nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

* Posts by John Smith 19

13854 posts • joined 10 Jun 2009

Permissionless data slurping: Why Google's latest bombshell matters

John Smith 19
Gold badge
Gimp

Not all data fetishists are government employees

<gollum>

We wants it

We needs it

We must have all your location data, all the time, forever.

</gollum>

When I put it that way does it not sound just a bit creepy to you?

3
0

Budget 2017: How to make a downbeat forecast sound better. Say 'tech' a lot?

John Smith 19
Gold badge
Unhappy

"Hammond revealed sharp cut in growth forecasts for 2017 from 2 per cent to 1.5 per cent "

Indeed.

25% straight off the top.

IIRC this is expected to a £30Bn loss of the UK economy, at least.

And BTW the UK has the lowest productivity in the G7.

So IRL the Conservatives have done what they do. Look after property owners and f**k everyone else.

0
0

Peers told to push for cut-price access to med tech developed with NHS data

John Smith 19
Gold badge
Unhappy

Again, who owns that data. I'd say it's the patients.

It's your data.

Not the NHS.

Not the HMRC.

Yours.

0
0

Possible cut to British F-35 order considered before Parliament

John Smith 19
Gold badge
Unhappy

"and it's not at all impossible the yanks will pull the plug on the program. "

Bu***hit.

Far too many members of the Con-gress jave beem "persuaded" of the programmes vital importance to national pork defense.

That programme will run for decades.

LM has guaranteed orders, upgrade programmes, spares, etc.

Who cares if it doesn't work?

0
0

Microsoft reprieves CodePlex users – you're doomed next week

John Smith 19
Gold badge
Unhappy

"And a little competition usually brings out the best in the competitors."

Which explains why Microsoft are its been so keen to kill any of its competitors in the past.

So what features about CodePlex made it worth using?

0
0

Once more unto the breach: El Reg has a go at crisis management

John Smith 19
Gold badge
Unhappy

Moral. Preparing for when, not if, this happens stop "headless chicken" syndrome.

Which sounds like a pretty good investment in (senior) staff time.

But how many other companies will do it?

And (far more importantly) what were the refreshments like?

1
0

Don't sweat Brexit, big biz told: Your shiny data protection sticker will remain intact

John Smith 19
Gold badge
Coat

"What the ICO is saying is that it isn't going to strip anyone of approval post-Brexit."

Except the ICO will no longer be in the EU post Brexit, so will it's approval count anymore?

Anyone whose business involves processing lots of data from the rest of Europe should consider moving that side of their operation to somewhere in the rest of Europe.

Once again May is looking bad.

In every sense of that sentence.

1
0

Microsoft says Win 8/10's weak randomisation is 'working as intended'

John Smith 19
Gold badge
WTF?

"Microsoft Secure Windows Initiative"

Now is that secure as in "Prevents malware running" or secure as in not allowing you to run what appears to be a video or song you have not bought from a recognized media outlet?

It's so hard keep up with Microsoft sometimes.

Because MS has used both, and does both.

2
0

Linus Torvalds 'sorry' for swearing, blames popularity of Linux itself

John Smith 19
Gold badge
Unhappy

Actually I'd have said not breaking kernal space was more important

However a change that breaks working apps because the devs forgot to put them on a list is a fairly stupid design, especially when those apps are well know.

14
1

Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android?

John Smith 19
Gold badge
Big Brother

Google: "It is not "location services" so it's not reporting on you. So you can't turn it off.

And we are only using your device to build our cellphone tower map.

Citizens, we are only doing this to help you."

Like f**k.

Does the Google employees manual have a New speak dictionary included at the back?

You can bet this is going to be a battery hog.

TBF I'm sure Google take the privacy of all that data they collect on us very seriously. After all you wouldn't want the data you've worked so hard to steal to be stolen by someone else, would you?

10
1

Digital minister: We're still talking to BT about sorting crap broadband

John Smith 19
Gold badge
Unhappy

"any company making over £3 billion in profits every year need to further gouge customers"

Simple.

Because they can.

That's when you know you're dealing with a monopoly.

When they have no effective pressure on them to do anything else.

9
1
John Smith 19
Gold badge
Coat

"a Devon village's decision to burn an effigy of an Openreach van on bonfire night "

Lucky the driver got away in time, eh?

