* Posts by Ken Hagan

8137 publicly visible posts • joined 14 Jun 2007

BT Yahoo! customers: Why! can't! we! grrr! delete! our! webmail! accounts!?

Ken Hagan Gold badge

Re: A reminder to...

Never use an email *address* that's tied to your broadband provider. You *can* move email *services* in the way that you can move phone numbers.

FTFY

Ken Hagan Gold badge

Re: unless they are old there's no excuse

"Anyone using an ISP for their email or Yahoo is a complete 'kin idiot ..."

That kinda depends on who your ISP is, doesn't it?

Ken Hagan Gold badge

Re: Pay for Email

I think BT customers are under the impression that they *are* paying.

Windows updates? Just trust us, says Microsoft executive

Ken Hagan Gold badge

Trust in a world of externalised costs?

OK, so let's say I trust MS. When it goes titsup and *my* business grinds to a halt, what's the incentive for *their* business to pull out all the stops and work triple overtime until I am in business again? Because unless my pain is their loss, they have a legal duty (to their shareholders) to ignore me.

*That*, Mr Vice President of Bullshit and Pontification, is why only a complete idiot would *trust* Microsoft.

French programmers haul Apple into court over developer rules

Ken Hagan Gold badge

Alternative solution

Walk away from Apple's market share. It's not *that* great and if enough people did it then Apple might get the message. It's not like we're asking them to scupper their own product line. Making their compulsory browser better behaved surely benefits Apple as well as HTML5 fans.

TalkTalk gets record £400k slap-slap from Brit watchdog

Ken Hagan Gold badge

@AMBxx: It is the shareholders' job to hold someone senior accountable. Since the fine is a small fraction of the amount that the shareholders pay to the senior management, the shareholders may well take the view that this is a minor slip-up and "these things happen".

These diabetes pumps obey unencrypted radio commands – which is, frankly, f*%king stupid

Ken Hagan Gold badge

"Given that security tends to add complexity and cost to technology products, the chance that companies will adopt the FDA's cybersecurity guidelines fully can be considered to be extremely low. "

Not so sure about that. The potential losses in the resulting court case could offset the savings by several orders of magnitude.

The likelihood of such a case depends on the nature of the vulnerability. For example, if it is a failure to authenticate the sender, then it could happen almost any time two users are in the same room and one of them needs to inject. If it is poor authentication, then it is only a matter of time before garbled commands to one unit happen to be valid commands to another and (again) this "attack" will be "tried" whenever you get gatherings of users.

Malicious exploitation is a different set of risks altogether. It is far more likely to succeed and the resulting death will look like suicide. Are there any potential users of these devices who have enemies (or relatives) evil enough to give that a go? Sadly human nature is not all fluffy kittens, so I suspect the answer to that is a firm "Yes".

Super Cali: Be realistic, 'autopilot' is bogus – even though the sound of it is something quite precocious

Ken Hagan Gold badge

Re: Hell, yeah!

"If the car is not capable of real autonomous driving it should not be advertised as such. "

'Tis somewhat depressing that it seems to have required a rule change to make this point. Still, surely *everyone* knows by now that all verifiable claims made in adverts turn out to be verifiably false, don't they?

British trio win Nobel prize for physics

Ken Hagan Gold badge

place credit

Purely as an observation, Cambridge UK occasionally mentions how many Nobel laureates they have and a fair proportion of those were born abroad, so if the US wants to claim these three then the UK can hardly object.

It probably ought to be credited to the institution(s) that supported them when they did most of the work.

Crypto guru Matt Green asks courts for DMCA force field so he can safely write a textbook

Ken Hagan Gold badge

Re: Little Comfort

If the DoJ are really saying that this law is drafted too broadly, then that's actually a splendid reason to let this case go to court.

No surprise: Microsoft seeks Windows Update boss with 'ability to reduce chaos, stress'

Ken Hagan Gold badge

This job should not exist

To me at least, the job description implies that delivering and testing updates is considered a separate function from developing the software in the first place. Why is the Windows Update manager responsible for anything other than the correct functioning of the WU software that delivers patches? Why are the products not responsible for the quality of the patches and WU is treated merely as a handy delivery mechanism?

Dirty diesel backups will make Hinkley Point C look like a bargain

Ken Hagan Gold badge

Re: 390 Dinorwigs

Except they'd need to be a dam site deeper because windless periods can last a whole lot longer than the few hours that these kinds of plant can actually run for at full capacity.

(And yes, damn pedants, I know...)

South Australian mega-storm blacks out whole state

Ken Hagan Gold badge

Re: Better power grid is needed

If https://en.wikipedia.org/wiki/High-voltage_direct_current is a reliable source, those HVDC lines will need as much R&D as the modular nukes. The present generation are only point-to-point and still limited in capacity compared to the grid as a whole. On the other hand, they might actually get the funding since the technology is as applicable to household windmills as it is to mini-nukes.

