nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by John Smith 19

15040 posts • joined 10 Jun 2009

UK.gov told data-sharing plans need vendor buy-in

John Smith 19
Gold badge
Gimp

TBH HMG might start proving it can be trusted with the data it demands from subjects.

Except that's pretty f**king hard to prove when all the evidence is that they aren't.

It's amazing just how many times, when given a chance to do the right thing (provide an audit trail data subjects can look at, require judicial oversight for data collection requests etc etc) they do the wrong thing

IOW exactly how a data fetishist thinks.

More data --> better data

All data, all the time, forever --> best of all.

0
0

Web cache poisoning just got real: How to fling evil code at victims

John Smith 19
Gold badge
Unhappy

So non-core services offered by a SaaS supplier likely to be less secure thatn core

I find myself strangely unsurprised at this discovery.

But it sounds like a neat trick.

Proving once again "Never f**king trust anything that comes in from a user to your server"

Ever.

IRL you may never meet a real Black hat. But on the internet your web site is just its IP address from all of them. From Moscow to Berlin, from Islamabad to Kazakhstan, from Kuala Lumpor to Perth.

0
0

Home Office seeks Brexit tech boss – but doesn't splash the cash

John Smith 19
Gold badge
FAIL

I'm beginning to think no-one ever really thought this Brexit idea through.

No one did.

That was obvious from the day David Davies refused to request any any impact assessments be done by any department.

0
0
John Smith 19
Gold badge
Happy

Of course it will work. Crapita aren't involved

Hmm...

Well that does improve the odds of success from 99:1 against.

To 98:1 against.

Maybe as high as 97:1.

1
0

Boffins build the smallest transistor, controlled by an atom

John Smith 19
Gold badge
Unhappy

1 atom switched junction <> 1 atom wide junction.

So still a ways to go before the end of Moore's law.

But I do like the thinking behind it.

And metal is a better conductor than Silicon will ever be (the clue is in the name. semi-conductor).

Now, can they do a normally on transistor that switches off when you add an atom?

10
0

Can, can, can you buy it, CANCOM? Brexit's made it cheap(er), man: Firm inks OCSL deal

John Smith 19
Gold badge
Unhappy

Where can I get my "Coalition of the Stupid" pin badge?

The same place I can get a detailed plan for how HMG is going to upgrade/replace its IT systems for Brexit of course. :-)

Actually "Coalition of the Stupid" is a little harsh.

But "Coalition of the stupid, gullible and chancers (like the supplier of all that cheap s**t you can find at the end of supermarket aisles in the UK, or JRM) " is a bit of a mouth full.

0
0
John Smith 19
Gold badge
FAIL

"For me "taking back control" is about holding our own parliament to account,

stopping the lazy bastards being able to blame Brussels for everything and having more local control."

I see.

So you expect Brexit will raise your IQ 10 or 20 points do you?

Yet another fool who blames their misfortunes on anything but their own incompetence.

Brexit. Less a "Coalition of the Willing" and more a "Coalition of the Stupid"

3
2

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'

John Smith 19
Gold badge
Big Brother

And by "Trusted computing" MS meant "Trusted by corporate media providers"

To stop you reading their media or their internal documents.

Which is a properly Orwellian use of language, along with the "Ministry of Love"

I wonder if someone simply takes the Intel processor manual and literally tests every high level function to see if it does what the manual claims how many more of them turn out to be bogus.

Literally just a blatant lie about what the processor state should be.

Because that's what this is. It is documented. It just doesn't do what the document says it does at all.

5
0

Database ballsup: NHS under pressure over fresh patient record error

John Smith 19
Gold badge
Coat

"Ah, the joys of IT in the NHS (or lack of it)"

No there's lots of IT in the NHS.

It just doesn't work very well together.

3
0
John Smith 19
Gold badge
Unhappy

"Data migration and synchronisation across databases is a well know cluster f@#£k "

True.

Top tip.

Clean the data before you do the migration/copying/whatever.

Yes, it could be done after the move but (somehow) it never is.

3
0

What do a meth, coke, molly, heroin stash and Vegas allegedly have in common? Broadcom cofounder Henry Nicolas

John Smith 19
Gold badge
Unhappy

"would regularly spike the drinks of staff and customers with MDMA"

OK doing the staff was wrong but let's be honest I don't think he's the only one who's fed their (potential) customers something.

Come on, how else could you explain some of the f**k brained IT procurements over the years.

7
0
John Smith 19
Gold badge
Joke

" claim Nicholas would regularly spike the drinks of staff and customers with MDMA,"

Yo' jus jealous cuz you didn't think of it first.

2
10

Wondering what to do with that $2,300 burning a hole in your pocket?

John Smith 19
Gold badge
Coat

Investors = Magic Sheep

Isn't that what every tech startup is looking for a supply of?

