* Posts by Rob D.

271 posts • joined 8 Sep 2008


Memo to Microsoft: Windows 10 is broken, and the fixes can't wait

Rob D. Bronze badge
Thumb Down

Re: Peter Bright

Also safe to say that the Bright article referenced was about Agile generally not so much about testing, didn't make any reference to 'crowd sourced' anything, and doesn't contain the quote somewhat sloppily implied as being attributed to Ars (but is in the ZDNet article, which in context casts the point about laying off testers as a bad thing not as an agreed good point).

As it happens the Bright article referenced was of its time four years ago i.e. too much jumping on the Agile bandwagon and not enough demonstration of real world experience to appreciate the nuances (so yes, it was/remains a terrible article).

But the reference in this Ostrowski article to the ancient history in Ars/ZDNet was almost completely inappropriate, and the attributions/quotes were a misrepresentation of the Bright/Foley content anyway. It all came across as petty sniping between hacks without adding any substance to the undeniable issue of the mess Microsoft are making of Windows updates (and patching) with this switch to forced, frequent updates (and using the customer base for testing).

Top Euro court: UK's former snooping regime breached human rights

Rob D. Bronze badge

Indifferent judgement

So the risk of privacy abuses exists (to the extent that privacy is considered in a legal context) because the information use isn't appropriately guarded but the practice in place is not otherwise considered unlawful. Fix the oversight and the practice meets the legislation (if not the cultural niceties).

Or at least the practice that was in place would meet the legislation, because now current practice is covered under a different regime.

Agree with some of the complaint, dismiss other bits, split decisions anyway, have some costs, no enforcement. As the icon says, "Meh!"

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Rob D. Bronze badge

Re: Pektron

In theory Pektron should be able to respond, "The product is operating exactly as specified when you decided to embed a [cheap] OEM component in your offering".

But it is interesting to see how Pektron describe their product range. https://www.pektron.com/services/key-fobs/.

Rob D. Bronze badge

Consumer-driven weakness

It's a repeated pattern.

In the 50's car safety, then in the 70/80's physical car security, and now car electronic security; all these were subordinate to the desire of consumers to own the latest kit and the meeting of that demand. Those underlying product features (physical safety, physical security, electronic security) only became commercially necessary when the awareness of problems and actual impact in the consumer base (too many deaths, theft from forced ignitions, theft from cloned fobs, etc) was sufficient to affect competitiveness and influence regulation.

The auto-industry will play to that consumer-led short-sightedness for a while yet. In the early days, the car manufacturers screamed blue murder that making cars safer in crashes would kill the car market and it took years for that position to change. https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1030&context=yjreg from the 80's for example.

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

Rob D. Bronze badge
Thumb Down

Just downplay it

CVE-2018-8475 description from Microsoft, "To exploit the vulnerability, an attacker would have to convince a user to download an image file."

I assume (the vulnerability description doesn't say other than "when Windows does not properly handle specially crafted image files") that simply downloading the file to the file system is not sufficient to cause a problem either. The phrase, "convince the user to view a web page containing a specially crafted image", carries more threat.

How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign

Rob D. Bronze badge

Lawyering up

> Check Point said the criminals made a laughing stock of the legitimate online advertising ecosystem.

The crims are really a bit late to that particular party. But at least they are making some money out of it.

None of this changes until someone starts suing the legitimate parts of the chain for actual damage incurred such as from a ransomware infection(*). IANAL - anyone know how that would/could/should work? Can a web site that serves up 3rd party malware legitimately be held responsible (in any jusrisdiction)?

I'm currently retaining the legal representation of Messrs. N. O'script, P. Badger and U. Block.

Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app

Rob D. Bronze badge

Installer beware

Hard to read that Microsoft summary of the 'incident' with all of the 'look how fantastic MS Win Def ATP was'. But it does state:

> "The malicious MSI file was installed silently as part of a set of font packages; it was mixed in with other legitimate MSI files downloaded by the app during installation."

