Posts by The Mole

Not just limited to the EU

Government agencies have a history of skirting round the rules of not spying on their own population by asking a friendly foreign agency to do it for them. I'm certain that if this came to pass the NSA/CIA would have a fast track route to getting these certificates, whilst China would quickly compromise all these government run CAs.

The browsers on the other hand I'm sure will strictly follow the rules and not ban the CAs, they will just provide straight forward integrations to third party open source databases which may cause the CA to be banned completely independently of the browser manufacturer.

Re: Going the way of Dodo bird

Think I might have to Ask Jeeves about this

Re: A drop in the ocean

Without the ERP system it seems like they have no way to even know if the books are balanced let along work towards balancing them. Its not the only factor but is no doubt a big contributory factor and example of how the council was running everything. As they have said on other stories it isn't the whole but it is the part of the story the technical audience of El Reg are most interested in.

Re: The risk with Robots.txt

Fundamentally it shouldn't matter if you tell all and sundry that directory Y exists. If you want to protect it you need to have appropriate security to protect it, just hoping nobody guesses / finds out the directory name isn't security.

Now you do need to ensure that merely knowing the directory name doesn't give information away (CompanyXTakeoverBid would be a bad name) but a directory name like secure doesn't tell people much.

Re: On Screen Keyboard

On windows I don't believe this, but in the days of DOS it does sound much more realistic. They didn't want the keys to display whilst the user was typing so avoided the standard APIs and so used a low level API which returns the key codes. (That era would also explain why someone though a hard coded password was a good idea).

Now, either this was a dos program running in windows, or the part about remoting in was complete embelishment.

Re: "will reveal the actual price only once the tool becomes generally available"

Its sensible practice. Now they've pre-announced the price they can see how bad the outcry is before deciding whether to stick with it or pick another value - whilst avoiding headlines about u-turns and the like.

Re: Critical thinking

Why so negative about language evolving? You say that Monetize is lazy, I'd argue its much more efficient (and according to here https://www.etymonline.com/word/monetize#:~:text=monetize%20(v.),%2B%20%2Dize. the word has been around since 1856).

Longer more complex sentences are harder for the brain to process, hence why the English language has such a large corpus of words. Normally their are also additional connotations laid onto the word which may not be reflected in its basic definition. E.g. listicle isn't just an article being a list, it implies it is probably a list of something trivial, full of adverts and likely just read for pleasure or amusement, rather than for more academic purposes.

Re: "The root cause is now under investigation."

Not wanting to defend the Royal Mail but what you have forgotten is that total volumes of mail has dropped significantly (https://www.statista.com/statistics/1006816/royal-mail-volume-of-parcels-and-letters-delivered-uk/).

The universal service obligation means many of RM's costs are fixed - the time to deliver 100 letters to a street or 200 letters to a street is pretty much identical so the cost would be fixed but the revenue half. Cost increases are an attempt to keep sufficient revenues coming in, not making excess profit.

Its a deadly spiral though, The fewer letters posted the more it costs per item, which in turn means fewer letters get posted. Not helped by competitors not having a universal service obligation so can cherry pick just the profitable areas without the loss making ones.

Re: Dear Personnel Department

The odds are that picking x applications at random (that meet basic criteria) and just employ them may not have any statistical difference to doing an interview process (AI aided or not).

Re: Sponsorship...

Low to zero. He's not exactly been favourable to them in the past, and his research focus over the years make it clear about his views: https://www.cl.cam.ac.uk/~rja14/

Besides Google, Facebook and their ilk probably wouldn't be that bothered by doing mandatory client side scanning as that gives them the slippery slope to include additional data into targeted advertising

Re: That $2000 job

My guess is somebody asking for a quote.

If assume it's only an hour's work, or perhaps even no fee to confirm if there is a free encryptor to decrypt the files.

Re: Too bloody many

Not really, in the Roman arena it meant agreement/acceptance of the gladiator holding the sword over someone's neck to kill him. Except (apparently) sometimes the gladiator asked the opposite question of should he be spared and then thumbs up meant agreement to him being spared.

