* Posts by alain williams

1297 posts • joined 29 May 2007

Page:

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

alain williams
Silver badge

ThIrd party support by law

at the moment if my washing machine breaks & the manufacturer won't repair then I can call in an independent outfit to replace the broken bits, made by some third party supplier.

If IoT software breaks (or a vulnerability becomes known) then I can only go to the manufacturer. Unfortunately they loose interest very quickly and announce 'end of product lifetime'. Once they do that then the software must become open source. There is a potential business in patching such software.

Unfortunately the general public will be reluctant to pay even £2/year as software support contract for the washing machine - they will want to know why & then bitch if they get hit.

It'll be interesting t see how this goes.

8
0

We (may) now know the real reason for that IBM takeover. A distraction for Red Hat to axe KDE

alain williams
Silver badge

I notice: tcp_wrappers deprecated

probably because it does not play well with systemd.

Regarding desktops: I just hope that when I need to upgrade by CentOS 6 desktop to CentOS 8, that Mate will be available. I hate Gnome-3.

8
0

UK and EU crawling towards post-Brexit data exchange deal – reports

alain williams
Silver badge

USA & Safe Harbour ?

If he EU approves Safe Harbour why would they object to what the UK does - as the UK is compliant with current EU regs ?

Unless they are afraid that we will adopt USA style rules once Brexit has happened.

0
0

50 ways to leave your lover, but four to sniff browser history

alain williams
Silver badge

Re: run NoScript

NoScript only works if the naughty script is served from a domain you don't care about. It might be trickier if the naughty script is hosted on a domain you actually need to whitelist because else the site you're visiting doesn't work (online stores come to mind).

If it is from the online store, or similar, then the domain owner is a big target that could be prosecuted under the computer misuse act. A few costly & high profile actions could stop a lot, but not all, of this.

0
5

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

alain williams
Silver badge

Old is good

in many respects when it comes to software because, over time, the bugs will have been found and squashed. Systemd brings in a lot of new code which will, naturally, have lots of bugs that will take time to find & remove. This is why we get problems like this DHCP one.

Much as I like the venerable init: it did need replacing. Systemd is one way to go, more flexible, etc, etc. Something event driven is a good approach.

One of the main problems with systemd is that it has become too big, slurped up lots of functionality which has removed choice, increased fragility. They should have concentrated on adding ways of talking to existing daemons, eg dhcpd, through an API/something. This would have reused old code (good) and allowed other implementations to use the API - this letting people choose what they wanted to run.

But no: Poettering seems to want to build a Cathedral rather than a Bazzar.

He appears to want to make it his way or no way. This is bad, one reason that *nix is good is because different solutions to a problem have been able to be chosen, one removed and another slotted in. This encourages competition and the 'best of breed' comes out on top. Poettering is endangering that process.

Also: he refusal to accept patches to let it work on non-Linux Unix is just plain nasty.

68
0

Zip it! 3 more reasons to be glad you didn't jump on Windows 10 1809

alain williams
Silver badge

Ship it with bugs

has long been a Microsoft philosophy. It served it well in the early days as it meant that it got a product to market before the competition. The bugs could be fixed in a later release. Competitors who, later, shipped something with fewer bugs didn't get the sales as the Microsoft offering was seen as 'the standard'.

Others have also done this sort of thing. In some ways: better something with holes than nothing at all.

But today Microsoft should not need to do this, it is not scrabbling for market share in the same way. They have the time and resources to do proper QA regression testing - but don't seem to want to.

23
0

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

alain williams
Silver badge

Is there a Firefox setting for this ?

I tried looking in about:config and searched for TLS, but nothing seems relevant.

A 10 minute timeout seems more than generous, the real value is in saving lots of TLS packet round trips when many connections are made in rendering one page (lots of images, etc). One extra round trip every few minutes will likely not be noticed.

The need for this will be reduced with HTTP2 since one HTTP2 TCP connection can be used to download several files at the same time by in different streams (AKA multiplex).

3
0

Apple to dump Intel CPUs from Macs for Arm – yup, the rumor that just won't die is back

alain williams
Silver badge

What else can a move to ARM bring ?

Most of the comments here look at the problems of getting existing programs to work on a new architecture, be that via recompile or emulation or something.

An Apple designed CPU could bring a whole range of new instructions, maybe doing some of the things that are today offloaded to GPUs. This might help with more AI (whatever that means) and other needs where new silicon could give great advantage. Apple will not share its designs and will probably patent what its new silicon does to stop others following suite.

