Posts by John H Woods 3577 publicly visible posts • joined 14 Nov 2007
The Chinese are doing so well - and we is the West doing so badly - that maybe it's time to ask whether Thatcher/Reagan trickledown neoliberalism is actually all that great. Oops, sorry, did I say that out loud ...
is quite an amazing tool. Best uses I've seen so far are as a quick wget (just type a url instead of a file to be loaded) or as a weird assembly code editor for hacking cmd.exe to nop out the privilege check so that you (actually the pen tester I was watching) could launch a console even though he wasn't allowed to.
That sounds mad - unless one's computational demand is ridiculously lumpy, a 5 digit dollar monthly cloud bill is hard to justify. There comes a point that buying some kit, maybe leasing some DC space, and hiring some staff is a no brainer.
Cloud is useful for SMEs with the emphasis on S. By the time you get to M, you need to start cutting costs. Why on earth anyone thinks that is moving their stuff to the cloud, rather than moving stuff out of it, is a mystery to me. You end up with ridiculous situations like NASA outsourcing data storage when they have the experts, the facilities, the funds and the physical space to do it themselves and then getting (deservedly) rinsed.
"However the first time a (legitimate) customer sends a link to an urgent order they want to place that is not on a whitelist (their Sharepoint or Google drive for example) and you as the one person who can send it through happens to be off for the day"
Is it? An order is going to be late. Or someone needs a phone call? Or maybe the company shouldn't have had a single point of failure with an important client. I think we may be in 'hard cases make bad law territory here,' anyway - I'd certainly a bit suspicious of a customer that could only place an order by sending me a link at the last minute, because if that doesn't stink of Phish, what does? If the person who sent it can't be reached on the phone for confirmation, is the order even that important?
I agree that security and usability don't always share the same end of the see-saw, but I don't see them as fundamentally diametrically opposite if the appropriate resources are deployed. If I really want to open a link of unknown provenance, I just paste it into a browser in VM I use for that sort of stuff. A typical end user might not be so comfortable doing that but surely it's not impossible for a mail system to replace an external links with ones that connect the user to, for instance, a disposable VM in the DMZ, with a browser pointing to that link? Or maybe just not have all the mail and web clients on exactly the same network as all the company's crown jewels?
Users: stop clicking links
Admins: give your users plaintext email.
Or filter out all links that don't point at local intranet, eg. your sharepoint etc or other whitelisted stuff.
Or just have sacrificial mailhosts in the DMZ.
Come on, who's actually working on this shit? And why aren't they actually working on it? Our shared family photo archive is more secure than this bollocks.
This is not going to change until the heads at the top start to roll. That is literally all that needs to happen. If you are in charge of one of these colander like organisations the holes are your fault. Even if you don't know how to fix them yourself, you know how to get others to fix them. It's your responsibility. Step TF up.
they could be anything between cynicism and moral epiphany and I'm not sure even his friends know.
What I do know is that absolutely nothing he said was surprising despite the "Domshell" headlines. The only thing that was remotely surprising is that it was getting said out loud and on the record. I think pretty much anybody with more than half a brain strongly suspected, if not knew, that it was going down exactly like this.
I hear a lot of comment that he's out for revenge or even that what he is saying is 'unsubstantiated' but I'm hearing precious few people claiming it's actually false. Meanwhile the government are banging on about the success of the vaccine roll out which is a remarkable success for the UK but not really that much to do with HMG: the most credit they can take, AFAICS is the gamble with stretching the intradose interval which, luckily for them, paid off.
Meanwhile Matt Hancock says he didn't watch the testimony because he was "too busy saving lives" - I mean does he really believe this? Does he really believe anybody else does? I suspect he'd have saved more lives if he'd gone off sick and left it to the detested bureaucrats and experts to handle.
economy vs health is not even a graded choice, it's a completely false dichotomy. The economy is not some mystical deity but an emergent behaviour of society. That is why societies that did most to protected their citizens automatically protected their economies without even trying whereas those who thought that the economy was the most important thing managed to trash their economies and kill people.
Context is key.
Certainly boffin can be used in the pejorative sense, and certainly it is in some tabloid media. Here on El Reg such usage is markedly less frequent than, for instance, praise for systemd which is rare enough (although I have actually seen the latter de temps en temps).
Therefore, in these hallowed pages, it is a term of endearment, if not outright admiration.
See also the C-Word in some parts of the UK and the Antipodes.
