nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Nick Ryan

2376 posts • joined 10 Apr 2007

In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes

Nick Ryan
Silver badge

Re: I want choice

Spec-ex is where the performance gains are. Why? Because OSes like windows and the applications that run on them aren't sufficiently parallel therefore serial processing speed has to be concentrated on even with the burden of context switching.

The difference between, for example, Intel Atom processors without spec-ex and Intel chips with spec-ex is quite phenomenal and a testament to the succes of the technique. Shame that Intel sacrificed security for performance so badly.

Non- x86 chips can also suffer from the same problems, it really depends on where the MMU boundary checks are applied. In Intel's case it's outside of the spec-ex, giving them a serious performance boost, compared to chips where the checks are applied within the spec-ex context. Technically, both are as valid as each other it's just that using timing tricks it's possible to derive data where the checks are applied outside of the spec-ex execution.

1
0
Nick Ryan
Silver badge

Re: Efficiency Strategies

Spec-Ex doesn't need to be costly, and the gains are almost always more than 50%. Why? Because most iterations last longer than that and therefore an iteration for even just 10 cycles with one spec-ex clash at the end is considerably faster than 10 cycles without spec-ex.

As noted elsewhere, one of the problems is due to sacrificing security for permance - as in only checking for access levels on presentation of the data rather than during the spec-ex fetch. While this seems reasonable the time difference between the two is noticeable and with caching allows the contents of the request to be derived. Slow, admittedly, but given the speed of modern processors not impossibly so.

So "office" applications or gaming, spec-ex markedly improves performance. Just in the case of Intel, in particular, it's a case of security vs performance.

RISC-V has spec-ex, however the spec-ex fetches go through the same MMU boundary checks as any other fetch. This doesn't that timing based differentials, and therefore data leaks, are impossible, just that they are considerably harder. A properly secure system would exhibit exactly the same outward performance regardless of a cache/security hit or not. Unfortunately that pretty much requires that spec-ex is disabled.

2
0

Nice phone account you have there – shame if something were to happen to it: Samsung fixes ID-theft flaws

Nick Ryan
Silver badge

Samsung: good hardware, appalling software. However fair play that they accepted the faults and fixed them (hopefully)

9
0

College PRIMOS prankster wreaks havoc with sysadmin manuals

Nick Ryan
Silver badge

Re: Poorly configured systems - how about no password on SYSTEM!

It is a shame because these days utterly fictitious values of cost will be assigned to relatively trivial student "experimentations" where no real harm has been done. Yes, you used account time that wasn't yours but if the institution owned then systems then were was no real cost to them, just time slices and a bit of electricity.

I got banned for a couple of weeks too, and one point I wound up sitting at the student help desk and particularly annoyed the staff there by clearing the queue of students with computer issues quicker than they would have - and genuinely helped them too.

To show the difference, rather more recently I browsed a colleget network and came across a student PC with an open/anonymous share with rather a lot of pornography on it. I could have pretty much cost them their course by reporting them but instead messaged them and advised them that open shares with such was ill advised and they should stop doing it. The fear from them was ridiculous bearing in mind it was just content that anybody with a non-College network could have accessed easily. I think they appreciated the gentle hint rather than a full censure. On the other hand, September was a terrible time for the network... thousands of new, unpatched and utterly vulnernable PCs from (new) students hitting the network made things glacial at best.

2
0
Nick Ryan
Silver badge

Re: BBC Micros at college

My alternative was less hi-tech. At Uni (sorry guys) I wrote a simple program that looked exactly like the login system (custom screen, easy to mimic and logged out the current user, me, after recording login details) and ran around a computer room or two, logged in as myself, ran this application and merrily harvested the login details of countless students and staff. They had a bit of a sense of humour failure (sorry, again) when I presented this list to them - including a sys admin login or two.

Students. We were probably all dicks at some point in time.

Oh, and I also worked out how to get free laser printing.

4
0

BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol

Nick Ryan
Silver badge

Re: Ah HA!

I'd say that HP have excelled themselves and implemented variants of this system in multiple places just to ensure that what should be a relatively simple process of them replacing (yet another) DOA laptop (with the same faults as the previous ones) winds up involving multiple departments that cannot communicate with each other and many days of delays.

