nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

* Posts by Pascal Monett

6534 posts • joined 10 Apr 2007

Brit banks told to publish details of major incidents that stop punters' payments

Pascal Monett
Silver badge

"such a metric might encourage hackers to target weaker firms"

And ? Are we supposed to just let the "weaker firms" carry on ?

Yes, it is very likely that this metric would encourage attacks on weaker firms. They should therefor step up their game and get up to scratch, not cower behind such a bullshit argument.

Yes, it will cost them money. Guess what ? Better before than after - because after it just might be too late.

4
0

Up to 'ONE BEEELLION' vid-stream gawpers toil in crypto-coin mines

Pascal Monett
Silver badge

"At the moment, the only real solution is to use..."

NoScript. As 100% of internet-related trouble these days is some bit of effing JavaScript, NoScript is the end of the line for them.

Adblockers ? Yeah, in addition to NoScript, why not ?

But if you use an ad blocker and do not use NoScript, you're at risk.

8
1

Archive of 1.4 BEEELLION credentials in clear text found in dark web archive

Pascal Monett
Silver badge

Oh not biometrics again

First of all, there is no such thing as a reliable biometric scanner. Fingerprints can be faked, especially on consumer-grade equipment. Facial recognition is still rather unreliable, can be easily fooled and requires a rather important back-end. Other more exotic methods (like iris recognition, or back-of-the-eye blood vessel mapping) are still in the lab, or eventually at the NSA, but nowhere else.

The problem with biometrics is not even its reilability, it's the fact that the legitimate owner of the biometric cannot change it when it is compromised. So anything biometric is only useable until it is compromised, which means it is next to useless in any environment that needs true security.

Let us not pretend that your Twitter account needs NSA-level security.

10
1
Pascal Monett
Silver badge
Trollface

Re: "The only password phrase to remember is that for Keepass."

Which is . . password.

7
0

Juno's July fly-by gave NASA a close-up of the Great Red Spot

Pascal Monett
Silver badge

500 K at 350km below the surface

Seems curious that such activity is not happening all over the gas giant's surface. Given that Jupiter has no solid surface, it should be a continuous supervolcano in all directions. But no, apparently it is only happening at one location. I wonder how the boffins are going to be able to explain that.

6
0

No, BMW, petrol-engined cars don't 'give back to the environment'

Pascal Monett
Silver badge

Nice to see some backbone here

I can't say I don't like Beemers, but I will readily admit that this is pushing things too far.

First of all, I have yet to hear how heavy-metal-polluting batteries are any better for the environment than carbon-monoxide emissions. Then there's the fact that, yeah, an electric car containing a fossil-fuel-burning engine is definitely not a zero-emission car.

So good on the regulators for stomping on this nonsense.

It's hard enough to be ecological as is without needing marketing to muck things up even more.

71
2

No 2017 bonus for you, HPE tells employees

Pascal Monett
Silver badge

I thnk that, at that level, there is never enough bloat.

0
0

Report: Underwater net cables are prime targets for terrorists and Russia

Pascal Monett
Silver badge

Perfectly true

I would just like to observe that you really only need to protect the cable until the depths where water pressure will offer inherent protection. That means until the continental undersea shelf drops into unmanageable pressures - something like a hundred kilometers from the shore ?

After that, you can use satellite surveillance to ensure that any deep-sea trawler approaching too close to the cable gets intercepted by a warship - not many captains who will take that gamble and any 12.7mm canon will do - not exactly high-tech hardware these days so battleships not required.

The US is still operating a SOSUS net, maybe some strategic agreements would be in order to ensure that the one and only submarine with cable-cutting functionality would not go anywhere too close to be a nuisance. At the condition that the US respects their agreements - not a guarantee these days.

4
3

Creepy Cayla doll violates liberté publique, screams French data protection agency

Pascal Monett
Silver badge

@ Richard Jones 1

I agree that some IoT products may indeed be of use to people who do not have the benefit of a perfectly functional body.

I do however take exception to the idea that the handicapped do not need security and protection to obtain the convenience of such devices.

