* Posts by Michael Wojcik

12132 publicly visible posts • joined 21 Dec 2007

Iowa has already won the worst IT rollout award of 2020: Rap for crap caucus app chaps in vote zap flap

Michael Wojcik Silver badge

Re: Well this seems to tick ALL the boxes

The point of impeaching Trump is political theater.

No one in the House dreamed for a second that the Senate would convict. (That would have been disastrous for the Democrats.) They impeached suspecting that McConnell wouldn't be able to resist putting on a blatant show trial, because McConnell can't resist throwing his weight around here at the very peak of his power. And they counted on that to "energize the base", to use a favorite cliche of the party machinery.

McConnell is probably hoping for the same effect, because he knows he's putting some vulnerable Republican senators at risk. But ultimately I suspect he doesn't care. He's king of the hill at the moment and his only real pleasure is pushing other people down. He has no policy agenda of his own (he's a champion flip-flopper, having once fillibustered his own bill); all indications are that he's only interested in power for the sake of power, and his route to it has been obstruction, so obstruct he will.

Basically, the point of impeaching Trump was to highlight McConnell again for the professional bully that he is, in the hope of increasing Democrat turnout in November, and maybe irritating some of the former anyone-but-Trump Republican voters into staying home.

Will it work? Hell, we'll probably never really know. But Democrats control the House and they had to be seen as doing something other than papering McConnell's desk with bills that will never get a hearing.

Michael Wojcik Silver badge

Re: Hahahahahahaha

"This the people"?

Michael Wojcik Silver badge

It's true that a lot of the land area of Iowa is rural, though that's true of most states. (Looking at the Census Bureau map, I think Connecticut, Hawaii, and Rhode Island are the only states with no rural counties, by the CB's definition.)

Nearly 2/3 of the population of Iowa lives in an urban area. While Iowa precinct maps turn out to be a pain the ass to read (the Secretary of State website has them as per-county PDFs, and the county websites all use excessive scripting), I assume the precincts cluster by population.

But there will still be some rural precincts, and a couple coverage maps I looked at suggested there might be some dead zones. So, yeah, it might well go beyond "slow download" to "no signal at all".

Michael Wojcik Silver badge

Re: Why...

Why even bother with email? Just have the party set up a temporary call center. It's for one night (OK, you'll probably want the call center staffed for 48 hours or so, in case of problems), and there are fewer than 1800 precincts calling in.

There are any number of ways to authenticate callers for a specialized application like this.

There's really no reason to involve user-facing computer applications at all.

I'm hoping Shadow dies a quick and well-deserved death. US elections need less Internet, not more.

Micro Focus chairman Kevin Loosemore cuts himself loose as merger with HPE Software continues to haunt biz

Michael Wojcik Silver badge

Things have been worse

While the years since the HPES merger have been disappointing in terms of financial metrics, in some ways they've been pretty good to live through. Yes, we in Development have many complaints about infrastructure, processes, and so on, and the use of, and eventually migration away from, the HPE network has been a big, persistent pain in the ass. But the merger brought together a ton of really interesting people and a bunch of fun new toys.

It's very different than the grim MERANT years under Gary Greenfield, a CEO who seemed determined to piss customers off. Things were really quite bad in the 1998-2001 period. Morale was terrible, people were leaving, customers and analysts couldn't figure out what the company was doing. MERANT was a company that charged into the room, drew both pistols, emptied them into its feet, and proudly announced it had saved the day.

This was a poor year, but it was still a profitable one, even without taking the SUSE sale into account. (See the press release or presentation slides released today for details; they're available on the website.) EBITDA is down but EBITDA margin is up, which is encouraging. Even in a bad year Micro Focus makes money and pays dividends. And development remains strong, with new major releases coming out all the time. Obviously I'm biased, and perhaps I'm being foolishly optimistic, but I believe we'll return to the kinds of profit margins we enjoyed before the merger.

And in the meantime, my ESPP contributions will buy a lot of shares. Historically that's worked well for me.

Michael Wojcik Silver badge

Re: Some former Autonomy assets

The bulk of HPE Software was the bulk of Autonomy.

