* Posts by Tom 13

7611 posts • joined 10 Jun 2009

Private space truck ready for ISS trip as soon as NEXT WEEK

Tom 13

Re: Oribtal will either have to seriously under bid SpaceX

Actually I'd expect both contracts to be renewed, possibly at the same relative rates. The government really doesn't like single source contracts. NASA probably saved more than the difference between the contracts on the administrative costs sole source would have involved. And that's before you get into the problems of Congress Critter Mo demanding information about why the competitor in his state/county/city was denied a contract.

IBM spends holiday season wrangling e-tail FAIL

Tom 13

Re: CV Writing...

I re-read the article just to be sure. They don't mention it being upgraded right before the big sales season. More likely the switch was made during an expected slow time this year and has been functioning fine ever since. They implemented some sort of automated expansion function and ran the standard tests which it passed. And since everything has been smooth nobody was expecting problems during the actual stress of holiday buying. Except the standard tests didn't actually tickle the flaw in the setup while the real traffic flow did. And if they implemented this back in February of 2013, everyone involved is probably scratching their heads trying to remember WTF they were thinking when they mapped out the plan.

Coming in 2014: Scary super-soldier exoskeleton suits from the US military

Tom 13

Re: You're also missing the non-tooth applications:

Same thought here. They pitch the tooth application because that's the sexy, tactical thing the congress critters will fund, but the real intention is better logistics which is what the professionals know wins wars.

Tom 13

Re: and I'll say it again....

Because contrary to your fevered imagination, the purpose of grunts on the ground isn't to kill every thing in sight. It's to make it NOT necessary to nuke 'em till they glow.

Tom 13

Re: all that money on doing nice things for people

Actually, we spend more than that doing nice things for people every year. It doesn't work quite the way you think it does.

No, we don't do it through government, because that never works right. We do it through non-governmental agencies, (e.g. churches), and even direct giving.

Tom 13

Re: Any chance...

Sure. Right after all the bad guys beat their weapons into plowshares.

Until then we follow Tubal not Jubal.


Tom 13

Re: until we really can put infantry drones on the ground

Even if we could technically do that, I think we'd still need people on the ground. Pacification is more psy ops than tactical. It's about getting people feeling safe enough around you to tell you the stuff you need to know and allowing them to construct a working local government not intent on killing and maiming people. Since the drone puts you well out of harm's way, I see them undermining that function.

How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks

Tom 13

Well, that settles it, I'm safe.

I might be worth $10K to take out a contract with a mob hit guy, but there's not way to justify spending $200,000 to get little old me.

Seriously people: read the numbers do some thinking. At the cost per op to use any of these gadgets it has to be reviewed at multiple layers in the government agency. Which means they aren't trawling for ordinary people. Ordinary people might accidentally get caught up in it and that will be bad for them. But ordinary people are always getting caught up in bad things big _______ are involved in. That blank can be filled in with governments, businesses, drug deals, terrorism, or labor unions.

Tim Cook gets weensy 1.9% increase - but it's still twice an average joe's salary

Tom 13

Re: Just can't stay away from the Marxist flamebait can you?

No minimally competent economist works in absolute dollars. They work with relative percentages. The key factor in buying decisions is the marginal value of the last dollar spent. If the guy at the top gets a 1% raise and the guy at the bottom gets a 4% raise, the guy at the bottom has closed the gap in marginal value. Unless of course the state has bolluxed him up with a progressive income tax that gives him less disposable income after taxes than he had before he got his raise. But since that isn't under Apple's control, that shouldn't be part of this discussion.

Tom 13

Just can't stay away from the Marxist flamebait can you?

The relevant comparison in this instance would be what were the percentage pay increases for the bulk of Apple employees?

If they've all jumped 3.8% then his 1.9% is modest despite the big numbers. I don't expect that's what happened, but I can't tell from your report.

BlackBerry CEO John Chen: Y'know what, we'll go back to enterprise stuff

Tom 13

Re: But the enterprise has gone...

I think a lot of manager are rethinking their lemming decision to allow iPhones and iPads into the network infrastructure. It's not a manageable device from a business perspective. And as MS has proven again and again, you can't bolt that on as an afterthought. It has to be built in from the ground up. With BB it is. The only danger to the business was that BB might fail and they'd be without the vendor to support the device. If the company has been restructured so that's not as big a risk as it was 10 months ago, you can reconsider your future plans.

