* Posts by yoganmahew

345 posts • joined 1 Apr 2014


How many Reg columnists does it take to turn off a lightbulb?


Re: Long way around the barn!

Start at red light from TV for an hour.

Get up, try and unplug TV.

Realise there's no plug, it's wired into the wall.

Duct tape to the rescue again! (Or an open book with one cover up to cover the light.

And that in a room that proclaimed itself to be optimised for sleep for the weary traveller...

The HeirPod? Samsung Galaxy Buds teardown finds tiny wireless cans 'surprisingly repairable'


I fell into a burning ear of fire.

Ooh-oh my ears on fire, ooh-oh they have no wire

How can we sleep when our ears are burning

Hopefully better than the pocket warmer batteries...

'Java 9, it did break some things,' Oracle bod admits to devs still clinging to version 8


Re: I'm still using Java 1.4

As we're playing one-up compile, I can still assemble (though the young uns call it compile nowadays) IBM 360 assembler my Dad wrote before I was born.

You. Shall. Not. Pass... word: Soon, you may be logging into websites using just your phone, face, fingerprint or token


Re: Didn't this get discussed by Grace Hopper several years ago?

@Charles 9

"Trouble is, ANY of them can be defeated by a determined adversary"

Exactly! It is all just data (once it is digitised). A finger-print scanner sends a digitised finger print, a retinal scanner another digital image. By the time they're standardised, you won't need the scanners, you'll just carry your finger print around with you as a long string of numbers. Because that's all the dog on the other side of the internet is ever going to see to let you in to the chamber of secrets.

And you know that every tin-pot site is going to store your email address next to your fingerprint next to your retina scan next to your dongle id next to your salted password next to the salt... poof, and it's gone...

It all sucks. There is no solution. Just make it awkward - password and dongle with authenticator combo do that without having to get a new finger every time someone has a data breach.

US Supremes urged by pretty much everyone in software dev to probe Oracle's 'disastrous' Java API copyright win


Re: Don't make me laugh

Absolutely! You are owned.


Re: Wow. Some just don't get it.


"in respect of APIs, the courts got this one wrong."

Or got it right, but the law is wrong or deficient?

History is full of courts radically revising what is acceptable, usually when an actor takes the existing gray area and drives a truck through it.

History is also full of highly paid lawyers making a cock of technical matters.


Re: Hasn't this been decided in the other direction already?

What's with slinging "right-wingers" about? Poor form.


Re: @Graham Before people get in to a panic...

No, he's arguing that the courts know more about "fair use" and that the interpretation that the software industry "require" doesn't exist in law (that's what the judgement is). So the court doesn't care that it's software industry, or that software industry has always worked this way; rather the law says you can't rip off someone else's product unless you meet these criteria.

The Wikipedia page has a good summary:


"during the second appeal hearing, Google had used this code for commercial reasons to rapidly complete Android and to avoid the "drudgery" of recreating the code."

As an old-timer, it kind of bemused me that you could take, say, WordPerfect, rip off the look and feel of it, even to the point where you could save documents in WordPerfect format, and then walk away with money.

Bun fight breaks out after devs, techie jump ship: Bakery biz Panera sues its former IT crowd


Re: What trade "secrets"?

These ones:

""Panera employs a team of information security personnel whose jobs are dedicated to preventing the unauthorized access and release of Panera’s trade secrets, proprietary data, and intellectual property. Panera also encrypts all of the hard drives in the computers it uses and requires that employees use regularly updated passwords to access these computers.""

You wot mate?

Artificial Intelligence: You know it isn't real, yeah?


Re: the error is in call it "AI" !!!

That's an excellents article by Mr. Dabbs.

I wonder what "AI" would make of it; not a lewd pun in sight, must be a fake?

Patch this run(DM)c Docker flaw or you be illin'... Tricky containers can root host boxes. It's like that – and that's the way it is


Re: kata-containers


You're guaranteeing that kata containers have no flaws? Backing that with money?

Crypto exchange in court: It owes $190m to netizens after founder 'dies without telling anyone vault passwords'


Re: Has anyone tried....



Re: Bullshit

Re: Bullshit

Well, he died from complications from Crohns. I have Crohns, the last way I want anyone to know I went is that I shat myself to death. There are honestly a gazillion other ways you could pretend to be killed by in India (and get a death cert for). Gored by a cow. Run over by an elephant. Knocked off your motorbike as it slips into neutral in front of a killer red line bus... but a shitting disease aggravated by Delhi Belly? It's entirely credible.

Mobile network Three UK's customer details exposed in homepage blunder


Re: Testing?

"This is CI/CD! The user is the tester!"

That seems to be the plan :( If it passes the unit tests, and all the APIs return expected values in expected fields, then you don't need to do that messy E2E integration testing...

Anyone with more CI/CD knowledge care to say different?

