* Posts by Peter Gathercole

2924 posts • joined 15 Jun 2007

Spoiling staff with toys could turn against your business

Peter Gathercole Silver badge

Re: BYOD works in some organisations, not that you'd know it from this author

Universities are a completely different kettle of fish to your normal company network. It is defined by BYOD, because the Universities are not capable of providing the number of devices needed by the students.

Basic security in a University is that you have a number of relatively untrusted networks (normally by location) that the devices attach to with fairly basic security (registered MAC address, normally), with island networks containing all of the main University servers with strong firewalls on the borders of the islands that only allow a small number of trusted services through. Within each untrusted network you will have some routing and maybe print services, but any file repository will be in the islands.

Any special access to departmental servers for specialist services is controlled on a device-by-device basis, with increasing levels of control requirements, registration and mandatory patching to allow this access.

In addition, most Universities (AFAIK) operate a blacklist policy where if a device is found to be affecting other users seriously (viruses, deliberate intrusion attempts etc.), it is prevented from connecting to any of the networks until the issue has been resolved to the satisfaction of the University techies, and normally at a fee.

So the networks that the students connect to is much more like the guest networks that companies operate (with a little more security), and the island networks are more like a core company network.

This makes the analogy much clearer, and probably puts the break between the networks in a bit more context.

Peter Gathercole Silver badge

Re: bash the users @Joe

But the flip side of this is that some of the things asked for in a business suggest that the person asking is unable to make sensible choices because of lack of knowledge.

The problem here is that IT don't always appear to understand business, and the Business doesn't understand what is necessary to operate IT safely and securely. That used to be the reason why they set up an IT department in the first place.

It's a balance, but at the moment, IMHO, it's skewed too far to the Business.

Peter Gathercole Silver badge

Re: If you dislike change, you're going to dislike irrelevance even more @gv

That's true, policies do not protect you from these things by themselves. Good people who you know and trust who apply sane access control policies can.

But if things go wrong, at least you can knock heads together, and if necessary sack people if you employ them, rather than having to have to claim against a contract that will probably end up in an expensive court case before it offers any redress.

If you go down a managed service route, then your protection is only as good as the people who your service provider employ, and you have no control over that.

Peter Gathercole Silver badge

Re: If you dislike change, you're going to dislike irrelevance even more @AC

That's all well and good until one of the "poor choices" land the company with some regulatory failure, loss of data, successful hacking event or in extreme cases, inability to function after an unforeseen event (like a disaster).

Even if a company goes down the route of alternative service provider, it is essential that they keep some IT expertise, even if it is only at an architectural level, otherwise the remaining managers who get to chose whether to switch to another alternative supplier (in the case of dissatisfaction with the first one they choose) either run the risk of being bamboozled by whatever marketeers they speak with, or end up having to pay for external consultants, who may (because of self interest) not recommend what the company actually needs!

I agree that IT departments are an endangered species, and not because they do anything wrong, but because they're not saying what the non-technical managers think they should be hearing. Too often, influential managers in companies are more prepared to listen to the salespeople trying to sell snake-oil rather than their own IT people.

It's worrying.

IoT DANGERS: BYOD’s trashier cousin becoming a right tearaway

Peter Gathercole Silver badge

Re: Suggestion

OK, it should not be that simple for an IoT device to join a network. Presumably, you've got WPA2-PSK set up as a minimum for your Mum's network.

So, a new device entering the house cannot even join the network.

So, nothing to do.

Of course, if you've got WPS enabled, then every time you press that button on the router, all your IoT devices that have been denied access to the network so far have an opportunity to jump on to it, but you don't use WPS and have support turned off, haven't you.

Wait. What! you haven't........... And you're allowing uPNP as well!!!!!

Excuse me, I've somewhere else to be.


Everyone's at it: Backup folk spaff out tsunami of cloudy, flashy gear

Peter Gathercole Silver badge

The cloud!

I doubt that any of these companies run their own cloud, so you are vulnerable to any of the companies or their cloud suppliers going bust, pulling out of the market or increasing their price model once they have your data.

I would not bank even on the 10 year retention period.

US court agrees $563m settlement over CRT anti-trust allegations

Peter Gathercole Silver badge

Pity it's US only

I reckon I've bought (new) two large TVs, three smaller TV's, and at least 4 CRT monitors in that time.

Mind you, I'd have terrible trouble finding the receipts now!

Attack of the IT monuments men: Museum wants your kit

Peter Gathercole Silver badge

Re: Museum piece

It must have been a fair few years back!

Intel imagines chips in nappies to create the Internet of sh*t things

Peter Gathercole Silver badge

Two things

Firstly, re. nappies and wet wipes.

You young things got it lucky! My oldest was a child when disposable nappies were, well, crap, and it was still fairly normal to use towelling nappies with nappy pins and rubber pants. It would not surprise me if some of the older commenters were to tell me that even rubber pants were too new.

And wet wipes. Well, a flannel and a bowl of water, which had to be changed after each nappy change was the order of the day. Wet wipes were a huge leap in convenience, so just think yourself lucky!

