nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Cynic_999

1346 posts • joined 15 Aug 2013

Page:

Developer’s code worked, but not in the right century

Cynic_999
Silver badge

The Internet is international - and so are many supermarkets.

Gosh, what a lot of ethnocentric Englanders commenting today :-)

England is not the only country in the multiverse, and nor is it the only place with supermarkets and computers.

Today is 18th June 2018. In England.

In Islam it's 4 Shawwal, 1439

In Persia it's 28 Khordad 1397

In Nepal it's 4th Asadh 2075

In Ethiopia it's ሰኞ ሰኔ 11 2010

In the Chinese calendar its May 5, Wu Xu Year.

The year is 5778 in the Hebrew calendar.

Then there's the Balinese Pawukon calendar which I don't pretend to understand ...

5
0

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Cynic_999
Silver badge

You're looking at the wrong area

The OS (if any) that a CAM machine uses is irrelevant. It's just a part of the machine, same as the belts and cogs. You don't get people demanding that machines are updated with metric nuts and bolts, or gears must have protection against people deliberately jamming a spanner in the teeth.

Security consists of preventing unauthorised people from getting access to the machinery rather than demanding that machines be built to thwart a sabotage attempt by bad people who have managed to gain access to the factory floor.

It's not the job of the machine manufacturer to protect the machine against unauthorised physical access, and I submit that it's the same regarding unauthorised digital access. Machine manufacturers are not, and are not expected to be security experts in either case. The company should ensure that its internal LAN is secured from outside access just as it is responsible for using security fences and guards etc. to secure against unauthorised physical access.

Basically, if you need an access card or door key to physically access a machine, then you should need a password or other form of authorisation to access the machine over the LAN.

If the manufacturer needs to service or troubleshoot, then temporary access can be granted by the company's IT security on a secure temporary basis - maybe a PW to get access though a VPN, or a temporary router "pinhole" to a single designated IP address. And all "Teamviewer" activity is monitored. Just the same as a visiting technician would be given a temporary visitor's pass if attending in person, and perhaps be accompanied by an employee at all times.

1
0

Tech firms, come to Blighty! Everything is brill! Brexit schmexit, Galileo schmalileo

Cynic_999
Silver badge

Re: Good old Alan T

The implied message that I get is, "If you are brilliant, come and devote your life to serving the British government, who will pay you a pittance and then castrate you for your trouble."

20
0

Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune

Cynic_999
Silver badge

Re: Floating point crypto operations?

"

good for X^Y which is rather frequent in cryptography

"

Not that I know of.

AES, 3DES etc. uses table-lookups and logical operations (e.g. rotates, xor ), I can't think of any use for a conventional FPU in any symmetrical key encryption I've worked with.

Public/private key cryptography does use a form of exponential arithmetic - but on "bignumbers" which must be handled using a very different (and strange) form of modulo arithmetic that again, I cannot see a conventional FPU providing much assistance with apart from a slight boost computing partial products of bignumber multiplies and Montgomery inverses, which would not leave any useful scraps in the registers.

I've implemented several common encryption and hashing functions as well as public key encryption using assembler on both Z80 and ARM based processors. An FPU was of no significant help, but several ARM based chips contain a hardware encryption engine, one of which even does bignumber functions such as modulo exponential and Montgomery multiplication etc.

4
0

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Cynic_999
Silver badge

Re: Perhaps I need a forwarding email address for every shop

"

A lot of web forms incorrectly reject it but a "plus form" address (RFC2822) is what you are looking for.

"

Doesn't seem to work on either my company email address or my gmail address. :-(

0
0
Cynic_999
Silver badge

How about cookies?

If a company puts your CC details in a cookie that it sends to you (then forgets), it could retrieve those details by grabbing the cookie next time you place an order. However the details will then only be kept on *your* computer, not the company's servers, so I assume GDPR considerations will not apply.

The cookie could be encrypted, with the company using a different (random) encryption key for every customer. Then even if the company is hacked and all the keys stolen it would cause limited damage.