At 900k lines of code, ONOS is getting heavy. Can it go on a diet?


Ditched for Kafka

Essentially he is saying ditch SDN for Kafka - have your semi-dumb controller (that only does network layer processing) talk to and from a Kafka cluster and make Kafka stream processes do the hard work. It turns out there's life in the OSI 7-layer model and specialised processing by layer is a good idea.

Aside from efficiency concerns, it would seem yet another point of failure is added on an already failure-ridden comms stack. Getting from front-end to back-end used to be straighforward to operate. Now layers and layers of SD firewalls and SD networks intervene. The idea that this can be E2E tested for all situations is no longer tenable.

'It's like they took a rug and covered it up': Flight booking web app used by scores of airlines still vuln to attack – claim


Re: GDPR much?

If they allow brute force (aren't checking for it), it supposes they aren't checking who is accessing their APIs. So they may have no idea whether it has been used...


A spokesdroid said:

"The airline industry relies on IATA standards that were introduced to improve efficiency and customer service on a global scale.

"Because the industry works on common industry standards, including the PNR, further improvements should include reviewing and changing some of the industry standards themselves, which will require industry collaboration"

IATA standards me hole.

There's nothing in IATA standards that says you have to spill unsolicited customer details (what other detail is being json'd out and just not displayed?).

The rest of the world's airlines will laugh Amadeus out of the room if they try and bring this up.

It sounds almost like some at Amadeus think API stands for api and not API ;)

(Advanced Passenger Information, security messages to states governed by IATA versus Application Programming Interface, a woefully inadequate way of outsourcing your security to the cheapest code chop-shop).

Once you get into the booking, you have access to all sorts of juicy personal data, some of it PII too, so it's not just GDPR for EU citizens that is in scope.

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP


Re: Wild West Days

And another beer from me!

Ah, Trumpet winsock, WinDis and poking around in .ini files. Kind of like Linux is today :/

You have deleted my usenet download history, right? Right??

Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers


Friday night special...

Classy burying of bad news there Marriott; ticking all the boxes...

Boffins manage to keep graphene qubits 'quantum coherent' for all of 55... nanoseconds


This page is unintentionally left blank?

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage


Re: Their Site


"It could all get a bit messy if they go down the GDPR route."

Absolutely it could, it could end with TM being fined for sharing privileged information with unauthorised third parties. TM have stuck themselves into a choice of:

1. It was us, sorry guv, QC issue on adding scripts.

2. It was them, we sent them everyone's information and they unsurprisingly stole it, but we sent it, don't worry.

Actually, 2 breaks PCI and PII rules too, never mind GDPR. TM have managed the insecure trifecta; the trilogy of swillogy; the trio of wankio.

They say software will eat the world. Here are some software bugs that took a stab at it


Re: That's news

@david 12

Yeah, I don't think we as developers can just blame management. Those of us who have been around long enough have seen enough shit code, lazy coders, and people who should really have been doing something else. That's not to let management off the hook, they hired these people and keep them (because they're fast and cheap, presumably), but as a professional, a developer need to stand up for their profession, not blame it's known inadequacies always on someone else.

European fibre lobby calls for end to fake fibre broadband ads


Re: "Or, um, rather the 'lack' of significant cost :-)))"


"$100 for 1Gb? Quite pricey, even in Canadian dollars, in other parts of the world you can have it at half the price, or even less."


Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years


Re: Just wondering

"Hopefully it won't be too long before banking switches to using MFA with an one time pad App on peoples phones."

Ha! I'll see your one-time pad and raise you contactless.

Then I'll raise you signatures in the US...

Then I'll raise you adding the tip in after you've signed the bill...

IBM's Ginni Rometty snipes, er, someone for being irresponsible with data, haven't a clue who


"If law doesn't cover a particular topic adequately (not even devolving responsibility to, for example, a medical body), then the law should be updated."

Well, no, principles based law defines categories of misbehaviour; it doesn't deail every possible transgression. Principles based law is what is required here.

Oh and Mrs. Ginny, Facebook-> Cambridge Analytica WAS B2B, so I suggest that B2B is where the bigger danger lies - one company takes from the public, then sells to another business that misuses the data; your ill-aimed potshots at GDPR are ill-founded, it hits the responsibility mark reasonably well.

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)


Re: Javascript


"In this specific case, is it reasonable for a developer to anticipate the introduction of malware which leaks confidential keys to a thief, and test for it? Until the theft actually occurs, the app works perfectly in a normal testing scenario"

Well, a specific malware threat, maybe not reasonable to expect, but that unspecified malware can be introduced through a repo the developer has no control over? Absolutely reasonable. It has happened multiple times so it must now be considered a known risk and you should have mitigations in place.

