Re: Why, in the name all that's holy..
@MachDiamond
maybe that particular security system had a special wanker detector causing it to misbehave?
Posts by tiggity
3700 publicly visible posts • joined 2 Oct 2015
Page:
Porsche panic in Russia as pricey status symbols forget how to car
Vibe coding will deliver a wonderful proliferation of personalized software
Sunday 14th December 2025 14:32 GMT 
@Roland6
"I’m also a little surprised Mark, given his CV claims doesn’t have the source code to any of the tools he developed. In the context of the evaluation, this code, which almost certainly would not be on any public repository, hence enabling it to be used for code comparison."
I do not have any of the source code for stuff I have written for employers - (fairly standard UK IT employment contracts will always give employer rights to the code you produce for them - some try & claim rights to stuff you produce at home doing hobby stuff too, but they can FO on that aspect). A competent employer (half decent security measure / auditing) will ensure you cannot take source code away with you. *
There is some of code in open source projects (ironically, not committed by me, all based on stuff I helpfully submitted on mailing lists to solve problems people had** & people on those lists thought it good enough to add to the repo, giving me a credit when pushing the commit.
* Yes, there are always further loopholes, even when the obvious email, FTP loopholes etc. are closed (port closed central) & all bar a few websites / IP addresses blocked e.g. unless you work somewhere properly secure, then mobile phones are ubiquitous in the workplace, so nothing to stop you taking surreptitious photos of code on screen, but how many people CBA to do that for code they wrote at work?
** Even more irony, most of those code snippets are in languages that are not in my true core competencies, I just often have a good knack for problem solving (& for "non core" languages the far harder part is implementing that solution in the required language!)
Welcome to America - now show us your last five years of social media posts
Sunday 14th December 2025 14:06 GMT
Visited the US this year*, on my ESTA application I obviously did the none option on social media - I would say it would be interesting to see what happens in future, but as I have a visit to Cuba on my upcoming bucket list of trips then irrelevant as that will ban me from any future US visit for quiet a few years.
* Wildlife watching trip, as vast majority of my holidays are (including Cuba one I am currently researching / planning)
Microsoft won't fix .NET RCE bug affecting slew of enterprise apps, researchers say
Saturday 13th December 2025 21:11 GMT
It's also worth noting that MS helped invent SOAP, & (with a few weird exceptions back in the day e.g. SMTP) it was always promoted as a http(s) protocol (as the method name in the bug strongly suggests!!), When people use framework methods* they do not expect gotchas such as file protocol being supported... and anyone with experience of MS will know their documentation is awful, if I was a betting man I would gamble that the docs for SoapHttpClientProtocol definitely do not emphasise it supports non http(s) endpoints.
* the whole idea of using a framework method from a "big name provider" is that the provider has done a "proper job" and it will be more performant, secure, generally fool proof etc. than "rolling your own" code solution instead. Obviously MS failed badly in this case.
US extradites Ukrainian woman accused of hacking meat processing plant for Russia
Saturday 13th December 2025 20:45 GMT
Not from the US - but I think they need to tweak the phrase "protected computer" (as they obviously were not protected!) & just rename it to "any computer" as it is so loosely defined it covers just about any computer depending how you interpret it (e.g. someone makes a US Amazon order, and source of item is out of sate - and so facilitates cross border commerce making it a "protected computer" )
User insisted their screen was blank, until admitting it wasn't
BOFH: If another meeting is scheduled, someone is going to have a scheduled accident
Saturday 13th December 2025 16:15 GMT
Re: Talk about flash·backs…
Try buildings with (proper* floor based) electron microscopes in them.
Need a big room with a very solid (and thus heavy) floor as stray vibrations are anathema to effective electron microscopy work, and usually need a stable temperature so a lot of work goes into making a suitable room (and they are big & heavy, so even if you were lucky enough to have a room with no vibrations and a stable temperature, would need to eb able to support the machine).
Can be very awkward & expensive to retrofit to existing buildings, if plenty of high res EM work is needed then best option is design the building around the EM requirements.