Untrue. There were a lot of product lines in the HPES portfolio, and a lot of staff and resources are attached to non-IDOL former-HPES product lines.

Michael Wojcik Silver badge

In no particular order: Fortify SCA, FoD, and WebInspect; LoadRunner; Vertica; Sentinel;

DigitalSafe and other archiving & compliance products; Content Manager; SecureData.

And a bunch of other stuff. (Did the data center automation / management products come from HPES or Attachmate? I don't remember.)

There's actually quite a lot of good tech there. Fortify SCA may be the overall best static-code analysis system out there, and Fortify On Demand (Fortify as a service) is doing well. WebInspect is a pretty good web dynamic-scanning tool, though that's an area with a lot of competition from open source. Not everyone needs a columnar RDBMS, but for use cases where it's appropriate, Vertica is a strong contender. SecureData is a format-preserving encryption product line and interest in that area is growing.

A lot of the products are "make life easier for the guys in Operations", which isn't sexy and doesn't get a lot of press. And to be honest I have no idea how well most of them work. (I've played a bit with the SIEM products, ArcSight and Sentinel.) But it seems like an area where there's real need, and we ought to be able to sell more once we work through the sorts of things described in the announcement (and, more or less, the article).

(JFTR, the part of MF where I do most of my work is doing just fine. But I'd like to see the company as a whole do well.)

AI snatches jobs from DJs and warehouse workers, plus OpenAI and PyTorch sittin' in a tree, AI, AI, AI for you and me

Michael Wojcik Silver badge

Re: "DeepMind’s agent AlphaGo beat Lee Sedol"

And if a Ferrari had to walk, I could outrun it.

Inventing absurd criteria only demonstrates you can invent absurd criteria.

Michael Wojcik Silver badge

Re: AI for "programming"?

Assuming those in the US are very similar- and from what I've heard, they are

I suspect the vast majority are.

When I'm at the Stately Manor, if I listen to radio it's the local college station, which is staffed by students and thus cheerfully unpredictable. During the day the format is "college alternative", which, if I'm going to listen to music, is something I can tolerate; there are a variety of evening, nighttime, and weekend shows. It's certainly not all to my taste but it doesn't sound like everything was programmed by some central office, and it changes frequently.

(When I bought my car, it came with a six-month subscription to Sirius satellite radio. I tried it on one long trip, and memorized the playlists for the couple of stations I could stand before the day's drive was half over. I did not renew.)

At the Mountain Fastness, we are blessed with three (!) independent radio stations in town, plus the local public radio (NPR) affiliate. They play an eclectic variety of music, present local news, have call-in segments for things like lost pets. I know at least one has actual live DJs for all the programming, because they're well-known local personalities. Even the advertisements are for local businesses, and generally less annoying than typical corporate output.

But the sort of stations offered by iHeartMediocrity (formerly Clear Channel) aren't worth my time, as far as I'm concerned. Once in a while when I'm driving across the country I'll scan the bands just to see what's out there. I rarely find anything I want to listen to for more than a few minutes.

Ah, night shift in the 1970s. Ciggies, hipflasks, ADVENT... and fault-prone disk drives the size of washing machines

Michael Wojcik Silver badge

Re: DEC field service engineers

Yes, Kermit was a godsend in the days of dial-up.

For a while in the early '90s I had a remote office with a POTS connection to the main office. Most of my connectivity requirements were file transfer and email, for which I used UUCP - the modems at each end were Telebit Trailblazers with UUCP spoofing, so that made sense. But I built Kermit on machines at both ends and used it for a variety of ad hoc purposes because it was just so versatile.

Eventually we got a 56K dedicated line and I could just SLIP up an IP connection between the sites, but UUCP and Kermit helped me get a lot of work done before that.

Microsoft Teams starts February with a good, old-fashioned TITSUP*

Michael Wojcik Silver badge

Yes. This is far from the worst thing about Teams, but it's one of those persistent annoyances.

Michael Wojcik Silver badge

Re: Sucks

Here the Teams rollout hasn't proved popular, at least with the people I work with. Email volumes haven't changed noticeably, and the Teams traffic is far less than even on the relatively unpopular RocketChat installation it replaced. There are days when there's no traffic at all on the 20+ channels I'm subscribed to, and days when it's nothing but robot traffic - announcements of people joining or leaving channels, auto-posts from CI systems, and that sort of thing.