3
0

Escrow you, Apple! Ireland expects Cupertino to cough up to €13bn

Pascal Monett
Silver badge
WTF?

What ?!?

Haven't we been repeatedly told that Ireland did not give Apple any special treatment ?

So how come all of a sudden Apple agrees to pay BILLIONS ????

I'm really sorry, but if I were at the top of a multi-national company (and therefor had no conscience) and I was told I had to pay billions of dollars or face fines in the millions, well I'd choose the millions. What happened that convinced Cupertino to pay billions ? What could possibly be worse than that ?

Is Ireland going to expel Apple ?

My mind is boggled.

0
2

French activists storm Paris Apple Store over EU tax dispute

Pascal Monett
Silver badge

Re: "a lot of the profitable bits of those companies"

Would you mind applying that line of thought to Microsoft ?

I'm really curious as to the result.

3
0

Germany says NEIN to purchase incentive for Tesla Model S

Pascal Monett
Silver badge

Re: "an electric vehicle does allowing you to recover most of the energy you expended"

Not really. As specified here, regenerative braking is not sufficient to bring a vehicle to a stop, so friction braking is still needed. That means that you lose electricity on the energy used by friction, which is substantial because "mechanical braking is still necessary for substantial speed reductions".

In short, regenerative braking is a nice-to-have side-effect, but you will not be driving around nearly indefinitely with just regenerative braking and a PV-covered car roof.

0
0

Loose-change payment network Microraiden launches on Ethereum

Pascal Monett
Silver badge

I'll wait for a bit

Until the inevitable raft of exploits, cheats, underhanded manipulations etc crop up and demonstrate that this new virtual currency still has everything to learn about transaction security.

I have no doubt that the coders on this project did everything they could to ensure transaction security, but unless they've working in the online banking business for the past 20 years, I think there's a good chance they haven't thought of everything.

Plus, the miscreants are really very good at finding exploits, so they'll find a few surprises on the way, no doubt there.

0
0

Don't shame idiots about their idiotically weak passwords

Pascal Monett
Silver badge

Yeah, but you don't need to change the lock every week.

First of all, you hardly have a burglar passing 25000 times a day to try to pick the lock, then there's the fact that picking a lock means the burglar is visible for as long as it takes, finally a secure lock is a lot harder to crack than an effin' password.

Plus, if you leave the key in on the other side, there ain't any burglar in the world who'll be able to pick a security lock.

1
4

Boss made dirt list of minions' mistakes, kept his own rampage off it

Pascal Monett
Silver badge

Re: the big red button

Ah, the big red button. I worked as an operator for a year in a place that had a Bull DPS 7 when I was still that young. I was suitably warned about its function by one of the three engineer programmers. These guys were the divas of the joint - a bit aloof and superior to us mere operators.

Now you see, the Big Red Button was situated pretty much next to the entry of the mainframe room, more or less at shoulder height.

One day I was on the afternoon shift when, after lunch, two of the three devs came into the mainframe room to check I don't know what. They headed back to the exit, but of them had obviously started telling a joke (those mainframe rooms were big, back then, and the operator console was at the other end from the entrance). The guy stopped, turned around and, reaching the obvious climax of his story, spread his arms wide - right onto the Big Red Button.

The only thing more impressive than the sudden, total silence of the room was the look on his face.

38
0

Linus Torvalds on security: 'Do no harm, don't break users'

Pascal Monett
Silver badge
Trollface

"You need to not piss off users, and you need to not piss of developers.”

And you especially need to not piss me off, he added.

49
0

SurfaceBook 2 battery drains even when plugged in

Pascal Monett
Silver badge

Re: "fessing up to the problem and fixing it"

I don't see that this is a problem that can be fixed. This is clearly an issue that was on the table at design stage. Meetings were had, decisions were approved and now here we are. Microsoft obviously knew this was a possible issue, but likely decided it's potential was not hazardous enough to upgrade the power brick.

