Posts by P. Lee

Re: Technical Architects?

I want people who look at complex systems and can break them down quickly: Solution Architects

The ones who understand different types of application interactions and who understand the difference between IOPS, latency and throughput: Technical Architects

Ops: Admins

Dev: Project Team

DevOps: An BA+IT team which isn't dysfunctional or functionally unbalanced. Sometimes the misguided idea that one person is likely to be good at a variety of things which require very different mindsets. To quote Cabin Pressure's Swiss airline CEO, "I'm a fly by the seat of my pants guy, but my pilots... I like my pilots to do things by the book - and you memorised it!"

re: The only cat fur lining that's apt to get up, mew a bit and then walk off....

apt-get cat isn't mews, er, news (which you can also apt-get)

And news shouldn't be consigned to alt.bin.history.

I'd add to the joke, but I think that's fur enough.

There's a reason we don't eat in group nudity and the same reason applies to men wearing lycra.

You can wear the lycra, just add something over the top.

Re: Detail?

Are we talking transexuals? The noise I've heard recently (including a TED talk by Ivan Coyote, BBC.co.uk etc) is from those identifying as "transgender" which (according to the Intersex Society of North America), 'are usually people who are born with typical male or female anatomies but feel as though they’ve been born into the “wrong body.”'

That's a whole different, er, ball game.

The "prove it" angle I suspect comes from the issue of transgender rather than transexuals. I'd be questioning the State's fulfilment of its duty of care in schools if a group of the (male) class clowns at my daughters' school decided to put on a bit of eye-liner, declare themselves transgender and had legal rights to use the girls' locker rooms, no questions legally allowed to be asked. Then you've got the issue of parent help. What happens if some forty-year-old male parent declares themselves to be transgender and wants to help supervise the fourteen-year-old girls getting changed for swimming lessons? The birth-certificate thing is never meant to be used, its meant to be a threat to prevent abuse of the system.

I'm sorry if that you feel you've been born that way. If you are one of the tiny fraction of people who consider themselves transgender, I'm really sorry but you should really be able to see how this is open to abuse and why it shouldn't be allowed. I don't know if its a "modern" thing, a "youth" thing, an American thing or a transgender thing, but some people find it hard to grasp that it isn't always about you.

There's more that needs to be noted with regard to the legislation in the US. Just because it is supported by some very unpleasant and bigoted people, that doesn't necessarily make it a bad piece of legislation. Just because it is opposed by some very successful and/or popular people doesn't make it good legislation. Bruce Springsteen's concert cancellation, Paypal's "reconsideration of its business plans" and all the others are amazingly hypocritical. They are exercising the the very right, (to not conduct business based on an ethical stance) that the legislation they oppose seeks to safeguard.

No-one cares who you want to sleep with or if your brain doesn't align with your body. No-one is denying you access to toilets, no-one is forcing you to use second-rate toilets, but if you deliberately walk into toilets designated for people with different primary genitalia, we are no longer talking about what you are, but about what you do. That is not a civil rights issue.

Slightly OT: The TED talk was interesting. The story was told of a little four-year old tomboy who wet her pants in prep and "learned the lesson that there was no safe place for her to pee." It was told with great humour, sadness and empathy. It is also completely irrelevant to the discussions in the adult world. Playing with tonka trucks and wearing camouflage doesn't make you transgender. Being a tomboy doesn't make you transgender. Going into the wrong toilets isn't uncommon for really young children. Kids laughing at that and generally being mean to each other is normal, even if it isn't nice. But you know what? Kids don't hold grudges and have "issues" like adults. They will often be mean to each other and then ten minutes later play together quite happily. Stop projecting adult issues onto children. The whole talk was a superbly executed piece of propaganda but it basically amounted to "Look! Kittens! If you disagree with me, you're responsible for killing these cute kittens." That is not a good basis for legislation.

Re: Theological Canons

>TL;DR - the number 6 is the number of man. Three is the number of truth. So 666 is truely man (ie evil).

And there's the problem with going for the short version. In the original language six hundred and sixty-six isn't the number six repeated three times - that's a decimal/base 10 counting thing.

Re: I don't see how this would be a problem for Apple

The problem is the passcodes. Proper security requires high-entropy but no-one is going to do that every time they want to unlock their phone. Hence the ability to brute-force it is wanted.

