* Posts by Ken Hagan

6004 posts • joined 14 Jun 2007

Oregon will let engineer refer to himself as an 'engineer'

Ken Hagan
Gold badge

Re: So...

"But be careful, you don't want to accidentally be practicing law without a license."

I suspect that isn't enforced quite as you envisage...

"Your honour, I did it, but I'm not a licensed lawyer, so it isn't actually legal for me to know what the law is, nor was it legal for at least some of the state legislators to have voted to make it the law in the first place.

6
0

Walk with me... through a billion files. Slow down – admire the subset

Ken Hagan
Gold badge

Re: can’t retrofit … metadata generation, storage and access to an existing file system

Umm, whilst MS support FAT, it hasn't been their preferred choice for over 25 years.

Since you've clearly been away, you might want to check out other "recent" developments such as the web.

2
1

No, BMW, petrol-engined cars don't 'give back to the environment'

Ken Hagan
Gold badge

Re: "He's not the messiah!"

"if you had to involve the head of marketing and CEO in every single external statement"

Why would you need to do that? Ad content isn't generally a legal matter, but for those things that are, the directors are (and always have been) legally liable for the actions of employees, whether they keep tabs on the employees or not. All companies already operate under this regime and the sky has not fallen in.

1
0

Meet the woman with a supernatural affinity for stiff lovers

Ken Hagan
Gold badge

It's because you can't just walk up to someone and "give them the help they need". You need their consent.

11
0
Ken Hagan
Gold badge

Re: a waste of air

Not at all. One of the reasons that the other things are happening is that so many of our species can self-delude to this extent. Treat daytime TV as a documentary review of humanity and you'll be better prepared for the idiots when you meet them in real life.

24
0

Intel Management Engine pwned by buffer overflow

Ken Hagan
Gold badge

Insecurity by obscurity

"Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. "

Well, had Intel published all the architectural details about a decade ago, none of this would have been necessary. Someone at Intel took the decision to put this into their chips but not publish how it worked bother to make it secure. (The two versions of that sentence are entirely equivalent to anyone who knows anything about software development.)

And whilst we are on the subject ... I'm told that AMD have a similar feature. Have they documented it? Or are they enjoying Intel's discomfort without realising that the same inexorable logic applies to them.

27
2

Loose-change payment network Microraiden launches on Ethereum

Ken Hagan
Gold badge

Re: What about the biggest problem?

Ah, but that's an externalised cost as far as Bitcoin is concerned, so it doesn't spoil the rose-tinted view.

But yes, if the cost of *receiving* a micro-payment exceeds the value of the payment, then that's not something that is going to scale well.

2
0

Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

Ken Hagan
Gold badge

Re: The real issue

Good points, although this was a decade ago and things might have been tightened up since then.

I don't suppose anyone here is in a position to comment ... perhaps anonymously ... ?

2
0

Wondering why your internal .dev web app has stopped working?

Ken Hagan
Gold badge
Flame

Re: also ICANN

The only TLDs that count are the two-letter CCs and the original seven (.com, .org, .net, .int, .edu, .gov & .mil). Any sensibly configured DNS will drop everything else on the floor. There is nothing of any value on them that does not also exist on the real internet.

6
1

Rolls-Royce, Airbus, Siemens tease electric flight engine project

Ken Hagan
Gold badge

No. Failure of the generator would not result in loss of power. You'd have however long the batteries lasted to make a safe landing.

0
1

Give 1,000 monkeys typewriters, they'll write Shakespeare. Give them robot arms, and wait – they actually did that?

Ken Hagan
Gold badge

Re: WTF happened to these monkeys

"three" is not "so many", is it?

11
1

Thou shalt use our drone app, UK.gov to tell quadcopter pilots

Ken Hagan
Gold badge

Perhaps this is the UK's attempt to jump-start the market in "micro-drones" and lead the world in twenty years' time.

2
0

BOFH: The trouble with, er, windows installs

Ken Hagan
Gold badge

No, I think the BOFH is *quite* happy for people to use work machines for personal stuff. You never know when admin-level access to someone else's personal stuff might come in handy.