If you think you're in the IT business and you aren't working for IBM, HP, Dell, or similar, you'd better think again. Your trade made be IT, but your business is likely something else. And that something else is what you need to be focused on, because it's what you're really there to support. Hell, even IBM, HP, and Dell need to be thinking that way.

Britain's costliest mistake? Lord Stern defends his climate maths

Tom 13

@ bigtimehustler

There are critically important caveats on peer review. The most important one is that the reviewers are neutral with respect to results, or at least the legal framework of equal numbers of non-neutral parties are involved. In some ways it not having been peer-reviewed is a blessing. Even at the time the pool of possible reviewers was corrupted by politics.

Tom 13

Re: one small problem : "both halves of the debate"

Mainstream science was booted out of the room well before Mann should have been sent to the penalty box for high sticking.

Saucy Snapchat addicts EXPOSED: Exploit code to poke holes goes wild

Tom 13


I had the same thought. Their reply is proof the vulnerability is real and they either don't have the clue or the money to fix it.

So who is running the pool on how long it is until 4chan exploits this, just to make some teenage girls/guys cry?

Tom 13

Re: Schools have a very difficult time explaining things like this to kids.

Before schools can explain it, they first have to know it themselves.

You can dance around it, but fundamentally this is a moral consideration. And we've made it nearly impossible for a society as a whole to make moral judgements. Especially about things involving sex/naughty bits.

HTC: Shipping Android updates is harder than you think – here's why

Tom 13

Re: love to know what carrier-specific updating actually needs to be done.

If I were a betting man I'd put half a month's salary on there not being much. However,...

The carrier probably still needs to do the testing for purposes of liability insurance(s). At that point both Samsung and the punter are at the mercy of the resource allocation from the carrier.

Ross Ulbricht: 'Oi! Give me back my $34m in Silk Road Bitcoin booty'

Tom 13

Re: If asset foreiture works the same in the US as it does in the UK

It doesn't. You Brits are bit more civilized about it than we are and will let the defendant keep more assets with less proof. So, yeah, his assets are pretty much toast, even if he beats the murder for hire rap.

Tom 13

@ DavCrav

LOL. Yeah ain't that the truth.

And yet, while we both know that, I don't think it's a legally admissible argument. Even if it is, in all honesty if I were sitting on a jury and that was your primary argument, I'd vote "not guilty" while pining for the "not proven" option. And I'm the sort of guy who'd prefer these types were strung up on trees as quickly as possible.

Tom 13

Re: guberment

Also this is a drug case. Laws regarding drugs are exceptionally draconian, and I say that as someone who generally supports keeping illegal drugs illegal. If:

- someone steals your Rolls Royce,

- you report it stolen to the local cops,

- the feds bust the perp during a drug buy

Initially the feds will seize the car as evidence, and will likely keep it under forfeiture laws. There are some very well funded police departments over here because of these laws.

Tom 13

Re: recognizes Bitcoins can have a cash value

Not even that actually. The statue is written broadly enough that they can seize anything with which the government believes you can influence an enterprise.

Tom 13

Re: Bitcoins don't count as the kind of property

No, no way, no how. Well, ok; if you manage to get it called in front of judge who is already on your payroll maybe. But even at that I'm not sure they risk losing their law license.

Google may not really be your friend, but if you search them you'll quickly find the relevant section of the RICO code under which the assets were seized:

(b) Property subject to criminal forfeiture under this section includes—

(1) real property, including things growing on, affixed to, and found in land; and

(2) tangible and intangible personal property, including rights, privileges, interests, claims, and securities.

- http://www.law.cornell.edu/uscode/text/18/1963

Since he's asserting it is his, it is necessarily either real property or intangible personal property.

Yes you can argue the law ought to be unconstitutional (an argument with which I have a great deal of sympathy), but so far it has been upheld when tested.

Torvalds: Linux devs may 'cry into our lonely beers' at Christmas

Tom 13

Re: even though we are more productive with Linux

Engineering and IT admin folks handling Linux systems will be. They're in the group of people who do still benefit from more power in their IT systems.

