* Posts by Roo

934 posts • joined 21 Sep 2010

Page:

Intel tests definition of insanity with (leaked) typoslab Skylake CPUs

Roo
Silver badge
Windows

Re: Maybe the wrong battleground

"However there are other markets where such chips would be great. Industrial control solutions and IoT for starters"

IMO, IF they are serious, they really should be looking pushing RAS features such as ECC etc. The IoT crowd seem to forget that stuff like light switches are *reliable* and offer consistent performance, something not easily replicated by lowest-possible cost hardware. :(

1
0

The Wilson Doctrine isn't legally binding, MPs CAN be spied on, says QC

Roo
Silver badge
Windows

Re: Guess There Will Be...

Nah, they'll scribble it on a sputum-stained copy of Hansard in fat black crayon then bury it under a pile of broken toys, spat dummies and manifestos.

1
0

Acer Revo One RL85: A pint-sized PC for the snug

Roo
Silver badge
Windows

Please don't be afraid to be picky Nigel ! :)

"I don't mean to be picky, but I'm surprised it was deemed necessary to point that out."

It may seem a bit picky, but I am glad it was mentioned because it can throw a spanner in the works if you're expecting to use the thing soon after you switch it on, particularly with some of the vulnerabilities floating around at the moment.

I would have loved to know how much downloading I'd need to do after installing 8.1 on 3 boxes - I could have adjusted the kids' expectations about their chances of playing Minecraft before bedtime accordingly. It would have been nice to have had my expectations adjusted too - I am used to installing a fresh Linux distro image having it patched and ready to go in under 30 mins - downloading & installing the Win 8.1 updates took nearly 2 hours alone...

EDIT: Kudos for trying out OpenBSD on it too, an unexpected pleasant surprise. :)

9
1

HP slaps dress code on R&D geeks: Bin that T-shirt, put on this tie

Roo
Silver badge
Windows

"When I see a coder wearing shirt and tie, all I think is that he's another modestly skilled type who couldn't cut it in the arena with the talented coders."

Sorry to be boring but it is a mistake to judge by appearances. :)

The story which always impressed me as a PFY was of Seymour Cray coding up an OS in HEX on a notepad while lying in a hospital bed. He probably wasn't wearing a tie at the time, but in all the images I can find of him (when he's not skiing) he is wearing a tie...

I once worked with a chap dressed like a very smart new romantic pirate. This genius designed & built an entire ~4000dpi broadsheet CTP* machine from scratch by himself (welding, pneumatics, laser-optics, machining, electronics, firmware software) within a few months. He had that wonderful knack of making the right choice first time, producing elegant solutions that worked beautifully. Not only that he was a good laugh down the pub as well...

* CTP machines are van sized laser printers that render onto large aluminium printing plates.

16
0

Happy birthday, Amiga: The 'other' home computer turns 30

Roo
Silver badge
Windows

Re: Ah, the good old days!

I had a 512K PAL A1000 back in the day, it was really fun machine. While the graphics were good and the games were fun the thing which blew me away about it was the audio. Really wish I could have found the cash to add a hard drive, upgrade the motherboard to a 680[23]0 + more RAM etc, really was a fun machine to write C on. A few years later I moved onto a 386 + Win 3.1 because it was cheaper than upgrading the A1000 which felt like a massive step backwards after all the relatively lovely Amiga APIs. :(

I loved Matt Dillon's editor DME, did anyone else come across that ?

7
0

First Direct making my life HELL!!!

Roo
Silver badge
Windows

Re: First Direct making my life HELL!!!

I was going to award jake a medal for using Lynx over dial-up. I spent a few years doing that myself - but moved on when kitty pics, flash & javascript took over the interwebs.

0
0

Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Roo
Silver badge
Windows

The problem with setting a hard and fast limit is that you really have no idea what kind of resources the vendor has to spare to apply to the problem - and they well be in a situation where throwing more resources at the problem won't help them beat the deadline.

On the other hand leaving it 120 days before even notifying the public that there are remote exploits in widely used software seems pretty irresponsible to me.

4
0

OpenSSH server open to almost unlimited password-guessing bug

Roo
Silver badge
Alert

Seems a bit quiet in here today.

