nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes

* Posts by Nick Kew

1840 posts • joined 16 Jan 2007

25% of NHS trusts have zilch, zip, zero staff who are versed in security

Nick Kew Silver badge

It seems to me the question asked doesn't really tell us anything. An organisation might say "none" because it doesn't separate out a specific security role. Maybe it's outsourced, along with other IT functions? And security expertise isn't necessarily associated with box-ticking training and qualifications.

Not that I'm suggesting they're on top of it. That would indeed seem far-fetched.

College PRIMOS prankster wreaks havoc with sysadmin manuals

Nick Kew Silver badge
Thumb Up

Re: A decade of poor configuration

Not just the late '80s, when xhost + was still a default. Right into the '90s you could - and inevitably sometimes did - make someone else's computer burst into song, tell a joke, admonish the user, or just fart. You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia.

But we did it for laughs, and drew the line at actually damaging anyone's work.

Oh, and this wasn't even a university. Though it was a research institute funded by (many) governments, so not quite the corporate world.

BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol

Nick Kew Silver badge

This BOFH is a rank amateur!

Why does he let tickets in to the system in the first place?

He could take lessons from Virgin Media in preventing that. Alongside never answering the phone (just torture them with menus that go nowhere, adverts, and piped screaming) or the online 'chat' facility (a much more benign "try again later"), you just don't provide any system that could accept a ticket into it.

Nick Kew Silver badge

Re: WooHoo BOFH is back

BOFH is back, Dabbs is missing. Coincidence?

Tech support discovers users who buy the 'sh*ttest PCs known to Man' struggle with basics

Nick Kew Silver badge

Re: Alternatively...

Oh dear.

Dorothy Parker on horticulture springs to mind.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Nick Kew Silver badge

Re: Idiots

Might I point out that you don't have a plate glass exterior wall in your shower,

True. It's clear perspex.

and you do have drapes over the windows in your living room & bedroom

No I don't.

and hopefully there is a door between your toilet and the rest of your house.

There is, but it stays open. Well, OK, I shut it to keep the roomba out if the floor's wet. And occasionally for guests.

But I do have locks on both front and back doors, and indeed a burglar alarm. Nothing to hide, but just possibly something to fear?

Nick Kew Silver badge

Aussies will get their backdoors to services operated by Aussie companies. What happens outside that could be popcorn-time.

In an ironic twist, it was an aussie (Eric Young) who first gave us SSLeay, the ancestor of OpenSSL, back in an era when Oz was part of the Free World and the US was almost-uniquely[1] restricted.

I wonder how you could modify OpenSSL to open a backdoor for malicious third-party-key injection? No, I'm not going to work on it.

[1] Among developed countries.

Funnily enough, China fuming, senator cheering after Huawei CFO cuffed by Canadian cops at Uncle Sam's request

Nick Kew Silver badge


What immediately springs to my mind is the Sklyarov case. Uncle Sam arrests a man for writing software that was perfectly legal in his own country, where he had done the work. Took them quite a long time to decide no crime had been committed.

[aside] ISTR commentards here taking a robust attitude at the time. I looked for a quote, but Reg stories from the era seem to have lost all their comments.

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

Nick Kew Silver badge

Re: Don't feel so bad Ericsson, you probably did us all a favour!

Damn, I must be a freak. On a long train journey, I more often than not find myself in conversation with one or more actual people, merely by virtue of occupying neighbouring seats.

p.s. my O2 4G returned sometime yesterday evening. When I put the phone on the charger around midnight, it was there.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

Nick Kew Silver badge

Re: Not just O2

There are reports of it affecting Vodafone and EE (not so much Vodafone from what I can tell).

Datapoint. I'm using EE 4G, and it's just fine.

Unlike my phone's O2, which has no data.

Brits' DNA data sent to military base after 'foreign' hack attacks – report

Nick Kew Silver badge


Is anonymity the real issue here?

Fully-anonymised data on this scale must have considerable commercial value to pharma research interested in such things as the prevalence of genetic patterns. If it's explicitly in the public domain, that's fine. If not, then industrial espionage becomes an obvious issue.

IP companies specialising in patents could be a prime suspect here.

Waymo's revolutionary driverless robo-taxi service launches in America... with drivers

Nick Kew Silver badge

Re: The whole driverless car thing

"... a problem that doesn't exist."

So they're lying to us about all those deaths and injuries on the road?

And all those kids who can't go out unsupervised 'cos of the danger are no more than their parents' neurosis?

