* Posts by Halfmad

881 publicly visible posts • joined 16 Jan 2013

Meta strikes blow against 30% 'App Store tax' by charging 47.5% Metaverse toll

Halfmad

Re: leaving $0.53 for the Creator before any applicable taxes

No doubt their 47% will somehow result in almost or absolutely zero taxes going to countries the items are purchased in either because "Meta".

Halfmad

Re: Good news..

Who decides what the disinformation is though?

As per Facebook those with the biggest wallets whether it's Russia, US, UK etc.

Elon Musk's latest launch: An unsolicited Twitter takeover

Halfmad

Re: Money can't buy maturity

He never joined because of the restrictions over how much stock he could own.

That would suggest he planned to buy more from day one.

Google Play pulls sneaky data-harvesting apps with 46m+ downloads

Halfmad

Re: " D-Link suggest that you retire these models ASAP"

Planned obsolescence ?

Even accidental as may be the case here should result in some form of compensation.

Russia (still) trying to weaponize Facebook for spying, Ukraine-war disinfo

Halfmad

Re: Pull the plug , Scotty.

Not the brightest spark are we?

Even if we could disconnect them entirely, what about civilian reporters, journalists etc who are providing the truth of what's going on - do we really want to cut them off too? That's what would happen, the veil would fall and what little scrutiny and independent evidence gathering and exfiltration would stop.

UK Ministry of Defence takes recruitment system offline, confirms data leak

Halfmad

Re: "sources finger Capita-run system"

It's similar in most governmental frameworks or the price is weighted so heavily that other concerns can never be enough to counter balance it.

Research casts doubt on energy efficiency of 5G

Halfmad
Trollface

Smart meter

Obvious solution. I've been told it reduces energy use, government said so.

Idea of downloading memories far-fetched say experts after Musk claim resurfaces in latest Neuralink development

Halfmad

Re: I don't see a problem in his statement.

He spouts about possibilities with little science backing it up. Hyperloop, fake electric truck etc etc.

Sure he occasionally gets it right and he's certainly someone worth following as I do think he's absolutely necessary to have - people pushing for more, better, faster and change but he's not worthy of the idolisation he gets, he's wrong far more than he's right.

Thing is when he is right he makes people wealthy so you can see why they speculate on his BS.

Halfmad

Re: I don't see a problem in his statement.

I think he's been watching too much Harry Potter, they essentially do this in Dumbledores study.

Put bluntly, Musk is an innovator but what he says rarely matches what is done by his companies and in many cases can be proven false by current science or his live displays - his truck glass for instance, his hyperloop which is just currently a 1KM tunnel with human driven cars in LA.

We need people like him but I'm sure investors wish he'd pipe down occasionally with the nonsense.

UK Home Secretary Priti Patel green-lights Mike Lynch's extradition to US to face Autonomy fraud charges

Halfmad

Re: It's complicated

All for it if we have anyone worth considering as a replacement. None of the parties are brimming with ethical competent people these days.

Crack team of boffins hash out how e-scooters should sound – but they need your help*

Halfmad

I'm more worried about us not having any strategy for recycling them, other than landfill.

should be illegal to use until this is in place and ideally owners pay.

You might want to consider the cost of not upgrading legacy tech, UK's Department for Work and Pensions told

Halfmad

Fingers crossed

This is done before I retire in about 20 years. Assuming the retirement age isn't moved again.

Cryptocurrency 'rug pulls' cheated investors out of $8bn in 2021 – report

Halfmad

I don't believe that for a second. I do however think that a VAST majority of people involved CLAIMED to have made good money out of it.

Nobody likes admitting they lost money on something like this to people they know.

Brit MPs blast Baroness Dido Harding's performance as head of NHS Test and Trace

Halfmad
Coffee/keyboard

Plenty of poster boys like that in politics too.

Sh!t floats.

Zoom-o-cracy: Wales MP misses vote, allowing COVID-passport rule change, blames the IT dept

Halfmad

Re: Can't fix

The same type that will grill you over business continuity while having no plans of their own.

Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits

Halfmad

I was a CAD draughtsman back in the 90s on a DOS version of AutoCAD. I remember the costs back then were insane and I joked that one day they'd find a way to do away with the dongles and screw the company over some other way.

Later on I found out about the subscription models they were adopting, constant need for updates etc and realised they'd found that mechanism..

Facebook sat on report that reveals most-shared post for months was questionable COVID story

Halfmad

Re: Why the outrage?

It would be different if they didn't publicly bang on about transparency, fairness etc.

Then do the opposite. This is just people calling them out on their BS.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

Halfmad

It won't, it'd just create more, smaller ones doing the same thing.

