* Posts by Arthur Daily

16 posts • joined 16 Apr 2015

We're free in 3... 2... 1! Amazon unhooks its last Oracle database, nothing breaks and life goes on

Arthur Daily

Choose your DB Carefully - Evaluation Matrix

Old school guy here. Once upon a time we did software product evaluation matrixes that included technical support, cost of ownership(including testing environments) and vendor pricing reputation.

Experienced hands made few mistakes. Nowadays management sorts use Magic Circle Gartner reports to pick winners - or have some consultancy to make a recommendation - that had no financial consequences for them. Maybe only Walmart and Amazon fire those responsible for negative ROI outcomes.

Then Microsoft invented TOC, only cost of ownership, that never included yearly licence fee hikes, and optimum factors that worked for their marketing hype. But experienced evaluation people got the flick, as salesdroids targeted the decision makers with a budget. Game over.

Then Adabas/Natural DB started to Oracle their remaining declining customer base. One manager coined the expression bushranger tactics. IBM Mainframe users were astounded by vendor aggression. Most never bickered over price increases, when capacity management experts were made redundant.

Back to Oracle. Their tools for emergencies and business restoration were bullet proof. That won them business over DB2. People buying MS SQL Server never thought that far ahead. Then Oracle stated to do a Software AG trick - antagonise their reference sites.

Then came the Cloud - AWS and Cloudtastrophies. My tip to new players is never buy a product that allows auditors to set foot on site or steal your usage numbers. Greed never changes, so pick solutions where blackmail is less likely. OpenSource spinoffs are reliable enough.

If vendors won't licence or work with AWS, avoid them and pick another.

German ministry hellbent on taking back control of 'digital sovereignty', cutting dependency on Microsoft

Arthur Daily

Re: Do you want to be held hostage by Microsoft?

And now the firmware has been hacked, exposing new tweaks.

1) No TP security updates - old machines more than 3 years - tough titty, no vendor updates as if BIOS updates were bad enough.

2) Circular Keyboard/Mouse drivers - Windows 10 insists on NOT loading keyboard drivers but using say synaptics driver in the UEFI jungle. I now don't trust that device or enforced must use policy.

3) InSnide UEFI transmitting WiFi shit before the PC Boots.

I believe China is now getting the sovereign risk message, and seeking to remove binary blobs and key dependencies. It is possible for the US to disable most Chinese produced devices on demand.

Or a bad actor to disable via a remote connection, lots of things. Say voting machines, and voting apps. But so far both countries are keeping such baked in dependencies.

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Arthur Daily

Re: "buried in Windows since the days of WinXP"

Remember GCHQ and other security organisations giving Windows Evaluated product status EAL ratings for the Military/Govt etc?

Well it seems every bloody text field was nickable, and probably not xor'ed out letting it be hoovered up by something else. Its great news for the next Snowden or Assage or Manning. I doubt this has been patched everywhere and I doubt sensitive text boxes have not been wrapped up, by poorly written apps. IBM mainframe has memory keys and storage pools - so not nickable. I bet this breaks screen scraping and disability/Blind applications as well.

Hope to keep your H-1B visa? Don't become a QA analyst. Uncle Sam's not buying it: Techie's new job role rejected

Arthur Daily

Anything longer than 3 years is not short term. In 4 years there should be a local replacement trained up for succession, unless they fit into IQ over 140, top 1%ers by commanding more than $120K PA.

Arthur Daily

Re: Not *entirely* unreasonable?

And in xx years they found no better local talent. The decision to spill the visa, and open the new position to market testing was correct. One suspects the role had changed for a while and went undetected. Go back and fine the firm.

The firm made the mistake of not writing in things like 'knowledge of internal corporate qa, and being able to do so at speed' Apply judgement of QA using corporate knowledge'. Perhaps the USA rightly bans tailor written job applications that only one person in the world will meet.

California's politicians rush to gut internet privacy law with pro-tech giant amendments

Arthur Daily

Privacy workarounds

Privacy means you having control, and being able to revoke private information.

Profits means having the dirt, and leverage on everything you can swipe legally

There are in comflict, but I bet profit, and pay lobbyists what the want wins.

Governments need more tax. The solution is to tax personal information holders, and tax thse with monopoly share.

Qualcomm fined €242m over 'predatory pricing' that helped to knock off British competitor Icera

Arthur Daily

Laws are made for an outcome. Fair and transparent fit in there somewhere.

While the rebate/secret commission/backhander/ tied contract/volume pricing whatever may have been legal, these tricks, along with others (export income non taxable if usa co) and patent cross licencing? the net effect is/does kill off competition. I think AMD once discovered

Most EU/UK laws fail. The American lawyers run rings around you. You need to tax imports that have non-transparent manufacturing elements hard.

USA is now banning Huawei, because they don't like their own brand of commercial medicine.

Did you know?! Ghidra, the NSA's open-sourced decompiler toolkit, is ancient Norse for 'No backdoors, we swear!'

Arthur Daily

Re: Gift Horse...

Not needed.

What is missing is a hardware grab tool, where all memory can be discovered and dumped, and bootloaders detected and some automation to unpack compressed or obscured blobs.