* that go down to really high resolution & thus vibration & temperature fluctuations are far more of an issue than with e.g. a low res table top device
Dorset Council ditching customized SAP for £14M Oracle overhaul
Saturday 13th December 2025 15:40 GMT
I'm not a sales person in any way - but if you are trying to sell to people with the IQ of a mouldy carrot and who love flattery & bulging brown envelopes*, then I reckon even I could manage it.
Got on well with top sales person at a company I worked with ages ago. The company was fully above board so no showering potential customers with "hospitality", backhanders etc. Sales person hated his job as he lost so many contracts (despite having best & cheapest solution) due to lack of greasing the appropriate palms.
Saturday 13th December 2025 15:06 GMT
Re: £14M Oracle overhaul
@Like a badger
"not in the slightest bit amusing for those who have to live in Birmingham, but they did vote for this council."
Some of the public voted for them, wonder how many did it with much enthusiasm? Many will not have bothered.
I'm not Brum based, but if anything like near me, all the candidates are a waste of space & my ballot paper often ends up as a spoiled ballot*. "AI" is shit, but nearly infinitely better than most of the (insert your swear word(s) of choice) who go into politics at whatever level
* If there is actually someone I can vote for, with UK having no PR system, my choice is typically someone with zero chance in FPTP.
Windows 11 needs an XP SP2 moment, says ex-Microsoft engineer
Saturday 13th December 2025 14:57 GMT
Re: " You point the mouse at the menu, and click and your app opens"
@kmorwath
You must have some very unusual app requirements if you cannot find a Linux substitute.
"Office software", browsers, email clients, graphics tools, compilers & dev environments, databases, video & music players, accountancy software etc, etc are all easy to find.
... and lots of very niche software available as plenty of enthusiasts / hobbyists create open source stuff for Linux.
A surprising amount of Windows apps work in WINE.
About my only Linux bugbear is that no real equivalent of MS Visual Studio Enterprise* (& it will not work fully under WINE) - I use that on my work Windows machine for the day job coding & would be nice to use it** for "hobby coding" on my personal Linux machine.
* as opposed to the smaller & more lightweight MS VS Code, which is fine on Linux
** Mainly for the excellent debug tools, which are far & away the key reason to use it.
UK pushes ahead with facial recognition expansion despite civil liberties backlash
Friday 12th December 2025 08:54 GMT
Re: No worries.
Treat them as far more dangerous than Chinese govt.
As a UK person of no importance, China does not give a toss about me & no "jurisdiction over me" or reason to hassle me.
The UK government, however does have "jurisdiction over me" & lots of opportunity to screw me over (especially as I have been critical of UK government policy, be they Red Tory or Blue Tory over the last few decades)).
Thursday 11th December 2025 11:35 GMT
The cynical may say poor ID is a desirable feature.
As the "sus laws" are long since banned, with a facial recog system throwing up lots of false positives (especially amongst non whites which traditionally the police have preferentially targeted) then very imperfect matching allows a subtle resurrection of "sus laws" disguised by "helpful technology keeping us all safe"
Novel clickjacking attack relies on CSS and SVG
Tuesday 9th December 2025 14:08 GMT
.. and everything I see stuff like this I remember why I have despised "advances"* in web pages & yearn for the days of just basic HTML instead of all sorts of multimedia content delivery** Still, at least you know SVG exploit will not work in classic text only Lynx! ***
* which just add bloat, security holes, etc.
** I'm not who sites like YouTube etc. are aimed at as I don't do watching video / listening to music via a web browser (mainly use the web to find information). But fully aware I am definitely in the minority by taking that approach (stares at partner...).
*** Sadly not much does these days with preponderance of websites that do sweet FA with JS disabled out there
Death to one-time text codes: Passkeys are the new hotness in MFA
Tuesday 9th December 2025 11:56 GMT
Re: One dot login
email address as the unique key - FFS
Do these people live in some weird imaginary universe where people never change email address or just a unique email address for different actions?
Only a non technical and intellectually challenged person could have designed / specced a system as poor as that
Four arrested in South Korea over massive IP camera snooping spree
Wednesday 3rd December 2025 17:05 GMT
Rinse & repeat
For about as long has cameras have been connected to the internet, miscreants have exploited none* / default security settings / poor quality passwords.
By now, people should know to treat cameras with suspicion & assume they may be hacked (be that via poor passwords, a bug that never gets patched* etc.) & give their heads a good wobble if they put an internet connected camera in a sensitive location.
