* Posts by Michael Wojcik

12135 publicly visible posts • joined 21 Dec 2007

Post Office burned £100m in UK taxpayer cash on Horizon IT scandal legal fees, MPs told

Michael Wojcik Silver badge

Re: @David 142

Yes. Beneficence and maleficence denote performing acts of good or evil, respectively; benevolence and malevolence to attitudes. Malfeasance also denotes an act or acts, but not necessarily evil per se so much as wrongdoing; that is, malfeasance connotes a failure of official or professional responsibility, which may or may not represent a serious moral lapse, while maleficence connotes specifically some evil act which may not be related to office or profession.

Kicking a puppy is maleficence, but it's not malfeasance unless you're in the dog-management business.

A police officer who destroys evidence because he believes the perpetrator was justified is committing malfeasance, but depending on the circumstances it might be argued the act is not a moral violation.

That LVI CPU hole wasn't the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes

Michael Wojcik Silver badge

Re: Re. Bugs

Well, we wouldn't want it to make a hasty decision. Windows and the hardware should try counseling and perhaps a trial separation before deciding they're truly incompatible.

Hello, support? What do I click if I want some cash?

Michael Wojcik Silver badge

Re: Barclays don't dogfood their IT

TurboTax for tax year 2019 installed just fine on Win7 for me. It complained and told me I should "upgrade" to Win10, but there was an option to continue on 7.

Michael Wojcik Silver badge

Re: photocopiers

And even just "tell the filesystem to mark this as deleted" is extra development work and something that ought to be tested and may have unfortunate failure modes. It might be "sensible" to implement it, but if the market doesn't insist on it there's no economic incentive for the copier vendor to do it.

Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI

Michael Wojcik Silver badge

I suspect this was a combination of lax oversight and illusory superiority - in effect an unconscious bias to believe that because the OSB considered themselves a top information-security team, they didn't need to worry about securing their own systems.

Michael Wojcik Silver badge

Re: when will people learn

Damn straight. Don't let yourself be questioned by any law enforcement officers without benefit of counsel. And when you have that, let your lawyer do the talking.

But especially not by Federal officers, because lying to Federal officers is a felony, and they'll go out of their way to trick you into a misstatement they can construe as a lie. Ken White has a piece about this (and he's not complimentary) on Popehat.

Grab a towel and pour yourself a Pan Galactic Gargle Blaster because The Hitchhiker's Guide to the Galaxy is 42

Michael Wojcik Silver badge

Re: fun facts

A cognitive dissonance that many have pointed out pretty much since the MPAA launched its neurotic ratings system (in 1968). Of course the MPAA had existing models such as the Comics Code Authority (from '54, I think?), though the CCA was a bit more even-handed with its overweening censorship.

I still recall a mid-1970s article in Science Digest (a pop-science magazine, with the emphasis on pop, though it seemed somewhat more reliable than, say, Popular Mechanics) on "cinematic neurosis", discussing people traumatized by films like The Exorcist and Jaws - films which seem rather tame today - and lambasting the MPAA for its puritanical treatment of sex while doing little to shield children from violence or horror.

The general opinion seems to be that the MPAA rating system exists primarily to tempt audiences with a suggestion of salaciousness, and to appease some of the dimmer bulbs among the culture warriors on the right.

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very

Michael Wojcik Silver badge

Re: Power ISA?

I wish Raptor sold a laptop. I don't think there's been a POWER-based laptop since the RS/6000 Model 860.

Not particularly practical, I know. (It would be a perfectly usable Linux machine, but due to economies of scale it would be more expensive than a generic x86-based laptop.) But it would be cool.

Michael Wojcik Silver badge

I'm not sure what your question means, but Heartbleed was completely processor-independent.

Presumably Rupert meant Meltdown, not Heartbleed. Though I don't agree with his argument anyway. Verification of CPUs won't "catch" things which are not violations of the specifications, and eliminating side channels wasn't part of the specifications. Asking verification to identify side-channel attacks is like asking a proofreader to correct weak characterization, or asking a hammer to loosen a bolt. Wrong tool for the job.

You've duked it out with OS/2 – but how to deal with these troublesome users? Nukem

Michael Wojcik Silver badge

Re: Expensive

OK, but the subtitle needs work.

High Maintenance Girlfriend: Major Release

High Maintenance Girlfriend: Hyper-Critical Update

HMG: Refactored

HMG: Zero Day

HMG: License Expired

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees

Michael Wojcik Silver badge

Re: Fear mongering

Have you read any of the papers? Even the original Spectre paper demonstrated a useful attack. Demonstrated, not just proposed.

