* Posts by MJB7

134 posts • joined 27 Nov 2013

Page:

Data breach rumours abound as UK Labour Party locks down access to member databases

MJB7

Re: Why have it?

"Why do they even have this DB?" It's pretty hard to have a membership organization like a political party without having a database of the members.

"Did they get permission from the people to store their personal data?" Yes of course they did.

"... and let it be exploited by ANY politicians?" I'm sure they will have had wording like "to enable us to contact you to support our campaigns". And the members will have agreed to this.

Oldest white dwarf star catches amateur's eye – and its dusty ring leaves boffins baffled

MJB7

Re: oldest white dwarfs

12 billion years! If someone finds one a couple of billion years older than that, there are going to be some very upset cosmologists!

Autonomy trial: Key HPE witness might not testify, UK High Court told

MJB7

Re: All I know is as taxpayers, we are paying for this farce

I don't *think* we are actually. This is a civil case, and the court fees (which should pay for the costs of running the court) will have been paid by the claimants. (If they win, they can claim those fees back from the defendants - but I think that will be chicken-feed compared to the lawyers fees.)

Down productivity tools: Microsoft Teams takes a Monday tumble

MJB7

Re: Skiing uphill

is relatively straightforward. I can't remember the last time I didn't ski in a closed loop. I suppose it's different if you do that silly downhill skiing rather than proper cross-country skiing.

'This collaboration is absolutely critical going forward'... One positive thing about Meltdown CPU hole? At least it put aside tech rivalries...

MJB7
FAIL

Re: What an absurdity!

What tosh!

1. There's nothing "cheating" about speculative execution. It turns out it has a huge security downside, but nobody realized that at the time.

2. Replacing the hardware is simply not going to happen. Redesigning a chip as complex as an x64 CPU to eliminate the problems is going to take *years*. What was everybody supposed to do in the meantime? Switch off their computers? Yes software has to work round hardware bugs; it sucks, but it's easier to change software than hardware.

3. However, I'll give you the point that Intel publishing benchmarks without mitigations enabled is outrageous.

Blockchain is bullsh!t, prove me wrong meets 'chain gang fans at tech confab

MJB7

Re: I've yet to hear of an actual, real application of blockchain

You don't need to *encrypt* the contract - just sign it with your private key. Losing the corresponding public key should be harder because you don't need to protect it - you can stuff it in the cloud, print in on paper, make thousands of copies (and you opposite number can keep a copy of it too).

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

MJB7

Re: 1Pass

... and has a relationship with them that is disclosed on https://haveibeenpwned.com/

Cops looking for mum marauding uni campus asking students if they fancy dating her son

MJB7

Re: Get a Shopsmith

Gah! I hate you. How am I going to explain that I need that to SWMBO?

From Red Planet to deep into the red: Suicidal extrovert magnet Mars One finally implodes

MJB7

The references are to:

Julius Sello Malema: a South African politician

Jacob Zuma: Former South African president

The Gupta family: "A wealthy Indian-born South African family"

I think Sad Panda may be based in South Africa. (I had to google Malema, and I wasn't sure where the Gupta's were based, though I had heard of them.)

Intel SGX 'safe' room easily trashed by white-hat hacking marauders: Enclave malware demo'd

MJB7
Big Brother

Untrusted code

OK, hands up. Who here trusts code from Sony (for example)?

620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts

MJB7
Boffin

Password hashing

I can't see *any* mention of PBKDF2 in the password hashing. Is that because nobody used it, or because the journalist didn't realize the importance?

(For those that don't know, PBKDF2 is an algorithm to iterate a hash function many times. A database where the password has been hashed with MD5 100,000 times is at least 10,000 times better protected than a database where the password has been hashed with SHA512 once.)

Python creator Guido van Rossum sys.exit()s as language overlord

MJB7

Re: Here's a PEP

It was FORTRAN. Variables that started I to M inclusive were INTEGER. All other variables were REAL When I was using FORTRAN IV in 1980 you could at least *choose* to declare the types if you didn't like that. Very early FORTRAN didn't have that option.

MJB7

Re: Here's a PEP

Don't forget "DO 15 I = 1. 100" ... which implicitly declares a real variable called DO15I and assigns it the value 1.1. Not to be confused with "DO15I=1,100" which runs a DO loop to the line labeled 15 with I varying from 1 to 100 inclusive. This lead to the failure of the Mariner 1 satellite in 1962.

