* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

Self-driving car devs face 6-month backlog on vital $85,000 LIDAR kit

Doctor Syntax Silver badge

Re: I wonder...

The precedent that it "should" work is that it is how us humans do it.

The way we humans (and bats) do it is by having massively parallel processing available. You're right to point out that it's not only distance but also speed that matters. Both of those give timing and that matters even more. You don't mind occupying the same piece of road that another car will occupy but you really don't want to occupy it at the same time.

UK.gov plans to overhaul £6bn in big IT deals 'watered down'

Doctor Syntax Silver badge

"a lack of will by the Government Digital Service under Kevin Cunnington's leadership"

Was that all that was lacking?

Latest example of GDS's efforts: go to site to make an appointment suggesting several different slots which,according to the online diary, were available. A few minutes later there's a call back to say none of them were available; the office diary isn't linked to the GDS online version which is consequently out of sync with reality.

You think your day was bad? OS X malware hackers just swiped a Mac dev's app source

Doctor Syntax Silver badge

Re: Lost ?

Lost absolute control until he could change the credentials. And lost control of a copy of how it was at the time the repository was cloned.

And the moral of this story is that you should use a password manager although that still won't protect against a key logger.

Hyperscale data centres win between their ears, not on the racks

Doctor Syntax Silver badge

It's all easily explained

Just go back and look who these guys are working for. Gartner.

Backup crack-up: Fasthosts locks people out of data storage for days amid WCry panic

Doctor Syntax Silver badge

You're not going to be able to blame Jeremy Hunt for this one.

Britain shouldn't turn its back on EU drone regs, warns aerospace boffin

Doctor Syntax Silver badge

Re: ECJ/ECHR

"it is freedom from the ECJ that tends to get emphasised at the moment."

That's the easier one for her to deal with. ECHR raises issues with the Good Friday Agreement. But with the two sectarian parties supposedly sharing government in N Ireland falling out and all sorts of questions over the border she might be able to weasel out of that one as well.

Doctor Syntax Silver badge

Re: Confused....

"So... because we might want to fly in the EU, we should adopt their regulations? That makes no sense whatsoever. What rules we follow domestically does not dictate the rules we follow in other countries."

IFAICS what you're saying is that instead of having one set of regulations we could have two? That'll simplify things, take back control, cut red tape and [insert pro-Brexit slogan of your own choosing].

Doctor Syntax Silver badge

Re: Here be snowflakes...

"I dont understand where the problem is. Before the EU we wrote our own regs. Our own regs are so good the EU adopted a number of them. How is this a legitimate problem? Or do you have some kind of xenophobic problem that people in the UK are too thick to function?"

From TFA: "The [UK's Civil Aviation Authority, the CAA] hasn't got the capacity or the expertise to provide an effective standalone aviation regulatory organisation. It did have, 20 years ago, but we've sacked three quarters of the people. And the expertise... has gone to join EASA,"

Of course we could try offering suitable salaries to tempt them back. Repeat that over and over for each situation where that happened and see how much change is left over from all that money we save by not paying into the EU budget.

Azure becomes double DaaS-aster zone as VMware loads up

Doctor Syntax Silver badge
Mushroom

Azure becomes double DaaS-aster zone

You've done it now. I'll never again be able to read DaaS as anything but Disaster as a Service.

Clouds' crazy kinks can spin your wheels and lead you to mistakes

Doctor Syntax Silver badge

"He instead counselled connecting all offices to a cloud exchange, over one link, and letting the cloud exchange handle links to clouds."

I think the technical term for this is "single point of failure".

Management's agile, digital (insert buzzword here) strategy ossifying? Blame the Red Queen

Doctor Syntax Silver badge

Did he say anything? I vaguely remember some sort of contrived simile and then I nodded off.

Police anti-ransomware warning is hotlinked to 'ransomware.pdf'

Doctor Syntax Silver badge

"Maybe OS could become a little more clever"

As in https://linux.die.net/man/1/file and https://linux.die.net/man/5/magic both of which are long time inhabitants of the Unix world.

