* Posts by Mike 137

144 posts • joined 10 Sep 2009

Page:

Birds are pecking apart Australia's national broadband network

Mike 137

Shame on you El Reg

clickbait title -boring report

0
0

Canucks have beef with Soylent as to whether or not it's a real meal deal

Mike 137

Re: Mystifying...

See "The Machine Stops" - E. M. Forster 1909/1928

1
0

UK's NHS to pilot 'Airbnb'-style care service in homeowners' spare rooms

Mike 137

Re: Something needs to be done

A well-established principle - see Logan's Run

0
0

Forget One Windows, Microsoft says it's time to modernize your apps

Mike 137

One UI to rule them all;

One UI to blind them.

One UI to thwart them all

And to the blue screen bind them.

3
0

Mozilla extends, and ends, Firefox support for Windows XP and Vista

Mike 137

Nice to see...

Nice to see from the above comments that not everyone still subscribes to the "must be supported" - i.e. "we must be allowed to continuously tamper with your computer to apply often broken fixes to our crap code" bullshit.

How about us insisting the vendors get it right before release?

And BTW, how about vendors (including Mozilla) recognising that business users need long term stable systems?

2
0

The power JavaScript: 'Gandalf of JS' Wirfs-Brock on ECMAscript 2017

Mike 137

"JavaScript has become the interface to the web..."

And incidentally the primary vector for client side breaches (regardless of the 'sophisticated' details of what happens after the initial compromise via JavaScript).

It's fundamentally contrary to basic security principles (and common sense) to download masses of untrustable and unverifiable code onto the client and execute it silently and automatically. It's even more fundamentally stupid to use this technique to accomplish things that can be perfectly well, efficiently and safely be performed using good old HTML (e.g. the increasingly common idiocy of using JavaScript instead of link anchors to enable clickable elements for navigation).

Unfortunately this fashion for making even static pages into 'web apps' is essentially born of crashing ignorance. For example, I found today an online shop which declared that in the interest of security "our shopping cart runs entirely on the client, so there's no server to hack". Where do they think the shopping cart code resides at rest? What happens if that repository is contaminated by malicious actors?

Until software development has been raised to at least the minimum standard of a professional engineering discipline we remain at the mercy of fools and ignoramuses. Dunning and Kruger rule!

1
0

Boffins fear we might be running out of ideas

Mike 137

rescind Moore's Law?

you can't rescind, remove or ignore it, as it has never really existed in the first place. Moore made a thought experiment suggestion in the context of much wider and more interesting matters, and as usual everyone jumped on the bit they fancied, canonised it and continues to worry it to death. Reminds me of the Monty Python sketch where the broadcast interviewer of a successful composer wants to discuss nothing except how many sheds he has in his garden.

1
0

'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption

Mike 137

stop and consider

Never ascribe to malice what can be simply explained by stupidity. I am convinced that there is no evil intent to control the masses here - just complete lack of understanding (of the entire societal condition - not just of encryption). They think they understand a 'problem' which is in reality merely a symptom of a massive cluster of social failures, and genuinely believe they can fix it piecemeal - and governments never last long enough to find out they were wrong. Witness the progressive dismantling of our education system by successions of 'bright ideas'.

0
0

Confessions of an ebook eater

Mike 137

Programming skill?

'The best way to acquire a programming skill - by "skill" I mean a working understanding of a framework, a language or ... a "paradigm"'

These are coding skills, not programming skills. They merely represent the technicianship aspects of programming. Relying on technicianship alone is equivalent to having your new commercial premises designed by bricklayers rather than architects and civil engineers.

What we currently suffer from (in respect of functionality, performance and security) is software bricklayers being in full command. What we need to cultivate is programming as an engineering discipline which is conceptual and based on established fundamental principles, of which coding is a necessary but potentially small part. If that were achieved, we might be supplied with software that did not need a torrent of bug fixes, would be less OS and upgrade dependent and did not take seconds to launch dialogs.

0
0

How can you kill that which will not die? Windows XP is back (sorta... OK, not really)

Mike 137

"Windows 10 continues to win converts"

Only in the sense that the Vikings 'converted' people - "convert or die now".

Win 10 is now pretty much all you can get on new equipment, so it's not actually a case of 'conversion' but compulsion.