Things that make you go .hm... Has a piece of the internet just sunk into the ocean? It appears so

MJB7

Re: .UK or .GB??

GB is the ISO two letter code, but the .uk TLD had been assigned (and was in use) before the Internet standardized on ISO two letter codes. (UK is reserved in ISO_3166-1 on the request of the United Kingdom.)

See https://www.theregister.co.uk/2010/11/05/nominet_first_domain_name/

MJB7

Re: "just north of Antarctica"

The emphasis is on the just. In other words, not the Antarctic continent, but not far from it either.

What a smashing time, cheer astroboffins: Epic exoplanet space prang evidence eyeballed

MJB7

Re: Some mistake, shurely?

Yup. Bodies 10 times the mass of the sun are not planets - they are stars. Damn it, bodies 10 times *smaller* than the sun are stars!

UK transport's 'ludicrous' robocar code may 'put lives at risk'

MJB7

Re: Missing the obvious

Yes there are lots of cyclists that ignore the highway code. There are also lots of motorists that consistently break the speed limit and jump red lights (crossing the line after the light has gone from amber to red). I'm a cyclist that (mostly) does not ignore the highway code; I certainly have lights, and don't cycle on pavements.

Apple hands keys for retail to HR boss amid flagging iPhone sales

MJB7

Re: Who is HR for.

HR is there to protect the senior managers and the company from the workers. They are not there to protect the workers at all

RIP, RDP... nearly: Security house Check Point punches holes in remote desktop tools

MJB7

Re: Microsoft client

It is actually possible that is true. If RDP is one of the things they have gone through replacing all the calls to `strcpy` with `strcpy_s` (and similar for all the other buffer-overflow causing functions), then the overlong replies from the server may just terminate the client. See "Secure Development Lifecycle".

Cheap call? Hardly. GSM gateway judicial review to settle whether UK Home Sec can legally push comms watchdog around

MJB7

Re: I hope the home office looses

I hope they lose too, but if they do, I am pretty sure they will appeal it all the way to the Supreme Court, and when they lose there, they'll just change the law. (But of course that will still allow the companies that went bust to sue the Government for its illegal actions.)

Original WWII German message decrypts to go on display at National Museum of Computing

MJB7

Re: Tommy Flowers

But it still annoys me that he was turned down for a loan to build computers because the bank didn't believe the machines would work. He couldn't tell them that he'd already built them (and they did work) because it was covered by the Official Secrets Act.

Now it may well be that Britain would still have found a way to piss away our computer industry, but the marginal improvement in our security provided by keeping Colossus secret has probably been _very_ expensive.

Hi, Jack'd: A little PSA for anyone using this dating-hook-up app... Anyone can slurp your private, public snaps

MJB7

Re: Yeah, about par for the course…

Actually, if it was a random 30-character (or so) filename, that wouldn't be completely unreasonable. (31 characters being enough to encode a base-36 encoded version of a SHA1 hash - obviously SHA256 would be better, but SHA1 is probably "good enough". Alternatively, it could be 20 bytes from /dev/urandom.)

European Commission orders mass recall of creepy, leaky child-tracking smartwatch

MJB7

Re: Tip of the Iceberg

Whoosh!

(At least, I'm pretty sure the comment was supposed to be ironic. Admittedly, it can be hard to tell.)

How AI can help halt human sex trafficking – by identifying victims' hotel rooms from pics

MJB7

Adjusting behaviour

Probably just by photographing the victim against a white sheet.

Whatever you've got to say about Google, it can't hear you over the sound of it banking $85m a day in pure profit

MJB7
Pint

$84m profit a day

That's just over $84m profit a day, every day, for the whole year.

Or, to put it another way, just a hair under $1000 profit per second

Icon: I think the drinks are on Messrs Page and Brin.

Upcoming report from UK's Huawei handler will blast firm for unresolved security issues

MJB7

Re: I'm prepared to believe ...

Anyway, UK and US spies are close enough to each other they may not be much more worried about what, say, Cisco does. Usually, you're much more worried about what your enemies do. than your allies.

I used to work for Thales. We were told that when hacking attempts appeared to come from the PRC they would just see they had been spotted and leave. When hacking attempts appeared to come from Fort Meade and we asked GCHQ to ask the NSA what was going on, they would reply "Oh dear. Our computers must have been hacked and they were using us as a front."

Thanks for all those data-flow warnings, UK.gov. Now let's talk about your own Brexit prep. Yep, just as we thought

MJB7

Re: a second *binding* referendum and cancel the madness that is Brexit.

