* Posts by Tom 38

3255 posts • joined 21 Jul 2009

NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

Tom 38
Silver badge

Re: You have have a million Cyber (euughh) security professionals...

All these trusts had CTOs at the time. You don't need a million, but if the one you get to lead your technological efforts doesn't ensure simply things...

2
0

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Tom 38
Silver badge

Re: Just like to point out..

confirmation of your lack of knowledge of systemd, you have to pick up mistaken use of a word.

So one brain can contain either systemd knowledge or a grasp of the English language, but not both?

27
0
Tom 38
Silver badge

Re: Hang on, all y'all ...

HOWEVER, this is just a bug, people. All code has bugs.

Right, all code has bugs. However this bug is a direct consequence of putting kitchen sink + all in to init. This is the bug that most everyone who has written software and looked at systemd thought it would eventually, inevitably, get.

Is it wrong when someone is hoisted by their own petard, that we point out the crater of the explosion?

24
0
Tom 38
Silver badge

Re: If THIS isn't a reason to hate systemd...

When it comes to SW the trick is to make sure that you're not exposed to the risk of bugs unnecessarily. Design your SW so as to limit the impact of the inevitable bugs.

It's unclear whether you think that the language should have protected the developer from risks, or that the software should have been composed of more coherent, smaller, and less tightly coupled components.

2
0

Looking for an Ubuntu Unity close cousin? Elementary, my dear...

Tom 38
Silver badge

@Powernumpty

That's not even taking in to account the ridiculously slow speed of windows update downloads. I installed Windows 7 for a friend the other day, it took over 3 hours to format, install OS and install updates - a good hour of that was downloading 600MB of updates, and that's with gigabit fibre internet.

I suppose you don't get what you pay for...

13
1

123-reg resolves secure database access snafu

Tom 38
Silver badge
Trollface

Catches up with https everywhere memo

Took your esteemed organ quite a long time to catch up with that memo too.

6
1

Cloud may be the future, but it ain't all sunshine and rainbows

Tom 38
Silver badge
Angel

Re: Another excellent heads-up

Cloud is nice.

It allows you to not deal with most of the plumbing

In my experience, you still have to deal with the plumbing, except now you have bits which have metric connectors AND bits which have imperial connectors, and you have to hook it up to something that Heath Robinson* rejected for using pre-industrial age fittings.

* Rube Goldberg for those of a left-pondian

9
0

Google, Mozilla both say they sped up the web today. One by blocking ads. One with ads

Tom 38
Silver badge
Headmaster

Re: Hmm

I'd be surprised if overall battery consumption actually went down with compression.

Be surprised then. For starters, guess what? It's already using compression, just gzip compression - 15-40% is how much better brotli is compared to gzip at compressing.

Less radio usage results in less battery consumption, and these are very simple decompression algorithms. Radio on for 5 seconds vs radio on for 1 second and 0.1 second to decompress, which do you think is better for the battery?

Brotli in particular is designed to be at least as fast as gzip in decompression, as good at compressing as bzip2, but at the expense of not overly caring how slow compression is.

1
0

Stack Clash flaws blow local root holes in loads of top Linux programs

Tom 38
Silver badge

Re: Why am I not surprised to see sudo there?

"Why can't you just give the permissions you need to the relevant user? "

Because you should always run with the least possible permissions required to do the operation you're carrying out, not the maximum you may need across all operations you might perform.

And because "giving the permissions you need to the relevant user" is exactly what sudo does. How else would you suggest doing it?

I think you are arguing against yourself here - running with the least possible permissions is the opposite of what sudo does. Say you want to run a program to write a CD, and your user does not have access to the CD device. You could run the program with sudo, in which case it can access the DVD device, but also everything else.

Alternatively, you could create a group for CD access, change the group on the device and make it group writable, and add your user to the group. You can then run the program without sudo, and the only thing you can access is the CD device.

2
4

Samsung releases 49-inch desktop monitor with 32:9 aspect ratio

Tom 38
Silver badge

Re: Optional

Can you not have virtual monitors in windows yet? IE partitioning a single physical screen into multiple logical display screens.

0
1
Tom 38
Silver badge
Facepalm

Re: Completely impractical for developing

What do you prefer, huge black bars taking up two thirds of the screen, or pan and scan so that the top and bottom third are not visible?

3
0

Look who's joined the anti-encryption posse: Germany, come on down

Tom 38
Silver badge
Thumb Up

Re: BS

Any terrorist with even a modicum of competence

Well thats the thing isn't it. Read the trials of the people caught preparing an attack; these are not competent people. I remember one trial where they were using an single letter substitution cipher for "encryption"! Look at the aftermath of the ones they didn't catch; competent people.