Of course, customers who place a new order using a different computer would have to enter their CC details again.

0
1

UK digital secretary throws cold water over bid for laws on kids' use of social media

Cynic_999
Silver badge

Molehills and mountains

The dangers of the Internet for children are always greatly exaggerated to suit whatever is the agenda of the day. Younger children's Internet activities should be under the full control of parents, and by the time they reach puberty they ought to be knowledgeable enough to stay safe. By which I mean not meeting up with strangers - there is no credible evidence that looking at porn is likely to harm any but a very small minority.

3
0

England's top judge lashes out at 'Science Museum' grade court IT

Cynic_999
Silver badge

"

The reason they ask for clarification is not because they don't know, but because they want precise details in the court records.

"

They also want the witness's definition of the words s/he is using to be put on record, so that the witness cannot later claim that they were referring to something completely different or had themselves misunderstood the meaning of a particular word.

9
0

UK's first transatlantic F-35 delivery flight delayed by weather

Cynic_999
Silver badge

Re: Which is more expendable?

Full training may take 4-5 years, but the pilot will be good enough to do a ferry flight after a year.

0
0
Cynic_999
Silver badge

Which is more expendable?

From the article:- " you don’t take unnecessary risks with either the jet (which is easily replaced) or the pilot (who isn’t)."

Wrong way around, surely? A pilot is a heck of a lot less expensive than an aircraft (both initial cost and maintenance costs), and can also be produced (trained) in far less time than an aircraft can be built.

2
3

Lack of governance on new police tech leaves 'worrying vacuum' – Brit biometrics commish

Cynic_999
Silver badge

Re: retention ... for general crime

"

Police bail is limited to 28 days

"

Gosh, you seem to have believed the propaganda. Police bail can last for years, or even the rest of the person's life. Because firstly a senior police officer can and will routinely extend bail to 3 months, and a friendly magistrate can be relied upon to extend it indefinitely if a policeman says it is necessary. Anyone suspected of an offence where digital evidence must be obtained (e.g. a computer or phone must undergo forensic examination) are routinely placed on police bail for at least 6 months, and often for a year or more. Remember that the police can now impose conditions on their bail, which can be pretty onerous (though if police bail conditions are broken there's not much the police can do about it).

5
0

RoboCop-ter: Boffins build drone to pinpoint brutal thugs in crowds

Cynic_999
Silver badge

Re: I'm wondering

I wonder what percentage of the violent participants flagged up in the average protest crowd situation will be police officers?

4
0

UK military may recruit wheezy, alcoholic keyboard warriors

Cynic_999
Silver badge

Recruiting poster

A popular spoof poster when I was conscripted many years and many miles ago was:

Join the Army

Go to beautiful exotic countries

Meet happy, interesting people

Then kill them

5
0

Four hydrogen + eight caesium clocks = one almost-proven Einstein theory

Cynic_999
Silver badge

Re: you must accept the scientific fact that placebo ... works.

"

It's the camp-followers of woo and "memory of water" and that hogwash that grind my gears.

"

Yup. The idea that water could possibly have a "memory" is as ridiculous as the notion that merely observing a particle in one place could affect another particle in a completely different place. Or that hot water could possibly freeze faster than cold water when placed in the same freezer. And yet ...

I seriously doubt that homeopathy works as advertised, but please do not dismiss something as being nonsense merely because it does not fit in with any established scientific theories.

Most of what you read on your computer screen is due to the "memory of rust".

1
5

Five actually useful real-world things that came out at Apple's WWDC

Cynic_999
Silver badge

Re: 32-Way Facetime

How else would you hold an online wankathon? Mmmm?

2
0

Did you test that? No, I thought you tested it. Now customers have it and it doesn't work

Cynic_999
Silver badge

Re: The Smell....

"

I haven't done that with a soldering iron but picked up a tranga with bare fingers before.

"

Tranga? Google reveals no likely meaning. Closest to anything relevant is a red-headed transvestite.

