* Posts by Nick Kew

1974 posts • joined 16 Jan 2007

Security guard cost bank millions by hitting emergency Off button

Nick Kew Silver badge

Kim or Ken?

Not sure which of them should be fired ...

But surely not the security guard scapegoated in the first story. When you smell and see fire, you don't hesitate, you use the emergency button to shut down kit that could turn it into something much, much bigger and altogether more catastrophic.

IBM fired me because I'm not a millennial, says axed cloud sales star in age discrim court row

Nick Kew Silver badge

Re: where people can't afford to live off just one job anymore.

Swings and roundabouts. The '80s were much worse than today if you had to rent a home in the open market (which basically didn't exist - the 1977 Rent Acts had scared off landlords, leaving only those who were at least borderline-gangsters in the market). But the student life was great!

And "snowflake" is another inappropriate term. It's not the young folks who chose to grow up in bubble-wrap, or who created the environment that elevates a noisily-self-indulgent minority and portrays them as representative.

Nick Kew Silver badge

Re: millennial

I dislike the label too. But it's just one facet of the obsession with labelling "generations". The "boomer" label is even worse, since the charlatan Willetts abused it to co-opt a younger cohort as scapegoat generation for his own contemporaries' relatively-good fortune.

UK.gov IT projects that are failing: Verify. Border control. 4G for blue-light services. We can go on

Nick Kew Silver badge

Re: Anyone notice how prominent the Home Office is in this list of clusterf**kery?

However with secret budgets you can hire the most expensive, who might even be good at their job.

My experience on MoD contracts (back in the 1980s - I've avoided it since) suggests otherwise. Secrecy was a great cover for spectacularly bad work.

Nick Kew Silver badge

@Christoph

I wouldn't rely on that. We have a big and nasty news decoy (novichok case) lined up to distract media attention from another mess when the cabinet get together. And serve as an excuse for fudge: ("big emergency, all hands to the pumps, have to truncate all else").

Euro privacy watchdog raises eyebrows at mulled EU copyright law

Nick Kew Silver badge

Broadly his response is that Article 13 doesn't break anything, but that it has the potential to cause a lot of harm if applied badly or worded poorly.

Seems reasonable. And certainly an approach Sir Humphrey would be happy with.

Isn't there an additional problem with an EU directive, in that national governments might twist implementation of it to their own Agendas? In the case of UK governments, that could be anything from US or other lobbyists to deliberate sabotage in the interests of discrediting the EU directive.

Thanks for the happy memories, Micron – now beat it, says China: Court bans chip sales

Nick Kew Silver badge

China has been putting the heavy squeeze on Taiwan lately.

Are you sure? Chinese and Taiwanese leaders may bandy tough words: that's traditional. But if they're extending that into self-harming, would that not be an aberration?

Nick Kew Silver badge

Milestone?

Is this an entirely fair and just verdict?

Or is it the day China catches up with where the US has been for about a quarter century, in terms of using patent laws in its courts as a weapon of economic imperialism?

The strange tale of an energy biz that suddenly became a blockchain upstart – and $1.4m now forfeited in sold shares

Nick Kew Silver badge
Alien

An energy company playing fantasy finance?

So Enron wasn't a one-off, but a tradition!

Micro Focus offloads Linux-wrangler SUSE for a cool $2.5bn

Nick Kew Silver badge

Re: The value is not the revenue

And who would lend on that basis?

Debt may be attractive because it's artificially cheap and benefits from a more favourable tax regime than equity funding. But lenders want to lend to good businesses, who will live to service and repay the loans.

Nick Kew Silver badge

Re: Swelling price tag, if not profits

Interesting comment (I use neither). If true, the deal makes a lot of sense: the new owners expect to translate SuSE's merits into profitable business (whereas it didn't really fit at Micro Focus).

Nick Kew Silver badge

What interest would SuSE have for an asset stripper? The only substantial asset is the ongoing business itself: the whole, not parts that could be stripped.

Nick Kew Silver badge

Re: VC's and Hedge Funds

You may be reading the wrong Penny Dreadfuls.

I have quite a lot invested in VC: the dividends pay the rent! No debt involved: just supporting growing business.

Though not mature business like SuSE: that's a different ballgame. In the absence of actual knowledge, I shall reserve judgement on the new owners.