Everything from MS after Win 7 has been crap if you're trying to do real work on your computer. They seem to view the market as exclusively made up of media consumers, but some of us have to create the media in the first place, and for that we need simple, intuitive, configurable and customisable tools with presentation that complies with the well established principles of good human-machine interface design so we can get on with the job rather than fighting with the tools. Instead we get the opposite in every material respect. The rot started with the Ribbon and fixed colour scheme options in Office - suddenly, your familiar and preferred system presentation was ignored by Office because nanny knew better, and "where the hell is that menu item?" - and it's gone on from there.

Shortly we will be sold nothing but dumb terminals controlled entirely from Redmond, and every day they will look and work differently than the day before because some juvenile smartass in the US has had a 'bright idea'. And let's not even start talking about software quality...

7
3

'Real' people want govts to spy on them, argues UK Home Secretary

Mike 137

Message to the Home Secretary

Encryption may indeed be used by terrorists. However they have also been known to wear underpants, and underpants have been actively used in at least one attempted terrorist attack. Please consider making the wearing of underpants illegal. That should significantly reduce the threat of terrorism.

13
0

An 'AI' that can diagnose schizophrenia from a brain scan – here's how it works (or doesn't)

Mike 137

Re: (f)MRI as a Dark Art ... ?

not quite as dark as other methods though. Twenty years ago I briefly worked on an attempt to use evoked potentials (brain waves) to do the same thing. I never found out whether the team as a whole finally 'succeeded' in their own terms, but the principle was fundamentally flawed due to individual variation masking the common factor of interest. However that didn't deter them from the apparent ultimate objective of a diagnostic helmet with two lights on it - green for sane and red for mad.

0
0

NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

Mike 137
FAIL

Where's the link to the report

We're still waiting for a link to the report so we can find out what it really says. Leyden seems to habitually fail to link to the reports he quotes, which is not very helpful. I emailed the Register requesting this at 07:01 today but not a squeak out of them so far.

0
0

The internet may well be the root cause of today's problems… but not in the way you think

Mike 137

"The internet may well be the root cause of today's problems…"

It is not.

The Internet is the physical infrastructure - the international network of networks of routers, switches and server racks, and it is entirely neutral (except insofar as it carries the bulk of the world's financial transactions without us noticing). The World Wide Web is what we (and they) are talking about here.

It pays to get your ideas right and use the correct words in expressing them.

2
0

Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts

Mike 137

"Security experts were quick to say Silva was dead wrong ..."

While I can not disagree with the tweet by Jim Killock (the 'security expert' referred to) as a statement of fact, I must point out that he is not actually a security expert, but a privacy and open source activist.

There are numerous much more important issues at stake if we're contemplating backdoors in encrypted services than whether you can break end to end encryption if you have control of one of the end points (frankly that's a bit obvious).

Speaking as a security expert of some 20 years standing, I find that real security experts currently have too little voice in the media and activists and journalists to much (even when they happen to be right). The outcome, as in this case, is a superficialising of the issues that misleads and debases the public debate.

1
0

Europe's looming data protection rules look swell – for IT security peddlers. Ker-ching!

Mike 137

"businesses that handle personal data in the EU"

It's wider than that - it's businesses that process the personal data of EU citizens (anywhere).

1
0

US judges say you can Google Google, but you can't google Google

Mike 137
Headmaster

genericide

an interestng offence in US law: the act of killing something that has no distinguishing attributes.

5
0

Trump signs 'no privacy for non-Americans' order – what does that mean for rest of us?

Mike 137

Just a suggestion...

It would be rather nice if occasionally we could keep on topic. I can't find a single mention above of the important matter that was the subject of the item - the potential effect on EU/US personal data transfers.

However this seems to be increasingly the case - almost every piece in the Register is becoming a mere trigger for personal rants and strained attempts to be 'comic'.

5
0

Human bot hybrid finds LinkedIn email, phone number-filching holes

Mike 137

'naive bays'

Readily misled moorings for boats?

0
0

Crims shut off Ukraine power in wide-ranging anniversary hacks

Mike 137

"the variance in security controls"

'variance' does not mean 'variability'.