Counter terrorism relies on that most people who are disposed to terrorism are not usually particularly sound. The rest is just security theatre.

Encryption backdoors won't stop competent terrorists, just the incompetent ones, and we're already stopping them.

14
0

Europe-wide BitTorrent indexer blockade looms after Pirate Bay blow

Tom 38
Silver badge

Re: Hi Andrew

If you don't stick it to the man, you end up being the man. No-one wants to be the man, everyone else will just stick it to you. And then you will be stuck.

3
0
Tom 38
Silver badge

That's different, purchasing from Amazon US when you are in the UK is not the same as purchasing from Amazon EU when you are in the EU

Why? There are no laws stopping Amazon US selling to EU customers, just like there are no laws stopping Amazon UK selling to EU customers. Amazon decide that they do not want to deal with EU customers on their US site; they might equally decide that they do not want to deal with NL customers on their UK site. They don't even have to be consistent about it!

3
0
Tom 38
Silver badge

Re: Anyone still using TPB?

Another option is to use a smaller ISP. In the UK, smaller ISPs are not subject to the blocking court orders that BT, Sky, TalkTalk, Virgin and [I'm sure there is a 5th, its a "big 5", but I just can't recall] are. I'm with Hyperoptic, no blocking.

3
0
Tom 38
Silver badge
Angel

Re: Don't shoot the messenger

TPB themselves deliberately and methodically categorize, index and filter records

Oh really, they do? How many staff do TPB have doing this do you think? Oh, they don't have staff? The categorisation and flagging is done by users of the platform? Oh my!

13
4

Labour says it will vote against DUP's proposed TV Licence reforms

Tom 38
Silver badge

Re: Minority Partner Policies

5p carrier bag tax was the best thing to come out of Government in 2010-2015. We all knew we should be reusing bags, but it took a tiny tax to make us change our ways.

1
0
Tom 38
Silver badge

Re: Speaking from NZ

It's not that hard, a 1 metre dish works fine in the south of France.

When its not raining, or the wind blows, then yes, you can pick up the UK beam in the closest neighbouring country to us. Shocker. Try in the south of Spain, or Croatia, or Greece. It's as geofenced as is possible with the technology available.

0
0
Tom 38
Silver badge

Re: Speaking from NZ

If they were really worried about viewing outside of the licensed regions they would shut down the broadcast of their transmissions via satellite.

As would Sky.

Sky and BBC already do, they transmit from Astra 28.2 2{E,F,G} using a narrow UK targeted beam precisely to achieve this. Every channel broadcast on Freeview is broadcast using the UK beam, which makes it much harder to pick up in Europe now - you need a big dish, and no bad weather.

0
0

Uber's Boston T party – and T is for taxi: City's cabbies sue app maker

Tom 38
Silver badge

Re: Yes, well

Not to defend Amazon or that, but they dont sell below cost which is really the case here. Amazon can sell cheaper because they dont have store fronts and everything is in one giant warehouse

Amazon sell all of their hardware and some ebooks below cost. Mainly popular ebooks, so that you choose a Kindle over another e-reader.

I'm totally fine with taking Uber rides at the moment. Their VC backers are subsidizing my fare, excellent. When they stop doing that, I'll go back to taking the night bus.

0
0

You're all too skeptical of super-duper self-driving cars, apparently

Tom 38
Silver badge

Re: 35,000 per year! Sounds like a full on war...

In my experience, drink driving is ridiculously tolerated in the US, whilst it has been almost eradicated in the UK. In Georgia, for instance, your first DUI has a 90 day license suspension - compare to the UK, minimum 1 year ban.

2
0
Tom 38
Silver badge

Re: Lesser of two evils?

Why not a 40 year old with over 20 years of driving experience? Presumably because the latter is a much better driver

Supposition much? How old do you think those wankers tailgating in BMWs are?

The biggest benefit to fully automated road transportation would be the higher throughput that would be achievable on the roads. This will be particularly noticeable in traffic jams or road works, where a lot of the slow down is due to driver uncertainty of what to do.

1
1

Don't touch that mail! London uni fears '0-day' used to cram network with ransomware

Tom 38
Silver badge
Meh

Wouldn't have happened in my day

My first uni (Warwick 98), in order to get access to your email, first you rebooted the Windows PC in the lab to a DOS terminal emulator, which then allowed you to log in to one of the servers and run pine.