28
0

Mythical broadband speeds to plummet in crackdown on ISP ads

Ken Hagan
Gold badge

Re: Use median speeds instead

"because the adslingers would have to understand what "median" means"

No, they wouldn't. They'd just have to pay the penalties until they learned that they should ask someone who does before making public statements on behalf of the company.

The Laws of the Land aren't like the Laws of Nature. Compliance is entirely optional.

0
0

Stick to the script, kiddies: Some dos and don'ts for the workplace

Ken Hagan
Gold badge

Re: With Great Power, comes Great Change Control.

Welcome to my world. I'm an application developer and my machines actually belong to my customers and, yes, I'm only allowed to talk to them after the script (my application) has been tested on mock-up systems that don't matter and then signed off by quality control once they demonstrably work.

Why should you have lower standards when the target system belongs to your own company?

10
1
Ken Hagan
Gold badge

"Sure, we had WSH and batch, the languages where "adequate" but they couldn't do anything useful due to the lack of bindings"

Ummm, the lack of bindings is a problem with the thing you are trying to script, not the language you are trying to script from. However, I will agree that the adoption of Powershell *did* give Microsoft developers a strong kick up the arse on the matter of providing such bindings in a more systematic fashion across the system.

1
0
Ken Hagan
Gold badge

Re: Really useful article.

"installer and wizards that can create reply scripts to be run in quite mode"

...like a deb, then?

"prefer to write an installer with a proper setup creation tool"

...like a deb, then?

"Even on Linux writing a proper rpm/deb is better than a bunch of ugly scripts."

...so you *have* heard of them, even if you haven't yet grasped the fact that they package, amongst other things, scripts.

3
1

Someone told Google to nuke links to mean reviews of disgraced telco True Telecom

Ken Hagan
Gold badge

Not so sure-fire

They may have got away with it this time, but it isn't a completely sure-fire method of erasing bad publicity. Had they been the subject of a court case rather than an Ofcom complaint, their statement to Google that the reports of the findings in that case were "not true" might be regarded as contemptuous.

7
0

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

Ken Hagan
Gold badge

Re: Who/What does the "secure" in Secure Boot refer to?

@phuzz: Thanks for the clarification, but I'm still puzzled. I mentioned Secure Boot simply because that's the only layer I'm aware of between the OS and the IME. Since the owners of those layers (Microsoft and Intel) appear to be unable to do the job without additional help, it did seem like an intermediate layer might be relevant. I'll have another go at framing my questions and perhaps you or someone else can clarify things.

Who writes the patch? Is it just Intel or do they just explain what needs to change and leave it up to someone downstream? Does that patch depend on the CPU, the chipset, anything else more vendor-specific?

Who distributes the patch? It clearly isn't something that Microsoft can distribute via Windows Update or else Intel could just give them the code. There seems to be a requirement for someone in the middle to be involved EITHER in the authorship (bringing vendor-specific details to the code) or the distribution channel (providing vendor-specific authentication for the code).

How is the patch applied? Does the patch program run instructions at the (regular) OS level that automagically cause the patch to be uploaded to the IME, or does it have to ask an intermediate (such as the UEFI layer) to help with delivery?

An finally, perhaps a little tongue in cheek, if the vulnerability lets someone hi-jack the IME, why can't Intel use the vulnerability to produce a "universal" patch that doesn't need the co-operation of foot-dragging vendors? Less tongue in cheek, I think it is reasonable to assume that *some* people are working on such a thing, even if Intel aren't.

2
0
Ken Hagan
Gold badge

Who/What does the "secure" in Secure Boot refer to?

This situation smacks of the Android universe, where the author of the offending software has to rely for patch incorporation on the hardware vendor who in turn has to rely for deployment on phone operators. It leads to woeful security in practice because patches are never deployed and everyone blames everyone else. In the PC case, I'd have thought that the hardware vendor was Intel itself (or, worst case, a handful of motherboard UEFI BIOS providers) and there simply is no equivalent to the "phone operator", so ...

What have the PC vendors actually done to insert themselves into the critical path?

How could the system be changed fixed to remove them?

9
0

Back to the Fuchsia: The next 10 years of Android

Ken Hagan
Gold badge

Re: No Dictaphone Function Right Out The Box!