0
0

Plastic fiver: 28 years' work, saves acres of cotton... may have killed less than ONE cow*

Mike 137

lifetimes and other matters

the new fivers are already developing permanent sharp creases, as the material seems to be unable to relax after being folded. This could well shorten their effective life. Also,more than one shopkeeper and a bank teller have all told me they're difficult to count quickly because they don't pick up on the fingers like paper.

1
0

Elon Musk: I'm gonna turn Mars into a $10bn death-dealing interplanetary gas station

Mike 137

the only missing items

All he needs now is a fluffy white cat and a volcano to live in

0
0

You call it 'hacking.' I call it 'investigation'

Mike 137

"While biometrics are just another kind of shared secret,..."

"While biometrics are just another kind of shared secret,..."

Oh no they're not. Any biometric can only serve as only an identifier, not an authenticator. An identifier is permitted to be public (e.g. your name); an authenticator must be private to the legitimate parties (a shared secret).

Two fundamental and essential characteristics of an authenticator are that it can be changed and revoked. As a biometric can not be changed or revoked, and can in many cases not be private (e.g. fingerprints and DNA are left behind everywhere you go) it cannot legitimately be used as an authenticator.

It would be so nice if this basic principle would finally sink in...

2
0

When you've paid the ransom but you don't get your data back

Mike 137

Information Assets?

"...over a quarter (26 per cent) believed the data encrypted wasn’t valuable or confidential, and hence was not worth paying for."

Why keep it then? If it isn't an asset it's automatically a liability.

0
0

Radicalisation? UK.gov gets itself in cluster-muddle over 'terrorism'

Mike 137

Re: Well said, Mr or Ms Tone - no simplistic explanation

You're right there's no simplistic explanation, but this 2008 paper

https://fsi.stanford.edu/sites/default/files/Abrahms_What_Terrorists_Really_Want.pdf

provides some very interesting insights.

1
0

Corbyn lied, Virgin Trains lied, Harambe died

Mike 137

"Rammed"

Where does this "ram packed" and "rammed" come from? The train would have been rammed if another train had run into it. This train was just jam packed.

26
0

Australian States stutter in coding-for-kids bandwagon-jump

Mike 137

"retraining more than 300 teachers as maths and science specialists"

So once again, as almost everywhere we have pseudo-education: folks just off crash courses passing on what they think they remember to those who cannot judge. But I forgot - Teaching is the real skill, subjects are just bags of facts. I obviously wasted decades studying systems engineering.

As a matter of fact I may have, given the culture. I have taught in various regions here in Blighty, and on every occasion bar one I have been handed a "Tutor Pack" containing everything necessary for the course - including crib sheets of acceptable answers to all the test questions. Almost anyone could "deliver' a course from that, without any subject matter expertise. Indeed one of my students complemented me on my ability to answer his questions, stating that my predecessor always reached for and thumbed through the text book when asked anything.

So our problem is not the quality or content of this or that syllabus - they are merely symptoms of shatteringly low expectations of both students and teachers. While we continue to impart very little, very little will result. This may explain to some extent the already abysmal and declining quality of engineering products - particularly in the software driven space. As long ago as the 1920s Owen Barfield coined the term "dashboard knowledge" for the capacity to do things by manipulating knobs and levers without any understanding of how they work, and this is what is primarily being "taught" - "How-tos" rather than the understanding of principles. This directly contributed to the Chernobyl nuclear incident, and is clearly implicated in a huge and proliferating number of broken systems from office software that needs monthly repairs to hackable "internet things" and military drones that think they've landed when they're still in the air.

0
0

Business users force Microsoft to back off Windows 10 PC kill plan

Mike 137

Re: What will it take to get people to switch to Linux?

"using Windows when they can -- most of the holes have been discovered" - if that's the case why do we still have monthly Update Tuesdays? Some of the holes have been discovered, but it's unreasonable to assume "most" as we just can't tell how many more there are. There's never been an OS or a major application from any vendor that has ceased to need patching before it was superseded by a "new version".

0
0

UK.gov flings £30m at driverless car R'n'D, wants plebs to speek their branes

Mike 137

a real test please

Before we assume, as this consultation seems to do, that autonomous vehicles are "the way forward" and all we have to consider are a few procedural and regulatory issues, I'd like to see the following test performed at least once (preferably more than once:

take around 200 autonomous vehicles and set them off in the rush hour alongside other traffic down the six roads to enter the Hemel Hempstead Plough Roundabout (National Grid ref: TL0549706394) with the aim of crossing the roundabout and exiting on various different roads. Then see what happens.

