* Posts by Phil Endecott

680 posts • joined 29 Nov 2006

Page:

Scottish brewery recovers from ransomware attack

Phil Endecott
Silver badge

“Barry Shteiman ... said ... If the downtime caused by data being unavailable, or by the backup restoration process, is more expensive than paying the ransom, then organisations should pay.”

Mr Shteiman is overlooking the wider effect on society of paying.

Perhaps, if he really believes in this selfish “only our bottom line matters” attitude, we need to tell him that we’ll boycot businesses that pay ransoms.

Does anyone have a list of businesses that have admitted to paying ransoms?

0
0

Microsoft reveals train of mistakes that killed Azure in the South Central US 'incident'

Phil Endecott
Silver badge

Re: RE: asynchronous nature of geo-replication could have led to data loss

I have geographically-distributed replicated postgresql databases in AWS.

It is my choice whether that replication is synchronous or asynchronous.

Is there something inherently different about Azure?

1
0

A basement of broken kit, zero budget – now get the team running

Phil Endecott
Silver badge

Re: HMSO

You know those graphs showing how economic productivity has not been rising like it should have?

All these anecdotes are why.

7
3

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

Phil Endecott
Silver badge

Re: 1 - 2 - 3 - Not it!

> It's in the EULA that you didn't read.

But did Apple’s reviewer read this EULA for us?

7
0

Go Pester someone else: TSB ditches CEO over bank's IT meltdown

Phil Endecott
Silver badge

> we're putting it in a TSB account

Maybe he’ll sit at his computer watching the balance fall, £1000 by £1000 as fraudsters pilfer it, waiting to get through to the fraud team by phone.

6
0

Apple to require privacy policy on all apps

Phil Endecott
Silver badge

How about this:

This app doesn’t collect any data.

15
0

Teardown chaps strip away magic from Magic Leap's nerd goggles

Phil Endecott
Silver badge

If anyone’s curious about the processor module, here’s something to read:

http://linuxgizmos.com/nvidias-new-jetson-tx2-module-runs-linux-on-tegra-parker-soc/

I think It can be passively cooled with a big heatsink, but presumably a fan is lighter.

3
0

Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

Phil Endecott
Silver badge

I imagine they could ship it in “Non-free”.

(Edit: maybe not; the restriction is on distribution, and for example the operators of all the Debian mirrors cannot be said to have agreed to those terms.)

20
0

Google shaves half a gig off Android Poundland Edition

Phil Endecott
Silver badge

Re: New El Reg UoM?

> A punch card can hold about 80 characters or 10 bytes.

Nope, try again.

4
1

Here's a fab idea: Get crypto libs to warn devs when they screw up

Phil Endecott
Silver badge

This doesn’t seem all that smart to me; it’s easy to add code to check if the caller has asked for DES rather than AES, but much harder to check if they have handled exceptions or error return values correctly. That really needs some sort of static analysis tool.

4
0

Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

Phil Endecott
Silver badge

> and iPhones that even if you go into your smartphone's

> settings and turn off "location history", Google continues to

> snoop on your whereabouts

How do they do that on iOS?

Edit: the Android analysis was by the Princeton researcher; the iPhone result was by the journos at AP.

4
3

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Phil Endecott
Silver badge

> Is anybody actually using it?

Apparently yes; one of the screenshots I noticed in the PDF is from a live system with patient details redacted.

1
1
Phil Endecott
Silver badge

Fractal of fail

People are using PHP for a medical records system?

WTF?

13
1

Tech Shutdown Blows: IT chaos cost Brit bank TSB almost £200m

Phil Endecott
Silver badge

> 26,000 customers switched their bank account from TSB,

> but more than 20,000 customers opened a new account

Do you trust those numbers, if they come from this trainwreck of a new IT system?

39
0

Python creator Guido van Rossum sys.exit()s as language overlord

Phil Endecott
Silver badge

Re: Reinventing a more limited wheel

> results = [(x, y, x/y) for x in input_data if (y := f(x)) > 0]

That would surely be much more understandable in multiple lines:

vector<T> results;

for (x: input_data) {

auto y = f(x);

if (y > 0) results.append( make_tuple(x,y,x/y) );

}

...if that’s what it actually does....