Secondly, if the technology is disposable like the nappies, is there a problem with exhaustion of MAC addresses here? It they piggyback on WiFi, then there is a finite number of MAC addresses available, so unless they intend to re-use or rotate MAC addresses, this could lead to problems in the future. You would also want to make the things destruct once used to make sure that your bin full of dirty nappies don't give false readings. Maybe the wood derived chips that were in a story last week?

If they're serious, they really ought to use some re-usable sensing and sending technology which was added to a nappy, but this would make it less of an IoT story.

Shuttleworth delivers death blow in Umbongoland dispute

Peter Gathercole Silver badge

Re: It's a shame you two don't get along... @ske1fr

Out of interest, what is your printer?

Is it a Lexmark, or one of the WinPrint laser printer that were popular a while back?

I had problems getting an HP LaserJet 1000 working on one of the older Ubuntu flavours (I think it's Lubuntu - the netbook I'm re-purposing as a print server has a Celeron processor that doesn't support PAE), and ended up having to use the HP provided binary blob.

Dreadful printers outside of Windows, but I wanted a laser printer for a particular purpose, and I grabbed it for very little at a car boot sale!

SpaceX signs off on another successful mission with Pacific splashdown

Peter Gathercole Silver badge

Re: Worm form?

It's not Earthworm Jim that worries me. Let me know if Queen Slug-for-a-Butt or Professor Monkey-for-a-Head are in the capsule!

Milking cow shot dead by police 'while trying to escape'

Peter Gathercole Silver badge

Re: Just for you townies... @lost all faith

The Department of Transport's Driving manual states that a driver should always drive within the stopping distance for their vehicle.

It does not matter if you are driving on a dual carriageway, a motorway or a single track country road, the onus is always for the driver to be able to stop if an unexpected hazard appears.

This means that the police's instance on killing the cow because it was a danger to traffic is really bogus.

If there was really an issue with this, then they should be out culling all of the deer, wild ponies and badgers that are very, very frequently seen on the roads I drive on in Somerset, including A roads and dual carriageways. The number of times I have to take avoiding action, especially at twilight, is almost uncountable.

This was clearly a gross over-reaction by police in a rural area who should really have known better!

Crowdfunded ZX Spectrum revival just days from shipment

Peter Gathercole Silver badge

Re: As a BBC owner...

That's interesting. I knew about the data bus isolation resistors, but did not know what their real function was. I assumed that the Z80 was effectively idling or halted during the display cycle, and also that the ULA was driving the data bus address lines, but what you say makes a lot of sense, and would make the ULA much less complex.

Presumably at the beginning of every display frame or line, there was some form of context save so that the Z80 could resume where it left off after taking an excursion to walk through the display memory addresses.

I'm still a bit puzzled, though. The ZX81 display file was not bit-mapped, so it would have to read each character position 8 times (one for each row of the character), one for each of the 8 horizontal scan lines, so what was being addressed was the index into the character generator table, with an offset to get the correct line. The display hardware would then have to look up the line in the CG table to get the 8 bits to serialise out to the modulator. I suppose the ULA may have been able to buffer 32 characters and serialise them. I'll probably never know!

For any of you who didn't understand the bit of halting at the end of the line, when the ZX81 did not have a RAM pack, it used a collapsed display 'file' (this is what it was called) that only contained the characters that had been written on the screen. Any trailing whitespace (well, trailing unwritten character locations really) on a line did not have memory allocated, so the actual display could be held in as few as 25 bytes if there was nothing on the screen.

In this case, each line of characters on the display would be empty, with just the "end of line" character that Mr Coder mentions. As the cursor was always one character, at least one of the last two lines normally had a single character, leading to the 25 bytes (23 empty lines with just the EOL character, and one with a single character and the EOL character.

It was amusing to see a ZX81 without a RAM pack struggle to reorganise memory every time you added to the display.

Of course, with a RAM pack, the display file was always it's full size.

Peter Gathercole Silver badge

Re: As a BBC owner...

There was nothing particularly cheap about the modulator (well, actually it was probably the cheapest Sinclair could source, but it was the same as fitted in any number of other home computers), but it was not unusual for audio crosstalk in any of the machines of this generation, especially when displaying 'busy' pictures on cheap black and white televisions.

I bought an add-on (effectively a second modulator) which remodulated the signal to include sound, which I fed from a Quicksilver sound board (it has an AY-3-8910), controlled by a number of memory-mapped locations. I used it, along with a programmable character set mod (remember what I said about the I register) to get mine to display and play music. Unfortunately, in slow mode, ZX Basic was more than a bit slow, so there was an appreciable delay in displaying the notes and them playing. But it kept me occupied on dark nights back in 1981 while I waited for my BBC Micro to arrive.

Peter Gathercole Silver badge

As a BBC owner...

I must admit that I'm a bit puzzled as well.

This appears to be creating line 10, which contains the code "GOTO 10", and doing it repeatedly on a single line (the line parser allows multiple basic statements on a single line, separated by colons, and I think it also worked when entering lines of code).

