* Posts by Alan J. Wylie

445 posts • joined 12 Jul 2008


China's really cotton'd on to this whole Moon exploration thing: First seed sprouts in lunar lander biosphere

Alan J. Wylie Silver badge

One giant leaf for mankind.

Staff sacked after security sees 'suspect surfer' script of shame

Alan J. Wylie Silver badge

Re: Access Denied

My experience in the late '90s was that you had to be very careful about blocking on keywords in domains. https://www.essex.ac.uk/ anyone? (Yes - a genuine example that I came across).

Alan J. Wylie Silver badge

Many years ago, we had an ISDN connection at the office, and a bank of modems. HTTP connections were forced to go through a Squid proxy. I had a similar little script which grepped the log for "interesting" keywords, but not much interest was shown in this from above.

However, one day all our sales people and managers were gathered together at a hotel for a big meeting. One of my colleagues in network admin was due to address them, and took the opportunity to remind them that, as in the T's and C's they had acknowledged, our network was monitored for inappropriate (and expensive: on-demand ISDN had a per-call cost) usage. There were no sackings as a result, just a few red faces as he stood at the lectern and read out a few of the less unsafe-for-work domains that had been visited the previous night.

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Alan J. Wylie Silver badge

NCSC advice

The National Cyber Security Centre (part of GCHQ) doesn't think that forcing regular password expiry is a good thing.

'Blockchain SAVED my Quango'

Alan J. Wylie Silver badge

"Do you need a blockchain?"

Blockchain flowchart, taken from this NIST PDF

Bird, Lime, and Xiaomi face scooter sueball

Alan J. Wylie Silver badge

This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet

Alan J. Wylie Silver badge

Re: Thanks for making this public

The CVE was raised back in July

Raised doesn't mean made public.

I monitor CVEs for a living (it's tedious and boring: since early 2017 there has been a huge increase in ones of no relevance). The first I saw of it was this tweet, yesterday at 9:30 pm.

The NIST site says published on the 25th, too.

Alan J. Wylie Silver badge

Theo de Raadt of OpenBSD is not happy

Nobody at OpenBSD was made aware of the bug until very late on, despite an OpenBSD developer being on the X security team. The release of 6.4 could have been delayed until after the public annoucement.

Excuse me, but have you heard the teachings of our Lord and Savior, Jesus Chr-AI-st?

Alan J. Wylie Silver badge

Theological AI, what could possibly go wrong?

Answer, by Frederick Brown

He turned to face the machine. "Is there a God?"

The mighty voice answered without hesitation, without the clicking of a single relay.

"Yes, now there is a God."

Alan J. Wylie Silver badge

Can it re-phrase this into a form that doesn't cause schoolboys to fall asleep?

And spotteth twice they the camels before the third hour, and so, the Midianites went forth to Ram Gilead in Kadesh Bilgemath, by Shor Ethra Regalion, to the house of Gash-Bil-Bethuel-Bazda, he who brought the butter dish to Balshazar and the tent peg to the house of Rashomon, and there slew they the goats, yea, and placed they the bits in little pots. Here endeth the lesson.

Linguists, update your resumes because Baidu thinks it has cracked fast AI translation

Alan J. Wylie Silver badge

Time flies like an arrow. Fruit flies like a banana.

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

Alan J. Wylie Silver badge

Memories of Not the Nine O'Clock News.

Kinda lingers

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Alan J. Wylie Silver badge

libssh and libssh2

There are two similarly named projects:

libssh: the one with the vulnerability, and libssh2 which so far doesn't seem to be affected.

Red Hat / Centos, at least, use libssh2.

Note also that it only affects servers, not clients. sftp servers seem to be the most likely to be vulnerable and exposed.

Amazon's sexist AI recruiter, Nvidia gets busy, Waymo cars rack up 10 million road miles

Alan J. Wylie Silver badge

Re: Trash data in, Trash results out...

The term Garbage in, Garbage out was first coined in 1957.

UK.gov teams up with Five Eyes chums to emit spotters' guide for miscreants' hack tools

Alan J. Wylie Silver badge

content available as HTML

For those with an aversion to PDFs, the content on the US-CERT web site is very similar to the NCSC's download.


Russian 'troll factory' firebombed – but still fit to fiddle with our minds

Alan J. Wylie Silver badge

Reichstag fire

Why does this remind me of the Reichstag fire and false flag operations?

