* Posts by Duncan Macdonald

519 posts • joined 20 Mar 2009

Page:

Congrats on keeping out the hackers. Now, you've taken care of rogue insiders, right? Hello?

Duncan Macdonald
Silver badge

Infrequent activities ?

Some jobs are only done infrequently (once per quarter or once per year or on an ad-hoc request). For an automated system to detect abnormal access but not give false alerts on infrequent valid access will be very difficult if not impossible.

Also the case of worker 1 being unavailable for some reason and worker 2 having to take his/her place on a temporary basis will cause a big change in the access patterns for worker 2.

There is also the question of who does the automated system report to - if the bad actor is the one who receives the reports then the system becomes useless.

3
0

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Duncan Macdonald
Silver badge
FAIL

Regular Training !!!

In most organizations, trying to get the bosses to pay for one off training is almost impossible and regular training is beyond a pipe dream. Also have fun trying to give the bosses security training - most will not agree to attend and those that do will not listen (or be able to understand).

Remember also most organizations try to use the cheapest workforce that they can get - do not expect the average minimum wage worker to understand security even if given a lot of training.

Any real life security system needs to cope with low IQ users who have had minimal training.

2
0

The grand-plus iPhone is the new normal – this is no place for paupers

Duncan Macdonald
Silver badge
Thumb Down

Typical Apple

Selling overpriced tat to idiots.

Like a Rolex watch it says that the owner can afford to throw money away.

44
9

GDPR v2 – Gradually Diminishing Psychotic Robots: Brussels kills Terminator apocalypse

Duncan Macdonald
Silver badge
Mushroom

Autonomous weapons

Have been around for ages - booby traps and area denial weapons (mines etc).

What is the real difference between an explosive triggered by an AI and an explosive triggered by a tripwire or motion detector.

High tech autonomous weapons already exist in the form of point defense weapons - once these weapons have been set to the armed state, anything that meets their threat definitions will trigger a response. (These systems often NEED to be autonomous due to the very short engagement window - human response is far too slow.)

What needs to be blocked (if anything) is AI controlled weapons that can move without human command.

9
0

Microsoft: You don't want to use Edge? Are you sure? Really sure?

Duncan Macdonald
Silver badge
Mushroom

Block IE and Edge

I use the program control feature of the NIS firewall to block both of them (and Cortana) from Internet access. Until IE and Edge get a working equivalent of NoScript and AdBlockPlus, they are not safe for use on the Internet. Disabling them removes one of the biggest attack vectors on Windows 10.

31
0

Article 13 pits Big Tech and bots against European creatives

Duncan Macdonald
Silver badge

As usual Andrew hates Google

See title

I hope that the EU Parliment has the guts to reject this directive again.

8
11

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Duncan Macdonald
Silver badge
Black Helicopters

Re: If both Apple and Google refuse to cooperate

A few unfortunate accidents or illnesses to the objecting directors or their families - the policy would soon change.

3
0
Duncan Macdonald
Silver badge
Black Helicopters

Clipper ? - Intel ME

The Intel Management Engine looks to be the modern replacement for the Clipper chip.

Full snooping on the whole memory - internal network capability - able to override the OS - hidden source code (probably only shared with the NSA).

Almost all online Intel based computers with the Intel ME can almost certainly be controlled by the NSA if they wish. Secure encryption and decryption MUST be done on an offline computer with no network connection.

12
0

Huawei elbows aside Apple to claim number-two phone maker spot

Duncan Macdonald
Silver badge

Re: "a 10% rise in food prices due to the weather"

The BBC has an article that says that food prices in the UK will increase by at least 5% due to this years weather - see https://www.bbc.co.uk/news/business-45317023 for more details

1
0

Judge bars distribution of 3D gun files... er, five years after they were slapped onto the web

Duncan Macdonald
Silver badge

Why bother

The latest estimates say that there are more firearms than people in the US (and FAR more than the number of sane adults). Stopping the manufacture of a few crap guns when the full CAD files for guns such as the AK47 are readily available does not make any sense except as a bit of poor theatre.

16
0

Google shaves half a gig off Android Poundland Edition

Duncan Macdonald
Silver badge
Linux

Old Linux ?

How many people remember the early days of Linux when it would run well on a 386 with 8MB ?