Sysadmin shut down server, it went ‘Clunk!’ but the app kept running

Nick Kew Silver badge

Re: shutdown silliness

Relatively modern?

It was in the mid-'90s I first read TFM recommending shutdown -[r|h] over reboot or halt.

Nick Kew Silver badge

Re: I crashed a server once, at client site

I call BS, there's not a developer alive who doesn't think he can do a sysadmin's job better.

I've certainly encountered sysadmins whose job I can do better than them. In some cases I did - 'cos otherwise it just wouldn't have got done.

But I wouldn't say that of sysadmins in general. Nor would I wish to antagonise a sysadmin by backseat-driving the job, unless it was clear that the individual was one of those who really need my help.

Nick Kew Silver badge

Re: Halted machine on other side of the planet

I must be too boring: always been too super-careful with distant machines. In setting up a firewall, I've used a cron job to reset-everything every few hours, as an ultimate failsafe against accidentally locking myself out. Stop the cron job only when finished configuring and verified my own access.

Nowadays I have a cloud-based server and a web-based control panel. I can ssh in as root, but for something like a reboot I'll use the web panel to protect from certain possible accidents.

Nick Kew Silver badge
Pint

Re: I was burning in some two dozen nodes of T-carrier gear.

Jake, in this instance you should be the main story, not a comment.

Boffins want to stop Network Time Protocol's time-travelling exploits

Nick Kew Silver badge

Re: Simply fit all computers with sundials.

Once you've boiled the water, you have a nice cuppa tea.

Damn, where's my Infinite Improbability Drive?

Nick Kew Silver badge

Consumer-grade 'puters

If you take a look at the time configuration in a typical consumer computer, you'll see one or two NTP servers nominated.

Erm, yes. A typical consumer computer is a consumer of NTP. It doesn't need nor expect atomic-clock accuracy. If it's within UDP-packet timeout time of its ISP's ntp server, that's plenty adequate. Or if it just polls time hourly, daily, or probably even weekly, that'll do.

Need more accuracy? Then you're not a consumer-grade 'puter. You want a competent sysop to configure your NTP with lots of peers, and no doubt other critical setup.

Methinks this is baked in. The protocol is the quintessential UDP user: better to lose a packet than to use a delayed packet! Configuration allows for different levels of operation: peer network, polling frequency, etc. Dammit, when I first set up NTP I used chrony not ntpd, precisely because of its advertised ability to deal with intermittent connections.

Nick Kew Silver badge

Re: Time NTP was upgraded(See what I did there!)

All that infrastructure defeats the whole purpose of NTP: a lightweight protocol. Add a certificate, and handling it becomes a bottleneck that injects a whole new timing attack vector, quite apart from causing packets to timeout.

And that's now all three LTE protocol layers with annoying security flaws

Nick Kew Silver badge

I think you're saying much the same as I was about to.

We seem to be describing a (new?) set of methods to accomplish attacks that are already well-known on the 'net in general. Traffic interception and misdirection are risks we all know about, and choose whether to live with or protect against according to the nature and sensitivity of whatever we're doing. Thus reading El Reg, it's no big deal if Evil-MITM interferes. But doing my banking, I want security!

The cybercriminal's cash cow and the marketer's machine: Inside the mad sad bad web ad world

Nick Kew Silver badge

ad fraud is ad fraud

There seems to be a deeper unaddressed question, of which this assumption is just one facet. What is ad fraud in the first place?

I'm sure we could all devise examples that are or aren't ad fraud. But more fundamental than just the inevitable big grey area, the whole term is undefined. Even the examples in the article are mostly vague as hell.

Where do we all stand on El Reg's more egregious clickbait? Or the high-pressure announcements: you have until midnight tonight to register for [foo] (before the already-outrageous cost doubles)?

Et tu, Gentoo? Horrible gits meddle with Linux distro's GitHub code

Nick Kew Silver badge

Re: No chain of trust?

Where you download from should have very little bearing on security. A cryptographic chain of trust works just as well with something off the back of a lorry as with the most trusted origin.

I wouldn't rely on a "gentoo.org" address for my security: that would open me to any number of attack vectors. Verifiable PGP signatures of verifiable gentoo personnel work altogether better.

Nick Kew Silver badge

No chain of trust?