It looks weird, so I think that if it's doing something unusual, there must be a bug somewhere. I don't remember any sort of bug like this in the BEEB, but then again, I didn't do anything like this.

Alternatively, he might be using the arrows and copy key, recursively copying the characters from the line until the maximum line length was reached, at which time the BEEB would sit there beeping at you for as many copy keystrokes as were buffered in the keyboard buffer. But that would not be white noise, which would not actually be that disruptive in a shop, even if it were at maximum volume.

The sort of stupid things that people did were to reprogram F10 (the break key) to contain "OLD:RUN", so that it was more difficult to stop (especially if ESC was also trapped). [CTRL-Break got it back].

My favourite was on a ZX81, writing about a 4 byte machine code program in a REM statement in the first line of the program (and thus a fixed address) that put a value in the Z80 I register (which was used to contain the high-byte of the address of the character generator table), which led to the screen becoming scrambled. You could tell something was there, everything worked OK, except that you could not read any of the characters,

Pi based kid-nerdifier Kano buried under freak cash avalanche

Peter Gathercole Silver badge

Re: Radionics`- Phillips

Maybe mine was older. The page here suggests that the kits were not originally made by Philips, but later marketed by Philips. Possibly Philips bought or licensed the design.

IIRC, the box for mine looked very similar to the one in the background of this picture

Peter Gathercole Silver badge

Re: Radionics`

I had a Radionics set when I was about the same age. I don't remember it being made by Philips, though.

I don't actually know what happened to it. It's probably still buried in a box in my Father's loft. I remember that I used to burn out the transistors, and soon became proficient enough with a soldering iron (while repairing the component blocks) to no longer need the kit! So a double whammy learning experience.

Inside the guts of Nano Server, Microsoft's tiny new Cloud OS

Peter Gathercole Silver badge

Re: No GUI? @Jon_Boy

I doff my hat to you, sir.

That is clearly a much better backronym, and makes my suggestion pale into insignificance.

Peter Gathercole Silver badge

Re: No GUI?

I was actually thinking something like Decluttered Operating System. There's something about MS DOS as an acronym. I can't quite put my finger on it.....

And then you could also have the client OS for phones and tablets. I don't know. Something like Phone Compatible Decluttered Operating System.

Peter Gathercole Silver badge


With no GUI, we should really stop referring to it as Windows.

2016 might just be the year of Linux on the (virtual) desktop

Peter Gathercole Silver badge

@P. Lee

Visio is a stunning example of how a large organisation manages to adversely and unduly influence rival systems.

There is nothing inherent in Linux that would prevent it having a Visio replacement. And there is nothing that would prevent someone from producing commercial software to run on Linux. What prevents it is the self maintaining mantra that "Visio is not on Linux, so Linux is not suitable for the desktop; without Linux on the desktop, commercial software for Linux is not economically viable to produce because it has no penetration".

It is not necessary for a suitable piece of software to be written for free by volunteers, and LGPL is sufficiently relaxed that you can use most of the application development tools without being bound by the full GPL.

The problem that Microsoft exacerbates is that they deliberately make it very difficult to write software that is file and feature compatible with Visio, and supports this by pushing Visio as being necessary software in office packages.

But please ask yourself this. How many Visio licenses does an organisation have? Probably relatively few, as it's quite expensive. The people who use it are the only people for whom Visio is a show-stopper. Everyone else does not have this excuse not to use Linux.

Of course, there are plenty of other Windows packages that you can make the same argument about. But answer me this. How many times is a monoculture (or a monopoly, if you want to put it a different way) actually a good thing? If there was no chance that another OS could take over from Windows, can you actually believe that Microsoft would not start gouging their customers more than they currently do?

I wonder how much the cost of The Ribbon interface, or the switch from XP/Vista/7 to Windows 8/8.1/10 was/will be for users and administrators? As much as the switch to Linux? Who has actually costed out the full impact of Microsoft changes to business?

Peter Gathercole Silver badge

Re: An alternate Why? @P. Lee

I'm not sure you've understood what I've suggested.

"Multiple users running SAMBA on the same host"??? This is not what I suggest (and I would certainly not make them automount for each user)

If you have your shares arranged in a suitable manner, you have one (or a small number) of shares mounted and 'shared' between the multiple concurrent users of your large Linux machines, and let the normal file permissions secure the files. In terms of the SMB server, it's probably less demanding to have one share per several users, rather than one per user, and almost certainly less resource hungry on the client side.

I'll accept your point about the Internet and public cloud. My suggestion is really all about private infrastructure, not public.

VNC is not actually that much better than X in terms of network use (it's swings and roundabouts, some things are more efficient, some are drastically less efficient), and it is probably much heaver on the shared Linux server as it has to maintain multiple virtual X servers, one per user, rather than just the clients it would need if it were using the remote X server on the desktop machine. And when using VNC, I often find it much slower and full of display artefacts than native X11.

