* Posts by Tom 13

7611 posts • joined 10 Jun 2009

Why are there so many Windows Server 2003 stragglers?

Tom 13

There is no money in a software house rewriting the software on spec

Transparent bollocks. If the server is going away and you're in the industry and no one else rewrites the software while you do, you move first and kill their markets. Yes, you might need some vc capital to do so, but that's totally doable.

Dossiers on US spies, military snatched in 'SECOND govt data leak'

Tom 13

Re: I'm still not believing this...

How do you air gap it and still leave it instantaneously available to nearly every other federal department at all of their locations? The two are mutually exclusive. Given our current environment the immediate access concern won out over the air gap concern.

How much info did hackers steal on US spies? Try all of it

Tom 13

Re: Politicians ?

Nope, they get their security clearances by fact of having been elected. No other paperwork needed. Their staff on OTH ...

Tom 13

Re: Dear US of A

OPM is the clearing house for every other agency across the country. How else to you manage that other than an external facing network? No, really; how do you do it? Army, Navy, Air Force Marines, Coast Guard National Guard, okay maybe them you can put on secure PCs on the mil net. Dept of Energy? Dept of Commerce (NOAA/weather, FAA)? Dept of Treasury? Dept of Homeland Security? NASA? Dept of State? Dept of Veterans Affairs?

You need immediate access across multiple locations. Maybe you can make the case it shouldn't be on the internet, but even that's problematic. Yes it should have been secured better than it was, but simply not public facing won't meet system requirements.

Tom 13

Re: Just direct employees? Or also contractors' employees?

It's a question OPM is mostly dodging for the moment for the first breach (technically tepid denials), on the second the answer seems to be yes both types of data were compromised. And really, if you're thinking about it from the black hat angle, both databases have value if not necessarily of the same type. If you've got a fed you probably have deep penetration, with a contractor you might get wide penetration.

Tom 13

Re: discovery will lead to questions being asked about the resources being spent

Why? They're two completely independent questions. What you want cut off is about collecting data on potential threats. The OPM breach is about protecting known targets.

Tom 13

Re: almost anyone can walk in and look round any US Gov/Mil computer

No, not the Mil computers, OPM. Trust me on this. My roommate has enough trouble logging into his work computer every day and he's authorized to do so. The secure one? Yeah, that's an even bigger PITA.

The problem is OPM forgot ignored the fact that since those records constitute the underpinnings for the whole security infrastructure, so when collected into a single database it requires one grade above Eyes Only clearance.

Tom 13

Re: they will only correspond by telephone.

Be thankful they do.

The "free security" OPM is offering as a result of the breach? Yeah that's right government is distributing the notification in unsigned email asking those who have been affected to go to a website to register. If you have the temerity to call them, they refer you to their website while keeping you on indefinite hold. Absolutely no chance for fraud there sir, none whatsoever.

FTC lunges at Kickstarter bloke who raised $120,000 – and delivered sweet FA

Tom 13

Re: it's the US...

Actually I can see the potential for that (although copyright, not patent*), but from Hasbro not the Kickstart scam artist. Presumably Cryptozoic have been in the business long enough to have had their lawyers talk to Hasbro and that's all clear.

*The board layout and cards look like a straight ripoff of Monopoly.

Tom 13

Re: Why did the FTC spend your money on this?

In this case it sounds like the guy wound up with tangible assets as a result of the scam. I'm all for the FTC seizing those regardless of whether or not someone besides the scam artist is trying to make the investors whole. Besides which, if he skates, he might try it again.

Microsoft picks up shotgun, walks 'Modern apps' behind the shed

Tom 13

Re: therefore looks rather a lot like running up the white flag

Nope, this is only a retreat. I'll only consider them to have run up the white flag when they do away with the drive to the subscription model.

Vintage Ask toolbar is malware – and we'll kill Jeeves, says Microsoft

Tom 13

Re: Java next?