Your bog standard office worker..., well, not so much. So they are OS agnostic except for training. So long as MS doesn't frell with the interface it's cheaper to keep them on what they already know than move them to something new that requires training. But when the interface changes the penny is in the air. And given the bean counting advantages of Linux, I am surprised at the low uptake the last time MS crapped on us. Yes, I know there are studies indicating the savings are marginal compared to the TCO of the computer system. But the fact remains that those are exactly the margins that make bean counters happy.

Tom 13

Re: Oi Mr AC!

Not sure if it was a Red Kryptonite Fizzie or just Red Rum. Buy both of those have unpredictable effects on their imbibers.

Tom 13

Re: Give it to a noob

I've never met a Windows noob who got on any better than Linux noob. Some of them are even surprised the foot petal belongs on the desktop and that the PC doesn't come with a built in cup holder like their car does.

Tom 13

Re: You shouldn't plan to have more than one

Yes you should. Back when HP was a real tech company I worked for a firm that had the good fortune to work with them on a product release. They had formulas for testing before release that predicted how many more bugs you would find based in a given testing period based on the number and severity of the bugs you found in the current iteration. So the first RC could go to release at some probability level, but you probably were going to go through more testing at the end of the cycle. If you didn't plan for those cycles you were a damn fool.

HP clampdown on 'unauthorised' server fixing to start in January

Tom 13

Re: I should say so!

Lower limbs? I suspect they haven't quite realized their aim is a bit higher than that, maybe even much higher.

On the bright side, since El Reg got a copy of the secret memo before the policy is officially announced, maybe someone will be able to point out their mistake to them before they pull the trigger on this one.

Tom 13

Re: server wasn't fit for purpose

In a proper judicial system that argument would get laughed out of court. To return to the over-used car example, when the manufacturer issues a recall, they can't claim the car was fit for purpose because you've been driving it to the point at which they issued the recall. Granted that means there is a fair amount of uncertainty on that point in US courts.

Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back

Tom 13

Re: So much for the vaunted

The thousand eyes protocol really does depend on the thousand eyes. First you sort out all the people who don't do math to begin with. Then you sort out the people who can't do basic algebra. Then you remove the ones who can't make it past geometry. Then trig, and calculus and probability and statistics and maybe some set theory.

What you are left with is a fairly small group of people. If they produce a proof which others accept as valid you wind up with an algorithm that programmers can implement without understanding. (For instance years ago I tried to get a handle on the microprocessor Two's Complement method of subtracting by adding. I could never quite do it. But with the process in hand I could replicate it whenever needed. I get that it works and somebody has done the proof, but I'll never understand it.) Now if the weakness is subtle and in the algorithm itself as opposed to a coding limitation, it probably won't get noticed.

Tom 13

Re: Bug? Or Sleeper Cell?

This is a trick question right?

Maybe because the fix is a one line change in the source code. After which it has to be compiled and distributed. Because if you're going to inject a segment of compiled code into the target system, that implies you've already got admin access to it. In which case there are probably far easier ways of getting the rest of the information you want.

Full disclosure: I haven't done any programming since I had that introductory PCI (PC/i?) class back in college. Before that I worked on TRS-80s. Unless you count some long but simple WordPerfect Macro stuff I did about 15 years ago, which I don't.

Tom 13

Re: improved privacy legislation, etc. etc.

Or you could just make the data holders explicitly and irrevocably responsible for all economic damages incurred if the data leaks.

Which back in Jack and Jane land (instead of James Bond world) would probably would have helped Target avoid their most recent breach.

Tom 13

Re: it's safe to assume that it's not a big problem

No, it's not. One of the spy agencies has as it's motto "The truth shall set you free." The truth is, if you understand the maths you will know whether or not there is an issue. If you don't you won't.

I happen to fall into the "you won't" category. Assuming most of the security guys outside the NSA aren't on an NSA black ops payroll, it sounds like it is borked. But I don't know that to the point I'd claim it as a known fact.

But you can't play psychological games with these guys. Because if they couldn't break the bit we're bitching about, and they could all the rest the best way to kill it all would be to convince people it was borked and they should stay away from it. And even if Snowden caught them off guard, they could be turning lemons into lemonade. Well, at least from their perspective.

Stay grounded in who you are and what you know. If you try to move into their territory you'll be lost in a maze of mirrors.

