* Posts by Displacement Activity

327 posts • joined 2 Jun 2008

Page:

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

And knowing where to look...

https://www.digital.nhs.uk/media/1486/NHSmail-confirmation-it-is-safe-to-connect/pdf/NHSmail_150517

Ergo, any trust infected was still running it's own improperly configured separate mail system in preference to using the centrally provided NHS Mail system (nhs.net)

I'm not sure that this actually came in by mail. There was an IBM guy on Radio 4 this morning saying that they'd scanned a billion (literally) mails and hadn't found any with the original infection. Is the source for the mail infection angle just one statement from Telefonica?

0
0
Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

I have an application that can run only on Debian 5 (it's being phased out). A good part of it are kernel modules... etc

Sorry, but your post makes absolutely no sense. I really hope that you're not involved in NHS commissioning.

2
11
Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

@Richard 12

If you airgap it, how do you get the images off? Today, things like X-rays and MRIs etc.pass the images etc. into your records and can be seen on screens throughout a hospital. Making them only available on a few screens near the MRI etc. is pointless.

Don't airgap it; open one port, and write an app that retrieves images. Transer with standard sockets code; it's trivial, and the comms can be done in a couple of hundred lines of standard C.

And you wouldn't even think about running this on XP, or Win10, or whatever, and using SMB.

8
0
Displacement Activity

Re: Eh?

Microsoft provided the patches to those who had contracted for support of XP. No hoarding.

Errr... the point is that MS pointed the finger at the NSA for hoarding. MS selectively disclosed, and the NSA selectively disclosed. No hoarding.

Just in case Microsoft didn't understand: intelligence agencies and hackers all round the world spend their life looking for zero-days, for their own reasons. How MS can then blame them and whine that they're 'hoarding' is beyond me. F***tards.

8
2

Sophos waters down 'NHS is totally protected' by us boast

Displacement Activity

Re: Fault?

Obsolete OSes and timely application of patches are one issue, but this could just as well have been a zero-day.

Sooner or later you're going to get an infection inside your network. What you want is (a) to detect it quickly, (b) to limit the spread, and (c) to allow the affected parts to be wiped clean easily.

Well, yes, but you omitted the fundamental problem - don't, by default, assume that your computers have to be on a network. They don't. And, if they do, don't just share everything on SMB/whatever.

Whoever decided that an MRI scanner/X ray machine/whatever had to talk SMB should be fired. It would take a day to knock up a program to transfer X-ray images over a basic sockets connection, and another week to turn it into a client/server app to find and return any image.

1
2

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Displacement Activity
Happy

Re: Biggest problem is the apostrophe

Hello AC1 what wrote the apostrophe thing, nice to meet you.

I should probably warn you that meating AC0 may not be a nice thing to do, and is probably illegal.

1
0
Displacement Activity
Meh

Re: Biggest problem is the apostrophe

@AC: +1 for assisting Mr. Stiles with his enema. However, I would like to point out that 'spelt' *was* probably appropriate (anywhere outside the US, anyway).

And I have to wonder whether anyone defending JS has actually used it. It's an extraordinary mismash of the obscure, esoteric, and downright inane. It was knocked up in a weekend (Ok, more or less), and has been constantly added to ever since. And, whatever you write, there's always some tosser somewhere who'll refuse to run it because you clearly intended to break out of their browser and trash their system, despite your inability to access any files.

Still, on the plus side, there won't be much competition from Stanford graduates in the jobs market.

1
0

TCP/IP headers leak info about what you're watching on Netflix

Displacement Activity

Re: Stating the obvious

That's not how it works. The connection is HTTPS, so the secret key is specific to the browser session, so it's not the same as matching "up the flashes around your curtain upon scene changes". The flashes will be specific to the viewer.

Silverlight/DASH/VBR produces specific sequences of video segment sizes, which can be extracted from the headers. Apparently.

And, more interestingly, someone is still using Silverlight.