It's been nearly six months, and many people seem to be using it grudgingly and as little as possible, while many others seem to be successfully ignoring it entirely.

Michael Wojcik Silver badge

Indeed.

When you get the certificate, you know when it expires. Perhaps Microsoft should sell some sort of software that provides a calendar with a reminder feature?

You can check the certificate's expiration date at any time, since it's part of the certificate.

You can trivially automate the process of checking a certificate's expiration date. There are any number of tools which do this.

You can easily automate the process of renewing certificates before they expire.

This is not the first time that Microsoft has been caught out by an expired certificate for a public service. Over the years they haven't been able to establish corporate policy and tooling to prevent this?

At last, the fix no one asked for: Portable home directories merged into systemd

Michael Wojcik Silver badge

Re: Finally!

I admit I haven't tried it yet, because it's not a platform we support for the products I work on, and I've had far too many home-update projects to spend time messing with a new OS for my personal machine. But the latter is getting long in the tooth and would be more useful with a decent Linux than it is running the factory Windows installation. There are only a couple of Windows-only packages on it that I'll want to keep available, probably in a VM.

Michael Wojcik Silver badge

Re: Common

I work from home every day of the week, and I don't need a "portable" home directory, or work material on my personal machine.

I have two employer-owned laptops. They go where I go. That's been the arrangement for over 25 years, and it's always worked just fine.

Even if I split my time between home and office, there'd be no need for a portable home directory, because for anything I need shared there are corporate change-management systems. (For historical reasons, some of my stuff is in Subversion and some is in GHE, but the specific flavor doesn't matter.)

Windows has had portable home directories for decades. I've never had any use for that, either. We had them on UNIX workstations with NFS and other network filesystems since the '80s; I never felt the need to set them up in the years I had a collection of UNIX workstations to myself.

Systemd is pushing an old idea that is of little or no use to most people.

Michael Wojcik Silver badge

Re: Next RC codename ...

I'd be happy if they'd just spend a few years aiming at "decent".

Vulture discovers talons are rubbish for building Lego's International Space Station

Michael Wojcik Silver badge

Re: "a pain when using the pieces to create something new"

Nothing stops you from using the custom pieces in other ways.

My older granddaughter is also 7, and she's been playing with Lego since she was 2. She has a bunch of sets from various collections (mostly DC Superheroes, Harry Potter, and Frozen), and we do all sorts of things with them after the official build. All sorts of stories have been played out with odd characters and chimerical monsters in bizarre vehicles and Frankenhouses.

And all the sets I've seen have plenty of generic parts, too.

Will Asimov fix my doorbell? There should be a law about this

Michael Wojcik Silver badge

Re: a recurring theme ... was that the three laws didn't really work all that well

The stories focus on the rare instances when things go wrong, and are seen as abnormalities against millions of robots not causing any fuss.

Irrelevant to the force of Asimov's robot stories. The point isn't to explore whether the Three Rules produce an acceptable defect rate or are probabilistically "good". It's to consider a series of logic puzzles in which a system of three simple axioms is shown to produce surprising results.

In that sense the Three Laws work "poorly", for their ostensible purpose (though well for their pedagogical one), because they appear to offer simple, absolute guarantees, but it's possible to find numerous exceptions. The principle of least surprise is violated.

It's certainly possible to claim that in the world of the robot stories the Three Laws work "well" in a practical sense. That's much like Chaitin's argument that Hilbert's Entscheidungsproblem was a resounding success, because Church's and Turing's proofs that it can't be solved introduced formalisms that were invaluable in spurring the development of digital computing; a mathematical "failure" (not really a failure, of course, and Chaitin doesn't characterize it as such) contributed to a major technological advance. You could say the same of the Three Laws (in their world): mapping their logical "failures" helps cement their application in technology.

But reading that as a principal theme of the stories rather goes against the interpretations most readily inferred from the text, I think. The stories are about how the Laws fail.