Uni student cuffed for 'hacking professor's PC to change his grades'

Ken Hagan Gold badge

Re: If he was as smart as he thought he was

The article covered that. He already had a B so he probably didn't need to alter it. The other students did, though. I wonder if hormones were at work here. At 19, you can be as smart as you like and still be felled by hormones.

Malware figures out it's running on VMs and refuses to execute

Ken Hagan Gold badge

Re: Hide, hide, hide ...

"What is this 'registry' of which you speak ?"

It's a copy of the /etc filesystem, but with all the files pre-parsed so that every program under the sun *doesn't* have to contain full text parsing logic just to configure a few items.

Lethal 4-hour-erection-causing spiders spill out of bunch of ASDA bananas

Ken Hagan Gold badge

Re: insect pedantry

Sound advice for anyone who is annoyed by such pedantry is just to use the word "arthropod" instead. (Crustaceans aren't insects either and there are plenty of those that I wouldn't want to find in my nosh either.) In extremis, try "invertebrate". That will annoy a few purists but it will include slugs, which are yet another thing that I don't want in my lunch.

Brits: Can banks do biometric security? We'd trust them before the government

Ken Hagan Gold badge

Re: “Unlike passwords, physical biometrics can’t be changed"

I thought one of the problems with fingerprints was that they *can* be changed, all too easily, to the detriment of anyone using a (crap) system that assumes they can't.

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Ken Hagan Gold badge

Re: Encrypted HD, right?

On a sane system, the files needed to boot up the system and the files containing personal information would be kept separate, allowing you to encrypt the volume containing the latter without having to encrypt the volume containing the former.

ICANN latest: Will the internet be owned by Ted Cruz or Vladimir Putin in October?

Ken Hagan Gold badge

Re: Just a "clerical function"

Nobody else wants just a clerical function. However, there are plenty of people (and ICANN are a good example) who would be happy to do the job if they were allowed to add money-making or power-weilding extras.

It is because we want it to remain a clerical function that we should keep it away from the private sector (who want to make money) or certain governments (who want to weild power). The USG is hardly perfect, but it can usually be relied upon to do bugger all when bugger all is exactly what is required.

Microsoft Desktop Bridge opens, Win32 apps can now cross into Windows Store

Ken Hagan Gold badge

Re: store as a familiar and 'safer' way to install?

"When Ubuntu started supporting USB3, the drivers weren't back-ported to the LTS releases, and neither was the Unity interface crap, so why should Microsoft do things any differently?"

Because Ubuntu will product a new LTS release within a year or two and won't charge you for it when it arrives. Unless you are bursting for USB3 support (and LTS fans probably aren't) you can just wait. Even if you are bursting, it is possible to upgrade your kernel to one that does USB3 without dragging the applications up to the bleeding edge. (Imagine that, Microsoft, upgrading to the Win10 kernel but keeping the user-space portion unchanged from the one you trust rather than being forced to hoover up a truck-load of fresh bugs. What silly ideas these penguinistas have!)

Ken Hagan Gold badge

Re: store as a familiar and 'safer' way to install?

The sorts of apps that are listed on "some software listing site" are generally (exclusively?) freebies. (That's "free, whether the original author had that in mind or not".) Such things *might* have a champion who is willing to repackage them for the Store and sign for them (I presume everything in the Store has to be signed) but since there is no money involved I would doubt it.

On the other hand, MS are now offering a way to foist malware (if you can get it past the censors) onto the entire Desktop-Windows-using community via a "trusted" platform. The cost to the developer of meeting Store requirements is probably much less than a really nice piece of malware might make in return, so the incentive is there.

Obviously, the harder MS make it to push malware into the Store, the more likely that they make it harder for small ISVs to get their stuff on, too. Those champions I mentioned in my first paragraph may have their work cut out even if they exist.

Map to the stars: Gaia's first data dump a piece of 3D Milky Way puzzle

Ken Hagan Gold badge

Bit of a long-lens-paparazzo then...

"With 106 CCDs and almost a billion pixels, Gaia has a high enough resolution to measure the diameter of a human hair at a distance of 1,000 kilometres."

Now that's what I *call* an invasion of privacy!

Delete Google Maps? Go ahead, says Google, we'll still track you

Ken Hagan Gold badge

Re: Creepy

In urban areas, a post-code might well identify a group of addresses that mostly within 30 yards or so of each other. Combine that with your entirely human tendency to remember the occasions when it was (by chance) scarily accurate and I don't think you have anything to worry about.

Of course, if this is happening to you and you live in sparsely populated country, you may have a point.

Ken Hagan Gold badge

Re: "We've reached out to Google to ask "

"We've asked Google..."

Ken Hagan Gold badge

Re: Not just google

"I can't see how this could work securely unless the banking app could access my contacts."