(OS, X windows, X term all fitting easily into 8MB)

9
0

When's a backdoor not a backdoor? When the Oz government says it isn't

Duncan Macdonald
Silver badge
Flame

PGP ?

Offline encryption and decryption using PGP makes all these proposed measures ineffective for serious criminals. However that is not the point of this or similar legislation - there are two main intents - (1) to grab useful commercial data to enrich the politicians - (2) to provide a method for removing political opponents. Criminals of all types are NOT the target of the laws (except by accident).

Politicians make the Kray brothers and Al Capone seem like honest trustworthy citizens.

14
1

The last phablet? 6.4in Samsung Galaxy Note 9 leaves you $1k lighter, needs 'water cooling'

Duncan Macdonald
Silver badge

High performance tablet

I would like to see a tablet with the Snapdragon 845 chip (with decent cooling!!!). At the moment the choice in tablets is between the stupidly overpriced iPad models and Android tablets that have about the same processing power as a mid-range 2016 phone.

How much would it cost to take one of the current Android tablet designs and upgrade it with a current high-end SoC.

With the bigger size of a tablet it should be possible to improve the cooling of the SoC so as to avoid the thermal throttling that occurs in many phones.

7
1

This is your four-minute warning: Boffins train ImageNet-based AI classifier in just 240s

Duncan Macdonald
Silver badge

Very low performance

To be useful an image classifier needs well over 90% accuracy. If it cannot manage 90%++ then the number of incorrect results will make the system unusable.

0
0

Spectre/Meltdown fixes in HPC: Want the bad news or the bad news? It's slower, say boffins

Duncan Macdonald
Silver badge

AMD CPUs

As AMD CPUs do not suffer from the Meltdown problem - it would be interesting to see comparable figures from an AMD based system.

5
0

Friday FYI: 9 out of 10 of website login attempts? Yeah, that'll be hackers

Duncan Macdonald
Silver badge

Blacklist credential stuffers

If more than 5 incorrect login attempts are seen from the same IP address inside 10 minutes then blacklist the address for the next 24 hours (all login attempts referred to a simple static web page that just displays "Your IP address has been blacklisted for 24 hours due to repeated incorrect login attempts"). This will reduce the amount of traffic from credential stuffers.

As for a password manager - old school - pen and paper or a text file held on a USB stick on your keyring.

For memorable passwords that are difficult to guess for sites such as paypal try the following - a car registration number (not that of your own current car) and an equipment type number eg LN61DUP+gtx1080 .

1
0

LG G7 ThinkQ: Ropey AI, but a feast for sore eyes and ears

Duncan Macdonald
Silver badge

Still far too expensive

Unless you are playing a lot of games there is no need to pay more than £200 for a good phone. Ask yourself what features this phone has over a typical £150 high midrange phone - then ask yourself do they justify the extra cost. (So far I have not found any real reason to update from my 2013 THL W8S which cost £200 !!)

12
4

Privacy Shield under pressure as lawyers back MEPs' call for suspension

Duncan Macdonald
Silver badge

Fat chance

The USA will not give up its spying on its "friends" - commercial intelligence data passed to favored people allows them to make huge amounts of money from insider trading and to hurt the competitors of US companies (eg Airbus).

Any firm that uses the cloud ought to ask itself - is there any data that they do not want passed to their US competitors - if so then DO NOT USE THE CLOUD.

33
1

European Parliament balks at copyright law reform vote

Duncan Macdonald
Silver badge

A pity that it was not rejected outright

There was a majority against the proposal so it is unfortunate that it did not get rejected at this point. The copyright thugs have still got a chance to bribe enough MEPs to get the proposal through.

20
2

Who fancies a six-core, 128GB RAM, 8TB NVMe … laptop?

Duncan Macdonald
Silver badge

Re: Still lightweight @Duncan

True - 132x24 was possible if you liked to squint - normally used in 80x24 for readability.

4
0
Duncan Macdonald
Silver badge

Still lightweight

Compared to the first mobile computer that I used - 2 boxes - one with a PDP 11/73 and another with a VT220 terminal!! Both were in heavy duty flight cases. The combined weight was over 50 pounds!!

(For the curious - 1 MIP, 512KB RAM, 80MB disk storage and an 80x24 text display !!)

9
0

Euro bank regulator: Don't follow the crowd. Stay off the cloud

Duncan Macdonald
Silver badge

They won't care

Customer security versus a 1% bonus rise for top management - the bonus wins every time.