Yes, mine's the one with a copy of the proper version of The Wicker Man in it.

TBH the best way for Rural communities in the UK to get broadband will be to form their own company and lay their own link to the nearest exchange.

Just my $0.02

8
0

While you're preparing to carve Thanksgiving turkey, the FCC will be slicing into net neutrality

John Smith 19
Gold badge
Unhappy

"many Americans have little or no choice in their high-speed broadband provider,"

Competition, American style.

"Of course you can change your ISP. But since we bought out the only one who would do the work (and so this is a sunk cost to us), and we've stopped any county or state run ISP's being set up (thanks to our friend "Sweet" Pai) all your bandwidth belong to us.

Forever.

28
2

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

John Smith 19
Gold badge
Thumb Up

"More of an open patio window really,"

Nice.

And while accepting blank login credentials that makes it a patio window without glass either.

3
0
John Smith 19
Gold badge
Gimp

"In response to issues identified by external researchers, " So no Intel did not find these.

It had to have them pointed out to it.

Because it clearly did not go looking for them in the stuff the code monkeys who wrote this handed over to them.

Let's be clear here.

Intel insisted on giving users a second processor they can't ordinarily access that has very deep control of their systems security and they wrote the software to run on it with the most cursory (if any?) checks on its fitness for use.

If Intel really want to differentiate "home" from "data centre" processors this would seem to be an area they should do so.

How many home users need this? How many home users even know it exists?

If you want all this high end sysadmin functionality then by all means have it, at the price.

But how many really need it? It looks like "Because we can."

And that's the motto of data fetishists everywhere.

10
0
John Smith 19
Gold badge
WTF?

It's 2017 and buffer o/flows & security by obscurity is still thought a brilliant plan.

And note that word "trusted"

Not in "we" can be trusted to run your applications safely,no.

You can be trusted to run only the content you have purchased.

This is at least as much about the hardware realization of Microsoft "Palladium" AKA "Trusted Computing Initiative" as anything else.

The computer hardware equivalent of "The Manchurian Candidate."

12
1

AT&T wants to bin 100,000 routers, replace them with white boxes

John Smith 19
Gold badge
Unhappy

" that's scary for the likes of Cisco and Juniper, "

True.

But this is the Unix philosophy.

1 unit doing 1 job very well.

This is not not really about the little boxes sitting under home users desks.

This is about the racks of hardware at the other end, and the much beefier cards sitting in the racks next to those, that handle the terrabits of bandwidth needed for a tier 1 backbone supplier. Where you want to p**s about configuring a router through a GUI, you want to configure 1000 of them (or patch them all when a vulnerability is found).

Performance says this is a job for a monolithic kernel. But maybe the time has come for a cleaner, layered, message passing approach (keep in mind Erlang is like this, but passing pointers, not copying chunks of memory for performance, and it was designed by Ericson to program PBXs).

Interesting they will only consider x86 and ARM architectures. A real recognition that in high performance embedded who the real main players are.

0
0

SagePay's monster wobble... On the third day of sale week, UK retailers start to weep

John Smith 19
Gold badge
Unhappy

"it's the way a cloud company deals with them that sets the grownups apart."

Or rather "anonymous server farms in unknown jurisdictions" to give them a rather more accurate description.

Remind me (again) how "cloud" apps never fall over and how they scale up under load.

BTW Sage is in someways the nearest the UK has to a major international software brand (they own Act CRM, and managed to f**k that up, although it got better once you'd patched it. A 400 rec DB with 2-3 secs to go to the next record before patching).

they've always spent more on their PR than their development budget (accountants "incentive" scheme. Recommend Sage, get bung "finders fee").

4
2

Level 5 driverless cars by 2021 can be done, say Brit industry folk

John Smith 19
Gold badge
WTF?

"At-scale deployment to provide the evidence that AVs are safe for at-scale deployment"

When he puts it like that it does seem kind of dumb, does it not?

If you're going to spend > £q/2 Bn on UK roads perhaps rolling out more of the electric car charging infrastructure you're so keen on would be a better use?