0
0

No, seriously, why are you holding your phone like that?

Phil Endecott
Silver badge

OVER

Do they have to say OVER when they move the phone from mouth to ear?

6
0

Gemini goes back to the '90s with Agenda, Data and mulls next steps

Phil Endecott
Silver badge

How is the Debian support coming along?

3
0

Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn't even know it

Phil Endecott
Silver badge

They seem to be worried about apps that include libraries, and those libraries can read the screen that the app itself is presenting.

If I’ve understood this correctly, I think it’s a non-issue. App developers using 3rd-party code in their apps need to trust that code. If they don’t trust it, it could do anything. (In principle you could have another level of sandboxing between libraries and the main app code, but that’s not something that any OS I’ve ever seen does.)

iOS would be vulnerable to essentially the same issues.

1
0

We just love small firms, screams UK.gov after palming AWS UK £4.1m

Phil Endecott
Silver badge

> According to AWS I am now a part of AWS Europe and not AWS UK.

“AWS Europe” is a group of national entities. Your bills will come from AWS UK.

0
0
Phil Endecott
Silver badge

It may be different for government users, but AWS are in the process of moving UK users from being customers of “AWS Inc” to being customers of “AWS UK Ltd”. I’m not really sure why; it doesn’t materially change e.g. the VAT position.

0
0

Thanks for the happy memories, Micron – now beat it, says China: Court bans chip sales

Phil Endecott
Silver badge

Re: People’s Court

Not sure about oxymoron, but it certainly has an issue with it’s apostrophe’s.

6
1

Painful truth: DNS, CDNs and CAs are Achilles' Heel for top websites

Phil Endecott
Silver badge

Re: Raining CloudFog

This isn’t about “cloud”; a self-hosted website still needs DNS, CAs and possibly CDNs and is equally vulnerable to their failures.

13
2

Oracle Linux now supported on 64-bit Armv8 processors

Phil Endecott
Silver badge

Re: Where is the Oracle Instant client for ARM ?

“rants about ARM devices and non-discoverable buses. I'm guessing that nothing yet has changed in the world of ARM SoCs to change that state of affairs.

Whatever its faults, PCI is discoverable.”

ARM servers, if they ever really come to exist at all, will almost certainly use discoverable buses like PCI and USB in much the same way as x86 servers do.

For other devices more tightly coupled to the processor they’ll tend to use ACPI, again in much the same way that x86 servers do.

The nondiscoverable rantyness is largely for devices like phones, tablets, TV boxes etc. and (unfortunately) many of the “hacker” boards that are built using the same chips. The problem should largely go away for server systems.

0
0

Buttonless and port-free: Expect the next iPhone to be as smooth as a baby's bum

Phil Endecott
Silver badge

Re: New Apple invention :)

> Also could it be set to work in reverse so users have to

> ability to warm a bagel on a metal phone cover?

Yes, I’m sure you could inductively couple into a bagel or a ring doughnut if it were sufficiently conductive.

Of course non-ring-shaped food items would be more difficult. Perhaps it would create a market for ring-shaped Cornish pasties? Just avoid curly-wurlies - I reckon that “ladder” topology would act like some kind of voltage multiplier...

6
0

BOFH: Got that syncing feeling, hm? I've looked at your computer and the Outlook isn't great

Phil Endecott
Silver badge

Re: What great timing

> What was supposed to be an edit somehow turned into a second post

Really! That’s quite worrying; it could be a bug that’s affecting other users too. Did you post from your phone, or a computer? Whichever it,was I think you’d better hand it over so we can investigate properly.

33
0

Qualcomm to keep server CPUs but avoids head-on Intel battle

Phil Endecott
Silver badge

“x86 compatibility”

> “It’s very clear to us that the ARM opportunity is focused on a

> few players where you don’t have the software x86 barrier to entry,”

Few players? Apart from Windows, who needs this “x86 compatibility” that they’re talking about?

Multiple Linux distributions run absolutely fine on ARM (and have done for years), including everything you need for a web stack - databases, interpetted and compiled languages, server applications etc. etc. I’m personally using a mix of ARM (Scaleway) and x86 (AWS) servers, and there is no difference in functionality that can be attributed to the processor.