The current toolbar does not exhibit malware like behavior, therefore ASK is not installing malware. The old toolbar exhibits behavior which is now considered malware, but was not considered malware at the time it was issued. ASK has configured their legitimate toolbar to update automatically. Therefore any toolbar which claims to be ASK and is exhibiting the malware behavior is malware.

So sayeth the marketing drones and lawyers. So let it be done.

You may now return your brain to normal logic mode.

4 new twists that push the hacker attack on millions of US govt workers into WTF land

Tom 13

@thx1138v2

Actually, most us citizens are better protected than this (at least on paper) than the federal employees were. If a private company were this lax with employee data, they would have been sued out of business long ago.

Gonna RUB MYSELF against the WALL: Microsoft's Surface Hub 84" monster-slab

Tom 13

@DeeCee

Wouldn't you rather have it done by a giant octopus with frickin' laser beams on it's head.

Future Range Rovers will report pot-holes directly to councils

Tom 13

Re: Marvin is back..

The car park now has potholes?

Them be some mighty big gophers ya'all got there.

Tom 13

Re: Councils just get a bundle of data without the expenditure of money, time and effort,

Pointless. A couple months ago a buddy of mine lost two wheels (not tires, wheels) to a road in Philadelphia. There's no way in hell they didn't know that road needs to be repaired. It wasn't a case of trying to avoid some potholes, it was a matter of deciding which potholes offered the best chance at successfully traversing the road.

Tom 13
Unhappy

Re: Issue all councillors with Range Rovers ...

Why? They already have chauffeurs to avoid the potholes.

Teaching kids to code is self-defence, not a vocational skill

Tom 13

Re: Making "coding" a priority is a big mistake...

Schools today teach kids to memorize the trivial

Schools still need to teach some wrote memorization. Adding, subtracting, and multiplication tables for 1 to 9 for example. You need those basics before you can proceed to teach thinking. Given what you wrote, I don't think you meant to imply it is irrelevant, but in the current environment it needs to be stated clearly. Too often I see chowder heads take your entirely correct criticism and extend it to all memorization, which defeats what I believe your intention are.

Tom 13

Re: Unrealistic and dangerous

You're DNC talking points memo doesn't pass an even cursory reality check. DC schools get more money per student than almost anywhere else in the country yet churn out some of the worst illiterates in the country. Despite all that money they regularly hold "Community Service Days" to have volunteers come in to paint the walls then turn around and beg parents for money to buy school books (assuming they even care about school books in the first place). The numbers and stunts are similar in Philadelphia, Detroit, and Chicago.

Until schools do actually get back to teaching the basics (reading, writing, 'rithmetic) nothing else, including attempting to teach coding skills, will matter. And the truth is, you don't need computers to teach those.

US Congress oils up, jumps over ropes into DNS wrestling match

Tom 13

It also requires that the relevant arm of the Department of Commerce, the NTIA, certify that the transfer meets the five criteria first laid out last year and, more importantly, that the NTIA certify that ICANN has approved and implemented all the bylaws changes that are contain in two upcoming reports from internet community working groups, before the transition occurs.

I thought everybody outside the US thought these bits were required for this to be successful. If so, you really need to keep your vile anti-Americanism in check. This administration has been everything except transparent, and the House's tool for slapping down the Executive branch when it gets out of line is the power of the purse. Which means that funding control is precisely what the House has to do to ensure those things happen. Furthermore, if ICANN had actually done all of those things, there House wouldn't be able to use them to cut funding for the bill.

Config file wipe blunder caused deadly Airbus A400M crash – claim

Tom 13

@1980s_coder

All sorts of possibilities. The two which come immediately to mind:

- that engine happened to be particularly well balanced, so values near zero didn't adversely affect it as badly.

- another safety check in the software that said you had to have at least one engine powered while in the air. That is, the fourth engine can only fail for actual mechanical reasons, not just sensors and if it does fail, you try to start one you took offline for sensor if any such engines exist.

Tom 13

Re: this particular embedded system was constrained to 16K of ROM

Even at 16K of ROM, for a file that critical there should still be an existence check, and probably even a sanity check for the values supplied.

Tom 13

Re: I would not store critical configuration data in a config file.