4
1

Internet engineers tear into United Nations' plan to move us all to IPv6

Cynic_999
Silver badge

Re: Surely a sensible plan is not THAT difficult?

"

There's also the issue that knowing a MAC can lead to a masquerade or other lower-level attack. It's one reason IPV6 had to be altered as it wasn't considered from an adversarial POV.

"

Only by an attacker on the same local sub-net. And anyone with that access would be able to gather all the MAC addresses using a simple packet-sniffer.

0
0
Cynic_999
Silver badge

Re: 30 second ipv4 redesign?

"

The Issue with IPv6 adoption is security, no-one wants their internal addresses globally routable

"

Why not? That's a matter for the firewall at the border of the LAN to WAN. Which could block any or selected incoming connection requests to any or selected internal LAN addresses. While no longer needing to do any NAT.

5
1
Cynic_999
Silver badge

Surely a sensible plan is not THAT difficult?

My initial idea would be

First 16 bits = country code

Next 16 bits = area code in country

Next 16 bits = ISP within area

If the ISP uses the next 32 bits to identify each of its customers, that leaves each customer with an address space of 48 bits for each device on its internal LAN

48 bits is the length of a MAC address, so why not have each device using its (globally unique) MAC address as the last 6 bytes of its IPV6 address? DHCP would provide the first 10 bytes of the IPV6 address, each device would provide its own last 6 bytes (which could be locally managed if desired). Which would have the possible advantage that the IP address would tell you the manufacturer of the item you are communicating with.

1
5

Un-bee-lievable: Two million Swedish bugs stolen in huge sting

Cynic_999
Silver badge

Maybe they weren't stolen

They just went on strike demanding more honey and shorter flowers.

10
0

Half of all Windows 10 users thought: BSOD it, let's get the latest build

Cynic_999
Silver badge

Re: Rolled out != working users

"

The best way to address this is planning ahead when buying hardware. I just bought a new Brother laser all-in-one printer/scanner/copier/fax with full Linux support from Brother, drivers available in .rpm or .deb.

"

One of the main uses for my printer is printing labels onto printable CDs, DVDs and BluRay disks. This requires not only a printer driver that is able to tell the printer that it is printing onto a disk, but also an application that can create suitable print files easily.

Maybe there are such drivers and utilities now available for Linux just as there were for WfW last century, but when I looked last year I could not see any.

Your advice is as useful telling Tiger Woods to use a tennis racquet instead of a golf club, and when he complains that it doesn't work, advise him to plan ahead by changing his preferred sport.

2
6

The glorious uncertainty: Backup world is having a GDPR moment

Cynic_999
Silver badge

Re: Not my field of expertise

The solution is pretty obvious to me. Deletions are only performed on live (current) data, BUT a record or log of all such deletions is kept. If and when it is ever necessary to restore from a backup archive, that deletion log is used to immediately delete the same data on the newly restored records before going live with the restored media.

Something that could be trivially automated so that it is applied automagically after any restore script is run.

8
1

A Reg-reading techie, a high street bank, some iffy production code – and a financial crash

Cynic_999
Silver badge

Re: Or...

Easy ...

CalcExposure:

ldr r3,=TotalPositions

ldr r3,[r3]

ldr r2,=ExposureTable

mov r0,#0

ExpLoop:

ldr r1,[r2],#4

adds r0,r0,r1

bcs OverRunError

subs r3,r3,#1

bne ExpLoop

ldr r1,=TotalExposure

str r0,[r1]

mov pc,r14

11
0

Buggy software could lock a Jeep's cruise control

Cynic_999
Silver badge

Re: Oh Lord

"

So, Cynic_999, I presume you are planning on reporting to the scrap pile shortly? Seems your programming is faulty ...

"

My point was that we know that humans are not perfect and quite prone to making mistakes and occasionally behaving irrationally, yet we deem our wetware good enough to be in control of huge & dangerous machines. Yet we do not trust a computer to do the same unless it is shown to be 100% perfect.

