* Posts by Joe Montana

690 posts • joined 12 Mar 2007

Page:

British cops told to scrap 'discriminatory' algorithms in policing

Joe Montana

Re: Bias is self-perpetuating in lazy statistics

It's self perpetuating but it also has to start from somewhere, the police didn't suddenly decide out of nowhere that they were going to target a particular group or area - such decisions were made due to a prevalence of crimes by those groups or in those areas.

And such a bias can also fade over time, if the police are stopping and searching people from a specific group that historically committed crimes easily detectable during a search, but find that the proportion of searches which result in an arrest significantly decreases then they will refocus their efforts on more useful activities having achieved the goal of reducing crime in one area.

Joe Montana

If not 95%, it's still a significant percentage especially considering the demographics of the population as a whole.

If knife crimes being committed by blacks are decreasing then perhaps this is a result of the police focusing their resources on them?

And yes crime correlates with poverty, but the UK is not a third world country. Just because your parents were poor, uneducated and turned to crime doesn't mean you have to. The government provides free schooling and various opportunities for everyone but it's still your choice wether to take advantage and your own fault if you don't. I know many people who came from poor backgrounds and were able to get a decent education and subsequently get reasonable jobs.

Joe Montana

Re: Predictive policing has the ability to be great if....

As you point out, certain cultural groups are less compatible with UK society than others and the end result of this tends to be crime, but if you say this in public you get accused of racism against those groups.

The fact is there are many different cultural groups in the UK and other western countries, some of them are highly successful and some are not, and it is those unsuccessful ones who are looking to pin the blame on others rather than accept responsibility for their own failings.

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

Joe Montana

Re: Tried Libre about 3 weeks ago....

This is very true, however many people who are expected to perform such tasks are given a standard corporate desktop on which excel is the closest they have. Instead of trying to find an appropriate tool for the job, they make do with what they have.

Joe Montana

Re: Someone please explain...

Because some people actually need macros, although they are generally best avoided...

If you are going to implement a scripting language in your application, what makes more sense?

1, inventing your own proprietary scripting language that's only used by your application suite forcing anyone who wants to write macros to learn something new thats not reusable elsewhere.

2, build on an existing language which is already widely known and supported.

Joe Montana

Re: Tried Libre about 3 weeks ago....

I've had complex word documents go wrong between the mac and windows versions of word.

I've had complex word documents go wrong between different patch revisions of the same base version (ie installing security updates).

I've had complex word documents go wrong between the same patch level on different machines..

These formats are simply too complex and poorly documented to render reliably. Sometimes libreoffice actually makes a better job of rendering a document than a given version of word, especially if you have very old documents or documents which have got corrupted.

Hands up who isn't fighting Oracle in court? HPE, for now, as Solaris support sueball tossed

Joe Montana

Re: Hands up who isn't fighting Oracle in court?

Well with a valid support contract, does that mean you can expect them to fix it to run on those servers?

Just updated Windows 7? Can't access network shares? It isn't just you

Joe Montana

Re: Who cares?

32bit windows supports a total address space of 4gb, so subtract from that any memory reserved for io space, anything used by your gpu etc and you might find you actually have less than 3gb usable with a lot of your memory just wasted.

That amazing Microsoft software quality, part 97: Windows Phone update kills Outlook, Calendar

Joe Montana

Simple business...

Microsoft have a choice of...

1, invest in proper QA and development, keep customers happy and lose very few customers.

2, save money on QA and development, piss customers off but still lose very few customers because most of them have no choice.

Shareholders will force them to choose 2, the users are locked in and they can't go anywhere - why would they bother offering a better product if the users are still buying the shoddy one?

Facebook quietly admits role in Myanmar killing fields – but fret not, it will do better next time

Joe Montana

Re: Ethnic cleansing?

"Maybe go have a read of what's actually been happening."

I have read, i've also read what the people in myanmar are saying (ie local media) and most importantly of all i've actually been to myanmar both recently and for significant amounts of time (i have the passport stamps to prove it), and actually know several people who grew up in the affected region of the country.