I'm not suggesting using Linux VMs on a per user basis. I'm proposing single (or a small number - possibly VMs but better on separate hardware for resilience) of large Linux systems, with multiple users using them at the same time

Peter Gathercole Silver badge

An alternate Why?

Bearing in mind that UNIX/Linux and X11 has always been network capable, I have to ask Why? but from a different perspective.

Configure your humongous server as a single Linux machine (or a small number of large machines). Put a thin deployment Linux distro on the desktop machines, running XDMCP or a modern alternative. Configure for the X11 sound extensions on the thin clients. Manage the single system for multiple users.

You have multiple thin clients with no user local storage and a single system image on the large server to maintain. And none of the Citrix infrastructure or costs.

I know I'm playing devil's advocate here, but this is the tradditional way of managing shared UNIX systems.

Rackspace in Crawley: This is a local data centre for local people

Peter Gathercole Silver badge

Encryption @Lusty

If you were just using cloud storage, such that the data was being encrypted as it left your site, and decrypted as it entered your site, this may work.

Unfortunately, if you actually processed any data in a cloud service, it would need to be able to decrypt and encrypt the data as it was used, requiring the encryption keys to be on cloud servers themselves, and thus as vulnerable to being snaffled as the data itself!

So, unfortunately, encryption is not the answer to all the issues.

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs

Peter Gathercole Silver badge

Re: IOMMU? @Bronek

My main career focus recently, AIX on IBM Power servers has been providing virtualised I/O, with the hypervisor doing all of the basic device manipulation, and the communication from the hosted OS being handled by virtual devices for close on a decade (the main features were implemented in Power 5 systems running AIX 5.3, although basic LPARs and mapped/guarded device control was in earlier hardware and versions of AIX), so I do understand how a hypervisor can sanitise device access.

I also understand service Virtual Machines and also quite a lot about how I/O MMUs and the associated CPU MMU features work, included how nested page tables and hardware protection rings are implemented. There may be some novel aspects of controlling access to particular adapters/busses at a hardware level that is unique to Intel hardware, but although that appears to be the main function of Device Guard, it was not how the article was presented.

I was working on Virtual Machines using a hardware hypervisor on Amdahl mainframes (running UNIX) with device and memory page level hardware protection back in the late 1980s, so very little of this is new to me.

It is not me that is confused, except possibly about the way that the article was written.

Peter Gathercole Silver badge

Re: Kernel has control

In machines running type 1 hypervisors (I'm going to use HV because I'm tired of typing "hypervisor"), the kernel very rarely "gets the rest". Once you start slicing and dicing with a HV, you can have as many OS images as the HV and the hardware MMU supports, and each OS only sees the bits it's given access to by the HV.

This is the very nature of Virtual Machines. In some implementations, the OS does not even have to know it's running in a VM, as it's given what it thinks is real-mode access to it's own virtual address space, so it does not even know that other VMs and OS images exist on the same hardware, let alone be able to see or tamper with their memory.

Peter Gathercole Silver badge


I'm sure that there are aspects of this that I haven't appreciate, but from the Minix paper on IOMMU, I really cannot see how this specific feature provides the protection.

IOMMU is not a new concept. It's there to allow bus attached devices controlled access to the real memory address space of the machine for DMA type transfers. I first came across a feature to implement this was in the Unibus I/O address mapping system (Unibus map) in 16 bit PDP11 computers with 18 and 22 bit addressing extension back in the 1970s. The basic concept is to allow an I/O adapter controlled access to part of the main system memory in a way that does not allow access to bits outside of the control.

In that implementation, the OS set up the Unibus map for the I/O (Most Unibus devices were only 16 bit capable, so they needed a translation mechanism to be able to write outside of the first 64K of memory), and the DMA then occurs (it was more simplistic then, because there were no overlapped I/O operations, so differed I/O operations requiring the state of the UNIBUSMAP to be saved through context switches were not an issue). The protection offered was actually a side effect of the mechanism. This gave protection from rogue Unibus DMA transfers, but left control in the hands of the OS.

This is what is described in the IOMMU Minux paper, nothing else.

In order to implement something like this to provide protection from from the OS itself, it is necessary to have the checking code in a higher protection ring than the OS. This is normally reserved for type 1 hypervisors, and the capabilities for this have existed for many years. It would have been perfectly possible to add this type of function to the hypervisor or to a service VM running parallel to the OS, so the OS makes a hypervisor call to check the validity of, well, pretty much anything at all including checking the cryptographic signature of new code. In this way, running Device Guard as a service VM controlled by the hypervisor rather than the OS means that it cannot be tampered with by anything in the OS. This is what I think Device Guard actually is, supported by the statement "with its own minimal instance of Windows". Make the hypervisor and Device Guard also signed by UEFI, and it's pretty difficult to tamper with the system as a whole.

Of course, VM segregation requires an MMU and an appropriate security protection ring, and it is possible that this is why there is some confusion about which part of the MMU is providing the protection, but IMHO, it's not the IO function of the MMU described by the Minix paper, more the general features of a VM capable Memory Management Unit. It's probably the Extended Page Tables feature that is actually required for Intel processors.