And now the SurfaceBook 2 needs to be throttled in order to charge the battery properly. I somehow doubt that just changing the power brick for a more powerful one will do - I'm guessing the electronics handling the charging in the SBook 2 won't be able to handle the surge. Laptops in general are the high-wire act of PC electronics - they are calibrated to respond to specific and precise conditions and nothing is supposed to get them outside of their defined comfort zones.

So I really don't see how this can be fixed.

Unless I'm wrong, of course, and you can just plug in a more powerful brick and be done with it, but in that case this whole issue is even more stupid.

45
0

Fujitsu imagines adjusting your rear view mirror for better hearing

Pascal Monett
Silver badge
Trollface

""We have not yet decided when to commercialize the technology,"

Meaning : "The CIA is very, very interested in buying our patent outright and we're waiting on the final figure before we decide not to go public".

Okay, gratuitous trolling aside, this is clearly spy tech that is at the limit of magic. On the other hand, it's weird enough listening to half a conversation when you hear someone else speaking on a phone but can't make out the words. This is going to be an order of magnitude above that. Suddenly the driver starts speaking out loud, and nobody is answering. Not to mention the potential for quid-pro-quo when the passenger thinks the driver is talking to him.

It really sounds like neat tech, but I'm not convinced the car is the place to use it.

9
0

The Quantum of Firefox: Why is this one unlike any other Firefox?

Pascal Monett
Silver badge
Stop

I'll wait for NoScript to be back

No NoScript ? No update.

NoScript is the single most important protection that Firefox has against all the scum on the Internet. It is a Security Essential (TM).

Until I learn that NoScript works on this latest version, I am using the version that allows for NoScript.

28
1

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Pascal Monett
Silver badge

Re: Satcom remote monitoring

"So a full airgap isn't possible."

Sorry but I disagree. The WiFi-accessible entertainment system does not need to run over the same wires as the nav/control systems.

Physically separate the buses for the two and you have an airgap that is a chasm for hackers. There is no reason other than convenience that the two networks run over the same wires, and security says they shouldn't. So put in a separate Ethernet cable for fracks' sake.

14
0

Uncle Sam to strap body sensors to hackers in nuke lab security study

Pascal Monett
Silver badge

So they'll find various levels of stress

And then what ?

Some of the contestants will be cool as ice, some will be bouncing off the keyboard, and there's likely no correlation with the efficiency of their hacking skills.

As usual, it's for these useless studies that they put the money in. Over 15 hundred bucks for a wristband ? That's a hell of a piece of kit right there.

2
0

Google aims disrupto-tronic ray at intercoms. Yes, intercoms

Pascal Monett
Silver badge

Congratulations, Google

Great idea. What a wonderful family environment we are preparing ! I'm sure the next generation is not at all going to feel bereft of family connections when a speaker tells them to do things. I'm sure that educating your offspring via loudspeaker is not at all going to make them feel like they're in bootcamp and you're the master sergeant (who likes their master sergeant in bootcamp ?).

You have kids. Talk to them. Interact with them. Show them you care.

Otherwise they will leave you one day and never, ever think of calling you.

5
1

Now Oracle stiffs its own sales reps to pocket their overtime, allegedly

Pascal Monett
Silver badge

Working overtime now and then is perfectly normal and, in a normal company, it should not be an excuse to get more money. There are days like that and you're part of a team, so pull your weight and everyone will appreciate.

However, if working overtime becomes a regularly repeating occurrence, then it should definitely be paid for at least two reasons : 1) you are in effect working longer weeks regularly so you should be compensated, and 2) the company needs to understand that it might benefit from hiring another person to lessen the load on the others.

My stance on overtime is simple : if you tell me no overtime is paid, then I'm not working overtime. And don't come and blame me for projects that are late, you're management ; you're supposed to be aware of my workload and find solutions to lighten it if necessary.

Reminds me of the time I was in a certain company with the manager always coming to me with new urgent things that had to be done right away. After the fourth addition I looked directly at him and asked whether it was right away before the thing for the Director, or right away after that ? I then shoved the list in front of him and told him that I needed an order of execution. He blustered his way out of that, but I didn't see him for the rest of the day. Thankfully I was not long at that company.