3
0

It's official. Microsoft pushes Google over the Edge, shifts browser to Chromium engine

Nick Ryan
Silver badge

Re: Bloatware

That and not having the cretinous, and cretinously annoying, cortana "assistant" rubbish shout at you on every clean install. It's not necessary, it's never necessary and most of all has no part in being in the clean install process. Every time it involves trying to hit the mute on the keyboard as quick as possible...

2
1
Nick Ryan
Silver badge

Re: Worst possible outcome

Chromium and Chrome are different things - Chromium is an open sourced rendering engine, Chrome is just another web browser that users Chromium to render pages. The browsers that use the Chromium engine have a lot of leeway into how the content is managed, presented and filtered.

5
0

Keen for much-hyped quantum computing to finally land? Don't expect it for a decade

Nick Ryan
Silver badge

I'd rather that a genuine "AI" didn't drive my car thanks. On the other hand, a computer system with outstanding sensors, control and prediction systems... yes.

The problem with the cure for cancer is that most people don't understand that cancer is not a disease as such. It's "just" the body's own cells mutating/malfunctioning, which they do all the time, and getting themselves into a state where they are not shut down automatically (the fate for most mutated cells) and reproduce in an uncontrolled way. If cells never mutated then we would not exist, it's a fine balance. So targettting our own cells which are malfunctioning when our own body's defences against malfunctioning cells have missed them is a tall order.

0
0

Do not adjust your set: Hats off to Apple, you struggle to shift iPhones 'cos you're oddly ethical

Nick Ryan
Silver badge

Re: Losing customer

My Nexus 5X died recently (all round fantastic phone, particularly for the price). I bought a Samsung J3 for about £100 as a very quick purchase because I needed a phone up and running pretty much straight away (and wanted one with the NFC for contactless payments). The camera is a bit crap, and while the performance of the phone itself isn't stellar once I'd removed all the awful Samsung shovelware and hugely sub-par versions of other applications the speed isn't noticeable and it has about 50% more battery life now compared to before. Alternatively I could have spent hundred more on a phone that when it comes to most practical use (for me), isn't much better. I do miss the 5X's camera thouugh...

1
2

Adobe Flash zero-day exploit... leveraging ActiveX… embedded in Office Doc... BINGO!

Nick Ryan
Silver badge

ActiveX? Again. A ridiculously stupid idea from the outset... as in cobbling together one layer of dangerous instability on top of another layer of dangerous stupidity on top of another layer of dangerous stupidity?

Combine with Flash? Seriously? The most insecure mess since, erm, anything else that came out of Adobe. Or Microsoft. or possibly Sun.

What's the commonality in this mess? Largely unnecessary proprietary extensions in place of standards. It's not that standards based systems are invulnerable (far from it) but their legacy is much less. And they can be fixed. ActiveX can never be fixed - ban and block it. Flash almost certainly can never be fixed either. As for the other insecure stuff that comes out of Adobe, as in a document format (PDF reader) that suddenly "needs" Flash, JavaScript (homebrew abortion version of course) and local system access to all kinds of unnecessary resources... just no. No. never.

17
1

No, you haven't gone deaf – the Large Hadron Collider has been wound down for more upgrades

Nick Ryan
Silver badge

That's a different experiment. Nearly.

6
0

Facebook spooked after MPs seize documents for privacy breach probe

Nick Ryan
Silver badge

Re: History lesson

There have always been different classes/categories of shares. It's entirely up to the organisation involved and up to the investor to pay due care. In the UK at least there are various laws around the dissolution(?) of shares as in if you have a particular type of shares these may not be expanded upon and offered to others without being given the opportunity to purchase more at the same effective ratio. Or something similar - in any case the laws are surprisingly fair.

I've often wondered about the exit strategy or just business model of various of these companies. I still don't quite get how FB isn't losing money at a phenomenal rate, on the other hand they have developed, and patented (start argument here) quite a few technologies and they have in their posession a very well profiled database which they can, and are free to, utilise to promote third party services. Even at its most basic level, the hosting, development and support services have to be paid for somehow. If you're ever in doubt, follow the money trail.

4
0
Nick Ryan
Silver badge

Re: Why?