This is the type of thing that IBM have been doing in their mainframe operating systems running under VM (the mainframe hypervisor product) or PRISM for many years. As I understand it, the RACF security system runs in a separate VM to provide additional security.

The data centre design that lets you cool down – and save electrons

Peter Gathercole Silver badge

Re: Dealing with the waste heat

When I was at University in the late 1970s, the heat generated by the s360 and s370 was fed into the heating system for Claremont Tower in Newcastle.

Nothing is really new any more.

Peter Gathercole Silver badge

Re: Sooo out of date!

I don't understand the issues with water cooling and humidity.

The water is totally contained in sealed pipes, so there is no chance of it entering the data centre atmosphere.

In the case of the PERCs systems, there are actually two water systems, one internal to the frames which is a sealed system with the requite corrosion inhibitors and gas quenching agents , and the other a customer water supply, with heat-exchangers between them.

The only time water can get into the air is if there is a leak. Where I work did have a leak at one time, which was caused by cavitation erosion to the case of one of the pumps. but that is one minor leak in the six years I've worked here.

Peter Gathercole Silver badge

Re: Heat pipes @AC

If you were referring to 'fabric' chips in my earlier comment, they are a little bit like what you might describe as "northbridge" or "southbridge" chips in older Intel servers (although only in concept, not in the detail). They provide the copper and optical interconnect to glue the components together into a cluster (both external network, and internal processor-to-processor traffic), and also the PCIe and other peripheral connections.

I could have called them Host Fabric Interconnect (HFI) or maybe Torrent chips, but that would probably have been even less meaningful.

Heat pipes are not ideal. Because of the way they are constructed, they are very sensitive to leaks, which because of the critical partial pressure within the pipe, render them useless almost immediately once a leak happens. I think that the distance that they can move heat is limited.

I've seen far too many laptops that rely on heat pipes overheat whenever they've been on for any length of time because the heat pipes no longer function properly.

Oh. By the way. Proper mainframes don't run Windows!

Peter Gathercole Silver badge

Sooo out of date!

Put some water provision in the data centre. Water is a much better medium than air to extract heat, and it is much more efficient to scavenge heat from water for things like the hot-water in the handbasins in the restrooms than it is from air (although it does depend on the exit temperature of the water).

Use water-cooled back doors. It takes significant amounts of the heat away before it even enters the airspace. Even better, put them both in the front and back, so the air enters the rack cooler than the ambient temperature, and gets any heat that is added taken out as it leaves the rack.

I know I've said this before, but look at the IBM PERCs implementation. Water cooling to the CPUs, DIMMS, 'fabric' chips, and also in the power supplies. There is still some air cooling of the other components, but from experience, I can say that these systems actually return air back to the general space cooler than it went in!

There are some really innovative things happening, much more than just the decades old hot-cold aisles, hanging curtains and under-floor air ducts.

DRONE ALONE: US Navy secretary gives up on manned fighters

Peter Gathercole Silver badge

And thus were The ABC Warriors born...

I can't actually remember any quotes. Must dig out my original collected editions.

Rand Paul puts Hillary Clinton's hard drive on sale

Peter Gathercole Silver badge

Re: Never came across SASI.

80MB of disk! Luxury.

The first UNIX system I was sysadmin for had 2 x 32MB SMD disks and 1MB of memory (although the disks were short-stroked, and we eventually persuaded the engineers to remove the limit, doubling the available disk space).

The first UNIX system I used was a PDP11/34 with 2 RK05 (2.5MB removable disks), and a 10MB Plessey badged fixed disk that was about 10MB. When I first logged on in 1978 it had 128KB memory, although that was max'd out to 256KB later, it was running UNIX Edition/Version 6 originally, although V7 (with the Calgary mods to allow it to work) was installed later, and supported 6 Newbury Data Systems glass teletypes (not screen screen addressable, so no screen editors) and 2 Decwriter II hardcopy terminals. And it supported a community of about 60 computing students, and was permanently short on disk space!

Peter Gathercole Silver badge

Before SCSI, I was using ESDI and (E)SMD disks. Never came across SASI.

Peter Gathercole Silver badge

Re: Email servers - @Peter Gathercole

Yes, you're right. I was indulging in rose-tinted glasses. Life was much more simple then (as long as you didn't have to configure sendmail rules by hand), and I really miss those days.

Most users at that time would probably be using their modem-attached microcomputers as termials to either their work place or a bulletin board.

User data on the multi-user systems was also backed up normally (users tend to get a bit irate if a system failure wiped out their files, including their mail), so control of their data was never totally in their hands. Even if they deleted the mails, they may exist on backup tapes, and most users had absolutely no idea about how long the backup regime would keep copies of their files.

At one point I was a system owner as defined by the original UK Data Protection act. I was petrified of a request to amend all copies of some incorrect data, because I had no idea how to edit the backup tapes that I kept for significant amounts of time. I was told that there was provision for this in the act, but nobody told me what it was!

Peter Gathercole Silver badge

Re: Email servers

It depends whether you mean an MTA, MDA or MUA.