And all those cars parked willy-nilly blocking everything must be an illusion?

Nick Kew Silver badge

Citation needed

'cos a reputable source backing that up (or otherwise) could be genuinely interesting.

GOPwned: Republicans fall victim to email hack

Nick Kew Silver badge

Re: All we can do is wait

Surely a likely candidate is the party itself. Just like in the UK, the party whips ferret out party members' secrets to bully (even blackmail) them on important votes, so a party in the US or elsewhere will want whatever it can find to hold over its legislators when it matters.

That would imply no (or very few) actual leaks. The power is in the threat.

Yet another mega-leak: 100 million Quora accounts compromised by system invaders

Nick Kew Silver badge

Re: Using facebook to log in to Quora

In what sense "worse"?

If being tracked bothers you, then yes, you're cooperating with them. But for basic security, using OpenID (which I presume underlies logging in with Facebook) beats creating Yet Another Username/Password any day. At least on a site that's less critical than the OpenID provider.

STIBP, collaborate and listen: Linus floats Linux kernel that 'fixes' Intel CPUs' Spectre slowdown

Nick Kew Silver badge

Re: He should hug off and mind his own business

It's a Code of Conduct, innit? At least censoring out pink marshmallows[1] isn't weaponising it to attack some poor bugger.

[1] Seen elsewhere in a site with a deliberately silly swear filter.

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Nick Kew Silver badge

Quick, more boiling oil!

So they're 'protecting' users who do dumb things like re-use passwords ... by doing dumber things like forcing them to deal with extra complexity. Along with all those who would never dream of reusing their Correct Horse Battery Staples. This is broken, so let's double down on it.

Do they also make you identify with memorable personal data? Mother's maiden name, favourite colour, first school, sorta thing? Now that really does feature in data leaks. As if it was even secure in the first place.

Where's the Pratchett icon, for occasions like this when he helps translate AAARGH to a half-decent LART?

Sysadmin’s plan to manage system config changes backfires spectacularly

Nick Kew Silver badge

Re: Other screw-ups

Safe aliases for 'rm' are a good thing to prevent this!

Aliases for standard system commands are pure evil. They bugger up expectations, both for those who know the standard commands and may react unpredictably to unexpected behaviour, and for those who come new to the aliases and are then surprised by the real thing.

If you want an "rm" you consider safe, use something else for the alias. "del", for instance.

Nick Kew Silver badge

Re: Why use a revision control system?

Code used to be backed up to tape too. It was obsoleted by revision control systems.

First code I ever wrote had to be saved to tape for every increment. 'Cos we didn't have discs back then, and a simple bug would commonly require a several-minute reboot (from tape) and restore (ditto).

But revision control had already existed for some years: sccs goes right back to 1972.

The dingo... er, Google stole my patent! Biz boss tells how Choc Factory staff tried to rip off idea from interview

Nick Kew Silver badge

Light bulb

Glad to see you featuring this most famous misappropriated patent at the top of the story. It was precisely the thought that came to mind when I saw the headline on your feed.

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

Nick Kew Silver badge

Re: police-requested guest registration

Most countries seem to be a bit random IME. I've had hotels in Blighty, as well as various other countries in Europe and elsewhere, ask for my passport or comparable ID. And others that take a more relaxed attitude.

They do all seem to want a creditcard on booking and checkin. And recently they don't bother with it on checkout, which implies the capability to debit it some days later than reading it. I should hope that works with a single-use token rather than storing the whole thing!

Take my advice and stop using Rubik's Cubes to prove your intelligence

Nick Kew Silver badge


There was no such thing as a Rubik's Cube in the 1970s.

OK, there was a magic cube that you could easily scramble but was harder to unscramble. I still have a vintage example from November 1979[1]. But it wasn't until 1980 that it hit the shops and acquired the "Rubik" name.

[1] I can place it that precisely because it was my first term at Cambridge, when I regarded it as a practical exercise in Group Theory - one of the term's main courses.

Support whizz 'fixes' screeching laptop with a single click... by closing 'malware-y' browser tab

Nick Kew Silver badge

My most memorable story of fixing not-broken technology comes from when I was about thirteen-ish and had never seen a computer. My granny told me, if I could fix her old radio, I could have it for myself. I changed the batteries, and it worked!

To be fair, at the time I was pretty handy with electronics, and fixed a few less-trivial things. Come to think of it ... no, you don't want to hear that one.

Nick Kew Silver badge

Re: Hell is other people

But could she hear you on the non-functioning headset?

