* Posts by John Smith 19

11648 posts • joined 10 Jun 2009

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

John Smith 19
Gold badge
Unhappy

Does anyone but MS understand BITS?

I saw this thing running on a machine and thought "WTF is this taking up resources doing?"

TBH I get the feeling it's one of those ideas that is probably quite clever and deserves a wider audience, except no one else actually uses it.

0
0
John Smith 19
Gold badge
Unhappy

"how long it will take for the next toolkit to get written then released out into the wild."

Shouldn't that be "stolen" and then dumped in the wild, like an unwanted kitten (or perhaps given the potential threat level a baby Wolverine)?

It remains quite extraordinary, given the NSA's awareness of computer and communications security threats, how it was even possible to acquire a copy of these applications in the first place.

0
0
John Smith 19
Gold badge
Unhappy

Congratulations US readers. These really are your tax $ at work.

Admittedly mostly what they are at work doing is sending you spam, pwning your machines, slurping your data or just plain robbing you through online card fraud.

You must be so proud your country can field such top drawer malware writing talent on Civil Service salaries. For some it's still about more than money. It's about doing a solid job of work and a real sense of achievement.

Of creating a range of tools with which now almost anyone on the planet can screw up almost any PC on the planet.

Yey for that.

God bless America.

10
1

Canada says yes to net neutrality – and no to Trump advisor, eh?

John Smith 19
Gold badge
IT Angle

And for fans of internet history let us not forget Henry Spencer

Who was one of the few people who was actually archiving this stuff when people thought the thing to do with usenet postings was to delete them after a few months.

And in person a very nice guy.

1
0
John Smith 19
Gold badge

Canada has a number of pleasing features.

Pleasant scenery, much of which you've already seen if you've seen many US TV series.

US standards of living (in big cities)

European levels of crime.

An apparently higher "Social IQ" or to put it another way a lower proportion of Aholes.

And now it seems a sensible policy on net neutrality.

2
0

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

John Smith 19
Gold badge
Unhappy

"Pascal had the same problem, great for teaching but crap for actually implementing"

Not entirely.

Embedded system were quite viable provided you could find a variable size that mapped to bytes and map the whole address space as an array.

IIRC the big issues with ISO Pascal were that you had to pass the array size to procedures, so array size was set at compile time and you couldn't right array processing libraries easily. The other was you could not take and store the address of a procedure IE pointer to procedures.

Being able to set up a "jump table" in a high level language is a very efficient way to call such things (it's basically the key implementation feature of EMACS) and while a compiler might well you collapse your case statement or 10 level deep If/then structure into it eventually it was damm handy to be able to just set it up directly. IIRC TubrboPascal did not offer this till V5.

0
2
John Smith 19
Gold badge
Unhappy

"spend far too long debugging small problems that would have been flagged as compiler errors"

I'm guessing a lot of the time that would be a type mismatch.

Javascripts idea that the variables type is whatever the you want it to be that the function needs is very flexible, as long of course as what you think it should be matches what Javascript thinks it should be.

This smells like the PL1 implicit type conversion rules to me. Not a good smell at all.

I'd also suggest that for many people who've had to maintain it being "pearl like" is not an advantage either.

2
0
John Smith 19
Gold badge
Unhappy

Biggest problem is the name.

File I/O in Javascript?

Spent a while trying to dig that out.

Handy hint. Real programming languages for actual applications involve

File reading and writing.

Printing (I know "printing is dead" yet printers, printer cartridges and paper still seem to sell well).

If these (apparently) simple tasks are buried deep in the manual my BS detector is going to start pinging like a Geiger counter around an anti-Putin journalist.

9
3

FCC greenlights small cell free-for-all in the US

John Smith 19
Gold badge
Unhappy

I think that's a poor selection of pronoun

""Current and next-generation wireless broadband have the potential to bring enormous benefits to the US,"

Should read.

"Current and next-generation wireless broadband have the potential to bring enormous benefits to me,"

Just another little contribution to 'Ol Sweet Pai's future resume.

BTW this is like the David Cameron "Opt out" if you don't want to be filtered by your ISP BS in the UK.

1
0

US surveillance court declined less than 2 per cent of applications

John Smith 19
Gold badge
Gimp

"of a facility to be subjected to electronics surveillance "

Now if that "facility" is IDK, the main offices of an ISP or a backbone hub site...

No I don't think that means only 1752 people were being spied on.

By a very wide margin.

0
0
John Smith 19
Gold badge
Gimp

1752 warrants == 1752 people ??

Are we really sure about that?

Or is that 1752 ISPs?

