* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

Sueball smacks AMD over processor chip security flaw silence

Doctor Syntax Silver badge

So let me work out the argument here:

They should have disclosed the find immediately.

At that stage there would have been no mitigation available.

There's then have been a race to develop mitigation and exploits.

If exploits had won that would have helped the share price how, exactly?

Former Santander bank manager pleads guilty to computer misuse crimes

Doctor Syntax Silver badge

Bank mamager?

Bank managers used to be middle-aged experienced individuals. They would have good understanding of the responsibilities involved. So why is a 22-year old a manager, especially when her mitigation seems to hinge on her immaturity?

Doctor Syntax Silver badge

Williams was also investigated by police but was "NFA'd" – his case was formally marked No Further Action.

Why?

UK.gov slammed for NHS data-sharing deal with Home Office

Doctor Syntax Silver badge

“[The data guardian, Fiona Caldicott] has concerns that the public interest criteria which are applied by doctors with GMC code or NHS staff using the Department of Health code, are not reflected in the MoU,”

Surely if she doesn't have a veto the word "guardian" is inappropriate.

Biggest vuln bombshell in forever and storage industry still umms and errs over patches

Doctor Syntax Silver badge

Re: "This means our software is behind the multiple layers"

"Can't this people understand their system could be still vulnerable to insiders attacks, or from other compromised systems inside the network with some kind of access?"

Yes they can. But they can also understand that in such a case taking advantage of Meltdown on the storage layer is the least of their problems. They also understand that the performance cost will be paid all day every day.

National Audit Office report blasts UK.gov's 'muddled' STEM strategy

Doctor Syntax Silver badge

Re: It's really very simple

"it disincentives the supply of relevant technical education by allowing Arts courses to charge the same for tuition as engineering courses (English 2 hours lectures per week, engineering 30 or so)"

It's arguable that the English course is subsidising the engineering course.

Doctor Syntax Silver badge

Re: Why bother

"Maybe get a few scientists to do the public inquiries so often called by the govt (instead of a judge e.g. Grenfell) - after all science (in non theoretical areas) is all about analysing data and producing evidence based conclusions"

ITYF that judges are also good at analysing data. In a jury trial, of course, it's not the judge who produces the evidence based conclusions but they still produce summaries of the evidence.

Doctor Syntax Silver badge

"an oversupply in ... biological science graduates, who are then often underemployed in an economy in which they are not in high demand"

So no change in half a century. I always reckoned that as HMG was one of the major employers (a relative term) of biologists they were prepared to finance and oversupply so as to be able to pay rock bottom salaries and save money over the long term.

PPI-pusher makes 75 MEEELLION nuisance calls, lands £350k fine

Doctor Syntax Silver badge

"freeze a company's bank account"

Let me add to that: freeze directors' accounts and accounts to which the directors might have some control such as their spouses.

Doctor Syntax Silver badge

"The calls would likely go through much cheaper ... foreign VOIP providers"

They eventually land with a local telecom company for the last leg. That company knows who to bill. Even if it passes through a number of companies they should still know who to bill. The last one who fails to record where the call came from is left holding the baby. If it's a pre-paid SIM then they need to debit the SIM PDQ. At present telecoms companies are making money out of the racket, they need to share the risk.

The likely result of even looking seriously at this would be likely to result in telecoms companies tightening up - they wouldn't want to undertake the cost of S/W development to handle business which would be liable to dry up.

Doctor Syntax Silver badge

Re: Jail time

"Send the Managing Director(s) to jail."

Managing director is just s couple of words - I don't think it's a legally defined term so best to avoid it.

But there is provision for directors' liabilities within the new DP Bill. See section 117 at https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/lbill_2017-20190066_en_12.htm#pt7-pb4-l1g177

it is proved to have been committed with the consent or connivance of or to be attributable to neglect on the part of a director, manager, secretary or similar officer of the body corporate, or a person who was purporting to act in such a capacity. The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and

punished accordingly.

The provision is there, let's hope it will be used.