In Android, it is possible to ask permission on a case-by-case basis, so the app could be blocked by default and ask for permission only when you actually try to use the service that requires the information.

That would, of course, encourage customers to think about security. Perhaps some banks reckon it is more profitable to scare away the security-conscious customers in favour of those who just do as they are told.

Ken Hagan Gold badge

Re: broken sarcasm meter

Also, even if there *were* reasons why your bank might be interested in your contacts, it is a clear violation of the principle of least privilege for the banking *app* to be interested.

So, with the banking app having clearly indicated that it was, at best, badly implemented and, at worst, downright malicious, the banking app gets told where to get off.

End all the 'up to' broadband speed bull. Release proper data – LGA

Ken Hagan Gold badge

Re: Er... ? Comparing different providers to the same property?!

True about shite lines, but a sufficiently shite ISP can make even a good line perform badly.

Microsoft's Service Fabric for Linux hits public preview

Ken Hagan Gold badge

My reading is that there's a new VB runtime in town (or its moral equivalent). This one has been "ported" to Linux, where ported means "completely incompatible implementation of the same original idea".

VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly

Ken Hagan Gold badge

Re: It seem to me

It tells *me* that anyone else selling diesels in the US should be investigated. If the test is so hard that VW thought it was worth the risk of cheating (the company may go under now) then the chances are no-one else can build one either.

Hololens for biz shocker: Surprisingly, it doesn't totally suck

Ken Hagan Gold badge

I think Pokemon Go demonstrates that GPS and mapping are now (almost?) at the point where the real world can be used as a stage. I also know that you're not alone in being uncomfortable with "eyes moving but balance organs static" and AR games are presumably mostly immune to that problem. What I can't imagine is *quite how awesome* it would have been if all those games we played at primary school had been enhanced with a head-up display.

I assume that various groups are already working on these, so the parents of the next generation will spend as much time trying to get the kids to come in as the previous generation spent trying to get them to go out.

Microsoft thinks time crystals may be viable after all

Ken Hagan Gold badge

Re: Buh?

I think the gist of it is that someone with a Nobel to their name (and who therefore presumably knows how thin the ice is this far out) reckons they have identifed a system which *in its lowest energy state* is in some sense "in motion". This is apparently a novelty. Furthermore, a group financed by Microsoft is now going to try and create that system to see if the wacky idea is true.

Self-stocking internet fridge faces a delivery come down

Ken Hagan Gold badge

Re: kick from a cow

That's sounds more like they don't want to be not milked. At the very least, it raises philosophical questions about whether they want to want to be milked.

Ken Hagan Gold badge

Re: Superb!

I assume you have the old-fashioned type of soup bowls -- that is, the concave ones. Modern ones are designed to be more dishwasher-friendly. :(

You should install smart meters even if they're dumb, says flack

Ken Hagan Gold badge
Pint

Re: Omnishambles

My wifi router has a power supply brick rated at 12V and 1A. I presume the unit itself doesn't actually draw that much power. That's about 1kWh (about 10p?) every three days or so. If you've really optimised your home energy use so that this is a meaningful saving, then I'm impressed. Treat yourself to a pint to celebrate, every few months or so.

Petulant Facebook claims it can't tell the difference between child abuse and war photography

Ken Hagan Gold badge

Just a thought...

...but if Facebook are editing people's facebook pages then in my book they have no right to hide behind "common carrier" protections when something appears on their site that is legally suspect. I hope they are comfortable with the consequences of that.

WhatsApp, Apple and a hidden source code F-bomb: THE TRUTH

Ken Hagan Gold badge

Re: Shoddy code reviews...

They did, but it was a case-sensitive search.

Adobe reverses decision to kill NPAPI Flash plugin for Linux

Ken Hagan Gold badge

Re: Does this mean...

If so then I'm not bothered. Most Android devices will never get the update.

(If only they were attached to some sort of global wireless network so that updates could be sent to them automatically, as and when they were produced ...)

Ken Hagan Gold badge
Black Helicopters

But ... why?

Have the BBC decided that HTML5 is too difficult and so they've decided to bung some cash at Adobe instead?

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops

Ken Hagan Gold badge

Re: Just another NTLM hack

If it is an NTLM hack then Microsoft fixed it years ago. NTLM isn't enabled by default anymore and corporate users should have disabled it back in 2000 or so when NTLMv2 turned up.

Funny how Linux supporting (optionally) ancient hardware and protocols is a sign of how great FOSS is, whereas Windows doing the same is a sign of why closed source is evil.

Ken Hagan Gold badge

Re: Oh look, there's a dongle in one of the USB ports of my laptop

"outside the IT security box"

I agree, but is this really, still, considered outside the box? I thought this was common knowledge before I was born? Almost everyone inside an organisation is paid less than the value of the information that they have access to and in most cases there are enough of them with access that you'd never be able to prove it in court unless you caught them red-handed.