3
0
John Smith 19
Gold badge
Gimp

"It required a crisis so that it could be enacted without examination or debate,"

Indeed.

It's more like like a trojan than a piece of legislation, infecting and mutating multiple other pieces of legislation and twisting them to help it.

This is indeed a data fetishests wet dream.

1
1
John Smith 19
Gold badge
Gimp

"702 of FISA,..critics have alleged..unconstitutionally target the communications of US nationals,"

Because it has?

"Sorry we can't filter out US nationals, we've hoovered up too much stuff to do that."

OTOH

"We can run a query on all the stuff we have hoovered up to which includes if they are US nationals"

"No we can't provide a count of how many of those entries exist in the database. It's too complicated."

9/11 was 17 years ago. It's time the hysteria it engendered is put to rest, along with Sect 702.

2
0

Can you make a warzone delivery drone? UK.gov wants to give you cash

John Smith 19
Gold badge
Coat

This looks like a job for the MiS

Men in Sheds.

Aren't they who made Britain great?

0
0
John Smith 19
Gold badge

US SBIR has been active for decades. UK SBIR started in 2009.

Hence I doubted many El Reg readers even knew it existed.

Looking at the details a bit more (SBIR's are not just MoD) the base line is 5Kg in a 1m cube at 8kph to a 3Km radius with up to 30km range on one tank of fuel.

What they'd really like is 50Kg up to a "NATO cubic pallet load" size (whatever that is) at >30kmh or the speed of a "quad bike and JSP800 trailer" over this terrain if you're providing a land vehicle. Airborne is to 15Kfeet and 20m/s winds. GPS will not be spoofed but cannot be relied upon but soldiers can be carrying beacons. Full details here

For some reason I keep thinking of this fellow obviously without the crew.

1
0
John Smith 19
Gold badge
Pint

I did not realize HMG had a "Small Business Research Initiative programme

But it does. Details here

May be of interest to El Reg readers looking to raise a few zlottys for some neat idea they've been percolating in their heads for a while.

Or at least a few beer tokens played properly.

1
0
John Smith 19
Gold badge
Unhappy

I smell a grooming excercise.

1)Several companies do accept the challenge

2)Company wins challenge.

3)Company gets bought by BAe

4)BAe get follow on contract and X years late deliver the same capacity device at 10 000% more expensive.

5)Retired civil servant gets nice little executive directorship with BAe.

4
0

FYI – There's a legal storm brewing in Cali that threatens to destroy online free speech

John Smith 19
Gold badge
Gimp

This ruling is likened to our FISA Court..I hope it never expands to anyhthing but espionage."

Most of us wished it had never even got that far.

1
0
John Smith 19
Gold badge
Unhappy

"Proper notification of court proceedings is central to our concept of adverse legal process"

As it should be in any country that wants to be thought to have a (reasonably) honest legal system.*

*UK "Super Injunctions" where the defendants did not realize it was happening and had no right to tell their side of the case (often that they had proof the lying scumbag was in fact a lying scumbag).

12
0

Hard-pressed Juicero boss defends $400 IoT juicer after squeezing $120m from investors

John Smith 19
Gold badge
Unhappy

Maybe they'd done better calling it "Juicy McJuiceMaster?"

On second thoughts.

Better name, still s**t product

3
0
John Smith 19
Gold badge
Unhappy

All the cost of a juicer at considerably more of the price (HP printer business model)

with added IoT goodness.

F**k right off.

27
0

Trump's self-imposed cybersecurity deadline is up: What we got?

John Smith 19
Gold badge
Coat

I see you "I am not a crook".

And raise you "There is no White wash in the White House."

"Point Break," what a movie.

0
0
John Smith 19
Gold badge
Coat

"2). Calls an election in the hope that it will distract attention from #1"

Hmm.

Whoever can you be thinking of?

That sounds more like Teresa May (or then again, she may not, as she said she wouldn't, about 11 times)

3
1
John Smith 19
Gold badge
FAIL

It's when things don't go there way when you find out how good a team is.

Good team.

1)Has a plan in case things go wrong (may be sketchy but at least an idea of the first thing to do next)

2)Starts to collect information.

3)Works out what is possible and how to do it.

4)Does it.

Bad team

1)Runs round like headless f**king chicken.

2)There is no 2.

If the D never really expected to win he has a team that's likely mostly window dressing and in way way over their heads.

And is it my imagination or does Steve Bannon think he's channeling Henry Kissinger (without the prodigious academic and intellectual skills)?

Might be time to see if that Doomsday Clock has crept a bit closer to Midnight.