Tom 13

Re: open everyone's letters and photocopy them and store them

If you're going to use an analogy you need to use the right one. What they have admitted to gathering is the meta data. So the proper snail mail equivalent is "they scanned every destination and return address and put the information in a database along with a time stamp of when the letter was sent."

Frankly, in that context most people don't care. Same thing with the phone data. Most people don't care that someone knows when they call whom on their cell phones or land lines and when they do it. Maybe they should. But that's a difficult argument to win in an age where most people post their month long vacation plans on social networks and tweet it to the world.

Tom 13

Re: validated, but it doesn't work at all,

That's not what the article said. The software works and complies with FIPS 140-2 so long as you use a different pseudo-random number generator. Since the software came with others, it worked.

While I agree it should not have been certified with that bug, that doesn't mean the whole thing is broken.

Tom 13

Re: A Warning...

I don't think most companies use FIPS 140-2 because they think it is a good idea. I think they use it because the US government mandates it for certain purposes. That makes the point having the certification and nobody gives a rat's ass about whether it works or how well it works. You used the government mandated and certified process so you're off the hook.

Yes, this use to irritate me quite a bit. But in my dotage my jaded is getting even more jaded.

We don't need no STEENKIN' exploit brokers: Let's FLATTEN all bug bounties

Tom 13

Re: "companies would most likely rather employ full-time vulnerability researchers"

Money for salaries is typically treated as an either or thing. The comment implies they'd rather be investing the money in full time employees who than bounties because they presume the full time employee will produce more results.

The general idea might work, but I'm not sure the dollar figures will. I think unlimited liability for known bugs that aren't patched is a more logical route.

Tom 13

Re: The market can figure this out better than the government

It could mostly, if government didn't already have its fat fingers on the scales. The previous poster has the nut of a decent idea with his 5 year warranty requirement. The other part is to do away with the self-indemnification against these issues that software manufacturers operate under. Make them strictly liable for 3rd party damages if security breaches occur and there are no existing patches. If there is a patch and the user hasn't installed it, let them fight it out in court. In most instances that will still give an advantage to the big corp, but doing it otherwise would create a power imbalance that would destroy the big corps. Like it or not, we need them.

How much did NSA pay to put a backdoor in RSA crypto? Try $10m – report

Tom 13

Re: America in WW2

The US entered the war long before Pearl Harbor (note the correct spelling, as the name of a place it is not correct to add the British "u"). The lend lease program and other activities were all part of FDR's foreign policy which aimed to thwart Axis objectives. In fact, you can argue that it was those actions that caused the Japanese to attack Pearl when they did.

As to the terms of the agreements, consider it evening the accounts for the mercantilism we experienced when we were a colony.

Tom 13

Re: nothing like an isolated event.

The author may have chosen his specific words poorly, but his point stands. No country before or since has encapsulated in a single document as much liberty for its people as this document did. The French had at least 3 more tries after we created the template and still haven't gotten it right. You Brits improved a bit for a while, then fell into the mistakes of Marxism, which despite Maggie's tenure, persist and cripple your country to this day.

Yes, it builds on specific British events and law (most notably the Magna Carta). But it took them to their logical and natural law conclusions and developed a government that until Wilson and FDR largely kept government functions closest to their proper sphere of execution. That the US has since fallen to the same socialist forces as Britain does not negate that.

Tom 13

Re: @h4rm0ny

It wasn't just the perception but the pledge itself. As originally written there was to God which turns out to be an inherently anti-communist concept. As it was re-written it is a good model for any country to adopt. But then I expect a bunch of militant agnostics and atheists won't quite see why it works.

Tom 13

Re: unlike in the UK....

Who threw more Shermans at them than they had artillery shells?

Oh that's right, the US did.

Who pumped money into Old Blighty before the US entered the war to keep them going?

Oh, that's right the US did.

Who f*cked up while lying to his people and proclaiming he'd secured "peace in our time"?

Oh that's right another patriotic twit from the UK who hadn't a clue about what he was up against. The same sort of twit who was happy Mussolini had finally gotten the trains running on time in Italy.

Oh, and as the greatest Army general of all time noted: "You don't win wars by dying for your country. You win by making the other bastard die for his." That this also conveniently eliminated opposition for Stalin was probably only a fortunate coincidence. Not!

Italy's 'Google tax law' could fall foul of EU discrimination rules

Tom 13

Re: why are "dividends" a problem.

