I had a mate who used a thermostat-controlled 'heat mat' under his fermentation vessel
Some of the guys I hang around with are cabbibalising old fridges to make temperature-controlled fermenters. It's a rather effective solution...
Vic.
5860 publicly visible posts • joined 7 Dec 2007
I think it's very likely a lone hacker who humiliated large firm and stole data of its customers
I suspect not.
We've heard several times of phone scams using data taken during this attack. That seems like quite a sophisticated crime for a 15-year old.
My bet is that there were several groups having a go - it would appear that TT's security was somewhat south of "non-existent". This guy just got caught - perhaps he was the one that sent the extortion email or something.
Vic.
So why can't the Internet be charged both ways.
It already is.
When I download an article from ElReg, they have paid an ISP to handle the packet coming out of their server, and I have paid an ISP to deliver that same packet to my client. Inbetween those two ends, the ISPs sort out their own cross-charging as they see fit.
Vic.
I wish it were so, but it isn't. Every time I have to deal with an inexperienced developer they pull the same shite as the last one, and it takes years to get them up to speed and still longer to eradicate their technical debt.
OK, let me re-phrase what I said :-
"it is comparatively rare for the coders on the ground to write be permitted to commit such shite unless they are shielded from criticism by their management"
You will always get inexperienced devs producing rubbish. The reason for a team hierarchy is to enable the seasoned hands to train the new recruits. But, from time to time, you will find teams where one member - often categorised as "highliy productive" or somesuch - just keeps committing petabytes of utter crap, but will be fiercely defended by management who believe that kLOC is better that quality...
I let my graddies do an OO design, but then I replace theirs with one of my own or someone else better at it, and have them populate that
I've met innumerable grads who can't get that far. At interview, they'll spout the buzzwords - but when called on it, couldn't even begin to do a 2-class exercise. No understanding whatsoever of the process. And these are the people with the qualifications.
And so to the old hands - some people were once good but have long since stopped keeping pace. Some just never "got it" and carried on producing crap of a stadard I'd expect from a grad. They all have to go too.
I *mostly* agree. The difficulty is that many of them "stopped keeping pace" because they disagree with the direction in which that pace is travelling. And they are often right as well[1]. It's only with hindsight that we can see what really goes on...
If we want IT to have a seat at the top table, and in my view the world very much needs that to happen if humanity is to achieve its potential, then we as a whole have to raise our game. If that shakes loose the cowboys, the arts grads, and the dinosaurs, well, that's all good.
I'm completely with yoou there - it's your implementation with which I disagree :-) The formal education we currently offer in the field is frequently - nearly universally - useless. If all we did was to require such qualifications, we'd get code every bit as bad - or even worse. To change that state of affairs, we'd need to make a step-change in the quality of grads coming out of university - and that's going to take 20 years to filter through, with all those interim graduates getting a useful education, but a qualification that will be seen as useless for that period. That's hardly fair.
My solution would require companies and individual managers to be held responsible (to some extent) for their code - so when it goes wrong, they can't brush it under the carpet, they can't just blame some peon, they have to take the responsibility for which they've been paying themselves. A couple of rounds of that, and TPTB will actually start to take code quality seriously, because it will cost *them* personally not to do so. So when a dev tells them that the hack they're suggesting will definitely cause the code to fail, there might at least be a few seconds of reflection on whether or not to do it...
Vic.
[1] A customer of a customer of mine has a venerable - and *very* profitable - application written in Forth. It is very robust. But a new broom has come in, and they have set up a group to re-write the whole thing in C#, because it's more modern. That task began at least 8 years ago, and to date has produced *nothing at all*, despite having a much bigger team than is working on the "ancient" codebase. It turns out for them that the old way is indeed very much more effective than the new...
So, you tell me how you'd see that happening that doesn't involve minimum educational requirements and a professional regulator, and I'm all ears?
You need to throw a few suits to the lions.
As someone posted above, it is comparatively rare for the coders on the ground to write such shite unless they are shielded from criticism by their management. The bigger problem is when management decide to cur corners in spite of advice against such action by people who know what they're talking about.
So far, when such problems occur, the blame lands on the shoulders of the poor geek who warned about the problem in the first place. What needs to happen is for a high-profile case or two - this one would do nicely - to be shown for the management failure it so clearly is, and for that management to take some personal pain for their actions. I'm not talking about a witch-hunt; merely the pain that someone will feel to be directed at the right person.
Formal qualifications in software are frequently useless. I've had hundreds of high-scoring grads in front of me who can trot out all the buzzwords they think I'll be looking for - but when asked to do a trivial OO design, are entirely incapable. This needs fixing long before we can start requiring such qualifications for work...
Vic.
I've been down this road before with a mobile provider (not Talk Talk, and not due to data leaks), and the issue was resolved, firmly in my favour, within 3 weeks of issuing court procedings.
