Posts by Doctor Syntax

Re: How is Fujitsu not in the dock?

PE will have been ignored on the basis that "They're always saying things like that. Just ignore them." Meanwhile the technical press is too difficult to understand for chaps with PPE, classics or English litt and history.

Re: How is Fujitsu not in the dock?

"And despite this being public knowledge and in the press for years, it takes a TV drama to actually get something done?"

Knowledge of a very limited public, I'm afraid, and for that part of the public that might have done something about it, it probably looked too much like hard work.

Re: No Justice

"When did the post office first become aware that perhaps the software was the problem?"

That's an easy one. Earlier than they'll admit.

Re: No Justice

"The petitions have a role of sort of safety valve"

This particular site seems to be one for gathering email addresses to "keep you informed".

Re: Project management by those ignorant of IT systems?

"Anything you try to make Fujitsu pay would have to have been in a contract with them or they'll just wriggle out of it "

If their staff were giving evidence that they knew was wrong then they might find such wriggling harder than you might think and they might wish.

Re: Remote Access

"Appalling ignorance by the judges"

The judges can only go by what evidence was presented to them. If they're presented with biased expert witness on one side and none on the other that's what they have to go on. To an extent if they think something needs clarification they might question a witness but they don't have previous careers as Sysadmins to know that that would need clarification. They may well, along the way, have picked up knowledge of police procedures, criminal MOs, even (regrettably rarely IME) forensic science and have a typical users knowledge of PCs but not ystem administration

I'm labouring under the experience of having spent about a third of my working life in the 70s & 80s as a forensic scientist. I am probably even more appalled than you at that case and struggle to understand how it could have even got to court. I can only report my own experience but I think everyone I knew - colleagues, police and medical examiners - as well as myself were well aware of the difficulties involved in allegations of sexual assaults, the possibilities of miscarriages of justice in one direction or the other and anxious to avoid them. Personally I think the stress of that job affects me to this day.

Possibly the DPP/CPS are less aware and are sometimes under political (and even less aware) pressure to increase conviction rates as measured against complaints. I can only think of one case in my career where the local DPP's office seemed to have had a rush of blood to the head despite the police having located an eye-witness who demolished the complainant's story; the case was dealt with by the Crown counsel calling the witness but then handing proceedings straight over to the defence to take her evidence.

However whataboutery gets us nowhere.

Re: Only for a specific type of open source, and only from a certain viewpoint

I think the GPL vs BSD argument is a distraction. In practice a Linux distro will include stuff with a wide variety of licences including GPLs 2 & 3 as well as BSD and others. From the point of the typical end user this makes no difference at all. The restrictions of GPL only apply to those distributing modified versions and they are not typical end users.

I do agree to quite an extent with the polish aspect. My thinking about this goes back the Chapter 1 of TMMM and Brooks' discussion of what is and isn't a product explained in this diagram this diagram Some development teams are content to stay in the top left corner but others do indeed produce a product. Those would include LibreOffice and various browsers and email clients. Add to that short list the tools you'd find in, say KDE - Dolphin (file management), Okular (PDF viewer), Kate/KWrite (simple text editor), Gwenview (image viewer), digiKam (image collection management) etc. - and you'll satisfy a lot of users and I'd rate all those as products. I don't think their developers can have considered raising them to that level as a thankless task, nor as one that doesn't involve solving interesting problems.

You also have to remember that there is not a single user audience to be pleased. Kate and vi, for example, are aimed at very different user demands for text editors (and even nvi and vim set out to meet somewhat different sets of expectations). The Kate user will undoubtedly find the vi experience stark and the vi user will find Kate bloated but both are nevertheless right for their respective users.

AFAICS your real gripes were with Wine and that is one I'd marked off as a project rather a product long ago; your comments suggest it still is although I think it has to be conceded that trying to recreate Microsoft's tar pit without getting caught in it will never be easy.

Re: 7kW

Very likely your "if not" applies.

And the ICE cut-off is 2035 for purchase of new cars. That means that is 30 years time any surviving ICE vehicles will be 20is years old.

Re: Attack the toolchain

Then some local prosecutor shoots his mouth off to the press for a bit of self-publicity pulling the rug out from under the whole scheme. Or somebody who was appointed to a job that should have had better vetting tips off her boy-friends criminal mates.

Re: "Such a ban would need to be universal"

No suspended sentences for the CEO. Actual jail time. And why should the CEO be doing it on behalf of the directors. The directors can share the cell. As to shareholders - just whose money do you think is being used to pay ransoms? It's the shareholders. And as far too many seem to forget the shareholders are ultimately the holders of pensions, private and corporate, and of life insurance policies etc. They're you and me. We are the victims in these crimes.