US judges say you can Google Google, but you can't google Google

Doctor Syntax Silver badge

Re: National modding

"That's a non-word, unknown in dictionaries, so I don't need to use uppercase."

Sorry but: https://www.collinsdictionary.com/dictionary/english/guggle

WannaCrypt 'may be the work of North Korea' theory floated

Doctor Syntax Silver badge

Re: Naive Question

"All said, simple win32 program from NT era will generally still work perfectly!"

And simple web sites run on any browser.

It's always the same; folk who try to be clever end up being too clever by half.

Doctor Syntax Silver badge

If it's right the Little Leader might find himself "invited" on a state visit to China where he will be taken suddenly, mysteriously and fatally ill.

Do we need Windows patch legislation?

Doctor Syntax Silver badge

Re: "The NHS had 70,000 Windows XP PCs"

the often quoted "90% of NHS Trusts still running XP".

And that in its turn seems to have come from a survey - I think a year or two ago - of trusts running at least one copy of XP. The fact that this might actually be just one is beyond the grasp of our mighty national newspapers.

Doctor Syntax Silver badge

Re: Eternity

"The obligation to correct defects in a product that should never have been there in the first place should never expire."

It's also an obligation that might substantially reduce the number of such defects in the first place.

Doctor Syntax Silver badge

Re: Somebody should be fired at your NHS

" In addition to being resilient to attack a VM can run on modern hardware, it's not limited to antique machine like native XP."

You do realise, don't you, that in some cases you're dealing with real time S/W that twiddles bits directly on specialised H/W?

Doctor Syntax Silver badge

"But the problem is not so much that support was stopped for XP, it's that hardware like this should never have been based on XP in the first place. It isn't Microsoft's fault; it's the fault of the developers of the hardware."

The developers were probably in a bit of a bind themselves. The introduction of commodity H/W and S/W killed off the minis and Unix workstations that were used previously. Even if it hadn't it would have enabled competitors to have undercut any who still used such kit.

What would have helped would have been the certification authorities requiring long term support. That would have either required MS to offer it or, if they didn't, would have levelled the playing field and allowed specialist workstation manufacturers to survive. That in turn would have needed the certification authorities to have anticipated the situation we now have.

Doctor Syntax Silver badge

Re: "ultimately this means that the end user can take control"

"But I know many coders who can do that kind of thing easily. And do."

And write a distributed version control application in passing.

Doctor Syntax Silver badge

Re: Who is going to do the maintenance?

"To provide full support for all its old systems MS would have to have large numbers of programmers trained up in those systems (no one person can know more than a small part of code that big)."

They could save money. They could ship better code in the first place.

And your general thesis founders on a single fact. They have already issued a fix.

Doctor Syntax Silver badge

Re: Beancounters

What the beancounters probably choked on wasn't upgrade or replacement of client platformss. It was the rewrite of the whole client/server system so that the clients didn't depend on running on XP.

Doctor Syntax Silver badge

Re: Support it - or Open Source it

"So how do they open source the code without revealing 80% (guess) of their code still used?"

They can't open source it in the FOSS sense which I think is what the OP meant.

What they can do is put the source code, including patches, into escrow. If the vendor turns their toes up or if they cease support then the source can be released to specified interested parties wrapped up with whatever conditions were mutually acceptable when the original transaction was entered into. I've seen that made a condition of an RDBMS installation.

Another option would be to make the source available to interested parties all along under NDA conditions. I've had one gig where part of the source was exposed like that, the user interface being the main part that was concealed. It served the vendor well as they got free debugging.

Doctor Syntax Silver badge

Re: Reluctantly

"However you cannot expect a vendor to continue to support the product indefinitely since it is in no way a cost-free activity."

We're looking at a fault which should never have been present in a shipped product. Are you saying that if they manage to get away with it for x years they get a free pass if it brings the house down in the future?