"now you have to pay big bucks to get a simple programming language installed."

Any particular language you were thinking of? All the ones I want to use are free.

1
0
Ken Hagan
Gold badge

Re: re: and it doesn't make money from Android.

"for the same reasons then you must completely avoid using Facebook, twitter, linked-in etc etc."

You say that as though it might present a problem, rather than a win-win situation?

2
0
Ken Hagan
Gold badge
WTF?

Re: re: and it doesn't make money from Android.

"The almost obig need for almost every website out there these days needing to use 'googleapis' ..."

0
0
Ken Hagan
Gold badge

Re: anarchic, fragmented, insecure, with a user base that lags far behind the latest code.

"Once you have the market a 'from the ground up, yet compatible' replacement that still allows the mass data collection without providing a 'free' platform for your rivals to capitalise on seems to make sense."

If it is compatible, there's no reason for developers to write apps solely for the new platform or for consumers to buy your phones rather than those of vendors who are now your direct competitors. If it is not fully compatible, you may just find that all the other vendors continue to run with something more AOSP-like and make a big point about "compatibility" in their advertising.

I'm not sure how Google expect to ever make money out of "controlling" a phone platform when even MS have discovered that unless you are also fully compatible with a platform that you don't (and cannot) control, you can't sell the kit.

0
0

For goodness sake, stop the plod using facial recog, London mayor told

Ken Hagan
Gold badge

Aren't we talking about public places here and haven't amateur photographers been trying to persuade police that taking pictures of things that are in public is OK? That would mean we are arguing about whether it is OK to automate something that is perfectly legal to do manually (and whether the automated version is more or less reliable than the manual version).

As the US Constitution acknowledges, there are reasons to worry about, and limit, the power of the state more than we worry about the same powers in the hands of lesser actors, but we should be clear that *this* is our objection rather than a Luddite objection to the economies of scale.

3
1

Windows Update borks elderly printers in typical Patch Tuesday style

Ken Hagan
Gold badge

See https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/

Microsoft's current position is that they have four versions of Windows on the go: Insider, Targetted, Semi-Annual and LTS. The last of these is only available if you are an enterprise customer and I'd be surprised if the average SME is so I'll ignore it.

The Semi-Annual was formerly known as Current Branch for Business and is what you ought to be running (even if you are a home user, IMO). *Someone* in your organisation should have a few machines on the Targetted channel, to try to flush out issues like this. (That said, where the issue is a cock-up rather than an intentional withdrawal of a feature, it isn't obvious whether the more stable channel is actually a safer bet.) Microsoft themselves also recommend that any developers in your organisation should have a few machines on the Insider channel, to get even more advance warning of crap to come.

You *could* start looking at whether your software requirements could be met by a platform that wasn't so incredibly user-hostile, but I think we all know the issues there. The bottom line is that if you *have* to use Windows, then you *ought* to be jumping through the above hoops.

6
2

Prosecute driverless car devs for software snafus, say Brit cyclists

Ken Hagan
Gold badge

Re: Fair enough, but...

"Perhaps it's also time they were required to carry insurance?"

The case for compulsory insurance is that motorists can and do kill people when it goes pear-shaped. That's also the reason that only third-party insurance is compulsory.

Cyclists tend not to kill people when they get it wrong, in the same way that pedestrians don't. I'm sure you can find counter-examples of both, but the numbers are so insignificant that society doesn't feel there is a problem to be addressed.

7
5

It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

Ken Hagan
Gold badge

Re: IE and Edge CVEs ????

"Edge was supposed to be the secure and rewritten new browser, without the tons of bloat IE was affected with."

Dunno where you got that idea from. My recollection is that MS described Edge as "IE but with all of the compatibility code taken out, so it *only* handles pages written to the HTML5 standard". I'm not sure if that was actually true, but it was a fairly plausible thing to try and Edge certainly didn't include support for a lot of old stuff like ActiveX and MHTML so I've no reason to doubt it.

0
0
Ken Hagan
Gold badge

Re: WTF?

"I've yet to see a mathematical proof that useful features of programming languages are necessarily also undesirable, but experience suggests a strong correlation."