Most certainly if a computer made the same mistake as most of the human errors that caused serious accidents, it would indeed be on the scrap heap.

0
0
Cynic_999
Silver badge

Re: It's maybe even a little worse

A 100A MOSFET is under £1. Add a low current button or keyswitch and it will be cheaper than the all-mechanical options. Probably a lower "on" resistance (so less voltage drop and heating) as well

1
0
Cynic_999
Silver badge

Re: Oh Lord

"

It looks like wetware 1.0 is still better than the crapware they are using.

"

Oh, I dunno about that. This is s bug that has not so far exhibited itself in 10000's of vehicles, and will only happen if an unlikely set of events were to occur. Wetware on the other hand frequently makes very basic errors, and cannot be relied upon to follow even very simple programming instructions.

Software would have to be pretty buggy before it screwed up as often as wetware does.

1
1

ISP popped router ports, saving customers the trouble of making themselves hackable

Cynic_999
Silver badge

Ultra-efficiet

They are to be commended for not closing the port so that they don't have to waste time re-opening it when the next bug is reported. Same reason that I never put tools back in the tool box.

4
0

US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR

Cynic_999
Silver badge

Re: Overreach

"

Data has to be mutable, and as a consequence, less reliable.

"

Data must certainly be mutable, but it does not follow that it is thereby rendered less reliable (the opposite is true). Because *people* are mutable. Thus personal data on an individual becomes less reliable over time because the *person* has changed. The fact that you stole 5p from your mum's purse when you were 6 years old does not mean that you should be forever branded as a thief and thus barred from holding any position of trust.

If you move house, databases must be updated to reflect your new address, and unless there is a very good reason to hold onto your old address, that should be deleted. After all, you'd be miffed if the police kept raiding your house because a drug dealer used to live there 25 years ago and the police have not changed the data on the PNC because they think as you do, that deleting or changing data makes it unreliable.

7
0
Cynic_999
Silver badge

Re: Overreach

"

In this case however, the EU parliament says: "No, it up to us to decide what you can and what you cannot do with your personal data". Not cool.

"

Your argument is similar to the idea that making it illegal for people to rape you while you are asleep means that you are not permitted to have consensual sex.

17
0

You know that silly fear about Alexa recording everything and leaking it online? It just happened

Cynic_999
Silver badge

Re: And that....

ISTM that the words, "I'll ask her" (e.g. as in "I'll ask her what she wants for dinner") could easily be mistaken for "Alexa" if said with certain accents.

6
0

UK's Royal Navy accepts missile-blasting missile as Gulf clouds gather

Cynic_999
Silver badge

Re: What worries me....

"

do we have any anti-missile-missile missiles?

"

We did, but unfortunately it shot itself down.

9
0

The future of radio may well be digital, but it won't survive on DAB

Cynic_999
Silver badge

Re: just receive an IP stream, buffer as necessary.

"

Buffering it in the receiver so you can surf through dead spots is easy but means 20-30s of "buffering..." silence every time you change channels.

"

And of course two-way communication with the transmitting station so you can request the bits you missed to be re-transmitted, which is only possible via cellphone data which will cost you money.

You can do that right now, you just need to point your smartphone to a suitable online radio station. Of course, mobile phone coverage might be even worse over a particular route than DAB coverage

2
0
Cynic_999
Silver badge

Re: just receive an IP stream, buffer as necessary.

"

... to answer your question as to why DAB want built with buffering, it's because solid state memory was expensive in the nineties.

"

Nope. It's because DAB is one-way with everyone receiving the same data stream. Therefore if you get corrupted data, there is no way to tell the transmitter to re-send that data, so buffering would be pointless. Same is true of multicast - it's inherently one-way so error correction is not possible.

It would be possible to send two (or more) identical streams of data separated by a few seconds, so if you miss a bit during a fade the chances are you can get it on the second stream a while later, but that will of course require twice the bandwidth. You could also send blocks of data with PAR blocks appended that allow the receiver to correct errors provided it has received enough PAR blocks - but again that's a massive increase in bandwidth (and also needs some hefty CPU power in the receiver - which equals low battery life).

