* Posts by Richard Pennington 1

169 posts • joined 17 Jun 2009


NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off

Richard Pennington 1

... thus achieving ...

... the ultimate Write-Only Memory.

Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Richard Pennington 1

Whatever happened to code review?

I'm retired now, but in my day (and in my security-critical environment) all critical code was peer-reviewed.

From Soviet to science fiction icon, the weird life of Isaac Asimov 100 years on

Richard Pennington 1

Another Asimov record? One for the librarians...

I heard it said, a few years ago, that Isaac Asimov was the only writer to have been published in all 10 major categories of the Dewey Decimal System.

Is he still unique in that respect?

Not just adhesive, but alcohol-resistant adhesive: Well done, Apple. Airpods Pro repairability is a zero

Richard Pennington 1

Landfill? No!!

Surely they would count as electrical/electronic waste and would come under WEEE Directive rules (at least until Brexit...).

From MySpace to MyFreeDiskSpace: 12 years of music – 50m songs – blackholed amid mystery server move

Richard Pennington 1

The Day the Music Died

Some date in 2015, I guess.

Ever feel like all your prayers go unheard? The Catholic Church has an app for that

Richard Pennington 1

Does anyone remember Bruce Almighty?

Didn't Jim Carrey run into a problem with this app in "Bruce Almighty"?

Clone your own Prince Phil, says eBay seller hawking debris left over from royal car crash

Richard Pennington 1

I hear that the road in question just made the top of the queue for a reduction in speed limit

So the A149 road just outside the Sandringham estate in Norfolk could be the first road in the country to have a speed limit by royal appointment.

Florida man stumbles on biggest prime number after working plucky i5 CPU for 12 days straight

Richard Pennington 1

Re: Fermat primes

The proof that the exponent of a Fermat prime is a power of 2 is (almost) a one-liner.

If k has an odd factor m (say k = m*n, where m≥3 is odd) then (by an algebraic factorisation) it is trivial to show that 2^n+1 divides 2^k+1 = 2^(m*n)+1 [e.g. 2^2+1 divides 2^10+1]. So if 2^j+1 is prime, then j has no odd factors ≥3, hence j is a power of 2.

This just in: What? No, I can't believe it. The 2018 MacBook Air still a huge pain to have repaired

Richard Pennington 1

I like my HDs replaceable

Aside from various Windows machines, I run a 2007 iMac and a 2010 MacBook. The iMac is now on its third hard drive (HD failures in 2010 and 2015, each replaced with a larger disk), and the MacBook on its second (HD failure in 2018, replaced with a larger disk). For all three HD replacements, I was able to switch the disks myself (which would not be the case with a soldered-in HD). Also, Time Machine was my friend on all three occasions.

For me, reliability is much more important than weight or thinness.

Both machines are now up for replacement as they have outlived the upgradeability of their operating systems. I hope their replacements run as well and as long.

That scary old system with 'do not touch' on it? Your boss very much wants you to touch it. Now what do you do?

Richard Pennington 1

Years ago ...

Back in the late 1980s, I used to work in Cambridge for a company which no longer exists. We had acquired - I for get how or why - an old UNIX box which took up most of a room and could only be housed on the ground floor because of the limitations on floor loading. We then had word from Head Office in Shepton Mallet that they wanted it moved there; again, I don't know why.

I did suggest dropping it off in Salisbury Plain in case anybody there needed a new henge.

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Richard Pennington 1

Face recognition has another problem - or two.

When I was a graduate student in the 1980s, my university department had a display of full-face photographs of its staff members, down to and including the cat which frequently visited the place. This means that anyone who wanted to spoof a face-recognition program (which were of course unknown at the time) could simply take a picture of the photo display and extract any desired picture for use in a fake ID.

Also, there was another staff member - I shall call him Richard S - whose photo was very similar to mine (start with a beard and glasses). Just right to confuse a face-recognition system. In real life no-one could possibly confuse us, as I was 20 years younger and more than a foot (30+ cm) taller than him.

Devon County Council techies: WE KNOW IT WASN'T YOU!

Richard Pennington 1

If the Head of Education puts out a letter like that ...

... then perhaps the teachers in every school in Devon should set it as an exercise for the kids to correct.

Size does matter, chaps: Oversized todgers an evolutionary handicap

Richard Pennington 1

Re: Cock size

Unintentionally appropriate Freudian comment from El Reg:

"Click here to disable post shrinking".

Sysadmin sank IBM mainframe by going one VM too deep

Richard Pennington 1

Re: Yep been there done that

That one reminds me of a story dating back to 1971. When the UK introduced decimal currency, it didn't take long for a small child to discover that a 1p piece fits neatly into a UK 3-pin electrical mains plug, touching all three conductors.

Boss helped sysadmin take down horrible client with swift kick to the nether regions

Richard Pennington 1

Re: Magical policing

That quote was from Tom Lehrer (actually in a Spiel about Dr. Samuel Gall, inventor of the gall-bladder).