25
0

It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

Pascal Monett
Silver badge

You can "remove" yourself from all things technology right where you are ; just shut down your router and phone and you're there.

4
0

Inmarsat aircraft Wi-Fi lift off set to fill coffers

Pascal Monett
Silver badge

Seems to go contrary to the fact that over a thousand airliners have it installed. If they went through the effort to get it up and running, somebody must be using it.

I note that Asian arlines have it installed. Seems to indicate that Asian businessmen may be the driving force behind it - or 1st-class passengers in the Northern hemisphere.

Obviously we're not going to see usage in coach. Not until WiFi comes free with the plane ticket, that is, and I won't be holding my breath for that.

0
0

Sean Parker: I helped destroy humanity with Facebook

Pascal Monett
Silver badge
Trollface

Re: "he does not feel badly enough to [..] donate it all"

Because of course that's what you would do.

0
0

Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

Pascal Monett
Silver badge

Re: "The bankers created this huge worldwide fraud"

Really Joerg ? You're still trying to pass that bullshit ?

You do realize that this is the Internet, and anyone with a brain can easily check that you're wrong ?

1
0

'Lambda and serverless is one of the worst forms of proprietary lock-in we've ever seen in the history of humanity'

Pascal Monett
Silver badge

Re: I'm wondering on how efficient this all is

I think the point here is about the $million cloud customers. They're the ones paying the big bucks that make the cloud seem to be a viable platform for everyone.

Push a button and it drives itself ? Sure, once a hundred IT techs have slaved away at building all the conditions and checks and verifications that allow that button to exist. Big Corp has access to the manpower and the knowledge, small businesses do not. The Cloud can work for small businesses, but it is made for Big Corp.

That is why I have trouble with the sentence : "the open-source community has to provide alternatives". With all the faith I have in the coding abilities of Open Source volunteers, they are working from home and I doubt they have access on a personal level to the amount of hardware required to test an open source solution to AWS. And even if code could feasibly be written, the Cloud is hardware and software both, and Open Source doesn't have the hardware.

I don't see that happening. Not without major investment by Red Hat or something similar in any case.

12
4

Oracle investors told not to let Catz and co get the cream – reports

Pascal Monett
Silver badge
WTF?

"employees get unconscious bias training"

How exactly does that work ?

Speakers in every room with subliminal audio messages ?

4
1

Interstellar space rock screams through Solar System

Pascal Monett
Silver badge

Re: That's a weird orbit

We only spotted it after it passed the Sun, and the article states that astronomers are only counting on a few weeks to study it - after that it will be too dark.

This thing is not a comet, it's a rock.

To me that means that there are probably many more rocks like that flying around in the most awesome game of billiards ever invented, and we don't have a clue about where or how many.

There's likely all kinds of orbits for those things - but we won't see any of them if they stay beyond Jupiter's orbit.

5
0

DJI Aeroscope won't stop drone-diddlers flying round airports

Pascal Monett
Silver badge

"their entire system can be defeated by either covering the drone with aluminium foil"

Um, it seems to me that if you are covering a drone in aluminum foil, you're gonna have just as much trouble piloting it then they will have detecting it.

17
0

Man: Just 18 Bitcoin babies and my home is yours

Pascal Monett
Silver badge

"Today, that single bitcoin is valued upwards of $2,200, Fortune noted in March."

That was the value in March.

A house sold for $350,000 or 82.55 Bitcoin means that the Bitcoin is valued $4,542.

It also means that if you wait a few months for a buyer to appear, you might find that a Bitcoin is no longer worth what you calculated initially, meaning you'll be out of pocket.

Personally, if I were to decide to sell a house, I would give a dollar value and indicate that Bitcoins were also accepted. That way, the amount would be calculated on the day of sale.

In any case, in France I don't think that such a move is possible. Selling a house means going to the notary to have it recorded, and they don't accept Bitcoins yet.

4
2

Car trouble: Keyless and lockless is no match for brainless

Pascal Monett
Silver badge

Re: This results in Renault levels of fragility...

When the merger was a done deal in France, I remember hearing a lot of jokes from colleagues saying that Renault would finally learn what the word 'quality' meant.