My instinct is this will start with HGV delivery vehicles running well defined, mostly main roads between ports and distribution warehouses. The use case is fairly well defined, the sites are not worst case traffic and there is a significant financial incentive to do so. So I'd expect Amazon to be in the forefront of this.

BTW would an HGV driver not driving but sitting at the wheel counts as part of their "hours worked"? If not they can work longer hours, potentially eliminating one or two of them per environment.

2
0

How is 55 Cancri e like a Sisters of Mercy gig? Astroboffins: It has atmosphere

John Smith 19
Gold badge
Unhappy

"It has a mass of about eight Earths and radius of about two so it's no golf ball."

I don't think any SF writers ever thought of humans inhabiting planets of more than about 3g.

That said if it does have the atmosphere issue taken care of you can run around the whole surface without a full space suit.

That's quite attractive.

Now all you need is the hand held anti-gravity unit to avoid needing massive genetic engineering in order to survive on the planet.

2
0

UK.gov told to tread carefully with transfer of data sets to NHS Digital

John Smith 19
Gold badge
Coat

One database to bind them all....

That is all.

1
0

UK.gov 'could easily' flog 6m driver records to private firms this year

John Smith 19
Gold badge
Unhappy

"They wouldn't give me the address of a delinquent ex-tenant of mine"

Of course not.

You're not a Parking Enforcement company.

IOW, you're not a man in a van with a Denver Boot and a mobile number who's registered with them to get such data on demand.

Perhaps it's time you were? I gather the "qualification" are minimal, as are the background checks.

12
0

UK.gov to chuck an extra £2.3bn at R&D ahead of Budget

John Smith 19
Gold badge
Unhappy

"for increased public funding as part of a new industrial strategy."

Which implies the current UKG has an existing industrial strategy?

Have people spotted this in the wild?

5
1

Some 'security people are f*cking morons' says Linus Torvalds

John Smith 19
Gold badge
Unhappy

For some reason Torvalds always reminds me of Gene Hackman in "Crimson Tide."

"We are here to defend democracy, not to practice it."

You may not like him but I get the sense you get a very clear of what direction he's going in, and what his priorities for Linux are.

Having observed Microsoft at work when it comes to competition I could see it in some peoples interests if the open source Linux kernel was degraded, so people were discouraged from it and encouraged to move to peoples more proprietary versions.

4
2
John Smith 19
Gold badge
WTF?

Google bod "It's brilliant, you have to include this, including the fall back mode"

No he doesn't

"Fall back mode" is a tacit admission you not done a good enough job in the first place.

I wonder if people realize the "The kernel keeps running" is exactly the approach of IBM mainframes?

User processes die. So what?

An interesting side view was the Bell systems approach to the first digital PBX, ESS1. They wrote scavenger programs that patrolled the kernel data structures and redundancy into the data structures so that errors would be purged out and memory leaks would not occur.

They indicated it found maybe 100 incidents a day but triggered a full blown reboot once every 4 years.

Something to keep in mind?

29
0

F5 DROWNing, not waving, in crypto fail

John Smith 19
Gold badge
Gimp

But note "Significantly more difficult" does not mean impossible

Especially with state actors.

5
0

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

John Smith 19
Gold badge

Yet Another startup "discovers" formal development process can be quit useful.

Good thing it's not working on anything important or a lot of peoples cash could be seriously f**ked up.

IBM federal Systems developed the process to do this in the 1970's.

1)Do code audits which a)Record bugs but don't fix them on the fly and b)Find bugs, don't blame developers

2)Identify if there are bug "patterns" of error prone (or just wrong) code

3) Use those patterns to scan the whole code base for other examples and fix those before going back into retest

No "deep learning." No neural networks. Just small teams eyeballing the code and writing pattern recognition scripts fed from a code repository where all code changes were tracked by developer and date/time on a line by line basis. SoA in the mid 70's but today....

Of course that was for a code base in MB, when a 1 MHz 32bit processor with 1MB of RAM was screaming performance at a Rolls Royce cost.

You'd think in 2017 people could do a bit better, wouldn't you?

Yet with single processors several 1000x faster and memory several 1000x bigger, with potentially massive MIPS (GIPS?) available on demand, apparently not. :-( .

0
0

Big Cable's pillow talk with FCC to forbid US states from writing own net neutrality rules

John Smith 19
Gold badge
Unhappy

"For enough money, many people are prepared to look stupid."