Microsoft to pay new bounties for identity services holes

Richard Pennington 1

If I find a bug...

If I find a bug in your ID system, how do you know I am a security researcher? Or merely a hacker impersonating a security researcher?

Tech team trapped in data centre as hypoxic gas flooded in. Again

Richard Pennington 1

Climate control, 1980s style

No fire here (sorry), but at my first place of IT employment (mid 80s) they had a machine room with controls for temperature and humidity.

Rumour had it that by proper (by which I mean "highly improper") adjustment of controls (humidity right up, temperature right down...), it was possible to get it to snow in the machine room.

Sad Nav: How a cheap GPS spoofer gizmo can tell drivers to get lost

Richard Pennington 1

I don't use SatNavs ...

I am from a generation which learned how to use (and memorise) maps. I do not use (or possess) a SatNav. That said ...

I live near Farnborough, and it is now Airshow season. The local council has reconfigured the local roads and put up signs "TURN SATNAV OFF", because the roads don't go where (or in the direction) SatNavs think they do.

In a past life, I was on a project in the Netherlands, and we regularly used to take a taxi from our hotel to the project office. Once the taxi driver took a wrong turn, and his SatNav insisted that he correct the mistake ... by turning right into the local canal.

For the same employer, but a different location, I had occasion to take a taxi from central Paris to a factory in one of the less salubrious arrondissements. The factory address did not appear on the taxi SatNav, so I had to instruct the driver to go to another address nearby in the same street, and then follow my verbal directions to the factory.

IBM fired me because I'm not a millennial, says axed cloud sales star in age discrim court row

Richard Pennington 1

Not just IBM, and not just USA

In my experience (UK), practically every large IT firm does much the same. They would rather employ a known criminal or a stoner than anyone over 50.

My PC is on fire! Can you back it up really, really fast?

Richard Pennington 1

Not strictly IT, but ...

Years ago, as a graduate student, I was "volunteered" to man the slide projector at an international conference on the evolution of stars (largely owing to the fact that my PhD supervisor was one of the conference organisers).

Midway through one of the presentations, the slide projector decided to catch fire. I managed to eject all the slides (thereby saving the slide set) just before pulling the plug from the wall.

The session MC did make a comment that I was upstaging the speaker!

El Reg deep dive: Everything you need to know about UK.gov's pr0n block

Richard Pennington 1

Looking for a song ...

I was once asked by my father to look up an old Gracie Fields song called "Only a Glass of Champagne". It turns out that it was written by Noel Gay. Now figure out the Google search terms and what happened next...

UK.gov cooks up code of conduct to enforce a smidge of security on Internet of S**t kit

Richard Pennington 1

Proper labelling would help ...

... As in a label to be prominently displayed on the packaging of any product without suitable security measures.

The text of the label should read simply "IDIoT".

As in Insecurely Designed Internet of Things.

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Richard Pennington 1
Black Helicopters

Now if someone were to try this exploit, say...

... on emails sent or received by a candidate for President of the United States, there might be a story ...

Sole Equifax security worker at fault for failed patch, says former CEO

Richard Pennington 1

Next question

OK, how do I go about cutting all links with any company who sends my data to Equifax?

A storage giant wants to give you 46,763...

Richard Pennington 1

They are a storage company.

The price list is just drumming up demand for their gigastorage products.

Revealed: Scammers plaster Google Maps with pins to lure punters from honest traders

Richard Pennington 1

The Emperor's Clothes icon

There is an Emperor's Clothes icon. You just can't see it.

I'll get my (invisible) coat.

The biggest British Airways IT meltdown WTF: 200 systems in the critical path?

Richard Pennington 1

Fun and games at the Infosec exhibition

I had some fun at the Infosec exhibition at Olympia this week by going round the stalls, picking out those pushing their pet solutions for "Total Security" and/or "Incident Response" and grillling them about how their pet systems would have protected the system in a BA-type scenario (power outage causing failure of a single server, failed backup, and legacy systems of all ages dating back to the Wright brothers), had such a system been installed.

Not one vendor produced even a plausible reply.

Going to Mars may give you cancer, warns doc

Richard Pennington 1

I haven't seen the clinical trial results yet ...

... and it may take a while to get enough subjects together to get a statistically significant result.

User loses half of a CD-ROM in his boss's PC

Richard Pennington 1

It could have been ...

... a game of two halves.


Greater Manchester cops fined after victim interview vids lost in post

Richard Pennington 1

And the compensation for the victims was ...


Wi-Fi sex toy with built-in camera fails penetration test

Richard Pennington 1

Re: Isotopes

Carbon-18 and Carbon-16? Only if you've REALLY gone nuclear. Natural decay of Carbon-14 to Nitrogen-14 (or Potassium-40 to Argon-40 or Calcium-40) is more plausible.

AWS's S3 outage was so bad Amazon couldn't get into its own dashboard to warn the world

Richard Pennington 1

Your first lesson on Single Points of Failure.