Looks like it has worked the other way around, and the shoddy craftsmanship of Renault has tainted and infected Nissan.

That's a shame.

21
0

Dell forgot to renew PC data recovery domain, so a squatter bought it

Pascal Monett
Silver badge
Flame

That is the whole problem - they don't think.

Management these days is not able to manage, it is just there to give orders and take paychecks.

True management would have a clue about what is going on, what needs to be done and a plan to get it done that is written on something other than a paper napkin.

12
1

So long – and thanks for all the phish

Pascal Monett
Silver badge
Coat

"lawyers [..] are often used to craft a spear-phishing attack"

I'm supposing they know what they are participating in.

I'm also supposing that, if one is caught, he will hopefully be disbarred.

Then again, I'm also hoping to win the lottery, so . . . I probably have better chances.

3
0

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky

Pascal Monett
Silver badge
Trollface

Re: perhaps I'm just paranoid?

Yes, you are.

Doesn't mean that you're wrong, though.

12
0
Pascal Monett
Silver badge

Re: He's hosed.

Indeed, I found that little line in the article very interesting as well.

A "security" contractor who 1) takes confidential data out of NSA premises without authorization and 2) uses a malware-infested cracker to unlock an unregistered copy of Office without wondering what might go wrong.

And those are the goons allowed to spy on us. If that's how smart they are, no wonder Russia can pilot US elections.

45
0

IETF mulls adding geoblock info to 'Bradbury's code'

Pascal Monett
Silver badge
Flame

Re: DVD drives allow up to 5 region changes before locking in

Excuse me if I do not agree to being locked out of content that I have legally paid for, on equipment that is legally mine.

6
0

How is the big switch to the public cloud working out?

Pascal Monett
Silver badge

"Neither has delivered a knock-out blow to the other"

And that will never happen, simply because the world is a complicated place and no one solution is good for everyone all the time.

Companies and people will find the Cloud useful for some use cases, on-premise for others. I'm convinced that any given single entity (company or individual) will find that it ends up using both, each kind for specific applications or use cases.

And, in the end, that is what computing should be about : bringing the best solution to a given problem. It is not about bringing one solution and removing all the other possibilities.

8
0

Forget One Windows, Microsoft says it's time to modernize your apps

Pascal Monett
Silver badge
WTF?

What ?

"Microsoft is endeavouring to improve manageability and security by making it behave more like a mobile operating system, including Store-delivered applications"

Just how the hell SECURITY is being improved by making a PC more like a bloody mobile phone ?

And as for manageability, don't make me laugh. Just put the UI back to Windows 7 and a PC can be managed just fine.

Finally, keep your stupid Store. I will not have myself locked in on my PC. It's MINE, Microsoft, not yours.

58
3

Oracle users meet behind closed doors: Psst – any licensing tips?

Pascal Monett
Silver badge
Holmes

"the murky world of licensing and software asset management"

It's only murky because the supplier is doing its damndest to make sure that it stays that way.

Licensing should be simple : you have how many people using this software ? It's this much.

End of.

5
3

AI might outsmart ITIL, make MTBF moot, says ServiceNow strategist

Pascal Monett
Silver badge
Flame

"Artificial Intelligence might..."

When we have AI, there's a ton of things that might happen.

Until that day, we DON'T HAVE A I.

Stop using the notion.

3
0

Viasat: We're going to sue Ofcom over EU-wide airline Wi-Fi network

Pascal Monett
Silver badge

Well he does have a point

""If I have to adhere to regulations and another does not, we don't know how to play in that area [..]"

It is rather obvious that if you build something to international standards and the thing you need to talk to doesn't respect them, there will be issues.

Beyond that, this is major industrial infrastructure stuff and negotiations on that level are completely beyond me. For starters, I have a hard time believing that someone would put up the money for a satellite and its launch without ensuring that it would function properly for its intended use. A satellite is not another sales point you set up over a week-end, it's a major investment and I cannot imagine that everything was not planned and vetted from A to Z.

There was a major communication hiccup in all this, and someone is no doubt feeling very uncomfortable right now.