This roundabout consists of six mini-roundabouts surrounding a bidirectional central roundabout, and is quite a challenge for human drivers when it's busy. Any fool computer can drive down a motorway in steady traffic, but this would test its capacities realistically.

0
0

Google aims to train two million Indian Android devs by 2018

Mike 137

The Way Forward

Embrace Zombie - the new innovative development framework that allows you to generate terabytes of code without thinking at all. We plan to train 10 million Zombie developers worldwide by this time next year.

Oooops - too late, we already have them...

3
0

UK.gov's hated Care.data project binned

Mike 137

prohibiting medical records sharing

Here is a sample standard letter for restriction of medical records sharing, created when this scheme was first proposed. It might still be of use.

"I absolutely prohibit in perpetuity any sharing of my medical records with any person, other legal entity or agency, except in the specific cases of [1] access to my records with my explicit consent or exclusively for therapeutic purposes in support of treatment of a medical condition with which I present or [2] where required without the option by statute or order of the Court.

For avoidance of doubt, this prohibition applies to any current or proposed scheme of medical records sharing envisaged or planned at the date of this letter and equally to any plan or scheme of medical records sharing to be conceived, invented or proposed at any time in the future."

0
0

Mind the GaaP: UK.gov needs to get a grip on digital

Mike 137

Charity begins at home?

"The paper concludes that a new approach is needed where policy making should lead technology; not vice versa." - from an organisation promoting this concept in an online paper entitled "Fulltext.pdf"

1
0

Professor slams digital efforts of 'website-obsessed' government

Mike 137

"doing things wronger"

Might "doing things wronger" include posting a paper for download with a filename of Fulltext.pdf? Relying on the file path to define the nature of the document seems very similar to the sort of thing that is being castigated. Minor example maybe, but it highlights the fundamental problem - failure to think before acting.

0
0

Bees with numberplates will soon be buzzing around London. Why?

Mike 137

Fantastic project but...

Pity that the web site http://www.savelondonbees.co.uk/ is just a heap of JavaScript pointing to about 30 different subdomains.

Nobody with the slightest awareness of online security would go near this with JavaScript enabled, and it just doesn't work at all without.

The most fundamental principle of the world wide web from the very start was endpoint agnosticism - the ability of any browser to get to the content, independent of presentation. I have no objection to bells and whistles - provided they are optional and don't prevent basic access to the content.

Web developers who create sites like this do their clients a huge disservice - they deny the intelligent and infomed access to the content.

4
0

Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec

Mike 137

where's the link to the study?

it would be nice to be able to read the original

0
0

Digital adaption, you're doing it wrong. STEM education needs rethink

Mike 137

where are we?

It'd be really nice if the author were to mention what country he's talking about. I didn't realise this was about Oz until I saw the graph caption near the end. This is not by any means a unique instance.

1
0

True security means better response to hacks, not bigger walls to block hackers

Mike 137

three choices?

"You can prioritise blocking attacks.

You can develop processes that let you respond to attacks.

Or you can put most effort into cleaning up after an attack."

Put that way it sounds really stupid - they are not mutually exclusive. You need to do all three in just proportion all the time. Getting the balance right is the key to success, and it may not be a static balance - the priorities can change depending on what's happening right now, so you need to be continuously attuned to the threat space. Ergo, being aware of the changing threat space is always your highest priority.

0
0

Defence in depth: Don't let your firm's security become a boondoggle

Mike 137

Infosec?

Nothing discussed here is really infosec - it's ITsec. ITsec is a small part (maybe 30%) of infosec. Conflating the two is the error that almost everyone makes and it results in a technocentric view that fails to deliver real security however much you spend. Infosec is about management of risk - ITsec is about choosing and deploying defensive technologies. Unless this is done with reference to business risk, it will be at best very expensive and at worst both very expensive and a failure.

0
0

When should you bin that old mainframe? Infrastructure 101

Mike 137

time dilation?

"24/7/365 support", Talk about over-working the team - 24 hours a day, seven days a week, 365 weeks a ... oh, hang on! Something's not quite right here. In the real support world, you provide either 24/365 or 24/7/52.