Perhaps I can help. It's not strictly mathematical, but I can offer a good reason for this.

Nearly all language designers have opinions about good practice and their languages reflect that, making it easy to do the right thing and hard to do the wrong thing. Many languages make it extremely hard to do the wrong thing. (Google for "bondage and discipline", but in the context of languages rather than sex.)

However, language design is not a science and so eventually there is a real-world need for some sort of get-out-of-jail-free card to let you get the job done. Fortran has its COMMON blocks. C has its unions. C++ has its C-compatible base. Assembly language has self-modifying code. Pascal has ... linker compatibility with libraries written in a proper language.

Any sufficiently large programming project will end up playing this card.

2
0

Universal basic income is a great idea, which is also why it won't happen

Ken Hagan
Gold badge

"If you're living in the west, _you_ are part of the 1%."

Interesting take on basic arithmetic you have there. At least half a billion people live in Western Europe and North America, which is nearer 7% of the world population. This is without adding in places like Japan which are not geographically "west" but certainly belong to the western economic model.

The converse is not true either. Quite a few of the world's 1% are despotic scum who have screwed their respective countries for decades.

6
0

Munich council: To hell with Linux, we're going full Windows in 2020

Ken Hagan
Gold badge

Re: Politics is nothing to do with it.

"The facts are as stated - the software they need mostly doesn't exist on Linux"

Whilst I would agree with your point that it isn't *their* job to evangelise Linux but rather to get their work done, I would draw your attention to this bit in the article:

"mail servers, for instance, eventually wound up migrating to Microsoft Exchange"

Really? Bluntly, if you can't even get an email server running, either nobody is trying or there are people in your organisation working behind the scenes to sabotage the whole endeavour. It seems unlikely that no-one in an organisation that large had the skills necessary to get a server up and running, so the only reasonable conclusion is a fifth column.

34
3

The day I almost pinned my tushie as a Google Maps landmark

Ken Hagan
Gold badge

"In what way is this functionally different to uploading the photo to Farcebook and letting them hash it?"

You can't reconstruct the photo from the hash, so if FB only get the hash, they can't "lose" the photo.

7
0

Metal 3D printing at 100 times the speed and a twentieth of the cost

Ken Hagan
Gold badge

Re: er....

"So how long before we see graphene printing instead of metal? "

Using this kind of technology, you're just waiting for a kind of graphene that melts without losing its extended 3D structure. Umm ... don't hold your breath.

6
0

Intel's super-secret Management Engine firmware now glimpsed, fingered via USB

Ken Hagan
Gold badge

Re: Everybody switch over to AMD

I imagine that there *are* people (say, in Russia or China) who *are* now asking whether there is a trusted source of x86-compatible CPUs. And if not, whether there ought to be.

If these people *aren't* asking that question, they aren't doing their job properly.

3
0
Ken Hagan
Gold badge

Re: Tanenbaum?

"The book that half source code."

But his source code was far more interesting than most authors' prose.

6
0
Ken Hagan
Gold badge

At least Java was designed to be sandbox-able.

0
2

Bitcoin drops SegWit2x hard fork after community objects

Ken Hagan
Gold badge

The arrival of significant transaction fees may be a sign that the scheme has now entered its "cashing out" phase, with the transaction fees being the source of real money that the original scammers need to milk before everyone else notices that Bitcoin per se is actually worthless.

7
0

Official US govt Twitter accounts caught tweeting in Russian, now mysteriously axed

Ken Hagan
Gold badge

Re: "Official Government Twitter Accounts"

"They think you must have something to hide."

I'd think of it as an early warning system for "crap employers". They can look for my social media presence if they like, but I wouldn't want to work for them if they are bothered by its absence.

2
0

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now

Ken Hagan
Gold badge

Re: Dear Motorola

Amazon will sell you a used Samsung S5 in good nick for considerably less than 200 quid. (Other tat-vendors are available...) The S5 is one of the most widely used phones with Lineage (https://www.lineageoslog.com/statistics) so it won't just be you if something goes wrong. You don't have to root the phone (https://wiki.lineageos.org/devices/klte/install). If you are particularly doubtful of the procedure, you could try it on an even older phone. The S4 Mini is about a third of the price and also works OK.