9
0
John Smith 19
Gold badge
Thumb Up

"We call him Pres Snowflake because he can't take a single word of criticism..without a meltdown"

I wondered about that. Melting like a snowflake.

Makes perfect sense now.

3
0

Accept for a second that robot surgeons exist. Who will check they're up to the job – and how?

John Smith 19
Gold badge
Unhappy

"Difficulty factor: said appendix has burst. "

True.

Actually an obvious problem for this is that a very small percentage of people have their organs reversed in the body cavity.

Now should a robot be programmed to spot this or should it just not be allowed to operate on such patients (assuming they can be detected before surgery)?

A full blown autonomous surgical robot will probably need

Real time vision

Task adaptation (what happens when when there are deviations from task description in database EG scalpel blade snaps. Unexpected high level of bleeding, suggesting unexpected or unplanned cuts to patient)

Route planning to get from incision/body orifice to work site.

Along with a high degree of dexterity, preferably with standard surgical instruments.

0
0
John Smith 19
Gold badge
Unhappy

Surgeons are probably the last true bastion of hard core Trade Unions.

Although I've often wondered if top class Snooker players have as good eye/hand coordination.

I have rarely seen a field where so much potential good has spent so long in coming to being actually useful. It's "hands" can be made smaller and its motions faster. Best of all making more surgeons is a production engineering problem, not a decades long educational one.

As regard to how "good" a robot surgeon is let's try for the basics.

1) Narrow range of very common procedures. The kind surgeons don't want to be stuck doing.

2)With as good a survival rate (for the given class of patient) as a good surgeon.

3) Ideally operating at least as fast as a good surgeon, but 2 is more important.

4)Able to perform as many procedures as a good surgeon in the same time frame (week, month, year). So no ground-up rebuilds after one.

5)Cheaper to purchase and support than a first rate surgeon on a yearly basis. Around £70K pa for a General Surgeon (the kind you'd prefer not to have operating on you if it's in any way specialised) in the NHS.

0
0

Tesla hit by class action sueball over autopilot software updates

John Smith 19
Gold badge
Unhappy

"the nut behind the wheel - that's what we need to get rid of..."

Unfortunately that would often be the person who bought the car.

Basically any box with 4 wheels can do the job.

It's the "Brand" and "Driver experience" that people put large amounts of money down for.

That's said I have no trouble believing that for a lot of routine driving a machine can do it better.

The problem of course is what happens when things stop being routine.

1
0
John Smith 19
Gold badge
WTF?

That's a big class action.

Have Tesla really been this bad? It seems hard to believe some would have a bad update experience and everyone else is OK, or are they just keeping quiet, hoping it will get better?

Hmm.

"just keeping quiet, hoping it will get better." Somehow this does not really sound like the American customer (especially the US high end car buyer) response to deficient performance.

3
0

'We should have done better' – the feeble words of a CEO caught using real hospital IT in infosec product demos

John Smith 19
Gold badge
WTF?

" what Tanium calls a demo environment was actually a hospital's network. "

Given the joy Sales types take in putting their software through extreme functions I'm staggered none of them did "And here's how if necessary you can delete the whole database and all supporting files in one go. It's pretty cool."

I've worked development on systems which had a test environment and ones which didn't, so you had to update the live system.

Those ones always had a significantly larger pucker factor.

1
0
John Smith 19
Gold badge
WTF?

So company sales staff have live logins to their clients.

and their business is endpoint security.

Does anyone (from the company) get why this is wrong, and on how many levels?

11
1

Web celeb product whores told to put on the red light – or else

John Smith 19
Gold badge
Coat

The answer to "But they must really like the product is"

"No dear, they don't mind the product but they really like the money the advertising agency hands them to say they do."

Parents. It's never too early to start teaching your children about logic.

13
0

Flaws found in Linksys routers that could be used to create a botnet

John Smith 19
Gold badge
Unhappy

"unless the password is by default the serial number of the kit."

This is very difficult to do.

Unless of course you have that as part of your MRP system and a setup script to take that and set it up on the router.

In which case it's quite simple.

0
0
John Smith 19
Gold badge
WTF?

"Security is a high priority"

As long as it doesn't cost us any money of course.

I wonder, when they find these security holes do they keep them on file so they can run a regression test against the next version of the SW to make sure it does not have them?

Stupid question, of course they should.

But do they?

3
0

We're spying on you for your own protection, says NSA, FBI

John Smith 19
Gold badge
Gimp

A classic civil service paper

8 pages of boring honesty they stuff the self serving illegal BS in the back.