Doctor Syntax Silver badge

We need two things:

A mechanism for recipients to charge a handling fee from the callers' telecoms accounts. The telecoms companies would, of course, have to protect themselves by managing the callers' credit which might in itself be sufficient to choke off the entire business model.

The other would be to give the ICO the power for a pre-emptive strike to freeze a company's bank account so that fines couldn't be evaded.

Wanna motivate staff to be more secure? Don't bother bribing 'em

Doctor Syntax Silver badge

Re: Re Faecebook example

"emails that were so ineptly put together that they looked like phishing attempts."

That would be a report that could be acted on. Clearly whoever puts together emails like that (I'm looking at at least one bank and building society here) has no idea what phishing is and hence is prime target material. Reports on this point to a need for training.

Doctor Syntax Silver badge

Re: Dont' name and shame persistent offenders

"But what do you do when the person you want to sack is someone like an executive with sacking powers of his/her own?"

Leave. The outfit's on borrowed time.

Doctor Syntax Silver badge

Re: Have you ever worked in a security role?

"There's a base level of security compliance it's reasonable to expect, and test for and send people on compulsory training when they don't meet it."

What do you mean by testing? If you simply mean a questionnaire about the security policy this isn't going to be adequate. Passing a one-off test is one thing. Acting securely day-to-day in the long term is another. An effective test would be to have test phishing emails sent randomly to various members of staff.

I had a client who took security very seriously. They had a pen-testing firm ring through to direct lines and try to winkle information out of the target. They found that the attempts were firmly resisted. Security was part of the company culture; it helped that "Security" was part of the company name.

Doctor Syntax Silver badge

"Another, er, motivational technique – naming and shaming of employees by the BOFH – doesn’t work either. "

Really? Back in the days of dumb terminals we had a problem with users not logging out. We set up a message on MOTD to remind users to log out. The next time we had to force a log out we added "xxxxx, this includes you." and changed it every time a new offender was discovered. Eventually we had to remove that with the last offender's name because nobody else had put themselves forward as a replacement.

The message had got through.

I suppose in these days of snowflakes it would be called harassment and not allowed.

Flying on its own, Thunderbird seeks input on new look

Doctor Syntax Silver badge

Re: Pagan good luck symbols deployed

"I can't simply move them to Thunderbird as they also have to connect to an Exchange server, and don't want to run two mail clients on a single machine."

So what you really need is for T'bird to stop pissing about with UI changes and add in some useful stuff such as Exchange client functionality instead.

Doctor Syntax Silver badge

Re: I remember when...

"...we used to have to learn to use a program (by reading manuals and tutorials) because that was how the program worked."

Then along came IBM with CUA. When people started adhering to that new programs actually did become more "intuitive" but actually the intuition involved was following what had been learned from other applications. The learning curve was reduced.

I think the current problems are caused, like so many others, by people who wanted to get into computing because they saw it as something modern but didn't want to cut code or do anything difficult like that. So they got into non-technical areas like interface design and started tinkering without bothering to understand why stuff looked like that.

Doctor Syntax Silver badge

"The trouble is that for our customers, they want more than that: they want features like shared calendar, contacts synced with their iphone and a modern look."

The danger with the current proposal is that they'll get the last and the rest will still be on the back burner.

Doctor Syntax Silver badge

"The loonies can have their Metro / Australis / Material design / "flat" / Gnome3 revolution all they want, I won't be following."

Can I point you in the direction of Seamonkey?

Doctor Syntax Silver badge

Re: Make it look and act like (al)pine.

You are free to use Alpine, Pine or, indeed, Elm should you so wish.

Doctor Syntax Silver badge

Re: Stagnant is good, dead is better

"It did work as a PR hook, obviously, which is a good thing in itself."

So did the previous "shall we leave Mozilla" debate. It came to more or less nothing. PR is a useless thing in itself.

Doctor Syntax Silver badge

Re: HTML mode doesn't have a tree view (for folders)

"Total madness to do other than the opened email content using a browser engine, sandboxed, so HTML can be rendered."

That's too much. Automatically send such crap back with a note saying "send plain text".