12
0

RAF Air Command to take on UK military space ops

Cynic_999
Silver badge

Cheaper alternative

We could get a space program a lot cheaper, better and quicker if we outsourced to India

8
0

10 social networks ignored UK government consultations

Cynic_999
Silver badge

Perhaps ...

Someone should remove her hashtags. With a machete.

1
0

Open justice FTW! El Reg fought the law – and El Reg won

Cynic_999
Silver badge

Corruption reigns in secret courts

So we still need to sort out the Family Court system and certain Immigration and Terrorist related proceedings.

7
0

Great Scott! Bitcoin to consume half a per cent of the world's electricity by end of year

Cynic_999
Silver badge

Does not include ...

If the mining hardware is situated in a room/building that would normally require heating, then the amount of power that would have been needed to heat the room should be subtracted.

6
5

Zero arrests, 2 correct matches, no criminals: London cops' facial recog tech slammed

Cynic_999
Silver badge

Obviously it will improve over time

Every one of the innocent people incorrectly flagged will be arrested. Which means they will be photographed, fingerprinted, DNA swabbed and entered in the PNC as a suspect. Then after a few hours (if lucky) they will be released. But their records will be kept.

Over time, more and more innocent people will be entered in the database. Eventually everyone will have their mugshot on record, so it will be completely impossible for the facial recognition system to flag a false positive. Foreign terrorists on their first visit to the UK will be the only people not flagged.

4
0

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

Cynic_999
Silver badge

Re: Now if I were going to design a secure messaging system ...

Yes, all very well if you only need to communicate a few sentences once in a while, but if you need to exchange long messages many times per day such methods are far to cumbersome and time-consuming to use. Try a to-and-fro discussion of the specifications and design details of a new computer or car design using jpegs of hand-written encrypted messages. (Not sure how encrypted text can be Farsi or any other language, though I suppose it could use an uncommon character set, such as ancient Egyptian hieroglyphics)

Meanwhile in the real World, I find it pretty easy to use a completely separate PGP (e.g. GPG) application and copy & paste from/to any encrypted email I receive or wish to send. The email client has no access to any PGP keys and so cannot decrypt the message no matter what email exploit is attempted. Probably takes 5 seconds longer than if the email client did the encryption or decryption.

3
0

Pentagon on military data-nomming JEDI cloud mind trick: There can be only one (vendor)

Cynic_999
Silver badge

Sensible

Having a single vendor forces that supplier to own the problem when things go wrong, rather than having several vendors all pointing fingers at each other.

5
0

Chap charged with fraud after mail for UPS global HQ floods Chicago flat

Cynic_999
Silver badge

I wonder how long it will take

For anyone to realise that all post addressed to Donald Trump is being redirected to the Kremlin?

7
2

US Congress finally emits all 3,000 Russian 'troll' Facebook ads. Let's take a look at some

Cynic_999
Silver badge

Re: The real problem

Of course people's votes can be influenced by reading short articles - so long as they are read sufficiently frequently. It is no different whatsoever to conventional advertising, which most certainly works in influencing people's brand choice - which is basically the same as choosing what party to vote for in an election. People do not actually believe that "Sudso washes whiter" (or whatever), but when presented with several different detergents on a supermarket shelf, that jingle automatically comes to mind as you look at the product, and has a very definite (and provable) influence on the percentage of people who vote for (choose to buy) the product.

5
0
Cynic_999
Silver badge

Re: The poor English reminds me of the 419 scam.

"

whereas spammers are perfectly content with having a minuscule response rate someone who wants to influence a democratic election will not be.

"

Apples and oranges. Spam needs the recipient to not only read the spam, but to perform an action based on that one item just read. Changing a person's view does not involve taking action after reading one item, it is a gradual process involving reading multiple items about different things that lead in the same direction.