1
0

SVN commit this: Subversion to fix file renaming after 15 years

Displacement Activity
Meh

I actually use both

Here's the thing: one's distributed, one isn't. If you're writing a Linux kernel, distributed is great - 20,000 people get their own complete repo, and mess it up to their heart's content, and you never expect to hear from 19,950 of them ever again.

In the average dev environment, you want that like a hole in the head. You want one centralised repo, and you need to enforce discipline. git can more or less do that, eventually, but it's difficult, and it's not the git way (how many git users even know what a bare repo is for?)

I have to deal with someone who does fixes and adds features by cloning a git repo on his local machine, with the master being his previous local clone, and who very infrequently pushes anything remotely. I then have to try and work out WTF is going on and then merging myself. That would never, ever, happen in an svn enviroment.

I've also used RCS, CVS, Clearcase, and Perforce. For my money, svn does the job, and it's intuitive, and easy to learn. For the right project Perforce is also a good choice, if you've got the money, and someone to read the manual and do the difficult bits.

2
1

Why is the Sinclair ZX Spectrum Vega+ project so delayed?

Displacement Activity
Thumb Up

Good on you, Clive...

The complete 70's retro experience for only £100. Brilliant idea. I think I'll personally give it a miss, though - I was sat in Sinclair HQ the first time around, and that was enough for me.

1
1

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

Displacement Activity

Re: Lots of shouty, no content

I've just scanned it as well, but I can't find anything of any value. It even explicitly states "Note that the focus of this paper is not measuring the security state of specific JavaScript libraries. Rather, our goal (and primary contribution) is to empirically examine whether website operators keep their libraries current and react to publicly disclosed vulnerabilities". The technical content on vulnerabilities appears to be zero.

2
2

Java? Nah, I do JavaScript, man. Wise up, hipster, to the money

Displacement Activity

Re: @wolfetone

"What do you think all those new fangled hipster bootstrap/angular/ember/FOTM.js GUIs are querying? Protip: it ain't C. "

Errr.... protip++... yes it is. Maybe not for you but, in my case, Bootstrap/JS querying C++ and some plain-old-C. The code that implements the CGI/JSON/etc stuff is tiny and trivial compared to the rest of the app, and those SQL APIs generally start life as C anyway.

And, if you want real money, you'll get twice as much with a Maths degree/C++/Matlab as you will with Java.

And, if you're currently delivering pizzas, you're a lot more likely to make money with JavaScript than with Java.

1
0

Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

Displacement Activity

BBC flash

@Number6:

Go to news.bbc.co.uk, find a vid, right-click, confirm you're on flash.

Go to http://www.bbc.co.uk/html5, opt in to HTML5.

Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51.

22
0

Google's Chrome is about to get rather in-your-face about HTTPS

Displacement Activity
Thumb Down

Follow the money

1 - Google charges for TLS on inbound connections;

2 - Google is a prime mover behind 'TLS Everywhere', and is now starting to factor this into page rankings;

3 - (Google's) Let's Encrypt certificates prove exactly nothing except that you have control of the server for which the certificate was granted (you only have to post stuff on it to get the certificate);

4 - Bad People control their own servers anyway, so can trivially get their own certificates; MITM is therefore irrelevant on these sites

95% of sites have exactly *no* reason to worry about whether someone is forging their site, or whether there's a MITM somewhere in the connection. So, Google is screwing us, and we have to pay the price by dicking about with TLS on our own sites, and keeping certificates up-to-date, and trying to ignore pointless warnings, and handing cash to them if we're stupid enough to host with them.

2
3

Stallman's Free Software Foundation says we need a free phone OS

Displacement Activity

"Have you forgotten that GNU provide the GNU tools, you know, all the userland stuff for Linux, available for many other UNIX's as well ?"

Errr.... I'd be a lot more impressed if they hadn't taken a huge amount of *existing* free software, and rewritten it simply because they disgreed with the definition of 'free'.

