nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by UncleDavid

9 posts • joined 20 Aug 2016

Q: If Pesky Pepper had a peek at patient papers, at how many patient papers did Pesky Pepper peek? A: 231

UncleDavid

Why do you define "Norfolk" for the Yanks (who could easily look it up in their favorite mapping app) and not define "surgery"? (US: "Physician's Office". No scalpels involved).

Apple's launch confirms one thing: It's determined to kill off the laptop for iPads

UncleDavid

Facial recognition, detachable keyboard, home button gone, new pen, all the power I need... Tim Cook was describing my trusty Surface 4 Pro! Apple continues on its path of being 2-3 years behind Microsoft. Perhaps I don't need to upgrade to a 6 after all.

Nominet drains mug of tea, leans back, calmly explains how to make Whois GDPR-compliant

UncleDavid

Wikipedia's use of Whois

Part of my recent rummaging in Wikipedia is figuring out whether to recommend a block on editing by IP addresses that repeatedly vandalize. To do this right, it's important to find out whether the IP is assigned to a large ISP (so probably an individual customer) or to something like a school or public library (so you are likely blocking innocent users of a public terminal, for example). Whois is the tool of choice for finding out.

Does this change mean that Wikipedia self-appointed cops and nags will have less information to go on?

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

UncleDavid

I agree with statements above that there is no excuse for shipping these bugs, or for violating "it ain't broke don't fix it" by changing signed to unsigned without good reason... but I do understand the instinct. Since I first encountered K&R v1, I wondered why the hell the authors made strlen return a signed integer. I could only assume they were too lazy to type the (too-long) word "unsigned". Or was unsigned not in the first version of the language? - frankly I forget.

It just makes large parts of my brain hurt when an integer that can never represent a negative quantity (string or array length being the canonical examples) is declared signed. It's sad that "signed" is the default because I'd be so bold as to say that most of the integers I declare can never go negative.

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush

UncleDavid

WS2003 redux

Ahhh... memories of the time I subverted the normal approval process and persuaded certain engineers to remove the toys, media player, and "take a tour!" from Windows Server 2003 OOB experience, which was about to launch looking just like XP OOB. Looks like they have re-learned the lesson.

User asked help desk to debug a Post-it Note that survived a reboot

UncleDavid

Remove the note!

Who among us hasn't tried to dismiss an actual physical Post-It, which they earlier stuck on the monitor as a reminder, by clicking on the top corner? Repeatedly?

OK, who was somewhat tired at the time?

Just me then.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

UncleDavid

Re: "the SMB server bug is the result of a buffer overflow in Microsoft's code. "

"Remember when MS claimed they'd spent $Bn training their devs to not write insecure code and totally re-written the code base to eliminate these flaws?"

Never claimed to have rewritten the codebase. Everyone was made to own, and responsible for reviewing, part of the old crufty code, some of which was years old. So someone's name it on this. But these 16/32/64 confusions, and (especially) the byte/char confusion when moving from the ASCII to the Unicode days, are incredibly difficult to spot. During the NIMDA (I think) attack, their security bods posted the offending code and even then most people couldn't see it until it was explained.

UncleDavid

Why connect to the killswitch server?

One thing I don't understand about the kill switch. It seems to look up the garbage name, and then connect to the server to see it it's responding. But since the key action seems to be registering the name, then surely having DNS return a valid IP address should be enough to say "stop". There would be no need to go on with a connection; the server itself could be clogged (the more successful the spread of the malware, the more likely that it), or down for a while, so the success of the kill would be flaky.

Or is the idea that, even after the name is registered, the kill switch can be turned back on by just shutting the service down?

Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell

UncleDavid

Re: "On Linux we’re just another shell"

It's an open secret that when MS converted the Hotmail front-ends from BSD to Windows 2000 (what, over 15 years ago) and post-mortemed the project, one (among several) clear shortcoming was the scripting capabilities. Geoffrey was already toying with an interpreted, scriptable .NET language, and the HM experience was one of the drivers to make it into a product. Take the existing shells, superset them and apply to Windows.

The Register - Independent news and views for the tech community. Part of Situation Publishing