Re: QUIC can do what TCP cant

Not quite. The issue that QUIC tries to resolve is where client A and server B both support feature X of TCP, however because box x in the middle does some 'manipulations' they can't actually use it due to the box in the middle breaking the situation, even though the negotiation to activate the feature succeeded.

Missile vs hot air

Which raises an interesting question.

Are hot air balloons hot enough for a heat seeking missile to get a lock?

Re: App Store Pricing

Historically Apple phones have been premium purchases and brought as a fashion icon rather than purely on technical merits. People choose android are more likely to be price sensitive and either

a) don't have enough money to spend on an iPhone or apps, or

b) are more careful with their money so don't waste it on apps

Of course some apps are good value, and some android users will part with cash, but demographically iphone users are likely to spend more due to it being bigger spenders who buy into the platform.

Re: Theft of electricity?

The difference is that with phone tappers there was physical electricity flowing from A to B. There was a positive charge they could charge you for so to speak.

In this case there is no direct flow of current. It may induce extra electricity to be used by your device, a tiny amount of packets may flow up the phone line (or fibre optic cable) but that's immaterial. You're into the realms of saying that if someone triggers your PIR security light then they owe you for the electricity.

Ultimately if you go to a website you run the risk of them having an animated gif, large jpeg, autoplaying video, ad tracking or other javascript code. Trying to distinguish legally from a poorly written site using excess CPU cycles, through ads and tracking scripts to other more dubious operations would be near impossible and ripe for political abuse

There are many cases where you really really want a stay until the appeal is heard.

If a someone can get a win against their competitor in a lower court and convince the court of an injunction/massive fine (such as in a copyright or patent claim) then that may be enough to drive the competitor out of business.

The competitor may have no revenue coming in until the time the appeal(s) are all eventually heard, even if the appeal is ultimately successful (due to support from better lawyers/experts) it would be too late as the damage is done.

Re: Is this even constitutional?

Last time I checked GCHQ and MI5 are part of the military command. And being signal intelligence and bring technical skills it would almost certainly be GCHQ the job landed with (assuming they aren't already doing it and this is just a way to make it legal/authorized/separately budgeted).

Do yes it won't be the army doing it but will be the military.

Re: Border Bureaucracy?

Are you sure it isn't just a bad translation and they should have been named Few Chefs?

Re: Question

You make it sound like having the motor skills of a toddler isn't impressive - and I've not seen many toddlers who can back flip or jump that confidently and accurately.

Beyond humans there are very few animal species that could do all those actions on just two legs without a tail.

In fact whilst most adults and older children could do the steps, sloped wedges and transition from the blocks to the beam that would be done with more of a stepping jump with a leading leg. I doubt many could do the transition as three, two footed standing jumps without any swaying, repositioning or needing to regain balance on landing.

Re: slack web security

The document containing a list of 100 tenants/ prospective tenants/ supportive parties would put it under GDPR

Re: Verbification*

I've no problem with leverage being a verb in the British dictionaries.

Oxford dictionaries define it as:

verb

1.

use borrowed capital for (an investment), expecting the profits made to be greater than the interest payable.

"without clear legal title to their assets, they own property that cannot be leveraged as collateral for loans"

2.

use (something) to maximum advantage.

"the organization needs to leverage its key resources"

Using leverage as a verb in terms of finance is fine.

The second definition is management speak but even still doesn't really work with the original sentence:

"I [used] the password hash [to maximum advantage]"

Re: Database vulnerability

The requirement to submit the bugs within 2 days implies that it is either FAX or more likely electronic. Even if the machine receiving the submissions on is airgapped from the real database, the receiving machine will still contain the recent data that was submitted and have visibility of the requests coming in. Now you may be able to mitigate that by using public key encryption, but even just knowing the source of the message would help an attacker target investigations on that particular companies haystack.

Re: This months of work from home showed too....

Powerline adapters still exist and I was a big fan of them. During lockdown I got a set to connect up the summerhouse/office which had power but no ethernet. In the end I had to send them back as defective as they just couldn't keep a reliable enough signal - not sure if I was pushing the range of them or just had too much noise on the power cables. The new cat5 cable that I now have has been much more reliable.

