* Posts by Tom 13

7608 posts • joined 10 Jun 2009

Q: How many guns to arm nine coachloads of terrorists?

Tom 13

@John Brown (no body)

For the context of comments above, it seems that in the UK coach refers to a small train car as opposed to a decent bus. Here in the US, assuming you can find a a passenger car, it would likewise be insufficient for more than two cars and that's assuming the absurdity of one weapon per terrorist.

1
0
Tom 13

Re: The BBC just quoted the Detective

Isn't it even worrying that a BBC reporter mindlessly repeated what the government plod said?

They do have the option to NOT quote him.

2
0
Tom 13

Re: well we just use millichucks then

Still not enough guns in the world.

And remember, Chuck uses TOWs instead of derringers.

1
0
Tom 13

Re: Precisely

And that's assuming you don't double up on rifle/pistol which is a really silly assumption. I'll grant the machine guns are the tough part of the calculation as they vary in size. I'm assuming they're using the military LMG as opposed to a decent HMG or what passes for a machine gun in Hollywood flick these days.

1
0

Apple must help Feds unlock San Bernardino killer's iPhone – judge

Tom 13

Re: US ambassador that they found in a bar

Not very smart are you. The whole point of diplomatic immunity is you can't legally do anything to an ambassador. So it would actually be against international law for them to seize the phone in the first place.

Try again.

1
0
Tom 13

Re: his work phone issued by the county.

I hadn't heard that. You're quite right, that makes this an even more interesting case.

I work for a government agency and part of securing the phone is installing software that does allow the user to reset the PIN in case they forget it. Most of the time we in IT can't use that route because the reset is tied to the email of the person owning the phone, but in a case like this we could be authorized to change that password so we could perform the PIN reset. It's not entirely foolproof since the agency does allow people to use personal Apple ID accounts, but even then you should be able to find the appropriate account, get the court order to reset that password, then proceed with the PIN reset.

0
0
Tom 13

@werdsmith

If it had a fingerprint reader would it necessarily work? Or to frame the question even more clearly: Do YOU trust fingerprint readers on mobes to work?

I sure don't and I don't really keep anything on my phone that NEEDS protecting. Instead I use a PIN I can easily remember.

0
0
Tom 13

"It’s technically possible for Apple to hack a device’s PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.

"Theory: either NSA/CIA dragnet and cryptanalysis capabilities are severely limited, or this is a test case to see how the courts respond."

For a security expert this guy is really stupid.

By and large the opinion of the security community has been, unless the device is truly secure, as in Apple can't hack the device, it isn't secure. If Apple can figure it out, so can somebody else, in particular state sponsored groups, but possibly including large or at least wealth criminal enterprises. So Apple set out to meet those requirements and thus far their defense has been precisely that even THEY can't hack the phones.

As to the second part, there is no need to test the courts. Apple is not charged in the crime, nor are they married to any of its perpetrators. Therefore once the Judge signs the warrant from the FBI, Apple MUST supply the evidence demanded if they are able to. In fact, what the FBI has done negates the usual criticism of privacy advocates that the police are attempting to circumvent established legal procedures.

That being said, I have to wonder why the FBI are so focused on the phone. If the perps had an Apple account and were backing up the phone using that account, it certainly is within Apple's ability to change the password on the account which would enable the FBI to download the data to an unencrypted device.

0
0

Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants

Tom 13

Re: The need to define issues in black and white terms

Yes, but I would say there's still a fair bit of crow for the free *nix crowd to eat on this one.

- The bug has been out in the open for more than a year.

- It seems they DID opt for obscurity while fixing it because it was too sensitive to do in public.

While I regard the second item as prudent, it's pretty much been an article of faith for the Penguinistas that work needs to be done publicly and ALL vulnerabilities disclosed publicly as soon as known. Hell, they've even criticized Google for giving a 90 day grace period on vulnerabilities.

All in all I still think the *nixes are more secure than the commercial offerings. But the Wintards aren't the only fanatics in the flame wars.

1
0

Stray electronic-magnetic leaks used to harvest PC crypto keys

Tom 13
Devil

Re: according to strict clean-room article-reading principles

I prefer the double clean, skip the article and comment strictly based on other comments. That's the meat of it anyway, right?