Wondered if there was a CVE for this or if there's other mitigation not mentioned - silent download and installation of an unsigned MSI file during signed app installation. That seems a much bigger problem to solve than waxing lyrical about how good your AV product is.

FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week

Rob D. Bronze badge

Re: Mr Wray

At the risk of being pedantic, perhaps someone would like to point out where in the interview Wray makes any suggestion of a technical solution to the problem let alone mentions backdoors for encryption.


Good luck searching, because it isn't in there - TechDirt made up the assertion and El Reg just copied it because, well, everyone's going to believe it. Bonus points for recognising that Wray actively avoided answering the direct question "Have you [found a solution]?" (page 13).

Rob D. Bronze badge

El Reg, echo chamber?

Describing Wray's position on his interview as having advocated back-doors for encryption because that's what the TechDirt article says is lazy journalism.

Go and read the eff-ing transcript of the interview before echoing what other people have already written who also haven't paid attention. Try https://aspensecurityforum.org/wp-content/uploads/2018/07/ASF-2018-A-Chat-with-Christopher-Wray.pdf, see page 12.

Wray was fairly careful in his selection of responses, and he kept his statements related to 'legal process' and not to a technical solution that isn't even mentioned in the interview. To a large extent he actively avoided answering the question. There is still a need to keep up pressure on legislative bodies to avoid all the shag and hassle of having to prove, yet again, that you can't backdoor encryption even through the magic of legislation, but that doesn't give tech journos the remit to make stuff up just because they want to believe in something.

That part of the article is a bit of shoddy tat. Investigate then report - not cut-and-paste opinions from other outlets to make the copy up.

UK's Huawei handler dials back support for Chinese giant's kit in critical infrastructure

Rob D. Bronze badge

Security risks are still just risks

Define the risk, assess the probability, quantify the impact, define the mitigation and arrive at a cost. Decide whether you want to spend the money to mitigate the risk and if not, accept the cost of the impact if it happens.

Most exec management decision makers aren't good with the low probability, stupidly high impact kind of risks. Ask BP re Deepwater Horizon or Lehman Brothers re sub-prime mortgage risks.

Mmm, yes. 11-nines data durability? Mmmm, that sounds good. Except it's virtually meaningless

Rob D. Bronze badge

An object by any other name

Tell the salesperson you have about 1,000 billion objects defined (each object is a collection of eight tightly coupled binary indicators representing a range of numeric states which your systems will process in groups of varying sizes) and ask them to run the maths on how many objects the vendor will lose every year.

When they confirm that they will lose one or two of these objects at least every year even with their precious 11-nines durability, argue about the reliability of the service and begin the negotiation on the price for the terabyte of storage being requested.

Evil third-party screens on smartphones are able to see all that you poke

Rob D. Bronze badge

Bladerunner - the adult cut

Using a series of questions and games, the researchers employed machine learning to determine stroke velocity, duration and stroke intervals on specially modified LG Nexus Androids.

And in current affairs: Rogue raccoon blacks out city power grid after shocking misstep

Rob D. Bronze badge

Cooking with, er, electricity

> animals and electricity don’t mix

They do if breadcrumbs and a berry jus are involved as well.

Rob D. Bronze badge

Critical pun density

Do I even need to read the article, given the headline and sub-text?

Banks told: Look, your systems WILL fail. What is your backup plan?

Rob D. Bronze badge
Thumb Up

The free lunch

No dreaming necessary. By any rational definition, my UK banking is free in terms of monetary cost, in terms of the net positive benefit to the consumer, and in terms of no opportunity cost to the consumer. (Anyone paying £50 a month for their iPhone is parting with cash for a service which includes an iPhone - the payment is the clue.)

I part with nothing and concede nothing but gain the tangible benefit of access to all the banking services I need - laughing all the way to the (free) bank.