What you read about in the international media is extremely biased against myanmar, what you read about in the local media is obviously completely biased in the opposite direction. The actual truth is somewhere in between.

"There's also something of a tendency towards rape by the military too." - unfortunately this is common, there are accusations against british and american troops carrying out rapes in iraq, vietnam etc too.. Is it any wonder that a third world military with significantly less training or discipline would also do the same thing? Not saying it's right, just putting it in perspective. FYI the terrorists are also carrying out rapes.

"They've also reportedly been going to non-Rohingya villages and encouraging the people there to go and do the dirty work instead." - these villages don't need any encouragement, the non rohingya villages have been attacked by the terrorist groups and are out for revenge, remember these are third world villages, not well educated westerners. You see the same thing in the middle east where various factions take up arms against each other.

And then there are false flag operations, economic refugees, and non-rohingya refugees who have fled in the opposite direction (ie towards other cities in myanmar) which you don't hear very much about in the western media.

So instead of reading propaganda online, why don't you actually go to myanmar and speak to people?

Joe Montana

Ethnic cleansing?

"Following attacks on authorities by a Rohingya militant group last year, the Myanmar military retaliated in violence that the UN has characterized as ethnic cleansing."

So basically a rohingya militant group (aka terrorists) attacked the authorities, and the result of this is military intervention. Any country in the world would react in the same way, and indeed fights against armed terrorist groups are currently underway in several other countries like syria and iraq.

"An estimated 25,000 people have been killed in the violence, the UN claims, and 0ver 700,000 people have now fled to neighboring Bangladesh"

Assuming this is correct, killing 25,000 and allowing 14 times more (700,000) to escape doesn't sound like very successful ethnic cleansing.

The area in question is now a warzone, with fighting between the military and terrorists with innocent civilians being caught in the middle. That 25,000 figure doesn't just represent innocent people killed by the military, it also represents terrorists, soldiers and innocent victims killed by the terrorists.

There are always innocent casualties in wars like this, many civilians are getting killed in syria and iraq, and the military forces there are far better trained and equipped than the myanmar military.

Joe Montana

Myanmar

"There has been a significant increase in freedom of expression in Myanmar over the past five years" - freedom of expression also includes freedom to express your hatred and other negative opinions. Conversely not being free to express your hatred doesn't change your opinion, it ensures that it remains hidden and doesn't facilitate any discussion or education.

If you simply suppress someone's views and spray them with one-sided propaganda they will grow to resent the propaganda and their existing views will be reinforced. What's needed is open debate and education so people can be exposed to all sides and learn for themselves.

Mourning Apple's war against sockets? The 2018 Mac mini should be your first port of call

Joe Montana

Re: Macs typically have a longer usable life than Windows PCs ...

Louis Rossman is a good point, if a mac fails outside of warranty people are likely to go to someone like Louis to have it repaired. If a generic PC fails outside of warranty, people usually just throw it away and replace it. This even happens when there's a software failure and the underlying hardware is fine.

This one weird trick turns your Google Home Hub into a doorstop

Joe Montana

Re: The usual IoT crap

The industrial stuff tends to be better tested for reliability, but in terms of security it can be as bad if not worse. Also despite being horrendously expensive, a lot of this stuff uses the same cheap generic chinese electronics as the consumer stuff.

SQLite creator crucified after code of conduct warns devs to love God, and not kill, commit adultery, steal, curse...

Joe Montana

Re: I have a code of conduct

Unfortunately, common sense is no longer very common...

Virgin Media? More like Virgin Meltdown: Brit broadband ISP falls over amid power drama

Joe Montana

Reliable internet

If you depend on the internet, especially for your business then you should have backups... I work from home, and i have 2 lines (cable through virgin and a separate adsl over bt infrastructure), i also have 4g tethering available if necessary. I also have battery powered devices (laptop, phone) which can continue service for a while in the event of a power outage.

Home internet connections are designed to be affordable and for casual use, where it's only a minor inconvenience if it goes down.