What sort of person thinks an internet connected camera in a gynaecologists office is a remotely good idea?
* back in the day, standard for no creds by default (now, not much better but generally have "default" creds - but if they are same for everyone (or limited variants or predictable patterns) then still fairly useless)
** Quite a likely scenario, even with good password approach you are at the mercy of camera bugs (be that they allow brute force credentials attacks, or have bugs that never or very slowly get fixed, etc.)
X's location tags remind users of the internet's oldest rule: Trust nothing
Sunday 30th November 2025 14:22 GMT
Years ago, worked for a company where we had to have a social media presence.
As I worked in dev, my stuff was to be about "exciting new features" we would be adding.
As we had to use a few platforms I threw something together that would allow me to post essentially the same thing* to multiple social media networks (& had to create accounts** as they were not things I used.
One thing I do recall about Twitter API*** was that you could provide location info you were tweeting from as Lat / Long so I had a tweeting location that was an Easter (Island) Egg
* Twitter (as it was then) was biggest pain as 140 chars back then so my code had to do threaded tweets as a workaround, whereas on LinkedIn, FB it could be one thing.
** And have not been used since, no idea if they still exist as zero interest & cannot remember the creds (I don't reuse passwords & as I had no intention of using those things for anything but that role had no incentive to remember them)
*** Of the social media networks I linked my code with, Twitter was by far & away the most flexible API, though I read Musk has made it non free now & thus essentially destroyed mainstream use of the API
Ex-CISA officials, CISOs dispel 'hacklore,' spread cybersecurity truths
Sunday 30th November 2025 12:44 GMT
Think:
install patches:
Many phones soon become unsupported (android faster than iPhone usually) - not everyone can afford latest & greatest.
A lot of unpatched Win 10 machines as users cannot upgrade to Win 11 (due to artificially high hardware requirements) & a lot of people cannot afford a new machine (or feel confident installing Linux instead)
keep software up to date - see above - not everyone has money to burn, lots of unsupported EOL devices around (not helped by devices happily* being sold to mug punters when EOL imminent & so some "new shiny" is rapidly out of support )
turn on multi-factor authentication - Worth noting that a mobile phone is easily stolen (or just broken) & can become a single point of failure for the many MFA solutions that are mobile based.
They said avoiding public Wi-Fi needless - MITM attacks can occur, you do not have to be a juicy target, credential harvesting has been done by setting up a MITM exploiting Wi-Fi point (if I was doing it, would not be after specific targets, just pick somewhere busy & where some users relatively unfamiliar with the Wi-Fi in that area e.g. a train station, shopping centre etc. & may use my "poisoned" Wi-Fi)
they said never scanning QR codes needless - QR ode scams still ongoing. The big drawback is (especially for less clued up users ) is that with QR code user cannot see URI before activating it, made worse by many default web browser displays (especially on mobile, where user typically doing QR code from) do not clearly show the URI details (again more risk for less clued up users)
.. as @MaChatma CoatGPT 2.0 said " I look at that list of people/companies and alarm bells start to ring"
and echoing @Bebu sa Ware
" more enthusiastic if www.hacklore.org web site didn't require javascript to access anything other than their open letter."
.. needless JS is bad, any half decent security info site should drill into users the risk of JS & try & avoid it themselves.
.. also stares at UK ineptitude at https://www.ncsc.gov.uk/
* Ignoring the cesspool of mobile phone sales & dubious support (Android especially) Microsoft stopped selling new computers with Windows 10 pre-installed at the end of Jan 2023 - though you can guarantee that they were still been sold by retailers long after that date & you have to wonder how many didn't meet the hardware requirements for Win 11 upgrade. Support for Win 10 ended October this year
Cabling survived dungeons and fish factories, until a lazy user took the network down
UK digital ID plan gets a price tag at last – £1.8B
Saturday 29th November 2025 14:47 GMT
Re: System manages to already be broken before implementation starts
It was a total pain for my partner who had to do it as a company director* (who ended up completing the process at the Post Office)
* nothing exciting, we are in the sticks & our cul de sac uses septic tank, has an unadopted road so 1 member of each household is director of a company for the cul de sac that each household contributes to & the company then pays for maintenance tasks such as road repairs, septic tank emptying
Saturday 29th November 2025 14:42 GMT
Re: It's hammer time
@Jason Bloomberg
It was obvious Starmer gang were right-wing & authoritarian - look at their attacks / purges of anyone vaguely left wing, coupled with the anti Semitic scam against Corbyn*
You'll just have to do what I do most elections, look at the candidates on offer, see they are all a waste of space & so spoil the ballot paper.