3
2
alain williams
Silver badge

Re: Worth the RISC

I believe in 10 years, architecture (ie. x86, PowerPC, ARM) will be more of a preffered brand

Having spent the last 35 years working with Unix/Linux - that has always been my view. A new architecture is just a 'make' away for decently written programs.

20+ years ago the common use of different architectures was much greater than today.

20
1

Love Microsoft Teams? Love Linux? Then you won't love this

alain williams
Silver badge

If they published the protocols ...

then someone would probably implement an open source client. But Microsoft will not do this because they do not want the competition. Someone might also implement an open source server - which would be even worse as far as they are concerned. Look at their other stuff - how they make compatibility hard.

24
2

HP dangles subscription hardware at power users

alain williams
Silver badge

Does not take long to buy the hardware ...

at $156/month. This is like the current trend with cars - where you lease (with a very small mileage allowance) and end up with nothing after 3 years - having almost paid the cost of buying it.

Every business these days seems to be trying to tie customers in to a monthly payment. I assume that it is for the benefit of the business not the benefit of the customer - although marketing will try to convince you of that.

I suppose that they don't sell to engineers or devs because they are sufficiently mathematically able to work out that it will be a bum deal.

11
0

GCHQ asks tech firms to pretty please make IoT devices secure

alain williams
Silver badge

GCHQ need a big stick

This is one area where I wish the government will give GCHQ some strong powers to compel vendors to do as it says: make these things secure (but without any nice five eyes back-doors). The article contains phrases like ''GCHQ hopes'', which we all know means that vendors will do as little as possible, preferably nothing.

The onus needs to be on UK manufacturers AND those who import foreign (== mainly Chinese) kit into this country.

There also needs to be an onus to support these things for their *use* lifetime, not a lifetime defined as until-the-next-model-is-released. The entire code-base needs to be held in escrow and released Open Source once manufacturer updates cease to come. For some thing I can see a 'use lifetime' of 30 years or more (eg IoT light switches).

This needs the backing of strong laws (that are actively enforced == big fines) otherwise it just will not happen. The cost of not doing this will be millions of tiny breaches.

14
1

In Windows 10 Update land, nobody can hear you scream

alain williams
Silver badge

Yes I understand Microsoft's problem ...

in that their Windows is installed on many different sorts of hardware. This makes it hard to test all the combinations - which means a lot of work. But if they have sold, we are told, some 700 million of them then they must have the resources to properly test.

Contrast this to Linux: which runs on a wider selection of hardware than does MS Windows - you rarely hear of such breakage after an update. Even with manufacturers that only support MS Windows, once a device work it tends to stay working.

So: which is the 'hobbyist' operating system I wonder ?

83
9

The march of Amazon Business has resellers quaking in their booties

alain williams
Silver badge

Should there be a legal maximum size of company ?

For companies in more than one market sector. Such that when it exceeds that size the new sectors must be sold off.

I agree that a mega Amazon might be able to negotiate/sell-at a lower price than anyone else, but where is the benefit to society if you can only buy xxx from one source ? OK: this is more complicated than I suggest, but stopping companies from getting too big must be good.

I would much rather live in a pond with many minnows than one inhabited by a few sharks.

7
2

Microsoft Windows 10 October update giving HP users BSOD

alain williams
Silver badge

Barton Gellman defended auto-updates, arguing they do more good than harm

you try telling that to someone who's laptop no longer works. So: will it be HP or Microsoft that pays for the repair & a bit to compensate for the inconvenience ? What do you mean 'neither' ?

57
0

If you haven't already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

alain williams
Silver badge

Re: Would anyone...

I have. I bought it in 2012 as it was, at that time, the only sensibly priced router that would give me IPv6. I have not had any problems with it, a few small bugs but nothing really bad. It is highly configurable but not for a novice user -- eg you need to have an idea of how Linux IpTables works.

However: usual story, I can't get any updates, they were available for a couple of years and then ... zilch, nada. As with most hardware vendors they rapidly lose interest, expect you to buy a new box.

A new one would cost me some £40-£70ish, but then you add in:

* time to work out what new model I need

* time to configure the thing (IPv4 & IPv6 filtering, forwarding, etc)

I have another firewall on my main (Linux) desktop - so potential damage would largely be stealing bandwidth.