Doctor Syntax Silver badge

"Yes it is slightly more complicated, but once you've worked out the details you can semi-isolate lots of similarly challenged pieces of kit. (Perhaps the chaps at http://www.nhsbuntu.org could help you set it up.) Yes, it isn't perfect isolation, but it is a perfectly valid component in a layered defence. Yes, it is a pain in the butt,"

And yes, it it impinges on any certification the original machine requires than either you've got to hold off for a few months while that's sorted out or simply shut down for that period.

Doctor Syntax Silver badge

Re: @alain williams

"Those PCs were sold with Windows 7 Professional + downgrade rights to Windows XP, so there weren't even any licensing issues about upgrading and getting continued support."

The PC and its OS in such a situation is likely to have been only a component in a larger system, a system which required XP because some client/server application were the client end won't run on a later version.

You inevitably end up having to consider a more complex situation where simple solutions don't work. Yes, tou could argue that the original system shouldn't have been put together that way. Maybe it wouldn't have been if the original developers only knew what a later OS version was going to break.

Doctor Syntax Silver badge

The real world is much more complex than all these "simple" solutions everyone keeps coming out with can handle.

Another characteristic of the real world is that evaluating each "simple" solution for each individual case takes time. Half a dozen individual installations with unique, complex requirements could take a lot longer to update than a large office of routine desktops with a common build.

Doctor Syntax Silver badge

Re: Forced to support forever

"Of course 16 years is too long to expect a company to support a product"

There's a difference between supporting a product in terms of adding new functions or drivers and fixing a defect which was present when the product shipped.

But let's not lose sight of the fact that when the shit finally hit the fan MS made a fix publicly available within hours.

If they were under no obligation, it was too long to expect them to do it etc then why did they do it?

I can think of three explanations:

1. It was to mitigate a PR disaster.

2. Events brought it home to them that they had a moral rather than a commercial responsibility.

3. They anticipate legal action and are attempting to mitigate any penalties.

I don't think the last one flies - it simply points out the fact that they'd held back something that could have been made generally available.

But let's not lose sight of the fact that for whatever reason they have done what lots of commentards have said they didn't have to do.

Doctor Syntax Silver badge

Re: All products have a support life

"OTOH should we also be looking at the suppliers of MRI scanners etc which are often blamed for being the cause of 'staying on a known OS'. They ought to be obliged to release software for newer versions of their chosen OS (whether that's MS/OSx/*nix/*BSD/....) for the expected lifetime of the machine (probably more than the expected life actually)"

A recent post by an engineer who's worked on such kit suggests that this is by no means straightforward and you could actually brick the instrument by getting it wrong. At the very least you'd have to re-certify the new combination.

Doctor Syntax Silver badge

Re: Lawyers

"As far as I can see it also went to those who used a well known registry hack to continue support for XP!"

That wouldn't be a viable option for anyone who needed to maintain some sort of certification.

Doctor Syntax Silver badge

Re: Lawyers

"The lawyers have more chance of getting Comey his job back that getting MS to admit to anything."

It's not the lawyers' job to get their clients' opponents to admit anything. Their job is to get a court decision in their clients' favour. An admission might be useful but not essential.

Doctor Syntax Silver badge

Re: Forced to support forever

"I agree completely. Your last point is interesting though - if this were OSS or M$ had decided to open source the code at end of life, then governments & corporations around the world would have had the *option* to build their own in-house support for the product."

It wouldn't be necessary to open it in the FOSS sense but to place it in escrow. The terms for release from escrow could place an NDA on whoever then took up maintenance. This would be a sensible provision where it's been incorporated in a product whose reasonable life expectancy exceeds the support life of the product. It's maybe something that regulatory authorities could require for medical equipment in the future. If an OS vendor was unwilling to do this then the equipment supplier would be obliged to go elsewhere.