1
0
John Smith 19
Gold badge
Unhappy

It's a different issue... this is AR with issues of tracking physical objects.

Fair enough.

Well given how much cameras on phones have gone up in resolution and down in price I'd guess a ring of them round the helmet shouldn't be that difficult.

Again, do you need maximum frame rate when the background is moving too fast to follow?

This suggests the key issue is the mapping of the artificial onto the real world.

1
0
John Smith 19
Gold badge
FAIL

This is sounding more and more like General Magic.......

Bu***hit.

You either know nothing about the history of computer tech

or

you're a Magic Leap investor, praying all those $ haven't been p**sed up against a wall.

Or quite possibly both.

1
0
John Smith 19
Gold badge
FAIL

TBH I'd thought they solved this problem decades ago.

For update rates isn't the usual hack to make frame rate inversely proportional to rate of motion? As you move s-l-o-w-l-y it keeps up, then as you swing your head fast it skips them and gives you "motion blur" till your motion slows down and it can stabilize the image.

Presumably these are the results with those tricks included, and they still sound s**t. :-(

I always figured this "augmented reality" stuff would be great for overlaying diagrams of hardware (like engines and gas turbines) on the real hardware and showing how to take them apart ("exploding" them in real time). Or LURP style games?

My other obvious question is this a $3K (with all the rest of the s**t) headset with $2 motion sensors inside?

Still they seemed to have released more hardware than Tharanos and this Unicorn is not dead yet.

But is that much of an achievement?

3
0

Can we talk about the little backdoors in data center servers, please?

John Smith 19
Gold badge
FAIL

"s a lot better in terms of security with firmware that follows secure coding best practices."

Like f**k

This stinks of the "Security by obscurity" approach.

Intels IME looked like a direct cut and paste of both the hardware and the software

IHMO this, being (in principle) small but highly critical should be written with the very sharpest methods for righting provably correct software.

It's not running the core load of the processor. Speed is not that vital but minimal vulnerability (I think zero vulnerability is impossible but then again Shuttle software, about 1MB in size, didn't find one during live operation over 30+ years) is.

I don't see any chip designer or mfg having the skills or the commitment to do that.

1
0

NHS Digital to fling half a billion quid at new GP procurement framework

John Smith 19
Gold badge
Unhappy

Set the data transmission standards and let everyone else choose whatever they want

And no central support for any products.

If a company wants to write their own super duper new modules they support it, not dump the support costs on the NHS.

0
1

Work at a startup? Think US military isn't good enough at killing? We've got the program for you

John Smith 19
Gold badge
Coat

In campus AI groups didn't these use to be called "Baby killer" contracts?

Not exactly a new phenomenon.

Let's see if any of them work out any better.

Of course it all depends on how scarce the real scarce resource is.

People who can make sense of a 1000+ page USG government procurement contract.

0
2

The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor'

John Smith 19
Gold badge
FAIL

Yet Another case of "Security by obscurity"

That doesn't work.

And if I'm reading that "Invocation code" right that's 6 hex digits, IE a 24bit binary number.

Shouldn't be too tough to brute force all of the actual wake up codes in that list.

A system that grants nearly unlimited access (potentially remotely) to your processors.

It's not the idea, it's the security chain that should exist around it that prevents the wrong people using it.

The simplest option is of course, not to have it in the first place.

9
5

Space, the final Trump-tier: America to beam up $8bn for Space Force

John Smith 19
Gold badge
Thumb Up

Oi, do you mind! I have some very good friends in Kentucky.

Quality line.

7
0
John Smith 19
Gold badge
Unhappy

"and lead to outcomes never before thought possible,"

Or rather wished not to happen.

11
0

You won't believe this but... everyone hates their cable company: Bombshell study lands

John Smith 19
Gold badge
Unhappy

Big Cable understands how to boil a frog

And you can bet Google will follow them right along once they have sufficient market share to get a seat at the "Top Table."

Seriously what is the benefit of going with one of the "Big boys"?

Access to certain sports events? That's a classic tactic to grab a slap of market share.

But what if you just want broadband?

16
3

Brain brainiacs figure out what turns folks into El Reg journos, readers

John Smith 19
Gold badge
Unhappy

""But apparently we are so delicately balanced that just throwing the system off a little bit..

.. can rapidly change behavior.""

Sadly, I can believe that.

8
0

America's top maker of cop body cameras says facial-recog AI isn't safe

John Smith 19
Gold badge
Gimp

"with a "worrying vacuum" in governance and lack of oversight."

Yes that's a pretty good description of all UK efforts in this area.

Facial recognition. Sure it's got a 98% false positive rate. We're rolling it out anyway.

Linking FR to the backend police databases. We're doing it.