* Corbyn has many, many flaws but being anti Semitic is not one of them (not being in favour of Israeli genocide is not anti Semitic)
Saturday 29th November 2025 14:33 GMT
Re: No it wouldn't
Processing a passport should hopefully be cheap as mainly online these days (bar posting off your old passport & receiving new one - which does not even use recorded delivery or similar, just normal post FFS! a "most wanted" ID fraud document just floating through the postal system)
.. back in the day needed some "worthies" countersigning your photo as being you when you renewed, none of that these days
Soup king Campbell’s parts ways with IT VP after ‘3D-printed chicken’ remarks
Saturday 29th November 2025 14:09 GMT
Re: I am the Little Red Rooster
.. and ironically, if you are a non veggie making a "meat" soup at home, then you will generally have thrown bones into the the stock base (bones which will be removed after the stock base has gained flavour from them* and is strained).
A good home made (meat flavour) soup will have included bones in the preparation (but you do not want the bones ending up in someone's bowl))
* and, if you ensure stock base slightly acid, can dissolve additional Calcium from the bones (not for flavour, just as a useful trace element we need in our diet)
FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover
Anthropic reduces model misbehavior by endorsing cheating
Praise Amazon for raising this service from the dead
Bossware booms as bots determine whether you're doing a good job
Monday 24th November 2025 17:13 GMT
Re: Sleeping on the job
A fair chunk of development time is spent "thinking" (well, it is in my case) - so periods of no mouse / keyboard action, then a flurry of intense activity, etc. .. Although the general "overview plan" of what you are going to do is planned well ahead, you do, still needs plenty of pauses to think in depth about the detailed implementation each component before you write the tests and then code it.
Dev's last-day-of-contract code helped to crash app used by 350,000 people
Monday 24th November 2025 16:55 GMT
Re: Reading between the lines ...
.. and with proper practices used that troublesome commit would never have occurred as would first have needed code review* with multiple people (of appropriate roles) approving and then it would finally get committed.
* which *should* catch that sort of thing, though confused why any creds in code base as normally appropriate creds for that pipeline are injected in the test instance and (separate creds / system for this) then the deployment instance & never in the code base.
Vibe coding: What is it good for? Absolutely nothing (Sorry, Linus)
Monday 24th November 2025 16:41 GMT
A lot of these "AI" tools are sometimes OK at tasks involving languages such as python, JavaScript etc. ... as they will have been trained on a lot of it. - if a "request" matches well to something in its training data then should expect "AI" to be ale to produce something - which will often be the case for some straightforward / common tasks. An "AI" vibe coding solution, just like all LLM actions, will generally be a numbers game.
How well an "AI" will manage with a more obscure language & given a more unique task outside of any examples it has ingested is a different matter entirely.
Magician forgets password to his own hand after RFID chip implant
Friday 21st November 2025 14:47 GMT
Obviously "mentalist" has traditional meaning in magic acts, but brave to use in the UK (as likely to cause some confusion with those less aware of its historic meaning), given it is a famous Alan Partridge* insult?
I notice from his site that close up magic is one of his skills, if anyone is into close up magic I recommend Jerry Sadowitz (beyond being famous as a (some may say challenging) comedian, he also does some tours focusing on magic (with a few gags thrown in, but not like his stand up performance) - I was very impressed (he has a camera & video display rigged up too so those further back can see its legit & appreciate the close up magic skill)
* for non UK people Alan Partridge is a comedic character created by Steve Coogan.
Google Chrome bug exploited as a 0-day – patch now or risk full system compromise
Wednesday 19th November 2025 21:06 GMT
Re: In general, do not run unknown code on your computers
@JLV
I use JS on very few sites (& various extensions to limit what JS is used even further. It is off by default on ) - as my web usage is mainly for information (not "entertainment" or "shopping") & thankfully a lot of those sorts of sites are fine with that approach to JS e.g. Wikipedia.
