Posts by Lysenko

Re: Off the leash

@Jason

English law doesn't recognise the concept of ad hoc "deputizing" civilians in the same way (some) US law does. The Executive branch (Cops) have certain implicit powers, but some others require the concurrence of the Judicial branch (Warrants). The degree to which a warrant issued to the Executive indemnifies a civilian informally providing assistance is dubious and certainly an unnecessary complication. Issuing a warrant formalises the relationship and eliminates any debate about lawful delegation of authority.

An analogy is a landlord or hotelier demanding a search warrant before assisting with access to a room. The point of the warrant is not usually to compel the hotelier's compliance (quite probably they're perfectly happy to assist), it is to forestall any civil action that the aggrieved guest might otherwise engage in.

...or don't pick premium kit?

My WileyFox (not exactly "Premium") downloaded this patch set this morning and it also addresses another class of security threats that "Premium" units do not: for the same money I can have one real phone and an identical clean copy for dealing with data thieves (like the US immigration service).

Crims are also well aware of the advantages of burner phones. I suspect it is only a matter of time before the "offence" of not having an immediately obvious FarceBook account set up becomes probable cause to call in a proctologist.

Sending the phone on ahead via FedEx still seems to be a fairly reliable workaround based on anecdotal evidence.

"Well, they're not an employee of ours, so it's not our responsibility."

That's just the point. It isn't their responsibility (arguably) because part of what distinguishes a contractor from an employee is the degree of control that the company can apply. A lot of this has been worked out in terms of H&S law, but if you just apply blanket audit and disclosure rules to both employees and contractors without detailed consideration then you're liable to trip over IR35, and if (hypothetically) you are a specialist contractor working for several competing organisations (e.g. Banks) then there is no way in hell any one of those organisations can be allowed to audit everything you are doing.

Re: So You Think You're a Software Engineer?

That might interest the bean counters because it impacts OpEx but it doesn't concern Facilities people or CapEx. You can't know what the server loading (for example) is going to be over the DC lifetime so you have to allow for the worst case scenario, which will be specified in kW rather than processor metrics.

Having said that, I also reject the premise in general. Switching languages can optimise specific functions at the application level, but when it comes to the DC level the efficiency of a business function occupying half a dozen 42U cabinets is going to owe a lot more to design architecture than implementation language. You can't assume that JS/Node automatically needs more resources than C++. It might be the Node version is using Angular/Vue/React and offloading most of the load to the client whereas the C++ version is CGI and round tripping to the server for every page redraw. Or the C++ version might be trying to compute aggregates from Mongo and getting stomped by even PHP because the latter is using a proper RDBMS.

Implementation language is buried amongst so many other interacting variables that you cannot realistically factor it into DC design decisions that you'll be stuck with for at least a decade.

Re: Widespread problem

There's nothing modern about the lack of/weak security: all the ModBus/TIA485 industrial control stuff out there has always been like this. What is (relatively) new is the obsession with giving everything an IP interface and then slapping it onto an Internet facing LAN. I have quite a lot of power equipment like this but it is all networked over ModBus or CANBus so the only way a miscreant is going to get to it is by getting remote access to the control unit, running Debian (and if they get that far I have much bigger problems).

Of course, hardening devices by making remote access virtually impossible is verboten in our brave new cloudy world so if you want robust security you'll probably end up having to build it yourself.

Re: Nobody needs more than 640K of RAM.

"I think there is a world market for maybe five computers."

... Thomas Watson, IBM, 1943 and it isn't apocryphal.

Re: I'd like an explanation of wtf it actually is

Containers are basically lightweight VMs.

DevOps is an HR/Accountant/PHB inspired strategy to make SysAdmins redundant (-£££!!) and dump their job onto developers (assisted by scripts supplied by consultants).

Continuous delivery (previously known as "beta test in production") comes from the same source but this time aimed at the QA team: it dumps bug detection onto end users. Sewage engineers will recognise the concept: you don't care how bad the contents of the pipe smell, all that matters is keeping the pipeline moving.

A core supporting concept is "MTR" which means "Mean Time to Remediate". This strategy dispenses with obsolete metrics like quality, correctness and reliability instead measuring the time taken to address your continually delivered bugs with your next deployment (of different bugs).

Re: What should it do when it is suddenly blind?

@Primus

That still happens when an HGV kicks up spray on the motorway: you have temporary visibility degradation and you know what caused it. A computer may not be able to determine that so it would have to respond as a human would to actual loss of vision.

For example, if everything suddenly goes black for no apparent reason then there is a strong possibility of neural hypoxia (e.g. catastrophic blood pressure loss) and you might be looking at imminent cascade failure of all cognitive functions. Even if you can't feel other symptoms, you know your sensors are compromised and there's no way to know how much time you have before motor function failure. Hence: emergency stop.

From the very brief details in the article, it doesn't seem that there necessarily is any disagreement. All WD are asserting is that SanDisk has "priority" to participate and Toshiba are saying they are proceeding alone. Those positions do not appear to conflict. You cannot have "priority" unless there are others to be prior to. Ergo the question only arises if Toshiba solicit external investment (which they aren't).