Stupidly the UK police tried something similar with the raid on Noel Edmonds. Or was it some other celebrity? I've steadily lost the will to care... Whoever it was, the press should not have been along for the raid as it happened - fine for them to catch up based on public reports of something "interesting" happening but never anything more.

9
0
Nick Ryan
Silver badge

Re: Off to the tower with Zuck

Precisely. Russia, given their alleged use of Facebook for their own cyber influence reasons, would not want to close Facebook down. FB's influence is considerably more in Russia's "enemies" lands therefore it is an asset, albeit a little double edged at times.

2
0
Nick Ryan
Silver badge

It doesn't matter what the US constitution (and it's many, many amendments that adjust it for various lobby's purposes) reads.

This was in the UK and despite what many US politicians may think, US laws don't apply here, UK laws do. If UK laws, even rather antiquated but occasionally useful ones, are in effect then they are usable and in this case have been. For once, UK politicians, or more likely civil servants, have done something sensible used the appropriate powers that they have in order to deal with an organisation that is treating UK laws/government with contempt. We may be a distinctly third world country (read the UN reports) however at least there is some sense remaining somewhere.

39
1

Office 365 Exchange enjoys a less than manic Monday. Users? Not so much

Nick Ryan
Silver badge

Re: Available to your Office365 admin

Well it wasn't very honest or helpful anyway:

Title: Can't access email

User Impact: Users may be unable to connect to the Exchange Online service

At least it's been updated a bit now.

Title: Can't access email

User Impact: Users may be unable to connect to the Exchange Online service.

More info: Affected users may be able to able to access the Exchange Online service if they refresh their connection.

Current status: We've determined that availability dropped below acceptable thresholds due to a networking issue. We've restricted some replication and migration requests through the affected infrastructure and while increasing connection points on alternate infrastructure to remediate impact.

Scope of impact: Impact is specific to a subset of users who are served through the affected infrastructure.

Start time: Monday, November 26, 2018, at 10:10 AM UTC

Next update by: Monday, November 26, 2018, at 2:30 PM UTC

4
0
Nick Ryan
Silver badge

Seemed to be a partial failure of some systems, and guessing from how things panned out across devices most likely the non-standard interfaces that Outlook uses rather than any standard interface. Webmail Outlook started to give up later doubtless because too many victims had to use it.

1
1

Microsoft: You looking at me funny? Oh, you just want to sign in

Nick Ryan
Silver badge

/sigh. Face ID is not a suitable replacement for a password. It's a suitable replacement for a username.

0
0

Facebook's Sheryl Sandberg can't remember smear firm, but 'some of their work' crossed her desk

Nick Ryan
Silver badge

Research into critics

I'd be happier if they did admit that they hired an agency to research critics of them. There is nothing wrong with that, and knowing if the critics are genuine (as in not a smear campaign) then it can provide a lot of valuable input to fixing things. Targetting critics as a result is not on at all though.

2
0

1,700 lucky Brit kids to visit Apple Stores for 'Year of Engineering'

Nick Ryan
Silver badge

A good start would be to reclaim and protect the word Engineer for its real meaning, just as the title Doctor denotes a certain level of either academic achievement or medical training.

The person who fixes the photocopier is a technician and not an engineer, no more than the (invaluable and useful) person who takes X-rays is a doctor.

A fine concept let down by semantics. Could you define when someone stops being a technician and becomes an engineer?

Very similar to the discussion regarding what is a scientist and what is an engineer? There is a very large grey area in the middle therefore how and where is the division made?

0
1
Nick Ryan
Silver badge

Re: "...trying to work out what the Year of Engineering actually is"

Nearly... roughly 3/4 of them are 365 days of bacon fuelled bliss. The others are 366 days of bacon fuelled bliss! More bacon!

2
0

Microsoft sysadmin hired for fake NetWare skills keeps job despite twitchy trigger finger

Nick Ryan
Silver badge

Re: Nothing beats them

I believe the word you may be looking for is "tools"...

1
0

Need electric propulsion for your satellite? Want a 'made in Britain' sticker? Step right this way...

Nick Ryan
Silver badge

All electric

Maybe it's just me, but how can it be described as all electric if it requires Xenon as a propellant?