Or, as Upton Sinclair put it. "It is difficult to get a man to understand something, when his salary depends upon his not understanding it."

He was the guy whose book was the basis for the film "Oil."

And then there was his book on the US meat trade during the early 1900's

Not something you want to be reading while tucking in to a Big Mac..

6
0

Then there were four: Another draft US law on 'foreign' (aka domestic) mass spying emerges

John Smith 19
Gold badge
Gimp

Let's be clear. Senators and Con-gresspeople are ignoring the written Constitution.

Which I think I'm right in saying is the highest authority on what is "legal" in the US.

Which suggests it's time to consider wheather the Houses of Congress are still representative of the people or wheather or not wholesale change of the system itself is needed.

When lawmakers disrespect the Constitution isn't that where the Founding Fathers were expecting the people to take to the streets and exercise their rights under the 2nd Amendment?

Because it really does look like "the State" feels it needs these powers to protect itself from its citizens. IOW the people are the enemy.

Which was pretty much the attitude of the Communist Party of the USSR.

5
4

Dick move: Navy flyboy flings firmament phallus for flabbergasted folk

John Smith 19
Gold badge
Coat

Ah, if only it was called the F18 Grumbler.....

Just saying.

I thought the Growler was a Vietnam era EW aircraft, the A7 or A8 IIRC.

0
0
John Smith 19
Gold badge
Coat

Calling Big Daddy & Hitgirl perhaps?

I'd never really thought about sky writing stuff but now you mention it.....

7
0

Massive US military social media spying archive left wide open in AWS S3 buckets

John Smith 19
Gold badge
Unhappy

"result of trying to hire the cheapest sysadmin money can buy."

I think they succeeded.

21
0

MPs slam HMRC's 'deeply worrying' lack of post-Brexit customs system

John Smith 19
Gold badge
Coat

Welcome to Kent, formerly the "Garden of England"

Now the "Truck Park of Britain."

Please switch off your engines ASAP and make your way to one of the designated Customs Offices/Short stay motels.

0
0
John Smith 19
Gold badge
IT Angle

"But surely..selling point of ApplicationMaster.. was self-documenting if used correctly?"

Which of course begs the question was it used correctly?

I don't know what ApplicationMaster is capable of as I was not on the project, as I had not been conceived at the time it was built.

0
0
John Smith 19
Gold badge
Unhappy

"Nope, I'm still working, and plan to return to the UK when I do l retire, "

How interesting. Were you abroad when you voted?

I found it very telling that the Scottish Independence Referendum let almost anyone living in Scotland vote.

Because those people would mostly likely have to live with the consequences of their decision.

But you don't live in the UK. For you "Britain" is actually more a place inside your head, whose climate you don't experience and whose taxes (it appears) you don't pay.

I've often wondered how many UK elections have been decided by absentee "subjects" whose actual knowledge of the country is decades out of date.

0
2

US govt to use software to finger immigrants as potential crims? That's really dumb – boffins

John Smith 19
Gold badge
Facepalm

"Now is that "Buttle," or"Tuttle" who gets the black hood and the white noise?"

Oh, it's "Abdul" you say?

I am so sorry for having spoiled your evening, and your ceiling, Madame.

We'll just be on our way. Good night.

0
0
John Smith 19
Gold badge
Coat

For readers of William Gibson it's obvious what ICE is looking for

Black ICE

As in lethal force Intruder Countermeasures Electronics.

This will not end well.

0
0
John Smith 19
Gold badge
Coat

"could be used to arbitrarily flag groups of immigrants under a veneer of objectivity"

You make it sound like that's a flaw in the requirements.

It's a feature.

But let me try and lighten the mood as it's Friday.

"Heil Hydra."

12
0
John Smith 19
Gold badge
Unhappy

"Translation: Are you or have you ever been a member of the $Faith faith?"

FTFY

You forgot to allow for future growth options.

16
0

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

John Smith 19
Gold badge

So to recap.

NSA Supports BYOD

NSA lets devs run Kaspersky

Devs will pirate MS Office

And in process open themselves up to being penetrated by Chinese hackers, which is stopped by Kaspersky AV.

Hard to decide which element of this situation is more disturbing.