Monetary penalties which put the C-suite at risk personally would help.

UK public sector should be mandated to grade procurements with a weighting of cyber security at 20-30%, currently any procurement I've been involved in security is worth at most 5%, in many cases less. While cost will be 40-60% of the weighting.

All that does is mean we buy cheap insecure products over and over again and then people like me are given the impossible task of trying to manage risks around products we thought were horrendously insecure.

When companies fail to get business because they are insecure they will start to take it seriously.

We can't believe people use browsers to manage their passwords, says maker of password management tools

Halfmad

Why on earth would I want to entrust my info to MS or save in a MS keychain?

Eggs in one basket much?

There's little difference between the use of something like kwallet and say bitwarden.

It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month

Halfmad

Re: The way forward?

Not reliable, little change control, zero business continuity etc.

Where does my senior management sign up?

8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election

Halfmad

How do you know both my PINs ?

*calls police*

Nominet is back to 'the same old sh*t' says Public Benefit campaign chief as EGM actions grind to halt

Halfmad

Re: "the company must be run on a commercial basis"

10 Instigate purge

20 Same old sh!t

30 goto 10

'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode

Halfmad

This is just vulnerability management though, doesn't matter what OS or application it is - the same methodology can work fine.

It's not even a Windows V Linux discussion point tbh.

UK gains 'adequacy' status on data sharing with EU, but making that stick all depends on how much post-Brexit law diverges

Halfmad

Re: It's a feature not a bug

Given the way NHS England are planning to use GP data I'm surprised this hasn't been a warning to the EU already.

VMs were a fad fit for the Great Recession. Containers’ time has finally come

Halfmad

honestly because experts are paid to tell us otherwise.

But yeah, fit the tool to the job, not the other way around.

South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group

Halfmad

Re: Why is North Korea connected to the Internet ?

Even if split along national lines it will be trivial to link up a PC to that national "internet" and remotely access it via satellite etc even if there is no physically connection to do so - which there would be anyway thanks to telephone lines.

Even if there's an entirely different networking technology underlying it there will always be a way around it

Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory

Halfmad

Re: Previous approach

and Amazon will ask Microsoft, who will ask Yahoo and they all all cite each other as reliable sources.

The corporate circle jerk will be endless.

UK product safety regulations are failing consumers online, in the IoT, and … with artificial intelligence?

Halfmad

The EU safety regs didn't stop Grenfell, product safety tests done in the UK may not either.

Proper on site surveys of buildings, which used to be done years ago may do so - if the companies conducting them can be held liable should they miss something.

It's not just a case of checking products though, especially in construction and manufacturing but also how they are applied, what methods of treatment are used, what products are near, touching, heating/cooling, have current going through them etc.

It's a bit like welding box sections in bridge construction, it CAN be effective but if done incorrectly introduces stresses within the material which MAY affect performance depending on the type of bridge the box section is part of.

It needs a layered approach to safety.

Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority

Halfmad

Re: Erm

This is the problem with Cyber/Info Sec, some products are easier to show ROI on than others and many it's very much a benefit which end users don't see or don't notice e.g. less down time.

I frequently use incidents like this, Wannacry etc to show what can happen and I'm a huge fan of risk assessments as a way to make senior management accountable for what is or is not done. Sadly that doesn't seem to be done in many companies though.

After staff revolt, Freenode management takes over hundreds of IRC channels for 'policy violations'

Halfmad

Don't worry we can shoehorn in "cyber" and "AI" so we get the best buzz words.

Halfmad

Re: Sinking

Almost feels like an attempted to force closure of Freenode to be honest. It's digital self harm.

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely

Halfmad

Re: Windows 10

I'm all for MS bashing but this pre-dates W10 and is entirely on Dell. Doesn't look like they have any interest in updating other operating system drivers according to the article, either that or El'Reg hasn't dug into it any deeper.

Even in the 90s we'd always wipe vendor PCs before deploying, this might have snuck on though if it was part of a driver package and not identified as bloat (which some drivers were).

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

Halfmad

Re: This.

INFORMED consent, not just consent.

They also require that you are not penalised for not consenting, you know like made to jump through hoops to disable individual options, get a spinning "we're changing your settings" dial then a wait for the site to reload.

It should be accept all, accept only functional, reject all or edit. Not what we currently get.

To have one floppy failure is unlucky. To have 20 implies evil magic or a very silly user

Halfmad

Re: I've done the same thing

I use to get called out to primary schools because slot loading imac had swallowed a CD etc. In reality the kids had managed to insert it between the drive and case in a tiny gap above the drive.