I when I read that statement in the story I interpreted it as:

Because of variations in manufacture and the tight tolerances of the flight, during installation certain bits of information specific to this engine on this plane are set and recorded for use by the system. So the data will be different for each engine.

How other than a"config file" are you going to store that data? Yes you can argue there should be safety mechanisms to prevent it being inadvertently overwritten, but depending on what else you are updating you might already be in a privileged context anyway.

Yes, I think a check at start up was in order, although in this case it should flash a warning and ground the flight, not supply some default that may cause the same sorts of issues later during flight anyway.

A pause in global warming? What pause?There was no pause

Tom 13

Re: 2 alarm bells from Ross McKitrick

The adjustments MIGHT be valid. If they have the real data to show that the buoys consistently report temperatures that are ALWAYS 0.12 degrees lower than ship data and you can point to a proven physics mechanism that backs it, yes the adjustment should be made.

The problem here is that the data fiddlers have been caught so many times that we don't know they didn't just adjust it because it didn't match their predictions. And throwing out the conflicting data sets really points toward it being data fiddling not a good technical correction.

Tom 13

Re: Just read the paper

6. Now, since buoys are nominally more accurate let's give them higher weights. This would normally be correct, but it's blatantly inconsistent with the previous adjustment - why did you choose to "correct" the more accurate data?!?

This I'm actually willing to accept for sea surface temperature. Two different types of errors. One is unreliability of data because of missing data and variations in taking readings. The other is a shift in data points for a known cause that always points in the same direction by the same amount.

Case in point. Quite a few years ago I worked for an OEM that made column ovens for Perkin-Elmer (The company I worked for actually owned the patent and licensed them to P-E). Part of the contract involved them doing QC on received ovens. They did the tests and started rejecting sets because the data was inconsistent. Our chief EE sat down with them and reviewed their testing procedure. They were simply putting two thermometers in the oven at different places and taking the temperature. Our method involved placing thermal couples on the entrance and exit points for the column. This turned out to be critical. Their method was fine for a traditional column oven that heated from the outside in. If the temperature in the oven wasn't consistent, you couldn't heat the column. Our column oven heated the fluid by direct thermal transfer on the plate. So the temperature in the oven was not necessarily correlated to the temperature inside the column, but the temperatures at the entrance and exit points were.

It's the rest of the problems that bother me.

Tom 13

Re: What we really need

No, the problem is worse than that. Weather is a chaotic system. That means that before you can say anything meaningful about climate change you need to know whether it is a chaotic system with a convergence, or even any sort of stability.

To know that you need a baseline of data at least a couple tens of thousands of years long, and the closer you get to half a millennium the better.

US weather service data is maybe 150 years total and those numbers hold for most of Europe because the US was settled around the time weather was morphing into meteorology. Even at that the only really reliable data comes from the era of satellites, which cuts those numbers in half. Which means there's nowhere near enough baseline to do anything other than throw the bones and tell a good tale when it comes to climate change. With 65 years of data we've finally gotten to the point where our 10 day forecasts are about 50% better than guessing and our 3 day forecasts are about 90% accurate.

Tom 13

Re: Ross McKitrick? Seriously?

Ross McKitrick's PhD is in the one area that counts for purposes of this paper: handling statistics. Atmospheric chemistry doesn't affect that.

Tom 13

Re: We need to know what is happening

You know what's happening, you just don't want admit it.

Does the research come from someone you personally know? No.

Does the published data raise the specter of CATASTROPHE! Yes.

Does the research urge you to CLICK HERE NOW! to fix this? Yes.

That means it's probably malware/spam and should be deleted post haste.

Tom 13

Re: Science

You shouldn't misquote Churchill to support an untenable position. There is a better method of science. Ironically it was pioneered back in the so called Dark Ages. It calls for publishing your raw data, your adjusted data, the reasons for your adjustments, and all of the methodology related to it. Climatology does none of the critical bits. Some of it shielded for national security reasons. Some of it is shielded for patent reasons. Some of it is shielded for trade secret reasons. Some of it is shielded because the data sharing agreements between governments requires it. And the great fear is that the largest part is shielded for naked political reasons. But with all the rest of the shielding you just can't tell how much.