There's usually >0 fanbois lecturing folks on how crap Open Source is every time there is a major vuln, where are they today ?

Can't help but wonder if it's a coincidence that two firms I called up today couldn't actually do anything because their Windows boxes were all down, one tried calling their (major) courier - their systems were down too, and the ASP ridden internet banking website I use is also down as well.

Anyone else noticed a slightly higher than average level of brokeness out there ?

1
2
Roo
Silver badge
Windows

Re: no problem for "not stupid"

I found the exploit didn't work against my ancient Lucid Lynx boxes, but that could be dumb luck because I haven't tweaked the sshd & PAM setup.

0
0

How British spies really spy: Information that didn't come from Snowden

Roo
Silver badge
Windows

Re: Keep on spying illegally?

"The fact that they are operating outside the law means that they can be stamped on by the courts if they start acting outside their remit."

I can't find any evidence that the courts *can* stamp on them for spying on people. The courts have stamped on GCHQ whistle blowers who highlighted illegal activity and Alan Turing who was being illegally gay. The courts also totally failed to stamp on Kim Philby, who was actively protected by the outfit he worked for - and look how badly that turned out.

There is a balance to be struck, but being able to do what the hell they like without proper oversight hasn't worked well before and there's no reason to expect it to work any better going forward. For that reason I would rather they were able to operate lawfully under proper supervision, and new legislation will be necessary to as the world changes so I don't think it's a great idea to resist it for the sake of it.

On the other hand (D)RIPA is --ing awful and not fit to wipe my arse on. The thing I fear most is a Britain that can't adapt to change because the laws are so restrictive an the surveillance so pervasive, and accountability so weak that any necessary change is strangled. There are signs that we are beyond the point of no-return already.

8
0
Roo
Silver badge
Windows

"it provided visibility of 96 cyber-attack campaigns – and is the only way to obtain information to develop effective responses"

Out of all the justifications given for mass surveillance that one makes the most sense. Sounds like the report is worth a read, thanks for the write up Reg.

It's a pity this report didn't happen *before* Snowdon told us what was going on, and the hacks and technotard PPE grads spent every possible moment talking down to the citizens - who are on the sharp end of policemen beating them to death or plain clothes officers shooting them at point blank on tube trains.

8
3

Cloudy VMs leak ID details that could allow attacks, says researcher

Roo
Silver badge
Windows

Anyone else impressed by the out of order execution side-channel work ? OK, it's not the first time it's been done - but it still has the wow factor for me. :P

3
0

Microsoft: Hey, you. Done patching Windows this month? WRONG

Roo
Silver badge
Windows

"Because apparently it doesn't prevent thousands of authentication attempts happening against privileged accounts on a default install of any Linux that has Open SSH enabled."

I have found that my own Linux boxes are not vulnerable, so no the vulnerability doesn't actually affect all Linux boxes (and I haven't even looked at my OpenSSH + PAM configs either).

"Also a quick read of the RFC that you link to (which you apparently didn't) implies that PAM does not deal at all with unified lockout and password policies, "

I hate to state the obvious here but an RFC is just a document, PAM is code. They are not the same thing.

I still don't understand why this OpenSSH + PAM vuln justifies a vendor (that gets paid many billions for it's product) failing to fix poor design that was pointed out to them over and over and over again for over a decade.

FWIW *if* I wanted to remove the possibility of that vuln happening I could fix the OpenSSH code myself. Fixing the font lib vuln myself just wouldn't be an option, and if I chose to publish such a fix I'd be open to all kind of legal crap from DCMA to copyright infringement. The fact remains that closed source is inherently harder for the user community to fix.

1
0
Roo
Silver badge
Windows

Folks you really shouldn't be downvoting facts you disagree with. Vogon made a fair point, albeit completely tangential to the fact that closed source gets in the way of identifying & mitigating vulnerabilities. :)

0
1
Roo
Silver badge
Windows

"Open SSL remote get root exploits used by Slapper"

Apparently that requires OpenSSL process to be running as root - which is possible, but SOP is to run web servers and other network services as anything-but-root to mitigate the risk of a remote attacker being able to root the box ;)... In the case of services like OpenSSH that *really* need root, privilege separation can be used to mitigate the risk of remote root exploits.