Really traditionally (in the days of UUCP mail), the MDA and the MUA were often the same system, quite frequently a multi-user UNIX system, and the mails often remained on the system in peoples own mail folders. It was only the MTA that only kept a transient copy of the mail, and in the very early days, a single server was often MTA, MDA and MUA all rolled together.

The first time I really encountered what would be regarded as a pure MTA was a system called IHLPA at AT&T Indian Hill, Chicago, which seemed to act as a UUCP mail router for pretty much the whole world. If you remember routing UUCP mail, you can't have failed to notice ...xxx!ihlpa!xxx... somewhere in the mail route.

But that was a long time ago.

Radio 4 and Dr K on programming languages: Full of Java Kool-Aid

Peter Gathercole Silver badge

Re: This is exactly the problem

Thumbs up for Earth Story. It's an excellent example of a cross-discipline scientist (Aubrey Manning, a zoologist who was sufficiently interested to learn about geology, and how the change to the Earth conditioned life) who has very good presentation skills.

I particularly like the description of the Long Term Carbon Cycle on one of the later episodes which comes up with the conclusion that in geological time scales, our knowledge of climate is pretty much informed guesswork.

I really wish there were more TV series like this.

Welcome to the FUTURE: Maine cops pay Bitcoin ransom to end office hostage drama

Peter Gathercole Silver badge

Re: Wouldn't fly in my office @Crazy

Um. How would this have helped in this case?

Presumably, all the users must have access to the file servers in order to copy the files there. And I'm guessing that these shares are mapped all the time.

So the malware follows every path it has access to, and encrypts all of the files it finds. This includes the files on the hot file server.

How is this the fault of any individual (apart from the person clicking the link)?

Having on-line copies on permanently mounted shares is no protection from this type of malware unless one of the following is true:

1. The copy is made by a high-privilege task that puts the copies in an area of the file servers that general users who may run the malware cannot write to.

2. The copy is made to worm devices, which do not allow files to be overwritten or deleted, just new versions created.

Even having the backups done by a high privilege task is not perfect unless there are some form of multiple versions kept, as it may be overwriting good data with bad. You've still not prevented the problem, and you've said as well as an (singular) offline replica, and the server is continuously wiped and rebuilt from the backups, which would imply that if the problem goes undetected, one backup and restore cycle later, you're still screwed.

It strikes me that there is a general failure of file sharing in many organisations. There ought to be a much finer granular permissions system, where a user only has permission to write to the parts of the file store that they need to for their job. This would prevent wholesale encryption of the data, but would not completely solve the problem.

Couple this with a proper off-line backup system (where the malware cannot overwrite the media, because it's not writeable by ordinary processes, either by permission or because the media is physically unavailable), which keeps copies of various ages (daily kept for a week, 1 copy per week for 6 weeks, 1 copy per month kept for an extended period, for example). Or use a managed backup solution with offline media that keeps multiple versions (TSM, Arcserve, Amanda etc.)

In the medium and large systems environment, this is a well established process. I'm sure I preaching to the converted here, but the lesson just does not seem to sink in to some SAs.

I know that the amount of data that kept is now quite huge, even for relatively small organisations, but it seems to me that the current some of the current IT world have totally ignored the best practices of previous generations.

This may be, of course, because the Management and bean counters are allowed to squash the required good practice because of cost, and over-ride any suggestions from their experienced technical administrators (or engineer them out of the company), in which case they (the management) should be held entirely responsible.

Oh. And seriously control the ability of the users to run any code, trusted or untrusted directly from web-pages or emails. At least make it a two stage process where they have to download it first, and then explicitly execute it. It's not much protection, but it will prevent casual click attacks, and as it's an explicit action, means that it is easier to discipline the culprit. This should extend to scripts in any language.

Microsoft, Getty settle image snatch 'suit

Peter Gathercole Silver badge

Re: Eddor meets Ploor

The Eddorians were the top of the bad pile. They were introduced in the books earlier because the whole premise of the story arc was that the struggle between the Arisians and the Eddorians was of necessity fought by proxy through the subordinate organisations each of them created, because neither the Arisians nor the Eddorians could defeat the other directly.

The struggle was basically between the side that would hold on tightly to the reins of power, and the one that which would hand on control to those who were more capable, whose creation was necessary to completely defeat the other.

It is necessary to think in terms of the entire story line, from Triplanitary through Children of the Lens (forget The Vortex Blaster, that really wasn't part of the story line, and was a great disappointment when reading the last books in sequence for the first time, because at the end of "Children.." you thought that you still had one more super-epic story to go).

The point that Smith was trying to make was that The Evil could not see it's own limitations, whereas The Good embraced their own limits, even when it would lead to their own demise. The fact that each layer on the bad side thought that they were the top suited the episodic nature of the books, and allowed the story to get progressively more epic with each book. I still feel that it would be possible to produce films based on the books that would suit the effects-led film industry that we have.

In my view, the sequence of films should start with the story in Galactic Patrol, with possibly more than one film per book, and the stories in Triplanitary and First Lensman interwoven as 'prequel' films.