Powerful forces, bodily fluids – it's all in a day's work

Joe Montana

Re: Monitor

"Big firms pay peanuts for monkeys who's only technical abilities are turn it off and on again and if that fails re-image the boot drive (which is great when it takes a day and a half to install all the tools needed to do your job)"

There are millions of firms out there who need support, but far less people who are actually capable of providing it. Often the monkeys are all you can find, and some of them aren't even cheap.

And then you have the problem of microsoft constantly pushing their products as "easy to use", despite the fact that to actually use and manage them properly requires more knowledge and skill than even the supposedly "hard to use" products theyre competing with. This marketing then convinces companies that hiring the cheap monkeys is perfectly ok, and that hiring properly competent people would be a waste of money.

The end result is instability and security breaches.

Microsoft Windows 10 October update giving HP users BSOD

Joe Montana

Re: The above is all well and good if you're running a business

"Not all businesses have on staff IT people"

And that is the problem, if you are going to operate a complex machine you need to hire experts who know how to properly maintain it.

Despite what microsoft claim, windows is simply not suitable for non technical users - keeping it running reliably and securely is extremely difficult and requires highly skilled (ie expensive) people to do so.

Brit mobe operator O2 asks cut-off customers: Have you tried turning it on and off again?

Joe Montana

Typical...

Even when the provider knows there's a problem, they prefer to keep you performing troubleshooting activities in the hope that the problem will get resolved in the backend before you've finished. That way it looks like there never was a network problem, and the 10th restart of your handset or router reboot somehow fixed it.

ISPs have been doing this for years.

Apple forgot to lock Intel Management Engine in laptops, so get patching

Joe Montana

Obscurity location

There's a difference between obscurity provided by the manufacturer which is common across all users, and obscurity provided by the user which is unique to that user.

If the obscurity is provided by the manufacturer, i can buy the same system myself and investigate it. The system can be reverse engineered and the obscurity uncovered and exploited.

If the obscurity is provided by the user, i can't buy the same system off the shelf and discover the passwords or keys of some arbitrary user since they won't be present.

'Desperate' North Korea turns to bank hacking sprees to rake in much-needed dosh

Joe Montana

Who?

False flag operations are also very easy to conduct, and it's easy to blame north korea, or russia, or china, or whoever else is enemy of the day.

Economic sanctions don't generally hurt a regime, they hurt the innocent people. There will always be black markets willing to sell goods for them, but keeping the country cut off from the world is actually doing the regime a favour. Their local propaganda can blame sanctions for hurting the country and its people and the sanctions themselves restrict the flow of any information which might contradict the official line of the regime.

Your specialist subject? The bleedin' obvious... Feds warn of RDP woe

Joe Montana

Re: Hard not to agree...

A client machine can be dangerous too...

There are many ways that even a hardened client image can be leveraged to gain further access, especially when that client machine is part of a domain.

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

Joe Montana

Re: Thanks for clarifying.

"I think that is the fault of General Protection."

It's not his fault, he passed orders down the chain to Colonel Panic.

Some credential-stuffing botnets don't care about being noticed any more

Joe Montana

Abolish crap passwords?

Abolishing crap passwords won't help when the source of the passwords is a breach from another location... Doesn't matter how strong a password is if it's getting leaked from somewhere that doesnt store it securely.

Blocking based on IP is also pointless due to the excessive use of NAT these days, blocking a single address often results in millions of innocent users being blocked simply because they use the same provider as a single compromised user.

Also most of these "attacks" are not actually perpetrated by anyone even remotely related to the source address. Attacks frequently come from chinese addresses because china is full of cracked software which never receives updates (updating often overwrites the cracked binaries), so their machines are easy targets. The same is true of many other countries, but china just has a greater volume of users.

In a race to 5G, Trump has stuck a ball-and-chain on America's leg

Joe Montana

Re: THz broadband

Shorter than cat6, but cheaper to deploy because it involves less digging up of the street...

Ofcourse it's still worse than fixed lines, you can always add more physical cables to handle greater traffic or greater numbers of users in the same area. You can't increase the available wireless spectrum within a given area, and the actual service area is smaller than the area in which the spectrum is used.