And oh yes "We're so busy hoovering up every bodies information we can't check who are US citizens. And since we now have them anyway we can run a query on that data, but it's not like it's a real search, that needs a Warrant, oh no."

Here's a notion.

Run a query to find all US citizens in the database.

Delete their records from the data

Do a full backup of the DB excluding all deleted records.

Delete all previous backups.

Restore from the last backup.IE this one.

So all US citizen records have been deleted from the DB and it should run much faster as well.

I think we could tell wheather or not they would be prepared to do that (and be watched while they did it by competent observers) who they really want to spy on.

3
0

Ambient light sensors can steal data, says security researcher

John Smith 19
Gold badge
Unhappy

OK so the browser reads ambient light leve to adjust screen brightness and font size

Or should that be the web sites responsibility?

Or both?

Is the browser just a "dumb window" on your phone/tab/PC/laptop or is it more active?

That said WTF needs to take ambient light readings at more than 1Hz?

0
0

Trump's lips sealed on surveillance, complains EU privacy chief

John Smith 19
Gold badge

A mad idea.

Why don't the Europeans, y'know, call the US?

1
2

Mastercard launches card that replaces PIN with fingerprint sensor

John Smith 19
Gold badge
Unhappy

Won't matter because it seems the Americans don't use C&P now

Why would they use fingerprints either?

Fingerprints sound like a good techno fix until you look closer.

But the real issue is US merchants who can't, or won't use C&P and only accept on 30YO mag strip technology.

1
0

Fixing your oven can cook your computer

John Smith 19
Gold badge
Boffin

Appliances using lots of gas, water or air --> fluidics?

Implementing hard wired fluid logic modules?

Just a thought.

1
0
John Smith 19
Gold badge
Coat

Driers that don't catch fire

Adds a whole new meaning to "Hotpoint" does it not?

5
0

Silicon Valley tech CEO admits beating software engineer wife, offered just 13 days in the clink

John Smith 19
Gold badge
Unhappy

"leave the punishment to the judiciary"

Actually the article said the actual Judge in the case was not even in the courtroom.

It was felt it could be done by their stand in, who clearly felt it needed an actual Judge to look at this.

It's pretty clear he's got a pretty good lawyer and a frankly nasty attitude to women.

Anyone else thinking he'd make a great Uber employee?

3
1

UK.gov survey shines light on cybersecurity threats to businesses

John Smith 19
Gold badge
Unhappy

so they could have been stopped without ever getting started.

Kind of a sad comment on the SoA in 2017.

0
0

New satellites could cause catastrophic space junk collisions

John Smith 19
Gold badge
Unhappy

The real problem is the thousands (millions?) of pieces of space junk we can't see

Small but high relative speeds ready to hit still working stuff in orbit.

What's needed for this is something very low cost operating over a wide area.

My instinct is to find some way to charge these so they feel drag from the Earth's magnetic field and spiral down and reenter.

1
0
John Smith 19
Gold badge
Unhappy

"Um, Holgers are usually boys. But, yeah, great name."

And it turns out he is as well

Oops.

0
0

Guess who's back at Microsoft? Excel, Word creator Charles Simonyi

John Smith 19
Gold badge
Coat

For some reason whenever I hear the phrase "Hungarian notation" I think of

this

4
0
John Smith 19
Gold badge
Joke

"I am excited, stoked, amped, and elated to join forces again with Microsoft,"

Holy s**t. I haven't seen someone that excited since Mother popped 3 E's

4
1

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

John Smith 19
Gold badge
Unhappy

The difference between a hardware company and a software company.

Sun supplied Solaris as their hardware needed to run an OS.

Oracle need hardware to run on but expect to charge you for whatever software (inc their OS) you run.

BTW how is the "No support below Solaris 11" different from the "No support below Windows 10" of Microsoft?

3
1

Microsoft and Rambus will get schwifty in quantum-cum-cryogenic computation collab

John Smith 19
Gold badge
WTF?

supercomputers <> superconductive.

4K is the level of NiobiumTin alloys. Low level work has gone on low temp SC systems for decades at SSI levels for specialist systems.

Those readers who operate around big data centres know plumbing large amounts of chilled air through a server farm is non trivial.

Anyone who thinks it will be easier and less hassle to do with liquid cooling should look at IBM 3090 (water cooled) or the Cray 1s (CFC cooled).

But these guys seem to be talking Liquid Helium or (best case) Nitrogen.

Saving energy by radically increasing the amount of energy you have to remove from the coolant before use? Is anyone else getting a serious bovine whiff coming off this "con-cept"

1
0

Forums

Biting the hand that feeds IT © 1998–2017