"It's a shame Linux doesn't have sensible and modular architecture that can control authentication centrally"

Why doesn't PAM (http://www.linux-pam.org/whatispam.html) qualify in your estimation ?

1
0
Roo
Silver badge
Windows

Re: My Question

"Which part of the Windows kernel is its trusted computing base? That is, which part is responsible for guaranteeing the invariant of the operating system?"

The following paragraph from the article linked by Dan 55 may answer your question:

"Finally, it's important to understand that this design is not fundamentally "risky." It is identical to the ones used by existing I/O Manager drivers (for example, network card drivers and hard disk drivers). All of these drivers have been operating within the Windows NT Executive since the inception of Windows NT with a high degree of reliability."

NT had no trusted computing base to start with, and MS were quite happy with that...

Here's the 'Security' section of that article, quoted verbatim (it is one of the shortest sections):

"Due to the modular design of Windows NT moving Window Manager and GDI to kernel mode will make no difference to the security subsystem or to the overall security of the operating system this will also have no effect on the C2 or E3 security certification evaluation, other than making it easier to document the internal architecture of Windows NT."

I really cant decide if that paragraph is a result of ignorance or corporate fecklessness.

3
0
Roo
Silver badge
Windows

Re: Kernel mode fonts

"But please, do continue with your rant, O Great Sage! I'm sure no other OS has ever included code designed in an era when dial-up Internet access from home was still a novelty even for most IT experts."

In the PC space, agreed. However NT was actively marketed as a replacement/alternative to UNIXen at the time of 3.51 & 4.0, and it shipped with TCP/IP & IPX support out of the box, so lack of knowledge about networking would be a very weak excuse IMO.

The best excuse I can come up with for MS's naivete is their products mostly ran on single-user boxes. By contrast the multi-user OSes of the time had been secured against hundreds of users trying to steal resources and play pranks on each other for a couple of decades.

That is an excuse though, it's not a good reason. :)

3
0
Roo
Silver badge

Re: Kernel mode fonts

"The VL-bus was directly wired to the CPU so it isn't a surprise at all that this was all kernel mode."

VLB reduced the latency and increased the bandwidth to the graphics hardware, so if anything there was even less excuse for running third party application code in ring 0. I found this out the hard way with a logic analyzer, a 'scope and a misbehaving RIP.

2
0
Roo
Silver badge
Windows

Firstly, thanks for making the effort to engage Vogon. :)

"Thanks to Open SSL etc, we know that the quality of Open Source code is often awful with zero proper security reviews in 18+ years..."

OpenSSL is one project out of many, just as MS is one vendor out of many. Just because MS decided to throw third party code into ring 0, I don't assume that IBM pulled the same stunt with z/OS.

"so being in public view doesn't mean anything is secure."

Quite correct, I am in violent agreement with you on that score.

Bad code can happen anywhere, the trick is to identify it & mitigate it before it burns you. In the case of OpenSSL quite a few outfits forked it because they couldn't get their patches accepted or vuln reports accepted (and this was a common complaint levelled against OpenSSL for a very long time). In the case of Windows we've known about the risks of running third party code at ring 0 for decades, and MS just hasn't listened or decided it's enough of a problem until there are heavily publicised attacks out in the wild. From the point of view of the end user the material difference is that an MS font rendering vuln gives root to the attacker whereas vulns such as Heartbleed compromise user processes.

At the end of the day it's your choice to make excuses for vendors with massive margins, personally I would like them to actually fix the defects in the products that folks buy from them. Hell, even if I didn't pay MS anything I'd want their stuff fixed because those flaws cost productivity and that impacts my spending power.

7
0
Roo
Silver badge
Windows

Re: Kernel mode fonts

"Thing is, your screen will get rendered kernel-side here, too--either by the source or by your machine."

This is really basic stuff, you should do some reading about it instead of trying to guess what happens. Here's a clue for you: You can map a framebuffer into userspace. Windows could do that too.

7
0
Roo
Silver badge
Windows

"Windows might have it's holes, but it has fewer than most of the competition."

The problem with that statement is you are comparing apples to oranges. Closed source development hides faults so that the customers don't get scared off. Barely a month goes by without a vendor silencing a security researcher, that should tell you all you need to know about the accuracy of vulnerability counts for closed source.