I have some sympathy with this point of view. But having a car that does have quite a few assistance features, I think there's swings and roundabouts. Initially I was sceptical of even the adaptive cruise control, let alone the lane assist, but I have found in some ways these actually heighten your awareness. Not only are you less fatigued by driving, which is surely a safety enhancement in itself, they are much more alert to your errors than most passengers: the ACC will ensure you never creep too close to the vehicle in front (or fail to fall back enough when someone pulls in in front) and the LA stops you from lane drifts and alerts you when you wobble.
My car will also object loudly (and then brake) if there is no steering input and can somehow tell if you are looking out of the side window or at the radio. There must be some analysis that tells it when I need a coffee and it tells me - it's not a simple timer. And as I have already mentioned in another comment, the front collision avoidance system has already stopped some other motorist injuring me.
So I think the key thing is the differentiation between "assistance" and "automation" - the problem with Tesla's autopilot is the name: only pilots and other enthusiasts know how un-auto an autopilot really is.
... and it won't be.
The people in charge need to carry the can for the cock-ups. They aren't shy about (over-)rewarding themselves when things are going (even moderately) well and the customary justification is the enormous burden they have to shoulder. But when the excrement hits the air movement device their shoulders become both even more slopey and virtually frictionless.
So, if the email and/or the link was obviously external I have less sympathy for the recipients. Well, I have sympathy on a personal level, obviously, but I don't think they have been treated unfairly. That is even more the case if the email was flagged by the mail system as a possible phish and they still persisted ... then even my personal sympathy starts to wane.
However, if the link is on the intranet that is, IMHO, a completely different story. You don't know the thought process the user goes through. "Hah, hah, this can't be true! *hovers link* Wow, what do you know? Maybe my company is following the example of Aldi, etc! *clicks*"
In the latter case, I think the recipient is completely justified in considering themself to have been mistreated by management. I think management would have to prove they had never, ever sent an email with a link to even have a chance of getting away with this, and I'll eat my riding hat if they can do that.
Also, any sensible management would have paid a small bonus anyway. "You're all getting an extra 20 quid, but you should have realised you wouldn't have to register for it - we know who's on the payroll ;-) Be careful not to click links! Love, management xx" - PR success instead of disaster and a phishing test that might actually get remembered.
Well the expense is in buying data diodes rather than having people who know which pins to snip, and the management issue is then "do we really need this box?" rather than "do we really need Bob?"
Said it before and will say it again: the chief bean counters in IT outfits should be actuaries rather than accountants, because at least the former know how (or at least that some attempt should be made) to price risk, whereas the latter tend just to see excess costs that can be trimmed to increase profit.
Pedantry note: Dinosaurs weren't a dead end. A lot of them were around for 10s or even 100My, and the birds are still here. And when people ask me if I'm sceptical of AI because I work in IT I reply, no, it's because I was once a biologist. Show me an AI that matches a Corvid (crow) brain and I'll be impressed.
Now run it on a Raspberry Pi 4 and you've got the Brainpower per Watt about right, you just need to shave about 90% off the weight and the volume to be competing with biology.
I agree with you about automation of normal operation but would add a caveat about assistance systems focussed purely on safety in exception circumstances.
My front collision avoidance system hard-braked my car as I pulled out of my office on a green light onto a 40mph dual carriageway and a vehicle coming at high speed from the right shot the lights as I entered the junction. There is no way my reaction times would have prevented a pretty unpleasant collision at that point - I may only have been travelling at about 10-15mph but a fraction of a second later and 1-2 metres further forward I'd have suffered a serious side impact at speeds which may have resulted in life-changing injury.
In my car (SEAT Ateca) there's a bit of steering resistance to crossing a lane line if you aren't indicating. I find it pretty well balanced - not nearly enough to interfere with (or even distract from) any deliberate manoeuvre , but not so subtle that you don't feel it. It's certainly not going to drive me over anything I'm trying to steer around.
According to my youngest son, this is a disguised medieval insult which means you mum is a whore (small mammals being highly sexually active) and your dad is a drunk (peasant wine in those days being made mainly of elderberries rather than grapes). He does have a degree in medieval history but he may equally be yanking my chain.
I can only imagine the scorn I would have deservedly incurred if I had replied to your comment with such a lazy quip. If you're going for an amusing dismissal, at least aim for some measure of originality.
Just tell me which left wing governments or policies in the West, in your considered opinion, enabled or encouraged the rise and rise of China as a world power over the last half century ... ?
PS: I agree we had to treat China with kid gloves during the Cold War but let's remember there's been no USSR for 30 years.