That is a big hurdle.

So everyone can unlock bootloaders and replace compromised certificates, when the vendors abandon product. The choices seem heavy for CPU's, and light for microprocessors such as in graphic cards and disk drives.

With other options out there, this is harmless, and not increasing ease of discovery.

Arthur Daily

Re: Perhaps they have moved on

See Intels pre-execution pipeline hack (Not bug, because they knew and picked good-enough).

Made its way into Intel chips, AMD, ARM and IBM chips. Just two makers of modem chips, both with onboard processors. Rather than correct the hardware, secret inefficient software semi-fixes are being chunked out. Only Linux people have fessed up into saying software remediation is slower than microcode hobbling). Rather than a fix, Intel is directing resources to encrypted code execution extensions that will make viruses undetectable..

Arthur Daily

Re: why on Earth give this away for free to everyone on the planet

Before Microsoft and the ilk, IBM source code was held by nearly everyone, and control blocks of course. IBM part relied on others to fix their code, and often sent smart ones free gifts or bottles.

Pretty sure ICL, Fujitsu, and DEC/PDP gave out source code. Too young to remember CRAY and CDC. Bottom line was that there were no 'memory leaks' and orphaned junk, and one off errors when real SE's could hunt them down.

Then IBM started covering up control blocks and VSAM, and making source code available to SE's where locked up - just in case the OS went into a deadly embrace /loop that could be fixed on the spot - rather than 2-3 days of no ATM's.

Rolling on - the Atari, TRS80, and AppleII had very tight and efficient code, with chess programs under 1K! Now Microsoft is bloatware riddled with poor coding, unchecked parameters, unchecked recursion, and unreviewed code. If it is done inhouse, you have to wonder from the company that retitled machine attendants to 'systems engineers' .

The UK's Investigatory Powers Act allows the State to tell lies in court

Arthur Daily

Re: Reasonable Doubt

Kim Dot Com appears to have this problem in NZ.

A poisoned Forrest of illegally obtained evidence if being accepted. Add to that fabricated charges that do not exist in NZ. Like in Rainbow Warrior, maybe deals struck on a wink and nod

Australian Information Industries Association*: you're not the future of democracy, so please shut up

Arthur Daily

This is Either or OR, so you always have the option of a physical paper.

The 2nd requirement must vote from a mobile phone in your name.

3rd. You have a MyGov account and given electronic consent through it OR a setting that says 'refuse electronic vote' which is the default setting .

4th. It must be cheaper and must be open source and must be independently verified by many. There is free software - thinking Brazil .

5th Any cast vote comes with a reply SMS and optionally a confirmation magic number

6) A 2nd app is sent out weeks before allowing you to practice vote and get a magic number that will depend on a second number you input when you vote.

7) Thus any tampering or MITM attacks has a high probability of being picked up.

8) For the paranoid - voting boxes and tally on paper tampering has been known to happen.

9) So a voting SMS message that says 'You voted, your checksum is xxxxxx '

10) leaving you phone lying around and your partner voting will not work.

11) Extend voting vindow for electronic method

13 This translates to barcodes and 2 large prime numbers.

Australia cracks tech giants' tax dodge code

Arthur Daily

Re: why should the coumtry in which the item is sold enjoy the biggest tax 'take'?

Well, the US has a 19% max for overseas revenue not booked home.

Singapore / HK around 15%

Money into Ireland goes out without Ireland's tax take, due to other tax treaties.

And besides price transfer schemes and arms length transactions are illegal, to the extent that complicated shamming and diversion cannot be proven in a court of law.

The solution is a 15% withholding tax increasing 2% every year if not claimed, or import duty re-introduced at a level to discourage this.

Assange™ celebrates third year in Ecuadorian embassy broom closet

Arthur Daily

If the Swedes actually do believe in Justice, after 4 years - one year more, they should simply declare him guilty, declare 'time served in full' and cancel the extradition order. Petty, vindictive and wasteful of resources is how it looks. The reasonable man test says there is something else going on, and that British justice is looking crook and bent.

Amazon: DROP DATABASE Oracle; INSERT our new fast cheap MySQL clone

Arthur Daily

People do not get what they pay for. They get a rosy glow from buying market leader and brandname, and rarely screw down perpetual outgoings. If you don't mind privacy concerns, then cloud is the way to go. Vendors have been charging murder, for products in limbo. Sometimes they need to be shown the door. Amazon is selling the door (as are others), and brandname vendors will panic when the skills for painless converts arise.

Android lands on Microsoft's money-machine island fortress

Arthur Daily

How to select

The banks or NCR's logic is confused. BSD will be stronger - thinking OpenBSD.

OTOH Google is paying big bucks and rewards for security holes to be patched and is rapidly overtaking Microsoft in the security/trust area. So looking ahead 10 years, Google will win, and have all those facebook capabilites and facial recognition for nix!

Google and Android is the right choice, and MS is going to have fewer cash cows. The other option is to run the Microsoft ATM software in the cloud, and hope some hacker does not embellish the protocol to eject all notes. Right choice.


Biting the hand that feeds IT © 1998–2019