Wireless should only be used when wired isn't available, the aim should always be to deploy wired services wherever possible...

Lots of places are pushing wireless services, and they work great initially but once lots of users get on board the service becomes unusable with poor throughput and unpredictable latency spikes.

You can add more physical cables, but you can't create additional wireless spectrum.

Dead retailer's 'customer data' turns up on seized kit, unencrypted and very much for sale

Joe Montana

Full disk encryption?

These machines were servers, if you enable disk encryption then you have to have a way to get the decryption key onto the box...

Either you store it on the box, which defeats the purpose of encryption... Or you have to enter it in order to boot the box, which makes maintenance and recovering from failures (eg power) more difficult.

Plus, encryption incurs a performance hit, which usually isnt wanted on a production server, and will increase costs.

On the other hand, during normal operation only trusted IT staff will have physical access to these hosts, and those staff usually have administrative privileges anyway so the risk of them taking data directly from the drives is very low.

The problem here is how the assets were disposed of when the company was liquidated.

Also this happens all the time, its just that in most cases those acquiring the hardware either don't care about the data (ie they just wipe and reinstall the drives for their own use), or they do care about the data and don't want to draw attention to their nefarious activities with it.

Watt the heck is this? A 32-core 3.3GHz Arm server CPU shipping? Yes, says Ampere

Joe Montana

Drivers?

"The bigger problem that has held ARM back in data centre is about drivers"

It's nothing to do with drivers, an ARM server will have drivers for the hardware fitted in it, and it's rare that a server will have anything else installed into it that would require drivers. The number of servers having nonstandard cards installed is very small. In fact, even on x86 servers all i ever see in the expansion slots are vendor-supplied storage and network cards.

The problem is application code, and specifically closed source applications. Linux has supported ARM for a long time, and the vast majority of open source code has already been compiled for ARM by various distributions.

Running Linux and open source apps on ARM is just as easy as x86, and has been for a long time. Many people are running applications on raspberry pi and other similar boards, the only thing missing is higher end ARM hardware aimed at datacentres.

Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears

Joe Montana

Nothing to connect to?

I have dual stack here and i'm seeing about 50% of traffic going out via ipv6, mostly to google, facebook and office365...

Also our VPN went ipv6-only a few years ago (inside the vpn, the endpoint you connect to is still dual stack) - this solved a lot of problems, not least of all the frequent address conflicts when users were trying to connect from networks which used the same internal ipv4 ranges.

Seagate passes gassy 14TB whopper: He He He, one for each of you

Joe Montana

"IronWolf Pro, supporting up to 24-bay NAS enclosures, capacity ranges from 2TB to 14B"

I can see a 2 terabyte drive being useful, but the 14 byte version seems pretty useless to me...

Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses

Joe Montana

Re: Another IPV6 article which exposes issues with IPV6

Well cgnat will be slower, and more open to abuse (thousands of users behind the same address making it very hard to block abusive or compromised hosts)...

ISPs will also have to log every outbound connection made or udp packet sent in order to track any kind of illegal or otherwise unwelcome activity, as simply knowing the ip address and timestamp will no longer be sufficient to identify a user.

Joe Montana

Re: Has anyone truly made the switch?

You will end up with heavily NAT'd ipv4, and have to use ipv6 if you want any inbound or p2p connectivity...

There needs to be more incentive for end users and corporates to enable ipv6, or it will never happen. A lot of ISPs don't provide ipv6 at all, and the vast majority of corporate networks don't use it even if their isps support it.

IPv6: It's only NAT-ural that network nerds are dragging their feet...

Joe Montana

Glorified proxy

A few years ago you had ISPs which advertised that you were "part of the internet" because you got a dedicated ipv4 address, as opposed to some lesser providers which put you behind some kind of proxy service...

There are plenty of routers that work fine with ipv6, providers like sky and bt are now providing ipv6 by default with the routers they supply for instance, most users don't notice the difference.