4
4

Samsung set a fire under battery-makers to make the Galaxy Note 7 flaming brilliant

Displacement Activity

"placing anodes and cathodes in locations where they were likely to come into contact"

Doesn't seem to have happened, judging from the limited summary you're printed. Different parts of the negative electrode may have touched each other. The negative electrode touched the "positive tab". If the actual electrodes had touched, it seems pretty unlikely that affected batteries would have survived any attempt at charging.

2
0

On last day as president, Obama's CIO shrouds future .gov websites in secret code

Displacement Activity

Re: Someone forgetting how https actually works?

@just_me: the browser doesn't send a key (except for very secure sites, where the server asks for a certificate from the browser to prove the browser's identity - not relevant, since the vast majority of us don't have certificates and don't try to connect to these sites anyway).

1 - the server identifies itself by sending a certificate, which includes the server's public key

2 - the browser/client decides on a secret (symmetric) key to be used for the actual browsing part of the transaction (the second phase). It then encodes this using the public key sent by the server, and sends the result to the server

3 - the server decodes the new symmetric key using its own (the server's) private key

4 - Both the client and the server now know the secret symmetric key to be used for encryption.

So, basically, asymmetic keys (different public/secret keys) are used to decide on a symmetric key (one secret key) to be used for subsequent encryption. During the asymmetric phase, only the server's public key is used.

4
0

Galileo! Galileo! Galileo! Galileo! Galileo fit to go: Europe's GPS-like network switches on

Displacement Activity
Meh

"Don't wait, innovate"...

"Today I call on European entrepreneurs and say: imagine what you can do with Galileo – don't wait, innovate."

Curious. I got a letter (remember those?), maybe 10 years ago, from the UK DTI (UK Department of Trade&Industry), asking me to do exactly that. In other words, "we're going to spend billions now, and it's a f*** of a lot of money, so please, please, please, come up some justification for it".

10 years later, and there were no new ideas, because the whole thing is fundamentally flawed. The system is fragile, and even a country as backwards as North Korea could reduce the whole thing to ashes in a matter of hours. Having in-car and in-plane satnav is great, but the Americans have already rather thoughtfully paid for that. We could use it to reduce our reliance on the US for missile delivery, except that they could turn it off just as easily as they can turn off their own system. I can't think of a single other useful application that couldn't be handled better, and much more cheaply, by a ground-based system.

3
11

Euro Patent Office staff plead for third time to get rid of Battistelli

Displacement Activity
FAIL

Dear KM/Reg: Que?

I was going to look up what the problem actually was, until I got to your last paragraph:

"However, Battistelli's abrasive personality and his insistence that the solution to each set back is to give the presidency greater power has long since stopped serving the organization itself and has instead becomes a personal crusade that benefits no one".

Is this your personal opinion? Why have you put it in a news article? How do you expect anybody to take you seriously?

0
0

WebAssembly: Finally something everyone agrees on – websites running C/C++ code

Displacement Activity

Re: ... applications as web pages instead of applications as applications ...

The main reason is to reduce the reliance on the OS.

The main cost is the reliance on "current" browsers, who may pull the rug-out at any time without warning which leads to the still-existent IE6 stuff still hanging around.

+1, but 'reducing reliance on the OS' includes supporting all those users on stupid OSes, dealing with moronic walled garden vendors, learning multiple development environments and languages, handling OS bugs and security flaws, rather than just browser ones, packaging and distribution, you name it.

And the commentards still turning off JavaScript in your browsers: what actually are you using the web *for*? Static webpages and videos? Really?

1
7
Displacement Activity

Re: Safe?

@bazza - I think you may have the wrong end of the stick as well:

@PNGuin,

"Why would you need C/C++ to make a website safe?"

Wrong way round. C/C++ (or indeed anything else that can be compiled down to a WASM) can be run in the browser safely, everywhere, probably. The emphasis is on the "dangerous" language being available to a programmer but being fully constrained by the sandboxed Javascript engine that actually runs the WASM.

