Hagan Gold badge

Re: SMB1 is important

And the upgrade to Win10 from earlier versions is free, just like the Linux upgrades, right?

And the upgrade to Win10 is available without an enforced change of desktop GUI, right?

Ken Hagan Gold badge

Re: Now we wait...

No. We've already had that.

If you are imagining loads of non-technical end-users losing contact with the NAS boxes, then you are probably imagining Windows users, who lost SMB1 support (by default) a little while back. Any users disappointed by this announcement are Linux-heads and presumably know how to modify /etc/samba/smb.conf.

We've also already had the complaints when Microsoft stopped tolerating LAN manager passwords and people discovered that their NAS had been configured to use those and the NAS box's smb.conf was not accessible because the vendor had locked the device down.

Let's talk about April Fools' Day jokes. Are they ever really harmless?

Ken Hagan Gold badge

It looks more like Javascript and I imagine that "a" isn't numeric and therefore fails all three numerical comparisons.

ReactOS 'a ripoff of the Windows Research Kernel', claims Microsoft kernel engineer

Ken Hagan Gold badge

Re: @heyrick - Sounds like a bored dev is trying to make a name for himself

Not this one. Your error is in the phrase "a large scale product". IBM thought the PC was a dirty little thing to get customers hooked on computers, at which point they would open their wallets to buy a proper one. (And then the PC ate their entire business for lunch, but hey ... why would anyone in the computer industry have ever heard of Moore's Law?)

Finally in the UK: Apollo 11 lands... in a cinema near you

Ken Hagan Gold badge

Re: Amazing...

"I've tried doing it with Kerbals loads of time and it's impossible."

Well, if I can be serious for a moment, I saw the film last weekend and that was one of the most memorable features of it. Every step of the voyage is taken slowly enough for you to appreciate that they did it "in one take" without the planners dropping so much as a minus sign at any point.

My particular favourite is (spoiler alert!) the bit where they have to launch back off the surface of the moon and somehow rendezvous with a command module that is hurling overhead at several thousand feet per second. (Er, yes, I'm afraid there are a lot of non-El-Reg units in this film.) If they miss then they die. No pressure...

We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones

Ken Hagan Gold badge

"Walks away, resets phone. Problem solved."

Maybe. Maybe not. If the app contains a tracking facility and you "disappear" shortly after leaving border control, you may have trouble getting out again at the end of your visit. I suggest you delay the reset until you are safely back home.

DeepNude's makers tried to deep-six their pervy AI app. Web creeps have other ideas: Cracked copies shared online as code decompiled

Ken Hagan Gold badge

Re: Just Imagine.....

"Would be so disgusting, will put me off pRon for life."

Sounds easily, technically, than age verification for websites. Perhaps our government should look into it.

Former UK PM Tony Blair urges governments to sort out online ID

Ken Hagan Gold badge

Re: "trying to come up with new forms of ID card"

Indeed, but if that is the only solution then, at the level of the general population, there is no solution.

Ken Hagan Gold badge

Re: "trying to come up with new forms of ID card"

"My driving licence, in effect, simply says that I claim to be the same person who passed a couple of driving tests over 50 years ago."

That's the most that *any* ID could ever prove. The trick is to make sure that it actually manages even that. Anything that cannot be revoked when compromised, or that can be easily faked, or that is easily left on a USB stick on the way home, doesn't even manage that.

ID is quite hard, like most of the rest of security. One of the tricks that seems to have stood the test of time is "strength in depth". Having a single ID that covers everything is the ID equivalent of relying on perimeter security. Curiously, when it comes to keeping out Johnny Foreigner, our civil servants realise that you need internal checks as well, but the idea of having separate IDs for separate roles in life doesn't seem to have occurred to them.

Human-rights warriors crack on with legal challenge to UK's lax surveillance laws

Ken Hagan Gold badge

Re: Pragmatism

"Personally, I would rather risk being at the sharp end of a terrorist's bomb than have my privacy eviscerated."

Or, put another way, personally you would rather that the only criminals are private citizens, not your own government.

Blighty's online pr0n gatekeepers are begging for a regulatory beating, says digital rights org

Ken Hagan Gold badge

Re: nasty breaches ahoy

Actually, I very much doubt that you will find the DoB for a "C. Addict" on public records. Almost no web sites know who you are, beyond the fact that you are the same person you were yesterday.

