* Posts by theblackhand

538 posts • joined 1 Oct 2009

Page:

Oh Snap! How intelligent people make themselves stupid for Snapchat

theblackhand

But...

No one cares about what the application does as long as it's user growth rates are good.

Who needs revenue! It'll magically appear somewhere in the future. About the time they introduce advertising or micro-payments and the app suddenly becomes less popular....

3
0

Fujitsu's billion-dollar ARM supercomputer delayed by up to 2 years

theblackhand

Re: For a much smaller budget...

You can call your bunch of ARM processors a supercomputer, but whether they can be used for much will be down to how well you can distribute tasks across them which will come down to I/O and memory bandwidth. I mean, what point is having 10,000 or more CPU's available to you if the first 100 or so have finished the tasks you have distributed to them before the last 5000 or so processors have received any work?

You can break the bunch of processors down into nodes, but you can do that with other processors too.

I suspect, the advantage of Fujitsu's ARM's won't so much be in the ARM core as the offload processors that accompany it which is why they can't use off-the-shelf products. Potentially what Fujitsu need is the next die shrink to get the performance they need from each SoC to make this project worthwhile...

0
0
theblackhand

Re: Hmmm

Not sure the issue will be with the process side of things. Supposedly, Apple already has 10nm products from TSMC. We might even see them announced later today...

Note that TSMC may or may not be actual 10nm - their 16nm was 20nm with FinFET gains to approximate 16nm (http://www.tsmc.com/english/dedicatedFoundry/technology/16nm.htm). In which case it may be a 14nm SoC base process with FinFET giving equivalent performance to 10nm in comparison to the 14nm SoC base process.

Which leaves the issue being Fujitsu's chip design... And most likely the performance they can extract from it at present.

0
0

SSP to PERMANENTLY shutter mega-outage bit barn

theblackhand

I think...

..there may need to be a change in tense from "works with" to "worked with" in:

By its own reckoning the business works with "8 of the top 10 UK insurers, 4 of the top 10 global insurers and over 40 per cent of UK Brokers.”

1
0

Japan's Brexit warning casts shadow over Softbank ARM promises

theblackhand

Re: Not really comparable

Softbank may take the view that ARM is just IP and the people are just a cost centre, but they will discover their mistake in a few years.

ARM's current advantage is that they provide a cost effective and flexible design with very active development and some history.

If these change (particularly cost), there are competitors (MIPS as the most likely option, but Intel could conceivably compete if they can learn to live with wafer thing margins and POWER could work). It might take 4-5 years and the UK is unlikely to benefit in the way they do from ARM, but no IT company is guaranteed to succeed in the future.

1
0

Extra Bacon? Yes please, even though the Cisco bug of this name is bad for you

theblackhand

Re: "Exploiting Extra Bacon while severe is complex and unreliable..."

As this exploit is restricted to Cisco ASA's (possibly PIXes, but as they are end of life I'll conveniently ignore them...), SNMP is enabled by default but no communities/hosts are defined to allow monitoring without further configuration.

As far as best practice, I would assume:

- monitor via a secure path (VPN or secure WAN to the inside interface)

- use standard company-/location-specific SNMP strings that do no include public/private/secret

- use separate communities for RO/RW access and only use RO-communities for monitoring to make capturing RW communities harder

- ensure both SNMP settings/ACL's restrict SNMP access to trusted hosts/networks

None of these practices makes monitoring a firewall difficult for a known authorised party (i.e. if you are doing it internally or via a third party). The biggest challenge for remote monitoring of a firewall on a Internet connection with a dynamic IP and technologies like Easy VPN address that requirement with minimal effort for competent operators.

Based on these recommendations, any ASA's discovered via the Internet with publicly accessible SNMP access are very poorly configured...

2
0

Latest Intel, AMD chips will only run Windows 10 ... and Linux, BSD, OS X

theblackhand

Re: Does this mean...

I think MS's answer actually translates to "we won't release updated install media to support newer hardware on "legacy" Windows OS's".

As usual, there will be a little bit of noise followed by someone releasing a tool to create bootable media to get around this.

MS will replace the PR person with a new one with less bullet holes in their feet and a bigger gun...

10
0

Google breaks heart, White Knight falls off horse

theblackhand

Re:the US broadband monopoly

The US broadband monopoly is caused by counties/states handing monopolies to the telcos - no one then has any interest in intervening to fix the problems.