3
2

Budget 2018: UK goes it alone on digital sales tax for tech giants

Nick Ryan
Silver badge

Re: There will be £10m for a scheme to identify ways to keep physics and maths teachers in schools

@ Intractable Potsherd

I agree, it is a very strange situation to be in - wanting the best for your own children while not wanting a society where those that are able to be successful and those that aren't is dicatated by the level of education that they have available, or where they were educated. Because thisn't good for your own children either.

If the state schools were better, would you send your children to them then? Then the solution is there to see...

0
0
Nick Ryan
Silver badge
Mushroom

Re: There will be £10m for a scheme to identify ways to keep physics and maths teachers in schools

There's one guaranteed way to have the government improve state schools... Close all non-state schools and make it an offence to pay for education. This way all politicians' children will also have to enjoy a state school education and with this in mind it's likely to be amazing how fast government education spending would improve.

7
0

Britain's rail ticket-booking systems go TITSUP*

Nick Ryan
Silver badge

Sensible error handling is so last century. It is much better to not do any error checking and to throw exceptions for relatively expected events and to then process these in the usually unhelpful "an error may have happened" kind of response.

Muppets. While there are near religious flame wars about error handling vs exception handling, they both have their place. Error handling is for the expected failures, exception handling is for the unexpected ones - use both to their advantage in other words.

10
0
Nick Ryan
Silver badge
Mushroom

Meh. It's been impossible to buy a season ticket from Chiltern Railways for the last two weeks due to configuration and deployment issues. Because the incompetent web managers can't grasp that in-house staff accessing the same system may, in fact, be accessing a different system (internal vs external DNS) they have been carefully denying the problem. Only little gems like "pick a station from the list" followed by "station not recognised" and wonders of "modern development" like that and different station lists appearing depending on whether or not the user is in-house or not.

This is on top of the standard issues with idiot web developers attempting to replicate standard browser functionality using JavaScript.

18
0

UK.gov should spend more on AI, bleat VCs and consultants. Oh? Why's that then?

Nick Ryan
Silver badge

...and about 10 years.

Pretty sure that everything is stil ten years away???

0
0
Nick Ryan
Silver badge

Disappointed

Did they not manage to throw some mention of "the" blockchain in there as well?

3
0
Nick Ryan
Silver badge

Re: Commons vs Lords

From memory: a considerably wider range of occupations, even among the hereditary component.

4
0

Oz to turn pirates into vampires: You won't see their images in mirrors

Nick Ryan
Silver badge

Sadly I don't know which of several very broken "Western" "democracies" (hahahahahaha) you could be talking about here. It could be any of a few, each of which are rapidly sharing more and more in common with dictatorial repression regimes.

3
0
Nick Ryan
Silver badge

Re: You already know what happens next...

There's a difference. Many home ISPs enforce that outgoing DNS requests are redirected to their servers and this is easily done by rewriting the unencrypted DNS requests (TCP/53) to change the remote server from, for example, 8.8.8.8 to whatever the ISP wants. DNSSec will detect this as a serious validation error due to certificate failures. This is substitution and is underhand and why DNSSec exists.

Some ISPs, for example BT, just reject DNS packets going to servers other than their own and replace every request with what is effectively a redirection to a site that has a holding page spouting marketing fluff about security. In some ways this is a good idea as it protects the unknowledgable from potentially very damanging DNS attacks but for the rest of us is intensely annoying as there is no way around it without using a VPN as it's not a configurable option.

1
2

Ding ding! Round Two: Second annual review for transatlantic data flow deal Privacy Shield

Nick Ryan
Silver badge

Unless Privacy Shield becomes a legally binding commitment, with rights for non-US organisations and citizens to pursue offending US organisations in US courts with the same legal privilege as US organisations and citizens then it is useless. The exclusions for "almost any vaguely official US organisation" to the data rules don't help either.

6
0

Microsoft points to a golden future where you can make Windows 10 your own

Nick Ryan
Silver badge

Re: Connect!!!!!

Did you mean something as hard as:

Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage

?

0
0
Nick Ryan
Silver badge

...and what parts of the OS do these applets use to download files using HTTP/HTML protocols? These are not standalone applets and while some functionality works without a full UI browser much doesn't.

0
0
Nick Ryan
Silver badge

Re: Higher Power?

Some things just aren't uninstallable. Because Microsoft have decided that they are part of the Operating System - there is no genuine technical need for them to be included. These crap things include Edge, Cortana, XBox and various other random bits of tripe that are installed by default and unremovable.