Obviously, mine is not a typical use case.
China recruiting spies in the UK with fake headhunters and ‘sites like LinkedIn’
Digital overhaul at UK's NS&I bank is £1.3B over budget and 4 years late
Friday 14th November 2025 14:40 GMT
sluggish emails
As someone with premium bonds I have noticed that if you want to check if you have won after a monthly draw, then your winnings (or usually lack of) are available to check online not long after the draw is done.
But (in the rare event you win) it takes many, many days after the draw for you to receive a "winning bond" email, so that is certainly a bit of their system in need of improvement.
Friday 14th November 2025 14:34 GMT
optional title
Some* may suggest it is not as technically difficult as has been made out, but the companies involved are delighting in making it as slow and expensive (profitable for them) as possible.,
.. the list of companies mentioned may feature "some"** with a reputation for overcharging & under-delivering (including paying special attention so that things taht shoudl be "obvious" to anyone are deemed not to be unless explicitly mentioned in the spec / contract somewhere, thus ensuring that unless customer produces a spec of mind boggling detail they will find enough "unspecified" but vital things to overcharge on that it is yachts all round for the C suite)
* Obviously I would not personally be suggesting those companies are anything other than squeaky clean, but others might.
** where, depending on your opinion "some" may range from 0 to 100% of the companies
De-duplicating the desktops: Let's come together, right now
Friday 14th November 2025 10:58 GMT
Re: Keep dreaming
@Carnotaurus
Consistency?
MS products and MS OSes UIs keep changing (& often quite significantly).
e.g. on Win11 I now have to do an extra click via right click menu (compared to W10) to get at a lot of functionality that was previously avaialble on the "main" right click menu (as stated on a previous comment, work machine, no admin access so I cannot do reg hacks to workaround it)
Not to mention continual alterations to start menu..
MS products - the ribbon is the most famous mega change that totally broke what people were used to.
I have to use Outlook & Teams a lot, they keep getting irritating UI changes.
Friday 14th November 2025 10:12 GMT
Re: Always looking the wrong way at the wrong thing.
@Carnotaurus (nice dino ref)
I have a win11 machine from my employer, updates controlled by them (& no admin access for my login) - I have zero control over updates so cannot "let them stack" - I thus have to do a lot of reboots as I cannot do them at my convenience but when an update is pushed to "my"* machine (bear in mind it's not just Win11 updates, its updates for various MS products we are mandated to use - & I imagine lots of people with Win11 for work reasons are also using other MS products (else what is the point of them running windows?))
* as I said, no admin rights so not really "my" machine as minimal control over it! Mine only that it is assigned to me, not a shared machine.
AI slop hits new high as fake country artist goes to #1 on Billboard digital songs chart
Thursday 13th November 2025 23:14 GMT
@JLV
.. well, JLV, it's a tad difficult for a new band to compete with e.g. Led Zep as each was superb in their role: Though I thought your list was odd, as covered quite a lot of genres (Yes would definitely be prog in their classic days (readers opinions will vary from not giving a toss, to reckoning 90125 was a good album to thinking that 90125 was when Yes ceased to be worth listening to) )
.. And there are many "tribute" / cover bands that perform "classic" rock tracks so new "rock" bands have to compete with that not a recommendation just noting they exist . Quite likely many a rock fan person with limited budget & free time would go the "no risk" route of a covers band rather than some "unknown" new band they may dislike... In an ideal world, people would research "new" bands playing near them (be it on bandcamp* or wherever) & decide if worth a gamble on seeing them live, but most people CBA so a playing safe option is likely.
As with everything in music a lot of luck also needed, over the years, seen friends (& later kids of friends / relatives) form bands that were good but never had any commercial success (though ait can be argued that a lot of big successful names in music are not very good, so quite likely a failed / unknown band will be musically better than a "success" but will never be a "success")
* bandcamp definitely worth a go for investigating bands who you see are gigging near you (e.g. I often check out bands playing at Rock City (& other Nottm venues) on bandcamp if I am unfamiliar with their music to see if worth a ticket)
Thursday 13th November 2025 13:23 GMT
Re: More to come
@Korev
I think the problem in that phrase is "smart speakers"
I have a cheaper solution - an amp connected to standard passive speakers (old speakers were not in use as partner wanted smaller speakers for our music set up, so got some bookshelf style speakers & the old (better! but she didn't like them being waist high!) speakers went to my work room, hence being "spares" to put to use for playing music from PC ).