The only problem with dividends is that money grubbing thugs in government and their sycophant minions posting on El Reg tax them twice and still want more.

Tom 13

Re: the heavy burden of taxation is sustained by the middle class

The heavy burden of taxation is always sustained by the middle class. It's a pure function of economics. The poor don't have it to pay. The rich don't need to engage in whatever activity is taxed, or can pay lawyers to find loopholes.

Tax rates on businesses are irrelevant. Anybody with the smarts God gave to a dog can see that for a business, taxes are just another cost to be passed along to the consumer. If they can't be they go out of business and that hurts everyone. This crap about companies dodging taxes in nothing but greed and envy masquerading as caring about poor people. The worst kind of tyranny the world has ever seen.

TomTom GO 6000 satnav chews on smarties and tablets

Tom 13

Re: How Much????!!!

Same here. When I had my smartphone I was good with the freebie. I only picked up a satnav when I ditched the phone. My biggest gripe is that I still can't get the damn updates to load.

The fact of the matter is, 90%+ of the time I'm traveling on roads I know. I don't need something mapping for me during that time. If I'm headed somewhere I don't know the roads, chances are very high I have at least one other person with me who can act as navigator while I pay attention to traffic. Which makes it a real splurge to spend on a satnav.

Zuckerberg IN COURT: Judge rules Facebook investors CAN sue for IPO non-disclosures

Tom 13

Re: @ Don Jefe

Ah clueless progressive as usual. Stock holders don't get to bring insider trading allegations, that's the SEC. If you are stock holder this is EXACTLY the sort of suite you'd bring.

You're right about my residence not being a happy place. Too many idiots like you casting ballots and claiming knowledge they don't actually have. But I'll survive.

China's central bank hit by DDoS after Bitcoin blitz

Tom 13

...Bitcoin is eventually forced from the PRC...

But, but, but...

I was assured this couldn't possibly happen because Bitcoin didn't depend on any national banks or governments. It's The People's Currency!

Oi, bank manager. Only you've got my email address - where're these TROJANS coming from?

Tom 13

Re: Another possibility

For a single instance, that's usually the way to investigate. This is multiple instances and the primary or only commonality is the bank. Also, if it was the user's PC, the virus would have ALL the email addresses being used, not just the one from the bank. At the very least I'd expect the intrepid spammer to go for credit card info as well.

IT bods: Windows XP, we WON'T leave you. Migrate? Chuh! As if...

Tom 13

Re: unnecessary

They tried that once and got bitch slapped for it. So they stay away from it now.

Tom 13

Re: Keep one asset with XP...

That was exactly the scenario at one place where I worked. Even when the rest of the company was on XP SP3 there was one Windows 98 machine in the HR office that still connected to the network. It had the software on it that housed the database of employee badge data. For some reason the CIO was never able to prise the $5000 from the budget to upgrade the software to something that would run on XP. Finally it got virtualized because we'd scraped together too many "one last desperate attempt" to keep the damn thing running. It wouldn't surprise me if it's still running that way. Oh, and yes, after they spent the $5000 on the software they were probably going to have to spend another $20,000 to have an employee re-write some MS Access based code that fed the data into a company intranet page. Yes, getting RIFFed there was a huge blessing.

Tom 13

@ Erik4872: Minor correction

The tougher nuts to crack will be all the large companies running wierdo legacy applications that have no hope of working with IE 8 IE11 or the other new features modern Windows and Office versions offer.

MS is up to IE11 at this point and in theory will only be supporting 2 versions of the browser. I expect support for IE8 will soon be discontinued. We've just rolled out IE10 where I work despite pleas from developers to stay on IE8. So far compatibility mode seems to be fixing problem websites. Not that I'm overly fond of this particular kludge, but it is doing the job for now.

Tom 13

Re: IE6 (which was shit at the time, please remember)

That may be. But at the time it also looked very much like IE6 was the only browser that was going to be around. MS weren't upgrading, Netscape was dead and the first Mozilla open source release was worse than IE6. It was only after their code re-write that it started gaining traction. Like or hate Opera as a browser it still has a small installed user base, which makes it unsuitable for most of the apps companies were rolling on their own (or at least that's the perception of most coders).

Commercial wealth destruction may be a necessary evil, but it should never be hoped for.

Biting the hand that feeds IT © 1998–2018