What will spur ipv6 adoption is creating demand for it - offer services that either require ipv6, or work better with it. Microsoft do this to some degree with the xbox one which declares that it works better if it has ipv6 connectivity, but providers could do more to encourage this. Many providers offer beta access to various services to a limited audience for instance, why not provide these services only over ipv6 for the beta phase?

Microsoft's cheapo Surface: Like a netbook you can't upgrade

Joe Montana

Re: Linx 12x64

If you're just using it for browsing and some simple editing, you'd be better off getting a cheap android tablet...

If you install gentoo on it, then it should run quite well after everything has finished compiling, assuming you configure it right... Even the actual compilation won't take that long as you let it run overnight unattended.

Alaskan borough dusts off the typewriters after ransomware crims pwn entire network

Joe Montana

Domain admin

Hardening active directory to make attacks like this difficult (not impossible) requires significant investment, you need third party tools, and highly competent (ie expensive) staff. Chances are this organisation didn't have the budget required to hire such staff, or do so in sufficient numbers to manage and monitor a network of this size.

If not suitably hardened, active directory is extremely easy to compromise and since it's often tied into everything - that means you now have control of the entire organisation and are extremely difficult to remove.

2FA? We've heard of it: White hats weirded out by lack of account security in enterprise

Joe Montana

Re: Depends entirely on the risk

Actually there are many ways that an attacker with a tiny foothold on the network could use that foothold to elevate their privileges and gain access to far more resources.

Joe Montana

SMB

But does it apply to SMB logins over the network?

People implement all kinds of extra security on interactive logins, but forget that you can still connect and execute code over SMB among other things, authenticating using just the hash and bypassing any smartcard or 2fa setup.

Joe Montana

Account lockouts?

Why would you implement account lockouts? that's a monumentally stupid idea...

Usernames are often predictable, and frequently not even secret at all. An attacker can work out all your usernames and then intentionally get all the accounts locked, irrespective of how good those user's passwords were.

Similarly even if you lock accounts after say 5 attempts, that means an attacker can still perform 4 attempts per user - if you have many users, at least some of them will have common passwords like Password1 or Welcome1 etc.

A network based brute force is slow and will only ever succeed against extremely weak passwords anyway, so long as you have a half decent password policy no such attempts will succeed. And you should have half decent monitoring too, so you notice attacks. Simply relying on account lockouts is stupid.

Which? calls for compensation for users hit by Windows 10 woes

Joe Montana

Re: Where's the problem?

If you need to do maintenance yourself then it's not suitable for the typical user, who has no idea how to perform these maintenance tasks. People complain about linux, but windows is actually worse in this respect - more maintenence required, and more difficult to fix anything that breaks. The typical windows workarounds posted on forums involve registry edits and powershell scripts, which is just as difficult for non technical users as shell commands if not more so.

US regains supercomputer crown from Chinese, for now

Joe Montana

Downloading porn...

Most of these research institutes have extremely fast internet connections, so yes it can download porn faster than your desktop...

Have to use SMB 1.0? Windows 10 April 2018 Update says NO

Joe Montana

Re: So for a while now...

Ditto, as someone who rarely uses windows but has been using linux and unix for years i've rarely seen kernel panics, and those i have seen were usually down to either hardware faults or me testing/writing experimental kernel patches.

The few times i've used windows, or seen someone else using it, i always wonder how they put up with it. Just last week a friend of mine was unable to connect to wifi and had to reboot before it would work, and after rebooting the system was sluggish for several minutes and inundated with focus-stealing popups.

Joe Montana

Re: FFS microsoft

Well perhaps someone should have thought about that before implementing a critical system using such a poorly designed protocol...

Really the problem is that SMBv1 was so badly designed in the first place that it needs to be turned off for security reasons. There are plenty of other protocols that are old and still in use and also still widely supported by backwards compatibility even when newer versions also exist.. SMTP/ESMTP, HTTP 1.0, DNS etc.

Joe Montana

Why?

What exactly is wrong with smbv1 thats fixed in newer versions?

I still use NFS, sometimes NFSv2 or v3 depending on the use case - i'm aware it lacks security features present in newer versions, but in many cases those features are not necessary. I have a readonly share full of videos and music for instance which is shared by multiple clients in my house, including linux based media centre boxes. I don't care if someone gains access to that data, and i'm not aware of any vulnerabilities in the server software itself.