0
0

Good thing this dev quit. I'd have fired him. Out of a cannon. Into the sun

Tom 13

Re: Some people think that careful planning

You're right, careful planning won't get you there the first time. But without it, you'll have trouble making it there in merely 3 iterations. As to the point about covering only the contingencies you've thought of, that's where having at least one old fart on the project is usually helpful. He's run into many of those contingencies you didn't think of, and since he now bears the scars of having done so they're on his permanent checklist.

Not a programmer, but I have been the old fart doing the meeting planning with a plethora of young guns chomping at the bit to do something differently because it has to work better than what we're doing. Except that was the first thing we tried and it didn't work.

I left in disgust some years ago. While I was there we paid someone to write custom software for our registration/sales table/art show activities. ALL of our data was kept on the local server. As in, two weeks before the big meeting, the data on the web servers was copied to CD/DVD then copied onto the show server. It was the only time I've ever seen three drives set up as a mirror and spare and I was the guy who did it because it made sense for our particular needs (3 day meeting over the weekend, no way to get replacements while at meeting). The Young guns pronounced it stupid and replaced it with a cloudy system because that's what EVERYBODY is doing these days. First day of the show, there was no internet for their system. Second day of the show they were trying to run over some phone generated wifi hot spots. Reg line never didn't clear until Sunday. For some reason, they never saw that coming. Oh, and yeah, when I was doing it the head of reg had two sets of very, very thick books. Yep, they insisted on a printout of every registration just in case the computers went down. Smart woman. Then again, two years into her new job she went to the safe to pull out the 10 year old floppy disk with critical data on it only to discover the floppy had demagnetized.

3
0
Tom 13

Re: why aren't they just running a 'find and replace'

Well, let's take the example provided.

If you run a find for 'spel' and replace each instance with 'spell' when you are done you will have 'spell' and 'spelll' as your new variable names.

Yeah I know. The best way to do that find is to look for 'spell ' and replace it with 'spell '. Alternately you can do a second search and replace all instances of 'spelll' with 'spell'. BUT, do you really want to trust the sort of people who can't spell correctly in the first place to do this sort of thing?

No, I'm not a programmer. But once upon a time I was the English major writing the instruction book for an object oriented language to be used in a proprietary control system. So you'd have commands like 'OpenAppliance' or 'IfOpen'. Hand checking the text was the only thing that really worked and spelling was my second worst subject in school (worst was always math, slight dyslexia). The two months I spent working on that was the worst year of my life.

3
0
Tom 13

Re: on floppy disk and want it installed on the managed desktops

Be thankful it was at least on a floppy disk. Could be worse; it could be magnetic tape or even punch cards.

3
0

Cybersecurity is slowing down my business, say majority of chief execs

Tom 13

Re: we've got two firewalls

For some reason when I read that I thought back to the guy I met who was running both Norton and McAfee real-time scanning under DOS 6.0 with Windows 3.0.

0
0
Tom 13

Re: Security is an enabler

Maybe it should be, but it isn't. Because most of the time the safest course of action for the security guy is to say no. I also see way too many box checkers in the business: "This checklist says we need to implement this policy" even though the subsystem the policy was written to address has been altered radically and that control is no longer relevant to the way the new subsystem functions.

0
0
Tom 13

Re: Challenger doesn't need O-rings that don't turn brittle

As I recall, the issue wasn't so much that the rings got stiff (not brittle) in cold temperatures. It was that middle management chose to ignore the recommendation of their tech people because they (he? IIRC it actually came down to just one dipshit close to the bottom of the information feed) didn't want the President to miss his photo op.

2
0
Tom 13

@Alister

While the overall analysis is good, I suspect the issue here is more the location of the fine than it's magnitude. Since the fine comes off company profits, it's rounding error. If it came off the CEO's salary, I don't think doing proper security would be such a problem.

1
0

GCHQ intel used to develop Stuxnet, claims new documentary

Tom 13

Re: You can take this declaration of war

Nope. Iran declared war on the US way back in 1978. Since there hasn't even be a truce let alone a peace treaty, a state of war has existed ever since.