Ken Hagan Gold badge

Re: 13 seconds?

@Nick: The ID is, as you suspect, mandatory for some device classes and not for others. Windows implements both per-port and per-ID recognition of devices, falling back on the former only if the device turns out to have no ID.

A question for the hardware people out there: What's the cost of ensuring that your mass-produced devices all have unique IDs (or even "statistically very likely to be unique" ones)?

Ken Hagan Gold badge

Re: Drivers?

I don't think the logged-in user (presumably you mean one of the possibly several users logged in at the console) is the one running any of the code involved, so I don't think their rights would ever be relevant.

I would hope, however, that blocking unknown USB devices (if practised) would be effective.

Life imitates satire: Facebook touts zlib killer just like Silicon Valley's Pied Piper

Ken Hagan Gold badge

zstandard sounds like two ideas in one package, where one of the ideas (a branchless and multi-core implementation of deflate) would have been useful but has been hijacked by a non-standard algorithm.

EU 'net neutrality' may stop ISPs from blocking child abuse material

Ken Hagan Gold badge

"Why has Hanff changed his tune from 2008 after the Phorm trials when he was busy proclaiming that consent from both sender and recipient was needed to make any interception legal?"

Perhaps because blocking is different from snooping. In the latter case, either sender or recipient may be unaware that there is anything going on.

Ken Hagan Gold badge

Re: 'That, however, may be a matter for the courts to decide.'

Er, no. *You* get real. Try and imagine that you are one of the several-nines-percent of the population who can't implement blocking by firing up emacs and hacking a few scripts on their router.

Just because something is arguably legal in some ountry or other does not mean that I don't want to block it, the bottleneck between my ISP and my CP equipment is the logical place to do the blocking, and the professional IT staff at my ISP are the logical people to give the job to.

Ken Hagan Gold badge

Re: Carp

The IWF watchlist might be covered by (a) but there's lots of perfectly legal 18+ material that non-techy parents might prefer to be filtered out by someone with a clue. Likewise, ad-blocking might be covered by (b) but any ISP offering the option would have to argue that out in court against people with very deep pockets.

Someone further up had the idea of offering better routers to consumers and then claiming that the filtering was being done at the consumer premises. Yes, but that still places the burden on the end-user to maintain the filtering ruleset because the ISP can't make it a point-and-click option without getting sued for offering filtering as a service.

It would be much easier to have an option (d) allowing ISPs to offer filtering packages to customers.

Ken Hagan Gold badge

"What if my ISP / Mobile provider offers an optional service (and by default switched off), say at £0.01 cost, to do my blocking for me?"

My reading of the article is that they've thought of that and ruled it out. They seem quite careful to emphasise that the consumer can do it even if the ISP can't, and then they list three exceptions to the rule that ISPs can't, none of which are the option you describe.

So I think the article (and Mr Hanff) have it right and the rules really, really need a paragraph (d) saying it is OK if the customer specifically requests it.

And like many other commentards, I reckon I probably *could* implement it myself if I had the time and energy, but I'd rather pay someone else to think it all out and maintain it and then flick the switch for my line. (Your mileage may vary. It depends on your ISP.)

Pump-priming the new ampere: NIST works to count electrons in silicon

Ken Hagan Gold badge

Re: Bah!

What furor? I don't see anyone who is actually involved in propogating high-precision measuring equipment who is arguing against the desirability of this. Sure, if you buy a ruler at the newsagent then it probably wasn't calibrated by counting wavelengths of anything, but it was almost certainly calibrated against something that was itself calibrated against ... [repeat no more than a few times] ... exactly that.

And those clever engineers building moon rockets would almost certainly have wanted a fairly precise ruler to build the parts for their air-tight capsules, or those engines that burn 5 tons of kerosine per second and only stay solid because they have five tons of coolant (kerosine, as it happens, because they had some handy) flowing past on a one-way trip.

Intel's makeshift Kaby Lake Cores hope to lure punters from tired PCs

Ken Hagan Gold badge

Re: Speeding up web browsing by a fifth

You forgot about the DRM. If the web server at the other end of the wet string and your own PC have to apply and then remove a load of DRM, then CPU may still be the bottleneck at one or other end.

Big data busts crypto: 'Sweet32' captures collisions in old ciphers

Ken Hagan Gold badge

How does it scale?

The half-terabyte of raw data looks like a very unlikely pre-requisite. The average punter would have to max out their allowance for several months to exchange that much. Is the attack still feasible for (say) 100 times less raw data, which would seem to me to be a more reasonable amount to pull over in a single session. (Even that, of course, is 100 times more data than might appear in a truly interesting SSL session, such as a visit to a bank.)

Or am I thinking of the wrong target here?