That sphincter-flexing moment for devs when it's time to go live


Re: Experience is a harsh teacher

@Graham 2

"The challenge comes when *someone* (it doesn't matter who, but they often count beans for a living, decides that the carefully prepared plan "takes too long" and needs to be done in less time."

A secondary issue is that the 'plan' doesn't make economic sense if properly specified to the correct hardware/network/redundancy/DR/day-to-day debugging capability; the imaginary savings are much sweeter if they use imaginary numbers for capacity and support cost.

Imagine that!

Excuses, excuses: Furious MPs probe banking TITSUPs*


Re: Rare Events One And All (@ tfb)


"their infrastructure is a chaotic mass of history and complexity which they can't just do a clean-sheet reinvention of because no-one really knows how a lot of it works except that it does, and it is just really, really hard to predict what is going to go wrong as a result."

Going back to your original well made point - the thing is, we see from thebigG, MS, AWS etc. that their infrastructure is also a mess of complexity. I blame (as I suspect you do with pointing to the number of Linux kernel lines) the amount of code being written in ever lower cost, lower experience shops.

I work in an industry riddled with ancient technology beating up against new tech. I work in old tech and I'm distinctly unimpressed with the new. The chaps programming it care mostly about writing pretty code; they don't care to understand the business, they don't care whether it works or not, just that it is leading edge. Performance is always a hardware problem to them. The languages themselves are opaque and insecure by design. Each environment seems to be hand crafted to be different to every other environment that's gone before. Communications between systems is a black hole fiasco (I suspect the Barclays issue was MQ related, I too have seen roque MQ messages block an entire network as they block every listener and no easy way to spot where the blockage is or where the bad packets are coming from).

And agile means there's no architecture, no low level technical direction. "As a user I want a banking mobile app that lets me check my account balance". Architecture seems to be limited to specifying components as if bricks, mortar, wood, nails are all all you need to design a house. "As a user I want a shelter that keeps me warm in the winter" - welcome to your brick oven; no windows...

A 5G day may come when the courage of cable and DSL fails ... but it is not this day


Re: Cost

Unless my sums are wrong, two-forty knicker a year is a score a month. That appears to be less than the cheapest fivegee whiffy at twenty-two a month?

What's big, blue, and short on Intel? The supercomputer world's podium: USA tops Top500 with IBM Power9


It takes a lot of horses to make weather this bad.

Cathay Pacific hack: Airline admits techies fought off cyber-siege for months


Re: Flight Pattern


Nope, the hardware is new.

The software, that's different, it's old in some cases. Very old.

Perhaps that you can't use the correct term identifies your experience and capabilities in this matter.

But, the old software is also not designed to be accessed in bulk, so the changes of old software being used to access is close to zero. The newer software? That stores bulk copies of DBs in SQL-readable format? So once you're in, you have access to everything?

Yeah, keep kidding yourself it's legacy software that's the issue and nothing to do with modern systems, modern architectures, open system, open protocol, open access.

McAfee says cloud security not as bad as we feared… it's much worse



"The recommendations for companies are fairly straightforward: McAfee says companies should NOT USE THE CLOUD!"

Run for your lives, we're all doomed.

Memo to Microsoft: Windows 10 is broken, and the fixes can't wait


Re: "Office was always far more reliable"


True, but for sheer bloody-mindedness, the refusal of o365 apps to move a cursor, respond to a click, or accept typed input through a human interface device takes the biscuit. o365 has to be the worst version of an office application for actual working since, hmmm, DW370...

That syncing feeling when you realise you may be telling Google more than you thought


Re: "yo FYI you're currently logged in to Gmail"


Mr. Yo?

Ah, I see...

Herr Yo!

How an augmented reality tourist guide tried to break my balls


Re: Almost SNCF but not quite

@We have come a hell of a long way.

Yes! It no longer makes a noise!

Cisco loses focus over TelePresence blurry videoconferencing bug


Potato quality

of desktop sharing on webex can't be so easily blamed on someone else, eh Cisco?

British Airways hack: Infosec experts finger third-party scripts on payment pages


Re: BA - Oh the irony

@Yet Another

My, my, the virgins seem not to like your comment much! ;-)

Microsoft sharpens its claws to cut Outlook UI excess, snip Ribbon


Re: Desktop UI please

Or have the UI's as skins - one for mobile, one for desktop (and a separate one for touch? Does anyone actually use touch on their laptops?).

The mobile app is already different enough that it bears little resemblance to the desktop one and is really only useful for the most basic of functions.

Go Pester someone else: TSB ditches CEO over bank's IT meltdown


Re: Dreaming

@Pete 2

"This is always going to be a problem for banking systems since they are so completely interconnected. I assume that is one reason why they have so much otherwise obsolete systems and software - nobody has the foggiest idea how it works and they are all too scared to try and change it!"

Yes, but:

1. The failures are not in the external interfaces to other banks. They are between the bank and itself. This should be entirely predictable.