In my formative years, the concept of the stories seemed so simple. It's a shame "the real world" is not like this.

Tech troll's podcasting patent blown out of the water by EFF torpedo

Peter Gathercole Silver badge

TLDR - properly.

I've just skimmed the patent, and it really is a load of guff.

The text talks about everything from the storing and indexing of the files on the source server, through transmitting it to a media device, and sow to the level of describing "prev", "next" and menu keys on the device.

It's so difficult to work out that is novel in the patent, and that was not prior that the person filing it should really have been made to strip it down to what was really the nature of the innovation. You would have to wonder the thought process of the person who originally accepted the patent at all, but then again, I don't really know the process.

+5 ROOTKIT OF VENGEANCE defeats forces of gaming good

Peter Gathercole Silver badge


My comment was not meant for you, more at the Perl developers who wrote the "pop" function referred to by the AC who suggested it for the origin of the meme.

I never had any doubt that you know what a stack is!

Peter Gathercole Silver badge

Re: "kernel driver providing a rootkit-like functionality to hide activity"

I'm seriously losing faith in the people that work in computing.

Who in their right mind will take a concept like 'push/pop', which have traditionally been used to work on a stack or a fifo or other buffer-like construct (maybe), and then applies it to an array?

Looking at the Perl document referenced, it looks like it is used on a one-dimensional array, like an argument vector, but that still appears to me to be a serious misuse of a previously used term!

Peter Gathercole Silver badge

Confusing paper

I'm a little confused. I understand that this is a client-side attack on the games, and as such, it's pretty obvious that it is possible to modify the client machine, which is totally in the cheater's control, to do all sorts of things to manipulate the game and prevent the anti-cheat code operating. After all, with this level of access, you could do anything, including (for open systems) running their own kernel. There ain't no way that a user-land anti-cheat system is going to prevent that.

But looking at the paper, at one point they are talking about Direct3D and DLLs, which is mainly Windows terminology, and then they dive of to describe a Linux attack. Maybe they are trying to show that problem spans OSs, although I did not see a reference to that.

There is another way of preventing this type of attack, although it brings back something that I was hoping was dead.

If the hardware/OS/games are created using the generally hated (at least here) concepts proposed by Trusted Computing Group (previously known as the TCPA and the previous Microsoft Palladium project), it would be possible to implement a hardware and software stack that would prevent client side privileged access to the system unless it was signed by a recognised key. This would at a stroke prevent almost all of this type of client side attack, but at the same time would wrest almost total control of a machine from it's owner, making it a data appliance rather than a PC.

Because the detail in the paper is so scant, it looks to me like it is a scaremongering piece to bring security back into focus, to try to allow vendors of software to take more control of the PC away from it's owners.

Where's the tin-foil hat. I think I need it now.

Saudis go ape, detain Swedish monkeys at border

Peter Gathercole Silver badge

Re: Thank gawdess the poor little critters didn't get shipped! @Jake

The Al Saud regime are actually wanting to be more moderate. According to a recent article on the BBC Radio 4 "Today" program, The Al Saud family have no control over the judiciary in Saudi Arabia, which is controlled by a council of quadis (religious clerics), totally independent from the King. This body implements and maintains Sharia law in the country, and is generally understood to be the main reason why Saudi Arabia has widely publicised harsh sentencing for certain crimes.

This situation has come about because of concessions King Abdulaziz Ibn Saud (the founding father of Saudi Arabia) made with the Islamic clerics of the day in order to maintain control of the tribes he conquered in the early part of the last century to found the country.

The only area where they overlap is in the final appeal process, which goes to the King. But it is generally accepted that the King has limited leeway in overturning any judgements of the courts, because of the fear that the Royal Family could be ousted from their current position by the rest of the government, particularly the judiciary. And there is a looming problem in that they are running out of sons of King Abdulaziz to become King (the title has moved sideways through one generation of the family by prior nomination from the recently deceased King, rather than down through the younger generations like most Royal Houses). When the current King dies, there may well be a dispute about the next King.

If there is a dispute, the situation in the Middle East could well get so much worse, as because of the House of Al Saud, Saudi is one of the few stable western-leaning countries in the region, even if it does have some undesirable aspects.

As in so many things, the situation is not as simple as portrayed by the media, particularly that in the US.

It's a shame that the lessons of a century of marginal British colonial policy in the Middle East have been ignored by the western governments since the second world war, as it was clear at the end of the Victorian era that the best thing that can be done was to stop interfering, and accept these people will find their own form of government. If that had been allowed to happen, we would probably have a much more stable and moderate region that wanted to co-exist with western countries, rather than the fragmented reactionary religious mess that we currently have that wants to tear down and conquer The West and their allies in any way possible.

IBM claims new areal density record with 220TB tape tech

Peter Gathercole Silver badge


Yes, its true that HSM has been around for ages, but it's much better integrated now, with the arrival a few years ago of LTFS, which enables the tapes to be standalone (file metadata is stored on the tape with the files themselves) and portable between systems while still being able to form part of an HSM solution.