Doctor Syntax Silver badge

Re: To be honest

" Some months ago they were speculating on their blog if they should rewrite Thunderbird A) from scratch in HTML5 with a modern GMail UI or B) rewrite from scratch piece-per-piece and keep the same Thunderbird old-school look&feel. Apparently they choose C) just update the theme a little bit and decide on the hard part, what do next, later."

Personally I'd have preferred the alternative C) let LibreOffice take it over.

Doctor Syntax Silver badge

Re: To be honest

"If on the other hand it gets on the way of something like e.g. carddav, then the theme can wait."

And roll in Lightning and Lightbird as built-ins instead of plugins.

Wave Tata, Capita: You've lost mega-contract to rival outsourcer

Doctor Syntax Silver badge

Re: And a few years down the line

to save costs "my" bank closed local branches I used, result I changed bank to one with local "bricks & mortar" presence

This is getting harder. I ran out of banks in my preferred location. The next best was one with in-store premises with extended opening hours. That closed. I've been pondering another change & decided on the next one but the bar stewards have decided to pre-empt me and announced the closure of the relevant branch of that bank.

I can't help hoping that when they've all completed the race to the bottom (who said "they already have?") some bright spark will have the idea of differentiating themselves by offering local branches.

Doctor Syntax Silver badge

Just checking...no, no policies with the Pru so that's OK.

Causes of software development woes

Doctor Syntax Silver badge

Re: Requirements are always a nightmare

The worst case scenario is letting UX talk to the users anywhere near anything

FTFY

Whatever interface nightmare you come across it's very likely that UX had a hand in it. Perfectly reasonable websites become useless because these numpties got a hand in it.

Doctor Syntax Silver badge

Re: catchy methodology names

"find out what is needed and then deliver it." (my emphasis)

Not necessarily what's wanted.

Doctor Syntax Silver badge

Re: "statement of requirements with an email saying what you understand them to have said. "

But make sure you keep an off site, off line copy, to avoid "The email archive got deleted" defense.

Goes without saying. Also, include it in the project documentation that gets distributed to all the project team. That way it becomes more difficult to deny that the off-site copy's kosher.

Doctor Syntax Silver badge

Re: "it's important to get the big picture of what the system might grow into"

Beware, it could also lead to an over-engineering trap - if you don't have really clear "what the system might grow into", and how long it will take to get there.

But beware also the under-engineering trap. I had a client who had a slew of small applications, each hacked out to solve almost the same problem. Every time a customer gave them a slightly different job they wrote a new application to do it. Could a single application replace them all and tackle all the other jobs in the same category? Yes it could.

And they still didn't learn. The next, far more complex requirement came along. The contract required two types of job, both basically take in the data (in XML) rearrange it to drive the production process, batch it up, inspect the result and recycle items that failed QA into the next batch. Result: they insisted on writing two systems, one for each job.

The next, more complex contract after that I got far more of a hand in specifying as well as developing. Most of the code to be inherited from the previous one got thrown out (in retrospect I should have thrown more out) and the replacement made more versatile so, with minor extensions, it coped with more and more additions to that contract and a subsequent one. After all, when you looked at the general problem it was just a set of rules engines to provide different bits of the functionality - and being XML, XMLT is a pretty handy rules engine. Just throw in some new rules (mostly style sheets).

Doctor Syntax Silver badge

One tool I used to use was Enterprise Architect. In particular it had an option to sketch out a user interface and then add on actions in the manner of a Use Case diagram. You could them produce a narrative of what happens if the user undertakes a particular action. For instance a drop down menu could have actions associated with User selects "Missile alert" and User selects "Test missile alert". It gives the user an impression of what the interface will look like, what actions will be available and what will then happen. It also serves as a straightforward guide to implementation as it provides a list of event handlers and what they should do.

Doctor Syntax Silver badge

Re: Can you do us a sort of dashboard thingy with graphs and pie charts and stuff?

Yah, except when you utter your cute punch line "Nothing, you told me to make them up," you get torn off a strip for insolence and obstructionism

That's why you confirm your instructions by email. And you use less cute, more business-like terminology: "You suggested that arbitrary data be inserted as place-holders until real data is available.".