I've been down this road with an ISP. After much bluster, they sent me a cheque a couple of days before we were due to go to court...
Vic.
In her situation, resign
I' announce my resignation - but 8 weeks hence.
If she has any integrity whatsoever, her job is toast. But by staying on to deal with the fallout of her bad decisions, she would gain some credibility. And there is no doubt that she would be trying to do the right thing - since she has already resigned...
Vic.
There isn't a language out there which will prevent you doing something as silly as connecting to a DB and passing it a string straight from user input.
There *sort of* is.
Most SQL databases allow "prepared statements", in which the SQL command - sans data - is set up, and the data then supplied to it. This means that the parsing of command vs. data occurs long before the data turns up. Thus, once the data is applied, the DB will not confuse the two; SQL injection is obviated, even if the programmer "forgets" to sanitise the data.
Note, however, that the term "prepared statements" can be misused: I found a Python SQL library that promised prepared statements, but actually just used string formatting to create a simple statement. The result was that the library appeared to offer the protection I've outlined above, but actually didn't.
Vic.
When did people start thinking it was easier to use an Arduino than a 555?
It's probably cheaper!
Some while back, I bought the missus a little bike. It didn't have a tacho, so I was going to build an LED one with a simple bargraph driver.
It tiurned out it was loads cheaper to buy a PIC with a load of open-collector outputs than buy the bargraph driver chip. So it became a computer project, not a simple analogue electronics one...
Vic.
it tracks cars by VIN, and if you update a component, STAR registers that with the mothership, and anyone on STAR can pull up the service history.
That's not always such a great thing...
My missus has a 2005 Beetle. A few years ago, it had a major problem - it would just stop. It went back to the stealer on numerous occasions, as I've written about elsewhere.
She was thinking about getting a new car at the time - but every VW and Audi garage had the history of this car, and they all saw it as a problem vehicle, meaning they all offered SFA in terms of trade-in against a new car. And that was down to the incompetence of the grease monkeys working on it - the car is now perfect[1].
Vic.
[1] I fixed it. It required no new parts - the issue was entirely down to poor interconnect, because VW skimped on the strain relief.
Since some utter twat made having the airbag lamp do it's "on and then off" bit at startup a mandatory MOT item a few years back
I'm expecting to start finding timer circuits[1] in cars in the near future, so that the bulb lights in the expected fashion, even though the system in question is long dead...
Vic,
[1] I was going to write "555 timers", but 555s are actually quite expensive to buy in this country these days - you either inport them from China, or build something Arduino-based, because microprocessors are now cheaper than discrete chips...
They're constructed in a way that allows the doors to be opened normally even after rather harsh impacts
That's not the sort of thing I'd trust...
Many years ago, I was involved in a crash whilst driving an Austin Ambassador[1]. Although I was hit from behind, the shell moved enough that I had to lie across the front seats and kick with both feet to get the door open.
When I was learning to fly, part of the forced-landing procedure we were taught is to open the door on the way down. That way, you stand some chance of getting out...
Vic.
[1] What can I say. I was skint, and I needed something I could sleep in if necessary.
But they do have glow plugs these days which are intended to have a similar effect on determining when the fuel burns.
Nope. The glow plugs pre-heat the air in the cylinders to ensure ignition will happen even when the engine is cold. As it warms up, the glow plugs are switched off (this might happen before the engine even starts).
Ignition is caused by diesel being injected into hot, compressed air. Old-style injectors merely ramped up the diesel pressure until it overcame a calibrated valve, at which point the valve opened and diesel is sprayed into the cylinder. This causes a relatively slow build-up of fuel:air ratio, with quite a bit of attendant knocking.
Modern diesels tend to have a high-pressure rail of diesel, with electrically-operated valves controlling flow into the cylinder. This leads to better combustion timing and reduced knocking.
Vic.
Microsoft will pay fees based on clients’ consumption of software, not the straight sale of a license, be it in cloud on on-premise.
Hmmm. That either leaves MS with a liability for the lifetime of that software, or it means they are expecting to charge clients for consumption - the subscription model that we have repeatedly been reassured isn't going to happen. And I can't see MS taking on a liability to pay per-use in return for a single initial licence fee...
This will be based on customers’ monthly reports
Is this the real reason for the Win10 spyware?
Vic.
"The United States certainly can guarantee the privacy of Israeli citizens' data on servers in the U.S.."Sony pictures called; they say that's just not true.
Well, if we believe the US authorities, they know it was North Korea that attacked Sony because they had already infiltrated NK's networks, and watched the attack taking place.
So the US could have prevented the attack if they had chosen to do so. One can only wonder at their choice to allow it, given that they gave up any secrecy they might have had almost immediately afterwards.
Unless, of course, they're just lying.
Vic.