3
1

Voyager 1 now 20 BEEEELLION KMs from the Sun

Tom 13

Re: keep us in the dark while they assemble their invasion fleet.

That's okay. We have it on good authority that Fido's got this one.

6
0

Xen forgets recent patches in new maintenance release

Tom 13
Joke

Well this is NOW.

That was Xen.

Sorry, I just couldn't resist.

3
0

Ransomware scum infect Tinseltown hospital, demand $3.6m

Tom 13

Re: Whare are the NSA / GCHQ whe you need them?

My money would be on an HR person.

They're expected to expect unsolicited resumes, which is the perfect vector for this kind of crap.

0
0
Tom 13

Re: Air F**king Gap

Seems to me a smart IT manager would make the case that strong IT security is PART of ensuring patient confidentiality. You sure as hell aren't keeping your patient records confidential is somebody you don't know in Scamiganistovia pwns your network.

0
0
Tom 13

Air gaps didn't help the Iranians protect their nuclear facilities from Stuxnet.

Sadly that pox is now out of the box and the malware miscreants will use it.

0
0

Streetmap's lawyer: Google High Court win will have 'chilling effect’ on UK digital biz

Tom 13

Re: There is no UK 'digital' industry and never will be

It's not limited to the UK. In fact, the same thing applies within the US. If you are a start up you can't hope to survive if Google spies your business. There was a time this was also true for MS; not sure it still is. This is why anti-trust laws were established in the first place.

0
0
Tom 13

Re: Best of Breed

Since I haven't used the API's I won't dispute your characterization of them.

But even as 'Merkin, I have to say this decision looks corrupt from top to bottom. Initially I was going to object that "appreciable" was a reasonable standard. But after seeing that Streetmap (which I've never heard of before today) had evidence of exactly the sorts of losses I would qualify as "appreciable" but the judge excluded them because they weren't direct, that objection pretty much falls away.

I hope there's some way for this case to be reviewed, and a solid Biatch Slap delivered to the culpable judge.

1
3
Tom 13

Re: They weren't deciding a policy, just implementing an existing one.

The decision to exclude a whole category of damages is a bit more than "just implementing the existing one." I'd say it does in fact change policy since it changed the prevailing interpretation at the time the policy was implemented.

1
0
Tom 13

Re: competitors are allowed to undercut one another

Only when they don't hold a monopoly position in the market, which Google clearly does for search.

1
0

Higher US Fed interest rates will hit startups over the head

Tom 13

Re: Negative and near-zero rates have extremely deleterious effects

While your analysis isn't bad, it skips the elephant in the room that the FED and other interest setting orgs DON'T want us to talk about.

The whole theoretical reason we went on this bender was they were worried about us going into a deflationary period. Is there anything more deflationary than having to pay some negative interest rate on top of all the other banking fees?

0
0
Tom 13

@Charlie Clark Re: The FED my be reversing that 0.25% rise

I agree except I in this case it isn't just about hitting targets for the quarter. The FED is propping up the entire economy.

I wasn't a big fan of TARP when it was proposed. But it at least addressed the root problem: all that bad MSB debt. But a funny thing happened on the way to implementing it. Instead of actually buying the MSB debt, it got diverted elsewhere and the MSB debt was left in the system. So the castor oil flavored ipecac we were all forced to take didn't even address the issue it was supposed to address.

Yep, not a good place at all.

0
0
Tom 13

Re: The FED my be reversing that 0.25% rise

If you raise/borrow money and assume that rates will stay this low forever then you need your head examined. If you do your business plan and cater for them to be say 3% then anything less is a bonus and 'embiggens' the bottom line.

This OUGHT to be true. I'm not sure that it is. The FED has ironically fallen into a money trap. With economies depending on 0% (or lower) interest rates, when they try to bump them they kill economic growth. This is NOT a good place to be. When the next inevitable bust happens (and I wouldn't in any sense claim we've had a boom in the interim) they don't have any tools left in the tool box. And with governments around the world embarrassing drunken sailors with their profligate spending, they don't have any tools either.