While Googles fibre projects were interesting, the costs were significant - the estimate of US$1b/city and low take up rates outside of richer neighbourhoods suggested it was never going to make rapid in-roads into the US telecoms market, but I thought they may give it more time.

For the 90% funding cut, i guess that puts expansion on hold until current subscriber numbers increase to meet current costs.

0
0

Watch the world's biggest 'flying bum' go arse over tit in a crash

theblackhand

Re: All of us are in the wrong business

While the US military sold the HAV for $300k, they kept the wall that the $100 million was pissed up against...

7
0

Google broke its own cloud by doing two updates at once

theblackhand

Interesting

For Google and AWS, these outages are always interesting - it results in downtime/reduced availability, but in my experience in IT, downtime or unavailability of components aren't uncommon when trying to run 24x7.

The interesting thing is how you keep the larger system in a functioning state, capture enough information to identify the root cause AND get it back to a functional state within a few hours. Sure, it turned out to be human error (software updates combined with large scale moves) but they had considered capacity during this work, and the thing that affected service was the retries rather than expected load.

5
0

FalseCONNECT sends vendors scrambling to patch proxy MITM bug

theblackhand

Re: Does this require that you have a proxy configured?

Yes, you would need to have a proxy configured to trigger the CONNECT's rather than sending the requests directly to a web server.

If the attacker is on the same subnet as you and you are using Windows, they might be able to automatically configure proxy settings via WPAD using NetBIOS name resolution, but there are steps that can be taken to mitigate that (disable proxy auto detection, disable NetBIOS over TCP/IP).

0
0

Colour us shocked: ISPs not that keen to sign up for Universal Service Obligation

theblackhand

Are there any last mile providers other than Openreach providing less than 10Mbps downstream? My experience with Virgin or other alternative last mile providers is that they provide at least 10Mbps and usually more.

If the UK is serious about improving residential/SMB Internet access, more investment is needed rather than pretend obligations from ISPs when the majority of them use a common last mile provider - the investment via BT Openreach doesn't appear to have produced great results compared to other countries efforts over similar time frames.

4
0

£1m military drone crashed in Wales after crew disabled anti-crash systems – report

theblackhand

Re: Drones for UK that can't land in the Wet

If it did save a few hundred million, then it looks like a wise choice.

They could operate these for 20+ years before the cost of a better system would make the upgrade would be worthwhile.

I'm not suggesting this was fully understood or considered by those making the purchasing decisions...

1
0

IBM makes meek apology for Oz #CensusFail, offers no fail detail

theblackhand

And everything was going so well for the spokes droid, until the sticky notes they used to identify their ass and their elbow fell off and they started talking out their elbow....

2
0

Facebook to forcefeed you web ads, whether you like it or not: Ad blocker? Get the Zuck out!

theblackhand

Re: Errrmmh....

Or maybe FB's ad pimping isn't as successful as it hoped?

P&G are "scaling back Facebook advertising" as the targeting provided by Facebook didn't provide the expected increase in effectiveness (link to provide full details of claim, you don't have to click it...)

http://www.wsj.com/articles/p-g-to-scale-back-targeted-facebook-ads-1470760949

11
0

#Censusfail aftermath: Here's what's happening inside Australia's board rooms this morning

theblackhand
FAIL

Re: Probably not a DDoS

Somewhere in a nameless government office:

Idiot 1: What happened Dazza?

Idiot 2: Not sure Trev

Idiot 1: Can we just say it was some scary security bogeyman? No one would question that would they?

Idiot 2: Good plan Dazza, lets google security issues

Idiot 1: * googles * DDoS sounds scary Trev

Idiot 2: Sure does Dazza, let's go with that

9
0

Londoner jailed after refusing to unlock his mobile phones

theblackhand

Re: Well?

Re:What made Britain into Great Britain was subduing the Welsh and Scots. Possibly temporarily.

Maybe we just need an attempt at independence, so that we can legitimately conquer one of them to set an example as well as ending centuries of poor relations?

1
0

Iraqi government finally bans debunked bomb-finding dowsing rods

theblackhand

Re: Did they not...

I thought they were almost 100% effective where the IED's contained golf balls for shrapnel?

