* Posts by JohnnyS777

9 publicly visible posts • joined 28 Jun 2017

SBOMs should be a security staple in the software supply chain

JohnnyS777
Meh

Yet another checklist item.

The SBOM will just wind up being another checklist item. Something that someone on the team will have to fill out to satisfy a "requirement". Good programmers who do security properly will see no change to their work except having to fill out a form. Bad programmers will see no change to their work except having to fill out a form.

Liability is the answer: Make someone somewhere pay damages if the software is insecure, and then you'll start to see changes.

What's up with IT, Doc? Rabbit hole reveals cause of outage

JohnnyS777
Trollface

Re: Ouch

Another trick is to adopt a Bouvier (Belgian guard dog breed). A friend of the family had one, and all her neighbours were very grateful that no raccoon or any other animal would come anywhere near that block. The dog was very sweet and friendly, but one of his double-bass "woofs" would scare the crap out of any animal within a few hundred yards.

Missouri governor demands prosecution of reporter for 'decoding HTML source code' and reporting a data breach

JohnnyS777

Re: Dare I admit to the govenor ...

Wireshark is chicken feed. I run Kali Linux.

What do WLinux and Benedict Cumberbatch have in common? They're both fond of Pengwin

JohnnyS777

Re: Microsoft dreams finally come true

What Mage said!!!

(Although I don't find cygwin totally frustrating: My use case was probably less intense than Mage's.)

When I need a *nix environment, I run a *nix. NOT some silly limited environment shoehorned into a bloated OS. Especially when that bloated OS takes up most of the resources I need to work while being provided with constant "updates" to fix problems that have nothing to do with my work and often break the basic security and functionality of the system.

What this "pengwin" proves is that users and developers WANT to run *nix, and M$ is terrified of losing market $hare once the world realizes they Don't Need Windows.

Disclaimer: At work I had a choice between a Mac and "upgrading" to Win 10. I now run an OS X Mac with multiple Linux VMs. Sweet *nix everywhere!!!!

Boeing 737 pilots battled confused safety system that plunged aircraft to their deaths – black box

JohnnyS777

The real reason these people died:

Money.

This was a case where a significant FLIGHT CONTROL PROBLEM was encountered on the previous flight. Significant enough that the pilot called "pan pan pan". Only a "mayday" is more serious than that. So what happened? Ground staff followed a checklist and swapped/tested some components and they looked fine on the ground. It's clear the pilots and ground staff did NOT know what was the root cause of the problem. But the airline got to make money, so screw due diligence: Over a hundred people were loaded on and took off to die.They had a FLIGHT CONTROL PROBLEM and didn't test fly the aircraft? Why not? That aircraft should have been grounded until it had been flown without passengers by a competent test pilot who knew ALL the aircraft systems including the MCAS.

Propose a new rule: If a commercial aircraft experiences a flight control problem on a flight and survives, it remains grounded after landing until (1) the flight control problem has been fully understood and remediated, and (2) a test flight (no passengers!) to normal cruising altitude and speed has been completed by a competent test pilot certified by the manufacturer. Any persons who are airline staff, management or engineer personnel who release the aircraft back to service without these 2 steps completed and documented shall lose all their professional accreditations and shall immediately be banned from working in the airline industry. Should the subject aircraft crash with loss of life, those persons should be charged with manslaughter.

Experimental 'insult bot' gets out of hand during unsupervised weekend

JohnnyS777

MTS was at Simon Fraser University in the early 80's.

I had a job for a year in a physics lab at SFU and they didn't turn off the accounting for us, even though we were supposed to have unlimited processing: They just set it to a huge limit. IIRC, students would get about 10 bucks or so for a course, depending on the expected programming work required. Since I was a researcher, my max was set to 100,000 dollars. So I could run whatever FORTRAN number-crunching I wanted and never lose a research run because of hitting the limit.

We had limited terminals in the lab, so I'd often go work in the large student computer lab which always had a few terminals free and lots of co-eds. When you logged off the terminal, it flashed up a number showing how many dollars were left in the account. Once I logged out and a student behind me gasped and asked "How many courses are you TAKING???"

We got a good laugh out of that!

Search results suddenly missing from Google? Well, BLAME CANADA!

JohnnyS777

Re: Embarrassed by the SCOC's lack of technical understanding ...

As another Canadian, I'm also a bit embarrassed about this but I think there's a couple of points you missed that change the complexion of this issue.

First, the SCOC is not supposed to consider the widespread results of their decisions: They are not lawmakers and not allowed to make laws they like. What they CAN do is make decisions that become law because they are precedents and those become common law. But the decisions are supposed to be made on the very specific facts around a specific case and nothing else.

In this specific case, they only looked at the egregious behaviour of the "bad guys" and the existence of the court orders. The fact this ruling opens up a big can of worms on the world stage is something they should not have considered, and indeed they did not make that mistake.

As for the "technical acumen" the SCOC displayed, I think you're incorrect and the SCOC was pretty smart. All they ruled was that Google must remove any of the villains' links from search results. There's no requirement to pull down the websites or anything that is outside of Google's purview. This is *technically* very easy for Google to do, and they already do this for other issues (such as terrorism websites, etc.) So, *technically* what they ruled is easily enforceable.

As for the *legal* enforceability of this ruling outside of Canada, that is a whole different story. But it's pretty clear this has been a long time coming: Applying regional or national laws to the Internet was always going to be mostly unworkable. However, the following are increasing rapidly: Legal and regulatory problems on the Internet involving e-commerce, privacy problems, cybercrime and cyberwarfare. The need to deal with these problems is also increasing and IMHO it's going to get a lot worse before it gets better. There are no easy solutions.

JohnnyS777

Re: JohnnyS777

Thanks for following up.

Just FYI: I am not affiliated with Equustek in any way.

JohnnyS777

JohnnyS777

What are you talking about "animal care products"? Equustek does high end electronics:

"Since 1988 Equustek has been specializing in the manufacture and design of gateways, bridges, and custom protocol conversion communication products that will allow you complete system integration. They allow industrial automation equipment the ability to exchange data over popular industrial networks." Where do you get animal care products from THAT???

I'm sure that if Boeing found out that some villain had ripped off all their aircraft designs and was selling identical versions of the stolen Boeing aircraft in direct competition with Boeing, Boeing would have NO PROBLEM asking Google to remove the links for the villains' sites, especially if Boeing had already obtained legal injunctions against the villain.

Or how about if Jaguar found out that some villain had stolen all their designs and research and was selling perfect copies of their latest cars at a lower price because they avoided paying for the development, design and research? Wouldn't removing the search responses from the worlds largest search engine that point to the villain's websites be a just and reasonable move?

That's all that Equustek has done here: These villains are criminals and they need to be brought to justice. This is just a part of the process.