Michael Wojcik Silver badge

Re: 3 laws for AI

Well, they're not just a literary device. They're also a thought experiment in a concise, easily comprehended, logically consistent set of axioms can still produce unexpected results. Asimov's robot stories (and to a lesser extent the novels, which were also significantly concerned with social effects of machine intelligence) are as much about logic and complexity as they are about robots.

Of course that has never stopped people from interpreting them as prescriptive, or even as descriptions of fact. I remember an Asimov editorial from IA'sSFM around 1980 in which he described getting calls from reporters asking about the Three Rules, after a Japanese maintenance worker was killed by an industrial robot.

Gin and gone-ic: Rometty out as IBM CEO, cloud supremo Arvind Krishna takes over, Red Hat boss is president

Michael Wojcik Silver badge

Re: It's hard to believe that...

Have to agree with bob here regarding the PS/2, or more specifically the MCA. Trying to use it to kill the clone market was a bad move. IBM eventually clawed back some of the PC market with Thinkpads and its PCI-bus server offerings but never came close to recovering its former position, and MCA turned out to be just an expensive adventure.

However, even in the PS/2 era IBM had a lot going for it, with three strong non-PC system families (RS/6000, AS/400, and ES/9000) and a research organization that was still among the best in the world. The rise of Linux, and to some extent Windows Server, gutted all the private UNIXes, but POWER (these days the p line) survived better than most. AS/400-then-i has been a cash cow for decades; it was just the right incremental evolution of S/38 to keep that market, and the move in CPU architectures was handled smoothly.

And while It's impossible to completely stem the tide of 370-family (ES/9000 through today's z) defectors to Windows and Linux (something I have personally contributed to, so this is of interest to me), IBM has worked hard at updating mainframe hardware and software with improved performance and new features to keep many of those customers coming back. They're very good at finding out what will convince people to renew those leases, whether it's building REST web service support into CICS or adding "pervasive encryption" to zOS.

I agree with the poster above that what's really hurt IBM is the short-term thinking of the past couple of decades, with massive "returns of value" to shareholders backed by ruthless cost-cutting and deskilling.

There are already Chinese components in your pocket – so why fret about 5G gear?

Michael Wojcik Silver badge

Re: “A country torn apart by nationalism, corruption and warring factions”

Boris does seem to be something of a "doing it for the lulz" PM. I wouldn't be surprised to see him wandering off when clouds begin to gather on the horizon.

Michael Wojcik Silver badge

Re: Nokia

I'm under the impression that the iPhone was the first mobile phone to feature a capacitive touchscreen, based on the Fingerworks technology; and while multi-touch touchscreens had been around for decades, that made it the first to provide a really satisfactory one on a mainstream consumer mobile device.

Personally, I don't like touchscreens, so I wasn't interested in the iPhone. But I don't know of a competing phone available at the time which had a reliable touchscreen that supported a gesture set similar to Apple's. (I'd be interested to hear if there were any.)

That said, I agree that Apple's advertising (I find it annoying, but it seems to strike a popular chord) and marketing to tastemakers was largely responsible for the initial success of the iPhone.

In your face short sellers! Tesla goes two quarters in a row without losing money

Michael Wojcik Silver badge

Apparently the best-selling EV worldwide for 2018.

EVs don't meet my needs, but if for some reason I was forced into a daily commute by car again, I'd consider the Leaf.

I don't care for any of the Teslas - there's really nothing about them that appeals to me, and I really dislike the technophilic attitude that dominates the designs. (I loathe touchscreens in cars, for example, and while they're becoming impossible to avoid in new models, Tesla seems to consider them an object of worship. And I detest driver-"assistance" systems like Autopilot.)

Michael Wojcik Silver badge

makes long journeys viable and straightforward in a Tesla

Oh, sure. I just did a quick search for one of the long journeys I take regularly. If I had a Model S Long Range,1 I'd only spend an extra 2.5 hours charging it on that 10-hour drive. Oh, and I couldn't use my preferred route; I'd have to go through various urban areas I'd much rather avoid.

"Viable" perhaps. Desirable? Not at all.

1Which wouldn't meet my needs anyway, but let's leave that to the side.

Michael Wojcik Silver badge

Re: Ford & GM

How are Ford and GM exposed to consumer debt? They no longer own any of that debt, do they? GMAC was spun off in 2010.