The willful ignorance around this class of attack is really quite impressive. None of these papers are hard to get or read.

Michael Wojcik Silver badge

Re: Not that surprising

ARM, at the time, had no spectre vulnerable CPUs being produced, so you are wrong or a shill

Irrelevant. ARM had published designs with Spectre-class side-channel vulnerabilities. The Cortex-A75 was also vulnerable to a Meltdown variant (as was POWER). The OP is correct.

Michael Wojcik Silver badge

Your threat model is flawed. Untrusted != privileged. And it's not at all difficult to get malicious code included in a signed package.

Michael Wojcik Silver badge

Re: What an absolute suprise!

Mostly it says information thermodynamics is Still A Thing.

Michael Wojcik Silver badge

Re: Impact?

it was end users being much more likely to run untrusted code on their machines, eg, in the form of javascript from a website

Yes, aside from Javascript, all code running on end-user machines is entirely trustworthy. No vendor has ever released malicious code, deliberately or courtesy of a supply-chain attack.

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

Michael Wojcik Silver badge

Re: Keep calm and carry on

Being subject to scrutiny is good.

Failing at even the most basic secure development practices is not. This one violates at least two of the OWASP Top 10. How did it get into production? Hell, how did it come out of Development? Why are they letting developers who clearly haven't been trained in the most prominent security issues in their domain produce code in the first place?

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground

Michael Wojcik Silver badge

Re: *Always* Think of the children

They think every adult is a nonce

That can't be right. These are people use try to use each adult as many times as possible.

Computer, deactivate self-destruct system requirement, says Sonos... were it on a starship in space, and not a smart-speaker slinger

Michael Wojcik Silver badge

How did anyone ever survive without such features? Clearly this "experience" is desirable regardless of the cost.

Michael Wojcik Silver badge

I wouldn't put in a proprietary network-connected speaker system even if I had more money than I knew what to do with.

Michael Wojcik Silver badge

Re: Slow on the uptake,

General purpose and internet connected computers get out of date

And even they can often be used much longer than they generally are. My personal machine is 11 years old, and it's still perfectly functional.

After 16 years of hype, graphene finally delivers on its promise – with a cosmetic face mask

Michael Wojcik Silver badge

Re: has not said quite how its cosmetic face masks will benefit from graphene

Is it carbon-neutral? Can't have our inner glow contributing to global warming.

("Yes, we've discovered a new sequestration technology. We take a bunch of carbon and shove it ... well, you'll see.")

Michael Wojcik Silver badge

Re: Graphene

Nuclear fusion is only about 8 minutes away.

Carbon fiber is widely used, and has penetrated various markets at rates that seem plausible to me, given basic economics. I don't see how that example supports your premise, particularly in areas such as home construction, which tend to be very conservative and largely driven by regulation. We've had concrete homes, rammed-earth homes, Earthships, steel-framed conventional homes, manufactured-and-assembled-on-site homes, etc for decades, but on-site stick framing is still dominant here in the US. Why? Economies of scale, for materials and for expertise; and familiarity.

Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great

Michael Wojcik Silver badge

Re: Sad Sammy

My unlocked, formerly AT&T-branded Galaxy S6 gets updates. I'm on an MVNO that operates over the AT&T network.

Michael Wojcik Silver badge

Yes, the Android ecosystem patch mechanism is well and truly broken, and this is at least as much Google's fault as anyone else's. AOSP aside, Google is forcing various conditions on Android device vendors to include Google crap; they could certainly force them to do a better job of distributing updates.

Though having said that, getting patches isn't all roses either. I finally have a phone that receives regular updates, and each one either breaks existing functionality (fortunately, generally something I don't care about, though a recent one removed the global disable-sync option) or adds some new horrible annoyance.

After I installed the one before this latest, the phone started pestering me periodically to enable VoLTE, despite the fact that 1) I don't fucking want it, and 2) it can't be enabled anyway, because I'm in a microcell that doesn't support it. A bit of online research turned up hundreds of complaints about this behavior over the past few years. This sort of thing makes me want to find the person who made the decision to add this irritant and commit a few acts of violence.

This sort of thing is one reason I refuse to buy new phones; the manufacturers haven't earned that kind of money from me.

Michael Wojcik Silver badge

After the looming apocalypse they'll be worth their weight in gold!

(That is, not very much, and only to people who already have their basic needs satisfied.)