Does kind of explain how the Equation tools got onto the open market though, doesn't it?

1
0

Tesla launches electric truck it guarantees won't break for a million miles

John Smith 19
Gold badge
Coat

Is it just me...

Or does that front end look like an upside down T?

No doubt all about streamlining for wind resistance.

2
0

Why Boston Dynamics' backflipping borg shouldn't scare you

John Smith 19
Gold badge
Terminator

Re: Boston Dynamics Scottish Department

The ultimate fusing of robot and AI technology.

A Glaswegian Terminator.

Be very afraid.

0
0
John Smith 19
Gold badge
Unhappy

Wow. 30 years from Shadow Robitics and people are still struggling with it.

Shadow Robotics idea was quite simple.

Robots live in the human world.

Not humans live in a world made convenient for robots.

Hence a literal human skeleton (made of plywood IIRC, because it matched human levels of strength and mass better than steel) with equivalents to every muscle in the human hand (and there are lot more than the 17 joints up to the shoulder of a normal arm).

They also use a very clever, every light pneumatic muscle to keep the weight down and the response adequate (but they had trouble finding/building a noiseless 3Kw 4-8 bar air compressor, which is what a full unit needed).

AFAIK some of their work is still the SoA.

0
0

For goodness sake, stop the plod using facial recog, London mayor told

John Smith 19
Gold badge
Gimp

Senior plod love new laws, except if they regulate behavior of the plod.

Then they are "Invasive" and "Not able to keep up with modern police methods" blah blah.

It seems this "Biometrics Commisoner" will be another "tutter" who is basically toothless. A true "sleeping policeman"

13
0

Crewless dinghy signs to UK Ship Register for Middle East mission

John Smith 19
Gold badge
Joke

Vince Dobbin, "lots of..negotiation" with..Maritime & Coastguard Agency and the Ship Register,

Where they close to saying "Nayyyyy" at several points by any chance?

Sorry, couldn't pass up the chance.

5
0

DJI bug bounty NDA is 'not signable', say irate infosec researchers

John Smith 19
Gold badge
Unhappy

"NDAs tied to bug bounty programs seems like a wonderful way of suppressing research "

Exactly my point.

Please note. I'm not saying that DJI's is doing that, but not being transparent about it does make it look that way, doesn't it?

1
0
John Smith 19
Gold badge
Big Brother

I suspect if you sign the NDA you can't talk about even if you're looking for bugs.

IOW All information about wheather a researcher is even looking for ways in disappears into an information black hole.

Which means they can claim "We have no security issues. You can ask any of the researchers in this area."

Reporter asks researcher (who's signed NDA). "I know nothing of any bugs. I can neither confirm nor deny that I am investigating any vulnerabilities. I cannot comment on their security. Goodbye."

It may be like those "National Security Letters" the FBI have been issuing to ISP's. They can't tell a customer they're being spied on. They can't tell them if the customer asks them and they can't even answer if the customer asks "Have you received an NSL on my account?"

If I'm right would that sound somewhat Orwellian to you?

Of course releasing a copy of the full NDA would settle matters more or less instantly.

After all if DJI has nothing to hide, they have nothing to fear. Right?

11
1

Internet of So Much Stuff: Don't wanna be a security id-IoT

John Smith 19
Gold badge
Unhappy

How about "No PHB gives a s**t about security and everything about time to market"

That's what I think is a big driver.*

Let's be real f**king honest here. Historically it has taken actual deaths for industries to start seriously caring about safety, and it looks like IoT security will be another such issue. These are the sort of borderline psychopaths for whom "Carter Burke" in "Aliens" is a (flawed) role mode whose success is to be emulated.

*Who then hire code monkeys too ignorant, or scared of them, or harassed, to find secure implementations of functions even when they exist and are too exhausted/lazy/stupid to implement from scratch when it does not.

4
0

US govt's 'foreign' spy program that can snoop on Americans at home. Sure, let's reauth that...

John Smith 19
Gold badge
Gimp

FAscinating this seems to be the one area of cooperation between both sides of the Houses

Clearly they understand who the real enemy is.

The American people.

That is the implication of this sort of Draconian legislation, is it not?

20
0

The Register - Independent news and views for the tech community. Part of Situation Publishing