Pwn goal: Hackers used the username root, password root for botnet control database login

Joe Montana

Hacked box

Chances are they deployed the C&C on a compromised box, and root/root is probably how they themselves got access to it in the first place.

Whois? Whowas. So what's next for ICANN and its vast database of domain-name owners?

Joe Montana

Personal vs business

Nominet at least makes a distinction between personal and business registrations, with the latter detailing information about the business.

Having full contact information about a business is extremely useful and desirable, you want to be able to contact a business and a legitimate business wants to be contacted and for its companies to know it truly exists and isnt a scam etc.

Also in the case of a genuine business, all of the information is already going to be available publicly anyway.

Doesn't the GDPR require companies to declare what they collect and what they do with it? If they're up front that your details will be collected and published on the internet then whats the problem? You have the choice not to use the service, or to use an anonymising service etc. The GDPR is supposed to give users control over how their data is handled, it shouldn't prevent someone from publishing their own data if that's what they choose to do.

Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode)

Joe Montana

Other processors

Intel and AMD have a lot more legacy 32bit (and even 16bit) code hanging around, removing 32bit support would cause a lot of headaches. ARM chips are usually used in embedded devices which are typically designed together with the software they will run so there's far less problem.

There have already been pure 64bit chips with no 32bit mode, such as Alpha...

Interestingly while ARM64 is quite new, their primary competitor in the embedded space is MIPS, and MIPS64 has been around since the early 90s, but they failed to capitalise on their lead over ARM.

Samsung escapes obligation to keep old phones patched

Joe Montana

Phone contracts

A lot of phones are purchased on 2 year contracts, so at the very least the manufacturer should be required to support the phone for the duration of any such contracts.

Internet engineers tear into United Nations' plan to move us all to IPv6

Joe Montana

Re: Mapping plan

You may have missed the bit about developing countries...

They have slower connections, which don't need these new expensive routers, so they buy older routers that providers in developed countries have discarded, which is part of the problem as many are using equipment which doesn't support ipv6 or incurs significant performance penalties when doing so (eg ipv4 in hardware, ipv6 in software on a slow cpu).

Joe Montana

Re: Mapping plan

There is already a mapping from ipv4 to ipv6 - the 6to4 address space:

https://en.wikipedia.org/wiki/6to4

Every routable ipv4 address has a /64 of ipv6 space in this way.

The way to encourage ipv6 adoption is to make it a desirable feature that users demand from their ISPs... Microsoft do this to a small degree by stating that the xbox one works better with ipv6, but more is needed.

If big services like google and facebook start promoting ipv6, and making new desirable features available on ipv6 first then people will start asking their isps for ipv6, and are more likely to favour providers that are offering it. ISPs don't bother at the moment because its a cost, if they start to lose customers due to lack of ipv6 then they will take action.

It's World (Terrible) Password (Advice) Day!

Joe Montana

Account lockouts = stupid

Account lockouts do very little to stop brute force, an attacker isn't going to try thousands of passwords against a single account - they're going to try "Password1" against thousands of accounts as this has a far greater chance of success, and systems which lock based on account will do nothing to stop this attack despite the fact that thousands of attempts to login to different accounts is clearly a malicious activity that should be detected.

Not only that, but locking accounts makes it very easy for someone malicious to intentionally lock accounts, causing severe inconvenience and disruption.

You need to develop a sensible strategy like exponential backoff and detecting anomalous behaviour like the above, not just blindly lock accounts.

UK gov grilled over massive exposure to struggling outsourcer Capita

Joe Montana

No new contracts?

If they cancel any existing plans they might have had for new contracts, that will only hasten the demise of capita...

There is ALWAYS a risk of suppliers failing, and a sensible exit strategy should be a standard requirement for any contract or procurement... Sadly this is almost never the case, as suppliers want to keep their customers locked in - not make it easy to migrate.

Page:

Biting the hand that feeds IT © 1998–2019