Disclaimer: I've only spent 10 minutes on the webassembly website, but that seems to be good enough for ElReg comments...

Nothing to do with JavaScript. Your code compiles down to binary instructions for a stack machine. This code is then executed in what is, hopefully, a safe environment, normally in the end-user's browser, possibly by a JIT compiler, or possibly by an interpreter. Your original high-level code (C++, for example) uses standard library calls and APIs, so there's going to have to be some pretty hefty security model in the JIT compiler/whatever.

The JavaScript angle is that there's currently only one way for the browser to get the WebAssembly code from the server, and that's with a new WebAssembly object.

Speaking as someone who writes a lot of server-side C++, and a lot of client-side JavaScript, I have to say that this sounds great. JavaScript is an amorphous pile of byzantine sh**e, and this is potentially infinitely superior. Of course, the security model needs to be tighter, and this does smell of the hype originally surrounding Java and the JVM, so it could be a rocky road.

3
0

Appointments on hold as (computer) virus wreaks havoc with NHS trust systems

Displacement Activity
Meh

A lot of rumour, speculation and bollox being spoken here by the unknowing.

You need to publish. The reason that we have these problems is that the people who know keep their mouths shut.

2
0

Bad news: MySQL can dish out root access to cunning miscreants

Displacement Activity

Re: I've got a cunning plan my lord

> On the other hand why on earth does any part of MySQL run as root?

> I've used several other RDBMSs and no part of them runs as root.

For the same reason that everything else runs as root: if you want to listen on a "system" port (less than 1024) then you have to *start* as root. Not just MySQL: MariaDB, all your other RDBMSs, Apache. If you don't want to do this (and why would you?), then don't run mysqld_safe as root.

Apache normally listens on 80/443, so has to be started as root before it drops privileges. The docs have lots of useful advice on how to protect your system during this time, which cover exactly the issues in this article. The problem isn't that your attacker can load malicious code if they already have root access, it's that they can load malicious code when they're *not* root, which is the cunning plan.

0
1

WhatsApp, Apple and a hidden source code F-bomb: THE TRUTH

Displacement Activity

> I run the system up and - wow! - no problem.

> so why does the production version not work but the debug does?

If the logging version works, and the production one doesn't, the answer is almost certainly that you have an issue with uninitialised data, or memory over-writes. You can (and should) find and fix all these on your dev system with Valgrind/Purify/etc. before it gets anywhere near production.

0
0

Tinder porn scam: Swipe right for NOOOOOO I paid for what?

Displacement Activity
Meh

Still optional

"excitedly splashing sand at it's balls".

its balls.

2
0

Smartwatches: I hate to say ‘I told you so’. But I told you so.

Displacement Activity
Meh

iPlayer?!

Another more recent example. In the early Noughties, the BBC’s iPlayer was envisaged as a sophisticated P2P client, and at one stage had over 400 people involved in spec meetings. iPlayer only rolled out after the team had been reduced to around 15 – and the doors were bolted shut.

And all 15 of them had iPhones. And it was impossible to watch it on Android. And I spent years getting iritated at how anyone could have been so stupid (and still are?), before just giving up. And the news website is equally moronic.

So, just maybe, cutting a team down to 15 and letting them get on with it is not necessarily the right thing to do.

0
1

Samsung: Don't install Windows 10. REALLY

Displacement Activity
Meh

Re: If proof is needed...

"Of course if you want to avoid support for your hardware going away, best bet seems to be running Linux. Strange how we got to that state".

Speaking as a lifetime Unix user, and an occasional Linux device driver writer, and as sometime who recently had to take a hammer to his wife's computer after it announced that it was going to 'upgrade' to Windoze 10 in 5 minutes...

