Posts by Emir Al Weeq 245 publicly visible posts • joined 28 Mar 2020
Many many moons ago I bought a USB hard disc from PC World. I backed up personal docs (nothing too private) that I planned to store off-site (parents' house).
It died after about a week so I returned it and was offered a replacement. I asked what would happen to the first unit with all my data on it and was assured that it would be destroyed.
I took the replacement unit home whereupon I noticed signs that the packaging had been opened before. I plugged it in and was presented with someone else's files.
I complained and raised by concerns about my data on the first disc. Never heard back, never used that shit show again. I didn't know Currys were part of the same group and may have used them since; bollox!
One of the problems with so-called keyless entry is that no matter how clever the encryption, if the signals between car and key can be relayed man-in-the-middle-style without the need to understand the signal itself (and they can), the car opens and starts. The "security" is provided by the key being too far away, which is crap.
Curiously I have just received a free sleepy-battery from JLR. If the battery doesn't move for 3 minutes, it stops working (until moved again) disabling the key and stopping it responding to keyless requests from the car. I've tested it by leaving it next to the car (ie within range) and it seems to do the trick. I still keep it in a tin though. I don't know how long the battery life is or how much a replacement costs.
Back in the mid 70's the ~10 year old me received an "electric kit" that included a build-it-yourself a 3-pole electric motor from scratch: even metal plates and paper to build a rotor and lacquered wire to wind your own coils.
As one "experiment" you replaced the magnet with an electromagnet (pre-wound, thank god) fed from the same power supply. Regardless of which way you connected the power, it ran the same way.
I always wondered if it would work from an AC supply but my parents were adverse to letting me connect to standard UK 240V mains!
Boots and Liquor, you are both right of course. I would follow the "moving on..." with a request to make sure that's minuted.
Also ensure that the design document's second draft's history includes "hardening/resilience removed at the request of A. Countant" and be sure that A. Countant is in the final design's sign-off list.
Keep all design drafts and the emails circulating them.
CYA.
Agree. I've said here before: I change my phone more often than my thermostat settings so no use case for me.
I last changed the 12 year old* thermostat's schedule in 2020 when lockdown made home-working a necessity.
*Probably older: was here when we bought the house, fitted by previous owners.
Those who haven't previously lost data like this and don't read the likes of El Reg and arstechnica aren't necessarily morons, they're just ill-informed.
My children's school uses Google Classroom. I would like to have seen them have a similar problem: today's lesson is on the very real risks of storing all your data in someone else's computer.
I got the impression from the article that the "sign disappearing time" was fairly short, as in: if a sign was seen and visibly of it was subsequently lost, then it was assumed that the sign was still there. This would make sense when, for example, queueing at a junction with an observed stop sign which then gets obscured by a van coming alongside.
I agree after, say, 10 mins this assumption gets iffy given that the sign may be temporary.
This is what made the TSR more susceptible to "appearing attacks": the stickers only had to fool the TSR briefly and it thought it had gotten a glimpse of a sign.
According to the BBC, the Minister of State for Security, Dan Jarvis, said: "What I can say is that the suggestion that privacy and security are at odds is not correct; we can and must have both."
So clearly, the laws of mathematics do need to be repealed.
https://www.bbc.com/news/articles/c1kjmddx2nzo
Was using Stansted airport's parking website recently: the info that I required was not available there so I tried the helpline. I tried several paths through the IVR and all ended in a message telling me to use the website and then terminating the call.
I hope he's confident of identifying his drive. I don't think I could tell my sorry square of metal pulled from landfill from someone else's. I got the impression it wasn't in a laptop or something he might recognise.
I can see him having to pay for expensive forensics on every drive he finds, and if one is unreadable, he'll never know to stop if it's the one.
>keep rolling out upgrades to those with a decent service
Sadly that's so true. Whilst I am happy to see research into how to improve at the top end of things, a bit of attention to the bottom end wouldn't go amis. An uplift to Gb/s sounds great, but for me an uplift from Kb/s to Mb/s on my uplink would be nice.
Just last night:
"Hi girls, is that the presentation homework with pictures in?", "Yes?"
Checks SWMBO's laptop and sees a grid of pixellated faces with one familiar black rectangle showing the message "Insufficient bandwidth".
"Don't upload it now, Mum's on a conference call".
Many, many years ago I attended a UK training course run by Ericsson. I complained that spellings had switched from English* to American-English. The reply was along the lines of:
This product is now available in the US. We translate the documentation into many languages and don't want to have to deal with spelling variations too. We asked our UK and US offices how their respective countries would react to us using the other's spelling; the US said they'd get an almighty fuss whereas the UK said customers would grumble a bit, so US it is. Apparently the trainer had given the UK course many times and I was the first to say anything.
* We often called Ericsson English, "Swinglish" due to the translation curiosities.
I hate it, but if the article said: all parties' apps had slurped and spaffed constituents' data then left it on an unlocked laptop on a bus, your average Joe would say, "So what? I've got nothing to hide", etc, etc.
It didn't sound like thorough research to me; however, well done for trying, but don't expect the great unwashed to care.
I live a few miles from this site and I typically get 4Mb/s down and 100Kb/s up data rates. Every time I read about this new datacentre I imagine it with an Openreach van outside and the tech saying "Sorry mate, it's all overhead twisted-pair round here, good luck competing with the Brookmans Park transmitter.
"The supplier did say this wasn't an attack involving ransomware"
"We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination".