Boffin: Dump hardware number generators for encryption and instead look within

Alan J. Wylie Silver badge

Sounds very familiar

LWN article: Random numbers from CPU execution time jitter (2015) and HAVEGE: a linux "random" number generator that relies on instructions taking an unpredictable number of clock cycles to execute.

Sysadmin misses out on paycheck after student test runs amok

Alan J. Wylie Silver badge


Surely the payroll program was't written in a strongly typed, object oriented language commissioned by the military?

You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it

Alan J. Wylie Silver badge

smacking the laptop owner with a two-by-four?

Surely a $5 wrench?

US govt concedes that you can indeed f**k Nazis online: Domain-name swear ban lifted

Alan J. Wylie Silver badge

RevK's P.P.S on his use of a fuck.me.uk domain.

The Reg takes the US government's insider threat training course

Alan J. Wylie Silver badge

and 94 per cent went to prison

What's the opposite of survivorship bias?

Solid password practice on Capital One's site? Don't bank on it

Alan J. Wylie Silver badge

Nvidia promises to shift graphics grunt work to the cloud, for a price

Alan J. Wylie Silver badge

Re: latency down to a blazing 3ms

3ms round trip doesn't get you very far.

$ units -1 "3ms c" "km"

* 899.37737

Sextortion scum armed with leaked credentials are persistent pests

Alan J. Wylie Silver badge

US watchdog OKs robo-doc AI that spies eye disease all on its own

Alan J. Wylie Silver badge

Re: What about all the other diseases?

That makes as much sense as complaining that a blood test for ebola can't detect a sprained ankle.

I was referring only to diseases diagnosed by inspecting the retina. What's the point of an automated system when a specialist has to look at it anyway to diagnose other diseases?

As for the prosecution, sorry - I missed a sarcasm tag. As with the case of Dr Hadiza Bawa-Garba, the case should never have been brought in the first place.

Alan J. Wylie Silver badge

What about all the other diseases?

Macular degeneration, for one. And what happens if someone dies because of a missed diagnosis. Who do you prosecute then?

Don't let Google dox me on Lumen Database, nameless man begs

Alan J. Wylie Silver badge

BBC Technology + Creativity Blog

The BBC's Technology + Creativity Blog posts a list of BBC pages that have been removed from Google's search results, here's the lastest post. It can be a most interesting read.

Tax the tech giants and ISPs until the bits squeak – Corbyn

Alan J. Wylie Silver badge

ISPA's comments


increased prices ... divert resources ... slow down broadband rollout

Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

Alan J. Wylie Silver badge

Section 3

You will not, and will not allow any third party to ... (v) publish or provide any Software benchmark or comparison test results.

I can see why Debian aren't happy, seeing as without new instructions made available by microcode updates, some of the mitigations incur a significant performance hit.

Self-driving cars will be safe, we're testing them in a massive AI Sim

Alan J. Wylie Silver badge

and crucially, road intersections

Who would have thought, 35 years ago, that all the work that a Ph.D. student from Oxford, my colleagues and I were doing programming a Laser-Scan Fastrak in Fortran on a VAX 11/780 to recognize the junctions on Ordnance Survey 1:1250 maps would lead to this?

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher

Alan J. Wylie Silver badge

One law for them, another for us

Do not forget the case of poor Daniel James Cuthbert, found guilty of an offence under the Computer Misuse Act back in 2005 for adding ../.. to the URL of a charity's web site.

El Reg article

There is a very thin line between "intending to secure access" and checking to see if insecurities may be present.

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Alan J. Wylie Silver badge


The original name for chaff was "window". A fitting name for software with a generous sprinkling of bugs.

Oi, clickbait cop bot, jam this in your neural net: Hot new AI threatens to DESTROY web journos

Alan J. Wylie Silver badge

Re: Easy source.

Just do a search for "and you wont believe"

Also, "This one (weird|simple) trick".

BTW, does an extended regex count as AI?

ZX Spectrum reboot latest: Some Vega+s arrive, Sky pulls plug, Clive drops ball

Alan J. Wylie Silver badge

Re: What we need

Interested in your thoughts regarding Betamax v VHS

Video 2000

I contracted for a while at Pye TVT in Cambridge (working on a TV video effects console for the 1986 World Cup). Pye was a subsidiary of Philips, and there was a factory shop. Lots of employees, contractors and their friends and families ended up with Video 2000 recorders. Rumour had it that e.g. Dixons allocated the cassettes equally to all shops, and the manager of the Cambridge branch spent a lot of time on the phone talking to other branches to get their spare stock sent to him.