If you happened to download a fresh .iso, and have no or inadequate connection to the Strong Set, then you have a bootstrap problem.

Anyone else should surely be protected by a chain of trust leading at the very least back to what they originally installed, and supported by signatures within the Strong Set.

Or are you suggesting that (of all things) a techie-oriented Linux distro has no basic security in its distribution? That Gentoo is doing the spooks' bidding by laying itself wide open to the insertion of spyware, government-sanctioned or otherwise?

Registry to ban Cyrillic .eu addresses even if you've paid for them

Nick Kew Silver badge
Pint

Re: Pot, kettle

which is almost all that Wikipedia (en) has to say about it.

Brilliant. An update of "Mostly Harmless".

Google Cloud CEO admits: Yeah, we wanted GitHub too. Whatevs

Nick Kew Silver badge

I see the acquisition *as such* as neither good nor bad. I'll reserve judgement until and unless MS do something that affects me and/or my projects, such as change the T&Cs or push me towards their choice of dev tools/environment.

I'd say exactly the same if it had been borged by Google, or A N Other bigco.

Certainly wouldn't change the name. Despite being very disappointed by the only other "git" I've encountered in recent times: namely a wine branded as "Old Git" which I bought on the strength of the name and a "try anything once" principle.

UK taxman warned it's running out of time to deliver working customs IT system by Brexit

Nick Kew Silver badge

@Teiwaz - we were just talking about that a couple of days ago, as we walked a scenic section of coast path with ample scope for smugglers alongside the leisure boats of the modern rich. Can't see anyone finding the money to restore Napoleonic-era defences.

Though of course if there's no enforced border in Ireland, the smugglers will have a line of even less resistance to bring Trump's industrial-scale farmers' growth-hormone-filled beef into the EU until road and rail capacity is exhausted.

IEEE joins the ranks of non-backdoored strong cryptography defenders

Nick Kew Silver badge

Re: I would think that the situation is simple

You describe the very battle the US government attempted to fight back in the 1980s and 90s: the early days of modern cryptography.

I don't remember just when they gave up that battle (sometime around the turn of the century), but I do recollect it was standard that you'd have to go to a non-US download site for a crypto-enabled version of anything, and that US-based organisations had to leave crypto to non-US parties: hence for example early SSL versions of Apache from Ben Laurie in the UK using an OpenSSL predecessor from Eric Young in Oz. Unless you were prepared to do long legal battle with the US govt!

Labour MP pushing to slip 6-hour limit to kill illegal online content into counter-terror bill

Nick Kew Silver badge

That reminds me of the splendid comedian and activist Mark Thomas, who has indeed pulled stunts like that when the law gets too stupid.

Recommended Entertainment

Sophos SafeGuard anything but – thanks to 7 serious security bugs

Nick Kew Silver badge
Angel

Contrast

Once again, the contrast with Kaspersky springs to mind. Is there one of those irregular verbs in security software?

I protect just fine so long as users stay up to date.

You patch those flaws that could expose your users to risk.

They spy on their users.

Why aren't startups working? They're not great at creating jobs... or disrupting big biz

Nick Kew Silver badge

Re: Misalignment of incentives

should be more startups. Unfortunately, the funding models

Actually funding models are adapting quite nicely to support more and smaller startups:

(1) Today far-and-away the biggest VCT in the UK is Octopus Titan, which invests in smaller, newer businesses than any successful VCT has in the past (others have tried, but only managed to lose most of their money and get taken over).

(2) The real new kid on the block is crowdfunding, and that's supporting a whole raft of new entrants.

Nick Kew Silver badge

Re: Accumulation of power

Silly to generalise like that. Startups take many different paths to success - even if greater numbers end in failure, or bumble along supporting one person cleaning windows, trading on ebay, or flirting with IR35.

Bear in mind that all the Internet giants are startups from the 1990s or later, and some are now among the world's biggest companies. Also that our long-established giants were once startups too.

Oracle Linux now supported on 64-bit Armv8 processors

Nick Kew Silver badge
Thumb Down

EPARSE

so adds MySQL, Docker, Java efforts under way too

Oracle adds MySQL, Docker and Java?

MySQL, Docker and Java efforts are under way?

Which is it?