I suppose high levels of consumer debt might in principle threaten future sales, but offhand I don't see direct exposure. But this isn't an industry I pay much attention to, so I could well be missing something.

Personally, I think Ford would be more worried about the $154B of its own debt.

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

Michael Wojcik Silver badge

Re: I'm confused...

No, it really isn't like saying that. Try reading for comprehension.

Michael Wojcik Silver badge

Re: It's an insane idea

Yes, if we put any additional resources into investigating and prosecuting computer crime, we can't possibly put any into finding and fixing vulnerabilities. All those resources are atomic so it's all or nothing.

And if we can't feasibly investigate and prosecute some computer crimes, then we can't investigate or prosecute any. Those are all-or-nothing too. And there's never been a single successful investigation or prosecution of computer crime, so we can safely assume it's impossible.

Or perhaps - just perhaps - your argument is bullshit.

Michael Wojcik Silver badge

Yes, there's a bit of that. And given the difficulty of identifying and prosecuting these criminals, we might also ask if we should start working on how to turn wishes into horses, too.

But while there's blame to go round, and while resources are limited and obstacles often prohibitive, I can see some justification for the force of Eoyang's argument. We shouldn't just throw our hands up at the simple possibility of investigating and prosecuting computer-based crime. There have been successful investigations and prosecutions (Paras Jha, for example), and perhaps we can shift more resources into those areas before we hit the point of diminishing returns.

Michael Wojcik Silver badge

It appears she's not currently employed by the government. That's a private-sector think tank she works for.

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

Michael Wojcik Silver badge

Re: When will we get rid of this malady?

The OpenSMTPD project claims it's "part of the OpenBSD project", but OpenBSD itself lists it as an "associated project". It appears to be primarily the work of two developers, neither of whom is Theo de Raadt. I do think it's unfortunate that OpenBSD adopted OpenSMTPD without challenging it on this very poor architectural decision, though.

The first of OpenSMTPD's stated goals is "Be as secure as possible". Exec'ing the shell with tainted input on the command line is not compatible with that goal, regardless of how much whitelisting and escaping you try to do.

I also find it disturbing that this bug was reportedly introduced in 2018. There was an OpenSMTPD update in 2015 that fixed various security holes (and looking at the diffs is not encouraging, frankly). Then sometime over that five-year gap, someone decided to make a change that created a severe vulnerability. Where was the code review for that? What improvement was that change meant to deliver? Public-facing network services are the most prominent facets of the attack surface, and should receive the most scrutiny, but this 2018 change doesn't seem to have registered on the OpenSMTPD project website.

Also, I'm curious to know what's supposed to justify OpenSMTPD as an alternative to, say, qmail, or a new project based on qmail. Was writing a new MTA in C really the best idea?

And, seriously, any decent static-code analyzer with data-flow analysis should have been able to catch this. A dynamic-analysis tool that explores untested code paths - even something like AFL - should have been able to catch the offending case too. Seems like the OpenSMTPD team isn't making use of tooling to help catch vulnerabilities. That, too, is a failure to live up to their own goals.

All that said, using this (really quite appalling) error as an excuse for a blanket condemnation of OpenBSD is simplistic to the point of uselessness. OpenBSD has addressed many other vulnerabilities, and no non-trivial system is perfectly secure. We may hope that this incident leads the OpenBSD team to turn a more critical eye on their associated projects.

Michael Wojcik Silver badge

Re: The Morris worm strikes again!

Oh, we've found ways to prevent them, or at least make them much harder to exploit. The problem is that many developers aren't interested in using those approaches.

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically

Michael Wojcik Silver badge

Thanks. Sounds like it's worth a try.

Michael Wojcik Silver badge

I've been thinking the same thing, but navigating the DD-WRT Wiki page of compatible models is an exercise in frustration. That's largely the fault of the hardware vendors, of course, who release a bewildering array of short-lived landfill-destined models, often under similar names; but after an hour or so of research I still hadn't found one I could order online that I was reasonably sure I could flash with DD-WRT.

Obviously it's possible - I know people running DD-WRT - but the handful of old routers I had lying around don't seem to support it, and I hate to buy something for the purpose and then discover it won't work.