Microsoft could agree or not as it pleased. If it judged the market too small to bother about that would be their commercial choice. If they chose not to remain in that market the equipment makers would be free to look elsewhere. Give or take proprietary drivers FOSS fits this bill automatically. There would be scope for someone to offer support well beyond the normal life of an LTS distro as a commercial proposition. An existing proprietary embedded Unix derivative such as QNX or VxWorks might also be a good fit.

IBM's pension fund sells most of its IBM shares

Doctor Syntax Silver badge

Re: Possibly good strategy

"Remember it's those who are paid the most who get to gain the most from the pension fund."

The staff, especially those at a senior level, should be isolated from those making the investment decisions if only to avoid charges of insider trading.

How to reward an IBM exec for lower sales and shrinking profits? Promotion

Doctor Syntax Silver badge

"IBM’s UK overlord David Stokes is getting his just deserts for presiding over a sustained period of sliding sales and plummeting profits - he’s being promoted."

No doubt he won out over strong competition from other IBM execs who even now are wondering "how much more do I have to lose?".

Why Microsoft's Windows game plan makes us WannaCry

Doctor Syntax Silver badge

"If anything good comes from WannaCrypt, it'll be the final death of XP."

No, if anything good comes from WannCrypt it'll be a whole new emphasis on how OSs are designed and built, how they communicate and how the computing elements safety or health critical equipment are certified.

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Doctor Syntax Silver badge

Re: Eh?

"Microsoft provided the patches to those who had contracted for support of XP. No hoarding."

So why have they released it publicly now?

Doctor Syntax Silver badge

"It's possible that the patch was built in February as part of the general build process but not pushed through QA because it was unsupported code. Or perhaps it was only available to those paying for extended cover"

The second comes as has been said already. But if it was only available to paying customers why release it publicly now? The only two explanations I can think of are that they realised it was the responsible thing to do or that it's an attempt to remedy a PR disaster. You can take your pick butin reality it's a case of better late than never but better never late.

Doctor Syntax Silver badge

Re: Blame all round

"MS for relying on seeing an exploit first before be able to patch it."

Did they not run any static analysis tool on this code? If so did it not flag this up? And if it did, did nobody stop and think what could go wrong?

Doctor Syntax Silver badge

Re: Munich city now planning to move ALL their Linux desktops back to Windows

"anything even slightly dissimilar to the MS-based environment to which they are accustomed."

Which MS-based environment? They keep changing it at whim. <cough> Ribbon. Tiles.

Doctor Syntax Silver badge

"I disagree: the principle operation of the product was to provide an O/S, which it did (rather well at the time as it happens)"

One of the functions of an operating system is to provide a degree of security.* It's not like arguing that a lock is a subsidiary function of a car. And that gains even more force when one of the products was a server rather then the desktop OS.

*Or are my expectations being warped here, coming from a Unix background?

Doctor Syntax Silver badge

Re: Plenty of blame to go around

"Supporting former customers for free is a sure-fire method to increase your expenses and reduce your profits with no gain for you."

Letting stuff like this fester until it manifests itself by large scale damage is a sure-fire way to make people ask whether they should become future customers. That's not exactly a gain especially when those "former customers" are also your current and hoped-for future customers.

Doctor Syntax Silver badge

Re: Fixed your car analogy

Car analogy: Vehicles were sold 15 years ago and their brakes are knackered. Customers are told "you can only get them fixed if you pay a mechanic"

Car was sold 15 years ago with an egregious design fault..

We're repeatedly told here by commentards that the product was supported for 13 years. So why during those 13 years was it not found and fixed? In all conscience 13 years ought to have been long enough. It sounds like the sort of thing that any static code analysis tool should have highlighted.

Doctor Syntax Silver badge

Re: "2)Did it even need Windows or could it have just had a GUI "

"don't expect those companies to open source a lot "

No, but they do need to place their code in escrow so it can be picked up by others should they decide they don't want to support it, be taken over by someone else who doesn't want to support it or even just disappear without trace. That should be a regulatory requirement.