Once the baddies stopped using golf balls as shrapnel in IED's due to the cost increases in the second hand golf ball market as well as unresolved questions about where newer ball designs really did improve distance and accuracy, the detectors were useless.

0
0

Gartner's hype cycle turned upside down to assess Brexit

theblackhand

Re: Dampening

From my reading of the BOFH - sort of.

People tend to be quite good at absorbing the first bump, but become a little spongy after that...

2
0

BOFH: Free as in free beer or... Oh. 'Free Upgrade'

theblackhand

Re: Training

Wasn't pulling the ladder required to retrieve the ladder sans-Printer Rep?

If you threw away your ladder everytime you disposed of a product rep, you would end up needing a ladder rep...

40
0

Next month's Firefox 48 is looking Rusty – and that's a very good thing

theblackhand

Re: So, Rust is now "a thing"

It should be "shoe in" if detecting rust in a Fiat that you're considering purchasing

2
0

'Digital influencers' must disclose paid-for content, says new guidance

theblackhand

Re: As a prominent digital influencer myself

Dear Sir

I really like the jacket you have in your picture - where can I get one?

Thank you

G Ullabull

5
0

Softlayer embiggens its cloud VMs

theblackhand

Re: Cloud VM?

What? AWS and Azure have been doing cloud VMs for up to 10 years - they may not fit every business model but considering the revenue they make they fit a lot of businesses.

Softlayers problem is that they're offering less mature services than their competitors with features that are 2-3 years behind. Still, it's IBM, so you can be pay a lot for the privilege of using a second tier provider while still providing a sloth-like business model.

0
1

Who shot JR (that great Dallas broadband)?

theblackhand

Re: "[..] ATT will be in a world of hurt"

Re: And not a single tear will be shed.

I sometimes cry when I laugh REALLY hard...

3
0

Let's play: 'IT values or hipster folk band?'

theblackhand

Re: Sponsored article

I'm not sure there will be a rush of companies looking for Reg commentards to make jokes about their expensive rebranding exercise.

8
0

Dell finds liquid cooling tech on eBay, now wants you to buy it

theblackhand

Re: A break-fix techs nightmare.

You didn't realise what Nintendo had been training people for?

0
0

Disk death: Three-quarters of PCs will run SSDs by 2020

theblackhand

So...

Gartner have been reaching into the magic butt and pulling out the contents again. Think they are a little optimistic within 5 years although they will probably be correct within 10 years.

Projections for the global PC market by 2020 put it at around 290 million with a breakdown of around 170m laptops and 120m desktops. I'd expect close to 100% of laptops to have SSD's by 2020 (currently ~33% and prices for laptop SSD's/HDD's are nearing parity so no real reason for not moving to HDD's other than high end capacity).

On the desktop side, will they reach around 20% selling with SSD's? Assuming the desktop market has drifted even further to value systems (i.e. around 47% value, 47% mainstream and 6% performance in 2012), they would need around 100% of performance desktops and 25% of mainstream PC's to include and a likely bump in price. Sounds a little optimistic.

TL;DR: Gartner produces report showing next PC boom for hardware manufacturers ~10 years after PC hardware booms ended

2
0

Surface Book nightmare: Microsoft won't fix 'Sleep of Death' bug

theblackhand

Re: Sleep and Hibernate have always been iffy

To everyone saying You just have to live with sleep and hibernation problems, go and try an Apple MacBook.

It just works - rushing somewhere? Close the lid and go. Boss asks you to show her something? Open the lid and show her. Don't have a power brick? Close the lid and resume later once you have power.

In around 3 years of using MacBooks I can only recall one time the MacBook hasn't resumed successfully.

THAT is what end users expect from a laptop because they can already get it from Apple - if Surfaces go on doing this, MS will lose Surface customers to Apple.

40
0

MySpace 'passwords dump'

theblackhand

Re: Which is equivalent to...

Or... It's a last gasp at free publicity before MySpace finally disappears...

1
0

Two weeks ago Salesforce had an outage. Now it's outsourced to AWS

theblackhand

Re: the endless blame-game opportunities

From the AWS website, AWS appears to have two Sydney data centres and a Cloudfront/AWS direct connect location at Equinix in Sydney.

Are the two AWS data centres actually third party facilities?