0
0

World's largest CCTV maker leaves at least 9 million cameras open to public viewing

alain williams
Silver badge

XM is an OEM company

The only way to fix this is to make the UK reseller liable for any problems that might be caused by bad OEM security. The result would be that UK resellers would only deal with OEMs that provided products with good security. So the likes of Xiongmai would either go out of business or smarten up their act.

Currently UK resellers can just shrug their shoulders to these problems.

Yes: this would result in a small price hike, but we all understand that quality costs.

17
0

Don't make us pay compensation for employee data breach, Morrisons begs UK court

alain williams
Silver badge

Quis auditdiet ipsos Auditores?

I guess you could argue that nobody has any business running a ToR client on a PC in a supermarket, so blocking 9001/tcp outbound would have stopped that for the 2 minutes

We are told that the data was uploaded via ToR but do not know if that is how the data was taken off the Morrison's servers. It could have been walked out of the building on a memory stick and uploaded via ToR at home or in a cyber-cafe.

Since he was an auditor he could have asked for access to the backup system/media/... to check that it was being done properly or that it could be restored or ... or ... One of many reasons to get his hands on a copy - then swipe a copy in one of many innocuous ways.

"Who audits the Auditors ?"

5
0
alain williams
Silver badge

I do have some sympathy for Morrisons

Andrew Skelton was not a director, neither was he part of a team doing something 'furthering corporate aims' that resulted in the data loss or, as is often the case, not doing things that they clearly should have done to prevent the data loss. In order to operate a company does need to trust some individuals, it is not possible to lock everything down so that someone internal trying to nick data can be prevented 100% of the time.

Andrew Skelton should have the book thrown at him, he pay the fine, if it means that he looses his house then so be it - it might act as a deterrent for others.

This should, however, not be used as an excuse to allow all corporations off the hook by blaming everything on rogue employees.

16
0

Punkt: A minimalist Android for the paranoid

alain williams
Silver badge

It looks very nice

Phone calls, texts, address book, tethering - that is all that I really need.

It would be nice if they provided the source code so that it could be verified, but they won't -- shame.

4
0

Hate to burst your Hubble: Science stops as boffins scramble to diagnose gyro problem

alain williams
Silver badge

Nystagmus is hard to fix 340 miles up

Let's hope that they fix it.

Gyros seem to be a perennial problem, I suppose that since they have to move (spin) all the time they suffer wear & bearings break.

One thing that I just learned is that the gyros are used to detect Hubble's orientation, and that reaction wheels are used to move/rotate it.

4
0

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

alain williams
Silver badge

Who gains by this ?

If we assume that Bloomberg has got it wrong and also assume that Bloomberg would not want to dent its reputation by asserting bollocks then a lot of effort must have gone into pulling the wool over Bloomberg's eyes. Knitting that wool is probably beyond the abilities of pranksters and would need to be state actors.

What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. If we do not know what is true or false then we become confused and less able to make good decisions.

Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt.

19
2

On the third day of Windows Microsoft gave to me: A file-munching run of DELTREE

alain williams
Silver badge

This is affecting the enthusiasts ...

those who have downloaded it voluntarily. These are, presumably, those who know a few things about computers and who will have maintained some form of backup.

Will this still happen to the hapless home users who will have the update happen without them asking for it ? These are the ones who have probably forgotten to do a recent backup, or who never realised that it was a good idea to do so.

One wonders if this is part of the MS push for users to keep a copy of their files in the MS cloud - with all that that implies?

53
2

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

alain williams
Silver badge

Re: Grikath

I don't want to sound like a sycophant but I do want to congratulate El-Reg for putting together an excellent article about this -- even if, having read it, I still don't know how much truth there is in it.

50
1

Manchester nuisance-call biz fined £150k after ignoring opt-out list

alain williams
Silver badge

overnment is planning to make directors personally liable

they have been saying that for a long time. One of the biggest problems of Brexit is that that is all that they seem to think about :-(

27
6

A web where the user has complete control of their data? Sounds Solid, Tim Berners-Lee

alain williams
Silver badge

Durh! Why should I bovver ?

Will be the typical reaction of most Internet users. If it takes more than 10 seconds to implement a change then they won't bother.

Yes: some of them might have heard stories about abuse of data by the facebook & friends, but they have not seen the sky fall & don't understand why these apps that let them chat to friends, the purveyors of pictures of kittens are in anyway malign. Then they forgot about the stories.

Much as I applaud Solid they are unlikely to get more than 1% of users (most of whom will be the sort of techno nerd that visits el-Reg) - so the data abuse will continue. Solid is going to need to come up with exciting must-have features to attract users ... features that the big boys will copy in a trice. Most people do not consider security & privacy. They are not must-have features that Sharon from Essex thinks about.

