Posts by Stuart Castle

Re: "we condemn in the strongest possible terms any malicious use of our products."

You know, I was ready to post something criticising Apple, and hoping they took steps to prevent stalking. I still hope that, but I think we are looking at a symptom of the problem rather than the problem.

Why do people stalk? What can we do to stop them? Airtags are a tool. Say Apple do stop people being able to use Airtags for stalking, there are other tools. Are you going to stop stalkers using them? How would you stop them using (say) a pair of binoculars, or a car? Both of these probably are used for stalking. How about payphones or Pay as you go phones? Both could be used to intimidate a victim.

While security on the tools could often be improved, the problem is the people (I'd argue primarily, but not exclusively, men) using them. They need to be stopped. Whether by education, or another way.

Unfortunately, I don't think anyone has the right answer.

Re: Migration started

Those who factor in the fact that a given cloud provider isn't AWS or GCP (or perhaps Microsoft as well) as a major selling point might be less than impressed.

I know Akamai isn't AWS, GCP or Microsoft owned, but they might have preferred to go for an independent.

Re: "I know a company where they had a summer intern do the Email system. It doesn't matter if his name was Albert Einstein -- he was not there when the shit hit the fan (which it did)"

The problem is when it comes to things like setting up an email system, a lot of managers think it's just a case of running an installer, accepting the default options, then adding a load of email addressees. As such, they may well be happy to offload it on to an intern, because interns are cheap.

The trouble is that setting up a decent email system requires planning, time and money. It's also a lot more complicated than running an installer, clicking "Next" a few times and setting up a few email addresses. The intern could be the best, most experienced administrator on earth (which they won't be), but they aren't going to be around when the shit hits the fan.

Re: Well, that's for the previous El Reg article dreaming about a Google's M1-like cloud...

I love my M1, both in iPad and Mac Mini forms. However, in terms of reliability at scale and over the long term, it is untested

When dealing with production servers , you want to know your architecture is reliable, scalable and support is available if there are any problems.

Note: I know that ARM has been deployed at scale, but while M1 is based on ARM, there may be differences, and those differences may cause problems.

X86, in all it's variants, and for all it's faults, is well known, and as a race we have 40 years experience of deploying it at scale, so it makes sense for Apple to use it.

Don't get me wrong: I'm not saying they shouldn't use M1 (or some variant of ARM), it's just they need to test it at scale first.

Re: Windoze security as service

Merely switching the OS isn't going to stop ransomware.

Linux may be harder to attack that Windows, but it is not invulnerable.

When setting up a corporate network, you need to build in security from the start.

You need to ask yourself which stations on the network need access to the internet, and why. Any stations that don't need internet access should not have it. By "stations", I mean any device that may be attached to the network, whether it's a computer, printer, a medical device or some sort of manufacturing machine. Things like printers should not be accessible on the Internet.

If something needs remote activation, or updating, you need to see if the manufacturers can offer a local Update or Licencing/Activation server.

You also need a decent security system, including firewall/antivirus/intrusion detection, and to ensure any systems are locked down as tightly as they can be without impacting corporate needs.

The downside for all this is that if you do have a specialist machine connected to the network, and it goes wrong, the manufacturer will need to actually send an engineer to diagnose the problem. They will not be able to do it remotely, unless you give that machine Internet access.

Any new software/hardware that goes on the network should be thoroughly tested before use, and any updates should also be thoroughly tested, but should be deployed when they pass the test. It *is* important to keep software up to date.

Finally, there is the User. Users need to be told how to spot scams, and need to know not to just click random links in emails, or open attachments from those they don't know.

The trouble is, all that costs money to do properly, and if done properly, all it achieves is the system working as it should. That is a difficult sell to the beancounters because they'd point out that the system is just doing what it was bought to do, and they'd question why they need to spend more on it..

There is a lot more I could say about this (people have written books on this stuff), but this post is already too long. The TLDR is that no software/hardware is invulnerable. You need a well designed network, with security built in and good security practices being carried out by staff as well..

Re: It's complicated

I don’t dream about it, but I’m not fussy. Given the chance, I’d deport the entire cabinet.:

Re: Ah, yes. The dreaded "fix it NOW!" call ...

Ahh, being on call. In theory, in a previous job, I was on call. In practice, I was never called because I live 10 miles away from the office, in an area that has limited public transport at night, and I don't drive. In short, the boss didn't want to have to spring for a cab if I had to come into work at some ungodly hour in the morning, and while I could have got public transport, it would take over 1 hour at that time of the morning.

What happened in practice is I was still on the on call list, but near the bottom, so several other techs would need to be unavailable before they'd call me. Which meant, I was never called..

Re: There's something I don't get

FOSS is a good thing, but I do think any one who uses it for commercial gain should contribute to the project in some way. Not necessarily Jo Bloggs who designed a system using a couple of open source libraries that they make a few pounds a month with, but certainly the likes of Google/Alphabet, Amazon, Microsoft, Facebook/Meta and Apple who are likely to make millions from an open source project.