Not quite. Keeping up-to-date with kernel changes is a major, major, PITA. I did a PCIe driver a few years ago, which was originally for 2.4.7. There were significant or major changes in so many kernel versions that I lost count - 2.4.10, 2.4.17, 2.4.22, 2.6, whatever, not to mention the whole v3 and 4 thing. The only way to keep on top of it is to select a major distro - something like RHEL6 - and try to support that.

The kernel people will update a few selected drivers (which I've never heard of) when they make a change, but the rest of us are on our own, with little or no usable documentation.

2
0

The Windows Phone story: From hope to dusty abandonware

Displacement Activity
Thumb Up

Someone at MS with a brain?!

“Being a special unique snowflake works for art but not design. Design should be invisible… so you have die hards that love it, but you have the mainstream of the market that struggles with it, if they try at all”.

Now, if somebody could just tell that to the the f***wits behind the Ribbon...

3
1

Windows 10 with Ubuntu now in public preview

Displacement Activity

Re: Which way round are the slashes?

> Industry standard or Microsoft?

Or VMS... DEC... RiscOS... etc. RiscOS was a PITA - deleting *.c could wipe your disk. And MS has actually always supported '/', though I'm not sure to what extent.

Seriously, though, Cygwin and MSYS have file path conversion issues which make it difficult to do Makefiles, scripts, and so on. If MS have managed to sort this out so that the machine looks like it has native *nix file paths then it's probably worth trying out.

1
0

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle

Displacement Activity

Re: @Displacement activity

@DougS: different sort of customisation. If every processor off the fab line is identical, then running up a VM is trivial, as long as you can get your hands on a spec for the CPU.

The problem is when each processor on a wafer is individually etched with something like a serial number, which can be used as a secret key. This is what is expensive, and is what Intel used to do on x86. This is what you'd need the electron microscope for.

0
0
Displacement Activity

Re: It's likely I'm missing something.

@Bucky2: no-one seems to have specifically answered your point.

*If* the processor on the iPhone board (or any other embedded system) is generic, in the sense that it doesn't have extra mask processing to give it a unique attribute of some sort, then you're probably right. You just use the ATE equipment which was used to test the boards to extract the ROM data, create a VM, and you're good to go. However, many ROM devices will have a security bit which may be blown after manufacture to prevent this. To get around this, you may (or may not) have to get the chip off the board and read it (normally, ie not with JTAG/ATE equipment) in your own test rig.

However, the processor may be customised. Older Intel x86 processors had a CPUID instruction which returned a unique serial number, for example. The problem with this sort of thing is that it involves an extra manufacturing mask and is therefore expensive. I don't know (or care, actually) whether Apple does this. If they do, the unlock algorithm presumably requires knowledge of both the 4-digit passcode and the processor ID. In these cases, you may have to resort to getting the top off the chip and examining it under an electron microscope to try to find the ID (which is not necessarily very expensive). If you have some knowledge of the algorithm you may instead be able to brute-force this in your VM.

Anyway, having said all that, I've worked on various embedded devices and I would be very surprised (astonished) if Apple doesn't already have software that can boot up any iPhone without knowing the passcode.

0
1
Displacement Activity

Re: @gollux How unAmerican ...

@vector: I think you might have missed the point of JimmyPages' original post.

And it's curious that nearly 30% of Reg readers have either done the same, or are happy with selective principles.

1
1

I beg you, please don't back up that secret directory full of photos!

Displacement Activity

Re: Years ago, when the net was young

> And the photos had all been FTP'd from various servers on the 'net.

> How times change. We would never think of doing it today, obviously.

We might not, but most of us are probably getting on a bit. About 6 years ago I had a short gig with a significant engineering company, doing electronic design. This was an all-male environment, but I replaced a girl who had recently left college. I personally have almost never worked with any females over the past 30 years. Anyway, turned out that this girl was frequently on youporn, completely openly, on her work computer, in an open plan office. She had her back to the window and the half-dozen or so guys around her all knew she was doing it, and came and watched occasionally.

0
0

Hello, Kotlin: Another programming language for JVM and JavaScript

Displacement Activity
Meh

?