Controversal solution - all US companies store ALL data (including US data) in the EU. Problem solved
Not a solution at all.
At present, the US believes it can order US companies to turn over any data they hold, wherever that might be. This is the basis of the Microsoft vs. DOJ case.
So even if US companies did as you suggest, it doesn't solve the problem at all until and unless the US starts to respect local laws. And it'll be lovely to have bacon delivered by air...
Vic.
The NSA broke the internet :(
Not so. The NSA merely broke American Internet companies.
We keep hearing about the Internet routing around damage. And it seems to be doing so. Things might be a little more expensive (in cash terms, not overall) for a little while - US hosting is very cheap - but even that is probably onlt a transient situation.
Vic.
It knows about manned aircraft too
Really? That would be interesting.
LARS quite frequently doesn't know about manned aircraft, so I'd like to see how these guys intend to do the job...
As Martin suggested above, I'd prefer these drones to carry FLARM. That should cover pretty much the same job, but make life much safer for the rest of us to boot.
Vic.
TP-LINK is the worst offender
I disagree. I reckon Belkin is probably the worst.
I once got called out to fix a customer's connection, which could only be fixed by power-cycling the router. It turned out that an attempt to FTP to an external site killed it stone dead - and they had a box periodically trying to FTP.
We changed the router. It was the only was to fix the problem. The Belkin was useless.
Vic.
Completely different things.
Yes, I know that. But the article claims that Lotus is a Microsoft shop, and given how hard MS plugs the relationship in their TV advertising, this is entirely likely. MS would certainly be pushing for Windows to be used throughout the operation.
And you're telling us that that isn't the case. So I asked for evidence to substantiate your position. You haven't given us any...
Vic.
Hint - I managed HPC systems at an F1 team.
At Lotus?
Because Page 1 of the article tells us :-
The front-line computer systems are VCE Vblocks. These come ready to run with systems built by Cisco, EMC and VMware on a Windows platform
And Page 2 claims :-
the Microsoft Dynamics logos are a reflection that Lotus F1 is very much a Microsoft house
So although you might be right, you are directly contradicting the article; a little evidence might be a good plan...
Vic.
Lotus Cars doesn't do the chassis and the engine is a Merc.
You can tell it's not made by Lotus by the way it completes the distance without breaking down...
Nevertheless, the GP's point was almost certainly about the financial issues faced by the F1 team, not Lotus Cars.
Vic.
[ Former Esprit S3 owner ]
DANE TLSA records, the RFC states, give (for example) a mail server a way to say "I support TLS", and publish how SMTP clients can authenticate servers.
You don't need DANE for that - MTAs already declare their TLS capabilities.
[vic@perridge ~]$ dig +short mx theregister.co.uk
1 aspmx.l.google.com.
5 alt1.aspmx.l.google.com.
5 alt2.aspmx.l.google.com.
10 aspmx2.googlemail.com.
10 aspmx3.googlemail.com.
10 aspmx4.googlemail.com.
10 aspmx5.googlemail.com.
[vic@perridge ~]$ telnet aspmx.l.google.com. 25
Trying 64.233.167.26...
Connected to aspmx.l.google.com..
Escape character is '^]'.
220 mx.google.com ESMTP fi7si37083059wic.91 - gsmtp
ehlo example.com
250-mx.google.com at your service, [217.169.14.82]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
As you can see, ElReg's MX supports the STARTTLS command, and all that without touching DANE...
Vic.
do you honestly think the executives making purchasing decisions at commercial cleaning companies give a flying [redacted] about how well the vacuum cleaners actually work?
The ones I used to work with certainly did. They had to maintain a certain level of cleanliness to retain the contract, so the more effective the cleaner, the higher the profit.
They also liked the fact that our cleaners could be thrown down the stairs without breaking vey often...
Vic.
you don't need to use even 1,400W for a vacuum cleaner
I used to work for a vacuum cleaner manufacturer.
Back then, there was a machine on the market that was advertised as being able to pick up a bowling ball. "And how often do you need to do that?" was the first thing that cam einto my miond, but didn't seem to occur to many...
You don't need much power at all to clean a room - air is not a particularly dense medium, and accelerating it to the appropriate speed isn't hard. But you do need to ensure that the airflow isn't blocked; the vacuum itself doesn't perform any cleaning, it is the airflow into that vacuum that carries the dirt.
So it's pretty much all about the design of the pickup head; power is largely irrelevant.
Vic.
I was not even aware that pulseaudio was on my machine, and have not had any problems with audio, so what' your issue with it?
For a very long time, PulseAudio was a total bugfest. It was really quite bad.
It's mostly[1] fixed now, but still suffers its (well-deserved) reputation from a few years ago...
Vic.
[1] I found a nasty bug the other week trying to use my laptop as a pass-through LADSPA unit, but using a different interface for input and output. It didn't work, even though it thought it did...