Getting back on topic, I also worked on the Acorn Archimedes and the Sinclair QL.

Uptight robots that suddenly beg to stay alive are less likely to be switched off by humans

Alan J. Wylie Silver badge

Re: Dave

Daisy, Daisy, ...

Microsoft devises new way of making you feel old: Windows NT is 25

Alan J. Wylie Silver badge

DEC's Dave Cutler worked on VMS. Is it just co-incidence that WNT is to VMS as HAL is to IBM?

Engineers, coders – it's down to you to prevent AI being weaponised

Alan J. Wylie Silver badge

Re: Dual use is hard.

better engineering meant better guns

Sir Joseph Whitworth's rifle

Alan J. Wylie Silver badge

Dual use is hard.

Many years ago, I worked on computer aided mapping: semi-automated line following. Measuring the boundaries of all the woodland in the UK to calculate the total area, better 1:1250 maps with accurate buried utilities to stopping backhoes cutting fibre optic cables, what could possibly be wrong with that? Then came the Falklands war. Digitise the contours and produce a wire-frame perspective of Mount Tumbledown as viewed from Port Stanley, please.

A few years later, I worked on CNC blade tip grinders to make jet engines more fuel efficient. Making 747s greener is great. But what if the US Navy want some for their fighters? Or the Army for an AGT1500 turbine in an M1 Abrams tank?

♫ The Core i9 clock cycles go up. Who cares where they come down?

Alan J. Wylie Silver badge

The song the headline referers to.

Tom Lehrer - Wernher von Braun

Ah, British summer. The sun is shining, the birds are singing, the internet is on the fritz

Alan J. Wylie Silver badge

Fibre break(s) near Manchester, too

Zen: Fibre Cable break impacting Bury Exchange

Exa: At approximately 10:22am one of our core fibre links from London Telehouse to Manchester experienced total failure.

Bury is north of central Manchester, so these may be separate incidents.

Tech support chap given no training or briefing before jobs, which is why he was arrested

Alan J. Wylie Silver badge

My similar experience with core store in a defence establishment. At least I didn't get arrested!

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

Alan J. Wylie Silver badge

Re: CVE-2018-3693 "BCBS" Bounds Check Bypass Store"

Yes - the ARM one is the same as the Intel one.

Intel Open Source Security Incident Response Team: Speculative Execution Branch Prediction Side Channel and Branch Prediction Analysis Method

CVE: CVE-2017-5753, CVE-2018-3693


Alan J. Wylie Silver badge

CVE-2018-3693 "BCBS" Bounds Check Bypass Store"

Note that -3639 is a very similar "speculative store bypass" from May: don't get confused as I did for a short time. Could -3693 be the same as the Intel one?

Mark Rutland of ARM on the Linux Kernel Mailing List

arm64: spectre-v1 write fixes (CVE-2018-3693)

These patches inhibit spectre-v1-write gadgets found in arch/arm64, using the same mitigation applied to existing spectre-v1-read gadgets.

This issue is also known as CVE-2018-3693, or "bounds check bypass store". More details can be found in the Arm Cache Speculation Side-channels whitepaper, available from the Arm security updates site [1].


Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

Alan J. Wylie Silver badge

As recommended by Bruce Schneier

Write Down Your Password

Well - it was a long time ago.

And in current affairs: Rogue raccoon blacks out city power grid after shocking misstep

Alan J. Wylie Silver badge

The other Large Hadron Collider incident

Large Hadron Collider scuttled by birdy baguette-bomber

Things that make you go hmmm: Do crypto key servers violate GDPR?

Alan J. Wylie Silver badge

Almost 20 years of employment history.

A quick search on a keyserver for my name shows many of the companies I have worked for over the last 20 years.

Alan J. Wylie Silver badge

Firstly PGP public keys are on the server and placed there by the key owners.

They can be uploaded by anyone who possesses them. Co-workers, anyone with whom you have shared the public key.

Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has it

Alan J. Wylie Silver badge


Biting the hand that feeds IT © 1998–2019