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'

Michael Wojcik Silver badge

Re: "the evidence of our senses has become suddenly and comprehensively insufficient "

If it *feels* wrong, then it probably *is* wrong

Decades of psychological research, and thousands of years of literature, say otherwise.

Michael Wojcik Silver badge

Re: "...could I borrow $60 (US) via PayPal..."

Heh. I was thinking of this just a couple of days ago as I was planning the site for Shed 2 at the Mountain Fastness. The Stately Manor already has two sheds.1

I've heard that the Arthur "Two Sheds" Jackson sketch was inspired by an interview with Roald Dahl where he was asked about his "writing hut". A quick search didn't turn up anything to confirm that, though.

1Neither home has a garage, which is unusual for the US. Which is just as well, because cleaning snow off your cars Builds Character. Also, I hate the idea of leaving the house only to walk into an attached garage and get into a car, never having actually been outside.

Michael Wojcik Silver badge

Re: "...could I borrow $60 (US) via PayPal..."

explain how you are using Skype at a hotel. They don't provide laptops now, do they ?

Better hotels used to routinely provide "business services" rooms with desktop computers, printers, and the like. They're still fairly common in my experience. Even lower-tier hotels often have some elderly Dell desktop machine available for guests.

Michael Wojcik Silver badge

I dare say a dedicated attacker could have created a convincing fraud, if your friends are like most people in the wealthy world.

What mostly spares us from that sort of thing is that the effort involved means the return isn't as good as for simpler scams, which continue to be profitable for the scammers. So usually even off-the-cuff specific social-engineering attacks like this famous example from DEFCON are reserved for special cases, where some target has aroused the attacker's interest or ire.

Of course there are the regular "grandchild emergency" telephone scams, but those generally involve very little preparation, at least in the cases I've read about. Sometimes the attackers don't even know the child's name; as with other low-level scams, they rely on volume and very low costs to find enough victims to make the schemes worth their while.

Is technology undermining democracy? It's complicated, says heavyweight thinktank

Michael Wojcik Silver badge

Re: Eh?

I'm still wondering why a referendum and an election are a threat to democracy

Oh well, I'm still wondering why some apparently intelligent people think this is the what's at issue.

Michael Wojcik Silver badge

I'm not sure I believe that you don't believe that.

Fella accused of ripping off Cisco, Amazon, iRobot, others to the tune of $2m by fraudulently demanding replacements for tech gear

Michael Wojcik Silver badge

Revolving door

825 years? Bah! We'll be lucky if he serves half of that.

Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef

Michael Wojcik Silver badge

Re: Why can't we have brilliant people without toxic personalities??

I'm brilliant and I'm a lovely person too. Also handsome. And modest.

Michael Wojcik Silver badge

Re: Security Controls.

Or to use that information for spearphishing, or to apply pressure to coopt an employee into turning over more-valuable information. And so on.

Pivot-and-escalate works with data, just as it does with systems.

Michael Wojcik Silver badge

Re: Cell phones in prison

I've had Internet access for decades. This is one of several topics for which I'm no longer capable of feeling surprise.

Michael Wojcik Silver badge

Re: "intensely embarrassed by the loss of some of its most valuable weapons"

There are any number of explanations, ranging from "Corso just made the whole thing up to sell his book" to "it actually was stolen foreign technology, but Corso wasn't told the real origin because he didn't Need to Know".

I mean, if I were running a spy program that stole interesting technological developments and other research from foreign powers, I'd want a way to quietly funnel it into my own nation's R&D stream, and leaking it to university and commercial researchers to reverse-engineer and claim as their own seems like a reasonable way to do it. And I'd want some dupe in the middle who didn't know where it came from so I'd have some deniability in case the program came to light.

Michael Wojcik Silver badge

Re: "intensely embarrassed by the loss of some of its most valuable weapons"

I can't think of any technology from the second half of the twentieth century which can't be fully traced along its research and development path from bright idea to mature technology

Duh, they used the Roswell time-travel tech to go back and retcon it.

Michael Wojcik Silver badge

Re: Schulte = Dark Milton

They really should have given him a piece of cake.

Michael Wojcik Silver badge

Re: Guilty? Possibly. Beyond a doubt? No Way!

Yes, based on what's in the article - it might be different if I'd actually heard all the evidence firsthand - if I were on the jury I'd have to vote to acquit.

But to be honest, even if I felt he were guilty beyond a reasonable doubt, I'd really have to consider nullification in this case.