For example, current account services obtained: standing orders, direct debits, ad hoc personal payments, debit card and card payments, ATM services, free domestic inter-bank transfers, Internet account management facilities, mobile as well but I won't use it, fraud management and alerts, balance and deposit/withdrawal alerts, and a range of other account management options.

Current account cost to me: Zero, including a total lack of fees and zero opportunity cost to me of not investing the residual money moving through the account (all my residual income goes to separate investment services which I pay for, and investing the transient cash balance is a laughable idea for the individual). There is no requirement to maintain a minimum balance (although I deliberately move enough volume through to get some extra benefits).

Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn't even know it

Rob D. Bronze badge
Thumb Down

Re: Calling bullshit

The report does state when and where the apps and APKs are collected/selected, including newest versions of apps on Google Play at April 2017, and newest versions of APKs at January 2017. See section 5.1 of the study PDF. The test devices run Android 6 API level 23 on Nexus 6P/5X devices and a couple of Android 4.4.4 API level 19 on Nexus 5. The test, data collection and analysis methodologies are described in some detail. See section 5.3 and others. They provide some acknowledgements of possible weak areas in their methods.

There might be useful points to raise about what the study does or does not show, but after a demonstrable failure to pick up the basics of what was done in a significant investigation run over several months with formal reporting of data, methods, analysis and conclusions, then it might be worth reading the study itself before someone calls BS on the BS call.

When Google's robots give your business the death sentence – who you gonna call?

Rob D. Bronze badge

Own the responsibility

Although few do, the real issue here is a bit of 'what-iffery' required before committing, and doing the due diligence (more formally it's failure mode analysis). Ideally revisit it regularly as well.

What are the possible failures, how well do you understand them, what is the impact, and what is the mitigation? For example, do you know that all your systems are beholden to the good standing of a single credit card? Or, do you know whether you can actually call a support engineer competent to resolve critical problems?

Or have you been told that is the case, have a legal document to CYA, and don't really care whether in reality, a year and a half from now, the contract turns out to not be worth the paper it was written on?

Eventually contracts are needed to define what has been agreed, but buyer beware (or at least be well-informed and thorough).

Rob D. Bronze badge
Thumb Down

Re: @Hamish Sadly Not Really New

By SLA fetishist, this means someone who understands the impact of legal contracts?

"I would like to pay the minimum for third party, fire and theft car insurance for a full year, but if during the year I have an at-fault accident, I'd like it to be handled just as if I'd paid full price for the fully comprehensive insurance."

In the actual case, the affected company might not have done their due diligence or might not have understood the difference between 'third party, fire and theft' and 'fully comprehensive' (or even that the different options existed), but ignorance is no defence. The resolution (systems back on without lasting damage to the business) embodies a harsh, proportionate and relevant lesson in why shifting to cloud provision really isn't a case of abdicating all responsibility for business continuity.

The way the commercial world handles this is through contracts (good and bad ones) with measurable SLAs to define or challenge compliance. No fetish required.

'Coding' cockup blamed for NHS cough-up of confidential info against patients' wishes

Rob D. Bronze badge

Re: The Online Opt-Out Does Not Work Either

Since I'd opted out a couple of years back I thought I'd give it a try. Worked exactly as expected, retrieved my registered contact details (obfuscated on screen), sent a OTC to verify, then retrieved my current status (opted out) and gave the option to change. The UI itself is a bit weak but functionally it's fine when provided with the correct data that it can query on whatever back-end systems it uses.

The process around it though is poor - there's a request at the top about "This is a new service - your feedback will help this service" but no way of providing feedback is offered. So I'd imagine the complaints process may be similarly broken. And the UI isn't exactly stellar (being able to enter -1 for day, month or year, there is no UI-based anti-scraping/anti-bot protection, for example), which also makes me a bit suspicious about the level of effort that has gone in to securing the back-end access when the front end is so basic.