1
0

Terrified robots will take middle class jobs? Look in a mirror

Mike 137

rejects?

As always there has to be a happy medium (something nobody seems to have ever managed to achieve sustainably).

However, what has been happening for some time is that against an objective standard of best available performance, median performance has been declining so we're all becoming "rejects". Here, maybe, is a reason. Instead of, as in the past, creating technologies primarily to enhance innate capacities, for some time we've been creating them to supplant those capacities, so the innate capacities are allowed to atrophy. It's even beginning to show in the quality of the supplanting technologies, as people with atrophied capacities have entered the roles of creator, designer and QA inspector. Evidence of this is readily to hand - witness the appalling quality of software, even in mission- and life-critical systems.

1
0

Pay up, Lincolnshire, or your data gets it. Systems still down after ransomware hits

Mike 137

"... spread throughout its systems."

who's running a flat network then? I see this all the time - exclusive reliance on Active Directory for control over access to resources over an otherwise exhaustively interconnected user network. Apparently nobody's heard of network segregation.

0
0

Plusnet ignores GCHQ, spits out plaintext passwords to customers

Mike 137

"When a web site is able to 'remind' you of your password by emailing it back..."

"When a web site is able to 'remind' you of your password by emailing it back, that's a symptom of very poor security practices."

Ironically the Register did this the last time I forgot my password. I still have the email containing my password in clear in the body of the message.

0
0

Now VW air-pollution cheatware 'found in Audis and Porsches'

Mike 137

Vorsprung durch

Betrugerei?

0
0

Amazon Echo: We put Jeff Bezos' always-on microphone-speaker in a Reg family home

Mike 137

"And what resulted over time is this:"

"distrust turned to uncertainty; uncertainty to excitement; excitement to disappointment; disappointment to acceptance; acceptance to affection."

Exactly the process of hostage conversion - right up to Stockholm Syndrome

1
0

Minicab-hailing app Uber is lawful – UK High Court

Mike 137

Re: What am I missing

Actually, the distinction seems to be whether this device (the smart phone and/or app) is actually calculating the charge. It has been decided that it is only reporting the charge, which is calculated elswhere - hence it's not a taximeter.

0
0

Revealed: Why Amazon, Netflix, Tinder, Airbnb and co plunged offline

Mike 137

"(AWS), which powers a good chunk of the internet"

No it doesn't - it serves a good chunk of the world wide web. The web is not the internet.

1
0

UK.gov creates £500K fund to help universities teach cyber skills

Mike 137

"Oh no it doesn't..." - "Behind you!"

"...Cyber Essentials – the UK government-backed scheme which protects businesses against the most common threats on the internet."

Cyber Essentials Basic just requires an attestation that specific minimal security technologies (e.g. antivirus and a firewall) and practices (e.g. patching) are in place - not even that they're actually working. Cyber Essentials Plus adds an annual one-off penetration test, which of course does not actually prove they are working properly, only that they haven't absolutely failed at the time of the test. Furthermore, the originators of Cyber Essentials explicitly limited its scope to the most elementary low grade threats, and even there it's only the equivalent of an MOT ("annual vehicle safety test" for those of you in foreign parts).

I actually recommended that the Cyber Essentials Basic attestation should include a CMM-based self-assessment of the level to which these minimal technologies and processes are managed, but the suggestion was ignored. Consequently Cyber Essentials does not really protect against much at all.

0
0

Hackers upload bot code to Imgur in 8Chan attack

Mike 137
FAIL

"...to hide malicious code in images..."

Really? It's often a good idea to read the original report before summarising it.

Actually, the malicious code is hiddent in image LINKS.

The very first sentence of the orginal report states this clearly: "Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur."

Come on Reg - you're not a red top!

1
0

Hackers use 'cartons' with 'sticks', may be foiled by 'watermelons'

Mike 137

there's just one tiny problem... (Edmund Blackadder)

'carton' (картон) doesn't mean carton (a box) in Russian - it means 'cardboard'.

0
0

Painfully insecure GDS spaffs £21,000 on online narcissism tool

Mike 137

Can anyone answer this?

Why could it be that two letters of mine this year relating to important issues, sent directly to the ministers responsible, have elicited zero response but the govt is dead keen to find out at our expense what some of us have tweeted about it?

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017