You know the President is able to shut down all US comms, yeah? An FCC commish wants to stop him from doing that

Michael Wojcik Silver badge

Re: There's just one problem with this scenario...

nor can any POTUS simply declare a national emergency

No need. We're in a state of emergency already. We're in 30 of them. We've been in a state of emergency since 1979.

Frankly, your whole post smacks of "it can't happen here". While I'd certainly like to believe that's true - and I for one have viewed all the predictions of doom since 2016 with a jaundiced eye, even while acknowledging Trump's many vile deeds - I also remember how every failed state has had no shortage of people explaining why their country could never devolve into autocracy.

My suspicion is that Trump's handlers have enough control over him to keep him from doing anything that might upset the Wall Street applecart. The Mercers, for example, presumably enjoy the bull market and want at least the pretense of constitutional government to continue. And Trump's quite comfortable right now with the Senate and SCOTUS on his side. But I'm not ruling out an attempt to assert excessive power, if only because I don't think he's rational.

Michael Wojcik Silver badge

Re: Did Trump turn off your editor's internet?

Oh, Lincoln did lots of bad things. (Native Americans generally don't have much good to say about him, for example.)

But he had the advantages of 1) winning his war, 2) ending slavery, and 3) being martyred.

The first meant his supporters got to write the history.

Slavery was widely seen as an embarrassment, if not a moral outrage, by those whose economic welfare didn't depend on it; and it's likely that plenty in the North recognized that its economic inefficiency (relative to capitalism) was dragging down the economy of the South, and thus of the country as a whole.

The third, of course, is generally an effective way to earn some popular adoration. It's one of the reasons why I, and I suspect many Democrat strategists, are just as glad that there isn't a chance in Hell that the Senate will convict Trump; in the eyes of his supporters, that would make him a martyr, and they'd be only too glad to support Pence or some other chosen successor. Awful as Trump is, I'd rather see him fizzle out than launch a dynasty.

Michael Wojcik Silver badge

Re: Did Trump turn off your editor's internet?

Much as I loathe Trump, I'm afraid that it's well known Obama and his administration expanded Presidential powers to include extrajudicial killing of US citizens, most famously via the (originally secret, leaked) DoJ memo "Lawfulness of a Lethal Operation Directed Against a U.S. Citizen Who Is a Senior Operational Leader of Al-Qa'ida or An Associated Force". This has been widely discussed; there's a good treatment in this Foreign Policy article from a couple weeks ago.

For many on the US Left, this was one of the more disappointing aspects of the Obama presidency, but not especially surprising. Obama continued a series of presidents who showed little concern for civil rights.

Michael Wojcik Silver badge

Re: Shutting down California's Internet

Is a sure fire way for them to leave the Union

That's been tried. It didn't go well for anyone.

Michael Wojcik Silver badge

The President has the power to "suspend or amend ... regulations" regarding any "stations or devices capable of emitting electromagnetic radiations [sic]".

Name a "device" that doesn't emit electromagnetic radiation. I emit electromagnetic radiation, and so presumably do you, as any fule with an infrared camera kno.

47 USC 606 is so poorly worded that, interpreted literally, it gives the President power to suspend or amend any regulations regarding any physical object. Presumably the courts would limit it to something more reasonable, given the chance. But there's the rub: at what point will the people who have physical control of said stations and devices decide to refuse such suspension or amendment?

I assume the bigger telecoms firms wouldn't take such executive fiat lying down, and would almost certainly be able to get restraining orders from judges within minutes of some Trumpian declaration. But things could certainly become very messy.

Michael Wojcik Silver badge

Re: It's legal

"In the event of war"? The US has been at war since Congress passed the AUMF in September 2001.

Top tip: Using AI to detect alien civilizations is dangerous because if it spots anything, even just a blurry blob, people are going to go nuts

Michael Wojcik Silver badge

Re: AI could easily spot things we miss

Too limited: there are ML approaches which result in explicable (amenable to analysis after creation) and interpretable (composed from understood parts) models. See for example this Cynthia Rudin paper.