Let's kill off the meaningless concept of SW-defined storage

Tom 13

Re: Please kill "Layer 3 Switch" as well

You posted that wrong. The correct formulation is:

The first thing we do when the revolution comes is ...

Obama issues HTTPS-only order to US Federal sysadmins

Tom 13

Re: Just to clarify one thing...

No, let ME clarify just one thing for you. First, I want you to go read this web page:

http://www.dhs.gov/homeland-security-presidential-directive-12

Done? Okay, you see where that's a Presidential Directive? Not a Memorandum, a Presidential Directive?

Did you notice the date on it? Yeah, yeah, I know you're more concerned that it was W than the date, but look at the date anyway.That's right: 2004 Almost 11 full years ago. It was supposed to be implemented in 5 years. No, it still hasn't been fully implemented. Yes to this day many of us still use username and password for elevated privileges.

This https directive won't fare any better for the same reason that one didn't:

- standard foot dragging

- rules lawyering (e.g., this is an intranet page, not a web page so it doesn't need a cert)

- agencies don't have the money to implement the directive

Tom 13

@craigb

No, that's TEXAS. Here in DC we have to use ROT7 to save money.

Tom 13

@Robert Carnegie

And I seem to recall one of the old arguments in favor of http over https was that with https the browser has to tell the website who you are. With http you might be able to stay anonymous.

Tom 13

Re: US Government who WILL have a genuine secure certificate

BWAH-HA! BWAH-HA-HA! BWAH-HA-HA-HAH! BWAH-HA-HA-HAH-HA! BWAH-HA-HA-HAH-HA-HA! BWAH-HA-HA-HAH-HA-HA-HA-HA-HA!

You so funny! Six years now I be govie contractor. Six years now the first thing I have to do before I take my IT Security Awareness Training is ignore the broken certificate on the website.

BTW: Overheard in the hall today: "Yeah we could get a DOD certificate for free, but most people don't have the root DOD certificates in their browsers." I don't know personally, but since he's the chief sys admin (yes he hates that monkey Windows crap and prefers Linux) I expect he probably knows what he's talking about.

Tom 13

Re: So we cant trust HTTPS then.

You can't trust lead mines. Poison you they will. What you really want is just a deep salt mine.

Rand Paul: I'll filibuster the hell outta the Patriot Act, fellow Americans

Tom 13

@Hollerith 1

At the moment:

Martin "I setup the riots in Baltimore" O'Malley

Elizabeth "Liawatha" Warren

Joseph "Plugs" Biden

Although my money is on the sudden appearance of Jerry "Moobeam" Brown to save the party from its infighting. He'll bill it as "fresh from saving Kali" because they've announced a surplus on the budget.

Les unsporting gits! French spies BUGGED Concorde passengers

Tom 13

Re: Was a "Joke Alert" icon really needed for my post.

Perhaps if you left it blank there would have been room for doubt. Putting the boffin icon up necessitates the downvote, because yes there are people out there stupid enough to believe it.

Tom 13

Re: As long as there has been microphones there has been listening bugs.

One might even claim there were listening bugs before the microphone.

One they like to show off on the tour of the US capital is the spot where John Adams had his desk. The room being an oval, his desk was at one of the foci. His opponents desk just happened to be at the other one. So Adams frequently knew the details of the opposition plan, while he made a point of never having such discussions at his desk.

Tom 13

Re: I'll believe it when I see it.

Nope. If he produces it, that just marks him as a government disinformation agent.

Tom 13

Re: Yes, however, think about all the economic growth it is bringing!

If it's subsidized by the state, that's not economic growth. It's a bubble that's probably only benefiting the corrupt power brokers.

Tom 13

Re: And how is this surprising

More simply, War is the extension of politics when talking fails.

Tom 13

@Yag

Anyone foolish enough to believe the French are allied with him will only learn otherwise when he discovers the knife in his back.