Citrix.com 404s mentions of F5 Networks

Rob D. Bronze badge

Cat out of bag; sheep fer brains

Aside from Citrix burning docs on its own sites, there are still external sites distributing that reporting (https://cloud.report/Citrix/101917_CTX_eBook_5_Reasons_Why_F5_Market_Confidence_Declining-f-LR.pdf for example). Alternatively, you can get the even better 'Nine Reasons' document providing impartial technical advice to the US government about why F5 is crap(*) from https://www.uscommunities.org/fileadmin/hb/usc/Suppliers/Citrix/Citrix_nine-reasons-why-citrix-netScaler-beats-f5-federal-government.pdf.

Choice phrases such as, "Citrix NetScaler is universally recognized as an outstanding ADC", and, "Citrix NetScaler has become the ADC of choice for leading cloud providers and enterprises across the globe", highlight the insightful nature of the content.

Enough said and case closed - although, "Trust me, I'm a sales manager from a competing vendor", was never a winning strategy in my experience.

(*) By which 'crap' means 'not Citrix'.

The cybercriminal's cash cow and the marketer's machine: Inside the mad sad bad web ad world

Rob D. Bronze badge

Ads are rubbish

> Of course, before anyone asks, El Reg's highly capable ad operations team works hard around the clock to ensure our ads are not only served to and seen by millions of real eyeballs each month, but also high quality and safe.

El Reg's highly capable ad operations team may slave away around the clock but mistakes will get made and other organisations will be less scrupulous. So citing this article as justification (and continuing to do so until the ad industry starts behaving properly or hell freezes over, whichever is the soonest) I confess the ops team's efforts are completely in vain as my free browsing experience remains completely ad free (and paid for by someone else).

Galileo, here we go again. My my, the Brits are gonna miss EU

Rob D. Bronze badge

Re: Fgs

> I can answer that.

Please do because you didn't, instead choosing to point out what was happening in other countries which is nice for them but doesn't explain our declining GDP growth prospects.

EU countries may have pulled out of recession slower, but they are now in a more normal growth range, not some abnormally inflated post-recession bounce kind of growth. So why, with our primary export market in an improved but normal state of growth and the UK economy already in decent shape come 2016, is the UK economy now at the bottom end of the range?

Hint: It isn't rocket science and something happened in 2016.

Rob D. Bronze badge

Re: Fgs

> It will be interesting to see how, say, German car workers react to that if they lose one of their biggest export markets because of the EU.

Where does this myth that German car workers somehow believe the UK is more important than the EU come from? If we think the great UK public was even passingly informed about Brexit before the actual vote, you can bet your bottom euro that German car workers are pretty well aware of what happens if/when the UK leaves and why their corporate leaders are basically saying the EU is more important than the UK.

Germany exports about 1 in 7 of the cars it makes to the UK. Post-Brexit, absent a relevant deal, tariffs could kick in meaning that Germany will still export about 1 in 7 of its cars to the UK initially, and anyone buying one in the UK will pay the extra on the purchase price. While cars made in the UK will cost more in the EU as well as more to make in the UK.

What exactly are car workers in Sunderland, Coventry, Luton and other factories saying about Brexit now? They are the ones in the firing line, not the German car workers.

Rob D. Bronze badge

Re: Fgs

> there's plenty of good reasons to maintain that trade as well

This is true. And in the same breath, how much of Germany's business relies on export to other EU countries and export/import to/from non-EU countries? Germany's leaders and business leaders have already acknowledged multiple times that Brexit will hurt Germany, but nowhere near an extent that means Germany will not protect the integrity of the EU as an economic and political organisation even at the expense of German business with the UK.

More generally UK exports to the EU are about 12-15% of our economy, while exports to the UK from the EU are about 3% (might have been 4%), so even in the EU, Germany's influence in protecting Germany's self-interest with UK trade will only go so far anyway.