0
0

CIA says it 'accidentally' nuked torture report hard drive

theblackhand

Re: Yeah, sure, right...

c) The CIA promotes person X to position Y. The CIA tells person X that there is a single copy of file Z. Person X witnesses file Z being deleted. Person X is then asked to testify that the only file has been deleted. No lies and everyone is happy....

1
1

Symantec antivirus bug allows utter exploitation of memory

theblackhand

Re: main purpose of Symantec

The main purpose is extracting money from end users.

There might be an accidental side effect of providing some security primarily by making your computer so slow that you stop using it.

The chances of Symantec being used by intelligence agencies to gather information when the software turns your machine into an unusable piece of crap which severely limits intelligence gathering.

5
0

Big Pharma wrote EU anti-vaping diktat, claims Tory ex-MEP

theblackhand

Re: Hurrah!

I thought the issue with the house of Lords was the continued growth (i.e. 400 available seats in the house vs 807 members), the ease at abusing the expenses and introducing a term length with the possibility of re-election following that term rather than wanting to make the whole House elected.

If only they would die off faster....

0
0

Transfer techies at SWIFT tell Bangladesh Bank: Don't shift blame for $81m cyberheist

theblackhand

Re: $10 switches are fine

And without management features, ports won't be shutdown and 802.1x won't be used to authenticate connections and it will complicate finding a WLAN AP or remotely accessible computer planted somewhere out of the way...

0
0

Can ad biz’s LEAN avert ADPOCALYPSE?

theblackhand

Re: Internet marketeers

"The marketers lost any moral argument..."

You really found marketers with morals?

0
0

TWC celebrates $79bn Charter merger by blacking out in New York

theblackhand

TWC in New York

Are you sure the blackout was part of the celebration? Based on past experience, I would have thought the 15 minutes of working Internet was the celebration...

The great thing about temporary offices is that you just get the cheapest, dirtiest Internet that can be delivered quickly. And then wonder why you have no Internet for ~30% of the working week along with the rest of TWC's Mahatten customer base. OK - maybe 30% is an exaggeration and it's only 27%-28%...

1
0

Hey, YouTube: Pay your 'workers' properly and get with the times

theblackhand

What about freebooting?

I realise it is at a slight tangent to the original article, but it relates to the question of who ends up providing the content and reaping the rewards.

In particular - the "battle" between YouTube and Facebook.

I didn't know this existed until I saw a video about the issue on Reddit, but I don't know the real impact.

0
0

Ex-HP boss Carly Fiorina sacked one week into new job

theblackhand

Re: On behalf of the human race

More like:

Trump 2016: Making Republicans unelectable again

Trump trails Clinton by around 6% in polls and trails significantly in the electoral college system by around 250 vs 170 based on expected voting patterns with projections showing 300+ for Clinton.

39
6

Intel has driven a dagger through Microsoft's mobile strategy

theblackhand

Re: 50 billion IoT devices

Re:margin

Typical ARM pricing is around US$5-$15/SoC per 1000

Typical Atom pricing was around $25-30/SoC per 1000 (possibly even lower with rebates/subsidies to get their chips into products)

Typical x86 pricing is US50-$2000/CPU per 1000

These are rumoured prices manufacturers were paying versus RRP. Price isn't everything, but you have to have sufficient yields and sales to cover your R&D/manufacturing/sales/C-level bonuses/dividends.

ARM has the advantage of being cheaper and easier to make, but Atoms weren't where the money was for Intel. There might have been a window where Atom could have been brilliant and ARM failed to increase performance that gave Intel the opportunity to compete in mobile devices, but it didn't happen.

As ARM move forward, they will need to increase their complexity to incorporate a longer pipeline and cache which will drive an increase in SoC size and therefore cost per unit. ARM manufacturers can put pressure on Intel and Intel's margins will continue to fall, but Atom being dropped isn't the death of Intel and they still have a 2+ year lead in process technology.

At the risk of insulting them, Intel may not have the best technical CPUs on the planet, but they have been the best CPU manufacturer (sometimes at the cost of performance/technical excellence to allow higher yields) for decades.

2
1

Yay! It's International Patch Your Scary OpenSSL Bugs Day!

theblackhand

Re: Kill it with fire!!!

Assuming you are running patches for existing vulnerabilities already, you should already be patched for one of the two high severity issues (CVE-2016-2108).