24
1

UK.gov to press ahead with online smut checks (but expects £10m in legals in year 1)

Nick Ryan
Silver badge

Re: This isn't about porn

They are halfway there. Expect more, much more to come.

Luckily we have the EU to protect us from the UK gov's desire for thought and mind control. Oh dear...

4
2
Nick Ryan
Silver badge

No, no we can't. How would the Daily Hate operate without an article decrying the sexualisation of children (which is, of course, the EU's fault) next to lots of pictures of "celebrities" and their children on beaches.

2
1
Nick Ryan
Silver badge

Re: One third porn?

Technically if just the fleshy bits are porn, then as long as the image/video is not zoomed in too much then it's very unlikely that it will be 2/3 porn. For a video, is the measure per frame or overall? So would a 10 second blah, blah, blah, warning or advert at the beginning and/or end of an online video mean average out?

0
0
Nick Ryan
Silver badge

All this is a fine plan. As long as I am able to use the personal details of my local member of parliament to "prove" that I am 18 or over. Unless they voted against this daft and useless legislation, however given the idiocy of party politics, doubtful.

19
0
Nick Ryan
Silver badge

...hard corn and violent porn

Mindbleach please!

12
1

Once more with feeling: Windows 10 October 2018 Update inches closer to relaunch

Nick Ryan
Silver badge

Re: For shame!

Are these things not left in phone boxes any more? Just asking because many phone boxes claim to have WiFi which might help with the streaming side...

0
0
Nick Ryan
Silver badge

Re: A powerful sense of dread

Meh. I'll reserve my hatred for every damn Operating System. Every one. They all have issues, they all do stupid things, they have crazy omissions, they all have stuff that I don't need therefore should be there :)

I'll use whatever OS is required for the task at hand, I'm not going to be blinkered by idealism. Unless one is talking about AmigaOS of course... :)

0
0

In Windows 10 Update land, nobody can hear you scream

Nick Ryan
Silver badge

Re: Even when the audio works..

At last investigation, Skype uses three different dart boards. Sometimes these agree with each other, sometimes they don't. When they don't (which will happen on a previously working system before an important call) then Skype will operate in the most retarded, useless and uninformative manner and simultaneously tell the user that it's configured, testing, not working and not configured (no audio devices available).

36
0

Take my advice: The only safe ID is a fake ID

Nick Ryan
Silver badge

I'm still amused how mine came out as "Rogan" once.

Sleep, Arthur.

2
0

US may have by far the world's biggest military budget but it's not showing in security

Nick Ryan
Silver badge
Alert

Re: Just the Tip of the ICEBorg*?

:)

Any self respecting online Internet AI will make intentional "mistakes" otherwise we might think that they are a dog or, worse, a human.

3
0

Don't make us pay compensation for employee data breach, Morrisons begs UK court

Nick Ryan
Silver badge
Joke

Re: Quis auditdiet ipsos Auditores?

"Who audits the Auditors ?"

The inquisition. Nobody expects them. Certainly not in Spain... :)

1
0
Nick Ryan
Silver badge

Re: Quis auditdiet ipsos Auditores?

I read it that he just got a copy of the data, in some form - it really didn't to be a native format, just an export, and took this offsite and uploaded it from a different system.

It's a classic case of data security vs usability - the only truly secure data is data that nobody can ever access, which really means data that you do not hold. Beyond this it's a balance of security risk vs usability.

This was data that had to be recorded, access to it was required and this access produced a certain level of risk. Morrison's responsibility is to reduce this risk to acceptable levels and beyond there is little more that they can do. Given that the previous case didn't highlight significant failures on Morrison's part it looks to be down to the individual in this case.

4
0
Nick Ryan
Silver badge

Re: You shouldn't be able to get to there from here.

It just needs the specific ports to the specific address / URL. And the same applies to bank access. There is no reason for a finance computer to ever need access to Google, BBC, ToR, Facebook or anything apart from a few dedicated, preferably hard-wired, connections. Ones that would be audited and under change control.

A nice thought, in principle. However with SSL, load balancers, CDNs and anti-DOS protection services it just doesn't, and can't work in practice.

1
0

The Register - Independent news and views for the tech community. Part of Situation Publishing