0
0

Elasticsearch cluster in a jiffy: Step by step

Tom 13

Re: before buying these off the shelf how to guides?

Not sure there was any buying involved. Vendors almost invariably let you reprint their PR fluff pieces for free. Especially when you don't even edit them.

I'm not in DevOps, and I don't even play much with VMs. But this reads like the sort of stuff I use to copy wholesale for one of our newsletters back when I was still in the desktop publishing biz.

0
0

Shopping for PCs? This is what you'll be offered in 2016

Tom 13

Anything that follows an opening line of

confirmed by a nice little bump in sales over Christmas, due in part to Windows 10. is of questionable value.

Windows 10 ain't bumping purchases. If anything, it is retarding them as people desperately cling to the OS they prefer. To the extent buyers are increasing purchases, it's either growing businesses that need more kit, or increased hardware failures on old stuff.

As for USB-C replacing the proprietary dock, I don't see it. I will grant I hate the proprietary dock, or at least the expense typically associated with it. But there's a reason we buy them that I just can't see USB connectors fixing: Unplugging from that proprietary dock is a button push and putting it in is just snapping it in. Business/government users may also have to fumble with a cable lock, but the USB won't take that away so it is a wash.

No matter how you look at it, with "the big vendors" down to 3 and that pretty much being the market except for roll your own, 2016 is going to suck for buying hardware. With more vendors consumers actually have a shot at dictating what gets built. With only 3, the vendors are absolutely in the driver's seat.

1
0

Carly Fiorina makes like HP and splits – ex-CEO quits White House race

Tom 13

Re: HP?

Well there's at least one lie in that post:

losing their entire 401K plan

You can't lose your entire 401K plan. That's it's big benefit over a pension. Any money YOU put in the plan is yours. You also can't lose your vested money. You can only lose whatever unvested part of it exists.

0
1
Tom 13

@allthecoolshortnamesweretaken

Actually that would be $Hrillary. Fiorina would be more India or Pakistan.

0
0
Tom 13

another was forced to resign after passing classified information to his mistress. Fiorina said she stood by her statement.

Given the general was forced out for far less serious offenses than the ones $Hrillary committed and that the general was decried but 0bamaphiles with the name General Betrayus long before the mistress scandal was revealed, she still has a valid claim on that one.

I suspect the other one you are trying to discredit was the one was widely expected to be renewed as an apolitical appointment and which The Big 0 politicized by not doing so.

I'm still happy to see her gone from the campaign trail, but I will give credit to the lady where it is due.

0
0

Crims unleashed IRS-stabbing malware in bid to rob 464,000 people

Tom 13
Unhappy

Re: don't even check if your signature matches the credit card.

Mostly that stopped in the US about 10 years back.

These days we're up to, under $25 you don't even have to sign because it's cheaper for them to eat the fraud than it is to pay to keep the tracking paperwork. Granted I expect half the time they foist the fraud charges back to the users who mostly don't challenge them.

0
0
Tom 13

Re: Was a Bot farm required to pull this caper off?

But think of all the money they save by not printing forms!

/end sarc

Where are the two bullets and bottle of vodka when you need them?

0
0
Tom 13

You'd think someone filing your tax return for you would be doing you a favor.

Not if you're a 'Merkin you don't.

For us, the IRS is sort of like National Healthcare is for you Brits: the unavoidable place all your vital information is kept with complete crap security on the front end. A fair number of Americans qualify to use the EZ form. Someone with a 4th grade education in math can complete it, especially on paper. But they don't distribute those once ubiquitous forms forcing these same people into online forms. Worse, the state have done the same thing, only they don't put up the online forms. Thus forcing people to use Quicken (in the form of TurboTax), H&R Block, Jackson Hewitt, or some other very overpriced agency to file their taxes ($250 once because I had three jobs and three bank accounts. I paid it because H&R comes with a small bit of liability shielding and there was unemployment income in that set.)

0
0

Andreessen stokes the Facebook Free Basics ‘colonialism’ row

Tom 13

Re: Paternalistic, undoubtedly, but colonialist?