Connect PC to that amp (I use headphone to 2 x phono connection, though it works via Bluetooth too* albeit sound not as good)
* amp supports Bluetooth, occasionally play music from my phone via Bluetooth (which obviously sounds worse than a line connection from PC but still listenable)
UK asks cyberspies to probe whether Chinese buses can be switched off remotely
Thursday 13th November 2025 08:34 GMT
Re: Pelican is wilfully missing the point...
.. and would you necessarily trust the other countries?
A neighbour of mine has a Tesla, he gets quite a few OTA updates. I'm sure there are some people that would not necessarily trust updates from a company Musk is in control of!
But pointing fingers at China, Russia, whoever is always a good distraction tool - I'm more worried about what my government will do to screw things up* rather than imaginary attacks from other countries.
e.g. I have not noticed China, Russia, North Korea etc trying to interfere with UK energy policy,
* They do plenty of damage just by being totally incompetent
EU's reforms of GDPR, AI slated by privacy activists for 'playing into Big Tech’s hands'
Thursday 13th November 2025 08:18 GMT
@AC
"What is it with people doffing their hat to the clothes-less emperor?"
.. bribes of some sort probably - often not as unsubtle as brown envelopes full of cash these days*, but future lucrative excessively well remunerated directorships, lecture tours, consultancies etc
* Though UK king likes plastic bags full of cash (for his charities - cough!) rather than envelopes ... Qatar
Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’
Wednesday 12th November 2025 08:50 GMT
Re: while addressing greedy stooges
Exactly. those at the "top" in businesses flit around from job to job for the next big payday & golden hello, short termism led bonus / salary rise cultures usually operate - spending money & resources on improving security is at odds with C suite financial interests (let's face it, that is usually their top priority not the business they are currently working at).
Obviously a few C suite people will care about the business, but they will be in the minority as you do not tend to get those C suite roles if you are a decent human being (you will have long since been backstabbed by the sociopaths)
Louvre's pathetic passwords belong in a museum, just not that one
Monday 10th November 2025 09:11 GMT
lazy stereotypes
Have to admit to imagining response of high ups when been told about security flaws was along the lines of a Gallic shrug & a long drag on a Gauloises.
.. Though the continual ignoring security issues until they come back to bite you seems to apply to those in charge of many businesses / institutions, irrespective of what country they are in (just apply different stereotypes to DILLIGAF the response of the folk in charge)
Back to being serious. A lot down to a flawed mindset of regarding IT security as a painful cost to be avoided if possible, rather than being aware that, these days, IT is core for the functioning of most businesses / institutions & should be treated as such (I'm sure views might have changed at JLR, M&S etc. recently))
Metropolitan Police hails facial recognition tech after record year for arrests
Deploying to Amazon's cloud is a pain in the AWS younger devs won't tolerate
Friday 7th November 2025 14:46 GMT
Re: Gone
@elsergiovolador
Ironically, last night I updated a sports club website results & league tables pages by updating the files using FTP.
It does the jobs for small organisations with basic (information only) web sites quite happily, where there is no sensitive data* involved (everything on the site is publicly accessible).
*There are a few names / contact emails, but those people have consented to them in terms of visibility / approachability.. and all the contact emails are to email addresses I control, and run code to weed out spam & other junk, before forwarding any valid mail to relevant peoples "proper" email addresses
Uncle Sam wants to scan your iris and collect your DNA, citizen or not
Friday 7th November 2025 09:28 GMT
Re: Avoid them
@FuzzyTheBear
People are fine to choose not to visit the US & that choice is fine.
But to say "They have nothing worth visiting" is inaccurate - plenty of great scenery & wildlife (main focus of my holidays anywhere but also many great museums, galleries, historic sites, interesting buildings etc. , etc.)
Biting the hand that feeds IT