11
3
Roo
Silver badge
Windows

Re: Adobe crapware again?

"Well, consider that font handling is a basic OS function (meaning it gets used all the time) AND that graphics drivers are in kernel space for performance reasons,"

I suspect that convenience and slinging the software out of the door as fast as possible also played a part.

"how else are you going to get smooth and speedy font rendering without tons of time-wasting context switching?"

There are a number of techniques you can use to reduce context switching without running complex application code in the kernel. Two of the simple and obvious ones are:

1) Build up a display list (usually made up of primitives) then render list all in one go.

2) For fonts and other oft-replicated items you can cache the rendered glyphs so you don't need to keep re-rendering them. Some systems even cached glyphs in off-screen display memory as well.

if you want to learn more there are a lot of books & papers out there on the topic and there are millions of lines of production code you can read through (for free). In my case I used to religiously read through every copy of IEEE Computer Graphics & Applications and databook I could get my hands on. You may find hardcopies of early 90s CG&A hard to find, so might be worth a look at computer.org to see if they have digital editions of the back-issues. If you are lucky you will a corporate tech library or university that will be only too happy to have you take away all their old copies - just ask them.

14
1
Roo
Silver badge
Windows

Re: Adobe crapware again?

"Troll or 15-year old who has just discovered fanboism?"

Either way they appear to be too lazy and stupid to read the source code and find out how it works.

12
0
Roo
Silver badge

Re: Adobe crapware again?

"Sure, Linux doesn't use Direct Rendering Manager in kernel, does it?

Face it, the amount of processing required by actual application requires most of pixel calculations and settings to happen close to the VRAM and GPU..."

If anyone is genuinely interested in finding out a bit more around the topic, I suggest that they read up some papers on how SGI implemented their early 3D accelerator hardware, drivers & libraries. Might be a bit of a hunt - they were published in the early 90s, I think I found them in IEEE Computer Graphics & Applications back in the day.

Anyway - in SGI's case Performance was a tougher problem for them - as they were working with slower silicon than the NT 4.0 bods, and yet they decided to pay a *lot* of attention to stopping people from cracking the kernel and applications via the graphics hw & libraries. I can't believe that all those techniques passed Microsoft by, especially as they actually *hired* some of the SGI folks... Perhaps MS were simply too cheap to license the tech.

21
1
Roo
Silver badge
Windows

Re: Adobe crapware again?

"Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change"

Sure the library is broken, sure it might well be Adobe's shit code, but the decision to run a Font library in kernel mode was all Microsoft. This particular class of problem has been a pointed out to MS and the user community on numerous occasions - going back to at least NT 4.0.

I am hoping the fix stops running that library in kernel mode in addition to fixing the code, but the fact that MS & their fans have expended more energy on burying the bad news than fixing the problem so far doesn't give me much hope.

40
4

Marshall wants to turn your phone UP TO ELEVEN

Roo
Silver badge
Windows

Re: strange phone holding

"What seems really strange to me is the number of people I see, walking (on their own) down the street, having a conversation with a phone held in front of their face, in speaker-phone mode, so the whole world can hear both sides of their conversation. My only conclusion is that they somehow accidentally turned it on once, and haven't been able to switch it off."

Certainly possible, although I came to another conclusion: They are self-centered muppets who see the Dom Joly shouting at a giant phone as something to emulate rather than laugh at.

1
0

Metadata slurp warrant typo sends cops barging into the wrong house

Roo
Silver badge
Windows

"In my view it's yet another argument for requiring judicial warrants with mandatory reporting of outcomes back to the granter. The possibility of having to report back to a magistrate or judge that they have issued a warrant against the wrong person should concentrate the mind."

I'd like to see that too, but the authorities already have the option of being accountable, yet they routinely choose to be unaccountable. The folks making the laws have gone to considerable effort to ensure this is possible, so I don't see any reasonable hope for that kind of mandatory accountablity happening.

Going by the old "nothing to hide, nothing to fear" mantra that the pro-surveillance bods like to trot out, it's clear that they have a lot of hide.