Enabling legislation for Automatic Number Plate Recognition? Whatever for?

4
1

The last phablet? 6.4in Samsung Galaxy Note 9 leaves you $1k lighter, needs 'water cooling'

John Smith 19
Gold badge
Joke

The Bixby assistant, helping Share & Enjoy Your Life (TM)

Yeah, right.

BTW do Samsung S3 tablets have a reputation for trashing the micro SD cards plugged into it.

6
0

Surprise, surprise. Here comes Big Cable to slay another rule that helps small ISPs compete

John Smith 19
Gold badge
Unhappy

What benefits does a "Nationwide" ISP give you?

The days when you had to be on AOL or CompuServe to have a big enough user group to share with are decades gone.

The perceived better service? Is it really?

7
0
John Smith 19
Gold badge
Unhappy

People bang on about "creative destruction" and this about the only rule that encourages it

In the UK (where Openreach sets the prices) small ISP's can only dream of the ability to do this.

3
9

Wipro hands $75m to National Grid US after botched SAP upgrade

John Smith 19
Gold badge
Unhappy

Lots of people posting AC here.

Looks like a great ERP Marketing opportunity to me.

So all the usual causes of project failure (PHB Hubris, very ambitious timelines, badly defined goals, poor availability of domain experts to point out where they were f**king up etc).

Is SAP big? Yes, as is any suite that offers comparable functions (which are wide and deep).

Perhaps they should have started with a simpler question.

Which ERP system maps the best to our business? Because it looks like they did "Everyone else is using SAP, we should as well." But then they didn't talk to any of the "Everyone else" who'd done it. Which might have told them "Yeah we got it working, but you got to watch XXX (specific implementation area/process) like a hawk if you don't want it to fail."

I think it's only the US litigation and transparency laws that gave us even this level of insight into what happened.

I reckon there was plenty of fail to go round. But you hire cheap con-tractors shouldn't you expect trouble?

0
0
John Smith 19
Gold badge
Unhappy

Good report. Upper Edge sound an interesting company.

If you're an American.

Sadly.

0
0

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher

John Smith 19
Gold badge
Unhappy

They are running code in my machine without my explicit consent for their own benefit...

Exactly.

It's the lack of consent he's arguing makes this illegal.

OTOH if it's after you logged in to their site (as a customer) then it's "It's in our T&C's you agree to have your ports scanned," which is entirely different.

I think he has a case and it does look like a case of "one law for us, another for them."

10
1

Facebook insists it has 'no plans' to exploit your personal banking info for ads – just as we have 'no plans' to trust it

John Smith 19
Gold badge
Unhappy

The old "there are no plans" to do so. " ploy

Always finished by the (unvoiced) word "yet."

FB knows how to boil a frog.

Unless of course someone knocks over the saucepan.

13
0

Imagine Python fan fiction written in C, read with a Lisp: Code lingo Nim gets cash injection

John Smith 19
Gold badge
FAIL

It's 2018 and case *is* significant

Are you f**king kidding me?

By all means use case to differentiate words in a variable name (Camelcase) but don't make it actually meaningful. One of C's strengths is the "Constants are UC" convention, not rule.

It's clear this is designed to be supported by an IDE which automatically enforces smart indenting (or even a "folding" editor, which is how Occam did it).

2
6

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

John Smith 19
Gold badge

"discovered by..seven researchers poring over source code without the use of any

automated testing tools."

How IBM Federal Systems Division did it with writing the Shuttle software. Before they started recording every line change and every error source (and pattern of every error).

So there is an O/S medical records system. Could the NHS use it? HMG spent £15Bn+ on their clusterf**k of a medical records system.

4
1

Motorola strap-on packs a 2,000mAh battery to appease the 5G gods

John Smith 19
Gold badge
Coat

Power hungry, low coverage, and heavier.

No doubt plenty of the clueless will be queuing up to buy this latest piece of shiny.

But not me.

10
0

Think tank calls for post-Brexit national ID cards: The kids have phones so what's the difference?

John Smith 19
Gold badge
Unhappy

"HO is very, very skilled at brainwashing new Home Secs very quickly."

Damm right.

One sock puppet goes in, one sock puppet comes out but the words remain the same.

0
0
John Smith 19
Gold badge
Coat

That's all an ID card needs, and that is all it should have.

Did you ever look at the list of s**t the National Identity Register was going to track?

What you say is quite minimal and apparently sensible.

Which pretty much guaranf**kingtees that the data fetishists who dream of this happening wouldn't touch it with a barge pole.

0
0
John Smith 19
Gold badge
Unhappy

"Israel should stop murdering Palestinians" = OMG YOU ANTI-SEMITE!"

Indeed.

Anti-Jihadi <> anti-Moslem

Likewise

Anti-Zionism <> anti-Semitic.