The report would only have an effect if it was a mandatory ruling that all EU financial institutions must not use the cloud with big penalties for infringement.

31
1

Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

Duncan Macdonald
Silver badge
Thumb Up

Big advantage

It will get up the nose of the ivory tower evangelists who believe in everything IPv6 with all its unnecessary bells and whistles. This seems to be a pragmatic way to make IPv6 behave as it should have been designed - an addressing extension only.

(The use of NAT will especially upset the IPv6 evangelists.)

7
11

Potato, potato. Toma6to, I'm going to kill you... How a typo can turn an AI translator against us

Duncan Macdonald
Silver badge

Re: Hmmm

Good one!

In nature it is rare to have perfect information - an animal that can correctly distinguish a predator from the background has a big survival advantage. Therefore handling incomplete or corrupted data (eg a cougar partially hidden behind a rock) became a necessity. This is why human brains can do general pattern recognition far better than current AI systems.

19
0

Why the 'feudal' tech monopolies run rings around competition watchdogs

Duncan Macdonald
Silver badge

What a surprise

Another article recommending action against Google - with Andrew Orlowski as the author.

I think that Andrew has written more articles against Google than the rest of the Register team put together.

Might he be a bit biased ?

7
30

JURI's out, Euro copyright votes in: Whoa, did the EU just 'break the internet'?

Duncan Macdonald
Silver badge

Not yet final

It is still possible for the European Parliament to say no to this rubbish. The JURI committee is not the full Parliament and the MEPs can still override the committee. The various content providers copyright cartels still need to convince or bribe the MEPs not to override JURI.

9
0

Um, excuse me. Do you have clearance to patch that MRI scanner?

Duncan Macdonald
Silver badge

Computerised medical devices need TWO computers

One computer to handle the medical function networked by an internal link to a firewall/security computer. All control of the medical device is on one computer that runs the approved (and often years out of date) software for the device. The second (firewall) computer as it does not control the device can be kept up to date to deal with evolving security threats. There must be NO external (outside the device) network connection except via the firewall computer. Any USB (or similar) ports on the control computer must be behind locked access panels (or disabled with epoxy glue).

10
1

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Duncan Macdonald
Silver badge

Stop using the Internet

For many of the older control systems there is only one way to provide some security - DO NOT CONNECT TO THE INTERNET. This is not a perfect fix but with large industrial equipment it is often not practical to replace old control systems due to the cost of downtime. (And in many cases the original design documents have long been lost!!!)

For more modern systems - use a dedicated firewall PC running linux with all unnecessary services disabled to receive data from the control system and feed it to the operators. All internet communication MUST be encrypted (HTTPS, SSH etc). Do NOT use Windows for process control (or control of medical devices that could cause injury). (Microsoft's own documentation stated that it was not suitable for critical control.)

If you have a malicious insider then virtually all control systems are at risk (old or new) - hardwired (non-computerised) safety systems are your best hope.

14
1

US tech companies sucked into Russian sanctions row

Duncan Macdonald
Silver badge

Other way round ?

Virtually every major US tech firm provides support to the CIA and NSA, so if Russia followed suit it could shutdown all their operations in Russia. Companies affected would include Microsoft, Oracle, Google, Amazon, Boeing etc along with a host of others.

19
2

Facebook and Snap jam Blackberry patent suit

Duncan Macdonald
Silver badge

Competent ???????

The only way that the word competent belongs in the same paragraph as the US Patent Office is when it has the modifying letters "in" prefixed to it.

The only way to get the Patent Office to do its job is to change the pricing - patent granted - normal fee, patent rejected - double fee. This would make it in the Patent Office's interest to reject patents rather than automatically approve them.

15
1

Schadenfreude for UK mobile networks over the tumult at Carphone

Duncan Macdonald
Silver badge

Internet buying

Any sensible consumer looking for a replacement phone is likely to consider Amazon, eBay and local supermarkets instead of a "Phone store". For non-gaming customers there are a lot of good phones for well under £200 and reasonable ones for under £100. (Absolute basic non-smartphones can be had for under £15 - eg the Nokia 105.)

11
0

Internet engineers tear into United Nations' plan to move us all to IPv6

Duncan Macdonald
Silver badge

Re: Surely a sensible plan is not THAT difficult?