Doctor Syntax Silver badge

Re: Foundations

"In terms of software requirements, then, it's important to get the big picture of what the system might grow into, as a starting point for system design. That allows one to make appropriate platform and system architecture decisions that should prevent the system running into a brick wall as it grows."

I can't upvote this enough. Ask yourself what's the general problem of which the initial requirement is an example. Solve that general problem. It might not necessarily be much harder, if at all, than solving the initial one and it will stand a very good chance of being easier than the problem defined by the changes of mind between the start and the deadline.

Doctor Syntax Silver badge

The problem is that "agile" is such a buzzword for management that, like most buzzwords, they don't see past it and believe it's a magic bullet.

And the fate of management buzzwords - achieved in a very short time - is to become meaningless.

Doctor Syntax Silver badge

Re: And that's why...

"would you rather it was done properly and agreed so you could go home at a respectable time and put your child to bed?...Life is far too short to treat any gobshite boss's demands as wasting their money. It's wasting your time, and you only have a finite amount of it."

Look on the time you spend after you've gone home as your time. What you do with it is funded by their money. If they're determined to get as little as possible for it that's their problem.

However, a good plan if the instructions are verbal is to follow up each change of mind statement of requirements with an email saying what you understand them to have said. That set of emails becomes part of the project documentation.

Airbus warns it could quit A380 production

Doctor Syntax Silver badge

Re: Why not a cargo version

"Because nothing - absolutely nothing - can beat ocean shipping for costs."

It depends on the value of time.

Frenchman comes eye to eye with horror toilet python

Doctor Syntax Silver badge

A python is unlikely to bite. It could have given him a nasty squeeze, however.

Users clutch refilled Box boxen after 'empty' folder panic

Doctor Syntax Silver badge

"My files are now back and safe and I have made a physical backup of them, and I am now moving to another storage location."

A very good idea. Just as it always was.

France may protect citizens' liberté with ban on foreigners buying local big data firms

Doctor Syntax Silver badge

"This is France talking, not the EU."

After the UK joined the EEC someone made the snide comment that now maybe even France will join. Not much chance of that happening now.

UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

Doctor Syntax Silver badge

<Sigh> Only one upvote but "pertains" deserves another all of its own.

Why did top Home Office civil servant lobby Ofcom for obscure kit ban?

Doctor Syntax Silver badge

Why was it so badly redacted? Maybe someone at Ofcom thinks that Freedom of Information means exactly that.

Doctor Syntax Silver badge

Re: One of the more interesting questions

"It may be a simpler explanation"

Being senior in the HO is a simple enough explanation for all sorts of shenanigans..

Doctor Syntax Silver badge

Re: Me: "Oh no you haven't"

I'm sure there's a "behind yooou" missing from that dialogue.

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

Doctor Syntax Silver badge

"The operators fitted different brands' beer pump handles to them so they were more distinguishable."

Yo'd want to be sure that in an emergency shutdown your jury-rigged handle won't fall off in your hand. So you'd need to test it. How?

Doctor Syntax Silver badge

Re: Success!

"job well done and deserves a Pina Colada!"

But in future don't drink the Pina Colada before running the test.

Wait, what? The Linux Kernel Mailing List archives lived on ONE PC? One BROKEN PC?

Doctor Syntax Silver badge

"keep your own hardware skills up to date."

But only at well-spaced intervals. Mostly it just works.

Worst-case Brexit could kill 92,000 science, tech jobs across UK – report

Doctor Syntax Silver badge

Re: Phil

"Not a single forecasted growth figure has been correct since the referendum"

Or ever as far as I can remember. The projected growth figure for any given year always gets lower as we approach it and the growth for the more distant future always looks rosier. Treasure predictions resemble Gartner's.

Doctor Syntax Silver badge

Re: Economics

"Conversely the UK component of export costs has become cheaper when viewed from the perspective of an overseas customer or employer."

What you're saying, in effect, is that the UK will do very well after Brexit as a low wage economy.

Doctor Syntax Silver badge

Re: Brexit

"It seemed to go on for long enough"

Like he said, slow motion.

Biting the hand that feeds IT © 1998–2019