Models with hidden state - from HMMs to traditional ANNs to DL stacks - obviously are black boxes, at least initially, though research into explaining them is a popular field. (I'm not terribly optimistic about its prospects for the more-complicated DL architectures, but we'll see.) But in the rather wide range of things being lumped into "AI" these days, certainly not all approaches are black boxes.

For that matter, the popular media are likely to label even things like kNN clustering and decision trees and SVMs as "AI", and they're not black boxes at all.

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it

Michael Wojcik Silver badge

Re: What part of ....

To be honest, I've never had much luck getting SharePoint to share anything in a reasonable, sane manner.

I've not had much luck finding the point in it, either.

(Just look at the links it generates. It's like Microsoft looked at the web and said, "hey, how can we screw this up?")

El Reg tries – and fails – to get its talons on a Brexit tea towel

Michael Wojcik Silver badge

Re: Deliveries [..] won't start until the week commencing 10 February

Eh, full stops would have turned a mildly entertaining rant into a feeble and pointless one.

In its present form, I have a nice mental image of AC gasping and clutching his1 side, having just run a mile to deliver this urgent news to us in a single sustained, gasping outpouring of barely-discernible words.

1Going with the most probable pronoun here.

Michael Wojcik Silver badge

Re: Tea towel?

Personally, I refuse to buy anything associated with mister "ordinary fans chop the air".

Though I suppose we can thank that particular con for a typically entertaining Wonderella comic.

Star wreck: There's a 1 in 20 chance a NASA telescope and US military satellite will smash into each other today

Michael Wojcik Silver badge

Infinitesimal

I was assured by a Top Boffin of the Reg commentariat that the chances of such an event are "infinitesimal". So apparently 0.5 is infinitesimal now.

Of course, in the present moment it's hardly a surprise that we have the biggest infinitesimal ever. The best infinitesimal. Probably Mexico paid for it.

Michael Wojcik Silver badge

Re: Recycling

"The clone is the pretty one."

UK: From 5G in Tiree to the Isles of Ebony, carry me on the waves… Sail Huawei, sail Huawei, sail Huawei

Michael Wojcik Silver badge

Re: More foaming at the mouth from Republicans

We're talking about Liz Cheney here, whose definition of "freedom" is "the right to do what I think you should do".

This is a woman who publicly attacked her own sister's marriage to another woman, and equated criticizing Trump with treason. Except when it involves hunting wild animals, she's never been big on promoting freedom, at least as any rational person understands the notion.

Ding-dong. Who's there? Any marketing outfit willing to pay: Not content with giving cops access to doorbell cams, Ring also touts personal info

Michael Wojcik Silver badge

Re: Just wondering...

But less profitable.

Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon

Michael Wojcik Silver badge

Re: Secure Proccessors for sale - $100 each

The original SPECTRE paper demonstrated in-browser attacks, as did the Zombieload paper.

Multi-tenant is at risk. Privilege boundaries are at risk if you have an RCE in an unprivileged process. Enclaves are at risk (though, seriously, fuck enclaves; do they have a real use case other than DRM and spyware?).

We haven't seen in-the-wild exploitation of these vulnerabilities because:

1. Disclosures have been embargoed until the most prominent targets could be remediated. That's what happened with the browser-based exploits for SPECTREv1.

2. We have no shortage of easier-to-use exploits for untargetted attacks, and frequently for targetted attacks as well.

3. Microarchitecutural exfiltration attacks are hard to detect, so they may well have been used in targetted attacks without anyone being the wiser. Just like we have no idea how many victims there were for Heartbleed.

Michael Wojcik Silver badge

Re: Secure Proccessors for sale - $100 each

Various sources claim all Atoms are vulnerable to Zombieload and perhaps to RIDL and other MDS attacks as well. The original Bonnell microarchitecture for Atom has Hyperthreading, which suggests it would be vulnerable to type-1 Zombieload.

I admit that I pay little attention to Intel's twisty maze of CPU families, however, and much of the discussion of the MDS vulnerabilities isn't directly supported by anything I've seen in one of the actual research papers.

Accounting expert told judge Autonomy was wrong not to disclose hardware sales

Michael Wojcik Silver badge

Re: Auditors....

IIRC, he admitted he didn't read the preliminary due-diligence report. He pushed the sale through before the final one could be completed.