Doctor Syntax Silver badge

Re: Microsoft being Microsoft then. Another day, another vuln to fix.

"2)Did it even need Windows or could it have just had a GUI that looked and worked enough like Windows that healthcare staff felt comfortable using it (IOW who cared if it couldn't run Office?)"

Originally makers of complex kit that needed to be computer driven had a number of choices. Some would be embedded controllers with their own specialist libraries. Another would be a mini such as a PDP8 or a Nova (I remember our lab having a Nova driving the X-ray fluorescence analyser on an SEM). Back in its glory days of being an instrument maker HP made an amazing variety of these for its own products.

The arrival of commodity computers and commodity OSs rendered that uneconomic. Any manufacturer taking the traditional route would have been priced out of the market. Even if they had they'd have ended up shipping kit that had even less long time support life - where are DEC and DG these days?

The trouble is that as the market for complex instrumentation matures the expected life of the product exceeds that of the computing side. Back in the '70s that XRF attachment might have become obsolete before the Nova was EoL, now a piece of equipment which represents a major investment might be expected to last well beyond the period for which the OS supplier is prepared to support their S/W and the computer H/W may outlast the S/W and yet not be supported by newer OS versions. In such instrumentation systems computer H/W is liable to be closely integrated with the rest of the instrumentation. I think the XRF was using the Nova's memory to replace what might have been an array of discrete counters in an earlier generation and the post by a_builder in a previous thread detailed some of the issues in medical imaging.

Perhaps a solution, at least with medical equipment, lies with the regulatory bodies. They could require a code escrow agreement for the OS code in order to gain approval. That would have required MS to escrow their code if they wanted to sell into that market so that someone else could take over support at EoL. For the most part FOSS already complies with that although vendors supplying drivers as binaries would need to comply or shut themselves out of that market.

For kit that needs certification upgrades are another problem. Any upgrade to S/W that operates the instrument would need recertification. Routine OS upgrades couldn't be applied without testing against a real instrument. Such S/W needs to be buffered against the wider hospital network.

This last event and the earlier attacks on US hospitals point to a need to reevaluate the way medical systems are certified. One aspect of this would be to require information systems, including the network facing aspects of imaging systems etc, to be re-certified every few years and part of that would be to require them to be running of S/W which was still within support life for the duration of the next certificate. That, had it been the norm, would have long ago weeded out system that still require ancient versions of IE; it would have driven suppliers to write standards compliant S/W from the start.

Doctor Syntax Silver badge

Re: Munich city now planning to move ALL their Linux desktops back to Windows

"https://mspoweruser.com/munich-city-now-planning-to-move-back-all-their-linux-desktops-back-to-windows/"

And who might mspoweruser.com be I wonder.

Doctor Syntax Silver badge

Re: Wormable holes

Edit: For systems that are still in widespread use, of course.

EYEFY

Doctor Syntax Silver badge

" It is totally within their right to charge for the patches"

Let's not lose sight of the fact that this is a patch for a basic design error in their product. If this was your car and not a piece of software would you expect to have to pay a maintenance contract or would you expect a manufacturer product recall?

Doctor Syntax Silver badge

"I'm not sure where I sit on this."

Let me provide you with a cushion.

"Microsoft is under no obligation to release patches for an OS it no longer supports without being paid."

It sold a defective product and wants to be paid to fix it. How many other industries would get away with this being standard practice?

Blighty bloke: PC World lost my Mac Mini – and trolled my blog!

Doctor Syntax Silver badge

Re: Quite simple...

"Appears he'd placed the order against the wrong address"

What TFA says is "After learning his business account was set up to ship to the wrong address" but doesn't say who'd set it up that way. If it was PC World then it's still on them.

Romney tax return 'hacker' Dr Evil gets his sentence reviewed

Doctor Syntax Silver badge

These stories always remind me of an old colleague dealing with a particularly inept lot of supposedly professional bank robbers: "It's hard to get good staff these days.".

Biting the hand that feeds IT © 1998–2019