What's the difference? Israel has a much better PR operation.

0
0
John Smith 19
Gold badge
FAIL

@Charlie Clarke "Contract the work out to Estonia: problem solved"

You wouldn't be the Charlie Clarke?

The former Labour Home Sec charged with convincing people ID Cards were a good thing, would you?

Because he was very fond of Estonia as a case. But.

Estonia has 5 million people and no Welfare State infrastructure to speak of.

It had a long history of Communists disappearing people

Estonian ID cards allow the card holders to see exactly who has accessed their file, something we all know would be unthinkable to British civil servants ("What, members of the general public looking at their own file? The impertinence! Like they had rights or something.").

F**k that idea right off.

1
0
John Smith 19
Gold badge
Gimp

"Don't forget that all colours of government love the idea of ID cards,"

No.

A fairly small but very malevolent cabal of senior civil servants (across several govt departments, but I'd say centered on the Home Office) love ID cards (and the planned NIR).

That's why the sock puppets change but the tune remains the same.

Data fetishism. It's not a sane policy, it's a personality disorder.

0
0
John Smith 19
Gold badge
Unhappy

UK still think to live in a past

Wrong Mr "I don't have the balls to put my name on this post" AC.

Britain is a common law country where a significant fraction of its laws are established by legal cases generating precedents.

One of which is basically "I am who I say I am and do not have to carry a document (of any sort) to prove it".

IOW an "Identity card" is basically a "license to live" issued by your government. Multiply that by the "National Identity Register" which was planned to give HMG a cradle-to-grave view of everything someone did and where they went to do it and I'd ask "whose living in a democracy?"

3
0
John Smith 19
Gold badge
Unhappy

"that doesnt rule out the misuse of that data by some future administration,"

Indeed.

data collected <> policy of use for that data.

--> Minimal collection of any data ever.

2
0
John Smith 19
Gold badge
Unhappy

And without those pesky EU data protection laws getting in the way too

Another useful sideffect of the banjos who voted leave.

11
5
John Smith 19
Gold badge
Gimp

evidence suggests..decided to destroy the records..operational choice by clerk level staff

IOW the SOP of the Home Office is to do whatever is f**king expedient to do for them at any given moment.

They are a Centre for Evil in the UK.

Year in, year out these data fetishists attempt to surface this s**t.

tony Blair was the last time (just when the IRA, the only serious sustained home grown UK terrorist threat the country has ever experienced) was disbanding.

Are lawyers turned politicians even worse than Classics/History/English graduates turned politicians?

13
0

Probe Brit police phone-peeking plans, privacy peeps plead

John Smith 19
Gold badge
Gimp

Police work should only *ever* be easy in a police state

So is this really needed to help PC Plod do their "work"* ?

*I mean the actual catching of real criminals engaged in serious crimes, not harassing anyone they don't like the look of, which is more of a hobby for most of them.

3
1

Riddle me this: TypeScript's latest data type is literally unknown

John Smith 19
Gold badge
Unhappy

Extend, enfold, extinguish.

Isn't that how it usually goes?

Javascript is the last standing remnant of Netscape

The bottom line with MS is the bottom line.

Always.

7
13

Trump 'not normal' FCC commish reveals amid Sinclair-Tribune mega-media-merger meltdown

John Smith 19
Gold badge
Unhappy

So Sweet Pai is also Sinclair's b**ch as well Verizon's b**ch

I guess the FCC job is just for pin money.

But it does demonstrate that when decision making makes no obvious sense follow the money.

18
2

Relax, Amazon workers – OpenAI-trained robo hand isn't much use (well, not right now)

John Smith 19
Gold badge
Unhappy

"we don’t have an entirely accurate model of the hand, "

Because the real world is not precise.

Consider however how long a human takes to learn these fine motor skills.

It's called infancy.

but any system that cannot operate without expecting perfection is in big trouble

2
0

I predict a riot: Amazon UK chief foresees 'civil unrest' for no-deal Brexit

John Smith 19
Gold badge
Unhappy

"neither of them had a plan or a clue about what Brexit really entails."

Correct

But it seems they also believed (in some ba**hit crazy) way they are "Taking back control."

Given that in fact HMG's problems are mostly down to The Home Offices inability to organize the proverbial drinks party in a brewery in fact they never actually lost control to begin with.

Which makes "taking back control" delusional.

2
1

Capita still squats on top of the UK's software and IT services heap

John Smith 19
Gold badge
WTF?

"The plan to do "fewer things better" –

How about doing 1 thing well.

That would be a start.

Maybe.

I'm not sure there is one thing they do well (apart from generate the paperwork needed to run government con-tracts).

5
0

The Register - Independent news and views for the tech community. Part of Situation Publishing