Well _this_ Remainer wants to join Schengen and the Euro, and I believe dropping the rebate would be a small price to pay for that. However I recognize that these are not particularly popular choices in the UK. Achieving EU membership _without_ a commitment to Schengen and the Euro can only realistically be done by remaining a member. (There's also the point that Spain might be difficult about Gibralter if we tried to rejoin.)

Intel to finally scatter remaining ashes of Itanium to the wind in 2021: Final call for doomed server CPU line

MJB7

Re: It actually was more of a hope back then

Certainly legacy code was an issue, but there's an awful lot of _new_ code being written with lots of branching, and people wanted it faster than their old code. Itanic depended on the compilers being able to optimize this code effectively - and *at the time* people were saying "this is beyond state-of-the-art for compilers". (I think it still is.)

Smaller tech firms just aren't ready for a no-deal Brexit, MPs told

MJB7
Headmaster

Re: Taking Back Control!

"Nobody move, I've got no ideas"

Surely that should be:

"Hang on a minute, lads – I've got no ideas"

Icon: 'cos I'm pedantic about film quotes

Worried about Brexit food shortages? North Korean haute couture has just the thing

MJB7

Re: Ahh...

In addition, the checks will create horrendous queues of lorries. I live near the Swiss-German border, and there are lorries queued up on on the motorway on Saturday waiting to get in to Switzerland on Monday.

As well as being tedious for the lorry drivers, the equivalent queues are likely to tie up a significant fraction of the lorry stock involved in cross-channel transport - and there aren't a huge number of spare lorries available to fill that gap. Those lorries in the queue obviously aren't actually shifting stuff - so the amount of stuff that can be imported will go down.

When there starts to be a little bit less of something in the shops, there will be panic buying, and yes, there will be bare supermarket shelves.

Obviously this can be sorted out over a few months, but April is looking like a really good month not to be in the UK!

Clone your own Prince Phil, says eBay seller hawking debris left over from royal car crash

MJB7

Re: SHE doesn't have a license

She doesn't now, but I'm pretty sure she would have had one during the war (when she was not the monarch) because she served as a truck mechanic in the Women's Auxiliary Territorial Service. What with the various changes in licensing etc, that original licence would probably have continued to be valid until she was 70.

Of course, she no longer needs a licence. Not because the roads belong to her, but because technically laws don't apply to her.

MJB7

Re: Apologies

Given this occurred in Norfolk, the relevant jurisdiction is England and Wales. However judges are very unwilling to accept that people saying "Sorry" is an admission of liability (for the same reason that the Canadian legislation was passed). So it's perfectly fine to say sorry if you are involved in an accident.

Heard the one where the boss calls in an Oracle consultant who couldn't fix the database?

MJB7

"All benchmarks showing otherwise"

[citation needed]

If you are running large scale simulations, what you desperately, *desperately* need is speed - and for that purpose, Fortran does superbly well. It's not until `restrict` became widely available (and it certainly wasn't in the early 90's) that C had any hope of competing with Fortran - by the time it had, all the parallel processing extensions were available for Fortran (because that's what the code it would speed up most was written in).

Typical! You wait ages for a fast radio burst from outer space, and suddenly 13 show up

MJB7
Boffin

Numbers don't add up

I can't make the numbers add up. 1TB/s is about 86 PB/day. Even 142 GB/s is still 12 PB/day. Where is the low bandwidth (†) 1.5 PB/day coming from?

† Look, everything's relative OK?

NHS England claims it will be all-digital within the decade

MJB7

Re: As with all things this could be great if done properly

You've got this the wrong way round. The GP practice (which is a private contractor, not a part of the NHS) gets paid per registered patient, not per appointment. They will only allow the giffer to make another appointment next week if it is actually needed. Once the giffer is coming regularly every week for his check-up, *of course* he is going to get friendly with the other patients.

France next up behind Britain, Netherlands to pummel Uber with €400k fine over 2016 breach

MJB7

Re: How many times do we have to point this out?

For at least another couple of years (while the various breaches prior to May work their way through the system).

Happy Christmas! Bloodhound SSC refuelled by Yorkshire business chap

MJB7
Pint

Re: One of these...

One ?!?

No not THAT kind of Office Wizard! Roll a diplomacy check to win the election: Vote tie resolved by a D20

MJB7

*EVERY* fuul kno that CHR is not a characteristic. STR is strength, and charisma is CHA.