13
0

Take the wheel, Arm tells its notebook-grade Cortex-A76 CPU: Now you're a robo-ride brain

alain williams
Silver badge

Re: Two cores? How do you know which one is wrong?

My thought exactly. I remember that Tandem machines had 3 CPUs in lock step. If there was a difference a 'vote' took place, 2 out of 3 'winning' and their result taken as being correct.

5
1

Barclays and RBS on naughty step: Banks told to explain service meltdown to UK politicos

alain williams
Silver badge

Re: Beyond branch closings, there's serious 'Cashless Risks'

One thing that 'cashless' does is to shift administrative burden from the shop to me. I have a whole extra lot of card transactions who's slips I need to keep and reconcile when the statement comes in.

I dare say that many millenials will want to know why reconcile ... I regard it foolish to NOT do so.

1
0
alain williams
Silver badge

Re: Explain to a bunch of FuckTurds who can't even do proper expenses

7. We'll get what Brexit means agreed long before March 2019 so that industry can make plans.

1
4

No, that Sunspot Solar Observatory didn't see aliens. It's far more grim

alain williams
Silver badge

Re: Unconvinced

You close an entire science facility for several weeks because the Janitor may have been sending child porn?

Maybe the janitor was using the facility to take pictures of his naked sun :-)

4
0

HP Ink should cough up $1.5m for bricking printers using unofficial cartridges – lawsuit

alain williams
Silver badge

Re: Wait, what?

So ~68 cents each, even assuming that the lawyers don’t take the lion’s share (unlikely)?

How much did many have to pay their local ''IT man'' to come and look at the printer, only to realise that it could not be fixed ? The minimum should be that cost, then look at adding in other time spent farting around because of HP's shenanigans -- I think that £200 each is a good starting point.

Unless HP are made to pay something like this they will just do it again.

35
0
alain williams
Silver badge

Re: broader scope

the manufacturer should not be able to remove that feature afterwards

You don't need a wider rule ... most devices have a (special purpose) computer inside. The manufacturer changing what it does, without the explicit agreement of the owner, surely falls under the computer misuse act.

26
0

Watt the heck is this? A 32-core 3.3GHz Arm server CPU shipping? Yes, says Ampere

alain williams
Silver badge

It runs Linux

Almost a year ago Red Hat announced Arm server support for their Linux. So, all the hard work is long done. I notice that CentOS (aka Red Hat) was working on this in February, so they have probably knocked the bugs out by now and this is ready for real customers.

17
1

Boffins ask for £338m to fund quantum research. UK.gov: Here's £80m

alain williams
Silver badge

Reason why ...

because it is obviously better to give the money to banks - can't have their funds drying up and not being able to pay the usual mega-bonus.

This is because bankers are obviously much more valuable to the country than physicists because ..., err, umm, gosh - I am certain that there are lots of reasons ... I seem to have temporarily forgotten any of them!

9
4

Euro bureaucrats tie up .eu in red tape to stop Brexit Brits snatching back their web domains

alain williams
Silver badge

Re: Well that's the end of the .eu domain

If all of these rules are so important why were they not in place when .eu was first released a few years ago ?

Anyone would think that coming out with them now is just to get at the Brits as punishment for Brexit.

13
2

Redis does a Python, crushes 'offensive' master, slave code terms

alain williams
Silver badge

Then check the new terms ...

in all known human languages, just in case they are offensive in Mongolian, or something.

They will then need to wind up the DeLorean to 88 miles per hour to check that the term does not become offensive in years to come.

19
0

Guess who just bought Maplin? Dragons' Den celebrity biz guy Peter Jones

alain williams
Silver badge

Re: "extensive" customer data

"Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets...."

I think that most would agree that data can be given if the business is being sold, in whole or part, as they need the data to continue the business.

What it seems that they were doing was selling the data to another business that was NOT going to carry on the Maplin business. If they were selling it to Currys (who are not buying any Maplin shops) then I would be upset.

4
0
alain williams
Silver badge

"extensive" customer data

Is their data being sold to another organisation one of the uses that customers were clearly told when they handed over their data ? I suspect not. Can anyone say what the GDPR has to say about this ?

22
0

Python joins movement to dump 'offensive' master, slave terms

alain williams
Silver badge

Re: Daemons

I had that some 35 years ago with some Christians in the UK. Another that they did not like was the term Zombie, I noticed on IBM AIX systems many years ago that these were renamed 'exiting', or something similar.