Oh hang on, that "too" confuses the matter further, with the implication that something else has happened in addition to the [whatever] that has happened with MySQL, Docker and Java.

That kind of unparseable headline (in this case subheading) is truly infuriating. Can't someone proofread those things before going to press?

Software changed the world, then died on the first of the month

Nick Kew Silver badge

Re: Backend bod: "Either way is fine"

it should be stored as ISO-8601 and translated in the UI

Worst of at least two worlds. Store it as a regular timestamp, then use standard libraries (and locale settings) to present it. In the unlikely event that you have a system that still has a 32-bit time_t, either document it ("recompile before 2038") or grab a library with 64 bits.

These days there's no excuse to mess up date&time: any mainstream environment will provide standard library functions to deal with them. Broken or other nonstandard timedate should only be seen in those legacy systems that didn't get cleaned up in the Y2K purges.

Nick Kew Silver badge
Devil

Re: @Rich 11

Never mind software. Doing exactly what you say, not what you want, is the stuff of myth: just look at Τιθωνός. Expert practitioners include Satan, and lawyers through the ages.

Software engineer fired, shut out of office for three weeks by machine

Nick Kew Silver badge
Pint

Re: SIMON!!!

Simon is redundant. His job has been automated away. He can now devote himself full time to the pub.

Trainee techie ran away and hid after screwing up a job, literally

Nick Kew Silver badge

Re: Screws and escaped death.

A skillset isn't just one specialist function. Those got automated a century or so ago: c.f Charlie Chaplin "Modern Times". Someone employed in a handyman job (like wiring) might reasonably be expected to be able to deal with another (like plumbing) with minimal guidance based on having general dexterity and at least adequate spatial awareness.

Apply similar principle to your own skillset. The typical Reg commentard is - I would imagine, and yes I'm projecting myself - an IT person with core skills that we're paid for, but also a much wider range of skills in other areas of IT. Even to the extent of being able to sort out someone's Windows or Office problem by playing with the menus and applying an IT mindset, despite being a 100% Unix or Linux user ourselves.

JURI's out, Euro copyright votes in: Whoa, did the EU just 'break the internet'?

Nick Kew Silver badge

Re: O Holy Night (Citation needed)

I get the strong impression you have little real world exposure to the day to day workings of the music biz over the last few decades.

Indeed, I have nothing but contempt for the so-called music biz, and no direct knowledge of its day-to-day working. However, I do both listen and perform on a reasonably regular basis. I've also done a little composing, broadcasting and recording, so have a slight level of indirect exposure to some of it.

I'm well aware that copyright abuse happens. I'm also well aware there are lots of stories floating around based on misunderstandings. Nothing posted here enables me to classify your story beyond reasonable doubt as one or the other.

If someone presented a firm case, the Googlers I occasionally encounter are those who work in Free Software. People who believe in copyright but detest its abuse. People who might raise a fuss and would carry weight internally if presented with clear evidence that youtube was complicit in abuse.

Nick Kew Silver badge

Re: O Holy Night (Citation needed)

P.s. should've said. I could post this where it would be likely to catch the attention of real people at Google (i.e. not the ones whose job is to fob the public off). But before doing that, I'd need sufficient detail not to look an idiot as soon as they ask the kind of questions I'm asking.

Nick Kew Silver badge

O Holy Night (Re: Citation needed)

Wikipedia lists a lot of recordings of that, some of them a lot older than the one you mention.

One possible hypothesis is that Warner have copyright over some particular arrangement of the song, and spotted that in the video in question. In the absence of more specifics, I couldn't possibly tell.

I checked out the originator of the takedown. Its one of those 3'rd party i.p enforcement companies that are also responsible those blanket DCMA's.

As in this story (which didn't lead to a takedown)!

I'm genuinely curious here: what information do they send you (a blog entry or similar URL like mine above would help)? It it's from a third party, where does Warner come in? Did you check whether the originator was really Warner's henchman, or a third-party abusing their name with no actual connection? Did google/youtube actually take down a video based on that notice? I can well believe Warner would do evil, but there are too many unanswered questions to say for certain that this is an example.

Nick Kew Silver badge

Citation needed

It gets even better than that. At the moment YouTube will block completely private videos of people singing songs that are in the public domain because some big name artist also recorded the same song and the record company makes a blanket claim to copyright.