It's actually quite a cool innovation, if you can work out how to use it.

Of course, it does not prevent you using recent generation LTO tapes and drives as raw data storage under the control of, say, TSM.

iOS, OS X apps sent into infinite dizzy DoS by this one weird kernel bug

Peter Gathercole Silver badge

Re: Documentation has always been iffy for unix system APIs @boltar

TCP includes flow control, which should prevent this on a connection-by-connection basis. It is possible that you could create so many connections and fill them up to exhaust mbuf or other buffer use, but there are normally mechanisms that refuse connections if the target system is running short of resource.

I can't see OOB data being handled any differently.

There are also time-to-live timeouts on the packets, which normally mean that stale packets are discarded once they reach a certain age, to prevent the never read scenario.

Peter Gathercole Silver badge

Re: Documentation has always been iffy for unix system APIs @boltar

It depends how far back you go.

If you look at the UNIX Version/Edition 7 man pages (admittedly much simpler than modern UNIXes), then they documented the behaviour of the system much more completely.

More recently (last thirty years or so), features have been added and copied to each UNIX (often reimplemented from another UNIX) implementation without the correct emphasis on the documentation. And don't get me started on the appalling state of Linux documentation, especially the complete abortion that is the man page/info system that appears to suggest that the documentation has been written, when in many cases, it hasn't.

Only yesterday, I realised that the both the AIX and Linux man page for tail do not include in either the prototype or the description the tail -200 filename type operation (it's deemed obsolete in POSIX V2, but still works, and I've been using it without thinking for 30+ years). This obsolete use is described in the Linux Info article on tail invocation, but not in the man page (RHEL 6.5).

What books allow are practical examples of how an interface is used, so that (lazy) programmers can crib other people's work without having to find out for themselves.

Not that I think that is a bad idea! I think that a lazy streak (of the right kind) is an essential feature of a good programmer or system admin. It encourages finding out how to do things efficiently, saving time and effort later.

Operation Redstone: Microsoft preps double Windows update in 2016

Peter Gathercole Silver badge

Re: Subscription model?

Just to make sure people know my position so they can get their whinges out of the way first, I'm almost completely Microsoft free on my own systems. But that does not mean I do not have to consider Windows, as my wife and children all have Windows systems that I do not use, but which I am expected to help with (and pay for, in the case of my wife). I'm also playing devil's-advocate, because I am completely speculating here, and am hopefully completely wrong.

I still see nothing that conflicts with there being a subscription model license in the pipeline. Take the statement that Windows chief Terry Myerson made in February (lifted from here)

"we will continue to keep it current for the supported lifetime of the device – at no additional charge"

Notice what it says and does not say. It says no additional charge, not no charge. And also note the supported lifetime of the device.

So, you've got a subscription model license for, say, £60 per year. You're going to get updates and upgrades without paying another penny. But you are still paying the £60 per year. His statement is correct, but leaves sufficient wiggle room for a subscription model.

It also does not rule out there being a one-time-purchase option, either.

Let's look at it another way. Let's suggest you roll up to PC World next time you want to get a new PC. On offer are two Windows options for a particular PC. One is a subscription model, initially free for 6 months, and then £60 per year, and the other is a £300 up front purchase (equivalent to 5 years of subscription) for a non-transferable license (not transferable to another system, or another owner) for the lifetime of the system on top of the price of the hardware. Hmm. Interesting choice.

I can see many, many people opting for the subscription model merely so they can get the system home with the minimum outlay. It's the same reasoning behind the £40+ monthly contract to get the latest shiny phone.

I chose 5 years in this example, because it would probably be expected that devices will not last more 5 years and still be usable. If they were wanting to seriously skew it in favour of the subscription, it could be made more than that. Of course, you would then have the question of how much a device can change and still be the same, although the expected movement to more integrated systems with fewer upgrade options could easily close that off.

I think there are some very carefully worded statements coming from Microsoft. As I say, I hope this doesn't happen.

Mind you, if you take the subscription model machine, dump Windows completely and do not follow up on the subscription, then we (the Linux community) will finally have got rid of the Windows Tax, and maybe MS will have lost the lever that stops Linux being installed by the system builder.

Can you recover your data if disaster strikes? Sure?

Peter Gathercole Silver badge

Whilst I agree with you, and don't condone cloud services myself, it is becoming quite clear that the cloud pundits are singing a song that the beancounters of this world want to hear, even while not understanding it.

It is inevitable that the steam-roller of this technology will flatten a large part of the corporate IT world, whether we want it to or not. It is happening quicker that I am comfortable with, because it is affecting my livelihood in a way that I will need to change what I do, something I don't relish at my age.

But the article does make some quite valid points. If you find yourself working in a cloudy environment, then a lot of the advise in the article make a lot of sense.

I hope that some of the wisdom gets as far as the people holding the purse strings.

Is there a "Cloud services for Dummies" yet, because we sure as hell need one.

Biting the hand that feeds IT © 1998–2019