Re: "the marginal cost of sharing and making copies of things is pretty close to zero"

RE: "They still think that 30% is an acceptable share of profits from someone else's work."

This is standard business.. The way a store or shop works is generally they buy something wholesale, The price they charge consists of the cost they pay, plus something to cover their bills (they do, after all, have staff, premises and equipment to maintain), then they add a little for profit. Profit is, in some quarters, a dirty word, but it's also the thing that allows you to put money aside for future expansion of the business, or to cover costs in a lean period. It IS necessary for a business to make profits to survive.

Online software stores work in a similar way, except their costs are different, and they charge a commission rather than buy your products in and sell them at a higher price.

Their costs are different to a bricks and mortar store, but they still have costs. They still need to pay for staff, office and data centres, with the associated infrastructure. Even where they use a cloud service (like AWS), there are still costs involved.. Even though they are multi national companies, the likes of Apple, Microsoft and Valve will still have those costs. It's worth pointing out that these companies all make software available for free to make development for their platforms easier, and that also has a development and maintenance cost. That said, in Apple's case, I think the registration cost for developers probably more than covers that.

Now, that's not to justify the 30% commission. I don't know how much these companies pay in costs, but I suspect that 30% is probably a little excessive. I do agree that smaller developers should pay a smaller percentage though. Products from companies like Activision or EA are like to put a much higher load on the store infrastructure than something like a game from a small indie studio, so it's fairer they pay a higher cost.

Re: Words Fail Me

In terms of organisation, the government isn't one entity. It's a group of hundreds, if not thousands, with each entity that makes up the government (be it a Ministry or Department) having it's own procedures and systems for inventory, admin and other processes.

Even assuming they have followed their own procedures and best practices, which in most companies is far from given, there will be thousands of systems to track down, and the individual departments may not have complete lists.

Even with government procedures, it's likely that some of these systems will have slipped through the net, even it's just something small running on a single PC.

This is a massive job. It's not just a case of adding a few machines to a spreadsheet or database. It's finding those machines.

.

Re: Always date and time

It's always date and time.. The fun and games I've had when writing code that has to plug in to different systems, a lot of which seem to have different date/time formats.. Be much easier if everyone stuck to one..

Hell, one of the servers I deal with now uses the English date format (or whatever one is selected in the interface) for all user facing pages, but on any programming interfaces (API and Inventory import CSV) requires the date to be in the form yyyy-mm-dd hh:mm:ss. I wouldn't mind that, but that fact is buried somewhere in one of the guides. It's not mentioned on the server, even in the error message you get if you get the date format wrong (it just says "Wrong format").

If I get time, might see if I can write a script that imports the CSV, corrects the date then imports the data to the server.. There is other information I'd like to upload that isn't supported by the standard CSV import mech.

Re: What will happen to Ed & Izzy?

Ahh Auditors.

We have a PC on one of our AV racks that is old enough that it only supports XP. As such, it's not allowed on our network. However, as it is wired in to the AV rack, it's not really practical for us to the remove the machine, as it would cause significant problems with other equipment in the rack. Problems that don't occur if it's in the rack, but disconnected from the mains. (it was used to stream the output of the AV rack, and has custom connections to the other equipment).

We haven't replaced the PC, partly for the above reason (it has custom hardware inside for the AV connections, and is in a custom case to accommodate the connections), and partly because the rest of the equipment in the rack also needs replacing, and we don't have the budget to do that ATM.

The upshot of all this is that it means that every couple of years, I have to send a photo of the asset tag to our auditors when they, yet again, demand proof it's still there. We are given a list of equipment to check that is supposed to be random, but they ask to see it every time.

Re: Windows upgrade in process

We generally have a good record on updates. That's probably something to do with the fact we use system center to restrict them to running between 5pm and 9am, and have it set to wake up any sleeping machines during the night to check for updates, as well as power up all machines at 8am.

We also have an "at risk" period from 7am to 9am on Tuesday, which we use to make changes to production servers (after testing, of course).

The system is far from perfect, and we do get caught out, but we rarely have a situation where someone is giving an important presentation and the machine restarts to install updates.

Re: It's an iPhone

Re "Some people just always buy Apple even when it costs more or offers less, those are the "fanbois"".

Perhaps Apple products offer them something they want, like support for the potentially expensive apps they have bought, or a relatively low chance of getting a virus even without a performance sapping antivirus?

I'm not criticising Android. If it's good for you, good. It's just people do have a legitimate reason (that isn't cost or more performance/features) to prefer one OS over another, and aren't necessarily fanbois.

Re: The dialog box is clearly photoshopped

It may look like that, but I have seen the Visual C++ runtime (various versions) produce dialogs with no text, just like this..

Doesn’t if you have a proper enterprise management structure in place, including an mdm server,’policy support and possibly a windows updates server.

I help manage thousands of windows 10 pcs and have never had that screen come up on a managed machine.

Re: Should be outlawed...