These people need to get a dictionary and look up 'pragmatic'.

1
1

HMRC is to tax OpenStack cloud with UK citizens' data

Displacement Activity
Thumb Up

Great news

It's now only a matter of time before we can dowload everyone's tax data and find the MPs, fatcats, and so on who aren't paying any taxes.

0
0

Gmail growls with more bad message flags to phoil phishers

Displacement Activity
FAIL

WTF?!!

This sort of thing really pisses me off. Why the **** would anyone want to start encrypting *everything*? I have a mail server that sends out automated non-sensitive messages (*not* spam), and I foresee lots of pointless dicking about coming up. Consider:

1 - Google is a prime mover behind 'TLS Everywhere';

2 - Google charges for TLS on inbound connections;

3 - Google is behind 'Let's Encrypt', which issues free TLS certificates, which are trivial to get (I have one myself, and I did the whole thing online in a few minutes, with no human intervention);

4 - The Let's Encrypt certificate proves exactly nothing except that I have control of the server for which the certificate was granted (I only had to post stuff on it to get the certificate);

5 - Phishers control their own servers anyway, so can trivially get their own certificates. There is *no* "protection".

6 - If you really want private email, you wouldn't do anything as stupid as attempting to encrypt the connection - you'd encrypt the *email*

7 - the whole point of SPF records is to make sure that the email came from whoever it claims to have come from, and webmail providers do a good job of SPF validation. This adds exactly nothing

8 - Conclusion: this is all about Google trying to make money.

The only reason I had to get a certificate was because some pointless retards who run a public, non-sensitive and non-commercial website (ie. most sites) which I need automated access to decided to take TLS-only connections. Why?

I also run mailing lists where about 30% of recipients have gmail accounts, and another 35% have Microsoft webmail accounts. The emails are opt-in, non-commercial, non-spam, and are SPF- and DKIM-signed. About once a year Microsoft will silently cut off all outlook/live/hotmail/msn recipients, and I have to dick about for a day with some retard at Microsoft to get them re-enabled. I now suggest to new subscribers that they don't use Microsoft accounts. This never happens on gmail, aol, gmx/whatever. If Google starts popping up warnings for recipients who happen to be on gmail, they'll get the same treatment.

0
0

The Day Netflix Blocked My VPN is the world's new most-hated show

Displacement Activity

Re: I wonder how

There are other ways of detecting VPNs and proxies than playing whack-a-mole with IP addresses.

Some of these arguments don't really hold up. Geolocating isn't an issue, because (a) IPV4 addresses are scarce and are sold on, and it's not unusual to find IP addresses that trace to, for example, China where the block itself is registered in the US (though, granted, traceroute will do the job, but I believe that geolocation is normally done through registration and not tracing), and (b) the cheap proxy services are all in the US anyway. You can get a proxy in the US for less than a dollar a month per IP address, and this is where I'd start if I was connecting to Netflix.

On the user agent, I always put a plausible user agent in my (cURL) scraper, and I bet everyone else does. And a plausible referer, and cookies, and everything else.

I wouldn't expect a commerical proxy service to distribute my traffic over the IP addresses I've paid for. I connect to address X, and expect my outgoing traffic to come from address X. If you're right, then that provider doesn't understand anonymous proxying. I automatically test a proxy before using it live and this is easily detected.

But, at the end of day, I agree that you're vulnerable because you have to log in with a Netflix account, and all they have to do is log all the IP addresses on that account. Your best hope is to go through one clean/paid-for US proxy and hope that you don't have to change the address too often. Or you could get a life and stop watching Netflix.

6
1

Your boss yells 'build a secure IoT gadget' and you don't know where to start. Take a look at this

Displacement Activity
Thumb Down

I don't get it...