4
0

Pray for AMD

Roo
Silver badge
Windows

Re: What if

"I wonder what things would be like today if AMD when it was at the top of its game hadn't decided to get distracted by and overpay for ATI, in the process go back to being the also ran it has always been?"

I think it would have been exactly the same outcome because AMD's problem has been it's fabs for over a decade now. AMD haven't been able to compete at process level in terms of outright performance, yield & power consumption going back to the original K8 & Opteron. Back then they couldn't produce them fast enough, and now they can't generate enough demand either.

TL;DR: AMD haven't been able to produce enough of their chips with a decent profit margin so they haven't been able to grow or even maintain their market share.

FWIW I wish it was different, AMD have done some good work over the years.

2
1

Thanks for open sourcing .NET say Point of Sale villains

Roo
Silver badge
Windows

It's not clear whether Jay is asserting .NET is less secure and/or easier to use... I suspect Jay means the latter. Where were his wringing hands when boxes running VB plugged into the Interwebs ?

5
0

FireEye intern nailed in Darkode downfall was VXer, say the Feds

Roo
Silver badge
Windows

@TheOtherHobbes

"Wouldn't outsource to China? Er..."

Thanks for that link. Minimum wage seems to trump security every time...

5
0

Microsoft kills TWO Hacking Team vulns: NOT the worst in this Patch Tues either

Roo
Silver badge
Windows

Re: What can the numbers tell us?

"Given the long and well recorded history of patches for Windows (of all or a particular version), can statistical analysis (and other maths) tell us roughly how many vulnerabilities there are that still need patching?"

You can't really determine the number vulnerabilities from the patch releases simply because there is an upper bound on the number of patches an outfit can crank out every month. If the number of vulns vastly exceed the capacity of the patch writers you might never see a change in the rate of patches for years.

I think you really should be measuring the reported vulnerabilities instead. ;)

0
0

US yoinks six Nigerians to Mississippi on '419 scam' charges

Roo
Silver badge
Windows

Re: If it were UK

Nah, we already know the answer to that one. The British Police forces would do nothing and when pushed say that it's beyond them to do anything about it.

3
0

Dodgy mobe dealer jumps on VAT carousel, gets 13-year ban

Roo
Silver badge
Windows

Re: No jail? @ Evil Graham

"Here's a suggestion - how about doing both?"

The problem is that we don't really have enough prisons to put all criminals behind bars, which is why I suggested housing the muppets on a beach near Sellafield (preferably downstream & downwind if that's possible).

This would have a number of advantages over a prison: cheap to run, minimal building costs and come winter there would be plenty of new spaces opening up on the beach. As an added bonus, overcrowding is unlikely to be a long-term issue thanks to Cumbrian weather & high tides.

The only drawback is that hand wringing lefties might point out that bomb-grade seagulls have been found in the area and the studies that have shown significantly higher mortality rates in the area, although neither of issues can be taken seriously because the sample populations are so small... ;)

0
1
Roo
Silver badge
Windows

Re: No jail?

"I guess the CPS looked at it, and found that there wasn't enough evidence to prosecute."

It's entirely possible the CPS is actually working on it. I suspect that the CPS would prefer to recover the proceeds of the crime rather than impose a custodial sentence, and it's entirely possible that they have already started this process. The lawyers of clients have a habit of making the whole process very difficult. ;)

If it were workable fraudsters could automatically declared bankrupt and held under house arrest indefinitely until the proceeds of their crime are fully recovered. If they can't afford to run their home with no visible means of support they could be given a £15 tent, a 2nd hand knife & fork from an airline meal, and a patch of beach next to Sellafield to live on.

2
0

China makes internet shut-downs official with new security law

Roo
Silver badge
Windows

Re: "major 'social security incidents'"

Dave and Ozzie are already one step ahead. They are reducing the possibility of social security incidents by reducing social security...

5
0

We tried using Windows 10 for real work and ... oh, the horror

Roo
Silver badge
Windows

"Windows 8.1 is the best OS Microsoft have ever made despite what the troglodytes say."

In terms of what's under the hood I can agree with that, it is much quicker and more efficient, night and day compared to 7. Sadly the schizo UI where both flavors are partially complete is a clusterfunt, it reminded me of the worst Linux desktops from over 15 years ago for all the wrong reasons. :(

It's not just me either, our kids (all <7) find Win 8.1 tricky, but they're fine with Linux Mint & Mate when they borrow my lappy - despite spending 10x more time using 8.1.