The last thing that the theorists want is a simple plan that anyone can understand!!

(Also there is the unfortunate fact that MAC addresses are not always unique - some network card makers reused MAC addresses despite the rules saying that they must not. An individual manufacturer code (first 24 bits) only leaves 24 bits (16M) for the individual device. A manufacturer is supposed to request an new manufacturer code if it manufactures over 16M devices - however some just recycle the addresses.)

3
0
Duncan Macdonald
Silver badge

Re: Mapping plan

Don't confuse politicians with common sense (and many of the "Internet Engineers" are politicians).

The people who devised IPv6 were NOT engineers - any sensible engineer knows the KISS principle and would not produce such an overblown structure as IPv6. IPv6 was designed by theorists. An IPv6 designed by engineers would have been an addressing extension of IPv4 and would almost certainly have had a direct mapping from the public IPv4 addresses to a (tiny) subset of the IPv6 addresses. If that had been the case then IPv6 would have been in widespread use years ago.

107
20

The glorious uncertainty: Backup world is having a GDPR moment

Duncan Macdonald
Silver badge

Re: easy deletey? - unfortunately YES

Then need to recover from backups!!!

(Just imagine the result of DELETE FROM CUSTOMERS or for even more chaos DROP TABLE CUSTOMERS)

1
0
Duncan Macdonald
Silver badge

Re: Not a problem - Not true

This is another version of erase on restore. The problem is that an old copy of a database can be restored WITHOUT applying the later transactions (and this may well be the case for debugging a problem) in which case the persons data is accessible again.

The question that the "right to be forgotten" legislation has to take into account is whether a commitment to delete a persons data if restored from a backup is sufficient.

There is also the problem that an old backup of a users files may contain personal data that was not identified in a search for such data because it was only in backups. (An example - a user had a spreadsheet with names and addresses that was deleted before GDPR came into force but which still exists on old backups.)

6
0

'Autopilot' Tesla crashed into our parked patrol car, say SoCal cops

Duncan Macdonald
Silver badge

Re: Hmm - Autopilot

The Tesla Autopilot seems to be about the same stage in car autopilots as the WW2 autopilots (eg the Sperry A-5 autopilot) were in aviation autopilots.

(The Sperry A-5 could fly a plane on a straight and level path - a modern autopilot can be set to do an entire flight from takeoff to landing - even some of the better consumer drones can now do this.)

16
0

Domain name sellers rub ICANN's face in sticky mess of Europe's GDPR

Duncan Macdonald
Silver badge

Turn off WHOIS

With GDPR and the stupidity of ICANN, the only reasonable alternative for registrars in europe is to turn off WHOIS - cut the data feed or replace the data with dummy lines saying "Removed due to GDPR". If ICANN complains then inform them that laws trump their contracts.

(If a WHOIS service uses cached data rather than the dummy data, the service would be the liable party - not the registrar.)

21
1

You love Systemd – you just don't know it yet, wink Red Hat bods

Duncan Macdonald
Silver badge
Flame

Anchovy pasta ?

Yes - for people with fish allergies.

Systemd seems to me to be an attempt at "Embrace, extend, and extinguish" .

With some time any reasonable competent programmer can follow init scripts and find out where any failures in startup are occurring. As init is purely driven by the scripts there are no hidden interactions to cause unexplained failures. The same is NOT true of systemd.

The source of systemd is 15628582 bytes in size - the source of sysvinit is 224531 bytes (less than 2% of the size). (Both sizes from zips of the sources downloaded today - does not include config files makefiles etc - only the contents of the src directory.)

It is of note that the most widely used Linux kernel of all - (the kernel in Android) does NOT use systemd

33
0

Risky business: You'd better have a plan for tech to go wrong

Duncan Macdonald
Silver badge
Mushroom

The deadly outages are software

A software system that fails some extended period after installation (eg because a fixed size table filled up or a database size limit was reached) can easily cause extended downtime. Unless the development team is in house then the fault will have to be reported to the development company who will then have to try to find someone to understand the problem and fix the faulty code. (If the original development team has been reassigned to other jobs then the fix may end up taking several days.)

0
0

Measure for measure: Why network surveys don't count what counts

Duncan Macdonald
Silver badge

Try including the "not-spots"

Many places in the Scottish Highlands have NO mobile service. (let alone data!!!)