This is not a game of pick one anti-EU/pro-Brexit factoid and assume that it is the trump card to all the other issues that all the EU countries are weighing up. The fact is that it doesn't matter how much trade Germany does with the UK - the UK leaving will be damaging to both Germany and the EU but the damage is less important than protecting the EU for the remaining 27.

Rob D. Bronze badge

Re: Fgs

@Dr Dan H

> This is already happening right across the EU, hence economic growth is stalling everywhere ... the EU is showing every sign of descending into a long, slow and drawn-out death of its own making.

BS called - https://data.oecd.org/chart/5dnL. That's the OECD data on the EU 28 and if facts count in this debate, rather than made up stuff to suit whatever crud is being trucked out today, it's pretty obvious that growth rates across the EU are broadly unchanged over the last few years - not stellar and with some struggling, but generally steady after recovering from the 2008 crash era

Oh, and almost at the bottom of the pile for the last couple of years - the glorious United Kingdom. No idea why that could be happening though but maybe that same forensic, analytical approach could be applied to determine if it's actually the UK looking more like it is heading for a long, drawn out something (decline rather than death) of its own making.

Rob D. Bronze badge
Thumb Down

Re: Fgs

> I do find it saddening that so many people refuse to even consider that there could be a better future, and are happy to leave everything in the hands of someone else.

I do find it saddening that some people are unable to recognise that rationally pointing out the impending harm for the country as a direct, predictable and unavoidable result of Brexit in the planned form (sign A.50 ASAP to avoid what happens when the blather is seen through, then see if we can cobble together some fantasy that the EU will buy in to as a favour to the special UK within the two years available) is not the same as giving up trying to get people to see sense.

Let's start with the economic impact of geographically close markets versus geographicaly remote markets, the various studies in this area (go find them, there are plenty to read or listen to, but start with https://en.wikipedia.org/wiki/Economic_geography if unsure or try the LSE), the nature of trade deals and trading regions, and the reasons why the bulk of economic opinion is indicating that trade with RotW will not mitigate the impact of leaving the EU, unless either we have the kind of economic collaboration of a Norway-model (and stop being so Middle England about it all) or don't bother leaving the EU on these terms.

Or we can spit the dummy again about not getting what we want when we ask for fantasy stuff or when anyone points out what is really going to happen, eventually leave, then negotiate a Norway-style trade agreement with the EU in a few years time after our economy has lagged by a few percentage points, our stock has gone down a bit for negotiation, and the EU federalists have run riot absent the UK to moderate.

GDPR forgive us, it's been one month since you were enforced…

Rob D. Bronze badge

Re: All of which just proves....

Enforcement is a last resort according to the long-established policy of the ICO, and reiterated multiple times in the run-up to GDPR, e.g. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/04/data-protection-practitioners-conference-2018-ed/. It is even one of their top 'Myths about GDPR', that non-compliance brings immediate, heavy fines.

Some may disagree with the approach and feel morally obliged to report many companies, but the ICO is being consistent in the practice of guidance before enforcement (which they presumably will continue to do, https://ico.org.uk/action-weve-taken/enforcement/).

Rob D. Bronze badge

Re: Don't fret. It is all part of Trumps grand plan

In the interests of accuracy, you must specifically exclude countries with smaller populations otherwise the US is about 10th in the per capita queue, with a lot of the middle east countries higher up. Qatar in 2014/15 (sorry, last date I have a reference for), was up over 40 tonnes CO2pppy. See https://data.worldbank.org/indicator/EN.ATM.CO2E.PC?year_high_desc=true.

Rob D. Bronze badge
Thumb Down

Re: Don't fret. It is all part of Trumps grand plan

Perhaps there's some confusion here between straight talking and straight talking ill-informed bollocks - it is easy with Trump in the Whitehouse for this confusion to arise. For example, from the State of the Union address in Jan, "We have ended the war on American energy, and we have ended the war on beautiful, clean coal. We are now very proudly an exporter of energy to the world."