8
1
Roo
Silver badge
Pint

I reckon a bottle of Buckfast could account for those angry words, no need for "drugs". :)

1
0
Roo
Silver badge
Windows

Useful review

Thank you for kicking the tires so thoroughly - and coming up with an informative review. :)

79
1

Migrating from WS2003 to *nix in a month? It ain't happening, folks

Roo
Silver badge
Windows

Re: Sorry...

"I haven't misrepresented what you are saying at all. In fact, I'm decreasingly sure that you're even sure what you are saying."

OK, try reading it for a second time:

"It is a mistake to *assume* that Windows->Windows upgrades are always less effort than migrating off Windows"

You think you know better, that's fine, I know better too, I'll agree to differ.

I also wrote:

"I wish he made more of that instead of dedicating yet more column inches to banging the "You must upgrade Windows or be Doomed Drum"."

In your article you picked up a post where someone dumps on you (unfairly in my view), then you set up a scenario where you have to migrate off a Win 2K3 box running binaries that won't run on anything but a new cut of Windows and then use that as a stick to beat Linux evangelists with. In my original comment I was simply expressing the wish that article had a broader outlook, I didn't mention Linux, I didn't mention Open Source and I don't think that expressing that view to a fellow commenter was "off" either. I guess we'll have to disagree on that too.

No hard feelings on my side. I hope that crapping on your own doorstep doesn't come back to bite you because I do actually look forward to reading your articles.

0
1
Roo
Silver badge
Windows

Re: Sorry...

"I see no such demands in my post

Of course not."

Right, so even you know it's not true and that isn't my position.

I didn't even want to engage in a pissing contest, it's not worth it. All I was hoping for was that folks would spend 5 minutes having a look at plan B because it may work out well for them. I don't think that counts as zealotry and I don't really think it's worth having a flamewar over either because it's common sense.

"your quite frankly religious sounding zealotry"

That is your own zealotry you are hearing, because you are referring to the stuff that you made up.

"And yes, I'll hurl insults over that. I have no time for religious wankers of any description."

It is you who is behaving like a "religious wanker" (insults, misrepresentation, pretending you know what other people think, asserting you know best with zero evidence to back it up, intolerance), and as a rule dogmatic loudmouths don't tolerate competition, so that comes as no surprise.

"You aren't sounding like much fun to work with.

I'm not."

... because being around someone who misrepresents folks and then flames them on the basis of that misrepresentation isn't fun, it's just plain old bullying and bullshit.

0
1
Roo
Silver badge
Windows

Re: Sorry...

"I flatly refuse your demands to undertake affirmative action regarding open source and present it's relevance disproportionately to reality."

I see no such demands in my post, you are making that up - along with most of the rest of your reply.

All I am trying to say is I think your position is too absolute, too black or white. By return you have reiterated your point that you think that's the only valid approach, hurled some insults and declared anyone to differ with your opinion to be incompetent.

You aren't sounding like much fun to work with.

0
3
Roo
Silver badge
Pint

Re: Sorry...

"Which, quite frankly, is perfectly rational if you know anything about the technologies involved and have actually had to administer them in the field."

You are coming across all "Trevor's Way or Highway", when in actual fact the world doesn't revolve around Windows, as you well know judging by your articles at El Reg. I'm quite happy for you to state you think there are no options, but I have seen cases where there is no option but to move off Windows. I would agree that Windows & Open Source have closed the gaps a lot over the last decade - but in my view that is making them *more* interchangeable not less.

"It is absolutely a safe assumption to make that Windows --> Windows will be easier than Windows --> Linux with a one month timeframe remaining on the clock, because the number of instances where Windows --> Linux is easier than Windows --> Windows is irrelevantly small to start with."

We can argue about the scale of the last category 'til the cows come home, but the point is that category does exist (albeit most of the low hanging fruit has long since gone), which is why I said it's a mistake to *assume*. There are quite a few businesses out there that couldn't exist without taking the Open Source route.

It's not an Windows or Linux equation, Open Source has grown more through opening up new markets than cannibalizing Windows market share - obvious examples being bits of iOS & Android.

