1840 posts • joined 16 Jan 2007
It seems to me the question asked doesn't really tell us anything. An organisation might say "none" because it doesn't separate out a specific security role. Maybe it's outsourced, along with other IT functions? And security expertise isn't necessarily associated with box-ticking training and qualifications.
Not that I'm suggesting they're on top of it. That would indeed seem far-fetched.
Re: A decade of poor configuration
Not just the late '80s, when xhost + was still a default. Right into the '90s you could - and inevitably sometimes did - make someone else's computer burst into song, tell a joke, admonish the user, or just fart. You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia.
But we did it for laughs, and drew the line at actually damaging anyone's work.
Oh, and this wasn't even a university. Though it was a research institute funded by (many) governments, so not quite the corporate world.
This BOFH is a rank amateur!
Why does he let tickets in to the system in the first place?
He could take lessons from Virgin Media in preventing that. Alongside never answering the phone (just torture them with menus that go nowhere, adverts, and piped screaming) or the online 'chat' facility (a much more benign "try again later"), you just don't provide any system that could accept a ticket into it.
Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time
Might I point out that you don't have a plate glass exterior wall in your shower,
True. It's clear perspex.
and you do have drapes over the windows in your living room & bedroom
No I don't.
and hopefully there is a door between your toilet and the rest of your house.
There is, but it stays open. Well, OK, I shut it to keep the roomba out if the floor's wet. And occasionally for guests.
But I do have locks on both front and back doors, and indeed a burglar alarm. Nothing to hide, but just possibly something to fear?
Aussies will get their backdoors to services operated by Aussie companies. What happens outside that could be popcorn-time.
In an ironic twist, it was an aussie (Eric Young) who first gave us SSLeay, the ancestor of OpenSSL, back in an era when Oz was part of the Free World and the US was almost-uniquely restricted.
I wonder how you could modify OpenSSL to open a backdoor for malicious third-party-key injection? No, I'm not going to work on it.
 Among developed countries.
Funnily enough, China fuming, senator cheering after Huawei CFO cuffed by Canadian cops at Uncle Sam's request
What immediately springs to my mind is the Sklyarov case. Uncle Sam arrests a man for writing software that was perfectly legal in his own country, where he had done the work. Took them quite a long time to decide no crime had been committed.
[aside] ISTR commentards here taking a robust attitude at the time. I looked for a quote, but Reg stories from the era seem to have lost all their comments.
Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate
Re: Don't feel so bad Ericsson, you probably did us all a favour!
Damn, I must be a freak. On a long train journey, I more often than not find myself in conversation with one or more actual people, merely by virtue of occupying neighbouring seats.
p.s. my O2 4G returned sometime yesterday evening. When I put the phone on the charger around midnight, it was there.
Is anonymity the real issue here?
Fully-anonymised data on this scale must have considerable commercial value to pharma research interested in such things as the prevalence of genetic patterns. If it's explicitly in the public domain, that's fine. If not, then industrial espionage becomes an obvious issue.
IP companies specialising in patents could be a prime suspect here.
Re: The whole driverless car thing
"... a problem that doesn't exist."
So they're lying to us about all those deaths and injuries on the road?
And all those kids who can't go out unsupervised 'cos of the danger are no more than their parents' neurosis?
And all those cars parked willy-nilly blocking everything must be an illusion?
Re: All we can do is wait
Surely a likely candidate is the party itself. Just like in the UK, the party whips ferret out party members' secrets to bully (even blackmail) them on important votes, so a party in the US or elsewhere will want whatever it can find to hold over its legislators when it matters.
That would imply no (or very few) actual leaks. The power is in the threat.
Re: Using facebook to log in to Quora
In what sense "worse"?
If being tracked bothers you, then yes, you're cooperating with them. But for basic security, using OpenID (which I presume underlies logging in with Facebook) beats creating Yet Another Username/Password any day. At least on a site that's less critical than the OpenID provider.
Quick, more boiling oil!