What is this "Anti western attitude of our universities and of Hollywood" of which you speak?
IIRC it was Reagonomics onwards that wanted to "soft-petal" [sic] China so that the rich could get richer by outsourcing virtually all our manufacturing out there where labour and environmental standards (aka costs) were lower.
Normal left wingers aren't that keen on China or any other authoritarian, anti-humanitarian (even genocidal), exploitative, extractive societies - even before they start being a sink for all the non-minimum wage jobs in our own democratic countries.
Now I know a lot of you think left wingers are the cause of all the world's problems but allow me to point out that from the time of Mrs T and President R, it has actually been the neolibs in charge of most of the western world almost constantly. That's about 4 decades of power. How much longer are they going to try to convince people that the "left" ... whose power amounts to little more than shouting "you're doing it wrong" at the neolibs ... are actually the problem?
Maybe it's the fact that trickle-down, deregulation, privatisation of infrastructure and the other darling policies of the neolibs don't actually work all that well, rather than that a ragtag bunch of vocal liberal artists and assorted intellectuals are somehow magically stopping governments getting things done, despite the former having been flaling in the vacuum of political impotence for over 40 years whilst the latter have steered their chosen course almost unhindered by opposition.
Thought I would use the same WiFi SSID and pwd, only to be told that many of the characters I use, backslash, curly brackets, quotes, etc (IIRC) are "not permitted." I've solved the issue by reusing my BT HomeHub router but I should imagine plenty of us here immediately think "hold on, how the hell are you storing this password?" when told that certain characters cannot be used.
This is what they keep asking. But my answer, that it would look like an exact decimal representation of pi, written in an entirely black shade of white, enclosed in an entirely circular square does not seem to be going down very well.
"We're calling for a reset between the binary tradeoffs" - FFS - how do they keep getting away with such nonsense?
My instincts, on the other hand, tell me that it probably was the Russians.
I'm well aware of the many and varied faults of the USA, the UK, the EU, India* etc, but I don't think it's a huge stretch that Russia might actually be the bad guys here. I mean: when someone tells you who they are, believe them.
Russia seems to be telling all of us that it is a rogue state in thrall to a gangster oligarchy. This isn't about Russophobia, or politics (what even are Putin's politics?), it's just about his past and current behaviour, and that of Russia whilst under his leadership.
* I haven't included China because they are also the bad guys, just with a very different m.o.
What, like cops trespassing on your land trying to stop criminals attacking your house?
They basically sought and obtained permission to run through the streets slamming shut doors where the locks had been and then left ajar. I'm not a great fan of routine intrusion by the services but this was an emergency, I'm not sure what else they are supposed to have done.
Dr S: That explains our difference of perspective - where I live the issues in our PC and the surrounding PCs would tend to be more of the kind that someone lives in the next village down the road (aka "far flung foreign lands") although it doesn't take long for everyone to find out.
I do live in the sort of area where people walk to the PC meeting and (in happier times) to the pub afterwards, and I forget this is the exception rather than the rule.
Perhaps the first order of all PC business should be an affirmation that all councillors, and any members of the public who intend to speak, have a legitimate local interest.
It would also be nice if local democracy was responsible for anything at all apart from arguing over the siting of dog poo bins and planning permission for a skate park, but hey-ho, we love to vote for politicians who promise us decentralisation and deliver the opposite.
The democratic view is clearly that Dr Syntax (with whom I normally agree) is right on this issue and I am wrong ... But I'm still struggling to see why. Surely a Parish Council meeting can be heard by anyone, and anyone within the Parish may speak (at the appropriate time).
If remote attendance allows councillors who should be ex-councillors to masquerade as locals that seems to suggest there's a deeper problem. I don't see Zoom, etc, making that significantly worse. If anything, it's going to make it better as more people "attending" is surely going to increase the likelihood of someone knowing, and saying, "Hold on a minute, haven't you moved to Malta?"
Just to be clear, I'm not saying that local councillors shouldn't have to prove residency (they should) or that meetings can be entirely virtual (On the contrary, I'm sure that the ability to physically attend is required for democratic accountability). I'm just disagreeing with the view that remote attendance is a particular facilitator of non-resident councillors passing themselves off as resident: that's a problem that needs addressing anyway.
So would cars, surely. I don't see anyone checking that all attendees of our local PC meetings have walked there. Even if they had, how would you know they hadn't parked in a nearby street?
If in doubt, just challenge the attendee, in real time, to point their webcam out of one of their windows.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