(yet?) First off, I can't see that their examples are even "IoT". Jeeps and Boeings aren't part of the IoT. Somebody just (allegedly) screwed up their entertainment systems, and failed to separate them from the control systems. I don't need a paper on that. Somebody managed to gain access to a rifle targeting system because it had a WiFi connection; not even the Internet. And anyone who builds Linux and WiFi into a rifle deserves all they get. And somebody else built a drug infusion system so that it could be controlled over the Internet; I think I see what their problem was. This was the only example where there was a possible use case for external control, but I would like to see their justification for remote *control*, rather than *monitoring*. The place to control drugs is at the bedside.

Back in the real world, I get asked to monitor taps, for example, over the internet, to see how often they're used (really). They have a tiny micro and a GPRS connection. I might be asked to turn something on occasionally. I thought this was the "IoT", and the paper is pretty much irrelevant to that. It doesn't even mention TLS/SSL, and even that's a big deal on the electronics I've got. My #1 problem is ensuring that a request to turn on a tap comes from a trusted source, which isn't even mentioned. My interest in trusted hypervisors, having cryptographically signed boot software on the micro, chain of trust authentication, and all the rest of it, is exactly zero. Putting in all this overhead is far more liekly to cause a problem than to cure it.

2
3

Nigerian government site popped, used for phishing scam

Displacement Activity

Unsupported Joomla?!

*All* Joomla versions are unsupported. Seriously. And please don't down-vote me unless (a) you've attempted a site in all of versions 1, 2, and 3, and (b) you've been dicked about by completely incompatible "upgrades", and (c) you (very) occasionally get completely pointless "security updates" which contain no useful information whatsoever, and (d) at least one spotty adolescent has told you that it doesn't need documentation because it's Open Source, therefore you read the source and write your own documentation.

0
0

Yay, more 'STEM' grads! You're using your maths degree to do ... what?

Displacement Activity

If you can't calculate the angles on a 50-cent coin...

Then you probably don't know how many sides it has. I don't know what a year 12 student is, but anyone in the UK who couldn't answer this question at GCSE (16-year-olds) is unlikely to end up as a radio astronomer, or a statistician.

Your entire argument is nonsense. This is nothing to do with rote learning - it's a basic concept with almost-zero mathematics involved. Once you've got your head around this, you can move on to vectors and matrices. For a professional mathematician or scientist there's no such thing as an optional subset which can be ignored - would you have a problem writing articles if you weren't allowed to use the letters 'a', 's', or 'd'?

5
0

How do you anonymize personal databases and protect people's privacy – over to you, NIST

Displacement Activity

Pseudonymised NHS data

I wrote some software a few years ago to let GPs/PCTs/CCGs/etc (ie. UK family doctors and the people who pay them and fund medical care) identify anomalies in referral patterns, hospital admissions, length of stay in hospital, "GP performance", "over-referrals" (largely a myth, BTW) and so on. It was funded and used by local GPs - ie. the NHS itself - and the base dataset was the NHS Spine data.

The software was great, but it was useless for the first year or so, because no-one would let me (ie. the GPs) see the raw data with DOBs and gender in it, and you can't do the stats without them. It took a year to get the authorisations, but without postcode (or, equivalently, deprivation) data. Much better, but you can't really be sure what's going on without post/zip code, which makes the data identifiable. I spent about a year trying to get the additional clearance, but there was so much politics in the local NHS that it was next to impossible. The whole system then imploded with the PCT/CCG changeover, and everyone's access to the data was withdrawn, and the funding went, and the NHS disappeared up it's own backside.

So, the software has been unused for 2 years, and no-one in this area (and probably any other area) has any statistically valid way of finding out what's going on in primary care. The govt has now apparently decided that this is important again, so other people are now going to spend a couple of years dicking about trying to get the Spine data, before losing it again. And the whole pointless cycle will repeat again in another 5 years. And the base Spine dataset cost going on for a *billion* to create, plus maintenance.

So, if you're worried about the privacy of your NHS data - don't be. Everyone in charge is so stupid and paranoid that no-one's ever going to see it anyway.