So they're 'protecting' users who do dumb things like re-use passwords ... by doing dumber things like forcing them to deal with extra complexity. Along with all those who would never dream of reusing their Correct Horse Battery Staples. This is broken, so let's double down on it.
Do they also make you identify with memorable personal data? Mother's maiden name, favourite colour, first school, sorta thing? Now that really does feature in data leaks. As if it was even secure in the first place.
Where's the Pratchett icon, for occasions like this when he helps translate AAARGH to a half-decent LART?
Re: Other screw-ups
Safe aliases for 'rm' are a good thing to prevent this!
Aliases for standard system commands are pure evil. They bugger up expectations, both for those who know the standard commands and may react unpredictably to unexpected behaviour, and for those who come new to the aliases and are then surprised by the real thing.
If you want an "rm" you consider safe, use something else for the alias. "del", for instance.
Re: Why use a revision control system?
Code used to be backed up to tape too. It was obsoleted by revision control systems.
First code I ever wrote had to be saved to tape for every increment. 'Cos we didn't have discs back then, and a simple bug would commonly require a several-minute reboot (from tape) and restore (ditto).
But revision control had already existed for some years: sccs goes right back to 1972.
The dingo... er, Google stole my patent! Biz boss tells how Choc Factory staff tried to rip off idea from interview
Re: police-requested guest registration
Most countries seem to be a bit random IME. I've had hotels in Blighty, as well as various other countries in Europe and elsewhere, ask for my passport or comparable ID. And others that take a more relaxed attitude.
They do all seem to want a creditcard on booking and checkin. And recently they don't bother with it on checkout, which implies the capability to debit it some days later than reading it. I should hope that works with a single-use token rather than storing the whole thing!
There was no such thing as a Rubik's Cube in the 1970s.
OK, there was a magic cube that you could easily scramble but was harder to unscramble. I still have a vintage example from November 1979. But it wasn't until 1980 that it hit the shops and acquired the "Rubik" name.
 I can place it that precisely because it was my first term at Cambridge, when I regarded it as a practical exercise in Group Theory - one of the term's main courses.
My most memorable story of fixing not-broken technology comes from when I was about thirteen-ish and had never seen a computer. My granny told me, if I could fix her old radio, I could have it for myself. I changed the batteries, and it worked!
To be fair, at the time I was pretty handy with electronics, and fixed a few less-trivial things. Come to think of it ... no, you don't want to hear that one.
GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms
Couched in a more convincing spiel, leaving the poor bugger no option ...
Hello telco, this is GCHQ (honest guv). We urgently need to listen to those terrorists: they may be about to attack imminently. Yes of course they're terrorists: the Nether Blighty Sunday Cricket League is just a front! Yes, NOW, we can't wait while you complete all the red tape: that'll be too late, and your refusal to cooperate will be responsible for many deaths!
Re: click this
You need to get over it. Language evolves.
Click may have some historic association with a sound, particularly in an era when computer devices had horrible artificial "click"s that were supposedly reassuring to people making the transition from mechanical typewriters. But that's now historic, and (in a computing context) the word "click" is now an action.
Re: Spoilers in Tech Docs!
A recipe I like is to write the techie explanation in the middle.
Above it, a simple note "for quick step-by-step guide, scroll down to <anchor>".
Below it, those step by step instructions. Any critical gotchas refer back to the explanation.
But then, the kind of instructions that say "click OK or cancel" don't feature in my world. I'll google when something is a bit less obvious than that.
Over here there are initiatives to let people participate in installations on other people's roofs, including public buildings.
Here too. But the subsidies are far, far less. And yet we who don't have our own roof and so have to resort to investing in public facilities get pointed to and labelled "fat cat investors".
Re: Smart meters do not save energy
In contrast, smart meters can disconnect individual users for short periods (load shedding)
I have an old dumb meter. I don't know how many of my neighbours have smart vs dumb meters. But we all get disconnected depressingly frequently. It's called power cuts.