Nick Kew Silver badge

One busy chap?

That's good. We need more hands. A new PFY or two (Simon's one has long-since graduated to full BoFH himself). Empire-building, doncherknow?

GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

Nick Kew Silver badge

Social Engineering

Couched in a more convincing spiel, leaving the poor bugger no option ...

Hello telco, this is GCHQ (honest guv). We urgently need to listen to those terrorists: they may be about to attack imminently. Yes of course they're terrorists: the Nether Blighty Sunday Cricket League is just a front! Yes, NOW, we can't wait while you complete all the red tape: that'll be too late, and your refusal to cooperate will be responsible for many deaths!

Capita seeks new networking chief: Up for it?

Nick Kew Silver badge

Re: Fewer Things Better

But they do at least one thing very well indeed.

They provide commentards and others with a general object of derision. Can be good for letting off steam.

Oz opposition caves, offers encryption backdoor compromise

Nick Kew Silver badge

their best assistance in understanding the nature and the content (where we have a warrant) of that communication”,

That at least sounds more like the FBI Iphone case than a backdoor.

Perhaps the Reg could point us to the real smoking gun here?

Openreach names 81 lucky locations to be plugged into its super-zippy Gfast pipe

Nick Kew Silver badge

Re: LOL - ever heard of contention?

It's only two decades since I was connecting to a 2Mb national backbone.

Something that looks a little like Moore's Law is happening to our infrastructure.

Consultant misreads advice, ends up on a 200km journey to the Exchange expert

Nick Kew Silver badge

Re: Onomatopoeic dinner parties...

Or ring the bell and start taking a piss on the Welcome coir and when the door opens ask them "How's that for an on-a-mat-a-pee'er?"

Is that usage somewhere in ISIHAC's Uxbridge English Dictionary, or is it just my imagination?

Nick Kew Silver badge

Re: click this

You need to get over it. Language evolves.

Click may have some historic association with a sound, particularly in an era when computer devices had horrible artificial "click"s that were supposedly reassuring to people making the transition from mechanical typewriters. But that's now historic, and (in a computing context) the word "click" is now an action.

Nick Kew Silver badge

Re: Spoilers in Tech Docs!

A recipe I like is to write the techie explanation in the middle.

Above it, a simple note "for quick step-by-step guide, scroll down to <anchor>".

Below it, those step by step instructions. Any critical gotchas refer back to the explanation.

But then, the kind of instructions that say "click OK or cancel" don't feature in my world. I'll google when something is a bit less obvious than that.

Shocker: UK smart meter rollout is crap, late and £500m over budget

Nick Kew Silver badge

Re: Before I read the article...

You give them too much credit.

Nick Kew Silver badge

Re: Ca$h...

Over here there are initiatives to let people participate in installations on other people's roofs, including public buildings.

Here too. But the subsidies are far, far less. And yet we who don't have our own roof and so have to resort to investing in public facilities get pointed to and labelled "fat cat investors".

Nick Kew Silver badge

Re: Smart meters do not save energy

In contrast, smart meters can disconnect individual users for short periods (load shedding)

I have an old dumb meter. I don't know how many of my neighbours have smart vs dumb meters. But we all get disconnected depressingly frequently. It's called power cuts.

A smart meter wouldn't change my usage much. But I can envisage a future world in which my dishwasher can be set to run when the supply tells it is cheapest overnight. Those who have electric cars will have a similar situation on a much bigger scale.

Nick Kew Silver badge

Re: Home security problem

Do you know anyone who doesn't flush a bog within an hour of falling out of bed in the morning?

That might not register. Some people have alternative sources of water to flush the loo. In my case, when I empty the dehumidifier. Doesn't happen every day, but often enough to be at home without using that flush from time to time.

In any case, isn't the discussion based on a false premise? The OP's premise appears to be Debunked here.

Other countries seem to be spending much less and achieving much more rollout. Which suggests the problems we have arise from our system rather than anything inherent in the technology.

Mobile networks are killing Wi-Fi for speed around the world

Nick Kew Silver badge

Re: Cost?

My home broadband is a 4G connection (not via the 'phone, though I have that as emergency backup since it's on a different network). Cost is rather less than fixed line phone+broadband or a virgin cable Heisenconnection.

I shall await with interest what deals appear for 5G, and whether it becomes as ubiquitous in 'puters as wifi is today.