From where I’m looking, the “few players” are definitely those who are tied to Windows or to proprietary compiled-for-x86-only software. And that’s *none* of the people I know running online businesses.

Am I seeing a skewed version of reality, or have these Qualcom people got the wrong idea?

3
0

Men are officially the worst… top-level domain

Phil Endecott
Silver badge

Re: I'm feeling left out

> is there anything to be lost by simply blackholing every TLD not registered before 2010?

.scot has useful content, and was only registered in 2014.

5
0

EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs

Phil Endecott
Silver badge

AWS.

Google.

Microsoft Azure.

Digital Ocean.

etc. etc.

All US companies.

Where are the EU alternatives that aren’t completely shite?

4
1

US regains supercomputer crown from Chinese, for now

Phil Endecott
Silver badge

“Classified” computers are not included in the lists, IIRC.

6
0

Great time to shift bytes: International bandwidth prices are in free fall

Phil Endecott
Silver badge

Dare I look forward to a drop in the price for AWS bandwidth?

This seems to have been stuck around $0.10 since forever, despite huge drops in their storage and CPU costs.

2
0

Max Schrems is back: Facebook, Google hit with GDPR complaint

Phil Endecott
Silver badge

Micropayments

Please can someone implement a proper micropayments system for the web so that we can pay for things using money, rather than by exposing our privates?

Seriously, Prestel could do this 40 years ago and WWW still hasn’t caught up. I thought cryptocurrencies might help but apparently they solve a slightly different problem. Conventional-style online payments (credit cards, Paypal) are fine for larger payments but don’t scale down to £0.001 for a web search.

10
2

Airbus windscreen fell out at 32,000 feet

Phil Endecott
Silver badge

Re: Hero ?

> The biggest accidents have all been on national flag carriers

> where the crew were afraid to question the actions of the famous

> senior highest paid and highest ranked captain

Not AF447, for example.

Which do you have in mind/?

0
0

First SpaceX Falcon 9 Block 5 rocket lobs comms sat into orbit

Phil Endecott
Silver badge

I thought it was “friendly”, like the giant.

0
0
Phil Endecott
Silver badge

inches and pounds

Seeing all that tech documentation in inches and pounds just makes me want to cry.

14
0

Can't wait for Linux apps on Chrome OS? And you like stability? We'll see you in December, then

Phil Endecott
Silver badge

> There is absolutely no bloat in a Chromebook, I would suggest if

> you are seeing bloat, you are seeing it on windows

I’ve never used a Chromebook, or Chrome, and I’ve hardly ever used Windows.

I am still totally confident, though, that their claim that Linux command-lime programs need more RAM, CPU etc than their browser-based OS are totally bogus. The footprint of ls, ssh, top, nano etc. will all be minute in comparison.

3
0
Phil Endecott
Silver badge

> Linux will demand a tad more processor grunt, memory, and

> storage space on the laptop that the Chromium browser

> environment usually requires.

I’m ptretty sure the command-lime programs I’d run would take a tiny fraction of what their bloated browser needs.

16
5

There will be blood: BT to axe 13,000 employees

Phil Endecott
Silver badge

Re: Digging Deeper ......

No it’s nothing remotely like a ponzi scheme. Huh?

1
0

Blame everything on 'computer error' – no one will contradict you

Phil Endecott
Silver badge

Re: Best photo tagline!

In Costa Coffee in Inverness, an Italian tourist off a cruise ship was given change for her £2.50 coffee as if she’d paid with a £50, but she’d actually handed over a £100. (Yes, Scotland.)

The assistant realised her mistake quickly but she had to wait for a supervisor to be able to open the till, which took a while. She was getting quite flustered. I’m not sure if my 3 words of Spitalin helped...

The poor woman then went to the loo and managed to pull the disabled alarm cord instead of the flush.

I didn’t hang around to see if things come in threes....

8
0

AWS DNS network hijack turns MyEtherWallet into ThievesEtherWallet

Phil Endecott
Silver badge

Re: A lot of sites still sport self-signed certificates

> These baddies had control of DNS. So they could easily have set up a Let's Encrypt cert

That’s got 5 downvotes; could someone who thinks it’s false explain?

It seems to me that if this attack had caused Let’s Encrypt to resolve the fake DNS they could indeed have got themselves a cert.