I'm citing these two Samsungs because I've actually done it with them. (I haven't looked back.) It shouldn't be taken as an endorsement of Samsung. (I put Lineage on because Samsung's support was so crap.) A glance at the stats will show that other brands also have thousands of users out there and your current handset may even be among them.

Edit: If you do switch, give some thought to how you will transfer things like address books and saved media/messages/etc. Mostly these aren't terribly difficult as long as you plan ahead but are obviously nigh-on impossible after you've nuked the old contents of your storage. :)

0
0

Seldom used 'i' mangled by baffling autocorrect bug in Apple's iOS 11

Ken Hagan
Gold badge

Re: So Apple can't code a simple function?

Throw the code together, No testing or ignored testing. Ship it.

It makes economic sense, right up to the point where your customers, en masse, decide that you are taking the piss with the $1000 price tag and decide to Switch Brand, at which point your company has its Ratner Moment.

So, yeah, consider this a *big* heads-up for shareholders: a computer that can't spell its own name.

5
0

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Ken Hagan
Gold badge

Re: Dunce Cap tip

To enlarge on Alan's comment, where a system asks for both a complete password (which can be hashed and salted) and a few characters from a second set (which probably can't) the point of the second line of defence is that you will be asked for a different selection the next time you log in. This hardens the system against keyloggers on the customer's device because for any reasonable length of the second set, it will be quite a while before the same three are asked for.

4
0

Black Horse Down: Lloyds Banking Group goes TITSUP*

Ken Hagan
Gold badge

Re: There may be trouble ahead

"Well, you are allowed to choose a bank which isn't HBODGE."

Are you? Please identify the bank that hasn't outsourced any of its core competencies.

7
0

Official: Perl the most hated programming language, say devs

Ken Hagan
Gold badge
Coffee/keyboard

Re: APL?

Is that Indus Valley script? Or the Disc of Phaestos?

Icon: I'd need a new one to even begin to type that.

2
0
Ken Hagan
Gold badge

Re: Forth

"My reason was that you could fit the whole system into ~6KBytes (6809) including (simple) disk i/o."

That would make it a fine language to compile into. It says nothing about whether human beings should be forced to write in that language to begin with.

I've used several languages (Forth and the wretched NSIS setup scripting lingo spring to mind) that would have benefitted from an afternoon's work with yacc/lex to put a pleasant syntax on the front. The same goes, incidentally for some command-line tools I could name, whose options take about 20 screenfuls of man-page to describe.

0
0

Car trouble: Keyless and lockless is no match for brainless

Ken Hagan
Gold badge

Re: Door or boot not shut

"Door or boot not shut => car will not lock"

FTFY. The rest is left as an exercise for the reader.

5
0

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Ken Hagan
Gold badge

Re: Ransom demands in BitCoin again

"No big deal. Leaving aside Bitcoin, there are another 1194 (at the last count) other cryptocurrencies."

That's the *easiest* possible loophole for them to close if you point it out, though.

1
0

Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta

Ken Hagan
Gold badge

Re: Great feature!

No. You are the kind of doofus that the feature is designed to obstruct. A computer wiz would have provided sufficient evidence to their sysadmin that the handy little photo editor was legit and should be added to the whitelist.

In the meantime, you've created a nice little sandbox called Documents2 and when you next download some ransomware it will only be that sandbox that gets toasted. "Documents" will be fine.

5
3
Ken Hagan
Gold badge

Re: Doh !

Doh? Really?

Personally I'm delighted that MS didn't just whitelist everything from their own stable. It seems entirely proper that this decision should be made by the end-users (or their admins).

1
0
Ken Hagan
Gold badge

How difficult could it be for you to see the number of false positives this might throw up?

4
0
Ken Hagan
Gold badge

Re: Riiiiiiight....

This is the stuff that Dave Cutler brought to the party, 25 years ago. I've seen various ways of getting the configuration wrong, but I've never seen the configuration not being enforced properly.

If you are a big fan of the original UNIX model then you can stick to that subset, although UNIX doesn't anymore so perhaps it wasn't quite so great.

5
1

Forums

Biting the hand that feeds IT © 1998–2017