Oh, I wish it could be Black Friday every day-aayyy, when the wallets start jingling but it's still a week till we're paiii-iid

Nick Kew Silver badge

Re: Meanwhile in Welsh Wales

Nice one. Though google translate gives "mindless" for your stupid, and thinks Day should be Days.

Nick Kew Silver badge

Re: Meanwhile in western France...

@FrogAndChips: That's not what I call a bargain.

Three courses and wine? Doesn't sound bad for €12.

Nick Kew Silver badge

Stayed in a Hotel recently where the TV

If you can't find an off switch, there's always the power switch on the wall.

Pasta-covered cat leads to kid night operator taking apart the mainframe

Nick Kew Silver badge

Re: RE: Dried Pasta & Stubborn, Unmoving Cats...

But we didn't see a cat do it.

Is your cat called Macavity?

Joe Public wants NHS to spend its cash on cancer, mental health, not digital services

Nick Kew Silver badge

Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.

@Jimmy2Cows - I guess that was directed at me?

It was a reference to the magical thinking that makes IT a "solution" to a problem. As opposed to a means to implement a solution. Brexit seems to be the leading example of that today: those calling for a technological solution seem to be missing the idea that there needs first to be a political solution to implement, and denying all efforts to reach a political solution.

Nick Kew Silver badge

Re: View from the inside

Then tell management what's wrong. Senior management if necessary, and write a detailed memo (the process of which will help anticipate possible attacks on your analysis). Discuss it with any colleagues you can trust.

If that goes nowhere, blow the whistle to the press! At this point, your memo is your chief weapon in being taken seriously.

I should add, I myself failed to do that at the beginning of my career. I just left two jobs where I'd been doing such useless work. In retrospect I regret my lack of self-confidence. By the time I hit 30 I was successfully avoiding projects like that.

Nick Kew Silver badge

Hmmm. Not sure how useful paper is at performing an MRI scan?

Nick Kew Silver badge

Re: Once again. Technology should *not* be a goal, but a tool to deliver what the people want.

Exactly. It's an entirely false dichotomy. IT is a means to an end, no matter what magic properties the brexiteers may endow it with in their imagination. Insofar as it helps the NHS in its goal of treating patients better (whether directly or indirectly - e.g. by supporting admin), spending on it is justified.

A survey that puts IT in opposition to the goals it supports is somewhere on a scale from disingenuous to clueless.

Merry Christmas, you filthy directors: ICO granted powers to fine bosses for spam calls

Nick Kew Silver badge

You seem to be seeing a grey area there.

I'd fix it by a per-call levy initiated by recipients of nuisance calls. Say, a button you could press that would initiated an automated penalty payment of £1 for the call, administered by the telcos. With basic safeguards against malicious or accidental activation, like a threshold number of calls before penalties start.

Proceeds to go to charity (less a small admin charge determined by ofcom), in the manner of the Lottery.

Microsoft sysadmin hired for fake NetWare skills keeps job despite twitchy trigger finger

Nick Kew Silver badge

Re: Memories ...

Those were the days, when documentation existed and actually contained decent information. You could have three folders (paper variants) open at once, see the entire pages and still be working on a console ...

Where the **** did you work?

My overwhelming recollection of documentation in pre-google times was of the gap on the shelf where whatever-I-wanted should have been. Noone knew who had it, except that they'd long since left the company.

Online docs are a true liberation. Doubly so now we have desktops big enough to keep as many pages as we need open.

Nick Kew Silver badge

This is why I hate agencies. They are in it for the commission, nothing more.

Never mind agencies. It's happened to my CV when it's been my then-employer (as a permie) trying to contract me to its client.

Client asks about $foo at interview. I reply honestly I know nothing about $foo. "But your CV says ..." "I've no idea who edited that, but it wasn't me".

We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist

Nick Kew Silver badge

Deniability, old chap

If you have a list, you're open to challenge. And your opponents might have deep pockets for lawyers, too. Awfully messy.

Bright spark dev irons out light interference

Nick Kew Silver badge

Re: >If you want to parse Reg headlines, you need to learn to read from the tabloids, not Cambridge.

I did actually go to Cambridge and that's why I can parse el Reg headlines.

I did actually go to Cambridge, and it has nothing to do with my ability to parse Reg headlines.

I guess it's all about cultural context. Not a binary thing, just usages that are a little less familiar in forn' parts. Our perplexed 'merkin friend finds himself, like Eliza Doolittle, with the language but not quite the nuances.

The Register - Independent news and views for the tech community. Part of Situation Publishing