For the second high severity issue (CVE-2016-2107), you need to be running AES (you should be...) using crypto offload. On the plus side, it is likely to only effect newer installs that can be patched reasonably easily, on the bad side it was introduced by a previous patch (although it was in 2013 prior to the Heartbleed.... In addition, the vulnerability allows the decryption of data rather than a remote compromise - bad for you so patch it, but that abandoned website isn't going to become an easy target for script kiddies..

For the low severity vulnerabilities, existing mitigation steps around getting rid of older protocols should have you covered.

Patch as quickly as possible but this isn't too scary on the OpenSSL 1 to 12 scale...

1
0

Batten down the hatches! OpenSSL preps fix for high impact vuln

theblackhand

As others have said, Heartbleed set the expectation that there would be a lot of changes to address SSL/TLS security in the coming years as some of the code found indicated very poor practices.

Completely getting rid of SSLv2 and historical export defaults, slowly killing off SSLv3 while combing through TLS to make sure it was fit for purpose takes time, as does cleaning out issues within the trusted Certificate Authority model, getting people to upgrade their certificates to current standards to address encryption/hash protocols that were approaching the end of their working lives.

However, if it is another DROWN-type vulnerability where disabling SSLv2/v3 is a workaround, I'll sleep easier...

1
0

Another failed merger, Carly? Ted Cruz to bring in ex-HP boss Fiorina as running mate

theblackhand

Re: Cruz and Carly?

Assuming Trump goes on to win the presidency, at least the US will be able to look back and say "at least it won't be as bad as if Carly was involved"

Or is she planning on outsourcing the US electorate to ensure Cruz wins the nomination?

2
0

Panama Papers graph database cracked open for world+dog

theblackhand

Re:illegal behavior

I think it is too early to judge the illegal behavior element as it will take time to sort out:

- entities that are using the service for legal and morally justifiable reasons

- entities that are using the service for legal but morally unjustifiable reasons

- entities that are using the service for illegal reasons now (i.e. Austrlain citizens (around 900) would appear to fall into this category due to their tax laws - potentially US citizens as well, but not aware of any so far as they are more likely to have used legal US tax havens)

- entities that are using the service for illegal reasons in the future... i.e. the actions of some politicians or their friends and families that are "allowed" now, but a future regime may have a different view.

5
3

IBM says no, non, nein to Brexit

theblackhand

You have to smile....

"Putting jobs...at risk"

Isn't that the motto of IBM's offshoring business?

6
0

'No password' database error exposes info on 93 million Mexican voters

theblackhand

Re: has to be said

"He's from Barcelona^H^H^HTijuana..."

1
0

Logging on to United's frequent flyer site might take longer than a flight

theblackhand

Re: Post-Its

If only they asked more security questions than could easily kit under a standard size keyboard...

United, are your security people listening?

0
0

All-Python malware nasty bites Windows victims in Poland

theblackhand

Re: Upon initial execution of PWOBot

From what I can tell, it compromises Windows when a user installs an application that they downloaded from the Internet. I assume that traditional methods of containing this type of threat will continue to be as effective as they have been in the past I.e. Restricting admin rights, up-to-date AV software, user education

As for the Python element? I can't recall a scripting language (compiled or otherwise) ever being used to install software...

0
0

Catastrophic 123-reg VPS cockup deletes Ross County FC website

theblackhand

Re: So your saying they should have a dedicated web developer, a sys admin, a network engineer and a security expert (minimum)?

Depends - as long as they can kick a ball they can be part of the team...

9
0

MIT boffins build AI bot that spots '85 per cent' of hacker invasions

theblackhand

From the conclusion:

"as time progresses and feedback is collected, the detection rate shows an increasing trend, improving by 3.41× with respect to a state-of-the-art unsupervised anomaly detector, and reducing

false positives by more than 5×."

I believe this is after 28 days of operation.

As for usefulness - it sounds like a useful improvement, assuming the sample data is representative of "typical" traffic hitting a variety of common web servers, for a V1 product but its not going to fundamentally alter the security landscape.

1
0

What's wrong with the Daily Mail Group buying Yahoo?

theblackhand

So the good news is....

...the Mail Group might fail because of this?

Let me guess, this is one of those Daily Mail articles where they tell you the good news about X on Monday and but by Friday, X has morphed into a global catastrophe?

46
0

Page:

Forums