The other option is to have a high-entropy passcode just for software upgrades which don't destroy the on-chip data, but a rarely used password is going to be forgotten or shortened.

Realistically, if a terrorist is going out to die, he's now going to destroy his phone first, regardless of what any phone manufacturer does.

But this was never about terrorism, was it? This is about the State asserting its right to Total Information Awareness. That's mostly to protect against another Snowden, in my opinion. We can't have the serfs knowing what's really going on.

Re: DevOps === The latest Fad

A quick look at "the agile admin" website indicates "devops" means getting all the stakeholders to talk the devs during the development process.

Communication, eh, who'dathought that's a good idea?

Re: the 70's are calling, they want their TIMESHARE systems back

The Cloud: Over-provisioned capacity, primitive load-balancers, excellent automation and very limited configurations.

You can do it yourself, but most companies lack the discipline as well as having holes in expertise. Plus companies nearly always have in-house expertise which picks up the slack when the cloud fails to be the right architecture. Cloud is great when you have an IT department which can do the difficult things cloud can't.

The question is, will commoditising the low end, reduce the skill pool available at the high-end. When the large companies are all running O365 & GMail, who is going to try to write a new mail & calendar system? Will cheap, universally availability and integration lead to complete stagnation? How far do you think you'll get hosting an email and office suite package on Google's cloud or Azure?

Re: Pr0n!

>Advertisers love all sorts of filth, but they don't like porn.

They love porn, they just don't want people to call it what it is because that limits their market reach.

e.g. Fifth Harmony... doing a show at Disney or on earliteen/pre-teen shows.

Re: Two factor authentication is a start.

>Except if your computer resides on the same device as your phone

Or indeed, if you run "unified comms" like imessage, it is unexpectedly no longer two-factor. Malware can make the banking request and receive/process the SMS auth codes without compromising the phone.

Of course, it should be possible to tell imessage not to sync messages from your bank or with messages with some specific text in it, but that puts the onus back on users who rarely realise that there is even an issue.

I suspect a large amount of effort should be directed at OS design, preventing successful attacks even if the users do something stupid, like running flash or some other randomly downloaded executable. I'm thinking of things like, jailed execution of web interfaces, manifests for executables which may include an "origin https url" which can have certificate and md256sum checks built in. Flags for executables which have the same name as other well-known executables from different domains. Flags for "you're installing program X, but it is trying to mess with something in the directory tree of program Y - are you sure you want to do that?" Clear library separation, so OS utilities can't be infected by application-installed libraries.

I don't think all of these things are exceptionally difficult, neither do they prevent ultimate stupidity, but at the moment OS providers of all stripes (and yes, that includes my favourite FOSS OS as well as the OS' people actually pay money for) are not doing enough.

Better than Glue!

Get those people who write your OS to run the USB drivers in a separate protection ring.

USB is not normally a speed-critical system in most cases (unlike the NIC or SAS/SATA interfaces) and we know dodgy stuff get's plugged in. So why isn't the OS written properly?

I can understand free stuff you haven't paid for, or stuff which runs on multiple architectures doing it wrong, but if you pay for your OS and it is single architecture only, you should be demanding more.

The security software people know it is required. The OS people know it is required - they just can't be bothered and dumb is cheap for the vendor.

>Proper analysis of the phone could determine that.

>Honestly, I don't know what the objection is.

The answer is in the first poster's comment. The police are unlikely to be able to determine the exact time of the accident, and therefore the likelihood of the data helping is low. Well, I say "help." Given that using a phone while driving is illegal in many places, it might help secure a conviction, but may have little to do with whether the phone use had any impact on the events leading to the accident.

Any distraction is a problem while driving. Having an important conversation on a hands-free or with a passenger is a problem, more so than feeling for the volume button on the radio or phone. Strictly policed speed limits I also find dangerous as it is easy to engender road-rage for travelling below the speed limit and blocking those behind who may have cruise control, but also constantly looking at your dashboard to ensure you aren't 3km/h (yes, that is half walking speed) over the limit on a motorway.

Re: Taken for a linguistic ride

>The CPUC serves the public interest by protecting consumers and ensuring the provision of safe, reliable utility service and infrastructure at reasonable rates, with a commitment to environmental enhancement and a healthy California economy.