Agree, but I imagine part of the reason it is still offline is it needs resealing and refilled with new gas.

Re: EU Commision <> EU Parliament

Sorry to break it to you but the MEPs are selected by the parties (in most EU countries). The public vote for the party they want, and then the proportion of votes is used to determine how many candidates from the parties list gets elected.

So the MEPs are self selected by the parties, but democratically elected through proportional representation, and tough luck to you if you don't think one particular candidate deserves/really doesn't deserve the job.

Or put another way the MEPs are only indirectly elected by the public.

Re: So if

Unfortunately you are wrong on both counts.

Firstly when you make a phone call two parties are involved, you may not have a problem with your phone listening into you the rest of the time, but the other person might. Even if it is only listening into the microphone when the phone is on loudspeaker it could in theory be listening in on the other end.

On the second point there are numerous news stories highlighting the fact that the running joke was in fact accurate. There have been adverts triggering voice assistance up to and including triggering purchases to be made. Some solutions have been done to try to minimize it (such as user recognition and black lists) but if you do a search even Google's own adverts have sill trigger some devices in recent years.

So in a separate story reporting on the press releases you would be permitted to link to the press releases as long as you make no mention of those proceedings? But reporting on the press release and mentioning the proceedings would be illegal.

Re: OK, but

Until of course the facial recognition AI is trained with a training set containing this permutations and so learns how to recognise people in a way more similar to the human brain (although probably with a corresponding drop in accuracy).

Water egress, fungus and mold are likely to contaminate the platters though and make them unusable even if extracted by a data recovery specialist.

My impression is that spying is seen as a game and not something serious (except when politically useful, or when they win) after all we all know everyone is up to it and frequently know who the spies are but let them stay in play (better the spy you know).

Re: Cloud all the way

Yes it was using s post request rather than a nice coachable get request so completely incompetent.

Why they didn't start with a list/map (if you aren't in these areas you are level 2...) Baffles me too.

I don't know the details, but it is clear that this person has mental health issues and quite possibly including paranoia and distorting the fact. Whilst the police don't always act when they should (and other times over act when they shouldn't) I can well believe that they didn't act because the 'attacks' didn't merit it or lacked sufficient evidence.

Similarly I'd probably give his psychiatrist the benefit of the doubt and probably just questioned the choice of any weapon and this was interpreted differently.

Finally I would expect and be appalled if the police did not arrest someone carrying an offensive weapon (particularly if they have mental health issues - not that they necessarily knew this when arresting him). It is not clear that he was actually prosecuted for that once questioning was complete.

I do agree the NHS do not have enough funding and the right support is in place in general, although in this case it does appear he was already under psychiatric care, but treatment takes time and depends on how well the patient is engaging. Assuming the psychiatrist was competent then the line of questioning probably needs to be of how aggressive the psychiatrist should have been in sectioning him - which I personally think should be a last resort based on real evidence of danger and certainly wouldn't want to guess whether that threshold was met here.

My (very limitted) understanding is that whilst there is no cure, there are treatments and therapies that can help slow down the progression of the disease.

If you catch the disease very early and can halt or dramatically slow down the progression then there is a chance the person can lead a nearly normal life. It may even be medicines can be developed to reserve small amounts of damage that aren't effective on later diagnosed patients with much more severe symptoms.

Part of the problem with slow progression diseases is that research into possible preventative medicines (like asprin for heart disease/stroke) takes a very very long time to detect meaningful results. A more sensitive means to track deterioration may help speed up those investigations even if it isn't 100% accurate.

Re: Great work..

No need to imagine, read the really detailed breakdown they have written on how they went about the process and gained access.

Starting problem is that Apple have the entire 17.0.0.0/8 with 27k webservers hosted within it with many targetted at employees or partners. Its much harder to monitor and correlate attacks against that many servers, and I imagine the noise level is extremely high. It appears many servers probably weren't installed/managed by 'IT'.