Re: As a divorcee I have to say...

In that case, there should be a shareholder agreement stipulating that in case of sale the other shareholder has first refusal on 1-5% at the original issued value. Allowing a situation to arise where one founder can transfer shares to a hostile party without simultaneously guaranteeing a controlling interest to the remaining founder is madness - as cases like this regularly illustrate.

Re: track down the perps!

I often wonder why these clowns tip off the victim by actually displaying the ads. Why not just pull them down into dev/null? There's no way an ad server can tell if there was a screen draw and it can't distinguish if XMLHttpRequest was triggered by a mouse click or a timer.

Re: As always, it's a balance between benefit and risk

When the PC refuses to boot because it detects a lens cap I'll get exercised about this (my main PC doesn't even have a camera. Or speakers).

Until then I would be way more concerned about iOS/Android camera and microphone shenanigans. Those you can't just unplug.

Re: This makes me sad

Oracle get their hands on Zend/Personal Home Page?? PLEASE make it happen. Then we would only need to kill HHVM to render PHP as a bad memory like PowerBuilder or DataEase.

Re: @Steve Evans

A MicroBit can run from a CR2032 for about the same time (12 hours), depending on how hard you're hammering the RF stage. Major size difference.

re. Ah, node.js is PHP for millenials.

It's popular because you can use the same language on both the server and the client <gasp!>

... basically a manifestation of: "When all you have is a hammer...."

Extra points for not mentioning AI.....

.... or "DevOps" or Storage Arrays.

Re: free idea

1) Unless you're planning to install a LAN for this then you're going to be using the Internet and Kinects are basically fancy webcams, i.e. "things". IoT <> Cloud.

2) Your specific use case isn't that hard: you'll probably want 4 Kinect->USB adapters and a NUC/pico-ITX type processing unit (raspberries etc won't handle this) running OpenCV with Python/Flask stitching things together. Heartbeats are not going to work with a Kinect alone though. You might want to consider a FLIR Lepton to keep an eye on body temperature and or a BTLE wristjob of some kind. You might also consider some VoC sensors (have I left the gas on?) and leak detection ropes (did I leave the bath running?).

you don't even get that CHOICE...

Of course you have a choice. I keep Win7 and Win8.1 machines for testing purposes. None of the "get Win10 now" manifestations has forcibly updated anything overnight when I wasn't looking.

I guess I'm biased because most Windows users I know work for customers (Banks) and they are therefore spied on continually by corporate security and have zero say about what patches are applied to the machines and when. It has been that way for decades. If I'm ever doing something that requires privacy/security above the level of an Investment Banker then I'll use something way more secure than Win7.

Re: Given all the world-wide travel

I wonder how this works out when you go into the US with a non-US wireless enabled gadget or take a US unit into another country.

The rules are about selling the equipment and using a device broadcasting on an unauthorized frequency. The former is the Manufacturer's problem (TP-Link interpretation) and the latter is yours. So if they don't sell the non-compliant device in the USA and you don't transmit on the wrong frequency, there isn't a problem.

MS from messing with your settings

Caveat: We're discussing a law here. Judges opinions matter. Privacy warriors - not so much.

MS probably have permission if you dredge through the EULA in enough detail and apply relevant precedents. You cannot generally get out of a license/contract on the basis that you couldn't be bothered reading it and/or obtaining relevant legal advice about the implications. If you've got an active copy of Win10 then at some point you took positive action to assent to the EULA. Same applies to Android (which I suspect is a bigger privacy hole in any case).

That's a completely different kettle of fish to something like port scanning, which is essentially the same as walking down a public street trying all the car door handles. Telling plod you're doing legitimate research into automotive security isn't going to get you out of a trip to the station.

Re: @codejunky

I can only assume the company you work for didnt exist before the EU and produces something nobody else would want?

Correct, it didn't exist before the EU. What we produce has demand pretty much anywhere in the G20, but it's an expensive pain in the ass dealing outside the EU. We've had stuff held up in Brazilian and Mexican customs for months on end. USA and Japan we don't sell to at all (though we've been asked to) because of red tape and incompatible regulations.

And the EU is a part of the world but only a part of.

The EU is the biggest economy in the world and has over half a billion people. Sure, that's only a part of the world ... but it's a big part.

Where the EU ends up is a political matter and I doubt it will be clarified in our lifetimes. My own best guess is a full blown federation with Westminster reduced to the same sort of power as Holyrood (by about 2100 or so).

Being in the EU doesn't prevent us trading with the world, so being out of the EU adds nothing. All it does is ensure that all our business has costly overhead as opposed to maybe 30% of it. The EU is essentially one set of rules. Every non-EU country is another set of rules. A vast explosion in rules, tariffs, taxes and bilateral treaties just means getting buried under huge steaming piles of extra paperwork, middlemen and legal fees.

I was referring to the large number of SME's

Kevin's Bargain Garage Door Emporium probably doesn't give an aardvark's left gonad if the OS uploads the entire contents of the hard drive to Redmond. If they're ever talked in Office 365 or OneDrive or Azure then the entire selling point is uploading everything to Redmond.