Is that a graphics driver on your shop's register – or a RAM-slurping bank card thief?

Tom 13

they are rarely audited and maintained by dedicated IT security staff, and configurations are often in the default state, including default administrator passwords," he added.

Even in those instances where it isn't the default state, there tends to be a problem with homogenous deployments. For example, in each store the first register is POS01, the second is POS02, etc. So once you've cracked one store all the rest in the chain follow. I was talking with a friend who is part of the dedicated support team for one franchise here in the US. For various reasons that's exactly the way they have to deploy the hardware. Right now they use Windows Update to try to secure stuff. But you have the standard SME problems. Often times the only "real" computer in the store is the one that is also acting as the server for the POS system. So it of course has full browser capabilities and possibly more than one browser installed. He didn't think they had issues with needing to support Java/Flash/Reader but it's still a bit of a mess and difficult to automate reporting in such a way that you can easily audit patching. And yes, they're still running XP while waiting for the vendor to release a Win 7 edition and dreading how the vendor is going to royally fuck it up even though they know they need it. I think he supports about 300 POS terminals across 60 or so stores, team size is 3 and it's nearly 24/7/365 support expectations.

Tom 13

Re: Picture.

You are obviously someone who hasn't looked at any current POS systems. They all come in at least 32-bit color and some seem to prefer 64-bit, especially in fast food joints.

'Stolen' art found on nearby shelf. Police keep looking anyway

Tom 13

@DNTP

"We know where you, and your family, and your friends, all live."

Of course they do! Why else would the NSA have wanted all that library data about you?

Tom 13

@h4rm0ny

No, that's too direct and could get you in legal trouble. It would be more along the lines of:

"You will be most fortunate to have this man catch a thief for you."

Elon Musk: How the Billionaire CEO of SpaceX and Tesla is Shaping our Future

Tom 13

Re: How Much Too Tesla?

I concur about the bloated government part. Because he is actually producing new stuff, I don't hold it against Musk that he takes the freebies the government is handing out against my wishes. I do hold it against companies that beg for and depend exclusively on those subsidies. You know, outfits like Boeing and Northrup Gruman who in my estimation are no better than Airbus.

Tom 13

Re: How Much Too Tesla?

The GM comparison is a complete red herring. Anybody following what happened with the car industry knows GM was just the shell company passing the money through to the unions. The unions financed The Big 0's first campaign as well as his second.

Tom 13

Re: at the salary (and bonus?) levels we're talking here

You've clearly never met anyone working at those salary levels. Like a wage slave few of them are rarely more than a paycheck away from having to file bankruptcy. And in any event being fired is never easy, even if you don't NEED the money.

It is entirely possible the position was unnecessary and she should have been let go. But never make light of being fired, especially someone who has spent a long time on the job and who has never had a bad performance review.

So why the hell didn't quantitative easing produce HUGE inflation?

Tom 13

Re: Changing the CPI basket

I'm not arguing food prices vs 100 years ago. I'm arguing food prices vs. 10 years ago or even 5. Ten years ago I paid $100/week for groceries. Five years ago I paid $150/week. At this point I'm up to $175/week and thinking I need to shift the budget to $200. No they haven't gone up because I buy more expensive food. They've gone up because of inflation. Could I economize more than I already am? Yeah I probably could, but they wouldn't affect the end bill all that much.

Despite the protests from the earlier poster about the 2008 date on the size change of the Mars bar, it is a real phenomena. It happens with the sizes on the bags of chips, the half gallon of ice cream that is now maybe three-quarters of a half gallon, and even the 16 oz can of evaporated milk that is now 14 oz. In fact, the only size that has gone up in my lifetime was soda when it transitioned from the 2 quart container to the 2 liter bottle. And that was more than 30 years ago.

It's known that a number of key elements are excluded from CPI because if they were included the economists brains would go all wobbly because nothing was matching up with their theories. Housing is only one, fuel is another. And yes electronics are overstated. But hey, that gives a constant downdraft on all the other crap that's going up.

Biting the hand that feeds IT © 1998–2019