In the largest town on the Isle of Skye (Portree) there are many dead zones with no coverage on any network (i.e. not even emergency calls). To make a mobile to mobile call there requires that you are in a zone with mobile coverage - and then hope that the person that you are calling is also in such a zone.

For people in such areas, phone calls and texts are important - video and data are completely unimportant (as they are never available). (Text is often more important than phone calls as a text message can be sent and the picked up when the recipient is in a zone with mobile coverage.)

1
0

Microsoft's latest Windows 10 update downs Chrome, Cortana

Duncan Macdonald
Silver badge

Re: Forced updating - disable the Windows Update service

If you want updates to occur only when you want then disable the Windows Update service. Then when you want the updates to occur re-enable the service and perform a check for updates. Once all the updates have been installed, disable the service again.

3
1

It's not rocket science! Actually it is, and it's been a busy frickin week

Duncan Macdonald
Silver badge

Liquid fueled thrusters

If the main stages are all solid fuel then the final stage (or the payload) has to have liquid fueled thrusters to make up for the inevitable inaccuracies in the solid fuel stages. (A few kilograms of fuel on a 1000kg satellite can make up for a considerable inaccuracy in the main stages burns. As the satellite is already in orbit, high powered rockets are not needed - just relatively large fuel tanks.)

17
0

Chinese boffins on 3D XPoint: If it works like phase-change memory, it's probably phase-change memory

Duncan Macdonald
Silver badge

How long ?

Before someone uses an electron microscope on the Xpoint chip to give a definitive answer?

5
0

Revenge pornography ban tramples free speech, law tossed out – where else but Texas!

Duncan Macdonald
Silver badge

Re: The logic of the ruling is scary - no it is sensible

I would agree that the clause is too broad - under this rule showing a picture to a friend would be an offense. If it was restricted to publishing on an online network (or a newspaper) then it might possibly be reasonable. Ask yourselves - have you ever shown a picture of a previous girlfriend (or boyfriend) to someone ?

With that clause, it should be easy to get the law thrown out in a federal court as violating the First Amendment.

2
0

Chinese web giant finds Windows zero-day, stays schtum on specifics

Duncan Macdonald
Silver badge

What ?

What are they good at ?

19
2

Amazon, LG Electronics turned my vape into an exploding bomb, says burned bloke in lawsuit

Duncan Macdonald
Silver badge
Mushroom

200W ???!!!

The safe short term discharge limit for 18650 type cells is in the order of 10 to 20 Amps depending on the cell type and quality. This gives under 80 watts/cell. To take 200 watts from a cell implies EXTREME OVERLOAD. Even with very good cells I would not expect a long battery life (possibly 50 cycles vs the 500+ that is possible with sane discharge rates). For anything less than very good cells, I would expect battery failure - possibly safe by blowing the internal protection or else by the battery catching fire.

This person is obviously a complete idiot and should therefore take up politics!!

11
1

Musk: I want to retrieve rockets with big Falcon party balloons

Duncan Macdonald
Silver badge
Mushroom

Re: Errr.. Why?

In which case the White House is the perfect landing zone (especially if there is still a few tons of propellant left)!!

15
0

Cray snuggles up with AMD: Clustered super CS500 lets in Epyc chip

Duncan Macdonald
Silver badge

PCIe lanes

As an EPYC 7000 configuration gives 128 PCIe lanes (either 128 from a single package or 64 from each package in a dual socket configuration) only having 2 3.0 x 16 PCIe slots seems to waste one of the main strengths of the EPYC.

1
0

ZTE now stands for 'zero tech exports' – US govt slaps 7-year ban on biz

Duncan Macdonald
Silver badge
Black Helicopters

Real risk ?

Is there really a risk to users from the products or is the risk that GCHQ has not got a backdoor into ZTE products?

I will only believe warnings from GCHQ when they are backed by facts from non-governmental sources. Like the NSA and the rest of the Five Eyes group, their credibility is near zero.

29
7

Apple leak: If you leak from Apple, we'll have you arrested, says Apple

Duncan Macdonald
Silver badge
Mushroom

First Amendment ?

Leaks to the press are classified as speech and as such are protected by the First Amendment.

The only "arrest" that Apple could legally do is to get company security to escort the person off company property.

They might have a breach of contract case against a person who leaks to the press but that is a civil action with no right of arrest.

22
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018