A smart meter wouldn't change my usage much. But I can envisage a future world in which my dishwasher can be set to run when the supply tells it is cheapest overnight. Those who have electric cars will have a similar situation on a much bigger scale.
Re: Home security problem
Do you know anyone who doesn't flush a bog within an hour of falling out of bed in the morning?
That might not register. Some people have alternative sources of water to flush the loo. In my case, when I empty the dehumidifier. Doesn't happen every day, but often enough to be at home without using that flush from time to time.
In any case, isn't the discussion based on a false premise? The OP's premise appears to be Debunked here.
Other countries seem to be spending much less and achieving much more rollout. Which suggests the problems we have arise from our system rather than anything inherent in the technology.
My home broadband is a 4G connection (not via the 'phone, though I have that as emergency backup since it's on a different network). Cost is rather less than fixed line phone+broadband or a virgin cable Heisenconnection.
I shall await with interest what deals appear for 5G, and whether it becomes as ubiquitous in 'puters as wifi is today.
Oh, I wish it could be Black Friday every day-aayyy, when the wallets start jingling but it's still a week till we're paiii-iid
Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.
@Jimmy2Cows - I guess that was directed at me?
It was a reference to the magical thinking that makes IT a "solution" to a problem. As opposed to a means to implement a solution. Brexit seems to be the leading example of that today: those calling for a technological solution seem to be missing the idea that there needs first to be a political solution to implement, and denying all efforts to reach a political solution.
Re: View from the inside
Then tell management what's wrong. Senior management if necessary, and write a detailed memo (the process of which will help anticipate possible attacks on your analysis). Discuss it with any colleagues you can trust.
If that goes nowhere, blow the whistle to the press! At this point, your memo is your chief weapon in being taken seriously.
I should add, I myself failed to do that at the beginning of my career. I just left two jobs where I'd been doing such useless work. In retrospect I regret my lack of self-confidence. By the time I hit 30 I was successfully avoiding projects like that.
Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.
Exactly. It's an entirely false dichotomy. IT is a means to an end, no matter what magic properties the brexiteers may endow it with in their imagination. Insofar as it helps the NHS in its goal of treating patients better (whether directly or indirectly - e.g. by supporting admin), spending on it is justified.
A survey that puts IT in opposition to the goals it supports is somewhere on a scale from disingenuous to clueless.
You seem to be seeing a grey area there.
I'd fix it by a per-call levy initiated by recipients of nuisance calls. Say, a button you could press that would initiated an automated penalty payment of £1 for the call, administered by the telcos. With basic safeguards against malicious or accidental activation, like a threshold number of calls before penalties start.
Proceeds to go to charity (less a small admin charge determined by ofcom), in the manner of the Lottery.
Re: Memories ...
Those were the days, when documentation existed and actually contained decent information. You could have three folders (paper variants) open at once, see the entire pages and still be working on a console ...
Where the **** did you work?
My overwhelming recollection of documentation in pre-google times was of the gap on the shelf where whatever-I-wanted should have been. Noone knew who had it, except that they'd long since left the company.
Online docs are a true liberation. Doubly so now we have desktops big enough to keep as many pages as we need open.
This is why I hate agencies. They are in it for the commission, nothing more.
Never mind agencies. It's happened to my CV when it's been my then-employer (as a permie) trying to contract me to its client.
Client asks about $foo at interview. I reply honestly I know nothing about $foo. "But your CV says ..." "I've no idea who edited that, but it wasn't me".
We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist
Re: >If you want to parse Reg headlines, you need to learn to read from the tabloids, not Cambridge.
I did actually go to Cambridge and that's why I can parse el Reg headlines.
I did actually go to Cambridge, and it has nothing to do with my ability to parse Reg headlines.
I guess it's all about cultural context. Not a binary thing, just usages that are a little less familiar in forn' parts. Our perplexed 'merkin friend finds himself, like Eliza Doolittle, with the language but not quite the nuances.