And they are checking the fares paid by all 12m passengers to make sure they haven't been overcharged? How nice of them.

I know "who benefits" leads to all sorts of conspiracy theories, but I get really nervous when governments start slurping vast amounts of very precise data on people.

Stop collecting this kind of data. That goes for the government and Uber. The way things are going, riding a bicycle while not carrying a mobile phone is going to get you arrested as a suspected terrorist and economic subversive.

Re: Trust? Adobe?!

How about the OS?

Surely what we should be aiming for is an OS which can contain malicious software. What we really want is an OS which can be told to lock the about-to-be-executed process in solitary confinement.

Internet browsers do not need access to all the files under a user's account. Even if the flash executable is full of holes, browser should have asked the OS to jail that tab (all new tabs by default) so that it can't output to anything but the screen. The browser itself should be launched in a jail. How often do you need to pass data from your filesystem (outside your own browser cache) to a browser. I'd suffer per tab caches if that meant extra security. If you do need to pass a file to a browser, the browser should ask the OS for access and the OS should ask the user. The browser process should not have general access to the file system. Why can't the OS have a high-security prison where even saving files to disk goes through a secure request mechanism: "I'd like to save some data to disk, here's what mime-type it is, here's what I think the name should be, and here's the data, please ask the user where it should go and put it there."

The days of "it runs as user X, it has all privileges of user X" should be well and truly over. Drive-by download compromises should be a thing of the past.

I seem to think elreg mentioned that MS had done quite a bit of work on this for W8, but only for store apps... and then they undid it for W10. Doh!

Even swiss-cheese software should not be a problem. That is the point of an OS.

Re: Pretty dreadful not to support 4K TV

>Fibre was never going to go to people that did not already have decent internet. The money would simply run out.

Wasn't the point that the expensive bit is not the cable, but the cable replacement, which to a large extent was going to have to happen anyway.

The point about fibre is that it scales really well bandwidth-wise with new tech and it has excellent range. Copper is cheaper when its already there, but fibre means symmetrical high speeds.

That symmetry is important. Today's crop of Big Tech have made a fortune out of targeting consumers - those who download rather than upload. ADSL caters to this and it may be the majority, but innovators are those who devise new ways to provide services. That means more uploading, being able to provide services. If nothing else, how about multiple outgoing video streams for group video chat? You soon hit the 1mbit barrier there. With 1g upload capacity, perhaps more people would be interested in hosting their own services from their own premises, which might spark greater interest in developing those services, increasing the tech skill pool. Not all programming needs to be outsourced to India. Rubbish home connections leads to higher consumption of commercial offerings which means less on-shore energy being put into tech.

The nbn might only be used for porn because that's all the politicians have allowed the design of the network to be good for. Sadly, the political machinations from the Liberals regarding the nbn were always about Telstra rather than the broadband network. Once they got hold of it, it was never about a network for the Australian people.

As for the 4k screen, did anyone think that was ever going to be anything other than a large computer gaming monitor which doubles up for normal TV viewing?

Re: Interesting niches...

>Apple told IBM to shove its power somewhere else

The power chips are for when you need massive compute and have a devil-may-care attitude to power consumption. That isn't most of today's desktops, not today's laptops and certainly not today's tablets, which is where Apple wanted and needed to be. You don't put Intel's latest and greatest xeons in consumer PCs either and it doesn't make sense to have laptops running intel and mac pro's running power chips.

Re: Saddo!

>My other half uses a 2009 13in Macbook (dual core CPU)

and I've got a 2009 iMac. It's actually running snow leopard but I understand it is capable of the latest OSX.

Mac's tend to be the consumer item of choice if budget allows.

I've gone opensuse because I'm an infosec bod, I despise the slurping by all of the big three and I like to run my own services. I'll have a local file server over gigabit copper, not onedrive over soggy string, thanks.

Re: Aside from these articles being hard to read

That's what hit me immediately when reading the article: "The EEA is NOT the EU."

No-one is suggesting leaving the EEA.

It's almost as if someone feels the need to frighten people into voting to stay and will use any and all means to do it. When I see this steady stream of this kind of article - "Bad Things Will Happen!" _{which we'll pretend is to do with leaving the EU but isn't.} I assume that when intelligent, informed people make these kinds of errors it is intentional and supports some agenda which they don't want to tell me about but which would be spoilt if the vote goes the "wrong" way.