1
0

You may not know it, but you've already arrived at DevOps Land

Pascal Monett
Silver badge

Re: "I have pointed this out before"

I'm glad you have. You might want to point it out to the author of the article, because he's apparently not got the message since he writes : "Getting to full adoption, however, is tricky.".

1
0
Pascal Monett
Silver badge

DevOps, Serverless, ODFO

Allow me to "get off my lawn" on this subject, again.

I cannot stand this almost condescending attitude that consists in saying that DevOps is the only way to go and Cloud is the only future.

Cloud means Internet means bandwidth and availability limitations. Only big companies can budget failover Internet connections from different providers, and I'm not sure they all do that. In addition, SLAs are all very nice, but the Cloud is still regularly kicking the bucket at this point and I'm pretty sure companies are not okay with paying hundreds of employees to twiddle their thumbs until someone else resolves the issues.

As for serverless, for Christ's sake please stop trying to make us believe that our data is secure in the Cloud. At this point in time, it is most certainly not. I will believe in serverless when you have the ability to assign your own keys of whatever length you decide you need, and all data is encrypted from start to finish and nothing is left unencrypted outside your premises.

Show me a cloud vendor that can work with that and we only have availability and backups to discuss. Until then, I simply do not agree with Cloud for anything resembling confidential data.

Of course, small companies will look at their budget and think "Cloud will cost me less", which is likely true right until Cloud wipes their data and can't get it back, but hey, small companies, eh ? What can you do ?

18
1

US energy, nuke and aviation sectors under sustained attack

Pascal Monett
Silver badge
Facepalm

"depressingly-familiar tactics"

Yes, it is quite depressing that people still haven't cottoned on to the idea that a complete stranger does not send you confidential documents out of the blue.

I receive invoices and such from people I don't know. After a "yeah, sure" moment, I check the originating address to be sure and, generally, that's when the game is up. Either the domain has nothing to do with the purported origin (eg. a mail from Microsoft that is sent from a Gmail account), or worse, it supposedly came from my own domain (I am one of three users in my domain).

It doesn't take more than two brain cells to figure out that a message from SomeGuy2748 is not a professional source. There is no company on Earth that registers its employees like that, ergo no professional mail can come from such a source.

And yet people still get taken in by such stupid shenanigans.

9
1

Once more, with feeling: Dawn to take a closer look at Ceres

Pascal Monett
Silver badge
Coat

Hundreds of millions of km away

and yet, the boffins know exactly where Dawn is at any given second, know exactly how much fuel to use to attain a given orbit or orientation, and get the data they're looking for even though it is physically impossible for any available telescope to see the spacecraft and visually check that all is well.

Mind. Blown.

On the other hand, it's very likely they're not using Excel for their orbital calculations...

19
0

Pixel 2 tinkerers force Google's hand: Secret custom silicon found

Pascal Monett
Silver badge

Interesting review. I'm using a dumb phone at the moment, but if I ever have the need for a smartphone again in the future, I've learned of a few things to check on (like Playing Now - that needs to be shut off).

1
0

Vodafone, EE and Three overcharging customers after contracts expire

Pascal Monett
Silver badge
Trollface

Re: "Sorry, but this would only happen to the most stupid of stupid people."

Welcome to the real world !

0
0

IBM broke its cloud by letting three domain names expire

Pascal Monett
Silver badge

Re: "How about [..] the hosting company sends you multiple letters"

I have a domain name registered. I pay for it by 10-year blocks. When the time comes to renew, I get a mail from my registrar warning me about it.

I don't need a calendar app, I just need to read my mail.

I fail to see how this can be improved.

On the other hand, I can very well see how a major company can fuck up on this kind of thing. The guy responsible for registering the domain has left, the registration email account has been discontinued after a reorganization, and the swarm of managers in between have never wondered or even thought of checking how the domain names were managed.

Thus, the domains lapsed, the functionality was broken, and the managers scurried around like headless chickens until somebody with a clue phoned the registrar and got things sorted out.

5
0

The Register - Independent news and views for the tech community. Part of Situation Publishing