It's straight talking and includes the word 'beautiful' but is still unremitting bollocks aimed at a receptive audience: the US is a net energy importer with even the US Dept of Energy saying next decade for that to change; 'clean coal' is about the burning/capture of emissions not the coal; natural gas is cheaper than coal for businesses; US energy production increased during Obama's tenure; etc. References on request but FFS this is obvious stuff easily found.

Rob D. Bronze badge

No EU citizens here

IANAL but in the case of using Tor, or similar, there should no lie involved because the user has never denied their location. The company may need to introduce a 'We think you are an EU suspect, er, citizen - please confirm or deny' EU-wall for access (or maybe drop anonymous access).

How the EU (whichever part)) would decide whether a company was operating in the (substantial) EU market and had liability that the EU could enforce because of half-hearted attempts to work around GDPR, will make for an interesting (legally speaking, not like binge watching Suits) spectacle.

UK taxman has amassed voice profiles of 5.1 million taxpayers

Rob D. Bronze badge

Give it a year

And GDPR (probably) won't apply to the non-EU citizens living in the UK.

Test Systems Better, IBM tells UK IT meltdown bank TSB

Rob D. Bronze badge

To quibble or not to quibble

The report being discussed is the preliminary report after three days of work (so doesn't even cover identifying root causes, just candidates). Hiring somebody new to the project to lift the drains when the smelly stuff is pooling around your feet is actually not a bad idea but you do have to wait some time for the answers on anything complicated. Then you can start quibbling properly.

FWIW hiring IBM before things go wrong is not a completely untrodden path.

Rob D. Bronze badge

Re: IBM??

> The other issue I see is I'm not sure why IBM continues to take on these types of jobs as this isn't the first one botched.

Pester had a pre-existing relationship with IBM's head of finance and banking (Hurst) and was in a deep dark hole. Pester had no doubt to agree to some lucrative terms for the initial investigation and IBM have also been handed the remediation work plus post-mortem activities. I suspect IBM are rather enjoying this project.

Rob D. Bronze badge

Re: Idiots

> So according to TSB, the document didn't present a clear view on what went wrong, and isn’t a fair reflection of what actions may or may not subsequently have been taken

Not quite so much fun, but that is exactly correct.

TSB didn't elect to release it. The Treasury Select Committee did, over the objection of both TSB and IBM, on the grounds that it covered working hypotheses not conclusions and even by 6 June when it was provided, it was already out of date. Both TSB and IBM asked for the disclaimer text on it because otherwise even more people than have done so far would be assuming it was a factually complete assessment.

What is more interesting is why the TSC chose 20 June to release an incomplete assessment from 29th April (3 days after IBM started getting acquainted with the debacle, and two weeks after the TSC received it). This release seems mostly useful to sustain some news and media pressure on Pester for political reasons - it certainly doesn't inform the discussion about what went wrong, why and who is to blame.

Ref: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/service-disruption-at-tsb/written/85691.html

Rob D. Bronze badge
Thumb Up

Re: Kettle

You've got to enjoy the moment - being the first to give the authoritative, "No", in a "Just Do It" environment.

Defending your decision to people who assume they know more than you but don't realise it isn't your first rodeo and you read everything including the project history before you turned up on site is just the icing on the cake.

Rob D. Bronze badge

Preliminary means preliminary

It's good grist for the media mill but the report from IBM has little direct value in terms of being a diagnosis of the problems. The text 'IBM has not seen evidence of' is exactly the text to use in similar system reviews when you have not seen the evidence nor have reasonable grounds (yet) to confirm non-existence.

A preliminary report only ever says, "We've started; this is where we are looking", and given the select committee involvement, the release of a 29th April doc, (that's a full three days in to crisis but two months old so why no real update?), looks more likely intended to maintain political pressure on Pester/TSB than to provide any useful information about what happened.