Oddly enough I'd normally find lollypop sticks in the drive itself, at £130 a pop.

What the FLoC? Browser makers queue up to decry Google's latest ad-targeting initiative as invasive tracking

Halfmad

Ironically may be the push some users needed to look at alternatives.

I'm not sure moving to Brave (which I use) is a great idea, probably best leaving Chromium based browsers entirely.

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine

Halfmad

Re: This is why a monoculture is bad

I use Brave and Firefox. Brave for day to day browsing, firefox for anything involving money.

I prefer Brave by a long shot but like splitting up the use between them.

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

Halfmad

Assuming they know of the breach most will.

Public sector "has the most breaches" because they are by far (especially Healthcare) far more likely to self-report.

OVH says burned data centre’s UPS, batteries, fuses in the hands of insurers and police

Halfmad

Re: “Some customers do not understand what they bought”

Elevated heat signature..

AKA the server that glows when the lights are out.

Blind man sues Dell over inaccessible website

Halfmad

Re: not overly surprised

Most of those GDPR cookie pop ups aren't compliant with GDPR anyway as they default to max tracking or make disabling any part of them challenging on desktop, nevermind on a mobile device. I was once asked to disable individually the companies I didn't want to track my usage, I think the list was around 110 companies long, each with an individual tick box - or I could accept.

Smartphones are becoming like white goods, says analyst, with users only upgrading when their handsets break

Halfmad

Re: Not a lot of new features?

You mean you DON'T want a folding phone which will be more bulky and cumbersome to use and mean slightly large images and less scrolling?

Me neither, in fact I think it's one of the most daft ideas they've come up with since the last re-try at 3D TVs. No doubt that'll come back around again.

Dropbox basically decimates workforce, COO logs off: Cloud biz promises to be 'more efficient and nimble'

Halfmad

This is my problem too, value.

Dropbox just can't seem to compete with alternatives and rather than realising it's the root cost that's the issue they think throwing useless fluff on top will tempt me. Not going to happen.

I just want the basics, so why can't I have somewhere to backup to cheaply on their service and pay for what I use, rather than what they want to sell me? That's fundamentally the issue - value for money, it's better elsewhere.

Halfmad

Re: Literally decimates?

Also technically decimation in the Roman Legions meant the other 9 co-workers beating the 10th to death. It wasn't a simple execution. It was murdering someone who'd perhaps spent a decade living beside, it was collective punishment, not just for the person with the short stick..

89% of Dropbox's workforce will be largely untouched by these changes.. except IT who will obviously be expected to pick up "the slack" with fewer resources.

SolarWinds takes a leaf out of Zoom's book, hires A-Team of Stamos and Krebs to sort out its security woes

Halfmad

Re: Papering over the cracks

No they took a business decision based presumably on risk.

What's missing is the part where those who took that decision collectively or otherwise are now paying the price of doing so.. which would be another business decision shareholders should be voting on.

World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie

Halfmad

Re: Continued co-operation assured?

Potential we won't too.

How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey

Halfmad

Re: Bucket effect

I agree, CVSS is generally one of several factors to be considered. I always take it as a starting point then look at how that particular vulnerability could/can impact the business.

I've seen some vulnerabilities scored in the low 6s which could have impacted us far higher than many of the routine types scoring 9+ due to how the business operated.

Anyone relying solely on the CVSS score needs to rethink their processes. It's purely a generalised indicator.

SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product

Halfmad

Re: Trust noone

But the pointers were there if we'd looked I'd suggest.

A simple good search for "insert product here" and "anti virus exception" will generally give an idea of whether or not a product is taking security seriously or if performance is king, if performance is even a factor in whether an exception of this kind.

Dell Wyse Thin Client scores two perfect 10 security flaws

Halfmad

Think of it as lots of free happy honeypots on the network.

Unintended.. but fully functioning.

Halfmad

Re: LOL

Or as we use to call them..

Why Guys?

Delay upgrading the UK's legacy border systems has added £336m to taxpayers' bill

Halfmad

and he's missed..

One of the few politicians who'd just say it as it was.

He also said no sane person would plan the NHS to be as it is and the only way to reorganise it is to scrap it and start again to make it fit for the modern era, anything else is moving chairs as insane expense.

It's happened: AWS signs Memorandum of Understanding for fluffy white services with UK.gov

Halfmad

Re: Lock-in by the back door

This is why retention periods for data is so important, less to pull back.

Amazon are a company, not a charity though - so they expect to make a profit and will do what they can to maximise it. I don't hold that against them but I will hold it against our government is it's excessive.