2. This is a new system! They should know exactly how it works! And it's no dinosaur legacy uptime monster with five nines reliability. It's the cloud mate, where 4 hour scheduled outages each month are required?! What happened to "no planned downtime"? When did that die as a thing? What about five nines? 4 hours a month is 99.45%, even with rounding that's not three nines... Is this really what we have to look forward to? My fridge is going to be down for a minimum of 4 hours a month, but the outage may extend until tuesday?

Game over, machines: Humans defeat OpenAI bots once again at video games Olympics


If the AI is not learning itself from its defeat, then surely it is programmed intelligence rather than artificial?

Everyone screams patch ASAP – but it takes most organizations a month to update their networks


Re: and in big End of town


Absolutely! Change approval is the homeplace of charlatans and idiots with a god complex. The poor techie has to fill in the PIR and the RCA and be subject to enhanced scrutiny for every other change for the next month. CI/CD is a dream of children along with pink fluffy unicorns. For most of us, change is hell. Putting in somebody else's change is inhabiting somebody else's hell.


"A server outage due to a patch is easier to explain than a data breach lawsuit..."

Unfortunately it isn't. A patch is a change, and failed changes, particularly those that cause customer impact are ITSM black-death.

Customer: "Why weren't told you were going to patch?"

Us: "We patch every night and have told you so"

Cust: "Why didn't you give us the opportunity to test?"

Us: "Because we waited weeks the last time, and you still didn't do any testing that we could observe, other than asking us to switch if off one night"

Cust: "Why don't you use something secure?"

Me: "You don't like our mainframe and demand something shinier"

Cust: "Why didn't you tell us this change would break our geegaw?"

Us: "!@##$%$#"

London's Gatwick Airport flies back to the future as screens fail


Re: "no redundancy in the internet link"


"DId they reall need someone else's computer"

No, but, generally you stick the flight information data on a server somewhere so you can access it from multiple sources. Of course, if you build that as PUBSUB and there was a local server serving coax to the airport... (why coax? Coax can be fixed by anyone with pliers and a piece of tape... Bring back coax!).

It's a bit weird, that they are having problems still suggests it's not just a fibre cut?


Re: "no redundancy in the internet link"


"It's an Arrivals and Departures system. The data grows stale in no more than a couple of minutes. A local cache doesn't really help. "

Not really, the scheduled departure and arrival times are well known days in advance. The gates are usually well known, but at lest could be manually updated (so at least people stand a chance of finding their gate). The amount of data that tranmits by FLIFO for FIDS updates is vanishingly small, being essentially designed in the 1960s. Never mind LTE, you could run it on dial-up...


Re: "no redundancy in the internet link"

Outages happen. The question for me is why there was no local cache? It would have grown stale over time, but a well installed local cache with a GUI for updates could put everything into manual mode with zero impact.

Is this the Internet of Tripe future? One failing link and your IoT belt unbuckles and your trousers fall down exposing your single-point-of-failure-arse?

Second-hand connected car data drama could be a GDPR minefield


Uxbridge English Dictionary

Paramount = where you hang your parachutist after you've shot tthem

Or "couldn't give a stuff while there's money to be made doing lowest cost development where they'll just do what the spec said, and the spec said nothing about security"

The ICO or Advertising Standards should start looking at the product specifications for anything like this and see if security is mentioned at all and levy fines accordingly.

Holy ship! UK shipping biz Clarksons blames megahack on single point of pwnage


Re: Copies

The whole response publication is idiocy. One isolated account = they only used one account, the information was loose on the intranet and once you could log on to the VPN you could get any of it.

Immediately = After six months (May to November)

As above, the whole "stole the data", "got the copy back" lark.

I wouldn't trust them to float a boat, never mind run an IT system.

Oh wait...

edit: I see AB Hands made the same points! Sorry!

UK cyber security boffins dispense Ubuntu 18.04 wisdom


Re: Good idea.

Really? You'd put passwords in a script? Where do you store it, GIT?

(Genuine question, mainframe chap here; the idea of anyone outside the console having rights to install software is bizarre to me in a server environment).

IBM Watson dishes out 'dodgy cancer advice', Google Translate isn't better than humans yet, and other AI tidbits


Re: Don't worry IBM!

IBM, reclaiming POS for IT from cash registers since Ginni.


You're half right I suspect, "improve outcomes" is marketing speak for cheaper... improve bonus outcome.

Another German state plans switch back from Linux to Windows


Re: Surprise may be coming

Indeed, the cloudy o365 if far inferior to vanilla desktop versions for 90+% of the average workday. For all the talk, the truth is that most of the day is not spent collaborating, it's spent working and response time is and the consequent flow interruption of lag is the biggest irritant.


Biting the hand that feeds IT © 1998–2019