In practice there are a few things you can posit up front for a failure like this, and the evidence normally comes after some considerable time pulling management teeth. Yes, this is all going to be down to a lack of proper governance at the tail end of the delivery cycle seasoned with some good old planning farce, when the business pressure to just carry on regardless overrides the common sense observations of any competent delivery managers or experienced tech leads.

So no real evidence in this report, but shaping up to be the same old plot line, different characters. From personal experience, it is depressingly familiar.

Atari accuses El Reg of professional trolling and making stuff up. Welp, here's the interview tape for you to decide...

Rob D. Bronze badge

Carefully blended

A fun read/listen. Beer recommended for the exquisite blend of nostalgia and public humiliation of a deserving kind with an aftertaste of a Dilbert cartoon I'm absolutely certain I must have seen.

Rob D. Bronze badge

Personally ...

30 minutes of pain for a massive tick in the box on the personal objectives list and associated remuneration, company results be damned?

Rob D. Bronze badge

Management development plan

Michael Arzt, we think you need more training in the fine art of evasion, question ducking, bullet dodging and a general ability to lie convincingly beyond the edge of normal human endurance in the face of overwhelming evidence (plastic, audio or otherwise) when conducting interviews with the press.

Please find attached your voucher for a full term at the Sarah Huckabee Sanders School for Media Relations. Come back a better man.

Rob D. Bronze badge

Re: Poor Mike

Yes, the sympathy gene was resonating a teensy bit with Mike there - not too much though. Listening to the audio you can hear the resignation in his voice and I could just picture the pre-meeting with Mike's management:

Mike: I've nothing to show. It's just bits of plastic and cables.

Management: Go on, Mike, we have every faith that you can spin this and make it look like gold.

Mike: But really I'm just the project lead. You've given me a fancy title and responsibility for the budget but I have no power and nothing to offer. We really should call it off.

Management: Look, Mike, it's like this. Either you go and sell this turd as if it's solid gold so we can get some more funding to polish the turd properly, or we fire you, you lose your health benefits and that nice house you live in.

Mike. Fine. Can I swing by the marketing office and take some Atari baseball caps with me - at least they work?

Teradata lobs sueball at SAP, alleges HANA based on its 'trade secrets'

Rob D. Bronze badge

Life is so unfair

SAP reworked the underlying data structures in the ERP product to move away from the relational database storage model in part to stop handing so much business to Oracle. That has been a significant motivator for a large company to invest in reinventing the data storage model and it isn't immediately obvious which tech innovations Teradata are linking to the S/4HANA storage model changes.

Is Teradata really launching a case on the basis that SAP stole all their ideas and only by that could SAP produce HANA, which isn't even a relational database like Teradata Database? There are elements of the SAP portfolio in the data analytics area, and SAP's farcical rebranding of everything as SAP HANA a couple of years ago does muddy the waters, but the fundamental technical change with S/4HANA ERP is the move away from relational database storage for the underlying ERP business data (even the external data model is broadly still the same - it's just the internal storage).

The whiny, unfocused nature of the complaint ("introduce a competing (though inferior) product: SAP HANA") would indicate more that Teradata is annoyed that SAP is leaving it behind in both the marketing and the technical execution, and is looking to see if a bit of good lawyering can make up for or obfuscate that lack. Be interesting to see if there is anything concrete beyond the sound of execs crying about how life is so unfair.

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Rob D. Bronze badge

Responsibility and risk awareness

Maybe something like H&S legislation is needed for critical infrastructure where the responsibility is incurred regardless of how loudly the company proclaims it was someone else who let the team down. E.g. the working at height regulations apply to the person receiving the service regardless of how daft the person actually on the ladder might be.

Whether the company chooses to see the risk or not, they are responsible for proper planning and investment to avoid the outcome, and carry a measure of legal liability for the impact.