6
1

And it begins: Ashley Madison bonk-seekers urged to lawyer up

Displacement Activity
WTF?

I don't get it...

Why would anyone use their real name and address on a site like this? And, conversely, surely the email addresses *are* real, or AM couldn't send notifications/whatever to members?

The only personally identifiable data would be a name on a credit card, which is hardly unique, and possibly the last 4 digits of the CC number, which seems to be in the database. So, on the face of it, the database seems close to useless, unless you can match a name on a CC with an email address.

0
0

Five lightweight Linux desktop worlds for extreme open-sourcers

Displacement Activity

Re: Linux long ago reached parity with Windows and OS X.

Looked like this was going to be an interesting article till I read the first line. What total bollox - "chalk long ago reached parity with cheese"?

I've been using Unix, variants and descendants, for 30-odd years, and I use Linux day in and day out. In all that time the only half-usable "desktop world" that I've had, and that I would seriously consider as a replacement for a modern working Windows desktop, was Solaris. I've spent a year with Unity on my laptop and every time I turn it on I remember that I need to get on to the internet to figure out how to remove it. 'Parity' my ass. And I'm still waiting for a usable file explorer.

Linux is great for what it does, which is by no stretch of the imagination the same as what Windows does.

6
16

DAMN YOU! Microsoft blasts Google over zero-day blabgasm

Displacement Activity
Meh

So MS can't tell the difference between 90 days and 3 months...

Nothing to see here - move on.

1
0

Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln

Displacement Activity

Re: What happened to cheap and cheerful?

Fasthosts in general: they went through a really bad time maybe 3 years ago. I signed up 2 years ago, without doing my homework. I've been running bare-metal Linux/Apache/stuff at Fasthosts ever since, with no problems that I can immediately remember. Their prices were (still are, I think) cheap, presumably because of their history. I wouldn't have a problem recommending them.

And on LAMP security/time and money: bollox. If you don't know how to keep a Linux box secure, then you're in the wrong business, and going for Windows 2003/anything isn't going to help you. The only problem I've had in 2 years was Shellshock, which I fixed in half an hour.

0
0

What's in your toolbox? Why the browser wars are so last decade

Displacement Activity

Uh... back to the article

- If you're debugging JS, you'll need to use both Chrome and FF. They respond differently to errors, and one may report nothing, while the other might give you enough information to find the problem.

- the IE11 debugger looks like it might be pretty good. Not had the time or inclination to try it properly, though.

- Chrome and IE are way ahead of FF in app shortcuts and web apps. Mozilla has absolutely no idea what it's doing here, and dropped shortcut support 4 years ago.

0
0
Displacement Activity

Re: Debugging experience is better in IE

How does that help (seriously?)

The server and client are asynchronous and completely unrelated, probably running on different platforms, connected only by a thousand miles of wet string. Use your browser/whatever to step through the JS, use your server dev tools to step through the server code. JS almost always runs asynchonously; there is no temporal correspondence between the client and server. Have I missed the point, or are you on too much MS Kool-Aid?

1
0
Displacement Activity

Re: IDEs

REAL men didn't stop learning how to do new things 20 years ago.

7
1

Microsoft throws old versions of Internet Explorer under the bus

Displacement Activity

IE6/NHS

Just quoting for an NHS job:

Web based applications have to run on a minimum of Microsoft Internet Explorer 6.

Tossers.

7
0

I/O: New Google design language will RULE OVER 'DROIDS

Displacement Activity

Polymer?

29 comments and no-one's mentioned Polymer? Anyone used it? Just spent 20 minutes with it and it looks interesting. It only seems to have the Metro-like blocky theme, which I'm not keen on (looks crap, actually, too many colours, too big, too square, but might appeal to Metro users), and it doesn't look production-ready. The Bootstrap look-and-feel is much cleaner, IMHO. Other immediate reactions are that the UI designer looks like it might save a lot of trouble, and that it might currently be too network-heavy for general web apps on a mobile.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017