If you must insist on loading up your life with Insecurely Designed Internet of Things (IDIoT) devices, don't be surprised when a single failure in the Cloud wipes out your entire existence.

BOFH: Don't back up in anger

Richard Pennington 1

As I remember it...

ISO 9000 and its brethren are not intended to prevent the next disaster. They will, however, ensure (if consistently followed) that the next disaster is fully and properly documented.

Top tech company's IP was looted by China, so it plans to hack back

Richard Pennington 1

Free reign

Yes, but the article's author also thought the PM was the head of state. In this country the head of state is Her Majesty. So ... free reign.

IBM pays up after 'clearly failing' DDoS protection for Australia's #censusfail

Richard Pennington 1

I was involved in the 2011 UK census

I was involved in the 2011 UK census, which also had (in the UK, for the first time) a facility for the public to complete the forms online.

I do not intend to detail our solution, save that one of our assumptions was that everyone and his/her dog (all over the UK) would attempt to use the system as soon as it went live - thus creating a usage profile *from legitimate users* which closely resembles a DDoS. We therefore had a very heavyweight Internet-facing gateway which filtered out the Internet's usual cybercrud, and which had behind it a traffic management system which, if threatened by overload, would show a "graceful delay" screen along the lines of "Sorry, we're busy right now - please try later".

We also had a plan (to be performed in the event of loss of functionality in our control centre) to move operations to a secondary centre in another part of the country. One of our test exercises, before the system went live, was to perform exactly this transfer of operations.

Sadly, after the 2011 UK census went live, the team was scattered. However, those planning similar exercises in future might do well to recruit the *individual* members of that team. We've been there and done that - and our system worked.

Trial date set for Brit police 'copter coppers over spying-on-doggers claims

Richard Pennington 1
Black Helicopters

Nothing to see here ...

... that the local drone enthusiasts haven't already put on YouTube.

Hackers electrocute selves in quest to turn secure doors inside out

Richard Pennington 1

Wouldn't it be easier to use the device to melt its way through the window?

VMware CEO Pat Gelsinger quashes departure rumours

Richard Pennington 1

Since it's VMware ...

shouldn't they just swap him out for a virtual instance?

Wasps force two passenger jets into emergency landings

Richard Pennington 1

If a wasp stopped a plane in the USA...

... would they send in a SWAT team?

Checking my coat for unwanted insects.

Must listen: We've found the real Bastard Operator From Hell

Richard Pennington 1

Florence Foster Jenkins

There's a new film out (this month) about this diva ... probably the worst singer ever to grace Carnegie Hall.

There are nine surviving recordings of her in action. Any one of them would finish off most callers.

Miss Brittany dethroned for posting 'nude' Facebook pics

Richard Pennington 1

Queen for a day

... pendant une Journée?

BOFH: I'm not doing this for the benefit of your health, you know

Richard Pennington 1

One of my previous employers sent round a H&S person to check that desks and chairs were the correct height, and to supply footstools for my more vertically-challenged colleagues.

I am well over 6 feet tall. I was just waiting for them to recommend digging a hole in the floor...

Poison résumé attack gives ransomware a gig on the desktop

Richard Pennington 1

No, pushing the power button is a job for the second coffee of the morning.

Cops turn Download Festival into an ORWELLIAN SPY PARADISE

Richard Pennington 1

Re: Supplies for Download festival !!!!

Corpse paint. Especially relevant for RIP visitors.

Snowden scandal latest: NSA, GCHQ lingo-spies replaced by unstoppable RHINEHART robots

Richard Pennington 1

Do GCHQ / NSA have a program to decipher amanfromMars?

There it is! Philae comet lander found in existing Rosetta PICS

Richard Pennington 1

First landing on a comet?

Shouldn't ESA be claiming the credit for the second and third comet landings as well as the first?

Galileo! Galileo. Galileo! Galileo frigged-LEO: Easy come, easy go. Little high, little low

Richard Pennington 1

Moon flybys?

Can anyone tell me how they might do a Moon flyby from an altitude of 26200 km?

Think Google Glass is creepy? Wait until it READS YOUR MIND

Richard Pennington 1

The other worry ...

... is when it reads your mind and finds nothing there.

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

Richard Pennington 1

Years and years ago (early 1990s), I was on a project which did static analysis on a safety-critical system. By static analysis, I mean automated code verification using a tool which checked for all sorts of consistency issues (but it could not deal with anything which involved concurrency, e.g. shared memory).

It would easily have picked up both the OpenSSL bug and the recent Apple GotoFail.

The technology exists, and has existed for a while now (the tool was written in Algol and was old even when I was using it). But it is slow and expensive to use (the tool's users need to be experts).

You get what you pay for.

Money? What money? Lawyer for accused Silk Road boss claims you can't launder Bitcoin

Richard Pennington 1

What's the point?

Given that Bitcoins are untraceable by design, what is the point of laundering them?



Biting the hand that feeds IT © 1998–2020