That sounds credible, but not (AFAIK) proven.

It's basically something Big Pirates (like Disney) have been doing for decades. Which begs the question: is it some story from the past that's become apocryphal in a modern retelling, or are there documented cases you can cite? URLs would be welcome here.

Shared, not stirred: GCHQ chief says Europe needs British spies

Nick Kew Silver badge

Re: Spook

He's not a SPOOK whatever that is

In modern parlance, that's exactly what he is. You may not like it, but language evolves. Would you like to suggest an alternative?

Dammit, I'm usually the one fighting a rearguard action against corruption of the language. In this case I use the word because it seems a decent enough word where no traditional alternative exists (so far as I'm aware). It has the additional virtue that this usage isn't confusing or damaging any previous meaning, as sometimes happens when a word gets re-purposed.

Nick Kew Silver badge

Story

Spook gives speech, telling politicians to get their act together. That's politicians on both sides, which is what it'll take to reach agreement.

Sounds fair enough to me. Unlike commentards descending into tired old arguments about which particular politicians (and views attributed to them) are right or wrong.

Since the UK is revoking existing arrangements, it seems reasonable that the UK should start the ball rolling in proposing a replacement. That means a white paper (or equivalent) from the civil servants, not armwaving from politicians. Except ... the civil servants are supposedly answerable to the politicians, and anything they produce is useless if the politicians can't get their act together and endorse it.

Senior judge: Put AI in charge of reviewing social media evidence

Nick Kew Silver badge

Re: Magic Wand

some poor sod has their life destroyed by the penal system

That's traditional. The system ruins lives fairly indiscriminately, for accused people, for victims of crime, and in some cases for witnesses and jurors. A lot of victims of false allegations have been in the news recently (probably a consequence of and backlash against actions taken when the warcry was "more rape convictions"), which is probably what provoked the speech.

If an automated system does no more than a fuzzy[1] grep for the accused's name on all the accuser's accounts and highlights places for a human investigator to look, that could be a huge improvement on the present system.

[1] as in, able to deal with a realistic level of variants and misspellings.

Donald Trump trumped as US Senate votes to reinstate ZTE ban

Nick Kew Silver badge

Re: Why would they?

God help us in the UK if Brexit goes badly and we have to start importing more food from the US, as we'd have to weaken our food safety laws to let the stuff in.

We already import lots of food from the US. Florida orange juice and California wine, to name but two I generally avoid in favour of alternatives from elsewhere.

The issue isn't how much we import, but whether we have a general trade agreement. If we do that, we'll have to accept US "red lines", that prevented proposed trade agreements with either the EU or Pacific Rim countries under Obama and Bush - back when the US at least believed in trade. That'll mean not just weakening food standards, but also any labelling (like "red tractor") that could be used as a proxy to discriminate against products like US growth-hormone-filled beef.

BTW, the scale of smuggling likely to follow that is why a trade agreement with the US must imply border controls for Ireland.

Nick Kew Silver badge

No judicial process?

So ZTE is accused of violating US law. And that's coming from politicians, whether it's the President or the Congress!

Isn't that kind of political posturing the very reason we have supposedly-independent judiciaries? Does this mean they've abandoned any pretence of Justice?

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Nick Kew Silver badge

Re: The real problem is...

Wot, you mean to say there might be a bug in my script? Yep, a commandline tool in a traditional unix pipeline doesn't belong in a security-critical situation. In the case of gnupg I can't even rely on $? .

Though I'm not sure XML or JSON would really help much more than plain ol' CSV or ... um ... ASCII. What I could really use is a libgnupg, to include a high-level API matching gpg commandline options.

Here's some phish-AI research: Machine-learning code crafts phishing URLs that dodge auto-detection

Nick Kew Silver badge
Facepalm

Clickbait

Story: exercise in futility proves futile.

Spammers have been tweaking their evasions for twenty years. Why on Earth should one suppose phishers would present a big fat static target for naive pattern-classification?

Developer’s code worked, but not in the right century

Nick Kew Silver badge
Coat

@John Brown

All the best people are fools.

Nick Kew Silver badge
Coat

Re: What did you break by getting little details like dates wrong?

You are supposed to remember the date of your wedding anniversary.

Only a woman would think that.

Biting the hand that feeds IT © 1998–2019