Re: "All subscription services should be banned from automatically rolling over or having these terms buried on page 56 of the T&C's. It's also happening with insurance. My insurer tells me that automatic renewal by CPA is because they want to "protect" me from driving accidentally without insurance, where in reality its because they are hoping I'll be too lazy to notice that they have hiked the premium on renewal by 25 - 50% and move to another provider."

I do partly agree with that. Most subscriptions should be opt in. Not sure about insurance though. If you don't renew your insurance and have a crash, the consequences could be dire.

But for most services, as I said, any auto renewal should be opt in, with the fact it's a subscription and opt in being *clearly* displayed anywhere the service is advertised. The same applies for any products with a subscription price.

Quite a few times, I've seen a given product or service for (say) £9,99 and it *looks* like a one off payment, only becoming obvious it's £9.99 a month when you look at the small print.

Take, for an example, an iPhone app. For a one off fee of £9,99, it might be good value. For an annual subscription of £9.99, it might still be good value. If it's £9.99 a month, it's probably not good value. I'm naturally cautious about advertising, and even I've nearly been fooled.

Posted this a couple of times now, but it's still funny (IMO) and valid here, so..

A few years ago, my then uncle was a programmer in a fairly big company (I forget which). As a prank, he came up with the idea of doing the above (calling a premium rate line and transferring the call to someone else). Now, the company had restrictions in place to prevent the phone system dialing premium rate lines.

Being a bit of a been hacker on the side, my uncle found a method to bypass the restrictions, do so, dialled the number then transferred the call.

It didn't go through. Basically because he bypassed the restrictions by taking advantage of a bug, the transfer did not complete, and the call got stuck in the system.. A few days later, the company discovered (thanks to a phone bill, IIRC, but I'm not in a position where I can check) the call. The bill for which was now well over £1,500.

They had to get an engineer in to get the system to terminate the call, and he discovered not only what my Uncle had done, but the fact my Uncle had done it, which left my Uncle with some awkward explanations and, I think, at least a written warning.

"Take note that if Apple can allow "someone" to access your stuff after you are dead, Apple can also obey a court order to allow that same access while you are alive."

Not necessarily. Any new keys would need to be generated by a device or person with the original key. I'm no encryption expert, but you would need to be able to decrypt the data to generate a new key. If encryption didn't work that way, you'd be able to generate a key for any encrypted data you saw.

Now, there is nothing physically stopping Apple generating their own key at the time the user's key is generated and using that later, but I think if Apple did that, there are enough experienced hackers who *hate* apple, it would be discovered and leaked onto websites all over the world before Apple's lawyers even got started.

Not saying Apple wouldn't do that, but if they did, they run the risk of losing a *lot* of sales and like any good capitalist entity, they exist to make money.

Re: It is always "sophisticated"

It's true. It's always a sophisticated attack from outside attackers. They'd never admit to some techy (by "techy", I mean the person in the office who has responsibility for maintaining the technology, which is not necessarily someone actually qualified for that job) being given rights way above their paygrade/knowledge level and accidentally clicking on the link in a dodgy email..

Re: +1 Novation

Cool, and there was me thinking Novation was just a make of Midi controller.. https://novationmusic.com/en/keys/launchkey

Re: Another fear mongering advert

Actually, when I was a newbie at work, I spotted we had a virus infection using exactly that. Being a technician, I often needed drivers or utilities to be accessible. Because large USB sticks were expensive, and external hard drives weren't really a thing yet, I had several gigs of them in a shared folder. Read access only. One day, I noticed the machine was struggling a little bit. Seeing nothing out of the ordinary running, I unplugged the machine from the network so I could take it over to a little workbench area I had and look at it. The machine become responsive immediately, so I plugged it back in and started logging connected IPs. Sure enough, two IPs had thousands of failed connections between them. I reported those IPs to the technicians supporting the machines. Sure enough, both were infected with a virus. So, I detected there was a virus on two machines I had no access to based on how they were behaving toward my machine. That was 20 years ago. Technology has improved since then.

Re: Bastard

Depends which definition of "socialist" you use. The one used by the Republicans, or the one used by everyone else. Republicans seem to define "Socialism" as anything that stops the employers doing pretty much what they want to their employees, and paying them as close to nothing as possible. Interestingly, this seems to be the Soviet definition of socialism as well, with the difference that the Soviets essentially brainwashed their population inro thinking this was good for them.

I think you are right. Apple wouldn't have gone to the effort of buying their own chip design business (PA Semi) unless they thought they would somehow profit. I've no doubt that if Qualcomm came up with something that suited their needs better, they'd go with Qualcomm like a shot.

I think Apple buying their own semiconductor design company does give them a massive advantage. People have noted how well Apple Silicon performs (and it does, while I don't game on it, I have an Apple M1 Mac mini, and it is fast, as is the M1 iPad Pro I have).

I don't think it's because Apple's silicon is inherently better than Intel's or Qualcomm's, but they have the advantage that because the teams designing the hardware, software and chipsets for their devices all work under the same roof. That makes it easy for each team to communicate their needs to the other teams, and to work together to ensure that they can adapt what they are doing to factor in the needs of the other teams.