Sigh

12
0

Law firm seeking leak victims to launch £500m suit at British Airways

alain williams
Silver badge

A better way of effecting change

Rather than suing BA for about 1/3 of last year's profit, something that will be regarded as a business cost and forgotten in a few years -- the individuals responsible for failing to ensure secure systems (eg BA board & top level Web managers) should be fined; something like 80% of their assets (ie house) and their pension pot. This will be noticed by directors, etc, in other companies who will then ensure that the same thing cannot happen to them.

I assume that customers who suffered losses will have those repaid by BA; something for the inconvenience would also be good.

0
1

Raspberry Pi supremo Eben Upton talks to The Reg about Pi PoE woes

alain williams
Silver badge

Oh dear, a fan

pity because it is something that moves & so may fail, especially in a dusty environment, where otherwise it might be expected to just work for years.

22
4

Expanding Right To Be Forgotten slippery slope to global censorship, warn free speech fans

alain williams
Silver badge

If CNIL wins would it mean ...

that Barbra could force Wikipedia to remove this page: https://en.wikipedia.org/wiki/Streisand_effect ?

12
2

Activists rattle tin to take UK's pr0n block to court

alain williams
Silver badge

Is porn that damaging ?

Yes: some of it is 'meat market, wham bang thank you marm' stuff that disrespects both sexes**; it does little to help kids build good relationships as adults. However I would rather that they looked at porn than some of the blood & guts stuff where people are killed with little thought. What does that do to build a respect for others' lives ? Then don't get me started on the religious stuff that encourages people to believe in whatever nonsense that they see just because it sounds good - without any checking for reality.

Is this really the right target ?

** BTW: I gather that female porn stars are paid more than the men that the f**k, should there not be a move to pay them both the same ?

24
0

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

alain williams
Silver badge

Leads to more lack of understanding

Hopefully, like in Windows, you can tweak Chrome's settings to disable this behavior.

Very few people will know how to (or care/bother) to do so; these will be the technically literate. The others will believe what they see and their general level of understanding of how the Internet works drop even more.

Simplification is one thing, but not this.

43
0

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

alain williams
Silver badge

How long before the Gov't backdoor ...

is for sale on the dark web ? Probably at a hefty price, but available ?

Russia's GRU, and other state spooks, will probably have it before then.

15
0

UK.gov's no-deal plans leave HMRC customs, VAT systems scrambling to keep up

alain williams
Silver badge

Lots of lovely fines sent out all round ...

by HMRC to companies who have not been able to make their accounting systems compliant by March 2019 to the rules that will have been modified (again) in February 2019.

There are many who run accounting systems that have been developed in-house to deliver what the organisation needs.

This is on top of MTD (Making Tax Difficult) that everyone, including your house-to-house window cleaner) is supposed to do from next year.

Muppets.

5
0

Hello 'WOS': Windows on Arm now has a price

alain williams
Silver badge

Re: How much?

Hopefully MS won't fluff it this time so it will be. In the end it's about the software.

They already have fluffed it ... it runs Windows 10 S -- the version that restricts you to only running stuff from the MS App store.

I like the reported battery life, but not at that price. Anyway: I would wait until someone reports that Linux Mint runs on it.

25
7

No D'oh! DNS-over-HTTPS passes Mozilla performance test

alain williams
Silver badge

ISP or DOH end points; who do you trust least ?

If you wanted to see globally who was visiting where it would be easier to compromise the 8 DOH end points than to get into the thousands of ISPs all around the world. NSA, GCHQ, ... must be rubbing their hands in anticipation.

However if you live under a repressive regime having the NSA/... spying on you might be preferable to your own government. But expect $REPRESSIVE_REGIME to force their Mozilla users to use their own DOH end points.

Who do you trust least ?

5
2

Give yourselves a pat on the back, top million websites, half of you now use HTTPS

alain williams
Silver badge

Extended validation certificates

What is the point of them ?

OK: I know that they are supposed to give the visitor extra confidence that they are going to somewhere trustworthy & all that, but how many even have a clue what the green padlock means ?

That is the problem: most neither know nor care. So why pay for something that few notice ?

7
3

Muslim American woman sues US border cops: Gimme back my seized iPhone's data!

alain williams
Silver badge

Re: Copyright

After all, copying is theft according to big media companies.

But the media companies would probably sue you for making copyrighted material available; they will go after the easy target.

2
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018