I find this distinction to be quite like that between marxism, socialism, and communism: of real interest only to academics who would argue about how many angels can dance on the head of a pin. In both cases the root cause is such that for practical purposes there is no difference. Thus making the distinction is of use only to those who wish to distract from the immorality of the underlying assumptions.

And yes, in India I'd expect that to the extent there is a differentiation, it will be lost because of it's history. But that's another outcome of the marxist/socialist/communist worldview.

1
1

Japanese boffins fire up 100Gbps wireless broadband connection

Tom 13

Re: Access Point in every room

If you have to have structured cabling in the wired format to begin with, why not simply bring it to a port on the wall?

I was excited by the headline but the caveats pretty much annihilate it.

1
0

Women devs – want your pull requests accepted? Just don't tell anyone you're a girl

Tom 13
Joke

Re: (There are some mysterious aspects to the paper. What is "Michael's tool"?)

I don't know. But I hear there are a couple of companies in Van Nuys, CA that want to know if it's insured.

0
0
Tom 13

Re: Incorrect extrapolation

I'll only call you patronising if you automatically think someone needs more help and encouragement simply because they're a woman

Well then your first targets need to be the SJW types, including the authors of this so called study, because they are the most prominent promoters of precisely that bit of sexism.

0
2
Tom 13

That's actually pretty hard. It's not nice being separate from most of your friends in several of your classes or being the odd one out.

That's NOT the fault of the men. Your numbers aren't wrong. I was in Astro, we had one woman out of 12. In the physics classes the numbers essentially doubled. But in both instance the men were more than happy to see women in the classes and fell over themselves to help them when asked. And I was in college before you, so according to the SJW types, we Neanderthals were supposedly more numerous and less restrained.

0
1
Tom 13

Re: I expect votedowns

Firstly, whilst institutional sexism does exist, my encounters have always been based around a few bad eggs.

That's a complete non sequitur. Either it is institutional (exists everywhere and in all institutions) or it is a few bad eggs. By definition it can't be both.

It's this sort of sloppy thinking that gets SJW types into trouble and why the anger in the backlash is growing.

0
4
Tom 13

Re: the five best techies

I've only met two I'd put in the class of best, both were male. The first was a programmer on level with Torvalds except without the penchant for profanity. (Yes this programmer like Torvalds actually wrote his own operating system.) He was one of those rare people who actually could do two complex tasks at once. He would often continue typing reports when you went to him to discuss a particular issue. The second was the tech who trained me for desktop support. He had a knack for knowing how something had to be configured even if he'd never seen the OS before. The only thing that slowed him down a bit was his first exposure to BSD.

The two worst technicians I've ever dealt with were both female. The first was a paper cert MSCE working at a local private school district. The school made a deal with a local ISP to get a single dial up login account for all the students to use. Their OS was Windows 95. To hide the password so the kids wouldn't be able to use the school account on their home systems they were creating the dial up adapter from the admin account then having the kids log in. She didn't understand why the kid's account didn't have the dial up adapter credentials there.

The second was a network admin at the company that absorbed the one I was working for when the above incident took place. Most of the time she had no opinions of her own and merely echoed whatever the consensus of the other techs was. This was when she was at her best. If she actually formed a strongly held opinion, even if you had documentation it was impossible to prove she needed to change it. At one point the company was in two locations and decided to consolidate into one location. One location was running Novell, NT 4.0, and Win95/98 desktops. The other was running strictly NT 4.0 and Win95/98. They decided that with the move they would also upgrade to 2000 Server and eliminate the Novell segment. We got all the systems migrated to the new domain. As you would expect all these changes led to an abnormally high call volume for the Service Desk. One problem in particular was perplexing. People would lose their connections to the server in the middle of the day. With access to the server lost, they'd get "Disk Full" errors when trying to save any document they had been editing. We hit upon the solution of saving it locally and rebooting the PC. With the connection newly established, they could copy the file from their local drive to the network. It wasn't everybody, but at least 20% of our users were having the problem. We built new systems for a couple of users but the problem persisted. Finally that second tech I mentioned above found the article addressing the problem on Tech Net. Because of the vagaries of the merger process, he wound up being low man on the totem pole for the network tech team. Despite having article in hand which precisely described our problem, Miss Head Bitch in Charge would NOT make the necessary change because "it involved manually editing the registry and you NEVER want to do that." We went for another full work day before the combined network team was finally able to prevail upon her to let them make the change. With the change made the problem went away. (Underlying issue was that the MS IP stack at the time was so bad, they set a time out on the Windows 2000 server. Not a problem for w Windows 2000 workstation because it would send a reconnect signal when it saw the drive was disconnected. Windows 95 didn't have that functionality, so the timeout had to be increased. The users who weren't having the problems had sufficiently frequent activity that they didn't experience the timeout.)