This wasn't just CompSci students - everyone had to get email like this. Very weird seeing all these 'regular' people tapping away in consoles, and suddenly being slightly in demand as the guy who can get your email back working again by typing "pine" in the shell after they quit accidentally.

If only people today would reward me for fixing IT issues with alcohol and vague promises of sexual encounters. Actually, considering the people I work with now, I'd be OK with just the alcohol.

11
0

Atlassian wants you to put all your eggs in one Bitbucket and beyond

Tom 38
Silver badge

Re: Atlassian a mixed bag

Every morning I go to check the status of my reviews in Fisheye, and forget that before reloading the page I need to view, I have to open the Fisheye homepage so that it logs me in.

Unsurprisingly, they have an SSO system for logging in to their different sites, but for some reason Fisheye doesn't track what resource you were trying to access and just dumps you on the frontpage.

I have to fix bugs like that on my system, but apparently they don't...

JIRA is good, but some of the other stuff is very meh. I guess it is a rush to ensure that they can tick all the checkboxes as a suite, and that the shittier offerings will improve over time.

0
0

Australian border cops say they've cracked 'dark net' drug sales

Tom 38
Silver badge

Re: What's all this then?

Install Tor Browser

Follow links

0
0

Teen texted boyfriend to kill himself. It worked. Will the law change to deal with digital reality?

Tom 38
Silver badge

Re: it's a crime to let somebody die if you could have prevented their demise.

Even without a specific suicide law prohibiting it, this would fall squarely under Reckless Endangerment/Culpable Negligence: "conduct that is wrong and reckless or wanton, likely to produce death or grievous bodily harm to another person"

0
0

Cloud VMs without sane firewalls is nutty, right? Digital Ocean agrees

Tom 38
Silver badge

Like what? If we're running an remotely accessible service on a VM, its because something remote needs to access it. Remote as in "another device on this network", not as in "any internet accessible device".

Eg, on our web worker VMs there is just one remotely accessible service, sshd. On our DB servers, sshd and mysqld/postgres. Externally, the only ways to interact with our web cluster is via HTTP, first via Akamai and ELB, then to a trivial interface server, which turns requests in to messages that are then received by the web workers, processed in to responses and returned to the interface server, which returns them to the web client.

A malicious user could (theoretically) attack ELB or our interface server, but if they can cause a programming error in *our* code, it is extremely difficult to turn that in to an exploitable error, as there is no return channel connected to the malicious user.

0
0
Tom 38
Silver badge

With our EC2 routing rules, (almost) all our cloud servers aren't addressable from the internet, they get an internal private address and we have a VPN connecting in to them. Anything that the public need to get out is provided by ELB (Elastic Load Balancer) talking to our internal cloud servers.

I don't really get why anyone would do it differently than this.

0
0

'My PC needs to lose weight' says user with FAT filesystem

Tom 38
Silver badge

Re: IHTFP

Permanent marker on whiteboards: write over it with non permanent marker, rub both off with wiper.

2
0
Tom 38
Silver badge

Re: Windows 98

AAh, econet :)

Was fun the year we found that

a) you logged your device in to the network

b) your network ID was how that was identified

c) you could POKE a new network ID on to your machine

d) nothing checked or verified the new address as long as no conflicts

So, the game went like this. Person A goes to sysadmin to "check their quota". He logs in to his operator account. Person B distracts sysadmin. Person C checks network addresses, switches his network address to the operator, and grants larger quotas to A,B and C.

Was all fun and games until we realized we allocated 400MB space on a 80MB disk.Then we got BUSTED :/

6
0

Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide

Tom 38
Silver badge

Devil's advocate

How is this different to, say, AVG|Google|Yahoo|... Toolbar?

* Hijacks your browser? ✓

* Redirects search traffic to own servers to increase ad revenue? ✓

* Side-installed alongside a desired program? ✓

7
0

Tech industry thumps Trump's rump over decision to leave Paris climate agreement

Tom 38
Silver badge

Re: Not as bad as it appears

Irrelevant. The US never ratified the treaty. Trump is simply saying he never will.

So why did he pick, to the day, the first day that he could cancel it under the agreement?

4
0
Tom 38
Silver badge

Re: Not as bad as it appears

It looks like Trump pulled out in a half-hearted way to placate his base, but the timeline for pulling out that extends until the day after the next election seems to indicate his daughter was more successful in talking him out of it than Rush and his other cronies would have liked. If he was really pulling out of Paris, it would have been effective immediately, not 3 1/2 years from now.

