Posts by P. Lee

Re: Bollocks

>Is it me missing something or Gartner is talking out of their arse?

It's you missing something. Gartner are not in the predictions business, they are in the CEO-comforting business. They sell reports to comfort CEOs. If a CEO does badly, they can point to Gartner and say "it wasn't my fault - we are in line with expectations." if they do well, they can pat themselves on the back as having done an outstanding job in the face of adversity. Either way, Gartner gets a sale.

I think its time to stop obsessing about "growth" anyway. If I made $1bn profit last year and $1bn this year, that's negative growth - recession - after inflation, but I'd still be pretty happy.

If I have 100% growth, but its funded by someone else going into debt, that may not be great either. They might default. Even if I get my money, once they've defaulted they won't be buying lots of things. In global terms, its at best a zero-sum game when borrowing is up, but its probably a negative once you factor in the knock-on effects of lower tax, worse government-funded infrastructure etc. The only beneficiaries are those who can weather the downturn and pick up other people's assets when they go under. That will be those who aren't in debt. If you are piling up debt, that is negative productivity and your economy will reflect that. Blaming "the economy" for business performance is foolish. Expecting infinite growth is foolish and unnecessary. Corporate success and national success are rarely congruent.

The bottom line is, your economics will reflect your business at a national level. If your currency drops, there is either far too much speculative money sloshing around (HFT is a prime example of "dumb things in the pursuit of profit") or your economy is actually weak. If your economy is weak you will earn less. The politically impossible way is to cut income numerically. The politically correct way is to allow inflation to reduce the value of the currency. Either way, you will be poorer because that is reality. If your economy is weak, take the hit with grace and fix it.

If people curb their debt because things cost too much, that's a *good* thing. If we build and consume local goods, that's a *good* thing for the economy and the environment.

Re: So what

Here you go - one downvote.

1. IPSEC to all hosts on my home network.

Firewalls are for restricting network access. NAT is a routing bodge. Do not confuse the two.

2. Ending CG NAT, esp for phones.

Consumer routers do need new capabilities. How about a phone app which does OCR to identify sticker or screen-based IoT access rules sensibly, then pass them on to the firewall.

Oi, IETF - how about a standard for describing security rules, preferences and requirements? Things like - "here's my CSR, give me a cert please" so that humans don't have to understand exactly what's going on, but you can have decent security? Currently security admin is too hard.

>How many of the people reading this have a job that even existed 100 years ago?

Let's go back further, how common was involuntary unemployment two hundred years ago?

I don't know, but I'd hazard a guess at, "lower than today.'

The problem is not automation per se, its the disruption caused while adapting to the new environment. That isn't to say we should try to stop the tech, but we should, as a society, be prepared to help those less fortunate than ourselves. A sixty-year-old postman laid off because email has reduced the volume of letters probably won't become a software engineer. For all the unpleasantness of the printing industry unions in the 80's, those type-setter's families still had to live with the loss of income. I'll bet the tech was a bit of a surprise to them. Sure, the jobs (and the workers' attitudes) had to go, but the pain was not limited to the bolshy people on the picket lines.

Nobody needs 1G - now

The question is, will they need it later?

Or more accurately, will they need something above what you can reasonably get with real-world, old copper?

Sure you can get 8 mb/s with ADSL1 and 25mb/s with ADSL2, but I get 5mb/s. 10mb/s would be nice. I'll never get that with copper ADSL, but fibre would.

It would be nice to at least have a mandate which says, "no new copper."

Also, as mentioned, pricing by speed tiering is pretty dumb with fibre. I get it if it was fifteen years ago, and you are putting in more expensive ADSL2 vs ADSL1, but line length is the limiter. Fibre gets rid of that. Charge by data volumes with fibre and stop pretending faster is more expensive, at least up to 100mb/s.

Re: WTF?

>why are the manufacturers of consumer kit not putting a simple bit of code

Because IT security isn't something those who buy the gadgets are interested in, so why bother? None of this is likely to impact sales.

We need to impact sales. Labelling can help here. Think food labels. Stickers / government certification might actually be the best way forward. Require them on all retail IoT gadgets, detailing the security stance of the product. This goes for home-grade ADSL routers etc too. Better to allow configuration by telnet from the inside, than allow upnp or have default access from the outside. No retailer wants big red warning stickers on their boxes.

>a 400 core system, for half the price of a single Intel® Xeon® Processor E7-8893 v4

Which is great if you can parallelise(sp?) your workload into 400 parts.

I love the idea and I think there is a lot of money "wasted" on vmware (for functionality which should be part of the OS) and cpu cycles wasted on hypervisors.

I'm hoping someone will come up with a more dynamic process migration and resource allocation. I'd like to see more management and less emulation and I suspect it needs to be open source because per-socket/core licensing leads to over-consolidation and latency. Excellent hardware designs will always fail if the software costs blow them out of the water and proprietary software hasn't got a handle on ARM licensing.

Re: Stasi nation

Difficult though this may be for the clear-thinking majority to understand, this is nothing to do with Brexit.

We are not out of Europe. We have not yet requested to leave Europe. This is nothing to do with avoiding or rescinding EU law. This, in fact has nothing at all to do with Europe. Without a referendum, without Brexit, this would still be.

We also don't vote for a president or prime-minister, we vote for parties. If you don't like the party in power, vote for a different one. I think that would be a good thing.

>If we hard reset parliament with no one over 45 we might actually get a representative sample of what the people actually want

I was going to say I'm speechless, but I've come to expect such statements. Even so, the logic failures and the inability to accept that anyone else might have a valid point of view are still depressing. The utter self-centredness of dismissing anyone who disagrees with my point of view as a non-person is increasingly common. Tolerance for all - unless you disagree with me!

The median age of the UK is rising. In 2014 it passed the 40 years mark. How does anyone come to the conclusion that by barring anyone 45 and over from being in government, we'd get "a representative sample of what people want"? Using the referendum as an example, you might not like the result, but it is about as pure a representation of "what the people want" as you will ever get - far more representative than parliament (with its lobbyists) which mostly opposes leaving the EU. So what do you want? A representative government or a government elite which ignores the people?

None of this is to support the abhorrent legislation proposed. However, actions speak louder than words. What do you truly, effectively, believe in? To what do "the people" devote more of their time - selfies, facebook and x-factor, or political campaigning for a kinder government? Which do people really value more?

Re: Let's see:

>- Processor Speeds * # of Cores barely increasing over the last 5 years;

So true. My 3930k is still up there near the top of the non-Xeons and the only time I stress it is with transcoding. If I want a 50% performance increase the chip is going to cost over 1600 USD (I paid 225 for my current chip) and that gain is by adding more cores - there's only an 8% increase in single-core performance.

Apart from that, its easily capable of handling anything I throw at it.

I might have considered upgrading to a newer CPU if it was far more power efficient etc, but Intel's cunning revenue generation plan of changing the socket with each new CPU release prevents that.

What might tempt me to buy a new PC is a laptop with a "desktop-speed mode" perhaps requiring a docking/cooling station which comes with an PCIEx16 external graphics system.

Another item on the wishlist is a hardware hypervisor. I'd like to have two OS's in memory with no software emulation.

Re: All correct, but not the root cause

> And it's difficult to argue that the bulk of (say) Apple's or Uber's profits are generated anywhere other than California.

I disagree: Total Profits / Total Units Sold * Units sold in UK = UK Profit

If a company had no UK presence I'd agree, but for Apple or Google or Facebook to have offices and shops in the UK but then deny that they bear any responsibility for UK sales is fraudulent.

Part of the problem is different accounts are allowed for shareholders and for the taxman. That should stop.

Also, there is still an issue with "No profits because we re-invested everything." Capex is excluded from the "cost" calculations (which is why corporations prefer opex) which determine profit. There's a tax break for moving things to opex, of whatever the corporate tax rate is: 25-45% which is then amortised via depreciation, but you don't get that back for years. The only way this might work (in AWS's case) is if you "re-invest" by hiring more people (opex). If you build a DC, that's capex and has to be depreciated.

Now we see why "as-a-service" is so popular.

Small businesses can depreciate IT capex costs immediately, turning them into opex. Perhaps there is a case for allowing all IT to be classed as opex. That might help stop us skewing IT towards the incumbent, foreign-owned-and-profit-sucking businesses who are large enough to run the multinational "we are not resident anywhere" ploy. Allow the startups to compete, it really doesn't cost the taxman in the long run.

Re: Just don't buy a Samsung

Or do buy a Samsung.

They'll be really cheap and the chance of them actually exploding is still really small.

Re: So now if Mr Saville [deceased]

I think you'd find that the Puritans would be rather upset with the Moral Majority and vice-versa.

Personally I suspect that it is the decline in morality (self-restraint) precipitated mainly by commercial interests (who find it easy to sell stuff with sex) which leads to a great deal of the increase in problematic behaviour to start with.

Take teen pregnancy, for example, what do the graphs show? What cultural trends does the graph mirror? An increase in "modern American puritanism" or something else? What about abortion? "My body, my right" is one opinion, but what would we think of 190,000 women per year who decided to cut off another part of her body (an arm or a leg) and put it through a meat grinder? But what about a woman who has been raped? An excellent point - until we go back to the stats and see 190,000 rapes per year? Or are we just sacrificing children on the altar of convenience and earning potential?

I'm not saying we should pass a law banning abortion or that we should throw fifteen-year-old sexters into jail, merely that these are symptoms of the lack of internal controls. Some of it may be just from a lack of experience, but perhaps we should look at the philosophies being fed to our children and the commercial pressures driving them and decide if the cash adult owners of media corporations receive from feeding sexualised content to children is worth the toll it takes on them.

Re: One of these things..

*net* income.

Re: Almost bought a QL

Yes it was impressive, but it was advertised as 32 bit and when you found out the databus was only 8bit it seemed a bit dishonest. 16bit all through would seem to have been a better balance.

The cloud

rsync-as-a-kerneldriver

and you can't configure it.

Seriously, why do you want proprietary drivers instead of SATA? That is what the cloud is, right? Commodity hardware with proprietary storage drivers. Worse, there's no software layering, no standard storage driver API being used so that anyone can write to it, each "commodity" cloud vendor has its own API so every application has to be "disk drive" specific. Welcome back to the 70's!

Is this all because getting SMB through a firewall is going to hit a brick wall in form of CorpSecurity? Do you think all the problems magically go away because it runs over TLS/443? People complain that SSH is dodgy because anything could run over it. Hello! HTTPS?

It appears to me that there are several issues:

1. File systems have not kept up with metadata requirements. (think sharepoint)

2. Selling data sharing gateways is hard - its easier to be "shadow IT" than to make a big official corporate sale. I know companies where SFTP means HTTPS access to a file server with a really clunky interface.

3. Corporate security. CISO's generally try to do the right thing. The risks are generally very high, but perhaps the baseline is, "will this data be shared by email if we don't do it some better way." Get your data classified, get your identity management sorted. Everything else hangs on that.

4. Outsourcing. Everyone wants to run their IT like MacDonalds. Here's a heads up - people aren't interchangeable - at least not without a lot of cost in downtime, recruitment and training. They tried buying expensive systems a chimp could use. CAPEX went through the roof, so now they try to rent expensive systems so it doesn't look so bad on the balance sheets. Sadly that means business logic gets petrified in the IT system because in the past we had a chap we called Sheldon who used procmail to filter all the timesheets and batch feed them into the green-screen application using expect, but now we have a cloud-based solution with an API which changes every year and no dev environment in which to test scripts. That's all moot because we outsourced our IT support to India so we no longer have anyone around who has scripting skills - everything we do with IT has to be bought as an application from professional devs or done by hand - so we don't do that. Everyone enters their time in themselves using IE6 because that's all the portal supports. Eventually our IT is so petrified it bears no relation to what we do on the ground, so we have to duplicate masses of effort, and put rubbish values into systems which have no useful purpose because no-one really knows what anything does any more but we're scared stiff of breaking it.

Weirdly, companies accept very limited facilities from a third-party which they wouldn't accept from an in-house solution. People need to get over that.

I'm fairly gob-smacked that no-one has done more with sshfs... maybe for Windows too? Get your PKI in AD sorted and go for something simple. Simple is good.

Re: Turn off uPNP

>Configure the ports manually.

Say WHAT?!

Ok, I'm in security so I know that's the right answer, but you're dealing with a generation who want to monitor their baby/babysitter on their iphone when they are out to dinner.

Putting WPA2 and a password on the webcam was hard enough, do you expect them to configure a firewall too? It ain't gonna happen.

It will continue to be bad until someone manages to set up a decent VPN coordination system with opportunistic encryption, so that these things don't need upnp and the firewalls can configure themselves.

That sounds great... until you realise that then people will be able to know that their TV is snitching on them. That could be awkward. Then you have to decide if you'll support the protocol.

But back to the phone... if you want to be able to view the webcam footage, you'll need an app or you'll need to trigger a vpn. Apps are buggy and the two phone suppliers don't exactly appear to be falling over themselves to make vpn activation very intelligent.

Maybe some of that much-vaunted "machine learning" could be applied to some OCR so that your camera can read the security rules off a piece of paper and reprogram your firewall. It could be like... the 90's!

Re: chief prosecutor Alison Saunders boasted

>Reason: a society ruled by LAW (not by 'whim' or 'feel') is more stable, less prone to corruption.

True. However, we do want bad laws ignored... until they can be repealed.

There's a rather good Freakonomics talk on the rise of the "Administrative State" (US focused but applicable to most governments) where Congress has delegated nearly all of its power to the president who delegates it to a bureaucracy, such that the law-making body is largely out of the loop when it comes to "laws you have to follow." I think being largely irrelevant makes the law-makers irresponsible.

Grey areas, hazy regulations (including plea-bargaining) are the seedbed of corrupt law application and fruit of corrupt law-making.

Elliott

"I liked monopoly, so what?"

Re: 'RAID is dead'

>Software RAID is still RAID

True, but there are two issues RAID is used to solve:

1. RAID for expanding volume sizes beyond drive size is not dead. That applies to flash and rust.

2. RAID on spinning rust is dead as a performance improver for intensive workloads. We used to run lots of small disks to get the speed up. Flash has killed that dead and it was a large chunk of the enterprise market. Now we rust needs to be just fast enough to run backups. Some speed freaks might need to RAID flash drives, but most do not.

> The attack cost the TV station €5m ($5.6m) and left it with an increased reoccurring bill of €3m ($3.4m) for improved security controls.

Or maybe it should have already spent that money but didn't? I'm not sure the attack cost them that, it was the lack of defences. Was the attack really so bad that they needed on-site personnel to unplug the device? No remote switch-port management? No VLAN reconfiguration could have done it?

Is the recurring $3.4m up from $3.39m which is their normal IT security spend?

If an attack costs $5.6 to clean up, your security infrastructure wasn't right to start with. Assume you are going to get hacked. Assume you will need to rebuild everything. Segment your data, segment your access. Know what you have and what happens if you lose it. Now, what infrastructure do you need?

Re: Shorter process?

I don't think its about the money - the amount is trivial for both companies.

Its about one-upmanship and both companies wanting to look righteous: Apple wants to be seen as a true innovator, full of "value" (and probably magic) and Samsung wants to show Apple's innovation up as "obvious" and therefore over-priced and "poor value."

Re: Loathed

> Why senior management continues to deal with them is a mystery to all, apart from speculation about compromising photography.

and a deal on mainframe maintenance?

Re: Security costs money...

and IT needs tending.

Fat chance of consumers wanting to patch their lightbulbs either, even if the vendors provided patches.

Re: So...

>The pressure is a bit high, but underwater fires can certainly be arranged.

The pressure will be counteracted by all the hot air from the other proposals and the scorching heat will come from irate Londoners who's stuff no longer works.

Re: Preview

File systems with version control.. like VMS?

But I think there are two different types of version-control. There's "save it while I edit" draft versions (VMS) and then there's release versions where you do want to keep a snapshot and you might want to email somewhere, in which case, you probably do want to be able to easily see which version you mailed out. Since other OS's and applications may not support version control, you probably do want to support "save as" and you certainly want to purge the old edits rather than sending a file with all the drafts to a customer.

Maybe we need a "save Release version as" to go along with internal versioning?

Re: seems like a bad config

11k employees, 2k VMs = 1vm per 5.5 employees

I must be old. Back in my day, we 'ad 'undreds o' workers per server down t'mine - an' we were glad of it!

Upvote, to counteract the humourless.

Did anyone else think the "mays" seemed a bit extensive?

They need a new PR firm. Either don't comment on leaked medical data, say it definitely is incorrect or say you are obtaining the athletes permission for full disclosure, or say you'll comment later when the leak-data has been reviewed. "It may be have been manipulated" looks like weasel-words.

Re: Sad vindictive political discourse which appeals to the worst in people

>it shouldn't mean the nasty party has a licence to hop into their time machine and travel back 200 years when it comes to everything.

Did I miss something in the reporting of May's speech?

Re: This should be good

When you do go into a corporation to talk about security, its the opposite of what the cloud wants.

We talk about data and application segmentation. At a personal level, does skype need access to all the email addresses in your addressbook, or just the skype handles and display names? Does your browser process need access to your home directory, or just your downloads directory? What does VLC need write access to? Should it have access to all internet URLs or just the local network? Do we need two instances, one which has access to the internet, but not local resources; and one which has access to local resources, but not the internet? I'm inclined to think that this sort of pre-emptive security would be far better than the current AV "scan all access" approach. AppArmour is a start but we need GUI support and an easier way for users to change settings. Something more like a "PortableApps" + BSD jails + other stuff.

How about having multiple identities? App X wants my details? No problem, here are the details in a standard format, which I can just pick for this App/website, all taken from one of many such id caches I use.

Until we can lock applications down easily, we'll keep worrying that a Flash zero-day can use a screen-saver reconfiguration module to elevate privileges. That shouldn't be an issue and it stops vendors focusing on the really serious problems, like ensuring critical system calls are securely coded.