Rob D. Bronze badge

Re: Stop using the Internet

That might be a marketing problem though - if you can upsell a bunch of new features by connecting something to the Internet (buy the new remote monitoring module and we can offer some underpaid lackeys in Manila at a small extra charge as well), or even shift capital ownership to ongoing purchase of a service (instead of owning the air pump, you buy the service that delivers air), then it is much quicker to realise revenue and profit by not worrying too much about whether such a connection is technically secure. Great for the shareholders and likely enables the sales folk to move on before anything untoward happens.

This is all about risk/reward. It's easy enough to introduce basic security protections to give the illusion of safety sufficient for a tick box in the RFP, but if there is value in compromising a system then the motivated attackers will supply/find the method and the means. If having a malicious insider is itself the threat and represents a significant impact (death, loss of vital social service, significant existential risk to company) then the system needs suitable threat protection for that as well.

Rob D. Bronze badge

Re: Company selling security consultancy find security flaws shocker

> Agreed, but then again enterprise environments have the benefit of constant support and upgrades cycles.

Benefit? Of constant support and upgrade? Hey, that's a good one. I'm saving that for the pub tonight at half time in the match when we will all need to laugh hysterically if the team is 1-0 down to Tunisia.

No fandango for you: EU boots UK off Galileo satellite project

Rob D. Bronze badge

Re: Politics..

> They're still arguing about what colour the lines should be, what shape and how broad.

It's overdue but still a classic:


Rob D. Bronze badge
Thumb Down

Re: Losing access to Galileo has an advantage

> The EU. The only project you can invest billions in, then when you leave, you still owe money!

The differences between money you spent, money you have legally committed already, and money you have discussed spending but not committed to, shouldn't be that hard to understand.

Leaving the golf club doesn't immediately entitle you to a rebate on all the previous membership fees you've already paid (not even the remainder of this year's), or the generous contribution you already made to the ongoing building of the new car park which you haven't had the pleasure of parking your Jag on yet. But you probably don't need to honour a non-binding pledge to contribute to next year's planned bar rennovations.

As is so often the case with Brexit, there may be debate about exactly where the line is drawn, but the principle really isn't rocket science (except for Galileo, of course).

Rob D. Bronze badge

Re: Well

> As I keep pointing out we dont want a border and the Irish dont but the EU does.

The fact that the EU (negotiators) are stating that a border would be required does not equate to the EU stating that they want a border.

In a distopian future, Portugal votes to leave the EU (just because). The UK government, only a few short years after rejoining the EU and encouraged by patriotically feverish headlines from The Mail and The Sun about keeping close ties with our dear, departing Portuguese friends, is immediately lobbying hard encouraging EU member states to make a special exception for Portugal to maintain an open border with Spain. This in support of the deep cultural links the two countries have and the importance of Portugal maintaining all its trading benefits with the EU even once Portugal is outside the EU.

Nobody really wants a border with Portugal and it would be churlish to create a disadvantage for Portugal just for leaving. So we change the EU rules to give Portugal a special status that no other country in the world has, and everyone can agree to that, can't they? After all, everyone got right behind the idea of making such special exceptions for the UK over Ireland.

(Subtitute 'border with Ireland' for 'participate fully in Galileo' to get back on topic.)

ICANN pays to push Whois case to European Court of Justice

Rob D. Bronze badge

Re: Time for a song

I simply can't eat this much popcorn.

Keep your hands on the f*cking wheel! New Tesla update like being taught to drive by your dad

Rob D. Bronze badge

Re: Quality testers

Heavenly support: Hello, we are the Angels of Tesla(*). How may I assist?

Recently deceased user: I seem to have died when the car swerved off the road and hit a tree with Autopilot engaged.

Heavenly support: I'm very sorry to hear about that. We take our testing very seriously so what you describe sounds extremely unusual. Would you mind rebooting the car and driving the same section of road again to see if it works this time?

(* - Only available with Premium support.)

Rob D. Bronze badge

Re: Auto-crash-pilot

you are thinking "is it going to brake? Am I supposed to take over? Oh shit it's not ..."



Biting the hand that feeds IT © 1998–2019