Also: The 20 role is not that strange, but 5 out of six were in the range 16-20 (which is about 1 in 170 odds) - and even higher if you note that the lowest score was a 13. There's something dodgy about that die (but given both candidates were using it, that doesn't matter).

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

MJB7
Pirate

Re: Wrongful dismissal

I don't know where the employee worked, but if it was in an "at will" state, then "wrongful dismissal" isn't a thing. (Unless they can show it was because of race/sex discrimination or similar.)

If you turn up to work one day in a tie that your boss doesn't like they can fire you with absolutely no comeback.

The internet is going to hell and its creators want your help fixing it

MJB7
Boffin

Eu EHCR

"Whatever level of stiffness the BrExit, if it has any form of formal agreement with the Eu ECHR has to stay"

Aaaaaaarggh! The European Court of Human Rights is entirely independent of the European Union. It is a creature of the Council of Europe (which has as members all European countries except Belarus, Kazakhstan, and Vatican City).

The senior court of the European Union is the European Court of Justice.

Remember Misco? Staff win protective award at employment tribunal

MJB7

Re: Administrators

Work? Work!?! I think you are failing to understand the business model of the standard administrator.

College PRIMOS prankster wreaks havoc with sysadmin manuals

MJB7

Re: Poorly configured system

"Almost by definition you'd think 'administrator' commands should only be available to administrators?"

You are obviously thinking with the mindset of a 21st century security consultant. The late 70's was a much more innocent time, when it wasn't completely obvious that just trusting people to be responsible wasn't good enough.

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

MJB7

Not in their interest, is it?

NCSC may be part of GCHQ, but their remit is to protect government (interpreted broadly) systems, and UK businesses.

There are plenty of other people saying password resets other than when compromised are a bad idea.

If Citrix wanted to do something useful, they could check new passwords aren't in the Have I Been Pwned database.

Oh my chord! Sennheiser hits bum note with major HTTPS certificate cock-up

MJB7
Boffin

Certificate pinning won't help

Certificate pinning won't help with this at all. At least with Chrome, certificate pinning accepts any certificate signed by a locally installed root cert (as opposed to one which is distributed with the operating system). This is so that businesses who use a TLS decryption/encryption device to scan all outgoing TLS can continue to do so.

(I suspect the commentards here will have definite views on the desirability of such devices, but I can see why Chrome would decide not to fight that battle.)

It was a lit CeBIT see, got teeny weeny, world's biggest tech show yearly party... closed its German fest's doors yesterday

MJB7

Re: You only wish you're too old

According to WP Timmy Mallett only started being active in 1982. I graduated two years before that, and had stopped watching children's TV.

I'm not sure how I managed to avoid him when my son came along (but I did). What I have heard about him has not encouraged me to look more closely.

("teeny weeny" immediately made me think of "yellow polka dot bikini" - but I couldn't see how it fitted.)

Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web

MJB7

Re: Sorry, but ...

The canonical expression is that "the attacker is the wrong side of the air-tight hatchway". At least it is if you read "The Old New Thing" by Raymond Chen (and you should).

It's Two Spacecraft, One Mission as BepiColombo gets ready to launch

MJB7
FAIL

JWST?

2021 for James Webb? Your'e having a laaf. That's about as likely as Berlin Brandenburg being open by then.

Insult to injury: Malware menace soaks water-logged utility ravaged by Hurricane Florence

MJB7

Re: who triggered it?

The sysadmins *should* be more resistant to these sort of attacks, but as they are actually humans (appearances to the contrary notwithstanding), they will still trigger the ransomware some of the time ... and we never get to hear about the cases that they didn't.

Sun billionaire Khosla discovers life's a beach after US Supreme Court refuses to hear him out

MJB7

Re: Sidewalk

At least in England and Wales (I can't speak for Scotland), you *do* own the land to the centre of the road - it's just that you can't stop people walking/driving/etc over it (it's a public highway).

So it is quite likely that the State of California *doesn't* own the roads (assuming a similar legal system to E&W)

Garbage collection – in SPAAACE: Net snaffles junk in first step to clean up Earth's orbiting litter

MJB7

Small vs large chunks

It's well worth removing the larger chunks *before* they become lots of small chunks.

Also, the small chunks in LEO tend to decay quite quickly because of atmospheric resistance - something as big as a cube sat will stay up much longer.

Page:

Biting the hand that feeds IT © 1998–2019