5
0

Windows Notepad fixed after 33 years: Now it finally handles Unix, Mac OS line endings

Cynic_999
Silver badge

Re: Don't like Unix text handling - not happy MS

"

Even "back in the day", I'm sure there were some filtering to perform pagination, etc. An escape character in the source file can tell the filter not to process (expand to CR/LF for example) that character.

"

No, not even that. You had to tell the printer what size paper it had by loading a "vertical format" tape (or file). You used the formfeed character (0x0C) to tell the printer to do a page break.

1
0
Cynic_999
Silver badge

Re: Don't like Unix text handling - not happy MS

"

You are muddying the waters by getting mixed up the printer control needed to get a certain result with the storage format for a document.

"

Makes sense in this age of Unicode characters and different software drivers for every printer, some of which are far more complex than an editor.

But this came from a time when editors were simple affairs, and printer drivers essentially just copied the file to a printer port. Heck, the "file" could well be a length of punched paper tape that would be physically fed into the printer.

Much later came formatted documents and printer drivers that could do clever things such as automatically overprinting words marked to be underlined with "_" characters or translating "£" into "L" backspace "-" and similar kludges.

1
0
Cynic_999
Silver badge

Re: Don't like Unix text handling - not happy MS

"

Using a printer driver format for internal file representation makes no sense at all.

A byte wasted for every line was significant wastage back in the day.

"

"Back in the day" the printer driver was effectively a physical interface, not a software program. The data would simply be fed directly to the printer one byte at a time. You could specify what physical port to send the data to, but the "driver" was not designed to reformat that data in any way. You may well want the printer to do only a CR or only a LF and would not want your computer adding or deleting characters or control codes.

1
0
Cynic_999
Silver badge

Re: Don't like Unix text handling - not happy MS

"

No standard describes which newline convention is right, however the good thing about one byte (including old-style Mac's CR) is that it's easier to program with and the printer driver decides what characters to send for new line, whereas DEC was wedded to one particular teletype.

"

You assume that CR always denotes a new line. I once used line printers and telex machines a great deal, and it was often necessary to do a CR without a LF in order to overtype the same line. Many printers could not do a backspace, so using CR was the only way to achieve an overprint. And overprinting was the only way to create certain character and effects. e.g. to underline, or to double-print the line so that it appeared in bold. Or to add accents or strike-through etc. You always added a non-printable character after a CR because most printers took longer than 1 character period to perform the carriage return. Usually the letter-shift character was used, or a double CR was sent.

1
0

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

Cynic_999
Silver badge

As a hardware and firmware guy ...

I cannot recall the last time I read a manual or datasheet that was *not* unclear in many significant ways. Or gave information that was just plain incorrect.

My best example was of a manual for a hardware module that stated: "Note that connector P5 is upside down".

Well, P5 was mounted on the solder side of the board, but I didn't see why that would need a special mention. But it was not working as expected. I eventually twigged that what the manual actually meant was, "All logic signals on P5 are inverted". Obviously the result of a translation by a non-technical person.

5
0

Microsoft reckons devs would like an AI Clippy to help them write code

Cynic_999
Silver badge

Could be worse ..

Microsoft could have decided to serve up content-related adverts as you type in your code. As it is it will merely auto-correct your typos into something you did not intend, so instead of generating an error at compile time that you can fix instantly, it will result in an obscure bug that your customers will find for you.

10
1

Australian prisoner-tracking system brought down by 3PAR defects

Cynic_999
Silver badge

Re: System outages and faults are infrequent

The article states what all the outages were, and ISTM that they were indeed infrequent and pretty short-lived. As also mentioned, the people being monitored would not have known that there was an outage, and so were not in a position to take advantage of it, nor was any outage long enough for people to have become aware and taken advantage. (I can't see that the shortest outage of 12 minutes would have been of any concern even if everyone being monitored were given advance notice).

It makes no sense to ensure a system is 100% reliable when the application will work perfectly well with 99.9% reliability. That final 0.1% cost huge amounts of money.

3
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing