* Posts by Loud Speaker

450 posts • joined 30 Jan 2015

Page:

Charity accused of leaving sensitive notes behind after office move

Loud Speaker
Bronze badge

Re: Paper Trail

uploading it to a cloud

As in "set fire to it"?

- need - more - coffee -

0
0

Six things I learned from using the iPad Pro for Real Work™

Loud Speaker
Bronze badge

Surely it's horses for courses.

I can say with complete confidence that horses are not much use in the North Sea.

I am somewhat less confident that Windows is suitable for "real work". Fake work, maybe.

4
0

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

Loud Speaker
Bronze badge

Re: Oh that's just great

Except that "out of order" cpus do not inherently have a predictable instruction execution time, even in a single thread environment, and Intel's threads are "virtual" ie not dedicated - which is where these bugs originate - which means if the CPU is hard at work on multiple threads, unless you have control over what all of them are doing, timings are being actively randomised,<p>

I am not saying "don't panic" I am saying "you only need to panic a small amount, and quite slowly" - there is time for a cup of tea first.<p>

OTOH, since Intel did this deliberately, you might want to go to another supplier next time.

14
2

Tech giants' payouts go to everyone but affected citizens. US Supremes now urged to sort it out

Loud Speaker
Bronze badge

Re: Is it really "economically infeasible"?

Am I being naïve?

Yes. This is a privacy case. If there is a list of victims contact details and back accounts, and the penalty for leaking them is not up to a fraction of a chocolate bar for each offence, then obviously, those details will be sold within the hour.

4
0

UK web grocer Ocado takes £500k hit after robo-warehouse tech splurge

Loud Speaker
Bronze badge

Yes.

I have just developed some software of my own. It cost me $37, and it was delivered on time and to spec. But I don't work for Ocado or the government.

0
0

Open source turns 20 years old, looks to attract normal people

Loud Speaker
Bronze badge

Re: Amiga

I was using BSD in 1977 so was I, but it was not free in those days. You paid quite a lot for the licence (or some else did - in my case GEC).

1
0
Loud Speaker
Bronze badge

Re: Amiga

Free distribution was normal before Bill Gates. Its a simple as that.

He wrote a famous letter saying "the programmer deserves to be paid" a few months after he ripped off the author of what he renamed to DOS.

12
1
Loud Speaker
Bronze badge

Re: "it was mostly white guys."

and you pay people based on their WORK QUALITY

Then how do you explain Windows?

4
4
Loud Speaker
Bronze badge

Re: Open source is leading to single source

Open source is a totalitarian dream. It means you can't have competitive advantages

So there's only one Linux distribution, and the BSDs are not different operating systems?

More and more developers just reuse some bad library, or copy shitty code.

Would not dispute that shitty developers have shitty processes, and expose their shitty code to public view, for others to copy. But eventually, some of it gets fixed.

I think you will find that closed source is far worse - not only is shitty open source code copied without crediting the actual authors, it is not updated when the open source version is fixed.

Because writing their own code is too expensive and time consuming. affects closed source every bit as much as open source - probably more so - many open source contributors write the code because they want the code, and then open source it so others will help maintain it. (I speak for myself here). Closed source code is just not fixed. (Have you ever phoned in a bug report to MS and got a fix?)

10
1

UK data watchdog whacks £300k fine on biz that made 9 million nuisance calls

Loud Speaker
Bronze badge

So roughly the equivalent of "a slap on the wrist with a soft pillow".

(Sounds like the potential title of a reggae song by Si Cranstoun. - maybe I need more coffee).

0
0

You can't ignore Spectre. Look, it's pressing its nose against your screen

Loud Speaker
Bronze badge

Re: Reaping what you sow

the skeletons are coming home to roost.

featuring Wallace and Gromit?

2
0
Loud Speaker
Bronze badge

Re: No shared CPUs

For reliability you want your VMs spread across hosts and data centers.

For security, you might not!

If your organisation is big enough to have more than one building, you can have a server closet in each. Hell, if you are a CEO, you probably have several closets big enough to hold a rack full of servers, and desperately need a reason why your entire mansion should be tax deductable expense: put an Enterprise scale server in one and network it to your galactic HQ. It justifies the cost of food for the enormous, man eating dog you need for security. Saves on the heating bill too! With some creative accounting, it probably even covers a pink pony for your daughter as well.

(But remember 77dB is QUITE LOUD!)

2
0
Loud Speaker
Bronze badge

Re: No shared CPUs

You might as well just use... your own server.

but ...

DevOps

1
1

FYI: Processor bugs are everywhere – just ask Intel and AMD

Loud Speaker
Bronze badge

Re: Even the 6502 - The early 16 bit chips like the 68000 had bugs

That was the "Halt and Catch Fire" instruction.

Very useful in military applications where you did not want you software leaking from chips with on board ROM.

2
0

Lenovo's craptastic fingerprint scanner has a hardcoded password

Loud Speaker
Bronze badge

Re: Thinkpads are great!

I have Several Thinkpads with Linux and/or OpenBSD on - are you sure they are safe?

(I doubt this fix will be enough to make Windows secure).

2
3

Perv raided college girls' online accounts for nude snaps – by cracking their security questions

Loud Speaker
Bronze badge

Re: The very definition of "security by obscurity"

Use your password manager (e.g. Keepass) to generate 'passwords' for these fields and store the questions and answers in the notes box attached to username and password.

You are ignoring the people using Meltdown to access your password manager. This is not a good plan. Use Post-it notes. The old ways are the best!

14
1

Intel alerted computer makers to chip flaws on Nov 29 – new claim

Loud Speaker
Bronze badge

Re: Entered in the record

June is still earlier than October

Not in Intel's world, evidently.

9
0

Oracle says SPARCv9 has Spectre CPU bug, patches coming soon

Loud Speaker
Bronze badge

Re: Confused, SPARC vulnerable or not?

Any news on Sparc V9 running OpenBSD?

0
1

UK taxman has domain typo-squatter stripped of HMRC web addresses

Loud Speaker
Bronze badge

Fork Handles to you sir!

2
0

US shoppers abandon PC makers in hour of need

Loud Speaker
Bronze badge

Re: everyone replaces their PCs

You can't really replace multiple large screen setups with a tablet.

Well may be you can't and I can't, but PHBs and MBAs are quite capable of it. That is how they justify those huge bonuses.

0
0
Loud Speaker
Bronze badge

Re: everyone replaces their PCs

Ten year old screens can to 1280x768*, just like the new ones, and the 10 year old cases are a lot more robust than most of the modern junk. I can see why people are not in a rush to upgrade.

* or you can get a netbook with an 800x600 screen from PC world if you are really desperate.

0
1

Intel AMT security locks bypassed on corp laptops – fresh research

Loud Speaker
Bronze badge

Re: Intel need to stop shoving cr*p into their designs

Does Intel actually have a department dedicated to finding bugs<P>

Possibly. The problem would appear to be that they have a great many departments dedicated to implementing bugs.

0
1

'Mummy, what's felching?' Tot gets smut served by Android app

Loud Speaker
Bronze badge

Re: santa

I think you fail to realise that Google search results are "personalised" based on browsing history. (Same applies to the original complainant).

However, I fail to see why Google stops at throwing the developer off. Surely they should be reported to the police for exposing the youth of today to reality

2
1

No wonder Marvin the robot was miserable: AI will make the rich richer – and the poor poorer

Loud Speaker
Bronze badge

Re: I don't understand the problem here?

Throughout 99.9% of their existence, humans have lived a subsistence life. Surely they can return to that while the rich reap the rewards of the system they have gamed to their advantage?

Of course they can - provided the population returns to what it was 2,000 years ago. (ie 99.9% of the population dies).

0
0
Loud Speaker
Bronze badge

Re: AC

The only negative i see is that the further robotisation of the workforce sucks for the people who lose their jobs. Everyone else benefits.

You are correct - but it is a matter of proportion - like if 99% have no jobs (and not much food), and 1% that is everybody else has all the robots, then the people without jobs may decide that "it sucks" is not how they want their life - and, guess what, they can make their own robot, called "Madame la Guillotine" and address the problem in the traditional way.

I suspect that Rednecks with guns are more dangerous than French peasants without trousers - Trump may yet be trumped!

0
2

WD My Cloud NAS devices have hard-wired backdoor

Loud Speaker
Bronze badge

Re: I wonder if Marketing will ever learn.

I don't want to purchase shit.

Then presumably you wont by anything with "Cloud" in its name or description - it tells you all you need to know.

2
1
Loud Speaker
Bronze badge

Re: it's the 21st century and they're still...

I would expect a little bit of Quality Assurance

That's OK, we will be off your lawn real soon now.

0
0

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Loud Speaker
Bronze badge

Re: AMD not vulnerable

Computer architecture has historically assumed that you controlled your computer and the workload that ran on it.

Unix has historically assumed it was running on the University computer, and every single intelligent student was hell-bent on hacking it.

Large machines prior to the advent of Wintel faced similar levels of attempted assaults - by people who had detailed knowledge of the architecture - including schematics, and many years of assembler experience with the knowledge that National security was at risk (or possibly CISC :-).

The combination of developments that is Intel, MS, high level languages and the concept of a personal computer mean that machines developed with the security needs of an Apple ][ are now able to exceed the throughput of a Beowolf cluster of Crays.

This took place without anyone thinking there might be a need to re-examine a few assumptions and review security consequences of incremental changes (or they did, and were told to keep their mouths shut).

1
0
Loud Speaker
Bronze badge

Re: Mixed signals on CPU's

My memory may be a bit weak in the management areas due to lack of coffee, but AFAICR:

* a Memory Management Unit - everything after the 8086

* a memory cache - everything after the 80386

* a branch predictor - Probably Pentium 1 and up

* Supervisor & User modes - everything after the 8086

I think there is slightly more to the story than what you said. Specifically, the issue

depends on how the MMU works, and how it is used.

I have not been involved in CPU design for over 30 years BUT:

I would not expect user mode code to have any way to be aware of the MMU's internal

operation.

* The MMU should disallow access to all virtual pages not in use by the current task.

* Addresses in the current user address space not mapping to physical memory should map to either a virtual address saying "illegal access" or to one saying "You will need to swap me in before you can read me"

* there should be NO way to access physical memory that does not go via the MMU - not even for speculative instruction or data fetch.

The bug reports seem to describe noticing that a speculative fetch that goes unused causes a delay which can be used to identify the value of data FROM THE DELAY. I dont understand this. If the speculative address names is not in cache, then how is fetching it speculatively justified?

Conclusion - This is not MMU - this is cache management - which SHOULD do a similar thing to what the MMU does BUT ISN'T DOING IT. The bug is (partly) that you can read data in the cache that is not yours. This is not really a risk UNLESS: There is some way to find out whose it is.

While MMU pages are normally 4k bytes, cache lines are more like 16 bytes. Fetching 16 bytes from "somewhere", with no way to find (or control) which page of whose address space they belong to is not a significant risk, although obviously undesirable. In normal circumstances, your next attempt to do this would probably fetch from a completely different page in a different task.

Clearly we are not being told the whole truth here.

It seems more like there is a way to FORCE the caching of other people's address spaces and make that visible to you. That gives you security on a level with a Commodore Pet. If so, then yes, Intel may have to replace every CPU since on chip caching (probably Pentium 1).

4
0
Loud Speaker
Bronze badge

Re: AMD not vulnerable

they could read the entire contents of kernel memory on an AMD chip IFF the Berkeley Packet Filter (BPF) Just-In-Time compiler is enabled in the kernel.

The name "Berkeley Packet Filter" should be a give-away - this is part of the firewall in FreeBSD derived systems, Linux uses a different firewall, as does OpenBSD. This may affect a large number of routers which use BSD derived code - a very high risk since, in most cases, (a) this is not obvious to the owner/user, and (b) they are very unlikely to be patched.

Routers are a great target for malware - because they are Internet connected and always on.

The good news is that this should be easily patched IF the manufacturer is threatened with sufficiently serious consequences - which may or may not include "cruel and inhuman torture" - IANAL.

8
1

UK.gov admits porn age checks could harm small ISPs and encourage risky online behaviour

Loud Speaker
Bronze badge

Re: "blocking ... between 1 and 50 sites a year"

What we have here is an example of "Dimocracy" government by the dim, of the dim, for the dim!

1
0

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Loud Speaker
Bronze badge

Re: The same bug.

The CISC vs RISC was about wat is the performance bottleneck: if instruction decode is costly, then RISC is faster, if memory access is the bottleneck, CISC is faster. With pipeline to mitigate instruction decode cost, and cache to mitigate memory access, the decision is less clear.

Throw in out of order and speculative execution, and it all becomes an even bigger muddle,

When Seymour Cray did speculative execution it was limited to 7 instructions, and a context switch would lose the lot anyway. Now, Intel are doing more than 200 instructions, the gravy thickens. What was secure for 7 instructions and no cache is not necessarily secure for 200 and two levels of caching. Someone SHOULD have realised the scale of what can happen in 200 instructions - while checking out that the speculation was logically sound. They had from about 1980 to the present to investigate.

However, all the older CPU designers privy tp discussions about this in the 1980's have now retired - probably in part because "computers are new, and old people won't understand" based age discrimination. (For those who don't know - computers date from 1949 - and some of us still remember the first one - EDSAC 1 and talked to the people who built it).

Allowing bypass of access validity checks in the name of speed was about as sensible as saying "we won't have a store detective in the checkout area because it would increase checkout queues and cost money". Even Poundland knows that is not the way to a successful business.

7
0

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Loud Speaker
Bronze badge

Re: Data breeches

Are they the ones with pockets big enough for full height 5 1/4" hard drives?

17
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Loud Speaker
Bronze badge

Nonsense. You obviously have no experience of Oracle: Sparc is not susceptible - so pay an extra 30% for no reason at all!

2
0

'Twas the night before Y2K and a grinch stole the IT department's overtime payout

Loud Speaker
Bronze badge

Re: New Year's Eve

Murphy/Sod's law (updated) : "If anything can go wrong , it will go wrong - at the worst possible moment".

But if it can't go wrong, not only it will, but probably sooner too.

14
0

A million UK homes still get crappy broadband speeds, groans Ofcom

Loud Speaker
Bronze badge

Its probably wet string, not even copper.

1
0

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

Loud Speaker
Bronze badge

Re: UK not much better (in the quality of its arguments)

Irish soil, which just happens to be owned by an American company

It looks clear enough to me: America owns Ireland. fight over.

2
2

Auto auto fleets to dodge British potholes in future

Loud Speaker
Bronze badge

Re: Meatbag option

In some parts of London, no one has fixed the potholes since 1937.

And to make matters worse, I was told people have been importing potholes from Ghana to the UK on such a scale that Ghana is suffering a pothole shortage!

0
0

Developers, developers, developers: How 'serverless' crowd dropped ops like it's hot

Loud Speaker
Bronze badge

You are probably over the age of 40. We all did it that way in the olden days - it was real liberation to not have to use someone else's mainframe. Now, the young whipper-snappers can't do a damned thing, so they "outsource" it.

Using someone else's environment, used to be known as "got you over a barrel".

As a developer, I want control over the environment. How is it less effort to specify what you want to someone else, who then has to convert it into choices from a radio-button list, and then hack what wont fit, than install an OS (40 mins or so, if its not windows), and then install the packages you want (with dependencies) another 40 mins, and then update it when YOU want (type relevant command, drink beverage of choice), compared to attempting to explain by email to someone in another time zone that you specifically did not want PHP upgraded to version 7 in the middle of a user evaluation (or whatever). Its probably quicker to install an OS you are used to, than to read the T&C for some cloudy proposition carefully. Definitely less stressful than explaining to a potential client why the system went berserk during the demo.

You can buy used servers from Ebay for about what you get paid for a day's work. Hell, you can buy a complete Oracle Enterprise scale server for a couple of grand (assuming you can afford the electric bill).

9
1

Disk drive fired 'Frisbees of death' across data centre after storage admin crossed his wires

Loud Speaker
Bronze badge

Re: @Wolfclaw

I used to work at PYE TVT in Cambridge. We did not have to wear ties while repairing picture monitors - basically large CRT TVs in metal boxes. Rumour had it that shortly before I arrived, a salesman had turned up and had a look inside one wit its case off. His tie had a gold thread in it, and it touched the 5kV tube anode supply. Loud yell resulted.

As for myself, I was wiring one up - the video cable was 1/2" thick coax with a connector about 1" across on the end, and screwed into the chassis. The other end was connected to a steel frame bolted to the ground, with a huge plaited cable going to grounding rods outside. The mains supply also had a metal connector. On the occasion in question, the connector had been wired up by a colour blind engineer, with the red live wire instead of the green earth connected to the metal cast connector shell. Holding the chassis under my left arm, I grabbed the mains connector - the mains obviously went strait across my chest - and my yell stopped the entire factory! No earth leakage trips in those days! Colour blind electricians ARE a problem.

5
0

Boffins foresee most software written by machines in 2040

Loud Speaker
Bronze badge

Re: In the year 2000

You forgot to mention: Voice recognition will be a solved problem, and robots will have taken over the world.

And, I wish to point out that your COBOL one has come true: and it probably explains why the banking system is no longer reliable.

0
0
Loud Speaker
Bronze badge

Re: We've been here before...

I also know from trying to hire people that that skillset is incredibly rare.

The direct consequence of piss-poor pay for 30 years. Assembly language programmers are seen like the scrap metal workers in the engineering industry. Yes, there is a kind of respect, but not real respect, and definitely not the money they would get if seen as the precision machine operators in the development labs that they are.

Disclaimer: I have written assembler for MIPS and Sparc, as well as Intel, and a bunch of 8 bit stuff best forgotten - I have made far more from writing PHP and C++.

1
0

Sucks to be a... chief data officer, when they're being told: Boost revenues

Loud Speaker
Bronze badge

Re: PHBs playing Statistician

One flaw about analyzing 'big data' is that is often actually very disparate data silos that are not easily linked together.

You obviously have very limited experience of SQL and statistics.

The big flaw is "people tell lies" - especially if they thin their data is, or might be, collected.

0
0
Loud Speaker
Bronze badge

This should be illegal the same way anything that appears to incentivise truck drivers to go faster or skip on compliance with driving hours is illegal.There probably needs to be a requirement that a DPO is a "fit and proper person" the same way anti-money-laundering regs require it, and a similar regime for auditing as for the above (trained officers in an organisation actively on the prowl).

I was going to stop short of the next one, but my wife just got a letter from Experian "You know your data we lost, well give us some more!": the enforcement officers should be permitted to conduct dawn raids on horseback, with drawn swords - Like the VAT and HMRC officers allegedly are.

2
0

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Loud Speaker
Bronze badge

Re: WTF?

WTF are machines handling classified info doing connected to the Internet?

Leaking seams to be the largest part of what they do!

7
0

WDC to move all its stuff to RISC-V processors, build some kind of super data-wrangling stack

Loud Speaker
Bronze badge

Re: All that is old is young again.

in the 1980's, I worked on the plans for a (post ICL) project based on this work - it was to have had raid-like architecture, with multiple disk drives, each with an "embedded" SQL processor - so instead of a file store, it was a (relational) data store.

As it was British, and ahead of its time, there was insufficient funding and the concept was abandoned in the usual way.

0
0

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

Loud Speaker
Bronze badge

Re: Economics is the problem

The passengers, thus government, get upset by television reports of grieving widows and children.

So get cracking folks: what we need is Youtube videos of people crying over a BSOD! (or IoT device leaking video of their teenage daughter's bedroom antics live on children's TV). However, Amazon Prime's "let the burglars in" door lock may be a good start.

0
0
Loud Speaker
Bronze badge

Re: Space X...

Less downtime = less cost in the long run

However, if the profit is not there in the end of quarter report, the share price will crash, and that is the end of the corporation. Blame the lack of heavy trading costs for short termism. If you want a decent quality of life and don't want a world of Ponzi, what you need is hefty stamp duties.

Bleed the speculator community to death. It is a sacrifice worth making (and probably even kosher).

0
0
Loud Speaker
Bronze badge

In all these case, the lesson most learned was "the strategy of burying our heads in the sand and lying to everyone was a complete success".

0
0
Loud Speaker
Bronze badge

I would prefer that to the roll-out of systemd with no testing at all.

1
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018