Now, I will grant that on a raw basis the second woman wasn't a great deal worse than one of our other male techs. There were two things which made him tolerable. First, you could use tech articles to convince him what he was doing was wrong. When you did so, he would thank you for it. Second, he wasn't promoted above his competency level because of his sex. It is this second problem that keeps getting the sex warriors into trouble. Because they keep looking only at numbers and not quality, incompetent people keep getting promoted. And those incompetent people outdarken all the other lights that are advanced. In fact, I'll bet some of those lights avoid promotions precisely because of the incompetents.

0
1
Tom 13

Re: @Pascal

they're in no position to draw conclusions like these.

Particularly given their own study calls into question their conclusions: the differences disappear when the contributors are well known to the inner circle.

If it's purely a gender thing, it would exist across all lines.

1
1

Hollywood gives up speculative invoicing attempt in Australia

Tom 13

Expect the decision to be overturned.

1. "By setting the bond at $600,000, he figured he would wipe out any profit the film's owners might make by contacting pirates." This particular behavior on the part of the judge should get him disbarred. It is the equivalent of telling them he doesn't give a damn about their right they can just f*** off.

2. "thought it right that proven pirates pay not much more than they would do to rent the movie." and "He reached that decision after rejecting arguments that torrenting a film is tantamount to distribution" At best the correct price absent proof they've deleted it from their systems is the retail price of the DVD/Blueray in Australlia. But given he went for torrents, he showed complete disregard for the actual statute and again should be disbarred. By definition when you stream torrents, you ARE distributing. That's the whole POINT of torrents. Which again means he should be disbarred.

It doesn't matter how much you hate the pigolopolists and their abuse of the law, you still have to abide by it or it ceases to be the law. This is all the more apparent in the bits he upheld are the bits that I actually find problematic from the standpoint of the law. The problem I've always seen is connecting a given user to the publicly visible IP addresses. For me to be satisfied they've correctly identified the perp, they need the IP address, a MAC address, and the time slot and it would have to have the equivalent of a perfect CSI chain of evidence custody to confirm it.

0
10

Building automation systems are so bad IBM hacked one for free

Tom 13

Re: Another Dept.?

IT's got enough headaches on their hands without adding facilities to the list.

0
0
Tom 13
Facepalm

Re: Sadly unsurprising

Purchasing too - often the people who buy the equipment now will save 10% on physical kit, even though it costs them more in labour than that saving - because they're bonused on saving purchases and don't even talk to the site engineers.

That's a problem that's not specific to BMS. A friend of mine works for the Navy. About a year ago he sat on a committee that was reviewing plans for installing something on a sub. The build guys chose an easy to install solution for the device. Well, easy for them because they were working up from the frame. Once it was in place there was something placed over it. So if something went wrong with the part, they'd spend $100K removing the second device before they could get to the first. Oh, and yeah, the navy was expecting that first device was going to need maintenance about once every 3 years. Since my friend worked on the maintenance side of the house they raised serious objections and thankfully got an alternate installation specified. It cost an extra $100K on the build side, but you made that back first maintenance on the boat with a 30 year life expectancy.

1
0

Canonical reckons Android phone-makers will switch to Ubuntu

Tom 13

Re: Make it easy to port..

When I read your title, I thought you meant the data which is still a PITA on just about any phone. The problem with that of course is none of the manufacturers give a rat's ass about that, only the users.

And yes, I DON'T update my Google contacts with people's phone numbers because of privacy concerns, which means I DO need to put all those damn numbers back in whenever I change phones.

0
0

Forums

Biting the hand that feeds IT © 1998–2018