As Australia is gripped by bog roll shortage, tabloid says: Here, fill your dunny with us

Michael Wojcik Silver badge

At the Stately Manor, we regularly get a couple of phone directories every year: one for the (small) city in which the Manor is actually situated, and one for the metro area surrounding the nearest somewhat-larger city.

I even consult them occasionally, though mostly out of nostalgia.

Come to that, it was only last week that I finally canceled the Manor's "land-line" service. It has proven useful over the years, particularly during extended power outages when the cell-tower batteries run down. Then we're the only people in the neighborhood who can call around to see who has dry ice in stock. But now we know the secret reliable dry-ice supplier, and the cost of wired phone service from AT&T is outrageous - around $85 a month - so I turned it off.

I'm keeping the wall-mount phone, though, as a sort of trophy display. "Oh yes, as recently as 2020 this thing actually worked! You could use it to leave messages in someone's voicemail, which they'd delete without listening to."

UK.gov lays out COVID-19 guidance as the tech supply chain considers its own

Michael Wojcik Silver badge

Re: Yeah...

To be fair, Pence has a solid record of damaging things he's in charge of. Maybe they thought he'd have the same effect on the virus.

Michael Wojcik Silver badge

Re: It's just flaky news

What do we "know" about the virus? Virtually nothing

True, but only for certain values of "we".

Michael Wojcik Silver badge

Re: Well I guess this just goes to prove .....

Oh, I don't know. None of my computers are showing COVID-19 symptoms.

Michael Wojcik Silver badge

Re: Government Guidance

Bah. Points for etymology, but minus several million for unjustified prescriptivism.

There are an infinite number of ways to form a plural of "virus" in English. Here's one: slaijhviels. Unlikely to catch on, I know; but that doesn't mean it's not "a way to make the noun 'virus' plural". Nothing in the conventions of English as a spoken or written language forbids it, and there is no authority for the language generally recognized by a majority of Anglophones.

And that, of course, is the usual problem with prescriptivists. They can formulate a learned argument, but then they try to build it on a foundation of appeal to some imaginary authority, because they can't bear to simply be descriptive and argue a preference.

Michael Wojcik Silver badge

Re: Government Guidance

Pandemics are difficult to predict. Sometimes they are severe. The fact that they are often not severe - and citing instances when they are not - is a poor argument against preparing for a possibly severe one in this instance.

Certainly some people are overreacting, but mocking them doesn't help either.

You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking

Michael Wojcik Silver badge

Re: Crap

What really annoys me about IPv6 addressing (at the moment) is zone IDs for link-local and site-local addresses. "A printable representation of an IPv6 address will be at most INET6_ADDRSTRLEN characters, plus some arbitrary number for a percent sign followed by something that might be a decimal number or might be some arbitrary string."

Well fuck whoever came up with that, eh?

The whole idea of "each of these addresses will be unique, except for all the ones that aren't" is obviously the result of some mind-bogglingly braindead compromise. I expect IPv7 will introduce an "eat your cake and have it too" scheme.

Coronavirus conference cancellations continue: Google and Microsoft axe WSL and Cloud Next

Michael Wojcik Silver badge

I have a couple of co-workers whom I know went to RSA (and no doubt there were many others; a number of my regular meetings were canceled because "too many attendees will be at RSA"). They didn't seem to find it particularly less busy than usual.

Michael Wojcik Silver badge

Re: In the future...

I haven't gone to a conference or convention for a few years now, but for me at least the virtual events are never particularly productive, and certainly much, much less productive than in-person attendance. I do several videoconferences and group phone meetings every week, so it's not like I'm not used to that format; but I have a terrible time staying focused on online presentations and the like when it's not with people I already know. And I don't see how virtual conferences can offer the same (interpersonal) networking opportunities that F2F ones do.

Is that a typo? Oh, it's not a typo. Ampere really is touting an 80-core 64-bit 7nm Arm server processor dubbed Altra

Michael Wojcik Silver badge

Re: I hope...

Mitigation for well-known SPECTRE-class vulnerabilities, perhaps. You can't eliminate side channels without full reversible computing.

Honeywell, I blew up the qubits: Thermostat maker to offer cloud access to 'world's most powerful quantum computer' within months

Michael Wojcik Silver badge

Re: "This is not a science project"

And I forgot to note that NP is very likely not in BQP (assuming P != NP), so no one's going to be using a general QC of whatever size to solve the TSP. You could do an exhaustive search using Grover's algorithm but that quickly becomes infeasible for any NP-Complete problem, even with heuristic pruning. Meanwhile, we have techniques such as graph sparsification which often let us find close-to-optimal solutions for many problems in NP using conventional computing.