0
0
Phil Endecott
Silver badge

Re: RE: I have limited sympathy for people who clicked through an SSL warning.

> Do you also have limited sympathy for people who drive over

> any of the 55,000 bridges in the USA that are currently classified

> as "Structurally Deficient"?

If those bridges had signs saying “Warnimg, structurally deficient bridge” and those drivers had to actively “click OK” to continue, then yes my sympathy woild be somewhat less in the event of a failure than otherwise. Note no no sympathy, just less sympathy.

0
0
Phil Endecott
Silver badge

I have limited sympathy for people who clicked through an SSL warning.

This is something that HTTP public key pinning could have helped with, but that seems to be essentially deprecated due to its potential for foot-shooting. Reg story about that: https://www.theregister.co.uk/2017/10/30/google_hpkp/ . I wonder how popular the Expect-CT thing mentioned there is now? I guess also DNSSEC would have avoided this.

9
1

Programmers! Close the StackOverflow tabs. This AI robot will write your source code for you

Phil Endecott
Silver badge

TSB

I wonder if TSB’s new banking app was built using a prototype of this?

If not, maybe they should now try it now.

I mean, it must be cheaper than getting IBM to sort them out.

6
0

TSB outage, day 5: What do you mean you can't log in? Our systems are up and running. Up and running, we say!

Phil Endecott
Silver badge

Re: The Post-COBOL Apocalypse Has Arrived!

> a port of the Cobol version but retaining the Cobol syntax, so

> Cobol compiling to .NET using MicroFocus tools.

FUCKING HELL

12
1

X marks the Notch, where smartmobe supercycles go to die

Phil Endecott
Silver badge

Re: In defence ..

> Or if you want to be absolutely sure that it won't start operating without your knowledge.

In iOS, suspended apps can do nothing without you knowing about it. If they are using the GPS or the microphone, you get a huge coloured stripe at the top of the screen to tell you about it. They get a few seconds after being suspended to tidy up. VoIP apps can monitor a network connection for incoming calls. Err, maybe a couple of things I’ve forgotten.

In any case. most of those apps that you are “closing” are not running anyway. It’s primarily a list of recently-used apps, not apps that are currently in memory.

2
0

UK 'meltdown' bank TSB's owner: Our IT migration was a 'success'

Phil Endecott
Silver badge

Re: 402 customers?

> Should have been picked up at UAT and probably pentest.

To me it sounds more like it’s time to sack the entire team and throw away all the code they wrote.

If you’re even anywhere close to one user accessing a different user’s bank account, it means several layers of security are borked or maybe just not there.

Almost OK for some stupid PHP webshite, but absolutely not for a f***ing bank.

9
0

Millions of scraped public social net profiles left in open AWS S3 box

Phil Endecott
Silver badge

Re: Default access

> maybe that [no public access] is the default

Yes, it’s the default.

Trouble is when you want to share a file on S3 with someone else, your choice is either

(a) do some fancy thing to make a single-use time-limitted URL that you can share, or

(b) make the content public temporarily - with the danger of forgetting to change it back to private afterwards.

I think this must explain many of the S3 screwups we’ve heard about.

3
0

OK, this time it's for real: The last available IPv4 address block has gone

Phil Endecott
Silver badge

Re: BT

> BT completed its ipv6 rollout in November 2016.

Nonsense. Only people with the latest generation of “home hub” have it.

Mine is about 5 years old and is two generations too old (IIRC) to run IPv6.

1
0

Go away, kid, you bother me: Apple, Google, Microsoft, Mozilla kick W3C nerds to the curb

Phil Endecott
Silver badge

Anyone know what the central technical difference between the two DOM forks is?

16
0

What most people think it looks like when you change router's admin password, apparently

Phil Endecott
Silver badge

BT routers come with randomised passwords and I see no reason to change them to something user-selected and likely less random. That must make up a large fraction of the 82%.

24
1

'Disappearing' data under ZFS on Linux sparks small swift tweak

Phil Endecott
Silver badge

Re: Goto Jail, go directly to jail.

> Underneath the hood, goto is literally just a jmp instruction. But

> a loop has all kinds of setups, stack motions and side-effects.

Nonsense.

0
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018