And don't lose track of the fact that the object isn't really to strengthen the corporate defences although that would be a useful side effect, nor to punish CEOs or boards for being hit. It's to cut off ransomware by stopping it being worthwhile for the perpetrators.

Re: Wrong

At the moment we have a feedback loop.

1. Ransomware generates profits because businesses pay.

2.. Businesses pay because they get hit with ransomware and there's nothing stopping them.

3. That makes ransomware profitable so go to 1.

That feedback loop needs to be broken. From my past career I'd love to see that done by going after the criminals but in practice the most accessible place to stop it by removing that second term in the 'because' clause in 2. And without ransomware the shareholders get a better deal. You're forgetting that the ransom doesn't get conjured up out of thin air. It's the shareholders' money that gets paid.

Re: Wrong

It's not a question of punishing the CEO for letting ransomware in. It's punishing the CEO for paying a ransom. If the ransoms aren't going to get paid where's the motive for demanding them? A CEO who wants to protect their back and the company can ensure he or she is doing their best to run a tight ship although once the message gets through that ransomware's day has gone because there's no benefit to be gained from it then both back and company are better protected anyway.

"Nothing would please me more than investors/shareholders/stakeholders getting a kick in the bollocks"

You do realise, don't you, that this might include you via your pension fund?

Re: Wrong

"Ah yes because criminals are the moral type who will simply give up! God this is all so STUPID."

Do you think they're in it for a hobby?

And how are orgs going to find someone ready to go to prison for paying a ransom? It wouldn't be a case of calling for volunteers from the ranks. It would be defined to be the absolute top tiers of management and preferably the board would be included in that.

Re: Wrong

"It's easy to occupy the moral high ground and decry ransom payments from a position of safety."

The point of a ban is not just to occupy the high moral ground but to make ransomware go away entirely by making it unprofitable. Ultimately, it's to make everyone's position safer.

Re: Hospitals

It would also have to be disguised in the accounts. Is the CFO going to risk going to jail to keep the CEO out?

Re: Wrong

And while the CEO may not be directly to blame that's where the organisation's culture starts. If the CEO fails to appoint managers who take sufficient interest in security then it's ultimately their fault. However the CEO needs the board's backing so directors must expect to stand alongside the CEO in the dock.

Re: The best defense is to avoid becoming a victim ö

"The computers are used as they came, fresh out of the box."

Then the quality of what come out of the box will need to be better. Not that that helps too much as the knob controls the monitor will still be a weak link

Re: "Such a ban would need to be universal"

And just bolt on an extra year or two jail time for trying it on.

Re: Word Processing in the Cloud

It's probably not on the syllabus so the teachers don't know how to use it. It was very striking that after KCL had its big outage and lost goodness knows how much stuff they got all arsey about people saving stuff locally. I suppose it didn't look good if users were doing a better job about looking after their work then IT did.

Re: in the ever increasing locked down corporate world

It tells you more about the skill set of corporate IT than it does about the S/W they're trying to keep out or in.

Re: Bloat!

Don't forget that this was before MS got their hands on it.

Re: There's probably 1,500 disks or more

The disk he found had a serial number: 11.

What was the earliest S/N of a product anyone else has had? My entry is S/N 33 of Marathon which eventually became Informix (there are worse product name changes for products originally named "Marathon").

Re: I don't think copyright law can handle this...

"because they do have, legally, access to the images"

What T&Cs apply to that access. You may be legally allowed to view the image nd nothing else. You may not be legally allowed to copy and paste into some other work. You may not be legally allowed to scrape it into a ML training set.

Re: Don't put it on the Internet

You mean just like authors shouldn't publish books because somebody might copy them?

Re: Piles of styles

"I wonder how many artists could define their own style?"

Why should they be able to? The answer would be along the lines of Louis Armstong's definition of jazz. I doubt that even the most successful human forgers would actually define in much detail the style of those they imitate, they just paint like them.

Re: Piles of styles

But-but-but --- that would be money

Re: A modest proposal

Even more effective - CEO and directors.

Re: "$1.5 million to rectify"

I think you may have missed the point of a ban. If it's illegal, and the ban reasonably well enforced, there's no reward for the attacker and no point in attacking.

Remember the point of bank robbery? Banks are where the money is. If banks had no money they wouldn't get robbed.

Re: Is It Even Worth That Much?

I assume Fidelity haven't got any takers to allow them to get out completely.

Re: The very point at issue?

Data legally collected for patient care may only be legally used for patient care. They seem to not have understood that.