Hmmm, hidden agenda's and a lack of transparency? That doesn't win my vote.

Re: That's not why he's high level

>He violated the privacy of high level people like Bush and Clinton.

Worse than that, he demonstrated that Clinton was breaking the law.

We can't have people going around pointing out that rich, educated, important friends people break the law.

People who go around snooping on other peoples' stuff is the whole reason the government needs all these powers to, er, go around snooping on peoples' stuff.

Re: Missing the real point

> if you are in a position of responsibility and some internal department is blocking you from an action, there is probably a damn good reason for it.

Which may be a business reason, or it may be the macdonaldisation of IT with skills dumbed down and a large amount of management & coordination of disparate groups eating up the budget, instead of more expensive techies.

Do your PoC in the cloud, but then do a proper analysis of what's required based on the results of that PoC, don't run up cloud PROD at the same time.

Re: We're only in april...

>You can replace Turkey by the name of most countries and stay relevant (might need to remove "religious extremism" in some cases, or replace it by "bigotry" as you wish)

or indeed, replace the whole lot with "failure to budget and execute."

While it may be cool to sneer and attribute bad things happening to things we don't like, we have Snowden from the NSA - hardly a religiously extremist organisation (as meant in the quote), OPM - again, probably not due to backwards ideologies. Whatever you think about the US, there aren't many security professionals who think the UK or Denmark or any other place won't eventually suffer something similar. It is a major reason for not creating massive databases of PII in the first place.

That isn't to say that these things aren't a cause, but how many of them do you think you could remove and the crackers would still have done what they did?

Re: punchline

I'll do what I must, because I can, for the good of all of us, except the ones who are dead.

Re: NX is getting there but only recently

>n my experience SSH is easier and better, so it is hard to fathom why people keep messing with VNC.

SSH with a text terminal is great over a WAN, ssh -X ... not so much. The display compression VNC adds makes it more usable. Also, I see a Mac VNC session in the example. Mac XWin is truly awful in speed terms.

Just a thought... is the problem VNC, some sort of network PnP port forwarding (they didn't meant to share outside the local lan) on the routers or people who genuinely didn't realise that port forwarding wasn't a good idea without hardened services? I didn't think we had too many hosts connected to the internet directly with modems any more, so this indicates firewalling issues. Running insecure services on a small local lan often isn't a problem - it isn't a good idea, but most people wouldn't expect it to be a large problem.

Or maybe its people who have already been hacked and VNC is being used a backdoor?

Re: Tay: A river

There was a young chatbot called Tay,

On Twitter with 4chan did play,

They messed with her brain,

She's trolled, that is plain!

And she barely lasted a day.

Re: There are many ways to crack this nut

>something that would be triggered by the owner himself (warranty void, etc.) whenever physical access to the guts were to be sought?

Or link it to a heart-rate monitor app?

Whatever the case, Schneier's point has been demonstrated. It is almost impossible to reliably defend against terrorism because each attack is unique. Whether or not there is anything useful on that iphone, no terrorist will forget to wipe their phone before heading into a battle.

Methinks, however, that the FBI will continue to want the capability which no longer has any relevance to terrorism.

Re: The.. just.. I don't even

... and what's with the pejorative "ageing as/400" smack-talk?

If you store credentials on the frontend web server, no amount of "modern" systems or updates are going to save you.

Re: Refunds hide fundamentally insecure system

Card fraud is a possible cost.

Dealing with cash is a definite, rather high, cost.

Also, doesn't the merchant pay a small cut of each transaction? Cash doesn't provide that.

Also, doesn't the government love the fact that all electronic transactions are traceable?

We have financial interest and we have political interest. That will over-ride the fraud costs, which in the end, everyone pays through higher fees or higher transaction fees charged by the bank to the merchant and passed on to the customer in higher prices.

Re: You can be 2 or 3 miles outside a major town like Reading

Another embittered Wokingham resident?

Look on the bright side, you're two or three miles outside Reading.

Re: Disruption...

>and too often "disruption" equates to ignoring the law

True. Although too often the law is a corruptly wrangled contrivance designed to protect not particular industries but particular corporations.