I wonder how they can be so sure of this? It sounds to me like they've been talking to the perpetrators and reached a deal, ie. they've paid the ransom and trust the perps to delete (for what that's worth). There may not have been ramsomware involved but that doesn't mean they haven't paid the scumbags.
>to sell that, along with any other data I can glean,
I'm shocked that you would do that with others' personal data. Shocked I say.
No, you strip the most sensitive bits out before selling it. Then, once you've established your customer base, you can add it back as part of your more expensive "premium" package. That's how to really treat personal data.
It sounds like you need my wife’s 1959 Austin-Healey “Frogeye” Sprite:
The indicators are a non self-cancelling dashboard mounted switch. No modern, nanny-state, snowflake, safety gimmicks like ABS, side impact bars, airbags, side or rear windows, roof, roll-bars or seatbelts; all UK legal on a car that age. You don’t even have to have one of those fussy MoT inspectors crawl all over it each year*.
Driver aids like electric screen wash, power steering or synchromesh on 1st and 2nd are absent but, let’s face it, if you can’t heel-and-toe to provide the throttle blip during a double-declutch whilst braking and changing down, then you shouldn’t be driving.
It does have one modern feature: keyless entry. No key, locks or even exterior door handles; you just reach inside and open from there.
Seriously though, do we ferry our children around in it? Not a chance! But, if they want, we will teach them how to drive it when they’re old enough (and yes, the change-down whilst braking is as described).
As a daily-drive it would be hell, but as a bit of summer fun it gives you a smile to match its own.
*Despite being pre-1960, hers does need an MoT because it’s had some modifications.
Many years ago we were visiting the in-laws. My father-in-law (fil) was complaining that he’d miss the football that afternoon because it wasn’t being shown on any channel to which he subscribed. Another guest says that she’ll call her son (let’s call him Jimmy) who’s “good with computers” and can get the football for him.
A little while later, 13/14 year-old Jimmy arrives and is offered fil’s tablet, I watched what he was up to. There was lots of rapid action during which, if memory serves, he found a website, downloaded something, sideloaded it and then set up as required. Throughout this, multiple warnings flashed up, none of which I had time to read before he accepted them; nor, I suspect, did he. On the first warning I had asked, “What was that?” but was told that “you just say ‘yes’ to all that stuff”.
I allowed the process to continue because (a) I was fascinated to know just how careless Jimmy would be with someone else’s machine/privacy/security etc, (b) I knew the tablet, which had been a gift from my wife, was hardly ever used and certainly had not been used for things like online shopping or banking and (c) fil would not care about, or even notice, the factory-reset that I would (and indeed did) carry out after the football.
Everyone (except me) was impressed with Jimmy’s computer prowess, although I provided a little education after Jimmy and mother had left.
My point: I think that few people give a stuff what the warnings say so long as the immediate result is what they want.
Not a support call but I was once asked to write an extra feature for a piece of config-file driven software I'd written. It was a custom job for one team and, although they'd never asked for a particular feature, I thought it would be useful and took just a few minutes of my time to include.
Several months later the team leader was asked for the feature (they'd not read, or forgotten about, the instructions I'd provided).
I replied to the effect of: "see instructions, section 5, request met before you'd even thought of it, how's that for service?"
She complained to my manager that I hadn't acted quickly enough.
I can't find the link to the actual enquiry document that highlights this but there are several examples of the code available to read that confirm your "written by idiots" point. My favourite was actually a function to return the negative of its argument; ie when given d, to return -d. As if the use of a function isn't pointless enough, the algorithm used was something like:
if d<0 then return abs(d)
else return d-2*d
He's suing for damages because he threw something away that he then wanted?
Is there an El Reg reader out there who hasn't done this?
If he wins we need to get together and launch a class-action case for all those RS-232 cables, USB dongles, etc, etc that must be worth squillions if we add it all up.
My children's school is too small to have budget for an IT department of even one, it relies on the Local Education Authority for this kind of stuff. A few years ago they provided a new system to allow parents to see their children's progress, pay for trips etc.
To log in you used your email as an ID, after which you were presented with a list schools that your children attended (my list was one school) and then you entered your password. Yes, you read that right and I trust that your gast is suitably flabbered: you were shown your children's school(s) BEFORE entering your password. This means that anyone could identify your children's schools by knowing nothing more that your email address. I checked this with a non-local friend who'd never used the system before, so it wasn't down to something like cookies.
I raised this with the school and the software manufacturer directly. Despite repeated chases with the manufacturer it took about a year to correct both web interface and app. Offcom's website did not make it clear how you report someone else for poor practice which is why I never got round to escalating it.
Whoever signed-off on this product clearly made no efforts to perform the most basic of security checks; identifying this data leak did not require clever pen-testing, it was obvious (to anyone with a bit of sense) after just one go at logging in. Well done to whoever tests software for Hertfordshire's schools.
Despite my push for Linux, SWMBO clung to Windows because it was all nice and familiar. Then we went to help one of her friends set up her new PC. It had the version of Windows where the screen was covered in big squares rather than using the traditional "Start" button (can't remember and don't care which it was*).
SWMBO took one look and we've been Linux with Libre Office ever since.
*But to date it: I think the Ubuntu LTS of the day was 12.04.
I have been to a number of meetings where the screen-sharing presenter, be they local or remote, has had an email or IM flash up a little speech balloon thing containing stuff that I should not have seen.
I think a lot of people just don't think about what they might inadvertently share until it's too late.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