Nice thing about agreements, people have to go along with what was agreed with, or people won't bother going along with the other things they've agreed on.

The Paris agreement, amongst other things, put in place a policy for people who want to leave the agreement. They cannot do it at all within the first three years of the agreement, and it takes a year from giving notice to leave before you have actually left. He has actually left at the earliest possible moment.

4
1

Crapness of WannaCrypt coding offers hope for ransomware victims

Tom 38
Silver badge

He's too new, you need 100+ posts* to use HTML, and he's got 4.

* Numbers pulled from nowhere

0
0

BT considers scrapping 'gold-plated' pensions in bid to plug £14bn deficit

Tom 38
Silver badge

Re: Much like my pension, which I'll likely never get.

The country as a whole needs to take pension funding more seriously, for starters they should NEVER be allowed to run in deficit.

It's not that simple though. The deficit of a pension fund is the difference between their assets and their potential exposure, but the potential exposure doesn't only depend on the number of subscribers, but also on the current annuity rates. During times of low growth, like now, interest rates are very low and consequently annuities cost significantly more than they would at other points in time. Put another way, the only thing keeping BT's fund in deficit is that interest rates are historically low.

So, do we need to fund our pension funds to be larger than their maximal potential exposure (like now)? Will everyone enrolled in that scheme retire during this low interest rate period, or will their annuities be bought when much cheaper?

Requiring all pension funds to never be in deficit would require that pension funds would have to be much much larger, in order to account for these low interest periods, whilst still providing the same benefits.

This inevitably means that pensions will cost more, but who should pay this? If it is the employee who is still working that is paying in extra to reduce the benefit, this is massively unfair. They are paying because the previous pool of employees, despite intentions, failed to put aside enough money to fund their desired pension benefits.

3
0

I'll take the sandtrooper in white: Meet the rebel scum making Star Wars armour sets for a living

Tom 38
Silver badge

Re: Skinnytroopers

Skinny by 1990's standards would to be fair probably have been considered practically morbidly obese in ...

Blahblah. 110lbs is less than 50kg, or 7st 12lb, BMI* of 15 or "very severely underweight". I know you only ate coal and lived in a shoebox in the 70s, and kids today don't know how good they got it, but no storm trooper was 110lb.

* Oh god, I mentioned BMI. Any chance of avoiding the 70 replies saying how BMI is meaningless and just wrong for you and agree that a BMI of 15 is inconceivably low for a storm trooper. I'm sure your BMI of 30 is all muscle and that you are very tall, you don't need to explain.

25
0

Wannacry: Everything you still need to know because there were so many unanswered Qs

Tom 38
Silver badge

Re: Great analysis - thanks

Because you are running custom software that's incredibly picky about OS versions[1] and patches? Because you don't have anyone that knows about WSUS or SCCM? Becuase your CxO doesn't give you any budget for anything other than getting their team the latest and greatest and certainly not for wasting time fiddling about with servers?

All of those are valid explanations why an individual techie working at an afflicted organization might not have applied the fix that would have prevented this.

None of them are valid explanations as to why an organization allows their technology to be so poorly maintained. None of them explain why CTOs across the country are not getting canned for failing to ensure business continuity.

I've no problem with people getting paid big money for CxO roles, but together with the money comes the responsibility; if you are the CTO of a hospital trust, and your policies on patching desktops led to surgeries getting cancelled, you should be cancelled.

0
1

After stiffing us with Trump, Weiner 'fesses to underage cock shot rot

Tom 38
Silver badge

Re: Guys - we've covered this before

Bet you also think the ladies don't fart or look at porn..

0
1

Wow, someone managed to make money on Fitbit stock – oh, 'fraudulently'

Tom 38
Silver badge
Meh

Re: Glad we're catching the top crooks

So if someone steal your four years old Honda, instead of a new Ferrari, it's worthless to jail and prosecute it?

Aha, so you've experienced London's finest too..

1
0

Samsung Galaxy S8+: Seriously. What were they thinking?

Tom 38
Silver badge

Don't get a OnePlus 3T!

Well, you can if you want, its just that they are currently discounting and selling off 3T stock in preparation for OnePlus 5 arriving soon, damn soon.

Having said that, you can almost buy two OnePlus 3Ts for the price of this Samsung, it's just pissing money away.

5
0

US judges say you can Google Google, but you can't google Google

Tom 38
Silver badge

Re: Really?

Hover hoovers suck though

1
0

Google DeepMind's use of 1.6m Brits' medical records to test app was 'legally inappropriate'

Tom 38
Silver badge

Re: Streams is showing real patient benefits.