Stiff penalty: Prenda Law copyright troll gets 14 years of hard time for blue view 'n sue scam

Ken Hagan Gold badge

Is there a lawyer in the house?

I'm puzzled. If it was legal for them to distribute these videos via Pirate Bay then presumably it was legal for others to download them once there. If it wasn't legal to put them there (*), surely they are opening themselves up to a much larger lawsuit from the actual copyright holders.

Also, is this not a possible defence for the downloaders? If, for example, I buy a CD on the High Street and I later find out that it is counterfeit then, yes, I have a duty to stop using the CD, seek compensation from the shop, and inform the police. However, if I do all those things then I would not expect the copyright owner to have much of a case against me. (Mens Rea and all that.)

(* I'm guessing it wasn't, since the music industry has spent about 30 years trying to enforce this very point.)

When customers see red, sometimes the obvious solution will only fan the flames

Ken Hagan Gold badge

"Come Monday morning, the site is still down, the domain is still unregistered, and the client is threatening legal action if we don't do something..."

IANAL but I *think* that is basically an instruction from them for you to register the domain, which means you have their permission to domain squat.

Ken Hagan Gold badge

Re: Ive been the dumb user...

Only a fool would take that bet. By the way, are you *sure* she is now your wife?

Those darn users don't know what they're doing (not like us, of course)

Ken Hagan Gold badge

Re: Scope Creep

"so feature-rich and user-interface-poor that they might as well be considered fully-fledged *headless* computers"

FTFY

Please be aliens, please be aliens, please be aliens... Boffins discover mystery mass beneath Moon's biggest crater

Ken Hagan Gold badge

Re: It's the core - hand-waving maths for fun

Surely the El Reg unit here is the exa-airbag?

Idle Computer Science skills are the Devil's playthings

Ken Hagan Gold badge

Re: Minor note

The "rule" usually cited in this context is that quotes gravitate to the more distinguished culprit. How sad for poor old LBJ. :)

There's a reason why my cat doesn't need two-factor authentication

Ken Hagan Gold badge

Re: Simple

These chips ... presumably they are mass-produced and if you know the right runes you can product a device that responds in the same way as the chip that was surgically embbeded in <insert victim here> and which is prohibitively difficult to change.

Thing about cats is ... no-one actually wants to impersonate a cat.

It's official! The Register is fake news… according to .uk overlord Nominet. Just a few problems with that claim, though

Ken Hagan Gold badge

Re: Just my opinion!

I think you will find that this is *not* "Just my opinion!".

Ken Hagan Gold badge

Re: Cockwomble in Chief

"This isn't murder, it's more like pest control, [...] Four more years of the Caped Cretin and we are royally screwed."

He was elected. If you murder him, those same people will elect someone else. If you want to excise your aggressive cancer, you are going to have to persuade rather-a-lot-of-millions of people that you are a smart person looking to put them right on an important point. Putting bullets into your enemy, or inviting others to do so, is not a good start to your PR campaign.

Oh ... and describing other people as "pests" is disturbingly similar to something that some other guys did sometime back when. That's not a good look either.

Mozilla returns crypto-signed website packaging spec to sender – yes, it's Google

Ken Hagan Gold badge

Re: Web, the new desktop...

Did you bill them for the WORD licence?

Truth, Justice, and the American Huawei: Chinese tech giant tries to convince US court ban is unconstitutional

Ken Hagan Gold badge

Re: Deepest pockets?

An interesting choice of phrase, there. "China" isn't yet the target of the ban. However, if the court decides that Trump is picking on Huawei then the likely follow-up would indeed be the extend the ban to all Chinese companies on the (not unreasonable) grounds that they are subject to Chinese law in the same way that US companies are subject to US law. We *know* that US companies can be compelled to perform actions in secret for the US government and it is inconceivable that Chinese companies cannot be leant on in similar fashion by their own government.

Basically, you can't trust *any* foreign company if you can't trust their government. You never could. The only new feature here is that the US has pumped so many dollars into China over the past couple of decades that it now finds itself dependent on Chinese companies in a way that it was never dependent on Soviet ones during the Cold War.

IEEE tells contributors with links to Chinese corp: Don't let the door hit you on Huawei out

Ken Hagan Gold badge

Re: If it hadn't before...

I think it is always "police have", since police are plural. However, in the UK you will find many who say "the police force are" but I think this is much less common in the US, where the traditional grammatical rules insist that a force is singular, no matter how many police are in it.