"If you can't accept that simple fact then you don't belong in IT."

I am sure that I don't "belong" in the form of "IT" that you are espousing at the minute, and I am quite happy not to "belong" to it.

"You should be out founding religions."

Nah, I'll leave that to Steve Ballmer, he's done a far better job than I ever could, and I could never make the line "Developers! Developers! Developers!" as memorable as Steve did.

1
6
Roo
Silver badge
Windows

Re: Sorry...

"I agree with Trevor's comments, ie. that windows->unix migration is a major project in itself and should not be confused with a Windows -> Windows upgrade."

It is a mistake to *assume* that Windows->Windows upgrades are always less effort than migrating off Windows (Note: this applies to other OSes too). Have all you guys forgotten Vista already ? Besides if folks have left it this late to jump off the sinking 2K3 ship they either don't care enough, or they can't move due to something missing/changed the later cuts of Windows.

Trevor does briefly mention a more sensible nuanced approach where the low-hanging fruit is moved away from 2K3. I wish he made more of that instead of dedicating yet more column inches to banging the "You must upgrade Windows or be Doomed Drum".

6
5

Export control laws force student to censor infosec research

Roo
Silver badge
Windows

"

"it is not possible to release the exploits publicly or even to other researchers outside the UK without an export license"

Does this imply that you can't tell foreign software companies about security holes you have found in their products?"

I suspect you can release the exploits *privately* to the vendor in question. In my experience that doesn't work very well though, because 100% of the vulns I found & reported (all privately) were ignored by the vendor despite being exploited daily.

I suspect that in the vast majority of cases it is the possibility of public disclosure that actually motivates vendors to fix their products, consequently it will be a massive loss to everyone if public disclosure is criminalized.

0
0
Roo
Silver badge

Re: Reminds me of some papers I wrote for the U.S. DoD

"I'm sure everything is much more secure now."

Presumably your papers were buried where the sun doesn't shine, because the recent history indicates they haven't even managed to get around to resetting default passwords yet. It's a pity that joe public pays the price for their fuck ups and willful ignorance of the clowns running the circus, and there doesn't seem to be anyway to replace them with people outside of the circus community.

15
0

Security world chuckles at Hacking Team’s 'virus torrent' squeals

Roo
Silver badge
Windows

I'm waiting for the powers that be to put on their best Dean Wormer face tell us that hackers have been on "double secret probation" for the last decade.

9
0

It's all Uber! France ends its love affair with ride-sharing app

Roo
Silver badge
Windows

Re: A Victory for the Terrorists

"The "law" wasn't being enforced by the Police who should have been arresting Uber drivers continuing to work illegally."

Sure, and the taxi drivers were attacking people and destroying property with the aim of scaring them and destroying their livelihoods, which constitute criminal acts - even in France.

I have some sympathy for Taxi drivers in the case of Uber, but I can't turn a blind eye to them smashing shit up and assaulting innocent bystanders just because they are annoyed. That kind of behavior isn't acceptable, excusable or lawful.

2
0
Roo
Silver badge
Windows

Re: Taxi Licenses

"In my city taxi licenses are expensive and limited in total number granted.

If I were a taxi driver I'd probably be upset with Uber and the governing body."

I get that, however they really should be venting their spleen at the authorities with the aim of working out to a more equitable solution for everyone involved.

2
1
Roo
Silver badge
Windows

A Victory for the Terrorists

Regardless of the pros & cons of Uber, it looks like terrorists have actually scored a victory with terrorism. -1 for the rule of law in France. :(

3
6

Linux Mint 17.2: If only all penguinista desktops were done this way

Roo
Silver badge
Windows

Re: Goodness.

Have an upvote...

Take note Phoenix50:

Positive end user experience leads to "Linux fansite" horror.

I've seen this sort of thing happen before, remember Win95, WinME (yes, seriously), little ole' XP and 7 ? Seems fair to let everyone have a shot at the limelight. ;)

There can be more than one winner tbh, as long as punters get a choice and people share ideas and good practice freely everyone is a winner. It's a head adjustment, instead of viewing competition as war competition can be viewed as an essential part of evolution that supports solutions for the mainstream and the niches.

7
0

Page:

Forums