"the company has no obligation whatsoever" - apart from the law, the contract they signed, etc etc..

So, this article is about them not following their contract. They were supposed to use the data to train and discard it. They are now running a service using that data.

Ignore whether it is a good or a bad thing; evidently they are not following their contract now so what happens in the future?

3
0
Tom 38
Silver badge
Trollface

Re: Streams is showing real patient benefits.

But what if it saves a CHILD'S LIFE?!

3
0

Comey was loathed by the left, reviled by the right – must have been doing something right

Tom 38
Silver badge

Re: infuriated those people who know a thing or six about encryption

If he had said "I accidentally found a kill switch but I will wait few weeks to provide details" we could accept this as part of responsible disclosure, and it would have given the rest of the world a week to plug the holes

So now we are expected to maintain responsible disclosure for malware now? What, in your mind, is the acceptable amount of time to wait before deciding that ivan@shadowbrokers just isn't going to respond and push out a fixed version of the malware before we disclose it?

Any semantic algorithmic flaw like this in malware should be discussed widely and openly, because either the code may be reused in other malware, or might be written from scratch with the same semantic flaw.

The only flaw that needs to be plugged is the one in Windows; MS released the patch in March, the vulnerability was disclosed in April, and now in May people who don't patch their systems are crying.

0
2

Japanese researchers spin up toilet paper gyroscopes for science

Tom 38
Silver badge

Re: This is hilarious

Boss: Why aren't you working yet? It's after 11!

Me: Well, I had a bacon and egg roll when I got in, but I'm still stuck trying to log in

It's like I stopped maturing at age 9

3
0

For now, GNU GPL is an enforceable contract, says US federal judge

Tom 38
Silver badge

Re: Double edge

The $150,000 per violation is actually _per work_. So it would have to be paid _once_.

Once for gs. Lets hope they didn't also build all those separate works of dvipdf, eps2eps, font2c, ghostscript, gsbj, gsdj, gsdj500, gslj, gslp, gsnd, lprsetup.sh, pdf2dsc, pdf2ps, pf2afm, pfbtopfa, pphs, printafm, ps2ascii, ps2epsi, ps2pdf, ps2pdf12, ps2pdf13, ps2pdf14, ps2pdfwr, ps2ps, ps2ps2 and wftopfa.

Isn't a software package with 20 programs in it the same as an album with 20 songs on it?

0
0

All that free music on YouTube is good for you, Google tells music biz

Tom 38
Silver badge
Joke

I think taxes on "the means of reproduction" are universally unpopular. Badda-boom-tish.

In the UK there used to be a tax on blank tapes for the same reason (thankfully gone), and the US has it for any CD-R that is explicitly marketed as being for audio (3% levy), but not for "data" ones, which is why there are no audio branded CD-Rs in the US.

1
0
Tom 38
Silver badge

I also don't think the UGC argument would work if you were making money off it.

The only people who don't make money off Youtube are those who originally produce the content. Everyone else makes out like bandits*.

*Just how do bandits make out though? Do they shave their stubble first?

5
1

10Mbps universal speeds? We'll give you 30Mbps, pleads Labour in leaked manifesto

Tom 38
Silver badge

@Mad Mike (the PS)

Well... Jeremy Corbyn promised to "democratise the internet" in his Digital Manifesto.

Technically the internet is already democratic - its where the demos (people) are.

It's worse if you take the original Greek meaning, as it means "people of a city state". Ho ho ho.

0
0
Tom 38
Silver badge

Re: Completely scrapping ADSL then

I'd also be surprised given how much money we currently bung at the railways to fund stagecoaches' sharholders - we couldn't provide the same service re-nationalising it at the same cost to the taxpayer.

Essentially, this is the main difference between voting Tory and voting Labour:

Tories believe that government is bad at running businesses because of inefficiency and bureaucracy, and that private enterprise, even if it has to be partly subsidised, will produce a higher quality of service at a cheaper price.

Labour believe that private enterprise is bad at running businesses because they are profit focused and exploit both their workers and their customers. They believe that any profits from these activities should go towards the exchequer and not private individuals, and that government funded investment will keep those businesses up to date.

If you look at Labour's (draft) manifesto, this is what they are proposing for almost everything. You can't mandate mobile coverage or broadband provision without directly controlling the enterprises that make that provision.

I don't think either are particularly right, but I remember how the trains, telecoms and power were when run by the government, not sure I'd like to go back to that.

1
1

Forums

Biting the hand that feeds IT © 1998–2017